Merge pull request #8840 from gilles-peskine-arm/domain_parameters-remove

Remove domain parameters
This commit is contained in:
Tom Cosgrove 2024-02-27 10:36:51 +00:00 committed by GitHub
commit ca21b241bd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 120 additions and 498 deletions

View file

@ -0,0 +1,9 @@
New deprecations
* In the PSA API, domain parameters are no longer used for anything.
They are deprecated and will be removed in a future version of the
library.
Removals
* In the PSA API, the experimental way to encode the public exponent of
an RSA key as a domain parameter is no longer supported. Use
psa_generate_key_ext() instead.

View file

@ -4144,7 +4144,7 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
* When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
* with \p params_data_length = 0,
* this function is equivalent to
* psa_key_generation_output_key().
* psa_generate_key().
* \param params_data_length
* Length of `params->data` in bytes.
* \param[out] key On success, an identifier for the newly created

View file

@ -146,6 +146,83 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
*/
psa_status_t psa_close_key(psa_key_handle_t handle);
/** \addtogroup attributes
* @{
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/** Custom Diffie-Hellman group.
*
* Mbed TLS does not support custom DH groups.
*
* \deprecated This value is not useful, so this macro will be removed in
* a future version of the library.
*/
#define PSA_DH_FAMILY_CUSTOM \
((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e))
/**
* \brief Set domain parameters for a key.
*
* \deprecated Mbed TLS no longer supports any domain parameters.
* This function only does the equivalent of
* psa_set_key_type() and will be removed in a future version
* of the library.
*
* \param[in,out] attributes Attribute structure where \p type will be set.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] data Ignored.
* \param data_length Must be 0.
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
*/
static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters(
psa_key_attributes_t *attributes,
psa_key_type_t type, const uint8_t *data, size_t data_length)
{
(void) data;
if (data_length != 0) {
return PSA_ERROR_NOT_SUPPORTED;
}
psa_set_key_type(attributes, type);
return PSA_SUCCESS;
}
/**
* \brief Get domain parameters for a key.
*
* \deprecated Mbed TLS no longer supports any domain parameters.
* This function alwaya has an empty output and will be
* removed in a future version of the library.
* \param[in] attributes Ignored.
* \param[out] data Ignored.
* \param data_size Ignored.
* \param[out] data_length Set to 0.
*
* \retval #PSA_SUCCESS \emptydescription
*/
static inline psa_status_t MBEDTLS_DEPRECATED psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
uint8_t *data, size_t data_size, size_t *data_length)
{
(void) attributes;
(void) data;
(void) data_size;
*data_length = 0;
return PSA_SUCCESS;
}
/** Safe output buffer size for psa_get_key_domain_parameters().
*
*/
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u)
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**@}*/
#ifdef __cplusplus
}
#endif

View file

@ -409,140 +409,11 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* @{
*/
/** Custom Diffie-Hellman group.
*
* For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
* #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes
* from domain parameters set by psa_set_key_domain_parameters().
*/
#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
/** PAKE operation stages. */
#define PSA_PAKE_OPERATION_STAGE_SETUP 0
#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1
#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2
/**
* \brief Set domain parameters for a key.
*
* Some key types require additional domain parameters in addition to
* the key type identifier and the key size. Use this function instead
* of psa_set_key_type() when you need to specify domain parameters.
*
* The format for the required domain parameters varies based on the key type.
* Mbed TLS supports the following key type with domain parameters:
*
* - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
* the domain parameter data consists of the public exponent,
* represented as a big-endian integer with no leading zeros.
* This information is used when generating an RSA key pair.
* When importing a key, the public exponent is read from the imported
* key data and the exponent recorded in the attribute structure is ignored.
* As an exception, the public exponent 65537 is represented by an empty
* byte string.
*
* \note This function may allocate memory or other resources.
* Once you have called this function on an attribute structure,
* you must call psa_reset_key_attributes() to free these resources.
*
* \note This is an experimental extension to the interface. It may change
* in future versions of the library.
*
* \note Due to an implementation limitation, domain parameters are ignored
* for keys that are managed by a driver.
*
* \param[in,out] attributes Attribute structure where the specified domain
* parameters will be stored.
* If this function fails, the content of
* \p attributes is not modified.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param[in] data Buffer containing the key domain parameters.
* The content of this buffer is interpreted
* according to \p type as described above.
* \param data_length Size of the \p data buffer in bytes.
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS)
#define PSA_SET_KEY_DOMAIN_PARAMETERS
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
size_t data_length);
#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */
/**
* \brief Get domain parameters for a key.
*
* Get the domain parameters for a key with this function, if any. The format
* of the domain parameters written to \p data is specified in the
* documentation for psa_set_key_domain_parameters().
*
* \note This is an experimental extension to the interface. It may change
* in future versions of the library.
*
* \note Due to an implementation limitation, domain parameters are not
* supported with keys that are managed by a driver.
*
* \param[in] attributes The key attribute structure to query.
* \param[out] data On success, the key domain parameters.
* \param data_size Size of the \p data buffer in bytes.
* The buffer is guaranteed to be large
* enough if its size in bytes is at least
* the value given by
* PSA_KEY_DOMAIN_PARAMETERS_SIZE().
* \param[out] data_length On success, the number of bytes
* that make up the key domain parameters data.
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED
* The key is managed by a driver.
*/
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
uint8_t *data,
size_t data_size,
size_t *data_length);
/** Safe output buffer size for psa_get_key_domain_parameters().
*
* This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
* \warning This function may call its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
* \note This is an experimental extension to the interface. It may change
* in future versions of the library.
*
* \param key_type A supported key type.
* \param key_bits The size of the key in bits.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
* psa_get_key_domain_parameters() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
* by the implementation, this macro shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
0)
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
/**@}*/

View file

@ -318,20 +318,6 @@ struct psa_key_attributes_s {
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/* Unlike normal buffers, there are three cases for domain_parameters
* and domain_parameters_size:
* - domain_parameters_size == SIZE_MAX && domain_parameters == NULL:
* Access to domain parameters is not supported for this key.
* This is a hack which should not exist, intended for keys managed
* by a driver, because drivers don't support domain parameters.
* - domain_parameters_size == 0 && domain_parameters == NULL:
* The domain parameters are empty.
* - domain_parameters_size > 0 &&
* domain_parameters == valid pointer to domain_parameters_size bytes:
* The domain parameters are non-empty.
*/
void *MBEDTLS_PRIVATE(domain_parameters);
size_t MBEDTLS_PRIVATE(domain_parameters_size);
/* With client/service separation, struct psa_key_attributes_s is
* marshalled through a transport channel between the client and
* service side implementation of the PSA Crypto APIs, thus having
@ -342,9 +328,9 @@ struct psa_key_attributes_s {
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#define PSA_KEY_ATTRIBUTES_INIT { 0, NULL, 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
#define PSA_KEY_ATTRIBUTES_INIT { 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
#else
#define PSA_KEY_ATTRIBUTES_INIT { NULL, 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT }
#endif
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
@ -437,29 +423,10 @@ static inline psa_algorithm_t psa_get_key_algorithm(
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
}
/* This function is declared in crypto_extra.h, which comes after this
* header file, but we need the function here, so repeat the declaration. */
#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS)
#define PSA_SET_KEY_DOMAIN_PARAMETERS
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
size_t data_length);
#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL) {
/* Common case: quick path */
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
} else {
/* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
* report errors. */
(void) psa_set_key_domain_parameters(attributes, type, NULL, 0);
}
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
}
static inline psa_key_type_t psa_get_key_type(

View file

@ -1211,58 +1211,12 @@ exit:
return overall_status;
}
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
static psa_status_t psa_get_rsa_public_exponent(
const mbedtls_rsa_context *rsa,
psa_key_attributes_t *attributes)
{
mbedtls_mpi mpi;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint8_t *buffer = NULL;
size_t buflen;
mbedtls_mpi_init(&mpi);
ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &mpi);
if (ret != 0) {
goto exit;
}
if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) {
/* It's the default value, which is reported as an empty string,
* so there's nothing to do. */
goto exit;
}
buflen = mbedtls_mpi_size(&mpi);
buffer = mbedtls_calloc(1, buflen);
if (buffer == NULL) {
ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
goto exit;
}
ret = mbedtls_mpi_write_binary(&mpi, buffer, buflen);
if (ret != 0) {
goto exit;
}
attributes->domain_parameters = buffer;
attributes->domain_parameters_size = buflen;
exit:
mbedtls_mpi_free(&mpi);
if (ret != 0) {
mbedtls_free(buffer);
}
return mbedtls_to_psa_error(ret);
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
/** Retrieve all the publicly-accessible attributes of a key.
*/
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
psa_key_attributes_t *attributes)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_reset_key_attributes(attributes);
@ -1283,55 +1237,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch (slot->attr.type) {
#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
case PSA_KEY_TYPE_RSA_KEY_PAIR:
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
/* TODO: This is a temporary situation where domain parameters are deprecated,
* but we need it for namely generating an RSA key with a non-default exponent.
* This would be improved after https://github.com/Mbed-TLS/mbedtls/issues/6494.
*/
if (!psa_key_lifetime_is_external(slot->attr.lifetime)) {
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation(
slot->attr.type,
slot->key.data,
slot->key.bytes,
&rsa);
if (status != PSA_SUCCESS) {
break;
}
status = psa_get_rsa_public_exponent(rsa,
attributes);
mbedtls_rsa_free(rsa);
mbedtls_free(rsa);
}
break;
#else
case PSA_KEY_TYPE_RSA_KEY_PAIR:
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
attributes->domain_parameters = NULL;
attributes->domain_parameters_size = SIZE_MAX;
break;
#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
default:
/* Nothing else to do. */
break;
}
if (status != PSA_SUCCESS) {
psa_reset_key_attributes(attributes);
}
unlock_status = psa_unregister_read_under_mutex(slot);
return (status == PSA_SUCCESS) ? unlock_status : status;
return psa_unregister_read_under_mutex(slot);
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -1959,57 +1865,6 @@ static psa_status_t psa_validate_optional_attributes(
}
}
if (attributes->domain_parameters_size != 0) {
#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) {
mbedtls_rsa_context *rsa = NULL;
mbedtls_mpi actual, required;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = mbedtls_psa_rsa_load_representation(
slot->attr.type,
slot->key.data,
slot->key.bytes,
&rsa);
if (status != PSA_SUCCESS) {
return status;
}
mbedtls_mpi_init(&actual);
mbedtls_mpi_init(&required);
ret = mbedtls_rsa_export(rsa,
NULL, NULL, NULL, NULL, &actual);
mbedtls_rsa_free(rsa);
mbedtls_free(rsa);
if (ret != 0) {
goto rsa_exit;
}
ret = mbedtls_mpi_read_binary(&required,
attributes->domain_parameters,
attributes->domain_parameters_size);
if (ret != 0) {
goto rsa_exit;
}
if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
rsa_exit:
mbedtls_mpi_free(&actual);
mbedtls_mpi_free(&required);
if (ret != 0) {
return mbedtls_to_psa_error(ret);
}
} else
#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) &&
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
{
return PSA_ERROR_INVALID_ARGUMENT;
}
}
if (attributes->core.bits != 0) {
if (attributes->core.bits != slot->attr.bits) {
return PSA_ERROR_INVALID_ARGUMENT;
@ -7551,11 +7406,6 @@ psa_status_t psa_generate_key_internal(
(void) params;
(void) params_data_length;
if ((attributes->domain_parameters == NULL) &&
(attributes->domain_parameters_size != 0)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
if (key_type_is_raw_bytes(type)) {
status = psa_generate_random(key_buffer, key_buffer_size);
if (status != PSA_SUCCESS) {
@ -7571,16 +7421,8 @@ psa_status_t psa_generate_key_internal(
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
/* Hack: if the method specifies a non-default e, pass it
* via the domain parameters. TODO: refactor this code so
* that mbedtls_psa_rsa_generate_key() gets e via a new
* parameter instead. */
psa_key_attributes_t override_attributes = *attributes;
if (params_data_length != 0) {
override_attributes.domain_parameters_size = params_data_length;
override_attributes.domain_parameters = (uint8_t *) &params->data;
}
return mbedtls_psa_rsa_generate_key(&override_attributes,
return mbedtls_psa_rsa_generate_key(attributes,
params, params_data_length,
key_buffer,
key_buffer_size,
key_buffer_length);

View file

@ -16,57 +16,7 @@
void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{
mbedtls_free(attributes->domain_parameters);
memset(attributes, 0, sizeof(*attributes));
}
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
size_t data_length)
{
uint8_t *copy = NULL;
if (data_length != 0) {
copy = mbedtls_calloc(1, data_length);
if (copy == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
memcpy(copy, data, data_length);
}
/* After this point, this function is guaranteed to succeed, so it
* can start modifying `*attributes`. */
if (attributes->domain_parameters != NULL) {
mbedtls_free(attributes->domain_parameters);
attributes->domain_parameters = NULL;
attributes->domain_parameters_size = 0;
}
attributes->domain_parameters = copy;
attributes->domain_parameters_size = data_length;
attributes->core.type = type;
return PSA_SUCCESS;
}
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
uint8_t *data, size_t data_size, size_t *data_length)
{
if (attributes->domain_parameters == NULL &&
attributes->domain_parameters_size == SIZE_MAX) {
return PSA_ERROR_NOT_SUPPORTED;
}
if (attributes->domain_parameters_size > data_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
*data_length = attributes->domain_parameters_size;
if (attributes->domain_parameters_size != 0) {
memcpy(data, attributes->domain_parameters,
attributes->domain_parameters_size);
}
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */

View file

@ -345,10 +345,6 @@ psa_status_t mbedtls_psa_ecp_generate_key(
mbedtls_ecp_curve_info_from_grp_id(grp_id);
mbedtls_ecp_keypair ecp;
if (attributes->domain_parameters_size != 0) {
return PSA_ERROR_NOT_SUPPORTED;
}
if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) {
return PSA_ERROR_NOT_SUPPORTED;
}

View file

@ -216,26 +216,21 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
size_t domain_parameters_size,
static psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes,
size_t e_length,
int *exponent)
{
size_t i;
uint32_t acc = 0;
if (domain_parameters_size == 0) {
*exponent = 65537;
return PSA_SUCCESS;
}
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
* support values that fit in a 32-bit integer, which is larger than
* int on just about every platform anyway. */
if (domain_parameters_size > sizeof(acc)) {
if (e_length > sizeof(acc)) {
return PSA_ERROR_NOT_SUPPORTED;
}
for (i = 0; i < domain_parameters_size; i++) {
acc = (acc << 8) | domain_parameters[i];
for (i = 0; i < e_length; i++) {
acc = (acc << 8) | e_bytes[i];
}
if (acc > INT_MAX) {
return PSA_ERROR_NOT_SUPPORTED;
@ -246,18 +241,20 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
const psa_key_production_parameters_t *params, size_t params_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status;
mbedtls_rsa_context rsa;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent;
int exponent = 65537;
status = psa_rsa_read_exponent(attributes->domain_parameters,
attributes->domain_parameters_size,
&exponent);
if (status != PSA_SUCCESS) {
return status;
if (params_data_length != 0) {
status = psa_rsa_read_exponent(params->data, params_data_length,
&exponent);
if (status != PSA_SUCCESS) {
return status;
}
}
mbedtls_rsa_init(&rsa);

View file

@ -109,6 +109,15 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
* entry point.
*
* \param[in] attributes The attributes for the RSA key to generate.
* \param[in] params Production parameters for the key
* generation. This function only uses
* `params->data`,
* which contains the public exponent.
* This can be a null pointer if
* \c params_data_length is 0.
* \param params_data_length Length of `params->data` in bytes.
* This can be 0, in which case the
* public exponent will be 65537.
* \param[out] key_buffer Buffer where the key data is to be written.
* \param[in] key_buffer_size Size of \p key_buffer in bytes.
* \param[out] key_buffer_length On success, the number of bytes written in
@ -123,6 +132,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
*/
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
const psa_key_production_parameters_t *params, size_t params_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/** Sign an already-calculated hash with an RSA private key.

View file

@ -225,10 +225,13 @@ psa_status_t mbedtls_test_transparent_generate_key(
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return libtestdriver1_mbedtls_psa_rsa_generate_key(
(const libtestdriver1_psa_key_attributes_t *) attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length);
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
return mbedtls_psa_rsa_generate_key(
attributes, key, key_size, key_length);
attributes,
NULL, 0, /* We don't support custom e in the test driver yet */
key, key_size, key_length);
#endif
} else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
&& PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {

View file

@ -7431,24 +7431,6 @@ PSA generate key: ECC, Curve448, good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
PSA generate key: RSA, domain parameters: default e
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=3
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=65537
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=513
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS
PSA generate key: RSA, domain parameters: e=1
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: RSA, domain parameters: e=2
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0

View file

@ -9840,88 +9840,6 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
void generate_key_rsa(int bits_arg,
data_t *e_arg,
int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
size_t bits = bits_arg;
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *e_read_buffer = NULL;
int is_default_public_exponent = 0;
size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE(type, bits);
size_t e_read_length = SIZE_MAX;
if (e_arg->len == 0 ||
(e_arg->len == 3 &&
e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1)) {
is_default_public_exponent = 1;
e_read_size = 0;
}
TEST_CALLOC(e_read_buffer, e_read_size);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
PSA_ASSERT(psa_set_key_domain_parameters(&attributes, type,
e_arg->x, e_arg->len));
psa_set_key_bits(&attributes, bits);
/* Generate a key */
TEST_EQUAL(psa_generate_key(&attributes, &key), expected_status);
if (expected_status != PSA_SUCCESS) {
goto exit;
}
/* Test the key information */
PSA_ASSERT(psa_get_key_attributes(key, &attributes));
TEST_EQUAL(psa_get_key_type(&attributes), type);
TEST_EQUAL(psa_get_key_bits(&attributes), bits);
psa_status_t status = psa_get_key_domain_parameters(&attributes,
e_read_buffer, e_read_size,
&e_read_length);
#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
if (is_default_public_exponent) {
TEST_EQUAL(e_read_length, 0);
} else {
TEST_EQUAL(status, PSA_SUCCESS);
TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
}
#else
(void) is_default_public_exponent;
TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED);
#endif
/* Do something with the key according to its type and permitted usage. */
if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
goto exit;
}
TEST_ASSERT(rsa_test_e(key, bits, e_arg));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes() or
* set by psa_set_key_domain_parameters() thus reset them as required.
*/
psa_reset_key_attributes(&attributes);
psa_destroy_key(key);
PSA_DONE();
mbedtls_free(e_read_buffer);
}
/* END_CASE */
/* BEGIN_CASE */
void generate_key_ext(int type_arg,
int bits_arg,