mbedtls/library
Hanno Becker 9acfd730ed Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 11:56:37 +00:00
..
.gitignore
aes.c Merge remote-tracking branch 'public/pr/2054' into development-proposed 2018-11-09 19:57:53 +00:00
aesni.c
arc4.c
aria.c
asn1parse.c
asn1write.c Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
base64.c
bignum.c Fix bias in random number generation in Miller-Rabin test 2018-10-09 16:36:53 +01:00
blowfish.c
camellia.c
ccm.c
certs.c Update hardcoded certificates in library/certs.c 2018-11-02 10:52:38 +00:00
chacha20.c
chachapoly.c
cipher.c PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy init API 2019-01-25 14:36:28 +00:00
cipher_wrap.c Fix style in NUM_CIPHERS definition in cipher_wrap.c 2018-11-22 16:33:01 +00:00
cmac.c
CMakeLists.txt Use CMAKE_BUILD_TYPE to do Asan builds 2019-01-10 09:32:04 +01:00
ctr_drbg.c
debug.c
des.c
dhm.c
ecdh.c Change to positive flow for all cases 2018-11-05 18:08:46 +02:00
ecdsa.c Avoid using restartable and alternative ECP imp. 2018-11-05 14:04:26 +02:00
ecjpake.c
ecp.c Detect unsigned integer overflow in mbedtls_ecp_check_budget() 2018-10-26 15:09:35 +01:00
ecp_curves.c
entropy.c
entropy_poll.c
error.c Add common feature unavailable error 2018-11-09 13:57:37 +00:00
gcm.c Deprecate hardware acceleration errors 2018-11-09 15:01:07 +00:00
havege.c
hkdf.c
hmac_drbg.c
Makefile Implement slot allocation 2018-12-11 16:48:13 +01:00
md.c
md2.c
md4.c
md5.c
md_wrap.c
memory_buffer_alloc.c
net_sockets.c
nist_kw.c
oid.c
padlock.c
pem.c
pk.c PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy init API 2019-01-25 14:36:28 +00:00
pk_wrap.c Adapt ecdsa_verify_wrap() to new EC public key format 2019-01-28 11:41:37 +00:00
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free 2018-10-11 11:31:15 +01:00
pkwrite.c Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format 2019-02-01 11:56:37 +00:00
platform.c Omit runtime configuration of calloc/free if macro config enabled 2018-10-11 11:04:20 +01:00
platform_util.c Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
poly1305.c
psa_crypto.c Merge pull request #13 from Patater/pubkey-format 2019-01-25 10:09:40 +00:00
psa_crypto_core.h Document some functions in internal headers 2018-12-11 16:48:14 +01:00
psa_crypto_invasive.h Add a facility to configure entropy sources 2018-11-23 22:58:38 +01:00
psa_crypto_slot_management.c Merge pull request #16 from itayzafrir/spm-support-crypto-handles-api 2019-01-23 13:38:50 +00:00
psa_crypto_slot_management.h Document some functions in internal headers 2018-12-11 16:48:14 +01:00
psa_crypto_storage.c Persistent storage implementation: psa_key_slot_t -> psa_key_id_t 2018-12-11 16:48:13 +01:00
psa_crypto_storage.h Document the maximum key identifier 2018-12-11 16:48:14 +01:00
psa_crypto_storage_backend.h Persistent storage implementation: psa_key_slot_t -> psa_key_id_t 2018-12-11 16:48:13 +01:00
psa_crypto_storage_file.c Fix snprintf call to assume less about integral type sizes 2018-12-11 16:48:13 +01:00
psa_crypto_storage_its.c Merge remote-tracking branch 'psa/pr/230' into feature-psa 2018-12-12 16:15:34 +01:00
ripemd160.c
rsa.c Merge tag 'mbedtls-2.14.0' into feature-psa 2018-11-19 19:25:56 +00:00
rsa_internal.c Bignum: Deprecate mbedtls_mpi_is_prime() 2018-10-09 16:36:53 +01:00
sha1.c
sha256.c
sha512.c
ssl_cache.c
ssl_ciphersuites.c
ssl_cli.c Rename ssl_conf_has_[raw_]_psk to ssl_conf_has_static_[raw_]psk 2018-11-22 16:30:20 +00:00
ssl_cookie.c
ssl_srv.c Don't use idiom if( func() ) but always add explicit value check 2018-11-22 16:30:20 +00:00
ssl_ticket.c Use PSA-based ciphers for SSL ticket protection 2018-11-22 16:38:06 +00:00
ssl_tls.c Adapt to the new key allocation mechanism 2019-01-23 06:22:32 -05:00
threading.c Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
timing.c Merge remote-tracking branch 'public/pr/1777' into development-proposed 2018-11-04 18:51:36 +00:00
version.c
version_features.c Add config option for X.509/TLS to use PSA 2018-11-22 16:25:36 +00:00
x509.c Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r() 2018-09-05 15:06:19 +01:00
x509_create.c Break overly long line in library/x509_create.c 2018-11-02 10:52:38 +00:00
x509_crl.c
x509_crt.c Remove trailing whitespace 2018-11-22 13:02:29 -05:00
x509_csr.c
x509write_crt.c
x509write_csr.c x509: remove unnecessary calls to psa_hash_abort 2018-11-22 12:53:32 -05:00
xtea.c