lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

pk: manage parse and write for the new format

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
2023-05-18 18:56:59 +02:00
parent b536126183
commit 00e8dd15d2
2 changed files with 138 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
library/pkwrite.c
View File

@@ -185,20 +185,33 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start,
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
*/
static int pk_write_ec_private(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *ec)
const mbedtls_pk_context *pk)
{
size_t byte_length;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t byte_length = (ec->grp.pbits + 7) / 8;
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
psa_status_t status;
status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
if (status != PSA_SUCCESS) {
ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
goto exit;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
byte_length = (ec->grp.pbits + 7) / 8;
ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
if (ret != 0) {
goto exit;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
exit:
mbedtls_platform_zeroize(tmp, byte_length);
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return ret;
}
#endif /* MBEDTLS_ECP_LIGHT */
@@ -280,7 +293,11 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_LIGHT)
if (pk_type == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_ECP_C)
ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id;
#else /* MBEDTLS_ECP_C */
ec_grp_id = mbedtls_ecc_group_of_psa(key->ec_family, key->ec_bits, 0);
#endif /* MBEDTLS_ECP_C */
}
#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -372,7 +389,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
* CurvePrivateKey ::= OCTET STRING
*/
static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
mbedtls_ecp_keypair *ec)
const mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@@ -380,14 +397,23 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
const char *oid;
/* privateKey */
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, ec));
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));
/* privateKeyAlgorithm */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family,
pk->ec_bits, 0);
if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
return ret;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec->grp.id, &oid, &oid_len)) != 0) {
return ret;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
MBEDTLS_ASN1_CHK_ADD(len,
mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));
@@ -408,6 +434,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
size_t len = 0;
#if defined(MBEDTLS_ECP_LIGHT)
mbedtls_ecp_group_id grp_id;
#endif
if (size == 0) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
@@ -503,12 +532,11 @@ end_of_export:
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*key);
size_t pub_len = 0, par_len = 0;
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410_curve(ec->grp.id)) {
return pk_write_ec_rfc8410_der(&c, buf, ec);
if (mbedtls_pk_is_rfc8410(key)) {
return pk_write_ec_rfc8410_der(&c, buf, key);
}
#endif
@@ -542,7 +570,8 @@ end_of_export:
len += pub_len;
/* parameters */
MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec->grp.id));
grp_id = mbedtls_pk_get_group_id(key);
MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, grp_id));
MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len));
MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf,
@@ -551,7 +580,7 @@ end_of_export:
len += par_len;
/* privateKey */
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec));
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, key));
/* version */
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1));
@@ -625,7 +654,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec_ro(*key)->grp.id)) {
if (mbedtls_pk_is_rfc8410(key)) {
begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
end = PEM_END_PRIVATE_KEY_PKCS8;
} else