mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Detecting bit size is no longer required
Storage format has been changed to always store the key's bit size Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman
@ -982,174 +982,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot )
|
||||
{
|
||||
if( slot->attr.bits != 0 )
|
||||
return( PSA_SUCCESS );
|
||||
|
||||
if( key_type_is_raw_bytes( slot->attr.type ) )
|
||||
{
|
||||
slot->attr.bits =
|
||||
(psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
||||
{
|
||||
/* Keys are stored in export format, and we are currently
|
||||
* restricted to known curves, so do the reverse lookup based
|
||||
* on data length. */
|
||||
size_t byte_length = slot->data.key.bytes;
|
||||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) &&
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) !=
|
||||
PSA_ECC_FAMILY_MONTGOMERY )
|
||||
{
|
||||
/* A Weierstrass public key is represented as:
|
||||
* - The byte 0x04;
|
||||
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
|
||||
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
|
||||
* So its data length is 2m+1 where m is the curve size in bits.
|
||||
*/
|
||||
if( ( byte_length & 1 ) == 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
byte_length = byte_length / 2;
|
||||
|
||||
/* Montgomery public keys are represented in compressed format,
|
||||
* meaning their curve_size is equal to the amount of input. */
|
||||
|
||||
/* Private keys are represented in uncompressed private random
|
||||
* integer format, meaning their curve_size is equal to the
|
||||
* amount of input. */
|
||||
}
|
||||
|
||||
switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) )
|
||||
{
|
||||
case PSA_ECC_FAMILY_SECP_R1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 192 ):
|
||||
slot->attr.bits = 192;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 224 ):
|
||||
slot->attr.bits = 224;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
slot->attr.bits = 256;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 384 ):
|
||||
slot->attr.bits = 384;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 521 ):
|
||||
slot->attr.bits = 521;
|
||||
break;
|
||||
default:
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
slot->attr.bits = 256;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 384 ):
|
||||
slot->attr.bits = 384;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 512 ):
|
||||
slot->attr.bits = 512;
|
||||
break;
|
||||
default:
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_MONTGOMERY:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 255 ):
|
||||
slot->attr.bits = 255;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 448 ):
|
||||
slot->attr.bits = 448;
|
||||
break;
|
||||
default:
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_SECP_K1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 192 ):
|
||||
slot->attr.bits = 192;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 224 ):
|
||||
slot->attr.bits = 224;
|
||||
break;
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
slot->attr.bits = 256;
|
||||
break;
|
||||
default:
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
|
||||
{
|
||||
/* There's no easy way of figuring out the RSA bit size from
|
||||
* the data length of the export representation. For now, use
|
||||
* the mbed TLS software implementation to figure it out. */
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
size_t bits;
|
||||
psa_status_t status = psa_driver_wrapper_validate_key(
|
||||
&attributes,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
&bits );
|
||||
if( status == PSA_SUCCESS )
|
||||
slot->attr.bits = (psa_key_bits_t) bits;
|
||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||
return( status );
|
||||
|
||||
/* If no accelerator was able to figure it out, try software. */
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
/* Parse input */
|
||||
status = psa_load_rsa_representation( slot->attr.type,
|
||||
slot->data.key.data,
|
||||
slot->data.key.bytes,
|
||||
&rsa );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
mbedtls_rsa_free( rsa );
|
||||
mbedtls_free( rsa );
|
||||
return( status );
|
||||
}
|
||||
|
||||
slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(
|
||||
mbedtls_rsa_get_len( rsa ) );
|
||||
|
||||
mbedtls_rsa_free( rsa );
|
||||
mbedtls_free( rsa );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
#else
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
/** Import key data into a slot.
|
||||
*
|
||||
* `slot->type` must have been set previously.
|
||||
|
||||
Reference in New Issue
Block a user