lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite()

Browse Source 
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
2024-02-14 09:54:18 +01:00
parent 61532e9a6b
commit 3a815cbd2f
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/pk.c
View File

@ -1021,7 +1021,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg);
p = buf + sizeof(buf); p = buf + sizeof(buf);
key_len = mbedtls_pk_write_pubkey(&p, buf, ctx); key_len = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*ctx), buf, &p);
if (key_len < 0) { if (key_len < 0) {
return key_len; return key_len;

5
tests/scripts/all.sh
View File

@ -1559,11 +1559,6 @@ component_full_no_pkparse_pkwrite() {
scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C scripts/config.py unset MBEDTLS_PK_WRITE_C
# Disable features that re-enable PK_PARSE_C
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all PSA_WANT_ALG_RSA
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all PSA_WANT_KEY_TYPE_RSA
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
# Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).

11
tests/suites/test_suite_pk.function
View File

@ -9,6 +9,7 @@
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "rsa_internal.h"
#include "pk_internal.h" #include "pk_internal.h"
#include <limits.h> #include <limits.h>
@ -1898,8 +1899,10 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE);
} }
/* Export underlying public key for re-importing in a legacy context. */ /* Export underlying public key for re-importing in a legacy context.
ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey)); * Note: mbedtls_rsa_write_key() writes backwards in the data buffer. */
pkey_start = pkey + sizeof(pkey);
ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), pkey, &pkey_start);
TEST_ASSERT(ret >= 0); TEST_ASSERT(ret >= 0);
pkey_len = (size_t) ret; pkey_len = (size_t) ret;
@ -1924,7 +1927,9 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id));
mbedtls_pk_init(&pk); mbedtls_pk_init(&pk);
TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, pkey_start, pkey_len), 0); TEST_EQUAL(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(pk_type)), 0);
TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), pkey_start, pkey_len), 0);
if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) {
rsassa_pss_options.mgf1_hash_id = md_alg; rsassa_pss_options.mgf1_hash_id = md_alg;