mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Ignore domain parameters in RSA key generation
Remove the ability to select a custom public exponent via domain parameters in RSA key generation. The only way to select a custom public exponent is now to pass custom production parameters to psa_generate_key_ext(). A subsequent commit will remove domain parameters altogether from the API, thus this commit does not bother to update the documentation. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
@ -7576,11 +7576,8 @@ psa_status_t psa_generate_key_internal(
|
||||
* that mbedtls_psa_rsa_generate_key() gets e via a new
|
||||
* parameter instead. */
|
||||
psa_key_attributes_t override_attributes = *attributes;
|
||||
if (params_data_length != 0) {
|
||||
override_attributes.domain_parameters_size = params_data_length;
|
||||
override_attributes.domain_parameters = (uint8_t *) ¶ms->data;
|
||||
}
|
||||
return mbedtls_psa_rsa_generate_key(&override_attributes,
|
||||
params, params_data_length,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
key_buffer_length);
|
||||
|
||||
@ -223,11 +223,6 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
|
||||
size_t i;
|
||||
uint32_t acc = 0;
|
||||
|
||||
if (domain_parameters_size == 0) {
|
||||
*exponent = 65537;
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
|
||||
* support values that fit in a 32-bit integer, which is larger than
|
||||
* int on just about every platform anyway. */
|
||||
@ -246,18 +241,20 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
|
||||
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
|
||||
{
|
||||
psa_status_t status;
|
||||
mbedtls_rsa_context rsa;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int exponent;
|
||||
int exponent = 65537;
|
||||
|
||||
status = psa_rsa_read_exponent(attributes->domain_parameters,
|
||||
attributes->domain_parameters_size,
|
||||
&exponent);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
if (params_data_length != 0) {
|
||||
status = psa_rsa_read_exponent(params->data, params_data_length,
|
||||
&exponent);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_rsa_init(&rsa);
|
||||
|
||||
@ -109,6 +109,15 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
||||
* entry point.
|
||||
*
|
||||
* \param[in] attributes The attributes for the RSA key to generate.
|
||||
* \param[in] params Production parameters for the key
|
||||
* generation. This function only uses
|
||||
* `params->data`,
|
||||
* which contains the public exponent.
|
||||
* This can be a null pointer if
|
||||
* \c params_data_length is 0.
|
||||
* \param params_data_length Length of `params->data` in bytes.
|
||||
* This can be 0, in which case the
|
||||
* public exponent will be 65537.
|
||||
* \param[out] key_buffer Buffer where the key data is to be written.
|
||||
* \param[in] key_buffer_size Size of \p key_buffer in bytes.
|
||||
* \param[out] key_buffer_length On success, the number of bytes written in
|
||||
@ -123,6 +132,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
||||
*/
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
|
||||
|
||||
/** Sign an already-calculated hash with an RSA private key.
|
||||
|
||||
Reference in New Issue
Block a user