lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Add support for RSA in mbedtls_pk_wrap_as_opaque()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
2022-03-15 15:00:55 +01:00
parent 67fc036976
commit ca5b55f0d1
1 changed files with 76 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
library/pk.c
View File

@@ -22,6 +22,7 @@
#if defined(MBEDTLS_PK_C) #if defined(MBEDTLS_PK_C)
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "pk_wrap.h" #include "pk_wrap.h"
#include "pkwrite.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
@@ -708,12 +709,14 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key, mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg ) psa_algorithm_t hash_alg )
{ {
#if !defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk); ((void) pk);
((void) key); ((void) key);
((void) hash_alg); ((void) hash_alg);
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
#else #else
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
{
const mbedtls_ecp_keypair *ec; const mbedtls_ecp_keypair *ec;
unsigned char d[MBEDTLS_ECP_MAX_BYTES]; unsigned char d[MBEDTLS_ECP_MAX_BYTES];
size_t d_len; size_t d_len;
@@ -724,9 +727,6 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* export the private key material in the format PSA wants */ /* export the private key material in the format PSA wants */
if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
ec = mbedtls_pk_ec( *pk ); ec = mbedtls_pk_ec( *pk );
d_len = ( ec->grp.nbits + 7 ) / 8; d_len = ( ec->grp.nbits + 7 ) / 8;
if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
@@ -752,7 +752,49 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_pk_init( pk ); mbedtls_pk_init( pk );
return( mbedtls_pk_setup_opaque( pk, *key ) ); return( mbedtls_pk_setup_opaque( pk, *key ) );
}
else
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
{
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
int key_len;
psa_status_t status;
/* export the private key material in the format PSA wants */
key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) );
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* prepare the key attributes */
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes,
PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) );
/* import private key into PSA */
status = psa_import_key( &attributes,
buf + sizeof( buf ) - key_len,
key_len, key);
mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
/* make PK context wrap the key slot */
mbedtls_pk_free( pk );
mbedtls_pk_init( pk );
return( mbedtls_pk_setup_opaque( pk, *key ) );
}
else
#endif /* MBEDTLS_RSA_C */
#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_C */ #endif /* MBEDTLS_PK_C */