Implement psa_generate_key_custom

Implement `psa_generate_key_custom()` and `psa_key_derivation_output_key_custom()`. These functions replace `psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`. They have the same functionality, but a slightly different interface: the `ext` functions use a structure with a flexible array member to pass variable-length data, while the `custom` functions use a separate parameter. Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0. But make them a thin wrapper around the new `custom` functions. Duplicate the test code and data. The test cases have to be duplicated anyway, and the test functions are individually more readable this way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-28 00:21:48 +03:00 · 2024-06-06 21:11:44 +02:00
parent 095cf69bc6
commit f36d785188
10 changed files with 485 additions and 53 deletions
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@ -105,17 +105,11 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
 /**
 * \brief Generate an RSA key.
 *
- * \note The signature of the function is that of a PSA driver generate_key
- *       entry point.
- *
 * \param[in]  attributes         The attributes for the RSA key to generate.
- * \param[in]  params             Production parameters for the key
- *                                generation. This function only uses
- *                                `params->data`,
- *                                which contains the public exponent.
+ * \param[in]  custom             The public exponent to use.
 *                                This can be a null pointer if
 *                                \c params_data_length is 0.
- * \param params_data_length      Length of `params->data` in bytes.
+ * \param custom_data_length      Length of \p custom_data in bytes.
 *                                This can be 0, in which case the
 *                                public exponent will be 65537.
 * \param[out] key_buffer         Buffer where the key data is to be written.
@ -132,7 +126,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
 */
 psa_status_t mbedtls_psa_rsa_generate_key(
    const psa_key_attributes_t *attributes,
-    const psa_key_production_parameters_t *params, size_t params_data_length,
+    const uint8_t *custom, size_t custom_data_length,
    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);

 /** Sign an already-calculated hash with an RSA private key.