Detecting bit size is no longer required
Storage format has been changed to always store the key's bit size
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1901281..74b9871 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -982,174 +982,6 @@
return( PSA_SUCCESS );
}
-psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot )
-{
- if( slot->attr.bits != 0 )
- return( PSA_SUCCESS );
-
- if( key_type_is_raw_bytes( slot->attr.type ) )
- {
- slot->attr.bits =
- (psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes );
- return( PSA_SUCCESS );
- }
- else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
- {
- /* Keys are stored in export format, and we are currently
- * restricted to known curves, so do the reverse lookup based
- * on data length. */
- size_t byte_length = slot->data.key.bytes;
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) &&
- PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) !=
- PSA_ECC_FAMILY_MONTGOMERY )
- {
- /* A Weierstrass public key is represented as:
- * - The byte 0x04;
- * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
- * So its data length is 2m+1 where m is the curve size in bits.
- */
- if( ( byte_length & 1 ) == 0 )
- return( PSA_ERROR_BAD_STATE );
- byte_length = byte_length / 2;
-
- /* Montgomery public keys are represented in compressed format,
- * meaning their curve_size is equal to the amount of input. */
-
- /* Private keys are represented in uncompressed private random
- * integer format, meaning their curve_size is equal to the
- * amount of input. */
- }
-
- switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) )
- {
- case PSA_ECC_FAMILY_SECP_R1:
- switch( byte_length )
- {
- case PSA_BITS_TO_BYTES( 192 ):
- slot->attr.bits = 192;
- break;
- case PSA_BITS_TO_BYTES( 224 ):
- slot->attr.bits = 224;
- break;
- case PSA_BITS_TO_BYTES( 256 ):
- slot->attr.bits = 256;
- break;
- case PSA_BITS_TO_BYTES( 384 ):
- slot->attr.bits = 384;
- break;
- case PSA_BITS_TO_BYTES( 521 ):
- slot->attr.bits = 521;
- break;
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- break;
-
- case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( byte_length )
- {
- case PSA_BITS_TO_BYTES( 256 ):
- slot->attr.bits = 256;
- break;
- case PSA_BITS_TO_BYTES( 384 ):
- slot->attr.bits = 384;
- break;
- case PSA_BITS_TO_BYTES( 512 ):
- slot->attr.bits = 512;
- break;
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- break;
-
- case PSA_ECC_FAMILY_MONTGOMERY:
- switch( byte_length )
- {
- case PSA_BITS_TO_BYTES( 255 ):
- slot->attr.bits = 255;
- break;
- case PSA_BITS_TO_BYTES( 448 ):
- slot->attr.bits = 448;
- break;
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- break;
-
- case PSA_ECC_FAMILY_SECP_K1:
- switch( byte_length )
- {
- case PSA_BITS_TO_BYTES( 192 ):
- slot->attr.bits = 192;
- break;
- case PSA_BITS_TO_BYTES( 224 ):
- slot->attr.bits = 224;
- break;
- case PSA_BITS_TO_BYTES( 256 ):
- slot->attr.bits = 256;
- break;
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- break;
-
- default:
- return( PSA_ERROR_BAD_STATE );
- }
-
- return( PSA_SUCCESS );
- }
- else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
- /* There's no easy way of figuring out the RSA bit size from
- * the data length of the export representation. For now, use
- * the mbed TLS software implementation to figure it out. */
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
- size_t bits;
- psa_status_t status = psa_driver_wrapper_validate_key(
- &attributes,
- slot->data.key.data,
- slot->data.key.bytes,
- &bits );
- if( status == PSA_SUCCESS )
- slot->attr.bits = (psa_key_bits_t) bits;
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
-
- /* If no accelerator was able to figure it out, try software. */
-#if defined(MBEDTLS_RSA_C)
- mbedtls_rsa_context *rsa = NULL;
-
- /* Parse input */
- status = psa_load_rsa_representation( slot->attr.type,
- slot->data.key.data,
- slot->data.key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- {
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
- return( status );
- }
-
- slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(
- mbedtls_rsa_get_len( rsa ) );
-
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
-
- return( PSA_SUCCESS );
-#else
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif
- }
- else
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
/** Import key data into a slot.
*
* `slot->type` must have been set previously.
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 2786b79..8d1f1bb 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -158,25 +158,6 @@
const uint8_t *data,
size_t data_length );
-/** Detect the key bit size for a key in a slot where bit size
- * is unset.
- *
- * This function assumes that the slot contains key material in
- * export format.
- *
- * \param[in,out] slot Key slot to detect and set the bit size in.
- *
- * \retval #PSA_SUCCESS
- * The key bit size was already set, or has been detected
- * and set accordingly.
- * \retval #PSA_ERROR_BAD_STATE
- * The size of the key material in the slot doesn't match
- * with the declared key type.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * The key type is unknown to the implementation.
- */
-psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot );
-
/** Convert an mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index f33c4f2..5140772 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -144,8 +144,6 @@
status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
if( status != PSA_SUCCESS )
goto exit;
-
- status = psa_detect_bit_size_in_slot( slot );
}
exit: