rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/pkparse.c b/library/pkparse.c
index b2127b2..a47815b 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -850,7 +850,7 @@
#if defined(MBEDTLS_RSA_C)
if (pk_alg == MBEDTLS_PK_RSA) {
- ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), p, end);
+ ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p));
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
@@ -1504,7 +1504,7 @@
return ret;
}
- if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + pem.buflen)) != 0) {
+ if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, pem.buflen)) != 0) {
mbedtls_pk_free(ctx);
}
@@ -1551,7 +1551,7 @@
}
p = (unsigned char *) key;
- ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + keylen);
+ ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, keylen);
if (ret == 0) {
return ret;
}
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 0047a26..4a574d1 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -73,9 +73,7 @@
if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
status = mbedtls_to_psa_error(mbedtls_rsa_parse_key(*p_rsa, data, data_length));
} else {
- unsigned char *p = data;
- unsigned char *end = (data + data_length);
- status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, &p, end));
+ status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, data, data_length));
}
if (status != PSA_SUCCESS) {
goto exit;
diff --git a/library/rsa.c b/library/rsa.c
index 62b56cd..f4add91 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -46,6 +46,34 @@
#include "mbedtls/platform.h"
+/*
+ * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
+ *
+ * The value zero is:
+ * - never a valid value for an RSA parameter
+ * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
+ *
+ * Since values can't be omitted in PKCS#1, passing a zero value to
+ * rsa_complete() would be incorrect, so reject zero values early.
+ */
+static int asn1_get_nonzero_mpi(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_mpi *X)
+{
+ int ret;
+
+ ret = mbedtls_asn1_get_mpi(p, end, X);
+ if (ret != 0) {
+ return ret;
+ }
+
+ if (mbedtls_mpi_cmp_int(X, 0) == 0) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
+
+ return 0;
+}
+
int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen)
{
int ret, version;
@@ -192,9 +220,10 @@
return ret;
}
-int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p,
- const unsigned char *end)
+int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen)
{
+ unsigned char *p = (unsigned char *) key;
+ unsigned char *end = (unsigned char *) (key + keylen);
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -205,45 +234,45 @@
* }
*/
- if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return ret;
}
- if (*p + len != end) {
+ if (p + len != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
/* Import N */
- if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
return ret;
}
- if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0,
+ if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0,
NULL, 0, NULL, 0)) != 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- *p += len;
+ p += len;
/* Import E */
- if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
return ret;
}
if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
- NULL, 0, *p, len)) != 0) {
+ NULL, 0, p, len)) != 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- *p += len;
+ p += len;
if (mbedtls_rsa_complete(rsa) != 0 ||
mbedtls_rsa_check_pubkey(rsa) != 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- if (*p != end) {
+ if (p != end) {
return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
}
@@ -992,34 +1021,6 @@
return ctx->len;
}
-/*
- * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
- *
- * The value zero is:
- * - never a valid value for an RSA parameter
- * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
- *
- * Since values can't be omitted in PKCS#1, passing a zero value to
- * rsa_complete() would be incorrect, so reject zero values early.
- */
-static int asn1_get_nonzero_mpi(unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X)
-{
- int ret;
-
- ret = mbedtls_asn1_get_mpi(p, end, X);
- if (ret != 0) {
- return ret;
- }
-
- if (mbedtls_mpi_cmp_int(X, 0) == 0) {
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
- }
-
- return 0;
-}
-
#if defined(MBEDTLS_GENPRIME)
/*
diff --git a/library/rsa_internal.h b/library/rsa_internal.h
index 7bbdc8c..acf14a2 100644
--- a/library/rsa_internal.h
+++ b/library/rsa_internal.h
@@ -34,18 +34,15 @@
* \brief Parse a PKCS#1 (ASN.1) encoded public RSA key.
*
* \param rsa The RSA context where parsed data will be stored.
- * \param p Beginning of the buffer containing the key to be parsed.
- * On successful return, the referenced pointer will be
- * updated in order to point to the end of the parsed data.
- * \param end End of the buffer containing the key to be parsed.
+ * \param key The buffer that contains the key.
+ * \param keylen The length of the key buffer in bytes.
*
* \return 0 on success.
* \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
* \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of importing or
* priv/pub validation errors.
*/
-int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p,
- const unsigned char *end);
+int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
/**
* \brief Write a PKCS#1 (ASN.1) encoded private RSA key.