psa_internal_export_key function for common code.
create psa_internal_export_key function for common code in psa_export_key and psa_export_public_key.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0fa4000..7f18bd4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -457,23 +457,28 @@
return( PSA_SUCCESS );
}
-psa_status_t psa_export_key(psa_key_slot_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
+
+static psa_status_t psa_internal_export_key(psa_key_slot_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length,
+ int export_public_key)
{
key_slot_t *slot;
if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
return( PSA_ERROR_EMPTY_SLOT );
- slot = &global_data.key_slots[key];
+ slot = &global_data.key_slots[ key ];
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
-
+
if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) )
return( PSA_ERROR_NOT_PERMITTED );
+
+ if( ( export_public_key ) && ( !( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) || PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
- if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
+ if( ( !export_public_key) && PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
{
if( slot->data.raw.bytes > data_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
@@ -483,41 +488,51 @@
}
else
#if defined(MBEDTLS_PK_WRITE_C)
- if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
- slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
- PSA_KEY_TYPE_IS_ECC( slot->type ) )
- {
- mbedtls_pk_context pk;
- int ret;
- mbedtls_pk_init( &pk );
if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
- slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
+ PSA_KEY_TYPE_IS_ECC( slot->type ) )
{
- pk.pk_info = &mbedtls_rsa_info;
- pk.pk_ctx = slot->data.rsa;
+ mbedtls_pk_context pk;
+ int ret;
+ mbedtls_pk_init( &pk );
+ if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
+ slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ pk.pk_info = &mbedtls_rsa_info;
+ pk.pk_ctx = slot->data.rsa;
+ }
+ else
+ {
+ pk.pk_info = &mbedtls_eckey_info;
+ pk.pk_ctx = slot->data.ecp;
+ }
+
+ if( ( ! export_public_key ) && PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ ret = mbedtls_pk_write_key_der( &pk, data, data_size );
+ else
+ ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
+ if ( ret < 0 )
+ return( mbedtls_to_psa_error( ret ) );
+ *data_length = ret;
+ return( PSA_SUCCESS );
}
else
- {
- pk.pk_info = &mbedtls_eckey_info;
- pk.pk_ctx = slot->data.ecp;
- }
- if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
- ret = mbedtls_pk_write_key_der( &pk, data, data_size );
- else
- ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
- if( ret < 0 )
- return( mbedtls_to_psa_error( ret ) );
- *data_length = ret;
- return( PSA_SUCCESS );
- }
- else
#endif /* defined(MBEDTLS_PK_WRITE_C) */
- {
- /* This shouldn't happen in the reference implementation, but
- it is valid for a special-purpose implementation to omit
- support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
- }
+ {
+ /* This shouldn't happen in the reference implementation, but
+ it is valid for a special-purpose implementation to omit
+ support for exporting certain key types. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+psa_status_t psa_export_key(psa_key_slot_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ return psa_internal_export_key( key, data, data_size,
+ data_length, 0 );
}
@@ -526,50 +541,10 @@
size_t data_size,
size_t *data_length)
{
- key_slot_t *slot;
-
- if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
- return( PSA_ERROR_EMPTY_SLOT );
- slot = &global_data.key_slots[key];
- if( slot->type == PSA_KEY_TYPE_NONE )
- return( PSA_ERROR_EMPTY_SLOT );
-
- if( !( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) || PSA_KEY_TYPE_IS_KEYPAIR(slot->type) ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
-#if defined(MBEDTLS_PK_WRITE_C)
- if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
- slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
- PSA_KEY_TYPE_IS_ECC( slot->type ) )
- {
- mbedtls_pk_context pk;
- int ret;
- mbedtls_pk_init( &pk );
- if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
- slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
- {
- pk.pk_info = &mbedtls_rsa_info;
- pk.pk_ctx = slot->data.rsa;
- }
- else
- {
- pk.pk_info = &mbedtls_eckey_info;
- pk.pk_ctx = slot->data.ecp;
- }
- ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
- if( ret < 0 )
- return( mbedtls_to_psa_error( ret ) );
- *data_length = ret;
- return( PSA_SUCCESS );
- }
-#endif /* defined(MBEDTLS_PK_WRITE_C) */
- /* This shouldn't happen in the reference implementation, but
- it is valid for a special-purpose implementation to omit
- support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return psa_internal_export_key( key, data, data_size,
+ data_length, 1 );
}
-
/****************************************************************/
/* Message digests */
/****************************************************************/