Plug in the entry point for public key export through driver
Including test.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 97b522d..8a2e413 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1656,14 +1656,24 @@
/* Exporting private -> private */
return( psa_internal_export_key_buffer( slot, data, data_size, data_length ) );
}
+
/* Need to export the public part of a private key,
- * so conversion is needed */
+ * so conversion is needed. Try the accelerators first. */
+ psa_status_t status = psa_driver_wrapper_export_public_key( slot,
+ data,
+ data_size,
+ data_length );
+
+ if( status != PSA_ERROR_NOT_SUPPORTED ||
+ psa_key_lifetime_is_external( slot->attr.lifetime ) )
+ return( status );
+
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
mbedtls_rsa_context *rsa = NULL;
- psa_status_t status = psa_load_rsa_representation(
+ status = psa_load_rsa_representation(
slot->attr.type,
slot->data.key.data,
slot->data.key.bytes,
@@ -1692,7 +1702,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = psa_load_ecp_representation(
+ status = psa_load_ecp_representation(
slot->attr.type,
slot->data.key.data,
slot->data.key.bytes,
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 4040b36..c3ea6f1 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -438,6 +438,59 @@
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
+psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length )
+{
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = test_transparent_export_public_key( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ data,
+ data_size,
+ data_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ return( test_opaque_export_public_key( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ data,
+ data_size,
+ data_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return( status );
+ }
+#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ (void) slot;
+ (void) data;
+ (void) data_size;
+ (void) data_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+}
+
/*
* Cipher functions
*/
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index b0b483b..6b51437 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -55,6 +55,11 @@
size_t data_length,
size_t *bits );
+psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length );
+
/*
* Cipher functions
*/