| Ronald Cron | 00b7bfc | 2020-11-25 15:25:26 +0100 | [diff] [blame^] | 1 | /* |
| 2 | * PSA RSA layer on top of Mbed TLS crypto |
| 3 | */ |
| 4 | /* |
| 5 | * Copyright The Mbed TLS Contributors |
| 6 | * SPDX-License-Identifier: Apache-2.0 |
| 7 | * |
| 8 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 9 | * not use this file except in compliance with the License. |
| 10 | * You may obtain a copy of the License at |
| 11 | * |
| 12 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 13 | * |
| 14 | * Unless required by applicable law or agreed to in writing, software |
| 15 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 16 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 17 | * See the License for the specific language governing permissions and |
| 18 | * limitations under the License. |
| 19 | */ |
| 20 | |
| 21 | #include "common.h" |
| 22 | |
| 23 | #if defined(MBEDTLS_PSA_CRYPTO_C) |
| 24 | |
| 25 | #include <psa/crypto.h> |
| 26 | #include "psa_crypto_core.h" |
| 27 | #include "psa_crypto_rsa.h" |
| 28 | |
| 29 | #include <stdlib.h> |
| 30 | #include <string.h> |
| 31 | #include "mbedtls/platform.h" |
| 32 | #if !defined(MBEDTLS_PLATFORM_C) |
| 33 | #define mbedtls_calloc calloc |
| 34 | #define mbedtls_free free |
| 35 | #endif |
| 36 | |
| 37 | #include <mbedtls/rsa.h> |
| 38 | #include <mbedtls/error.h> |
| 39 | #include <mbedtls/pk.h> |
| 40 | #include <mbedtls/pk_internal.h> |
| 41 | |
| 42 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ |
| 43 | defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ |
| 44 | defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ |
| 45 | defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ |
| 46 | defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ |
| 47 | defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) |
| 48 | |
| 49 | /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes |
| 50 | * that are not a multiple of 8) well. For example, there is only |
| 51 | * mbedtls_rsa_get_len(), which returns a number of bytes, and no |
| 52 | * way to return the exact bit size of a key. |
| 53 | * To keep things simple, reject non-byte-aligned key sizes. */ |
| 54 | static psa_status_t psa_check_rsa_key_byte_aligned( |
| 55 | const mbedtls_rsa_context *rsa ) |
| 56 | { |
| 57 | mbedtls_mpi n; |
| 58 | psa_status_t status; |
| 59 | mbedtls_mpi_init( &n ); |
| 60 | status = mbedtls_to_psa_error( |
| 61 | mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) ); |
| 62 | if( status == PSA_SUCCESS ) |
| 63 | { |
| 64 | if( mbedtls_mpi_bitlen( &n ) % 8 != 0 ) |
| 65 | status = PSA_ERROR_NOT_SUPPORTED; |
| 66 | } |
| 67 | mbedtls_mpi_free( &n ); |
| 68 | return( status ); |
| 69 | } |
| 70 | |
| 71 | psa_status_t mbedtls_psa_rsa_load_representation( |
| 72 | psa_key_type_t type, const uint8_t *data, size_t data_length, |
| 73 | mbedtls_rsa_context **p_rsa ) |
| 74 | { |
| 75 | psa_status_t status; |
| 76 | mbedtls_pk_context ctx; |
| 77 | size_t bits; |
| 78 | mbedtls_pk_init( &ctx ); |
| 79 | |
| 80 | /* Parse the data. */ |
| 81 | if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) |
| 82 | status = mbedtls_to_psa_error( |
| 83 | mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) ); |
| 84 | else |
| 85 | status = mbedtls_to_psa_error( |
| 86 | mbedtls_pk_parse_public_key( &ctx, data, data_length ) ); |
| 87 | if( status != PSA_SUCCESS ) |
| 88 | goto exit; |
| 89 | |
| 90 | /* We have something that the pkparse module recognizes. If it is a |
| 91 | * valid RSA key, store it. */ |
| 92 | if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA ) |
| 93 | { |
| 94 | status = PSA_ERROR_INVALID_ARGUMENT; |
| 95 | goto exit; |
| 96 | } |
| 97 | |
| 98 | /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS |
| 99 | * supports non-byte-aligned key sizes, but not well. For example, |
| 100 | * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */ |
| 101 | bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) ); |
| 102 | if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) |
| 103 | { |
| 104 | status = PSA_ERROR_NOT_SUPPORTED; |
| 105 | goto exit; |
| 106 | } |
| 107 | status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) ); |
| 108 | if( status != PSA_SUCCESS ) |
| 109 | goto exit; |
| 110 | |
| 111 | /* Copy out the pointer to the RSA context, and reset the PK context |
| 112 | * such that pk_free doesn't free the RSA context we just grabbed. */ |
| 113 | *p_rsa = mbedtls_pk_rsa( ctx ); |
| 114 | ctx.pk_info = NULL; |
| 115 | |
| 116 | exit: |
| 117 | mbedtls_pk_free( &ctx ); |
| 118 | return( status ); |
| 119 | } |
| 120 | |
| 121 | #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || |
| 122 | * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || |
| 123 | * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || |
| 124 | * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || |
| 125 | * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || |
| 126 | * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ |
| 127 | |
| 128 | #endif /* MBEDTLS_PSA_CRYPTO_C */ |