Blame - library/psa_crypto_rsa.c - mirror/mbed-tls

blob: 3e5d1b41b7435b060facf0110caa00aa966706f1 [file] [log] [blame]

Ronald Cron	00b7bfc	2020-11-25 15:25:26 +0100	[diff] [blame]	1	/*
				2	* PSA RSA layer on top of Mbed TLS crypto
				3	*/
				4	/*
				5	* Copyright The Mbed TLS Contributors
				6	* SPDX-License-Identifier: Apache-2.0
				7	*
				8	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	* not use this file except in compliance with the License.
				10	* You may obtain a copy of the License at
				11	*
				12	* http://www.apache.org/licenses/LICENSE-2.0
				13	*
				14	* Unless required by applicable law or agreed to in writing, software
				15	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	* See the License for the specific language governing permissions and
				18	* limitations under the License.
				19	*/
				20
				21	#include "common.h"
				22
				23	#if defined(MBEDTLS_PSA_CRYPTO_C)
				24
				25	#include <psa/crypto.h>
				26	#include "psa_crypto_core.h"
				27	#include "psa_crypto_rsa.h"
				28
				29	#include <stdlib.h>
				30	#include <string.h>
				31	#include "mbedtls/platform.h"
				32	#if !defined(MBEDTLS_PLATFORM_C)
				33	#define mbedtls_calloc calloc
				34	#define mbedtls_free free
				35	#endif
				36
				37	#include <mbedtls/rsa.h>
				38	#include <mbedtls/error.h>
				39	#include <mbedtls/pk.h>
				40	#include <mbedtls/pk_internal.h>
				41
				42	#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) \|\| \
				43	defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) \|\| \
				44	defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) \|\| \
				45	defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) \|\| \
				46	defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) \|\| \
				47	defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
				48
				49	/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes
				50	* that are not a multiple of 8) well. For example, there is only
				51	* mbedtls_rsa_get_len(), which returns a number of bytes, and no
				52	* way to return the exact bit size of a key.
				53	* To keep things simple, reject non-byte-aligned key sizes. */
				54	static psa_status_t psa_check_rsa_key_byte_aligned(
				55	const mbedtls_rsa_context *rsa )
				56	{
				57	mbedtls_mpi n;
				58	psa_status_t status;
				59	mbedtls_mpi_init( &n );
				60	status = mbedtls_to_psa_error(
				61	mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
				62	if( status == PSA_SUCCESS )
				63	{
				64	if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
				65	status = PSA_ERROR_NOT_SUPPORTED;
				66	}
				67	mbedtls_mpi_free( &n );
				68	return( status );
				69	}
				70
				71	psa_status_t mbedtls_psa_rsa_load_representation(
				72	psa_key_type_t type, const uint8_t *data, size_t data_length,
				73	mbedtls_rsa_context **p_rsa )
				74	{
				75	psa_status_t status;
				76	mbedtls_pk_context ctx;
				77	size_t bits;
				78	mbedtls_pk_init( &ctx );
				79
				80	/* Parse the data. */
				81	if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
				82	status = mbedtls_to_psa_error(
				83	mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) );
				84	else
				85	status = mbedtls_to_psa_error(
				86	mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
				87	if( status != PSA_SUCCESS )
				88	goto exit;
				89
				90	/* We have something that the pkparse module recognizes. If it is a
				91	* valid RSA key, store it. */
				92	if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
				93	{
				94	status = PSA_ERROR_INVALID_ARGUMENT;
				95	goto exit;
				96	}
				97
				98	/* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
				99	* supports non-byte-aligned key sizes, but not well. For example,
				100	* mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
				101	bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) );
				102	if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
				103	{
				104	status = PSA_ERROR_NOT_SUPPORTED;
				105	goto exit;
				106	}
				107	status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) );
				108	if( status != PSA_SUCCESS )
				109	goto exit;
				110
				111	/* Copy out the pointer to the RSA context, and reset the PK context
				112	* such that pk_free doesn't free the RSA context we just grabbed. */
				113	*p_rsa = mbedtls_pk_rsa( ctx );
				114	ctx.pk_info = NULL;
				115
				116	exit:
				117	mbedtls_pk_free( &ctx );
				118	return( status );
				119	}
Ronald Cron	00b7bfc	2020-11-25 15:25:26 +0100	[diff] [blame]	120	#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) \|\|
				121	* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) \|\|
				122	* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) \|\|
				123	* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) \|\|
				124	* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) \|\|
				125	* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
				126
Ronald Cron	e5ca3d8	2020-11-26 16:36:16 +0100	[diff] [blame^]	127	#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) \|\| \
				128	defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
				129	psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
				130	mbedtls_rsa_context *rsa,
				131	uint8_t *data,
				132	size_t data_size,
				133	size_t *data_length )
				134	{
				135	#if defined(MBEDTLS_PK_WRITE_C)
				136	int ret;
				137	mbedtls_pk_context pk;
				138	uint8_t *pos = data + data_size;
				139
				140	mbedtls_pk_init( &pk );
				141	pk.pk_info = &mbedtls_rsa_info;
				142	pk.pk_ctx = rsa;
				143
				144	/* PSA Crypto API defines the format of an RSA key as a DER-encoded
				145	* representation of the non-encrypted PKCS#1 RSAPrivateKey for a
				146	* private key and of the RFC3279 RSAPublicKey for a public key. */
				147	if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
				148	ret = mbedtls_pk_write_key_der( &pk, data, data_size );
				149	else
				150	ret = mbedtls_pk_write_pubkey( &pos, data, &pk );
				151
				152	if( ret < 0 )
				153	{
				154	/* Clean up in case pk_write failed halfway through. */
				155	memset( data, 0, data_size );
				156	return( mbedtls_to_psa_error( ret ) );
				157	}
				158
				159	/* The mbedtls_pk_xxx functions write to the end of the buffer.
				160	* Move the data to the beginning and erase remaining data
				161	* at the original location. */
				162	if( 2 * (size_t) ret <= data_size )
				163	{
				164	memcpy( data, data + data_size - ret, ret );
				165	memset( data + data_size - ret, 0, ret );
				166	}
				167	else if( (size_t) ret < data_size )
				168	{
				169	memmove( data, data + data_size - ret, ret );
				170	memset( data + ret, 0, data_size - ret );
				171	}
				172
				173	*data_length = ret;
				174	return( PSA_SUCCESS );
				175	#else
				176	(void) type;
				177	(void) rsa;
				178	(void) data;
				179	(void) data_size;
				180	(void) data_length;
				181	return( PSA_ERROR_NOT_SUPPORTED );
				182	#endif /* MBEDTLS_PK_WRITE_C */
				183	}
				184
				185	psa_status_t mbedtls_psa_rsa_export_public_key(
				186	const psa_key_attributes_t *attributes,
				187	const uint8_t *key_buffer, size_t key_buffer_size,
				188	uint8_t data, size_t data_size, size_t data_length )
				189	{
				190	psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
				191	mbedtls_rsa_context *rsa = NULL;
				192
				193	status = mbedtls_psa_rsa_load_representation(
				194	attributes->core.type, key_buffer, key_buffer_size, &rsa );
				195	if( status != PSA_SUCCESS )
				196	return( status );
				197
				198	status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY,
				199	rsa,
				200	data,
				201	data_size,
				202	data_length );
				203
				204	mbedtls_rsa_free( rsa );
				205	mbedtls_free( rsa );
				206
				207	return( status );
				208	}
				209	#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) \|\|
				210	* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
				211
Ronald Cron	00b7bfc	2020-11-25 15:25:26 +0100	[diff] [blame]	212	#endif /* MBEDTLS_PSA_CRYPTO_C */