Move RSA key generation code to the PSA RSA specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cbec9dd..1526519 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5956,34 +5956,6 @@
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
-static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
- size_t domain_parameters_size,
- int *exponent )
-{
- size_t i;
- uint32_t acc = 0;
-
- if( domain_parameters_size == 0 )
- {
- *exponent = 65537;
- return( PSA_SUCCESS );
- }
-
- /* Mbed TLS encodes the public exponent as an int. For simplicity, only
- * support values that fit in a 32-bit integer, which is larger than
- * int on just about every platform anyway. */
- if( domain_parameters_size > sizeof( acc ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- for( i = 0; i < domain_parameters_size; i++ )
- acc = ( acc << 8 ) | domain_parameters[i];
- if( acc > INT_MAX )
- return( PSA_ERROR_NOT_SUPPORTED );
- *exponent = acc;
- return( PSA_SUCCESS );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
-
/** Get the key buffer size for the key material in export format
*
* \param[in] type The key type
@@ -6070,33 +6042,10 @@
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
- mbedtls_rsa_context rsa;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- int exponent;
-
- status = psa_read_rsa_exponent( attributes->domain_parameters,
- attributes->domain_parameters_size,
- &exponent );
- if( status != PSA_SUCCESS )
- return( status );
-
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_gen_key( &rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- (unsigned int) attributes->core.bits,
- exponent );
- if( ret != 0 )
- return( mbedtls_to_psa_error( ret ) );
-
- status = mbedtls_psa_rsa_export_key( type,
- &rsa,
- key_buffer,
- key_buffer_size,
- key_buffer_length );
- mbedtls_rsa_free( &rsa );
-
- return( status );
+ return( mbedtls_psa_rsa_generate_key( attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length ) );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index aae1d05..157f084 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -24,6 +24,7 @@
#include <psa/crypto.h>
#include "psa_crypto_core.h"
+#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
#include <stdlib.h>
@@ -258,6 +259,66 @@
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
+#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
+ size_t domain_parameters_size,
+ int *exponent )
+{
+ size_t i;
+ uint32_t acc = 0;
+
+ if( domain_parameters_size == 0 )
+ {
+ *exponent = 65537;
+ return( PSA_SUCCESS );
+ }
+
+ /* Mbed TLS encodes the public exponent as an int. For simplicity, only
+ * support values that fit in a 32-bit integer, which is larger than
+ * int on just about every platform anyway. */
+ if( domain_parameters_size > sizeof( acc ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ for( i = 0; i < domain_parameters_size; i++ )
+ acc = ( acc << 8 ) | domain_parameters[i];
+ if( acc > INT_MAX )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ *exponent = acc;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t mbedtls_psa_rsa_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+ psa_status_t status;
+ mbedtls_rsa_context rsa;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int exponent;
+
+ status = psa_read_rsa_exponent( attributes->domain_parameters,
+ attributes->domain_parameters_size,
+ &exponent );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_gen_key( &rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ (unsigned int)attributes->core.bits,
+ exponent );
+ if( ret != 0 )
+ return( mbedtls_to_psa_error( ret ) );
+
+ status = mbedtls_psa_rsa_export_key( attributes->core.type,
+ &rsa, key_buffer, key_buffer_size,
+ key_buffer_length );
+ mbedtls_rsa_free( &rsa );
+
+ return( status );
+}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index 64013df..87e0a61 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -114,6 +114,29 @@
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );
+/**
+ * \brief Generate an RSA key.
+ *
+ * \note The signature of the function is that of a PSA driver generate_key
+ * entry point.
+ *
+ * \param[in] attributes The attributes for the RSA key to generate.
+ * \param[out] key_buffer Buffer where the key data is to be written.
+ * \param[in] key_buffer_size Size of \p key_buffer in bytes.
+ * \param[out] key_buffer_length On success, the number of bytes written in
+ * \p key_buffer.
+ *
+ * \retval #PSA_SUCCESS
+ * The key was successfully generated.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * Key length or type not supported.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of \p key_buffer is too small.
+ */
+psa_status_t mbedtls_psa_rsa_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/