mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-02 16:21:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4513 from Patater/psa-without-genprime-fix

Browse Source 
psa: Support RSA signature without MBEDTLS_GENPRIME
This commit is contained in:
Ronald Cron 2021-05-27 14:19:24 +02:00 committed by GitHub
commit 142c205ffc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/psa-without-genprime-fix.txt Normal file
View File

@ -0,0 +1,5 @@
Bugfix
* Restore the ability to configure PSA via Mbed TLS options to support RSA
key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
Fixes #4512.

6
library/psa_crypto.c
View File

@ -4818,7 +4818,8 @@ psa_status_t psa_generate_key_internal(
} }
else else
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{ {
return( mbedtls_psa_rsa_generate_key( attributes, return( mbedtls_psa_rsa_generate_key( attributes,
@ -4827,7 +4828,8 @@ psa_status_t psa_generate_key_internal(
key_buffer_length ) ); key_buffer_length ) );
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )

12
library/psa_crypto_rsa.c
View File

@ -274,7 +274,8 @@ static psa_status_t rsa_export_public_key(
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) #if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters, static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size, size_t domain_parameters_size,
int *exponent ) int *exponent )
@ -332,7 +333,8 @@ static psa_status_t rsa_generate_key(
return( status ); return( status );
} }
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
/****************************************************************/ /****************************************************************/
/* Sign/verify hashes */ /* Sign/verify hashes */
@ -557,7 +559,8 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_psa_rsa_generate_key( psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
@ -565,7 +568,8 @@ psa_status_t mbedtls_psa_rsa_generate_key(
return( rsa_generate_key( attributes, key_buffer, key_buffer_size, return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) ); key_buffer_length ) );
} }
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)

9
tests/scripts/all.sh
View File

@ -828,6 +828,15 @@ component_test_psa_crypto_client () {
make test make test
} }
component_test_psa_crypto_rsa_no_genprime() {
msg "build: default config minus MBEDTLS_GENPRIME"
scripts/config.py unset MBEDTLS_GENPRIME
make
msg "test: default config minus MBEDTLS_GENPRIME"
make test
}
component_test_ref_configs () { component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .

2
tests/suites/test_suite_psa_crypto.data
View File

@ -3369,7 +3369,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTL
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 0 bits: invalid PSA generate key: RSA, 0 bits: invalid