pre-existing validation extended

The validation against key width and max key bits is extended to all key types from the existing validation for only symmetric keys. Signed-off-by: Archana <archana.madhavan@silabs.com>
2025-02-05 00:40:09 +00:00 · 2021-08-04 10:47:15 +05:30 · 2021-08-04 10:47:15 +05:30 · 6ed4bda2c6
commit 6ed4bda2c6
parent 4d7ae1d8cf
2 changed files with 11 additions and 18 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -558,15 +558,6 @@ psa_status_t psa_import_key_into_slot(
    {
        *bits = PSA_BYTES_TO_BITS( data_length );

-        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
-        if( data_length > SIZE_MAX / 8 )
-            return( status );
-
-        /* Enforce a size limit, and in particular ensure that the bit
-         * size fits in its representation type. */
-        if( ( *bits ) > PSA_MAX_KEY_BITS )
-            return( status );
-
        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
        if( status != PSA_SUCCESS )
            return( status );
@ -1901,6 +1892,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
    if( data_length == 0 )
        return( PSA_ERROR_INVALID_ARGUMENT );

+    /* Ensure that the bytes-to-bits conversion hasn't overflown. */
+    if( data_length > SIZE_MAX / 8 )
+        return( PSA_ERROR_NOT_SUPPORTED );
+
    status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
                                     &slot, &driver );
    if( status != PSA_SUCCESS )
@ -1941,6 +1936,13 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
        goto exit;
    }

+    /* Enforce a size limit, and in particular ensure that the bit
+     * size fits in its representation type.*/
+    if( bits > PSA_MAX_KEY_BITS )
+    {
+        status = PSA_ERROR_NOT_SUPPORTED;
+        goto exit;
+    }
    status = psa_validate_optional_attributes( slot, attributes );
    if( status != PSA_SUCCESS )
        goto exit;
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@ -271,15 +271,6 @@ psa_status_t mbedtls_test_opaque_import_key(
    {
        *bits = PSA_BYTES_TO_BITS( data_length );

-        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
-        if( data_length > SIZE_MAX / 8 )
-            goto exit;
-
-        /* Enforce a size limit, and in particular ensure that the bit
-         * size fits in its representation type. */
-        if( ( *bits ) > PSA_MAX_KEY_BITS )
-            goto exit;
-
        status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
        if( status != PSA_SUCCESS )
            goto exit;