From a998bc6ac99e63c7b81530655f9905a3a020089c Mon Sep 17 00:00:00 2001 From: Moran Peker Date: Mon, 16 Apr 2018 18:16:20 +0300 Subject: [PATCH] psa_internal_export_key function for common code. create psa_internal_export_key function for common code in psa_export_key and psa_export_public_key. --- library/psa_crypto.c | 133 ++++++++++++++++++------------------------- 1 file changed, 54 insertions(+), 79 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0fa400031f..7f18bd42ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -457,23 +457,28 @@ psa_status_t psa_get_key_information(psa_key_slot_t key, return( PSA_SUCCESS ); } -psa_status_t psa_export_key(psa_key_slot_t key, - uint8_t *data, - size_t data_size, - size_t *data_length) + +static psa_status_t psa_internal_export_key(psa_key_slot_t key, + uint8_t *data, + size_t data_size, + size_t *data_length, + int export_public_key) { key_slot_t *slot; if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT ) return( PSA_ERROR_EMPTY_SLOT ); - slot = &global_data.key_slots[key]; + slot = &global_data.key_slots[ key ]; if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - + if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) ) return( PSA_ERROR_NOT_PERMITTED ); + + if( ( export_public_key ) && ( !( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) || PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) + if( ( !export_public_key) && PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { if( slot->data.raw.bytes > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); @@ -483,41 +488,51 @@ psa_status_t psa_export_key(psa_key_slot_t key, } else #if defined(MBEDTLS_PK_WRITE_C) - if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY || - slot->type == PSA_KEY_TYPE_RSA_KEYPAIR || - PSA_KEY_TYPE_IS_ECC( slot->type ) ) - { - mbedtls_pk_context pk; - int ret; - mbedtls_pk_init( &pk ); if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY || - slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) + slot->type == PSA_KEY_TYPE_RSA_KEYPAIR || + PSA_KEY_TYPE_IS_ECC( slot->type ) ) { - pk.pk_info = &mbedtls_rsa_info; - pk.pk_ctx = slot->data.rsa; + mbedtls_pk_context pk; + int ret; + mbedtls_pk_init( &pk ); + if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY || + slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) + { + pk.pk_info = &mbedtls_rsa_info; + pk.pk_ctx = slot->data.rsa; + } + else + { + pk.pk_info = &mbedtls_eckey_info; + pk.pk_ctx = slot->data.ecp; + } + + if( ( ! export_public_key ) && PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) + ret = mbedtls_pk_write_key_der( &pk, data, data_size ); + else + ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size ); + if ( ret < 0 ) + return( mbedtls_to_psa_error( ret ) ); + *data_length = ret; + return( PSA_SUCCESS ); } else - { - pk.pk_info = &mbedtls_eckey_info; - pk.pk_ctx = slot->data.ecp; - } - if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) ) - ret = mbedtls_pk_write_key_der( &pk, data, data_size ); - else - ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size ); - if( ret < 0 ) - return( mbedtls_to_psa_error( ret ) ); - *data_length = ret; - return( PSA_SUCCESS ); - } - else #endif /* defined(MBEDTLS_PK_WRITE_C) */ - { - /* This shouldn't happen in the reference implementation, but - it is valid for a special-purpose implementation to omit - support for exporting certain key types. */ - return( PSA_ERROR_NOT_SUPPORTED ); - } + { + /* This shouldn't happen in the reference implementation, but + it is valid for a special-purpose implementation to omit + support for exporting certain key types. */ + return( PSA_ERROR_NOT_SUPPORTED ); + } +} + +psa_status_t psa_export_key(psa_key_slot_t key, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + return psa_internal_export_key( key, data, data_size, + data_length, 0 ); } @@ -526,50 +541,10 @@ psa_status_t psa_export_public_key(psa_key_slot_t key, size_t data_size, size_t *data_length) { - key_slot_t *slot; - - if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT ) - return( PSA_ERROR_EMPTY_SLOT ); - slot = &global_data.key_slots[key]; - if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); - - if( !( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) || PSA_KEY_TYPE_IS_KEYPAIR(slot->type) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - -#if defined(MBEDTLS_PK_WRITE_C) - if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY || - slot->type == PSA_KEY_TYPE_RSA_KEYPAIR || - PSA_KEY_TYPE_IS_ECC( slot->type ) ) - { - mbedtls_pk_context pk; - int ret; - mbedtls_pk_init( &pk ); - if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY || - slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) - { - pk.pk_info = &mbedtls_rsa_info; - pk.pk_ctx = slot->data.rsa; - } - else - { - pk.pk_info = &mbedtls_eckey_info; - pk.pk_ctx = slot->data.ecp; - } - ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size ); - if( ret < 0 ) - return( mbedtls_to_psa_error( ret ) ); - *data_length = ret; - return( PSA_SUCCESS ); - } -#endif /* defined(MBEDTLS_PK_WRITE_C) */ - /* This shouldn't happen in the reference implementation, but - it is valid for a special-purpose implementation to omit - support for exporting certain key types. */ - return( PSA_ERROR_NOT_SUPPORTED ); + return psa_internal_export_key( key, data, data_size, + data_length, 1 ); } - /****************************************************************/ /* Message digests */ /****************************************************************/