diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1901281c5..74b98714a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -982,174 +982,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, return( PSA_SUCCESS ); } -psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ) -{ - if( slot->attr.bits != 0 ) - return( PSA_SUCCESS ); - - if( key_type_is_raw_bytes( slot->attr.type ) ) - { - slot->attr.bits = - (psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes ); - return( PSA_SUCCESS ); - } - else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) - { - /* Keys are stored in export format, and we are currently - * restricted to known curves, so do the reverse lookup based - * on data length. */ - size_t byte_length = slot->data.key.bytes; - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) && - PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) != - PSA_ECC_FAMILY_MONTGOMERY ) - { - /* A Weierstrass public key is represented as: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where m is the curve size in bits. - */ - if( ( byte_length & 1 ) == 0 ) - return( PSA_ERROR_BAD_STATE ); - byte_length = byte_length / 2; - - /* Montgomery public keys are represented in compressed format, - * meaning their curve_size is equal to the amount of input. */ - - /* Private keys are represented in uncompressed private random - * integer format, meaning their curve_size is equal to the - * amount of input. */ - } - - switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) ) - { - case PSA_ECC_FAMILY_SECP_R1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 192 ): - slot->attr.bits = 192; - break; - case PSA_BITS_TO_BYTES( 224 ): - slot->attr.bits = 224; - break; - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - case PSA_BITS_TO_BYTES( 384 ): - slot->attr.bits = 384; - break; - case PSA_BITS_TO_BYTES( 521 ): - slot->attr.bits = 521; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - case PSA_BITS_TO_BYTES( 384 ): - slot->attr.bits = 384; - break; - case PSA_BITS_TO_BYTES( 512 ): - slot->attr.bits = 512; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_MONTGOMERY: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 255 ): - slot->attr.bits = 255; - break; - case PSA_BITS_TO_BYTES( 448 ): - slot->attr.bits = 448; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_SECP_K1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 192 ): - slot->attr.bits = 192; - break; - case PSA_BITS_TO_BYTES( 224 ): - slot->attr.bits = 224; - break; - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - default: - return( PSA_ERROR_BAD_STATE ); - } - - return( PSA_SUCCESS ); - } - else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { - /* There's no easy way of figuring out the RSA bit size from - * the data length of the export representation. For now, use - * the mbed TLS software implementation to figure it out. */ - psa_key_attributes_t attributes = { - .core = slot->attr - }; - size_t bits; - psa_status_t status = psa_driver_wrapper_validate_key( - &attributes, - slot->data.key.data, - slot->data.key.bytes, - &bits ); - if( status == PSA_SUCCESS ) - slot->attr.bits = (psa_key_bits_t) bits; - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); - - /* If no accelerator was able to figure it out, try software. */ -#if defined(MBEDTLS_RSA_C) - mbedtls_rsa_context *rsa = NULL; - - /* Parse input */ - status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) - { - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - return( status ); - } - - slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( - mbedtls_rsa_get_len( rsa ) ); - - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( PSA_SUCCESS ); -#else - return( PSA_ERROR_NOT_SUPPORTED ); -#endif - } - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - /** Import key data into a slot. * * `slot->type` must have been set previously. diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 2786b7993..8d1f1bb28 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -158,25 +158,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); -/** Detect the key bit size for a key in a slot where bit size - * is unset. - * - * This function assumes that the slot contains key material in - * export format. - * - * \param[in,out] slot Key slot to detect and set the bit size in. - * - * \retval #PSA_SUCCESS - * The key bit size was already set, or has been detected - * and set accordingly. - * \retval #PSA_ERROR_BAD_STATE - * The size of the key material in the slot doesn't match - * with the declared key type. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type is unknown to the implementation. - */ -psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ); - /** Convert an mbed TLS error code to a PSA error code * * \note This function is provided solely for the convenience of diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f33c4f2ef..5140772e0 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,8 +144,6 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); if( status != PSA_SUCCESS ) goto exit; - - status = psa_detect_bit_size_in_slot( slot ); } exit: