psa: Simplify RSA public key format

Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move code that was shared between RSA and other key types (like EC keys) to be used only with non-RSA keys.
2026-05-13 23:34:08 +02:00 · 2019-01-10 10:23:21 +00:00
parent d3a0c2c779
commit 25384a236e
6 changed files with 104 additions and 90 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -474,8 +474,17 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
 * minimize the risk that an invalid input is accidentally interpreted
 * according to a different format.
 *
- * The format is the DER representation defined by RFC 5280 as
- * `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
+ * For standard key types, the output format is as follows:
+ * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+ *   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
+ *   ```
+ *   RSAPublicKey ::= SEQUENCE {
+ *      modulus            INTEGER,    -- n
+ *      publicExponent     INTEGER  }  -- e
+ *   ```
+ *
+ * For other public key types, the format is the DER representation defined by
+ * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
 * specified below.
 * ```
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
@@ -485,21 +494,6 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
 *      algorithm          OBJECT IDENTIFIER,
 *      parameters         ANY DEFINED BY algorithm OPTIONAL  }
 * ```
- *
- * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY),
- *   the `subjectPublicKey` format is defined by RFC 3279 &sect;2.3.1 as
- *   `RSAPublicKey`,
- *   with the OID `rsaEncryption`,
- *   and with the parameters `NULL`.
- *   ```
- *   pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
- *                                  rsadsi(113549) pkcs(1) 1 }
- *   rsaEncryption OBJECT IDENTIFIER ::=  { pkcs-1 1 }
- *
- *   RSAPublicKey ::= SEQUENCE {
- *      modulus            INTEGER,    -- n
- *      publicExponent     INTEGER  }  -- e
- *   ```
 * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
 *   the `subjectPublicKey` format is defined by RFC 3279 &sect;2.3.2 as
 *   `DSAPublicKey`,
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -417,25 +417,16 @@
 /* Maximum size of the export encoding of an RSA public key.
 * Assumes that the public exponent is less than 2^32.
 *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains RSAPublicKey
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              NULL  }
 * RSAPublicKey  ::=  SEQUENCE  {
 *    modulus            INTEGER,    -- n
 *    publicExponent     INTEGER  }  -- e
 *
- * - 3 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 9 bytes of algorithm (RSA OID);
- * - 2 bytes of NULL;
- * - 4 bytes of BIT STRING overhead;
+ * - 4 bytes of SEQUENCE overhead;
 * - n : INTEGER;
 * - 7 bytes for the public exponent.
 */
 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)
+    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)

 /* Maximum size of the export encoding of an RSA key pair.
 * Assumes thatthe public exponent is less than 2^32 and that the size