mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-05-08 18:54:23 +02:00
PK: improve naming & doc of internal macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
47
library/pk.c
47
library/pk.c
@@ -35,20 +35,29 @@
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#define PK_HAVE_KEYS_LARGER_THAN_ECC
|
||||
/*
|
||||
* We're trying to statisfy two kinds of users:
|
||||
* - those who don't want to use the heap;
|
||||
* - those who can't afford large stack buffers.
|
||||
*
|
||||
* The current compromise is that if ECC is the only key type supported in PK,
|
||||
* then we export keys on the stack, and otherwise we use the heap.
|
||||
*/
|
||||
#if !defined(MBEDTLS_RSA_C)
|
||||
#define PK_EXPORT_KEYS_ON_THE_STACK
|
||||
#endif
|
||||
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
/* We know for ECC, pubkey are longer than privkeys, but double check */
|
||||
#define PK_EXPORT_KEY_STACK_BUFFER_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#if MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH > PK_EXPORT_KEY_STACK_BUFFER_SIZE
|
||||
#undef PK_EXPORT_KEY_STACK_BUFFER_SIZE
|
||||
#define PK_EXPORT_KEY_STACK_BUFFER_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
|
||||
#endif
|
||||
#else
|
||||
#include "mbedtls/platform.h" // for calloc/free
|
||||
#endif
|
||||
|
||||
/* We know for ECC, pubkey are longer than privkeys, but double check */
|
||||
#define PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#if MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH > PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH
|
||||
#undef PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH
|
||||
#define PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Initialise a mbedtls_pk_context
|
||||
@@ -600,7 +609,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
/*
|
||||
* Size needed to export a key of a type supported by PK.
|
||||
*
|
||||
@@ -635,7 +644,7 @@ static size_t pk_export_max_size(psa_key_type_t key_type, size_t bits)
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
#endif /* PK_HAVE_KEYS_LARGER_THAN_ECC */
|
||||
#endif /* PK_EXPORT_KEYS_ON_THE_STACK */
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
|
||||
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@@ -644,17 +653,17 @@ static psa_status_t export_import_into_psa(mbedtls_svc_key_id_t old_key_id,
|
||||
const psa_key_attributes_t *attributes,
|
||||
mbedtls_svc_key_id_t *new_key_id)
|
||||
{
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
unsigned char *key_buffer = NULL;
|
||||
size_t key_buffer_size = 0;
|
||||
#else
|
||||
unsigned char key_buffer[PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH];
|
||||
unsigned char key_buffer[PK_EXPORT_KEY_STACK_BUFFER_SIZE];
|
||||
const size_t key_buffer_size = sizeof(key_buffer);
|
||||
#endif
|
||||
size_t key_length = 0;
|
||||
|
||||
/* We are exporting from a PK object, so we know key type is valid for PK */
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
key_buffer_size = pk_export_max_size(old_type, old_bits);
|
||||
key_buffer = mbedtls_calloc(1, key_buffer_size);
|
||||
if (key_buffer == NULL) {
|
||||
@@ -675,7 +684,7 @@ static psa_status_t export_import_into_psa(mbedtls_svc_key_id_t old_key_id,
|
||||
mbedtls_platform_zeroize(key_buffer, key_length);
|
||||
|
||||
cleanup:
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
mbedtls_free(key_buffer);
|
||||
#endif
|
||||
return status;
|
||||
@@ -962,11 +971,11 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t key_type;
|
||||
size_t key_bits;
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
unsigned char *exp_key = NULL;
|
||||
size_t exp_key_size = 0;
|
||||
#else
|
||||
unsigned char exp_key[PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH];
|
||||
unsigned char exp_key[PK_EXPORT_KEY_STACK_BUFFER_SIZE];
|
||||
const size_t exp_key_size = sizeof(exp_key);
|
||||
#endif
|
||||
size_t exp_key_len;
|
||||
@@ -991,7 +1000,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
}
|
||||
key_bits = psa_get_key_bits(&key_attr);
|
||||
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
exp_key_size = pk_export_max_size(key_type, key_bits);
|
||||
exp_key = mbedtls_calloc(1, exp_key_size);
|
||||
if (exp_key == NULL) {
|
||||
@@ -1090,7 +1099,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize(exp_key, exp_key_size);
|
||||
#if defined(PK_HAVE_KEYS_LARGER_THAN_ECC)
|
||||
#if !defined(PK_EXPORT_KEYS_ON_THE_STACK)
|
||||
mbedtls_free(exp_key);
|
||||
#endif
|
||||
psa_reset_key_attributes(&key_attr);
|
||||
|
||||
Reference in New Issue
Block a user