Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for importing RSA public key #14

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add support for importing RSA public key #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1906671
iot_pkcs11_psa.c: Get pk info with mbedtls_pk_info_from_type()
xinyu-tfm Mar 21, 2023
5f8d8af
Add support for importing RSA public key
xinyu-tfm Jul 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 138 additions & 4 deletions iot_pkcs11_psa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright (c) 2019-2021 Arm Limited. All Rights Reserved.
* Copyright (c) 2019-2023 Arm Limited. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
Expand Down Expand Up @@ -822,7 +822,7 @@ CK_RV prvCreatePrivateKey( CK_ATTRIBUTE_PTR pxTemplate,
if( pxRsaCtx != NULL )
{
xMbedContext.pk_ctx = pxRsaCtx;
xMbedContext.pk_info = &mbedtls_rsa_info;
xMbedContext.pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
xResult = prvCreateRsaPrivateKey( &xMbedContext,
&pxLabel,
&pxClass,
Expand Down Expand Up @@ -936,6 +936,114 @@ CK_RV prvCreatePrivateKey( CK_ATTRIBUTE_PTR pxTemplate,
return xResult;
}

/* Helper function for parsing RSA Public Key attribute templates
* for C_CreateObject. */
CK_RV prvCreateRsaPublicKey( mbedtls_pk_context * pxMbedContext,
CK_ATTRIBUTE_PTR * ppxLabel,
CK_ATTRIBUTE_PTR * ppxClass,
CK_ATTRIBUTE_PTR pxTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR pxObject )
{
CK_RV xResult = CKR_OK;
mbedtls_rsa_context * pxRsaContext;
int lMbedReturn = 0;
CK_BBOOL xBool;
uint32_t ulIndex;
CK_ATTRIBUTE xAttribute;

*ppxLabel = NULL;
*ppxClass = NULL;
pxRsaContext = pxMbedContext->pk_ctx;
mbedtls_rsa_init( pxRsaContext, MBEDTLS_RSA_PKCS_V15, 0 /*ignored.*/ );

/* Parse template and collect the relevant parts. */
for( ulIndex = 0; ulIndex < ulCount; ulIndex++ )
{
xAttribute = pxTemplate[ ulIndex ];

switch( xAttribute.type )
{
case ( CKA_CLASS ):
*ppxClass = &pxTemplate[ ulIndex ];
break;

case ( CKA_KEY_TYPE ):

/* Do nothing.
* Key type & object type were checked previously.
*/
break;

case ( CKA_TOKEN ):
memcpy( &xBool, xAttribute.pValue, sizeof( CK_BBOOL ) );

if( xBool != CK_TRUE )
{
PKCS11_PRINT( ( "ERROR: Only token key creation is supported. \r\n" ) );
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
}

break;

case ( CKA_LABEL ):

if( xAttribute.ulValueLen <= pkcs11configMAX_LABEL_LENGTH )
{
*ppxLabel = &pxTemplate[ ulIndex ];
}
else
{
xResult = CKR_DATA_LEN_RANGE;
}

break;

case ( CKA_VERIFY ):
memcpy( &xBool, xAttribute.pValue, xAttribute.ulValueLen );

if( xBool != CK_TRUE )
{
PKCS11_PRINT( ( "Only RSA public keys with verify permissions supported. \r\n" ) );
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
}

break;

case ( CKA_MODULUS ):
lMbedReturn = mbedtls_rsa_import_raw( pxRsaContext,
xAttribute.pValue, xAttribute.ulValueLen, /* N */
NULL, 0, /* P */
NULL, 0, /* Q */
NULL, 0, /* D */
NULL, 0 ); /* E */
break;

case ( CKA_PUBLIC_EXPONENT ):
lMbedReturn = mbedtls_rsa_import_raw( pxRsaContext,
NULL, 0, /* N */
NULL, 0, /* P */
NULL, 0, /* Q */
NULL, 0, /* D */
xAttribute.pValue, xAttribute.ulValueLen ); /* E */
break;

default:
PKCS11_PRINT( ( "Unknown attribute found for RSA public key. %d \r\n", xAttribute.type ) );
xResult = CKR_TEMPLATE_INCONSISTENT;
break;
}

if( lMbedReturn != 0 )
{
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
break;
}
}

return xResult;
}

/* Helper function for importing elliptic curve public keys from
* template using C_CreateObject. */
CK_RV prvCreateECPublicKey( mbedtls_pk_context * pxMbedContext,
Expand Down Expand Up @@ -1059,13 +1167,32 @@ CK_RV prvCreatePublicKey( CK_ATTRIBUTE_PTR pxTemplate,
CK_ATTRIBUTE_PTR pxLabel = NULL;
CK_ATTRIBUTE_PTR pxClass = NULL;
CK_OBJECT_HANDLE xPalHandle = CK_INVALID_HANDLE;
mbedtls_pk_init( &xMbedContext );
mbedtls_rsa_context * pxRsaCtx = NULL;
mbedtls_ecp_keypair * pxKeyPair;

mbedtls_pk_init( &xMbedContext );

prvGetKeyType( &xKeyType, pxTemplate, ulCount );
if( xKeyType == CKK_RSA )
{
xResult = CKR_ATTRIBUTE_TYPE_INVALID;
/* mbedtls_rsa_context must be malloc'ed to use with mbedtls_pk_free function. */
pxRsaCtx = pvPortMalloc( sizeof( mbedtls_rsa_context ) );

if( pxRsaCtx != NULL )
{
xMbedContext.pk_ctx = pxRsaCtx;
xMbedContext.pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
xResult = prvCreateRsaPublicKey( &xMbedContext,
&pxLabel,
&pxClass,
pxTemplate,
ulCount,
pxObject );
}
else
{
xResult = CKR_HOST_MEMORY;
}
}

#if ( pkcs11configSUPPRESS_ECDSA_MECHANISM != 1 )
Expand Down Expand Up @@ -1655,6 +1782,13 @@ CK_RV prvGetObjectClass( CK_ATTRIBUTE_PTR pxTemplate,
* <tr> <td>CKA_EXPONENT_1
* <tr> <td>CKA_EXPONENT_2
* <tr> <td>CKA_COEFFICIENT
* <tr><td rowspan="13">RSA Public Key<td>CKA_CLASS
* <tr> <td>CKA_KEY_TYPE
* <tr> <td>CKA_TOKEN
* <tr> <td>CKA_LABEL
* <tr> <td>CKA_VERIFY
* <tr> <td>CKA_MODULUS
* <tr> <td>CKA_PUBLIC_EXPONENT
* </table>
*
* @return CKR_OK if successful.
Expand Down
43 changes: 37 additions & 6 deletions iot_pkcs11_psa_object_management.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright (c) 2019-2021 Arm Limited. All Rights Reserved.
* Copyright (c) 2019-2023 Arm Limited. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
Expand Down Expand Up @@ -310,10 +310,24 @@ CK_OBJECT_HANDLE PKCS11PSASaveObject( CK_ATTRIBUTE_PTR pxClass,
switch ( mbedtls_pk_get_type( pvContext ) )
{
case MBEDTLS_PK_RSA:
/**
* The RSA private key should contain the public key. So it should not go here.
*/
uxStatus = PSA_ERROR_INVALID_ARGUMENT;
uxKeyType = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
pucKeyData = pucData;
ulKeyDataSize = ulDataSize;
switch ( ( ( mbedtls_rsa_context * ) ( pvContext->pk_ctx ) )->padding )
{
case MBEDTLS_RSA_PKCS_V15:
uxAlgorithm = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 );
break;

case MBEDTLS_RSA_PKCS_V21:
uxAlgorithm = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
break;

default:
uxAlgorithm = 0;
uxStatus = PSA_ERROR_INVALID_ARGUMENT;
break;
}
break;

case MBEDTLS_PK_ECKEY:
Expand Down Expand Up @@ -369,7 +383,24 @@ CK_OBJECT_HANDLE PKCS11PSASaveObject( CK_ATTRIBUTE_PTR pxClass,
switch ( mbedtls_pk_get_type( pvContext ) )
{
case MBEDTLS_PK_RSA:
uxStatus = PSA_ERROR_INVALID_ARGUMENT;
uxKeyType = PSA_KEY_TYPE_RSA_PUBLIC_KEY;
pucKeyData = pucData;
ulKeyDataSize = ulDataSize;
switch ( ( ( mbedtls_rsa_context * ) ( pvContext->pk_ctx ) )->padding )
{
case MBEDTLS_RSA_PKCS_V15:
uxAlgorithm = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 );
break;

case MBEDTLS_RSA_PKCS_V21:
uxAlgorithm = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
break;

default:
uxAlgorithm = 0;
uxStatus = PSA_ERROR_INVALID_ARGUMENT;
break;
}
break;

case MBEDTLS_PK_ECKEY:
Expand Down