Remove support for non-byte-aligned RSA keys

Remove the need for an extra function mbedtls_rsa_get_bitlen. Use mbedtls_rsa_get_len, which is only correct for keys whose size is a multiple of 8. Key sizes that aren't a multiple of 8 are extremely rarely used, so in practice this is not a problematic limitation.
2018-11-12 18:37:42 +01:00 · 2018-11-12 18:37:42 +01:00 · aac64a2839
commit aac64a2839
parent 9eaab02607
1 changed files with 6 additions and 2 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -579,7 +579,11 @@ static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk,
    else
    {
        mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *pk );
-        size_t bits = mbedtls_rsa_get_bitlen( rsa );
+        /* The size of an RSA key doesn't have to be a multiple of 8.
+         * Mbed TLS supports non-byte-aligned key sizes, but not well.
+         * For example, mbedtls_rsa_get_len() returns the key size in
+         * bytes, not in bits. */
+        size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
        if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
            return( PSA_ERROR_NOT_SUPPORTED );
        *p_rsa = rsa;
@ -799,7 +803,7 @@ static size_t psa_get_key_bits( const key_slot_t *slot )
        return( slot->data.raw.bytes * 8 );
 #if defined(MBEDTLS_RSA_C)
    if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
-        return( mbedtls_rsa_get_bitlen( slot->data.rsa ) );
+        return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) );
 #endif /* defined(MBEDTLS_RSA_C) */
 #if defined(MBEDTLS_ECP_C)
    if( PSA_KEY_TYPE_IS_ECC( slot->type ) )