commit fedd134300b4d81d55b150a8f5ccb4c0141f2420
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Dec 01 15:00:02 2022 +0100
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Wed Apr 26 09:04:32 2023 +0200
tree 522615bf0e65b61fee51e71c1a1d582a92074037
parent fb3dd54b24034c59936329d78b106926690fb721

Add key generation for FFDH keys

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7663269..9de7cd7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1579,6 +1579,36 @@
     return status;
 }
 
+static psa_status_t mbedtls_psa_ffdh_generate_key(
+    const psa_key_attributes_t *attributes,
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
+{
+    mbedtls_mpi X, P;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    mbedtls_mpi_init(&P); mbedtls_mpi_init(&X);
+
+    status = psa_ffdh_set_prime_generator(PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL);
+
+    if (status == PSA_SUCCESS) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random,
+                                           MBEDTLS_PSA_RANDOM_STATE));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2));
+
+        *key_buffer_length = mbedtls_mpi_size(&X);
+
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer,
+                                                 key_buffer_size));
+    }
+
+cleanup:
+    mbedtls_mpi_free(&P); mbedtls_mpi_free(&X);
+    if (status == PSA_SUCCESS && ret != 0) {
+        return mbedtls_to_psa_error(ret);
+    }
+
+    return status;
+}
 #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR ||
           MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */
 
@@ -7162,6 +7192,15 @@
         return PSA_SUCCESS;
     } else
 #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR)
+    if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        if (bits != 2048 && bits != 3072 && bits != 4096 &&
+            bits != 6144 && bits != 8192) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
+    } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */
     {
         return PSA_ERROR_NOT_SUPPORTED;
     }
@@ -7213,6 +7252,15 @@
                                             key_buffer_length);
     } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR)
+    if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        return mbedtls_psa_ffdh_generate_key(attributes,
+                                             key_buffer,
+                                             key_buffer_size,
+                                             key_buffer_length);
+    } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */
     {
         (void) key_buffer_length;
         return PSA_ERROR_NOT_SUPPORTED;