psa: Simplify RSA public key format

Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.

Author: Patater

include/psa/crypto.h

@@ -474,8 +474,17 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
  * minimize the risk that an invalid input is accidentally interpreted
  * according to a different format.
  *
- * The format is the DER representation defined by RFC 5280 as
- * `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
+ * For standard key types, the output format is as follows:
+ * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+ *   the representation defined by RFC 3279 §2.3.1 as `RSAPublicKey`.
+ *   ```
+ *   RSAPublicKey ::= SEQUENCE {
+ *      modulus            INTEGER,    -- n
+ *      publicExponent     INTEGER  }  -- e
+ *   ```
+ *
+ * For other public key types, the format is the DER representation defined by
+ * RFC 5280 as `SubjectPublicKeyInfo`, with the `subjectPublicKey` format
  * specified below.
  * ```
  * SubjectPublicKeyInfo  ::=  SEQUENCE  {
@@ -485,21 +494,6 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
  *      algorithm          OBJECT IDENTIFIER,
  *      parameters         ANY DEFINED BY algorithm OPTIONAL  }
  * ```
- *
- * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY),
- *   the `subjectPublicKey` format is defined by RFC 3279 §2.3.1 as
- *   `RSAPublicKey`,
- *   with the OID `rsaEncryption`,
- *   and with the parameters `NULL`.
- *   ```
- *   pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
- *                                  rsadsi(113549) pkcs(1) 1 }
- *   rsaEncryption OBJECT IDENTIFIER ::=  { pkcs-1 1 }
- *
- *   RSAPublicKey ::= SEQUENCE {
- *      modulus            INTEGER,    -- n
- *      publicExponent     INTEGER  }  -- e
- *   ```
  * - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
  *   the `subjectPublicKey` format is defined by RFC 3279 §2.3.2 as
  *   `DSAPublicKey`,

include/psa/crypto_sizes.h

@@ -417,25 +417,16 @@
 /* Maximum size of the export encoding of an RSA public key.
  * Assumes that the public exponent is less than 2^32.
  *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains RSAPublicKey
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              NULL  }
  * RSAPublicKey  ::=  SEQUENCE  {
  *    modulus            INTEGER,    -- n
  *    publicExponent     INTEGER  }  -- e
  *
- * - 3 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 9 bytes of algorithm (RSA OID);
- * - 2 bytes of NULL;
- * - 4 bytes of BIT STRING overhead;
+ * - 4 bytes of SEQUENCE overhead;
  * - n : INTEGER;
  * - 7 bytes for the public exponent.
  */
 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)
+    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
 
 /* Maximum size of the export encoding of an RSA key pair.
  * Assumes thatthe public exponent is less than 2^32 and that the size

library/psa_crypto.c

@@ -61,6 +61,7 @@
 
 #include "mbedtls/arc4.h"
 #include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/blowfish.h"
 #include "mbedtls/camellia.h"
@@ -899,6 +900,22 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
     return( PSA_SUCCESS );
 }
 
+#if defined(MBEDTLS_RSA_C)
+static int pk_write_pubkey_simple( mbedtls_pk_context *key,
+                                   unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char *c;
+    size_t len = 0;
+
+    c = buf + size;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
+
+    return( (int) len );
+}
+#endif /* defined(MBEDTLS_RSA_C) */
+
 static  psa_status_t psa_internal_export_key( psa_key_slot_t *slot,
                                               uint8_t *data,
                                               size_t data_size,
@@ -969,9 +986,20 @@ static  psa_status_t psa_internal_export_key( psa_key_slot_t *slot,
 #endif
             }
             if( export_public_key || PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) )
-                ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
+            {
+                if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
+                {
+                    ret = pk_write_pubkey_simple( &pk, data, data_size );
+                }
+                else
+                {
+                    ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
+                }
+            }
             else
+            {
                 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
+            }
             if( ret < 0 )
             {
                 /* If data_size is 0 then data may be NULL and then the