@@ -512,28 +512,60 @@ static psa_status_t psa_check_rsa_key_byte_aligned(
512512 return ( status );
513513}
514514
515- static psa_status_t psa_import_rsa_key ( mbedtls_pk_context * pk ,
515+ static psa_status_t psa_import_rsa_key ( psa_key_type_t type ,
516+ const uint8_t * data ,
517+ size_t data_length ,
516518 mbedtls_rsa_context * * p_rsa )
517519{
518- if ( mbedtls_pk_get_type ( pk ) != MBEDTLS_PK_RSA )
519- return ( PSA_ERROR_INVALID_ARGUMENT );
520+ psa_status_t status ;
521+ mbedtls_pk_context pk ;
522+ mbedtls_rsa_context * rsa ;
523+ size_t bits ;
524+
525+ mbedtls_pk_init ( & pk );
526+
527+ /* Parse the data. */
528+ if ( PSA_KEY_TYPE_IS_KEYPAIR ( type ) )
529+ status = mbedtls_to_psa_error (
530+ mbedtls_pk_parse_key ( & pk , data , data_length , NULL , 0 ) );
520531 else
532+ status = mbedtls_to_psa_error (
533+ mbedtls_pk_parse_public_key ( & pk , data , data_length ) );
534+ if ( status != PSA_SUCCESS )
535+ goto exit ;
536+
537+ /* We have something that the pkparse module recognizes. If it is a
538+ * valid RSA key, store it. */
539+ if ( mbedtls_pk_get_type ( & pk ) != MBEDTLS_PK_RSA )
521540 {
522- mbedtls_rsa_context * rsa = mbedtls_pk_rsa ( * pk );
523- /* The size of an RSA key doesn't have to be a multiple of 8.
524- * Mbed TLS supports non-byte-aligned key sizes, but not well.
525- * For example, mbedtls_rsa_get_len() returns the key size in
526- * bytes, not in bits. */
527- size_t bits = PSA_BYTES_TO_BITS ( mbedtls_rsa_get_len ( rsa ) );
528- psa_status_t status ;
529- if ( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
530- return ( PSA_ERROR_NOT_SUPPORTED );
531- status = psa_check_rsa_key_byte_aligned ( rsa );
532- if ( status != PSA_SUCCESS )
533- return ( status );
534- * p_rsa = rsa ;
535- return ( PSA_SUCCESS );
541+ status = PSA_ERROR_INVALID_ARGUMENT ;
542+ goto exit ;
543+ }
544+
545+ rsa = mbedtls_pk_rsa ( pk );
546+ /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
547+ * supports non-byte-aligned key sizes, but not well. For example,
548+ * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
549+ bits = PSA_BYTES_TO_BITS ( mbedtls_rsa_get_len ( rsa ) );
550+ if ( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
551+ {
552+ status = PSA_ERROR_NOT_SUPPORTED ;
553+ goto exit ;
554+ }
555+ status = psa_check_rsa_key_byte_aligned ( rsa );
556+
557+ exit :
558+ /* Free the content of the pk object only on error. */
559+ if ( status != PSA_SUCCESS )
560+ {
561+ mbedtls_pk_free ( & pk );
562+ return ( status );
536563 }
564+
565+ /* On success, store the content of the object in the RSA context. */
566+ * p_rsa = rsa ;
567+
568+ return ( PSA_SUCCESS );
537569}
538570#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
539571
@@ -687,29 +719,12 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
687719#if defined(MBEDTLS_RSA_C ) && defined(MBEDTLS_PK_PARSE_C )
688720 if ( PSA_KEY_TYPE_IS_RSA ( slot -> type ) )
689721 {
690- int ret ;
691- mbedtls_pk_context pk ;
692- mbedtls_pk_init ( & pk );
693-
694- /* Parse the data. */
695- if ( PSA_KEY_TYPE_IS_KEYPAIR ( slot -> type ) )
696- ret = mbedtls_pk_parse_key ( & pk , data , data_length , NULL , 0 );
697- else
698- ret = mbedtls_pk_parse_public_key ( & pk , data , data_length );
699- if ( ret != 0 )
700- return ( mbedtls_to_psa_error ( ret ) );
701-
702- /* We have something that the pkparse module recognizes. If it is a
703- * valid RSA key, store it. */
704- status = psa_import_rsa_key ( & pk , & slot -> data .rsa );
722+ status = psa_import_rsa_key ( slot -> type ,
723+ data , data_length ,
724+ & slot -> data .rsa );
705725
706- /* Free the content of the pk object only on error. On success,
707- * the content of the object has been stored in the slot. */
708726 if ( status != PSA_SUCCESS )
709- {
710- mbedtls_pk_free ( & pk );
711727 return ( status );
712- }
713728 }
714729 else
715730#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
0 commit comments