search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.54k stars 2.6k forks source link

Need add function for: set mbedtls_rsa_context/mbedtls_ecdsa_context to mbedtls_pk_context #5870

Open Wenxing-hou opened 2 years ago

Wenxing-hou commented 2 years ago

Suggested enhancement

Need add function to set mbedtls_rsa_context/mbedtls_ecdsa_context for mbedtls_pk_context. There are only function mbedtls_pk_rsa and mbedtls_pk_ec get mbedtls_rsa_context/mbedtls_ecdsa_context from mbedtls_pk_context.

Justification

We are using mbedtls to achieve generating csr refer to SPDM spec version 1.2.0. For the line 654: _A Responder shall only process a GETCSR request if it already possesses an appropriate asymmetric key pair for each of the signature suites (algorithms and associated parameters) it supports.

When the mbedtls_rsa_context is already exited, it is useful to set for new mbedtls_pk_context. Because the mbedtls_pk_context is used for mbedtls_x509write_csr_set_key.

I think mbedtls need add function such as EVP_PKEY_set1_RSA and EVP_PKEY_set1_EC_KEY in OpenSSL.

Maybe the int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) can work for mbedtls_rsa_context. I make it successfully. But there is no same function for mbedtls_ecdsa_context .

Wenxing-hou commented 2 years ago

Hi all. Is there function to set mbedtls_ecdsa_context/ecdh_contex to mbedtls_pk_context? Thanks. It is very important to me.

Wenxing-hou commented 2 years ago

I have tried successfully : use mbedtls_ecdsa_from_keypair set mbedtls_ecdsa_context to mbedtls_pk_context. Is there some function for mbedtls_ecdh_contex ?