espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-05-09 19:31:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-22 13:57:14 +02:00
parent 8855e36030
commit a1fc18fa55
2 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/mbedtls/pk.h
View File

@ -922,28 +922,24 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
* \warning This is a temporary utility function for tests. It might * \warning This is a temporary utility function for tests. It might
* change or be removed at any time without notice. * change or be removed at any time without notice.
* *
* \note ECDSA & RSA keys are supported.
* For both key types, signing with the specified hash
* is the only allowed use of that key with PK API.
* The RSA key supports RSA-PSS signing with the specified
* hash with the PK EXT API.
* In addition, the ECDSA key is also allowed for ECDH key
* agreement derivation operation using the PSA API.
*
* \param pk Input: the EC or RSA key to import to a PSA key. * \param pk Input: the EC or RSA key to import to a PSA key.
* Output: a PK context wrapping that PSA key. * Output: a PK context wrapping that PSA key.
* \param key Output: a PSA key identifier. * \param key Output: a PSA key identifier.
* It's the caller's responsibility to call * It's the caller's responsibility to call
* psa_destroy_key() on that key identifier after calling * psa_destroy_key() on that key identifier after calling
* mbedtls_pk_free() on the PK context. * mbedtls_pk_free() on the PK context.
* \param hash_alg The hash algorithm to allow for use with that key. * \param alg The algorithm to allow for use with that key.
* \param usage The usage to allow for use with that key.
* \param alg2 The secondary algorithm to allow for use with that key.
* *
* \return \c 0 if successful. * \return \c 0 if successful.
* \return An Mbed TLS error code otherwise. * \return An Mbed TLS error code otherwise.
*/ */
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key, mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg ); psa_algorithm_t alg,
psa_key_usage_t usage,
psa_algorithm_t alg2 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus #ifdef __cplusplus

25
library/pk.c
View File

@ -720,12 +720,16 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
*/ */
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key, mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg ) psa_algorithm_t alg,
psa_key_usage_t usage,
psa_algorithm_t alg2 )
{ {
#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C) #if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk); ((void) pk);
((void) key); ((void) key);
((void) hash_alg); ((void) alg);
((void) usage);
((void) alg2);
#else #else
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
@ -752,10 +756,10 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
/* prepare the key attributes */ /* prepare the key attributes */
psa_set_key_type( &attributes, key_type ); psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits ); psa_set_key_bits( &attributes, bits );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | psa_set_key_usage_flags( &attributes, usage );
PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm( &attributes, alg );
psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) ); if( alg2 != PSA_ALG_NONE )
psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); psa_set_key_enrollment_algorithm( &attributes, alg2 );
/* import private key into PSA */ /* import private key into PSA */
status = psa_import_key( &attributes, d, d_len, key ); status = psa_import_key( &attributes, d, d_len, key );
@ -786,11 +790,10 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
/* prepare the key attributes */ /* prepare the key attributes */
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) ); psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, psa_set_key_algorithm( &attributes, alg );
PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) ); if( alg2 != PSA_ALG_NONE )
psa_set_key_enrollment_algorithm( &attributes, psa_set_key_enrollment_algorithm( &attributes, alg2 );
PSA_ALG_RSA_PSS( hash_alg ) );
/* import private key into PSA */ /* import private key into PSA */
status = psa_import_key( &attributes, status = psa_import_key( &attributes,