mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:25:29 +00:00
Remove obsolete key creation functions
Remove the key creation functions from before the attribute-based API, i.e. the key creation functions that worked by allocating a slot, then setting metadata through the handle and finally creating key material.
This commit is contained in:
parent
baea7aac89
commit
f46f81ceb5
|
@ -247,248 +247,6 @@ psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
|
|||
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
|
||||
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
||||
|
||||
/** \defgroup policy Key policies
|
||||
* @{
|
||||
*
|
||||
* The functions in this section are legacy interfaces where the properties
|
||||
* of a key object are set after allocating a handle, in constrast with the
|
||||
* preferred interface where key objects are created atomically from
|
||||
* a structure that represents the properties.
|
||||
*/
|
||||
|
||||
/** \def PSA_KEY_POLICY_INIT
|
||||
*
|
||||
* This macro returns a suitable initializer for a key policy object of type
|
||||
* #psa_key_policy_t.
|
||||
*/
|
||||
#ifdef __DOXYGEN_ONLY__
|
||||
/* This is an example definition for documentation purposes.
|
||||
* Implementations should define a suitable value in `crypto_struct.h`.
|
||||
*/
|
||||
#define PSA_KEY_POLICY_INIT {0}
|
||||
#endif
|
||||
|
||||
/** Return an initial value for a key policy that forbids all usage of the key.
|
||||
*/
|
||||
static psa_key_policy_t psa_key_policy_init(void);
|
||||
|
||||
/** \brief Set the standard fields of a policy structure.
|
||||
*
|
||||
* Note that this function does not make any consistency check of the
|
||||
* parameters. The values are only checked when applying the policy to
|
||||
* a key with psa_set_key_policy().
|
||||
*
|
||||
* \param[in,out] policy The key policy to modify. It must have been
|
||||
* initialized as per the documentation for
|
||||
* #psa_key_policy_t.
|
||||
* \param usage The permitted uses for the key.
|
||||
* \param alg The algorithm that the key may be used for.
|
||||
*/
|
||||
void psa_key_policy_set_usage(psa_key_policy_t *policy,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg);
|
||||
|
||||
/** \brief Retrieve the usage field of a policy structure.
|
||||
*
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \return The permitted uses for a key with this policy.
|
||||
*/
|
||||
psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Retrieve the algorithm field of a policy structure.
|
||||
*
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \return The permitted algorithm for a key with this policy.
|
||||
*/
|
||||
psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Set the usage policy for a key.
|
||||
*
|
||||
* This function must be called on a key handle before importing,
|
||||
* generating or creating a key. Changing the policy of an
|
||||
* existing key is not permitted.
|
||||
*
|
||||
* Implementations may set restrictions on supported key policies
|
||||
* depending on the key type.
|
||||
*
|
||||
* \param handle Handle to the key whose policy is to be changed.
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* If the key is persistent, it is implementation-defined whether
|
||||
* the policy has been saved to persistent storage. Implementations
|
||||
* may defer saving the policy until the key material is created.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_set_key_policy(psa_key_handle_t handle,
|
||||
const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Get the usage policy for a key.
|
||||
*
|
||||
* \param handle Handle to the key whose policy is being queried.
|
||||
* \param[out] policy On success, the key's policy.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_policy(psa_key_handle_t handle,
|
||||
psa_key_policy_t *policy);
|
||||
|
||||
/**@}*/
|
||||
|
||||
/** \defgroup to_handle Key creation to allocated handle
|
||||
* @{
|
||||
*
|
||||
* The functions in this section are legacy interfaces where the properties
|
||||
* of a key object are set after allocating a handle, in constrast with the
|
||||
* preferred interface where key objects are created atomically from
|
||||
* a structure that represents the properties.
|
||||
*/
|
||||
|
||||
/** Create a new persistent key.
|
||||
*
|
||||
* Create a new persistent key and return a handle to it. The handle
|
||||
* remains valid until the application calls psa_close_key() or terminates.
|
||||
* The application can open the key again with psa_open_key() until it
|
||||
* removes the key by calling psa_destroy_key().
|
||||
*
|
||||
* \param lifetime The lifetime of the key. This designates a storage
|
||||
* area where the key material is stored. This must not
|
||||
* be #PSA_KEY_LIFETIME_VOLATILE.
|
||||
* \param id The persistent identifier of the key.
|
||||
* \param[out] handle On success, a handle to the newly created key.
|
||||
* When key material is later created in this key,
|
||||
* it will be saved to the specified persistent location.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success. The application can now use the value of `*handle`
|
||||
* for key operations.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* There is already a key with the identifier \p id in the storage
|
||||
* area designated by \p lifetime.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p id is invalid for the specified lifetime.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p lifetime is not supported.
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \p lifetime is valid, but the application does not have the
|
||||
* permission to create a key there.
|
||||
*/
|
||||
psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
|
||||
psa_key_id_t id,
|
||||
psa_key_handle_t *handle);
|
||||
|
||||
/** Allocate space for a transient key, i.e. a key which is only stored
|
||||
* in volatile memory.
|
||||
*
|
||||
* The allocated key and its handle remain valid until the
|
||||
* application calls psa_close_key() or psa_destroy_key() or until the
|
||||
* application terminates.
|
||||
*
|
||||
* \param[out] handle On success, a handle to a volatile key.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success. The application can now use the value of `*handle`
|
||||
* to refer to the key.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* There was not enough memory, or the maximum number of transient keys
|
||||
* has been reached.
|
||||
*/
|
||||
psa_status_t psa_allocate_key(psa_key_handle_t *handle);
|
||||
|
||||
/**
|
||||
* \brief Get basic metadata about a key.
|
||||
*
|
||||
* \param handle Handle to the key to query.
|
||||
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX value).
|
||||
* This may be a null pointer, in which case the key type
|
||||
* is not written.
|
||||
* \param[out] bits On success, the key size in bits.
|
||||
* This may be a null pointer, in which case the key size
|
||||
* is not written.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_DOES_NOT_EXIST
|
||||
* The handle does not contain a key.
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_information(psa_key_handle_t handle,
|
||||
psa_key_type_t *type,
|
||||
size_t *bits);
|
||||
|
||||
/** \brief Retrieve the lifetime of an open key.
|
||||
*
|
||||
* \param handle Handle to query.
|
||||
* \param[out] lifetime On success, the lifetime value.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_lifetime_from_handle(psa_key_handle_t handle,
|
||||
psa_key_lifetime_t *lifetime);
|
||||
|
||||
psa_status_t psa_import_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
size_t data_length);
|
||||
|
||||
psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
|
||||
psa_key_handle_t target_handle,
|
||||
const psa_key_policy_t *constraint);
|
||||
|
||||
psa_status_t psa_generate_derived_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
psa_key_derivation_operation_t *operation);
|
||||
|
||||
psa_status_t psa_generate_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
const void *extra,
|
||||
size_t extra_size);
|
||||
|
||||
/**@}*/
|
||||
|
||||
|
||||
/** \addtogroup crypto_types
|
||||
* @{
|
||||
*/
|
||||
|
|
|
@ -739,27 +739,6 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
|
|||
return( status );
|
||||
}
|
||||
|
||||
/* Retrieve an empty key slot (slot with no key data, but possibly
|
||||
* with some metadata such as a policy or domain parameters). */
|
||||
static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle,
|
||||
psa_key_slot_t **p_slot )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
|
||||
*p_slot = NULL;
|
||||
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( slot->type != PSA_KEY_TYPE_NONE )
|
||||
return( PSA_ERROR_ALREADY_EXISTS );
|
||||
|
||||
*p_slot = slot;
|
||||
return( status );
|
||||
}
|
||||
|
||||
/** Calculate the intersection of two algorithm usage policies.
|
||||
*
|
||||
* Return 0 (which allows no operation) on incompatibility.
|
||||
|
@ -938,45 +917,6 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_import_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
slot->type = type;
|
||||
|
||||
status = psa_import_key_into_slot( slot, data, data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
slot->type = PSA_KEY_TYPE_NONE;
|
||||
return( status );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
|
||||
{
|
||||
/* Store in file location */
|
||||
status = psa_save_persistent_key( slot->persistent_storage_id,
|
||||
slot->type, &slot->policy, data,
|
||||
data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
(void) psa_remove_key_data_from_memory( slot );
|
||||
slot->type = PSA_KEY_TYPE_NONE;
|
||||
}
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_destroy_key( psa_key_handle_t handle )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
|
@ -1143,30 +1083,6 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_information( psa_key_handle_t handle,
|
||||
psa_key_type_t *type,
|
||||
size_t *bits )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
if( type != NULL )
|
||||
*type = 0;
|
||||
if( bits != NULL )
|
||||
*bits = 0;
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( slot->type == PSA_KEY_TYPE_NONE )
|
||||
return( PSA_ERROR_DOES_NOT_EXIST );
|
||||
if( type != NULL )
|
||||
*type = slot->type;
|
||||
if( bits != NULL )
|
||||
*bits = psa_get_key_slot_bits( slot );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
|
||||
static int pk_write_pubkey_simple( mbedtls_pk_context *key,
|
||||
unsigned char *buf, size_t size )
|
||||
|
@ -1341,39 +1257,6 @@ psa_status_t psa_export_public_key( psa_key_handle_t handle,
|
|||
data_length, 1 ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
static psa_status_t psa_save_generated_persistent_key( psa_key_slot_t *slot,
|
||||
size_t bits )
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t *data;
|
||||
size_t key_length;
|
||||
size_t data_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type, bits );
|
||||
data = mbedtls_calloc( 1, data_size );
|
||||
if( data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
/* Get key data in export format */
|
||||
status = psa_internal_export_key( slot, data, data_size, &key_length, 0 );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
slot->type = PSA_KEY_TYPE_NONE;
|
||||
goto exit;
|
||||
}
|
||||
/* Store in file location */
|
||||
status = psa_save_persistent_key( slot->persistent_storage_id,
|
||||
slot->type, &slot->policy,
|
||||
data, key_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
slot->type = PSA_KEY_TYPE_NONE;
|
||||
}
|
||||
exit:
|
||||
mbedtls_platform_zeroize( data, key_length );
|
||||
mbedtls_free( data );
|
||||
return( status );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
static psa_status_t psa_set_key_policy_internal(
|
||||
psa_key_slot_t *slot,
|
||||
const psa_key_policy_t *policy )
|
||||
|
@ -1623,41 +1506,6 @@ exit:
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
|
||||
psa_key_handle_t target_handle,
|
||||
const psa_key_policy_t *constraint)
|
||||
{
|
||||
psa_key_slot_t *source_slot = NULL;
|
||||
psa_key_slot_t *target_slot = NULL;
|
||||
psa_key_policy_t new_policy;
|
||||
psa_status_t status;
|
||||
status = psa_get_key_from_slot( source_handle, &source_slot,
|
||||
PSA_KEY_USAGE_COPY, 0 );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_get_empty_key_slot( target_handle, &target_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
new_policy = target_slot->policy;
|
||||
status = psa_restrict_key_policy( &new_policy, &source_slot->policy );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
if( constraint != NULL )
|
||||
{
|
||||
status = psa_restrict_key_policy( &new_policy, constraint );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
}
|
||||
|
||||
status = psa_copy_key_material( source_slot, target_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
target_slot->policy = new_policy;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_copy_key( psa_key_handle_t source_handle,
|
||||
const psa_key_attributes_t *specified_attributes,
|
||||
psa_key_handle_t *target_handle )
|
||||
|
@ -3644,86 +3492,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
|
|||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Key Policy */
|
||||
/****************************************************************/
|
||||
|
||||
#if !defined(MBEDTLS_PSA_CRYPTO_SPM)
|
||||
void psa_key_policy_set_usage( psa_key_policy_t *policy,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
policy->usage = usage;
|
||||
policy->alg = alg;
|
||||
}
|
||||
|
||||
psa_key_usage_t psa_key_policy_get_usage( const psa_key_policy_t *policy )
|
||||
{
|
||||
return( policy->usage );
|
||||
}
|
||||
|
||||
psa_algorithm_t psa_key_policy_get_algorithm( const psa_key_policy_t *policy )
|
||||
{
|
||||
return( policy->alg );
|
||||
}
|
||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_SPM) */
|
||||
|
||||
psa_status_t psa_set_key_policy( psa_key_handle_t handle,
|
||||
const psa_key_policy_t *policy )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
if( policy == NULL )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
return( psa_set_key_policy_internal( slot, policy ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_policy( psa_key_handle_t handle,
|
||||
psa_key_policy_t *policy )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
if( policy == NULL )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
*policy = slot->policy;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Key Lifetime */
|
||||
/****************************************************************/
|
||||
|
||||
psa_status_t psa_get_key_lifetime_from_handle( psa_key_handle_t handle,
|
||||
psa_key_lifetime_t *lifetime )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
*lifetime = slot->lifetime;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* AEAD */
|
||||
|
@ -4539,37 +4307,6 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
|||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
psa_key_derivation_operation_t *operation )
|
||||
{
|
||||
uint8_t *data = NULL;
|
||||
size_t bytes = PSA_BITS_TO_BYTES( bits );
|
||||
psa_status_t status;
|
||||
|
||||
if( ! key_type_is_raw_bytes( type ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
if( bits % 8 != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
data = mbedtls_calloc( 1, bytes );
|
||||
if( data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
status = psa_key_derivation_output_bytes( operation, data, bytes );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( type == PSA_KEY_TYPE_DES )
|
||||
psa_des_set_key_parity( data, bytes );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
status = psa_import_key_to_handle( handle, type, data, bytes );
|
||||
|
||||
exit:
|
||||
mbedtls_free( data );
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
|
@ -5426,40 +5163,6 @@ static psa_status_t psa_generate_key_internal(
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
const void *extra,
|
||||
size_t extra_size )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
||||
/* The old public exponent encoding is no longer supported. */
|
||||
if( extra_size != 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
slot->type = type;
|
||||
status = psa_generate_key_internal( slot, bits, extra, extra_size );
|
||||
if( status != PSA_SUCCESS )
|
||||
slot->type = 0;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
|
||||
{
|
||||
return( psa_save_generated_persistent_key( slot, bits ) );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_handle_t *handle )
|
||||
{
|
||||
|
|
|
@ -290,21 +290,6 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
|
|||
id, handle, 0 ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
|
||||
psa_key_file_id_t id,
|
||||
psa_key_handle_t *handle )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
||||
status = persistent_key_setup( lifetime, id, handle, 1 );
|
||||
switch( status )
|
||||
{
|
||||
case PSA_SUCCESS: return( PSA_ERROR_ALREADY_EXISTS );
|
||||
case PSA_ERROR_DOES_NOT_EXIST: return( PSA_SUCCESS );
|
||||
default: return( status );
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_close_key( psa_key_handle_t handle )
|
||||
{
|
||||
return( psa_internal_release_key_slot( handle ) );
|
||||
|
|
|
@ -55,6 +55,16 @@ psa_status_t psa_initialize_key_slots( void );
|
|||
* This does not affect persistent storage. */
|
||||
void psa_wipe_all_key_slots( void );
|
||||
|
||||
/** Allocate a key slot.
|
||||
*
|
||||
* \param[out] handle On success, a handle to a newly allocated key slot.
|
||||
* 0 if an error occurs.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
*/
|
||||
psa_status_t psa_allocate_key( psa_key_handle_t *handle );
|
||||
|
||||
/** Test whether the given parameters are acceptable for a persistent key.
|
||||
*
|
||||
* This function does not access the storage in any way. It only tests
|
||||
|
|
Loading…
Reference in a new issue