From 4c6cea549c28d3dc9b7a23a5ed607009055f7e7f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Feb 2024 10:48:49 +0100 Subject: [PATCH] pk: deprecate mbedtls_pk_wrap_as_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 23 ++++++++++++++--------- library/pk.c | 14 +++++++------- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 534712b5a..fff1912d1 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -1213,12 +1213,17 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *key); #endif /* MBEDTLS_PK_WRITE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Turn an EC or RSA key into an opaque one. * - * \warning This is a temporary utility function for tests. It might - * change or be removed at any time without notice. + * \warning This function is deprecated and will be removed in a + * future version of the library. + * To wrap a key into an opaque one the following functions + * should be used instead: + * - mbedtls_pk_get_psa_attributes() + * - mbedtls_pk_import_into_psa() + * - mbedtls_pk_setup_opaque(). * * \param pk Input: the EC or RSA key to import to a PSA key. * Output: a PK context wrapping that PSA key. @@ -1233,12 +1238,12 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, * \return \c 0 if successful. * \return An Mbed TLS error code otherwise. */ -int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, - mbedtls_svc_key_id_t *key, - psa_algorithm_t alg, - psa_key_usage_t usage, - psa_algorithm_t alg2); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +MBEDTLS_DEPRECATED mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + mbedtls_svc_key_id_t *key, + psa_algorithm_t alg, + psa_key_usage_t usage, + psa_algorithm_t alg2); +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } diff --git a/library/pk.c b/library/pk.c index 1ded4872f..322cd583a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1357,18 +1357,18 @@ mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx) return ctx->pk_info->type; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Load the key to a PSA key slot, * then turn the PK context into a wrapper for that key slot. * * Currently only works for EC & RSA private keys. */ -int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, - mbedtls_svc_key_id_t *key, - psa_algorithm_t alg, - psa_key_usage_t usage, - psa_algorithm_t alg2) +MBEDTLS_DEPRECATED int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + mbedtls_svc_key_id_t *key, + psa_algorithm_t alg, + psa_key_usage_t usage, + psa_algorithm_t alg2) { #if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C) ((void) pk); @@ -1476,5 +1476,5 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, #endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_TYPE_MISMATCH; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_PK_C */