programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests
This is replaced with: mbedtls_pk_get_psa_attributes() + mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque(). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
1fa2f6e9af
commit
7541ebea52
4 changed files with 58 additions and 11 deletions
|
@ -1711,11 +1711,10 @@ usage:
|
||||||
&psa_alg, &psa_alg2,
|
&psa_alg, &psa_alg2,
|
||||||
&usage,
|
&usage,
|
||||||
mbedtls_pk_get_type(&pkey)) == 0) {
|
mbedtls_pk_get_type(&pkey)) == 0) {
|
||||||
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, psa_alg,
|
ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
|
||||||
usage, psa_alg2);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! "
|
mbedtls_printf(" failed\n ! "
|
||||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
"mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2708,12 +2708,10 @@ usage:
|
||||||
&psa_alg, &psa_alg2,
|
&psa_alg, &psa_alg2,
|
||||||
&psa_usage,
|
&psa_usage,
|
||||||
mbedtls_pk_get_type(&pkey)) == 0) {
|
mbedtls_pk_get_type(&pkey)) == 0) {
|
||||||
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot,
|
ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot);
|
||||||
psa_alg, psa_usage, psa_alg2);
|
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! "
|
mbedtls_printf(" failed\n ! "
|
||||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
"pk_wrap_as_opaque returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
@ -2727,12 +2725,10 @@ usage:
|
||||||
&psa_alg, &psa_alg2,
|
&psa_alg, &psa_alg2,
|
||||||
&psa_usage,
|
&psa_usage,
|
||||||
mbedtls_pk_get_type(&pkey2)) == 0) {
|
mbedtls_pk_get_type(&pkey2)) == 0) {
|
||||||
ret = mbedtls_pk_wrap_as_opaque(&pkey2, &key_slot2,
|
ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2);
|
||||||
psa_alg, psa_usage, psa_alg2);
|
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! "
|
mbedtls_printf(" failed\n ! "
|
||||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
"mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -274,6 +274,35 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
|
||||||
|
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
|
ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr);
|
||||||
|
if (ret != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
psa_set_key_usage_flags(&key_attr, psa_usage);
|
||||||
|
psa_set_key_algorithm(&key_attr, psa_alg);
|
||||||
|
if (psa_alg2 != PSA_ALG_NONE) {
|
||||||
|
psa_set_key_enrollment_algorithm(&key_attr, psa_alg2);
|
||||||
|
}
|
||||||
|
ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id);
|
||||||
|
if (ret != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
mbedtls_pk_free(pk);
|
||||||
|
mbedtls_pk_init(pk);
|
||||||
|
ret = mbedtls_pk_setup_opaque(pk, *key_id);
|
||||||
|
if (ret != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
|
|
|
@ -235,6 +235,29 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||||
psa_algorithm_t *psa_alg2,
|
psa_algorithm_t *psa_alg2,
|
||||||
psa_key_usage_t *usage,
|
psa_key_usage_t *usage,
|
||||||
mbedtls_pk_type_t key_type);
|
mbedtls_pk_type_t key_type);
|
||||||
|
|
||||||
|
/** Turn a non-opaque PK context into an opaque one with folowing steps:
|
||||||
|
* - extract the key data and attributes from the PK context.
|
||||||
|
* - import the key material into PSA.
|
||||||
|
* - free the provided PK context and re-initilize it as an opaque PK context
|
||||||
|
* wrapping the PSA key imported in the above step.
|
||||||
|
*
|
||||||
|
* \param[in/out] pk On input the non-opaque PK context which contains the
|
||||||
|
* key to be wrapped. On output the re-initialized PK
|
||||||
|
* context which represents the opaque version of the one
|
||||||
|
* provided as input.
|
||||||
|
* \param[in] psa_alg The primary algorithm that will be associated to the
|
||||||
|
* PSA key.
|
||||||
|
* \param[in] psa_alg2 The enrollment algorithm that will be associated to the
|
||||||
|
* PSA key.
|
||||||
|
* \param[in] psa_usage The PSA key usage policy.
|
||||||
|
* \param[out] key_id The PSA key identifier of the imported key.
|
||||||
|
*
|
||||||
|
* \return \c 0 on sucess.
|
||||||
|
* \return \c -1 on failure.
|
||||||
|
*/
|
||||||
|
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
|
||||||
|
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||||
|
|
Loading…
Reference in a new issue