yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm

Browse source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-22 13:57:14 +02:00
parent 8855e36030
commit a1fc18fa55
2 changed files with 20 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
include/mbedtls/pk.h
View file

@ -922,28 +922,24 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
* \warning This is a temporary utility function for tests. It might
* change or be removed at any time without notice.
*
* \note ECDSA & RSA keys are supported.
* For both key types, signing with the specified hash
* is the only allowed use of that key with PK API.
* The RSA key supports RSA-PSS signing with the specified
* hash with the PK EXT API.
* In addition, the ECDSA key is also allowed for ECDH key
* agreement derivation operation using the PSA API.
*
* \param pk Input: the EC or RSA key to import to a PSA key.
* Output: a PK context wrapping that PSA key.
* \param key Output: a PSA key identifier.
* It's the caller's responsibility to call
* psa_destroy_key() on that key identifier after calling
* mbedtls_pk_free() on the PK context.
* \param hash_alg The hash algorithm to allow for use with that key.
* \param alg The algorithm to allow for use with that key.
* \param usage The usage to allow for use with that key.
* \param alg2 The secondary algorithm to allow for use with that key.
*
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg );
psa_algorithm_t alg,
psa_key_usage_t usage,
psa_algorithm_t alg2 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus

25
library/pk.c
View file

@ -720,12 +720,16 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg )
psa_algorithm_t alg,
psa_key_usage_t usage,
psa_algorithm_t alg2 )
{
#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) hash_alg);
((void) alg);
((void) usage);
((void) alg2);
#else
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
@ -752,10 +756,10 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
/* prepare the key attributes */
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) );
psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH );
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
if( alg2 != PSA_ALG_NONE )
psa_set_key_enrollment_algorithm( &attributes, alg2 );
/* import private key into PSA */
status = psa_import_key( &attributes, d, d_len, key );
@ -786,11 +790,10 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
/* prepare the key attributes */
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes,
PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) );
psa_set_key_enrollment_algorithm( &attributes,
PSA_ALG_RSA_PSS( hash_alg ) );
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
if( alg2 != PSA_ALG_NONE )
psa_set_key_enrollment_algorithm( &attributes, alg2 );
/* import private key into PSA */
status = psa_import_key( &attributes,