Introduce mbedtls_pk_get_psa_attributes

Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657 as of dd77343381, i.e. dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context) This commit introduces the function declaration, its documentation, the definition without the interesting parts and a negative unit test function. Subsequent commits will add RSA, ECC and PK_OPAQUE support. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-01 10:06:53 +03:00 · 2024-01-18 14:11:26 +01:00
parent bc5d9165ae
commit 0b17255da1
4 changed files with 207 additions and 2 deletions
--- a/library/pk.c
+++ b/library/pk.c
@ -29,7 +29,7 @@
 #include "mbedtls/ecdsa.h"
 #endif

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #include "psa_util_internal.h"
 #include "md_psa.h"
 #endif
@ -378,6 +378,30 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+                                  psa_key_usage_t usage,
+                                  psa_key_attributes_t *attributes)
+{
+    mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
+
+    switch (pk_type) {
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+        case MBEDTLS_PK_RSA_ALT:
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+        default:
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+
+    usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
+    psa_set_key_usage_flags(attributes, usage);
+
+    return 0;
+}
+#endif
+
 /*
 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
 */