diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 903ef99a4b..f7b158326c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -369,6 +369,72 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle, psa_key_type_t *type, size_t *bits); +/** + * \brief Set domain parameters for a key. + * + * Some key types require additional domain parameters to be set before import + * or generation of the key. The domain parameters can be set with this + * function or, for key generation, through the \c extra parameter of + * psa_generate_key(). + * + * The format for the required domain parameters varies by the key type. + * + * \param handle Handle to the key to set domain parameters for. + * \param[in] data Buffer containing the key domain parameters. The content + * of this buffer is interpreted according to \p type. of + * psa_export_key() or psa_export_public_key() for the + * chosen type. + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_OCCUPIED_SLOT + * There is already a key in the specified slot. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle, + const uint8_t *data, + size_t data_length); + +/** + * \brief Get domain parameters for a key. + * + * Get the domain parameters for a key with this function, if any. The format + * of the domain parameters written to \p data is specified in the + * documentation for psa_set_key_domain_parameters(). + * + * \param handle Handle to the key to get domain parameters from. + * \param[out] data On success, the key domain parameters. + * \param data_size Size of the \p data buffer in bytes. + * \param[out] data_length On success, the number of bytes + * that make up the key domain parameters data. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_EMPTY_SLOT + * There is no key in the specified slot. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, + uint8_t *data, + size_t data_size, + size_t *data_length); + /** * \brief Export a key in binary format. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bb53f81940..9cfdcdd161 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -727,7 +727,7 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, } /* Retrieve an empty key slot (slot with no key data, but possibly - * with some metadata such as a policy). */ + * with some metadata such as a policy or domain parameters). */ static psa_status_t psa_get_empty_key_slot( psa_key_handle_t handle, psa_key_slot_t **p_slot ) {