lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Rename functions that inject key material to an allocated handle

Browse Source 
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
This commit is contained in:
Gilles Peskine
2019-04-17 12:28:25 +02:00
parent c69af209f8
commit 87a5e565f4
15 changed files with 222 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/cipher.c
View File

@ -338,7 +338,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Populate new key slot. */
status = psa_import_key( cipher_psa->slot,
status = psa_import_key_to_handle( cipher_psa->slot,
key_type, key, key_bytelen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );

2
library/pk.c
View File

@ -629,7 +629,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
/* import private key in slot */
if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
if( PSA_SUCCESS != psa_import_key_to_handle( key, key_type, d, d_len ) )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
/* remember slot number to be destroyed later by caller */

2
library/pk_wrap.c
View File

@ -589,7 +589,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
goto cleanup;
}
if( psa_import_key( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
if( psa_import_key_to_handle( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
!= PSA_SUCCESS )
{
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;

14
library/psa_crypto.c
View File

@ -903,7 +903,7 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
return( status );
}
psa_status_t psa_import_key( psa_key_handle_t handle,
psa_status_t psa_import_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
const uint8_t *data,
size_t data_length )
@ -1228,7 +1228,7 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key( target, source->type, buffer, length );
status = psa_import_key_to_handle( target, source->type, buffer, length );
exit:
if( buffer_size != 0 )
@ -1237,7 +1237,7 @@ exit:
return( status );
}
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
psa_key_handle_t target_handle,
const psa_key_policy_t *constraint)
{
@ -3277,7 +3277,7 @@ psa_status_t psa_get_key_policy( psa_key_handle_t handle,
/* Key Lifetime */
/****************************************************************/
psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
psa_status_t psa_get_key_lifetime_from_handle( psa_key_handle_t handle,
psa_key_lifetime_t *lifetime )
{
psa_key_slot_t *slot;
@ -3996,7 +3996,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
}
#endif /* MBEDTLS_DES_C */
psa_status_t psa_generator_import_key( psa_key_handle_t handle,
psa_status_t psa_generator_import_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
psa_crypto_generator_t *generator )
@ -4020,7 +4020,7 @@ psa_status_t psa_generator_import_key( psa_key_handle_t handle,
if( type == PSA_KEY_TYPE_DES )
psa_des_set_key_parity( data, bytes );
#endif /* MBEDTLS_DES_C */
status = psa_import_key( handle, type, data, bytes );
status = psa_import_key_to_handle( handle, type, data, bytes );
exit:
mbedtls_free( data );
@ -4749,7 +4749,7 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
psa_status_t psa_generate_key( psa_key_handle_t handle,
psa_status_t psa_generate_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
const void *extra,

2
library/ssl_cli.c
View File

@ -3148,7 +3148,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
/* Generate ECDH private key. */
status = psa_generate_key( handshake->ecdh_psa_privkey,
status = psa_generate_key_to_handle( handshake->ecdh_psa_privkey,
PSA_KEY_TYPE_ECC_KEYPAIR( handshake->ecdh_psa_curve ),
MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ),
NULL, 0 );

2
library/ssl_tls.c
View File

@ -544,7 +544,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
status = psa_import_key( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
status = psa_import_key_to_handle( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );