diff --git a/ChangeLog.d/psa_can_do_cipher.txt b/ChangeLog.d/psa_can_do_cipher.txt new file mode 100644 index 0000000000..16598b636e --- /dev/null +++ b/ChangeLog.d/psa_can_do_cipher.txt @@ -0,0 +1,5 @@ +API changes + * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT + enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the + function psa_can_do_cipher() in addition to psa_can_do_hash(). This + changed was made in Mbed TLS 3.6.0 but was not announced then. diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 70740901e1..0e7898983b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -600,9 +600,10 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * This means that PSA core was built with the corresponding PSA_WANT_ALG_xxx * set and that psa_crypto_init has already been called. * - * \note When using Mbed TLS version of PSA core (i.e. MBEDTLS_PSA_CRYPTO_C is - * set) for now this function only checks the state of the driver - * subsystem, not the algorithm. This might be improved in the future. + * \note When using the built-in version of the PSA core (i.e. + * #MBEDTLS_PSA_CRYPTO_C is set), for now, this function only checks + * the state of the driver subsystem, not the algorithm. + * This might be improved in the future. * * \param hash_alg The hash algorithm. * @@ -610,6 +611,21 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( */ int psa_can_do_hash(psa_algorithm_t hash_alg); +/** + * Tell if PSA is ready for this cipher. + * + * \note When using the built-in version of the PSA core (i.e. + * #MBEDTLS_PSA_CRYPTO_C is set), for now, this function only checks + * the state of the driver subsystem, not the key type and algorithm. + * This might be improved in the future. + * + * \param key_type The key type. + * \param cipher_alg The cipher algorithm. + * + * \return 1 if the PSA can handle \p cipher_alg, 0 otherwise. + */ +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); + /**@}*/ /** \addtogroup crypto_types diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index c3c0770142..ac92ea2b37 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -24,18 +24,6 @@ #include "mbedtls/threading.h" #endif -/** - * Tell if PSA is ready for this cipher. - * - * \note For now, only checks the state of the driver subsystem, - * not the algorithm. Might do more in the future. - * - * \param cipher_alg The cipher algorithm (ignored for now). - * - * \return 1 if the driver subsytem is ready, 0 otherwise. - */ -int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); - typedef enum { PSA_SLOT_EMPTY = 0, PSA_SLOT_FILLING,