Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381161e09a63b4694001da3957e27d3a7, i.e.
https://github.com/Mbed-TLS/mbedtls/blob/dd77343381161e09a63b4694001da3957e27d3a7/docs/architecture/psa-migration/psa-legacy-bridges.md#api-to-create-a-psa-key-from-a-pk-context
This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/pk.c b/library/pk.c
index 61ac0df..bde561a 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -29,7 +29,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa_util_internal.h"
#include "md_psa.h"
#endif
@@ -378,6 +378,30 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+ psa_key_usage_t usage,
+ psa_key_attributes_t *attributes)
+{
+ mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
+
+ switch (pk_type) {
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+ case MBEDTLS_PK_RSA_ALT:
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+ default:
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
+ psa_set_key_usage_flags(attributes, usage);
+
+ return 0;
+}
+#endif
+
/*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/