Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index dc808e8..5225c57 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -922,28 +922,24 @@
* \warning This is a temporary utility function for tests. It might
* change or be removed at any time without notice.
*
- * \note ECDSA & RSA keys are supported.
- * For both key types, signing with the specified hash
- * is the only allowed use of that key with PK API.
- * The RSA key supports RSA-PSS signing with the specified
- * hash with the PK EXT API.
- * In addition, the ECDSA key is also allowed for ECDH key
- * agreement derivation operation using the PSA API.
- *
* \param pk Input: the EC or RSA key to import to a PSA key.
* Output: a PK context wrapping that PSA key.
* \param key Output: a PSA key identifier.
* It's the caller's responsibility to call
* psa_destroy_key() on that key identifier after calling
* mbedtls_pk_free() on the PK context.
- * \param hash_alg The hash algorithm to allow for use with that key.
+ * \param alg The algorithm to allow for use with that key.
+ * \param usage The usage to allow for use with that key.
+ * \param alg2 The secondary algorithm to allow for use with that key.
*
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key,
- psa_algorithm_t hash_alg );
+ psa_algorithm_t alg,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg2 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus
diff --git a/library/pk.c b/library/pk.c
index bba2ef7..42ff432 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -720,12 +720,16 @@
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key,
- psa_algorithm_t hash_alg )
+ psa_algorithm_t alg,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg2 )
{
#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
- ((void) hash_alg);
+ ((void) alg);
+ ((void) usage);
+ ((void) alg2);
#else
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
@@ -752,10 +756,10 @@
/* prepare the key attributes */
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_DERIVE);
- psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) );
- psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ if( alg2 != PSA_ALG_NONE )
+ psa_set_key_enrollment_algorithm( &attributes, alg2 );
/* import private key into PSA */
status = psa_import_key( &attributes, d, d_len, key );
@@ -786,11 +790,10 @@
/* prepare the key attributes */
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes,
- PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) );
- psa_set_key_enrollment_algorithm( &attributes,
- PSA_ALG_RSA_PSS( hash_alg ) );
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, alg );
+ if( alg2 != PSA_ALG_NONE )
+ psa_set_key_enrollment_algorithm( &attributes, alg2 );
/* import private key into PSA */
status = psa_import_key( &attributes,