Work on psa_import_key_ext() #7910
Conversation
Same test data and test cases as in test_suite_pkparse. All tests skipped to start with. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
ronald-cron-arm
added
enhancement
DO-NOT-MERGE
component-psa
|
@athoelke sorry but I replied too quickly during the meeting. The functions psa_import_key_ext() as it stands does not support the raw formats of psa_import_key(). But I don't see any major issue to add the support, it is mostly about associating them to a key data format. |
| @@ -2069,6 +2069,264 @@ static inline struct psa_pake_operation_s psa_pake_operation_init(void) | |||
| return v; | |||
| } | |||
|
|
|||
| typedef enum { | |||
There was a problem hiding this comment.
We have avoided using enumerations in the public Crypto API, and prefer to use a set of macro definitions. This makes implementation-specific extensions easier, and avoids some complications with the data size of an enumeration.
Please make psa_key_data_format_t a integer typedef, and the values a set of macros.
| @@ -2069,6 +2069,264 @@ static inline struct psa_pake_operation_s psa_pake_operation_init(void) | |||
| return v; | |||
| } | |||
|
|
|||
| typedef enum { | |||
| /** An invalid key data format identifier. */ | |||
| PSA_KEY_DATA_FORMAT_NONE, | |||
There was a problem hiding this comment.
Is it particularly helpful to include 'DATA' in the type and value identifiers? - I think that PSA_KEY_FORMAT_XXX and psa_key_format_t would be unambiguous enough.
| * modulus INTEGER, -- n | ||
| * publicExponent INTEGER -- e } | ||
| * | ||
| * Key attributes when importing: |
There was a problem hiding this comment.
It would help if it was clearer that this is about the way the supplied key attributes are used. Perhaps "When importing a key in this format, the supplied key attributes are used as follows:"
| /** An invalid key data format identifier. */ | ||
| PSA_KEY_DATA_FORMAT_NONE, | ||
| /** | ||
| * DER or PEM encoded RSAPublicKey data structure as defined in RFC 8017 |
There was a problem hiding this comment.
The description of this identifier should mention that it is used to specify the key format in a call to psa_import_key_ex().
| * DER or PEM encoded RSAPublicKey data structure as defined in RFC 8017 | ||
| * (PKCS#1) with: | ||
| * | ||
| * RSAPublicKey ::= SEQUENCE { |
There was a problem hiding this comment.
Should this paragraph be rendered as preformatted text (code)?
| */ | ||
| PSA_KEY_DATA_FORMAT_ONE_ASYMMETRIC_KEY, | ||
|
|
||
| PSA_KEY_DATA_FORMAT_COUNT |
There was a problem hiding this comment.
Not required: the public Crypto API does not define 'count' or terminator values for value sets like this.
| * for a persistent key. | ||
| * | ||
| * \param[in] format The format of the key data in the \p data buffer. | ||
| * \param[out] key On success, an identifier to the newly created key. |
There was a problem hiding this comment.
Move this parameter to the end of the definition list, to match the function declaration
No description provided.