cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-29 16:32:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

pk: improve description for the new priv_id field

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-05-23 18:39:54 +02:00
parent e50a75f6ff
commit 7ef8a8d0da
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
include/mbedtls/pk.h
View File

@ -262,11 +262,24 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
typedef struct mbedtls_pk_context { typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
/* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is /* The following field is used to store the ID of a private key in the
* used to store the ID of the opaque key. * following cases:
* This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined
* MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case:
* for RSA keys. */ * - the pk_ctx above is not not used to store the private key anymore.
* Actually that field not populated at all in this case because also
* the public key will be stored in raw format as explained below
* - this ID is used for all private key operations (ex: sign, check
* key pair, key write, etc) using PSA functions
*
* Note: this private key storing solution only affects EC keys, not the
* other ones. The latters still use the pk_ctx to store their own
* context.
*
* Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by
* MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because,
* when working with opaque keys, it can be used also in
* mbedtls_pk_sign_ext for RSA keys. */
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */
@ -277,8 +290,7 @@ typedef struct mbedtls_pk_context {
* *
* When MBEDTLS_PK_USE_PSA_EC_DATA is enabled: * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled:
* - the pk_ctx above is not used anymore for storing the public key * - the pk_ctx above is not used anymore for storing the public key
* inside the ecp_keypair structure (only the private part, but also this * inside the ecp_keypair structure
* one is going to change in the future)
* - the following fields are used for all public key operations: signature * - the following fields are used for all public key operations: signature
* verify, key pair check and key write. * verify, key pair check and key write.
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy