From 4114a54403e66dd136b289704c981572e4d306fd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Feb 2024 16:32:01 +0100 Subject: [PATCH] test_suite_pk: add description for psa_pub_key_from_priv() Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 4ec73a3b04..4ad0113337 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -428,6 +428,14 @@ exit: #endif #if defined(MBEDTLS_PSA_CRYPTO_C) +/* Create a new PSA key which will contain only the public part of the private + * key which is provided in input. For this new key: + * - Type is the public counterpart of the private key. + * - Usage is the copied from the original private key, but the PSA_KEY_USAGE_EXPORT + * flag is removed. This is to prove that public keys are always exportable + * even if the EXPORT flag is not explicitly set. + * - Algorithm is copied from the original key pair. + */ static mbedtls_svc_key_id_t psa_pub_key_from_priv(mbedtls_svc_key_id_t priv_id) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -452,8 +460,6 @@ static mbedtls_svc_key_id_t psa_pub_key_from_priv(mbedtls_svc_key_id_t priv_id) * - psa_import_key() automatically determines the key's bit length * from the provided key data. That's why psa_set_key_bits() is not used * below. - * - public keys are always exportable by default even if PSA_KEY_USAGE_EXPORT - * is not set. */ type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); usage &= ~PSA_KEY_USAGE_EXPORT;