Add key generation to opaque test function

While at it, clarify who's responsible for destroying the underlying key. That can't be us because some keys cannot be destroyed and we wouldn't know. So let's leave that up to the caller.
2018-10-31 10:28:01 +01:00 · 2018-10-31 10:28:01 +01:00 · 06c631859c
commit 06c631859c
parent 274f521b9a
2 changed files with 50 additions and 3 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -208,6 +208,11 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx );

 /**
 * \brief           Free a mbedtls_pk_context
+ *
+ * \note            For contexts that have been set up with
+ *                  mbedtls_pk_setup_psa(), this does not free the underlying
+ *                  key slot and you still need to call psa_destroy_key()
+ *                  independently if you want to destroy that key.
 */
 void mbedtls_pk_free( mbedtls_pk_context *ctx );

@ -246,6 +251,12 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
 * \param ctx       Context to initialize. Must be empty (type NONE).
 * \param key       PSA key slot to wrap.
 *
+ * \note            The wrapped key slot must remain valid as long as the
+ *                  wrapping PK context is in use, that is at least between
+ *                  the point this function is called and the point
+ *                  mbedtls_pk_free() is called on this context. The wrapped
+ *                  key slot might then be independently used or destroyed.
+ *
 * \return          0 on success,
 *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
 *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.