You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/crypto/api/ops/key-wrapping.rst
+7-8Lines changed: 7 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -163,7 +163,6 @@ Key wrapping functions
163
163
* The key usage flags include invalid values.
164
164
* The key's permitted-usage algorithm is invalid.
165
165
* The key attributes, as a whole, are invalid.
166
-
* The key format is invalid.
167
166
* The key data is not correctly formatted for the key type.
168
167
.. retval:: PSA_ERROR_NOT_PERMITTED
169
168
The following conditions can result in this error:
@@ -184,13 +183,12 @@ Key wrapping functions
184
183
185
184
The wrapped key data determines the key size.
186
185
:code:``psa_get_key_bits(attributes)`` must either match the determined key size or be ``0``.
187
-
Implementations must reject an attempt to import a key of size zero.
186
+
187
+
Implementations must reject an attempt to unwrap a key if the determined key size is ``0``.
188
188
189
189
.. note::
190
190
A call to `psa_unwrap_key()` first applies the decryption procedure associated with the key-wrapping algorithm ``alg``, using the ``wrapping_key`` key, to the supplied ``data`` buffer.
191
-
If the decryption succeeds, the resulting plaintext, along with the provided ``attributes`` are then processed as if they were inputs to ``psa_import_key()``.
192
-
193
-
The benefit of using `psa_unwrap_key()` is that the plaintext key material is not exposed outside of the cryptoprocessor.
191
+
The resulting plaintext is retained within the cryptoprocessor, and used with the provided ``attributes`` to create a key, as if they were inputs to `psa_import_key()`.
194
192
195
193
.. note::
196
194
The |API| does not support asymmetric private key objects outside of a key pair.
@@ -225,8 +223,9 @@ Key wrapping functions
225
223
This must be appropriate for the key:
226
224
227
225
* The required output size is :code:`PSA_WRAP_KEY_OUTPUT_SIZE(wrap_key_type, alg, type, bits)`, where ``wrap_key_type`` is the type of the wrapping key, ``alg`` is the key-wrapping algorithm, ``type`` is the type of the key being wrapped, and ``bits`` is the bit-size of the key being wrapped.
228
-
* `PSA_WRAP_KEY_PAIR_MAX_SIZE` evaluates to the maximum wrapped output size of any supported key pair, in any supported combination of key-wrapping algorithm, wrapping-key type, key format and options.
229
-
* This API defines no maximum size for wrapped symmetric keys. Arbitrarily large data items can be stored in the key store, for example certificates that correspond to a stored private key or input material for key derivation.
226
+
* `PSA_WRAP_KEY_PAIR_MAX_SIZE` evaluates to the maximum wrapped output size of any supported key pair, in any supported combination of key-wrapping algorithm and wrapping-key type.
227
+
* This API defines no maximum size for wrapped symmetric keys.
228
+
Arbitrarily large data items can be stored in the key store, for example certificates that correspond to a stored private key or input material for key derivation.
230
229
.. param:: size_t * data_length
231
230
On success, the number of bytes that make up the wrapped key data.
232
231
@@ -269,7 +268,7 @@ Key wrapping functions
269
268
.. retval:: PSA_ERROR_BAD_STATE
270
269
The library requires initializing by a call to `psa_crypto_init()`.
271
270
272
-
Wrap a key from the key store into a data buffer using a specified key-wrapping algorithm, and key-wrapping key.
271
+
Wrap a key from the key store into a data buffer using a specified key-wrapping algorithm and key-wrapping key.
273
272
On success, the output contains the wrapped key value.
274
273
The policy of the key to be wrapped must have the usage flag `PSA_KEY_USAGE_EXPORT` set.
0 commit comments