Mbed TLS v3.6.2
Loading...
Searching...
No Matches
Random generation

Functions

psa_status_t psa_generate_random (uint8_t *output, size_t output_size)
 Generate random bytes.
 
psa_status_t psa_generate_key (const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)
 Generate a key or key pair.
 
psa_status_t psa_generate_key_custom (const psa_key_attributes_t *attributes, const psa_custom_key_parameters_t *custom, const uint8_t *custom_data, size_t custom_data_length, mbedtls_svc_key_id_t *key)
 Generate a key or key pair using custom production parameters.
 
psa_status_t psa_generate_key_ext (const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key)
 Generate a key or key pair using custom production parameters.
 

Detailed Description

Function Documentation

◆ psa_generate_key()

psa_status_t psa_generate_key ( const psa_key_attributes_t * attributes,
mbedtls_svc_key_id_t * key )

Generate a key or key pair.

The key is generated randomly. Its location, usage policy, type and size are taken from attributes.

Implementations must reject an attempt to generate a key of size 0.

The following type-specific considerations apply:

  • For RSA keys (PSA_KEY_TYPE_RSA_KEY_PAIR), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.
Note
This function is equivalent to calling psa_generate_key_custom() with the custom production parameters PSA_CUSTOM_KEY_PARAMETERS_INIT and custom_data_length == 0 (i.e. custom_data is empty).
Parameters
[in]attributesThe attributes for the new key.
[out]keyOn success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.
Return values
PSA_SUCCESSSuccess. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
PSA_ERROR_ALREADY_EXISTSThis is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INVALID_ARGUMENT
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_INSUFFICIENT_ENTROPY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_DATA_INVALID
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_BAD_STATEThe library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

◆ psa_generate_key_custom()

psa_status_t psa_generate_key_custom ( const psa_key_attributes_t * attributes,
const psa_custom_key_parameters_t * custom,
const uint8_t * custom_data,
size_t custom_data_length,
mbedtls_svc_key_id_t * key )

Generate a key or key pair using custom production parameters.

See the description of psa_generate_key() for the operation of this function with the default production parameters. In addition, this function supports the following production customizations, described in more detail in the documentation of psa_custom_key_parameters_t:

  • RSA keys: generation with a custom public exponent.
Note
This function is experimental and may change in future minor versions of Mbed TLS.
Parameters
[in]attributesThe attributes for the new key.
[in]customCustomization parameters for the key generation. When this is PSA_CUSTOM_KEY_PARAMETERS_INIT with custom_data_length = 0, this function is equivalent to psa_generate_key().
[in]custom_dataVariable-length data associated with custom.
custom_data_lengthLength of custom_data in bytes.
[out]keyOn success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.
Return values
PSA_SUCCESSSuccess. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
PSA_ERROR_ALREADY_EXISTSThis is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INVALID_ARGUMENT
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_INSUFFICIENT_ENTROPY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_DATA_INVALID
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_BAD_STATEThe library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

◆ psa_generate_key_ext()

psa_status_t psa_generate_key_ext ( const psa_key_attributes_t * attributes,
const psa_key_production_parameters_t * params,
size_t params_data_length,
mbedtls_svc_key_id_t * key )

Generate a key or key pair using custom production parameters.

Note
This is a deprecated variant of psa_key_derivation_output_key_custom(). It is equivalent except that the associated variable-length data is passed in params->data instead of a separate parameter. This function will be removed in a future version of Mbed TLS.
Parameters
[in]attributesThe attributes for the new key.
[in]paramsCustomization parameters for the key generation. When this is PSA_KEY_PRODUCTION_PARAMETERS_INIT with params_data_length = 0, this function is equivalent to psa_generate_key().
params_data_lengthLength of params->data in bytes.
[out]keyOn success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.
Return values
PSA_SUCCESSSuccess. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
PSA_ERROR_ALREADY_EXISTSThis is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INVALID_ARGUMENT
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_INSUFFICIENT_ENTROPY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_INSUFFICIENT_STORAGE
PSA_ERROR_DATA_INVALID
PSA_ERROR_DATA_CORRUPT
PSA_ERROR_STORAGE_FAILURE
PSA_ERROR_BAD_STATEThe library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

◆ psa_generate_random()

psa_status_t psa_generate_random ( uint8_t * output,
size_t output_size )

Generate random bytes.

Warning
This function can fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not PSA_SUCCESS.
Note
To generate a key, use psa_generate_key() instead.
Parameters
[out]outputOutput buffer for the generated data.
output_sizeNumber of bytes to generate and output.
Return values
PSA_SUCCESS
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INSUFFICIENT_ENTROPY
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_CORRUPTION_DETECTED
PSA_ERROR_BAD_STATEThe library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.