Group random

group Random generation

Functions

psa_status_t psa_generate_random(uint8_t *output, size_t output_size)

Generate random bytes.

Note

To generate a key, use psa_generate_key() instead.

Warning

This function can fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not PSA_SUCCESS.

Parameters:

  • output[out] Output buffer for the generated data.

  • output_size – Number of bytes to generate and output.

Return values:

  • PSA_SUCCESS

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)

Generate a key or key pair.

The key is generated randomly. Its location, usage policy, type and size are taken from attributes.

Implementations must reject an attempt to generate a key of size 0.

The following type-specific considerations apply:

  • For RSA keys (PSA_KEY_TYPE_RSA_KEY_PAIR), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.

Note

This function is equivalent to calling psa_generate_key_custom() with the custom production parameters PSA_CUSTOM_KEY_PARAMETERS_INIT and custom_data_length == 0 (i.e. custom_data is empty).

Parameters:

  • attributes[in] The attributes for the new key.

  • key[out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.

Return values:

  • PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.

  • PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INVALID_ARGUMENT

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_INSUFFICIENT_STORAGE

  • PSA_ERROR_DATA_INVALID

  • PSA_ERROR_DATA_CORRUPT

  • PSA_ERROR_STORAGE_FAILURE

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, const psa_custom_key_parameters_t *custom, const uint8_t *custom_data, size_t custom_data_length, mbedtls_svc_key_id_t *key)

Generate a key or key pair using custom production parameters.

See the description of psa_generate_key() for the operation of this function with the default production parameters. In addition, this function supports the following production customizations, described in more detail in the documentation of psa_custom_key_parameters_t:

  • RSA keys: generation with a custom public exponent.

Note

This function is experimental and may change in future minor versions of Mbed TLS.

Parameters:

  • attributes[in] The attributes for the new key.

  • custom[in] Customization parameters for the key generation. When this is PSA_CUSTOM_KEY_PARAMETERS_INIT with custom_data_length = 0, this function is equivalent to psa_generate_key().

  • custom_data[in] Variable-length data associated with custom.

  • custom_data_length – Length of custom_data in bytes.

  • key[out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.

Return values:

  • PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.

  • PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INVALID_ARGUMENT

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_INSUFFICIENT_STORAGE

  • PSA_ERROR_DATA_INVALID

  • PSA_ERROR_DATA_CORRUPT

  • PSA_ERROR_STORAGE_FAILURE

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.