Group random

group random

Functions

psa_status_t psa_generate_random(uint8_t *output, size_t output_size)

Generate random bytes.

Note

To generate a key, use psa_generate_key() instead.

Warning

This function can fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not PSA_SUCCESS.

Parameters

  • output[out] Output buffer for the generated data.

  • output_size – Number of bytes to generate and output.

Return values

  • PSA_SUCCESS

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)

Generate a key or key pair.

The key is generated randomly. Its location, usage policy, type and size are taken from attributes.

Implementations must reject an attempt to generate a key of size 0.

The following type-specific considerations apply:

  • For RSA keys (PSA_KEY_TYPE_RSA_KEY_PAIR), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.

Note

This function is equivalent to calling psa_generate_key_ext() with the production parameters PSA_KEY_PRODUCTION_PARAMETERS_INIT and params_data_length == 0 (i.e. params->data is empty).

Parameters

  • attributes[in] The attributes for the new key.

  • key[out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.

Return values

  • PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.

  • PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INVALID_ARGUMENT

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_INSUFFICIENT_STORAGE

  • PSA_ERROR_DATA_INVALID

  • PSA_ERROR_DATA_CORRUPT

  • PSA_ERROR_STORAGE_FAILURE

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.

psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key)

Generate a key or key pair using custom production parameters.

See the description of psa_generate_key() for the operation of this function with the default production parameters. In addition, this function supports the following production customizations, described in more detail in the documentation of psa_key_production_parameters_t:

  • RSA keys: generation with a custom public exponent.

Note

This function is experimental and may change in future minor versions of Mbed TLS.

Parameters

  • attributes[in] The attributes for the new key.

  • params[in] Customization parameters for the key generation. When this is PSA_KEY_PRODUCTION_PARAMETERS_INIT with params_data_length = 0, this function is equivalent to psa_generate_key().

  • params_data_length – Length of params->data in bytes.

  • key[out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in attributes. 0 on failure.

Return values

  • PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.

  • PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.

  • PSA_ERROR_NOT_SUPPORTED

  • PSA_ERROR_INVALID_ARGUMENT

  • PSA_ERROR_INSUFFICIENT_MEMORY

  • PSA_ERROR_INSUFFICIENT_ENTROPY

  • PSA_ERROR_COMMUNICATION_FAILURE

  • PSA_ERROR_HARDWARE_FAILURE

  • PSA_ERROR_CORRUPTION_DETECTED

  • PSA_ERROR_INSUFFICIENT_STORAGE

  • PSA_ERROR_DATA_INVALID

  • PSA_ERROR_DATA_CORRUPT

  • PSA_ERROR_STORAGE_FAILURE

  • PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.