Group random
- group random
Functions
-
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)
Generate random bytes.
Note
To generate a key, use psa_generate_key() instead.
Warning
This function can fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not PSA_SUCCESS.
- Parameters
output – [out] Output buffer for the generated data.
output_size – Number of bytes to generate and output.
- Return values
PSA_SUCCESS –
PSA_ERROR_NOT_SUPPORTED –
PSA_ERROR_INSUFFICIENT_ENTROPY –
PSA_ERROR_INSUFFICIENT_MEMORY –
PSA_ERROR_COMMUNICATION_FAILURE –
PSA_ERROR_HARDWARE_FAILURE –
PSA_ERROR_CORRUPTION_DETECTED –
PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.
-
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)
Generate a key or key pair.
The key is generated randomly. Its location, usage policy, type and size are taken from
attributes
.Implementations must reject an attempt to generate a key of size 0.
The following type-specific considerations apply:
For RSA keys (PSA_KEY_TYPE_RSA_KEY_PAIR), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.
Note
This function is equivalent to calling psa_generate_key_ext() with the production parameters PSA_KEY_PRODUCTION_PARAMETERS_INIT and
params_data_length == 0
(i.e.params->data
is empty).- Parameters
attributes – [in] The attributes for the new key.
key – [out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in
attributes
.0
on failure.
- Return values
PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.
PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
PSA_ERROR_NOT_SUPPORTED –
PSA_ERROR_INVALID_ARGUMENT –
PSA_ERROR_INSUFFICIENT_MEMORY –
PSA_ERROR_INSUFFICIENT_ENTROPY –
PSA_ERROR_COMMUNICATION_FAILURE –
PSA_ERROR_HARDWARE_FAILURE –
PSA_ERROR_CORRUPTION_DETECTED –
PSA_ERROR_INSUFFICIENT_STORAGE –
PSA_ERROR_DATA_INVALID –
PSA_ERROR_DATA_CORRUPT –
PSA_ERROR_STORAGE_FAILURE –
PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.
-
psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key)
Generate a key or key pair using custom production parameters.
See the description of psa_generate_key() for the operation of this function with the default production parameters. In addition, this function supports the following production customizations, described in more detail in the documentation of psa_key_production_parameters_t:
RSA keys: generation with a custom public exponent.
Note
This function is experimental and may change in future minor versions of Mbed TLS.
- Parameters
attributes – [in] The attributes for the new key.
params – [in] Customization parameters for the key generation. When this is PSA_KEY_PRODUCTION_PARAMETERS_INIT with
params_data_length
= 0, this function is equivalent to psa_generate_key().params_data_length – Length of
params->data
in bytes.key – [out] On success, an identifier for the newly created key. For persistent keys, this is the key identifier defined in
attributes
.0
on failure.
- Return values
PSA_SUCCESS – Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.
PSA_ERROR_ALREADY_EXISTS – This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
PSA_ERROR_NOT_SUPPORTED –
PSA_ERROR_INVALID_ARGUMENT –
PSA_ERROR_INSUFFICIENT_MEMORY –
PSA_ERROR_INSUFFICIENT_ENTROPY –
PSA_ERROR_COMMUNICATION_FAILURE –
PSA_ERROR_HARDWARE_FAILURE –
PSA_ERROR_CORRUPTION_DETECTED –
PSA_ERROR_INSUFFICIENT_STORAGE –
PSA_ERROR_DATA_INVALID –
PSA_ERROR_DATA_CORRUPT –
PSA_ERROR_STORAGE_FAILURE –
PSA_ERROR_BAD_STATE – The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.
-
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)