mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 19:45:37 +01:00
Update getting_started.md
This commit is contained in:
parent
0058ab61e7
commit
94113dbff3
@ -190,11 +190,11 @@ Mbed Crypto supports encrypting and decrypting messages using various symmetric
|
|||||||
1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
|
1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
|
||||||
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
|
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
|
||||||
1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be used.
|
1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be used.
|
||||||
1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV). We recommended calling `psa_cipher_generate_iv()`, unless you require a specific IV value.
|
1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV). We recommend calling `psa_cipher_generate_iv()`, unless you require a specific IV value.
|
||||||
1. Call `psa_cipher_update()` one or more times, passing the whole message or a fragment of the message on each call.
|
1. Call `psa_cipher_update()` one or more times, passing the whole message or a fragment of the message on each call.
|
||||||
1. Call `psa_cipher_finish()` to end the operation and output the encrypted message.
|
1. Call `psa_cipher_finish()` to end the operation and output the encrypted message.
|
||||||
|
|
||||||
This example shows how to encrypt data using an Advanced Encryption Standard (AES) key in Cipher Block Chaining (CBC) mode with no padding (assuming all prerequisites have been fulfilled):
|
This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Cipher Block Chaining)) mode with no padding (assuming all prerequisites have been fulfilled):
|
||||||
```c
|
```c
|
||||||
enum {
|
enum {
|
||||||
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
|
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
|
||||||
@ -548,7 +548,7 @@ information about which inputs to pass when, and when you can obtain which outpu
|
|||||||
(for example `PSA_ALG_HKDF(PSA_ALG_SHA_256)`).
|
(for example `PSA_ALG_HKDF(PSA_ALG_SHA_256)`).
|
||||||
|
|
||||||
**To derive a new AES-CTR 128-bit encryption key into a given key slot using HKDF
|
**To derive a new AES-CTR 128-bit encryption key into a given key slot using HKDF
|
||||||
with a given key, salt and information:**
|
with a given key, salt and `info`:**
|
||||||
|
|
||||||
1. Set up the key derivation context using the `psa_key_derivation_setup()`
|
1. Set up the key derivation context using the `psa_key_derivation_setup()`
|
||||||
function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
|
function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
|
||||||
@ -563,7 +563,7 @@ function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
|
|||||||
1. Clean up the key derivation context.
|
1. Clean up the key derivation context.
|
||||||
|
|
||||||
At this point, the derived key slot holds a new 128-bit AES-CTR encryption key
|
At this point, the derived key slot holds a new 128-bit AES-CTR encryption key
|
||||||
derived from the key, salt and information provided:
|
derived from the key, salt and `info` provided:
|
||||||
```C
|
```C
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
@ -828,9 +828,7 @@ Mbed Crypto provides a simple way to generate a key or key pair.
|
|||||||
**To generate an ECDSA key:**
|
**To generate an ECDSA key:**
|
||||||
1. Set the desired key attributes for key generation by calling
|
1. Set the desired key attributes for key generation by calling
|
||||||
`psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
|
`psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
|
||||||
`PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). Do not set
|
`PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the public key, not the key pair (or private key); therefore, do not set `PSA_KEY_USAGE_EXPORT`.
|
||||||
`PSA_KEY_USAGE_EXPORT`; we only want to export the public key, not the key
|
|
||||||
pair (or private key).
|
|
||||||
1. Generate a key by calling `psa_generate_key()`.
|
1. Generate a key by calling `psa_generate_key()`.
|
||||||
1. Export the generated public key by calling `psa_export_public_key()`:
|
1. Export the generated public key by calling `psa_export_public_key()`:
|
||||||
```C
|
```C
|
||||||
@ -884,4 +882,4 @@ Mbed Crypto provides a simple way to generate a key or key pair.
|
|||||||
|
|
||||||
### More about the Mbed Crypto API
|
### More about the Mbed Crypto API
|
||||||
|
|
||||||
For more information about PSA Crypto, download the *PSA Cryptography API* PDF under [PSA APIs](https://developer.arm.com/architectures/security-architectures/platform-security-architecture#implement).
|
For more information about the PSA Crypto API, please see the [PSA Cryptography API Specification](https://armmbed.github.io/mbed-crypto/html/index.html).
|
||||||
|
Loading…
Reference in New Issue
Block a user