mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:25:49 +01:00
Improve description of PSA_KEY_USAGE_COPY
Be more clear about when EXPORT is also required.
This commit is contained in:
parent
c160d9ec83
commit
d6a8f5f1b5
@ -852,12 +852,13 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
|
|||||||
*
|
*
|
||||||
* The policy on the source key must have the usage flag
|
* The policy on the source key must have the usage flag
|
||||||
* #PSA_KEY_USAGE_COPY set.
|
* #PSA_KEY_USAGE_COPY set.
|
||||||
* In addition, some lifetimes also require the source key to have the
|
* This flag is sufficient to permit the copy if the key has the lifetime
|
||||||
* usage flag #PSA_KEY_USAGE_EXPORT, because otherwise the source key
|
* #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
|
||||||
* is locked inside a secure processing environment and cannot be
|
* Some secure elements do not provide a way to copy a key without
|
||||||
* extracted. For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
|
* making it extractable from the secure element. If a key is located
|
||||||
* #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
|
* in such a secure element, then the key must have both usage flags
|
||||||
* is sufficient to permit the copy.
|
* #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
|
||||||
|
* a copy of the key outside the secure element.
|
||||||
*
|
*
|
||||||
* The resulting key may only be used in a way that conforms to
|
* The resulting key may only be used in a way that conforms to
|
||||||
* both the policy of the original key and the policy specified in
|
* both the policy of the original key and the policy specified in
|
||||||
|
@ -1461,13 +1461,15 @@
|
|||||||
|
|
||||||
/** Whether the key may be copied.
|
/** Whether the key may be copied.
|
||||||
*
|
*
|
||||||
* This flag allows the use of psa_crypto_copy() to make a copy of the key
|
* This flag allows the use of psa_copy_key() to make a copy of the key
|
||||||
* with the same policy or a more restrictive policy.
|
* with the same policy or a more restrictive policy.
|
||||||
*
|
*
|
||||||
* For some lifetimes, copying a key also requires the usage flag
|
* For lifetimes for which the key is located in a secure element which
|
||||||
* #PSA_KEY_USAGE_EXPORT, because otherwise the source key
|
* enforce the non-exportability of keys, copying a key outside the secure
|
||||||
* is locked inside a secure processing environment and cannot be
|
* element also requires the usage flag #PSA_KEY_USAGE_EXPORT.
|
||||||
* extracted. For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
|
* Copying the key inside the secure element is permitted with just
|
||||||
|
* #PSA_KEY_USAGE_COPY if the secure element supports it.
|
||||||
|
* For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
|
||||||
* #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
|
* #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
|
||||||
* is sufficient to permit the copy.
|
* is sufficient to permit the copy.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user