pk: completely remove mbedtls_pk_wrap_as_opaque
Remove instead of deprecating it.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index fff1912..ff80290 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -1213,38 +1213,6 @@
const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Turn an EC or RSA key into an opaque one.
- *
- * \warning This function is deprecated and will be removed in a
- * future version of the library.
- * To wrap a key into an opaque one the following functions
- * should be used instead:
- * - mbedtls_pk_get_psa_attributes()
- * - mbedtls_pk_import_into_psa()
- * - mbedtls_pk_setup_opaque().
- *
- * \param pk Input: the EC or RSA key to import to a PSA key.
- * Output: a PK context wrapping that PSA key.
- * \param key Output: a PSA key identifier.
- * It's the caller's responsibility to call
- * psa_destroy_key() on that key identifier after calling
- * mbedtls_pk_free() on the PK context.
- * \param alg The algorithm to allow for use with that key.
- * \param usage The usage to allow for use with that key.
- * \param alg2 The secondary algorithm to allow for use with that key.
- *
- * \return \c 0 if successful.
- * \return An Mbed TLS error code otherwise.
- */
-MBEDTLS_DEPRECATED mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
- mbedtls_svc_key_id_t *key,
- psa_algorithm_t alg,
- psa_key_usage_t usage,
- psa_algorithm_t alg2);
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
-
#ifdef __cplusplus
}
#endif
diff --git a/library/pk.c b/library/pk.c
index 322cd58..7aee940 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -1357,124 +1357,4 @@
return ctx->pk_info->type;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Load the key to a PSA key slot,
- * then turn the PK context into a wrapper for that key slot.
- *
- * Currently only works for EC & RSA private keys.
- */
-MBEDTLS_DEPRECATED int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
- mbedtls_svc_key_id_t *key,
- psa_algorithm_t alg,
- psa_key_usage_t usage,
- psa_algorithm_t alg2)
-{
-#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
- ((void) pk);
- ((void) key);
- ((void) alg);
- ((void) usage);
- ((void) alg2);
-#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
- size_t d_len;
- psa_ecc_family_t curve_id;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- size_t bits;
- psa_status_t status;
-
- /* export the private key material in the format PSA wants */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
- status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len);
- if (status != PSA_SUCCESS) {
- return psa_pk_status_to_mbedtls(status);
- }
-
- curve_id = pk->ec_family;
- bits = pk->ec_bits;
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
- unsigned char d[MBEDTLS_ECP_MAX_BYTES];
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
- if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
- return ret;
- }
-
- curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
-
- /* prepare the key attributes */
- psa_set_key_type(&attributes, key_type);
- psa_set_key_bits(&attributes, bits);
- psa_set_key_usage_flags(&attributes, usage);
- psa_set_key_algorithm(&attributes, alg);
- if (alg2 != PSA_ALG_NONE) {
- psa_set_key_enrollment_algorithm(&attributes, alg2);
- }
-
- /* import private key into PSA */
- status = psa_import_key(&attributes, d, d_len, key);
- mbedtls_platform_zeroize(d, sizeof(d));
- if (status != PSA_SUCCESS) {
- return PSA_PK_TO_MBEDTLS_ERR(status);
- }
-
- /* make PK context wrap the key slot */
- mbedtls_pk_free(pk);
- mbedtls_pk_init(pk);
-
- return mbedtls_pk_setup_opaque(pk, *key);
- } else
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
- unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- int key_len;
- psa_status_t status;
-
- /* export the private key material in the format PSA wants */
- key_len = mbedtls_pk_write_key_der(pk, buf, sizeof(buf));
- if (key_len <= 0) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- /* prepare the key attributes */
- psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
- psa_set_key_bits(&attributes, mbedtls_pk_get_bitlen(pk));
- psa_set_key_usage_flags(&attributes, usage);
- psa_set_key_algorithm(&attributes, alg);
- if (alg2 != PSA_ALG_NONE) {
- psa_set_key_enrollment_algorithm(&attributes, alg2);
- }
-
- /* import private key into PSA */
- status = psa_import_key(&attributes,
- buf + sizeof(buf) - key_len,
- key_len, key);
-
- mbedtls_platform_zeroize(buf, sizeof(buf));
-
- if (status != PSA_SUCCESS) {
- return PSA_PK_TO_MBEDTLS_ERR(status);
- }
-
- /* make PK context wrap the key slot */
- mbedtls_pk_free(pk);
- mbedtls_pk_init(pk);
-
- return mbedtls_pk_setup_opaque(pk, *key);
- } else
-#endif /* MBEDTLS_RSA_C */
-#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
- return MBEDTLS_ERR_PK_TYPE_MISMATCH;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_PK_C */