|
42 | 42 | int wc_SlhDsaKey_Init(SlhDsaKey* key, enum SlhDsaParam param, |
43 | 43 | void* heap, int devId); |
44 | 44 |
|
| 45 | +/*! |
| 46 | + \ingroup SLH_DSA |
| 47 | +
|
| 48 | + \brief Initializes an SLH-DSA key with a device-side key identifier (id). |
| 49 | + Equivalent to wc_SlhDsaKey_Init() but also stashes a binary id that a |
| 50 | + crypto callback can use to look up the underlying key material on the |
| 51 | + device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID. |
| 52 | +
|
| 53 | + The id is copied into the key object; the caller may free its buffer |
| 54 | + immediately after this call returns. |
| 55 | +
|
| 56 | + \return 0 on success. |
| 57 | + \return BAD_FUNC_ARG if key is NULL, or if id is NULL while len > 0. |
| 58 | + \return BUFFER_E if len is negative or greater than SLHDSA_MAX_ID_LEN. |
| 59 | +
|
| 60 | + \param [in,out] key Pointer to the SlhDsaKey to initialize. |
| 61 | + \param [in] param Parameter set to use (see wc_SlhDsaKey_Init). |
| 62 | + \param [in] id Pointer to the device-side key identifier bytes. May be |
| 63 | + NULL if len is 0. |
| 64 | + \param [in] len Number of bytes in id. Must be in [0, SLHDSA_MAX_ID_LEN]. |
| 65 | + \param [in] heap Pointer to heap hint for dynamic memory allocation. |
| 66 | + May be NULL. |
| 67 | + \param [in] devId Device identifier for the crypto callback. Should be |
| 68 | + a registered cb devId, not INVALID_DEVID, for the id to be meaningful. |
| 69 | +
|
| 70 | + _Example_ |
| 71 | + \code |
| 72 | + SlhDsaKey key; |
| 73 | + unsigned char id[8] = { 0x01, 0x02, 0x03, 0x04, |
| 74 | + 0x05, 0x06, 0x07, 0x08 }; |
| 75 | + int ret; |
| 76 | +
|
| 77 | + ret = wc_SlhDsaKey_Init_id(&key, SLHDSA_SHAKE128F, id, sizeof(id), |
| 78 | + NULL, devId); |
| 79 | + if (ret != 0) { |
| 80 | + // error initializing key with id |
| 81 | + } |
| 82 | + // ... use key, the cb resolves id -> device key ... |
| 83 | + wc_SlhDsaKey_Free(&key); |
| 84 | + \endcode |
| 85 | +
|
| 86 | + \sa wc_SlhDsaKey_Init |
| 87 | + \sa wc_SlhDsaKey_Init_label |
| 88 | + \sa wc_SlhDsaKey_Free |
| 89 | +*/ |
| 90 | +int wc_SlhDsaKey_Init_id(SlhDsaKey* key, enum SlhDsaParam param, |
| 91 | + const unsigned char* id, int len, void* heap, int devId); |
| 92 | + |
| 93 | +/*! |
| 94 | + \ingroup SLH_DSA |
| 95 | +
|
| 96 | + \brief Initializes an SLH-DSA key with a device-side key label. |
| 97 | + Equivalent to wc_SlhDsaKey_Init() but also stashes a label string that |
| 98 | + a crypto callback can use to look up the underlying key material on |
| 99 | + the device. Only available when wolfSSL is built with |
| 100 | + WOLF_PRIVATE_KEY_ID. |
| 101 | +
|
| 102 | + The label length is taken via XSTRLEN, so embedded NUL bytes terminate |
| 103 | + the label. The copy stored in key->label is NOT guaranteed to be |
| 104 | + NUL-terminated (when the input is exactly SLHDSA_MAX_LABEL_LEN bytes |
| 105 | + the entire array is consumed). Consumers must read at most |
| 106 | + key->labelLen bytes — do not pass key->label to C-string APIs. |
| 107 | +
|
| 108 | + \return 0 on success. |
| 109 | + \return BAD_FUNC_ARG if key or label is NULL. |
| 110 | + \return BUFFER_E if label is empty or longer than SLHDSA_MAX_LABEL_LEN. |
| 111 | +
|
| 112 | + \param [in,out] key Pointer to the SlhDsaKey to initialize. |
| 113 | + \param [in] param Parameter set to use (see wc_SlhDsaKey_Init). |
| 114 | + \param [in] label NUL-terminated device-side key label string. |
| 115 | + \param [in] heap Pointer to heap hint for dynamic memory allocation. |
| 116 | + May be NULL. |
| 117 | + \param [in] devId Device identifier for the crypto callback. Should be |
| 118 | + a registered cb devId, not INVALID_DEVID, for the label to be |
| 119 | + meaningful. |
| 120 | +
|
| 121 | + _Example_ |
| 122 | + \code |
| 123 | + SlhDsaKey key; |
| 124 | + int ret; |
| 125 | +
|
| 126 | + ret = wc_SlhDsaKey_Init_label(&key, SLHDSA_SHAKE128F, |
| 127 | + "device-key-1", NULL, devId); |
| 128 | + if (ret != 0) { |
| 129 | + // error initializing key with label |
| 130 | + } |
| 131 | + // ... use key, the cb resolves label -> device key ... |
| 132 | + wc_SlhDsaKey_Free(&key); |
| 133 | + \endcode |
| 134 | +
|
| 135 | + \sa wc_SlhDsaKey_Init |
| 136 | + \sa wc_SlhDsaKey_Init_id |
| 137 | + \sa wc_SlhDsaKey_Free |
| 138 | +*/ |
| 139 | +int wc_SlhDsaKey_Init_label(SlhDsaKey* key, enum SlhDsaParam param, |
| 140 | + const char* label, void* heap, int devId); |
| 141 | + |
45 | 142 | /*! |
46 | 143 | \ingroup SLH_DSA |
47 | 144 |
|
|
0 commit comments