Skip to content

Commit c82ed6f

Browse files
gilles-peskine-armgilles-peskine-arm
authored
Merge pull request #317 from Patater/reduce-ram-rsa
getting_started: Make it clear that keys are passed in
2 parents b14a4ff + fbdf150 commit c82ed6f

File tree

1 file changed

+16
-8
lines changed

1 file changed

+16
-8
lines changed

docs/getting_started.md

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,10 @@ with other function calls.
7272

7373
This example shows how to import a key:
7474
```C
75+
void import_a_key(const uint8_t *key, size_t key_len)
76+
{
7577
psa_status_t status;
7678
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
77-
uint8_t data[] = AES_KEY;
7879
psa_key_handle_t handle;
7980

8081
printf("Import an AES key...\t");
@@ -94,7 +95,7 @@ This example shows how to import a key:
9495
psa_set_key_bits(&attributes, 128);
9596

9697
/* Import the key */
97-
status = psa_import_key(&attributes, data, sizeof(data), &handle);
98+
status = psa_import_key(&attributes, key, key_len, &handle);
9899
if (status != PSA_SUCCESS) {
99100
printf("Failed to import key\n");
100101
return;
@@ -108,6 +109,7 @@ This example shows how to import a key:
108109
psa_destroy_key(handle);
109110

110111
mbedtls_psa_crypto_free();
112+
}
111113
```
112114
113115
### Signing a message using RSA
@@ -123,9 +125,10 @@ Mbed Crypto supports encrypting, decrypting, signing and verifying messages usin
123125
124126
This example shows how to sign a hash that has already been calculated:
125127
```C
128+
void sign_a_message_using_rsa(const uint8_t *key, size_t key_len)
129+
{
126130
psa_status_t status;
127131
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
128-
uint8_t key[] = RSA_KEY;
129132
uint8_t hash[32] = {0x50, 0xd8, 0x58, 0xe0, 0x98, 0x5e, 0xcc, 0x7f,
130133
0x60, 0x41, 0x8a, 0xaf, 0x0c, 0xc5, 0xab, 0x58,
131134
0x7f, 0x42, 0xc2, 0x57, 0x0a, 0x88, 0x40, 0x95,
@@ -151,7 +154,7 @@ This example shows how to sign a hash that has already been calculated:
151154
psa_set_key_bits(&attributes, 1024);
152155
153156
/* Import the key */
154-
status = psa_import_key(&attributes, key, sizeof(key), &handle);
157+
status = psa_import_key(&attributes, key, key_len, &handle);
155158
if (status != PSA_SUCCESS) {
156159
printf("Failed to import key\n");
157160
return;
@@ -176,6 +179,7 @@ This example shows how to sign a hash that has already been calculated:
176179
psa_destroy_key(handle);
177180
178181
mbedtls_psa_crypto_free();
182+
}
179183
```
180184

181185
### Using symmetric ciphers
@@ -196,6 +200,8 @@ Mbed Crypto supports encrypting and decrypting messages using various symmetric
196200

197201
This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all prerequisites have been fulfilled):
198202
```c
203+
void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
204+
{
199205
enum {
200206
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
201207
};
@@ -205,7 +211,6 @@ This example shows how to encrypt data using an AES (Advanced Encryption Standar
205211
uint8_t plaintext[block_size] = SOME_PLAINTEXT;
206212
uint8_t iv[block_size];
207213
size_t iv_len;
208-
uint8_t key[] = AES_KEY;
209214
uint8_t output[block_size];
210215
size_t output_len;
211216
psa_key_handle_t handle;
@@ -227,7 +232,7 @@ This example shows how to encrypt data using an AES (Advanced Encryption Standar
227232
psa_set_key_algorithm(&attributes, alg);
228233
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
229234
psa_set_key_bits(&attributes, 128);
230-
status = psa_import_key(&attributes, key, sizeof(key), &handle);
235+
status = psa_import_key(&attributes, key, key_len, &handle);
231236
if (status != PSA_SUCCESS) {
232237
printf("Failed to import a key\n");
233238
return;
@@ -266,6 +271,7 @@ This example shows how to encrypt data using an AES (Advanced Encryption Standar
266271
psa_destroy_key(handle);
267272

268273
mbedtls_psa_crypto_free();
274+
}
269275
```
270276
271277
**To decrypt a message with a symmetric cipher:**
@@ -279,6 +285,8 @@ This example shows how to encrypt data using an AES (Advanced Encryption Standar
279285
This example shows how to decrypt encrypted data using an AES key in CBC mode with no padding
280286
(assuming all prerequisites have been fulfilled):
281287
```c
288+
void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
289+
{
282290
enum {
283291
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
284292
};
@@ -288,7 +296,6 @@ This example shows how to decrypt encrypted data using an AES key in CBC mode wi
288296
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
289297
uint8_t ciphertext[block_size] = SOME_CIPHERTEXT;
290298
uint8_t iv[block_size] = ENCRYPTED_WITH_IV;
291-
uint8_t key[] = AES_KEY;
292299
uint8_t output[block_size];
293300
size_t output_len;
294301
psa_key_handle_t handle;
@@ -309,7 +316,7 @@ This example shows how to decrypt encrypted data using an AES key in CBC mode wi
309316
psa_set_key_algorithm(&attributes, alg);
310317
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
311318
psa_set_key_bits(&attributes, 128);
312-
status = psa_import_key(&attributes, key, sizeof(key), &handle);
319+
status = psa_import_key(&attributes, key, key_len, &handle);
313320
if (status != PSA_SUCCESS) {
314321
printf("Failed to import a key\n");
315322
return;
@@ -348,6 +355,7 @@ This example shows how to decrypt encrypted data using an AES key in CBC mode wi
348355
psa_destroy_key(handle);
349356
350357
mbedtls_psa_crypto_free();
358+
}
351359
```
352360

353361
#### Handling cipher operation contexts

0 commit comments

Comments
 (0)