Slightly simplify derive_wrapping_key
No error can arise after the wrapping key is created, so remove the
corresponding cleanup code.
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 800896f..91e5178 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -333,11 +333,9 @@
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
*wrapping_key_handle = 0;
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, WRAPPING_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
+ /* Set up a key derivation operation from the key derived from
+ * the master key. */
PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
@@ -348,16 +346,17 @@
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
+
+ /* Create the wrapping key. */
+ psa_set_key_usage_flags( &attributes, usage );
+ psa_set_key_algorithm( &attributes, WRAPPING_ALG );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
wrapping_key_handle ) );
exit:
psa_key_derivation_abort( &operation );
- if( status != PSA_SUCCESS )
- {
- psa_close_key( *wrapping_key_handle );
- *wrapping_key_handle = 0;
- }
return( status );
}