commit 71a4c9125b8d4df9151ee849ffb3511906b46818
author Janos Follath <janos.follath@arm.com> Tue Jun 11 09:14:47 2019 +0100
committer Janos Follath <janos.follath@arm.com> Wed Jun 26 09:15:08 2019 +0100
tree 20badebc3378961386be01c44f59c5d9acec57ad
parent ed87d31d7d07fec5ddedc8afb19975e50d29a911

Add flag for removing deprecated API

Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not
turned on, then the function `psa_key_derivation()` is removed.

Most of the tests regarding key derivation haven't been adapted to the
new API yet and some of them have only been adapted partially. When this
new option is turned off, the tests using the old API and test cases
using the old API of partially adapted tests are skipped.

The sole purpose of this option is to make the transition to the new API
smoother. Once the transition is complete it can and should be removed
along with the old API and its implementation.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d45a852..bf425df 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4311,6 +4311,7 @@
 /****************************************************************/
 
 #if defined(MBEDTLS_MD_C)
+#if defined(PSA_PRE_1_0_KEY_DERIVATION)
 /* Set up an HKDF-based operation. This is exactly the extract phase
  * of the HKDF algorithm.
  *
@@ -4354,9 +4355,11 @@
     hkdf->info_set = 1;
     return( PSA_SUCCESS );
 }
+#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_MD_C)
+#if defined(PSA_PRE_1_0_KEY_DERIVATION)
 /* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
  *
  * Note that if this function fails, you must call psa_key_derivation_abort()
@@ -4413,7 +4416,9 @@
 
     return( PSA_SUCCESS );
 }
+#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 
+#if defined(PSA_PRE_1_0_KEY_DERIVATION)
 /* Set up a TLS-1.2-PSK-to-MS-based operation. */
 static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
     psa_tls12_prf_key_derivation_t *tls12_prf,
@@ -4454,8 +4459,10 @@
     mbedtls_platform_zeroize( pms, sizeof( pms ) );
     return( status );
 }
+#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 #endif /* MBEDTLS_MD_C */
 
+#if defined(PSA_PRE_1_0_KEY_DERIVATION)
 /* Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
@@ -4554,7 +4561,9 @@
 
     return( PSA_SUCCESS );
 }
+#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 
+#if defined(PSA_PRE_1_0_KEY_DERIVATION)
 psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
                                  psa_key_handle_t handle,
                                  psa_algorithm_t alg,
@@ -4594,6 +4603,7 @@
         psa_key_derivation_abort( operation );
     return( status );
 }
+#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 
 static psa_status_t psa_key_derivation_setup_kdf(
     psa_key_derivation_operation_t *operation,