Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.
Change the API and adapt the implementation, the units test and the
sample code accordingly.
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index db85468..7291c34 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -176,7 +176,7 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+ status = psa_allocate_key( &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = set_key_policy( key_handle,
@@ -226,7 +226,7 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+ status = psa_allocate_key( &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = set_key_policy( key_handle,
@@ -275,7 +275,7 @@
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
- status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+ status = psa_allocate_key( &key_handle );
ASSERT_STATUS( status, PSA_SUCCESS );
status = set_key_policy( key_handle,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 66f66fc..45a9b6f 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -211,9 +211,7 @@
psa_key_handle_t key_handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
- PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
- PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
- &key_handle ) );
+ PSA_CHECK( psa_allocate_key( &key_handle ) );
psa_key_policy_set_usage( &policy,
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
KDF_ALG );
@@ -263,9 +261,7 @@
SYS_CHECK( fclose( key_file ) == 0 );
key_file = NULL;
- PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
- PSA_BYTES_TO_BITS( key_size ),
- master_key_handle ) );
+ PSA_CHECK( psa_allocate_key( master_key_handle ) );
psa_key_policy_set_usage( &policy, usage, alg );
PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
PSA_CHECK( psa_import_key( *master_key_handle,
@@ -318,9 +314,7 @@
* since it is no longer needed. */
PSA_CHECK( psa_close_key( *key_handle ) );
*key_handle = 0;
- PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
- PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
- key_handle ) );
+ PSA_CHECK( psa_allocate_key( key_handle ) );
PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
/* Use the generator obtained from the parent key to create
* the next intermediate key. */
@@ -352,8 +346,7 @@
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
*wrapping_key_handle = 0;
- PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_AES, WRAPPING_KEY_BITS,
- wrapping_key_handle ) );
+ PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );