Skip to content

Commit 9c0c79e

Browse files
PataterPatater
authored
Merge pull request #19 from gilles-peskine-arm/psa-no_type_on_allocate_key
Don't require a type and size when creating a key slot
2 parents 8d4be19 + d40c1fb commit 9c0c79e

8 files changed

+104
-265
lines changed

include/psa/crypto.h

Lines changed: 10 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -124,14 +124,6 @@ psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
124124
* application calls psa_close_key() or psa_destroy_key() or until the
125125
* application terminates.
126126
*
127-
* This function takes a key type and maximum size as arguments so that
128-
* the implementation can reserve a corresponding amount of memory.
129-
* Implementations are not required to enforce this limit: if the application
130-
* later tries to create a larger key or a key of a different type, it
131-
* is implementation-defined whether this may succeed.
132-
*
133-
* \param type The type of key that the slot will contain.
134-
* \param max_bits The maximum key size that the slot will contain.
135127
* \param[out] handle On success, a handle to a volatile key slot.
136128
*
137129
* \retval #PSA_SUCCESS
@@ -140,13 +132,8 @@ psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
140132
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
141133
* There was not enough memory, or the maximum number of key slots
142134
* has been reached.
143-
* \retval #PSA_ERROR_INVALID_ARGUMENT
144-
* This implementation does not support this key type.
145135
*/
146-
147-
psa_status_t psa_allocate_key(psa_key_type_t type,
148-
size_t max_bits,
149-
psa_key_handle_t *handle);
136+
psa_status_t psa_allocate_key(psa_key_handle_t *handle);
150137

151138
/** Open a handle to an existing persistent key.
152139
*
@@ -192,8 +179,6 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
192179
* area where the key material is stored. This must not
193180
* be #PSA_KEY_LIFETIME_VOLATILE.
194181
* \param id The persistent identifier of the key.
195-
* \param type The type of key that the slot will contain.
196-
* \param max_bits The maximum key size that the slot will contain.
197182
* \param[out] handle On success, a handle to the newly created key slot.
198183
* When key material is later created in this key slot,
199184
* it will be saved to the specified persistent location.
@@ -218,8 +203,6 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
218203
*/
219204
psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
220205
psa_key_id_t id,
221-
psa_key_type_t type,
222-
size_t max_bits,
223206
psa_key_handle_t *handle);
224207

225208
/** Close a key handle.
@@ -261,11 +244,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
261244
* according to a different format.
262245
*
263246
* \param handle Handle to the slot where the key will be stored.
264-
* This must be a valid slot for a key of the chosen
265-
* type: it must have been obtained by calling
266-
* psa_allocate_key() or psa_create_key() with the
267-
* correct \p type and with a maximum size that is
268-
* compatible with \p data.
247+
* It must have been obtained by calling
248+
* psa_allocate_key() or psa_create_key() and must
249+
* not contain key material yet.
269250
* \param type Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
270251
* import, the key slot will contain a key of this type.
271252
* \param[in] data Buffer containing the key data. The content of this
@@ -2005,12 +1986,9 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
20051986
* the key material is not exposed outside the isolation boundary.
20061987
*
20071988
* \param handle Handle to the slot where the key will be stored.
2008-
* This must be a valid slot for a key of the chosen
2009-
* type: it must have been obtained by calling
2010-
* psa_allocate_key() or psa_create_key() with the
2011-
* correct \p type and with a maximum size that is
2012-
* compatible with \p bits.
2013-
* It must not contain any key material yet.
1989+
* It must have been obtained by calling
1990+
* psa_allocate_key() or psa_create_key() and must
1991+
* not contain key material yet.
20141992
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
20151993
* This must be a symmetric key type.
20161994
* \param bits Key size in bits.
@@ -2232,12 +2210,9 @@ typedef struct {
22322210
* \brief Generate a key or key pair.
22332211
*
22342212
* \param handle Handle to the slot where the key will be stored.
2235-
* This must be a valid slot for a key of the chosen
2236-
* type: it must have been obtained by calling
2237-
* psa_allocate_key() or psa_create_key() with the
2238-
* correct \p type and with a maximum size that is
2239-
* compatible with \p bits.
2240-
* It must not contain any key material yet.
2213+
* It must have been obtained by calling
2214+
* psa_allocate_key() or psa_create_key() and must
2215+
* not contain key material yet.
22412216
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
22422217
* \param bits Key size in bits.
22432218
* \param[in] extra Extra parameters for key generation. The

library/psa_crypto_slot_management.c

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -142,13 +142,8 @@ static psa_status_t psa_internal_release_key_slot( psa_key_handle_t handle )
142142
return( psa_wipe_key_slot( slot ) );
143143
}
144144

145-
psa_status_t psa_allocate_key( psa_key_type_t type,
146-
size_t max_bits,
147-
psa_key_handle_t *handle )
145+
psa_status_t psa_allocate_key( psa_key_handle_t *handle )
148146
{
149-
/* This implementation doesn't reserve memory for the keys. */
150-
(void) type;
151-
(void) max_bits;
152147
*handle = 0;
153148
return( psa_internal_allocate_key_slot( handle ) );
154149
}
@@ -259,16 +254,10 @@ psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
259254

260255
psa_status_t psa_create_key( psa_key_lifetime_t lifetime,
261256
psa_key_id_t id,
262-
psa_key_type_t type,
263-
size_t max_bits,
264257
psa_key_handle_t *handle )
265258
{
266259
psa_status_t status;
267260

268-
/* This implementation doesn't reserve memory for the keys. */
269-
(void) type;
270-
(void) max_bits;
271-
272261
status = persistent_key_setup( lifetime, id, handle,
273262
PSA_ERROR_EMPTY_SLOT );
274263
switch( status )

programs/psa/crypto_examples.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
176176
status = psa_generate_random( input, sizeof( input ) );
177177
ASSERT_STATUS( status, PSA_SUCCESS );
178178

179-
status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
179+
status = psa_allocate_key( &key_handle );
180180
ASSERT_STATUS( status, PSA_SUCCESS );
181181

182182
status = set_key_policy( key_handle,
@@ -226,7 +226,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
226226
status = psa_generate_random( input, sizeof( input ) );
227227
ASSERT_STATUS( status, PSA_SUCCESS );
228228

229-
status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
229+
status = psa_allocate_key( &key_handle );
230230
ASSERT_STATUS( status, PSA_SUCCESS );
231231

232232
status = set_key_policy( key_handle,
@@ -275,7 +275,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
275275
status = psa_generate_random( input, sizeof( input ) );
276276
ASSERT_STATUS( status, PSA_SUCCESS );
277277

278-
status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
278+
status = psa_allocate_key( &key_handle );
279279
ASSERT_STATUS( status, PSA_SUCCESS );
280280
status = set_key_policy( key_handle,
281281
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,

programs/psa/key_ladder_demo.c

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -211,9 +211,7 @@ static psa_status_t generate( const char *key_file_name )
211211
psa_key_handle_t key_handle = 0;
212212
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
213213

214-
PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
215-
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
216-
&key_handle ) );
214+
PSA_CHECK( psa_allocate_key( &key_handle ) );
217215
psa_key_policy_set_usage( &policy,
218216
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
219217
KDF_ALG );
@@ -263,9 +261,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
263261
SYS_CHECK( fclose( key_file ) == 0 );
264262
key_file = NULL;
265263

266-
PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
267-
PSA_BYTES_TO_BITS( key_size ),
268-
master_key_handle ) );
264+
PSA_CHECK( psa_allocate_key( master_key_handle ) );
269265
psa_key_policy_set_usage( &policy, usage, alg );
270266
PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
271267
PSA_CHECK( psa_import_key( *master_key_handle,
@@ -318,9 +314,7 @@ static psa_status_t derive_key_ladder( const char *ladder[],
318314
* since it is no longer needed. */
319315
PSA_CHECK( psa_close_key( *key_handle ) );
320316
*key_handle = 0;
321-
PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE,
322-
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
323-
key_handle ) );
317+
PSA_CHECK( psa_allocate_key( key_handle ) );
324318
PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
325319
/* Use the generator obtained from the parent key to create
326320
* the next intermediate key. */
@@ -352,8 +346,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
352346
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
353347

354348
*wrapping_key_handle = 0;
355-
PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_AES, WRAPPING_KEY_BITS,
356-
wrapping_key_handle ) );
349+
PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
357350
psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
358351
PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
359352

0 commit comments

Comments
 (0)