Remove experimental, superseded function psa_generate_key_ext
Remove the experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), which require a flexible array member
and therefore break C++ code that includes Mbed TLS headers. They have been
replaced by psa_generate_key_custom() and
psa_key_derivation_output_key_custom().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt
index 1695be1..3fc1bd7 100644
--- a/ChangeLog.d/psa_generate_key_custom.txt
+++ b/ChangeLog.d/psa_generate_key_custom.txt
@@ -1,14 +1,9 @@
API changes
* The experimental functions psa_generate_key_ext() and
- psa_key_derivation_output_key_ext() are no longer declared when compiling
- in C++. This resolves a build failure under C++ compilers that do not
- support flexible array members (a C99 feature not adopted by C++).
- Fixes #9020.
-
-New deprecations
- * The experimental functions psa_generate_key_ext() and
- psa_key_derivation_output_key_ext() are deprecated in favor of
+ psa_key_derivation_output_key_ext() have been replaced by
psa_generate_key_custom() and psa_key_derivation_output_key_custom().
They have almost exactly the same interface, but the variable-length
data is passed in a separate parameter instead of a flexible array
- member.
+ member. This resolves a build failure under C++ compilers that do not
+ support flexible array members (a C99 feature not adopted by C++).
+ Fixes #9020.
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index 1a5658d..0ad4196 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -6484,20 +6484,6 @@
return status;
}
-psa_status_t psa_key_derivation_output_key_ext(
- const psa_key_attributes_t *attributes,
- psa_key_derivation_operation_t *operation,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key)
-{
- return psa_key_derivation_output_key_custom(
- attributes, operation,
- (const psa_custom_key_parameters_t *) params,
- params->data, params_data_length,
- key);
-}
-
psa_status_t psa_key_derivation_output_key(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
@@ -8032,18 +8018,6 @@
return status;
}
-psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key)
-{
- return psa_generate_key_custom(
- attributes,
- (const psa_custom_key_parameters_t *) params,
- params->data, params_data_length,
- key);
-}
-
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t *key)
{
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index 16dd038..917e533 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -3839,88 +3839,6 @@
size_t custom_data_length,
mbedtls_svc_key_id_t *key);
-#ifndef __cplusplus
-/* Omitted when compiling in C++, because one of the parameters is a
- * pointer to a struct with a flexible array member, and that is not
- * standard C++.
- * https://github.com/Mbed-TLS/mbedtls/issues/9020
- */
-/** Derive a key from an ongoing key derivation operation with custom
- * production parameters.
- *
- * \note
- * This is a deprecated variant of psa_key_derivation_output_key_custom().
- * It is equivalent except that the associated variable-length data
- * is passed in `params->data` instead of a separate parameter.
- * This function will be removed in a future version of Mbed TLS.
- *
- * \param[in] attributes The attributes for the new key.
- * If the key type to be created is
- * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
- * the policy must be the same as in the current
- * operation.
- * \param[in,out] operation The key derivation operation object to read from.
- * \param[in] params Customization parameters for the key derivation.
- * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * with \p params_data_length = 0,
- * this function is equivalent to
- * psa_key_derivation_output_key().
- * Mbed TLS currently only supports the default
- * production parameters, i.e.
- * #PSA_KEY_PRODUCTION_PARAMETERS_INIT,
- * for all key types.
- * \param params_data_length
- * Length of `params->data` in bytes.
- * \param[out] key On success, an identifier for the newly created
- * key. For persistent keys, this is the key
- * identifier defined in \p attributes.
- * \c 0 on failure.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * If the key is persistent, the key material and the key's metadata
- * have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * This is an attempt to create a persistent key, and there is
- * already a persistent key with the given identifier.
- * \retval #PSA_ERROR_INSUFFICIENT_DATA
- * There was not enough data to create the desired key.
- * Note that in this case, no output is written to the output buffer.
- * The operation's capacity is set to 0, thus subsequent calls to
- * this function will not succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * The key type or key size is not supported, either by the
- * implementation in general or in this particular location.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The provided key attributes are not valid for the operation.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The #PSA_KEY_DERIVATION_INPUT_SECRET or
- * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
- * key; or one of the inputs was a key whose policy didn't allow
- * #PSA_KEY_USAGE_DERIVE.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps), or the library has not been previously
- * initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_key_derivation_output_key_ext(
- const psa_key_attributes_t *attributes,
- psa_key_derivation_operation_t *operation,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key);
-#endif /* !__cplusplus */
-
/** Compare output data from a key derivation operation to an expected value.
*
* This function calculates output bytes from a key derivation algorithm and
@@ -4267,63 +4185,6 @@
size_t custom_data_length,
mbedtls_svc_key_id_t *key);
-#ifndef __cplusplus
-/* Omitted when compiling in C++, because one of the parameters is a
- * pointer to a struct with a flexible array member, and that is not
- * standard C++.
- * https://github.com/Mbed-TLS/mbedtls/issues/9020
- */
-/**
- * \brief Generate a key or key pair using custom production parameters.
- *
- * \note
- * This is a deprecated variant of psa_key_derivation_output_key_custom().
- * It is equivalent except that the associated variable-length data
- * is passed in `params->data` instead of a separate parameter.
- * This function will be removed in a future version of Mbed TLS.
- *
- * \param[in] attributes The attributes for the new key.
- * \param[in] params Customization parameters for the key generation.
- * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * with \p params_data_length = 0,
- * this function is equivalent to
- * psa_generate_key().
- * \param params_data_length
- * Length of `params->data` in bytes.
- * \param[out] key On success, an identifier for the newly created
- * key. For persistent keys, this is the key
- * identifier defined in \p attributes.
- * \c 0 on failure.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * If the key is persistent, the key material and the key's metadata
- * have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * This is an attempt to create a persistent key, and there is
- * already a persistent key with the given identifier.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key);
-#endif /* !__cplusplus */
-
/**@}*/
/** \defgroup interruptible_hash Interruptible sign/verify hash
diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
index 362e921..eabc2f4 100644
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@@ -237,34 +237,6 @@
*/
#define PSA_CUSTOM_KEY_PARAMETERS_INIT { 0 }
-#ifndef __cplusplus
-/* Omitted when compiling in C++, because one of the parameters is a
- * pointer to a struct with a flexible array member, and that is not
- * standard C++.
- * https://github.com/Mbed-TLS/mbedtls/issues/9020
- */
-/* This is a deprecated variant of `struct psa_custom_key_parameters_s`.
- * It has exactly the same layout, plus an extra field which is a flexible
- * array member. Thus a `const struct psa_key_production_parameters_s *`
- * can be passed to any function that reads a
- * `const struct psa_custom_key_parameters_s *`.
- */
-struct psa_key_production_parameters_s {
- uint32_t flags;
- uint8_t data[];
-};
-
-/** The default production parameters for key generation or key derivation.
- *
- * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext()
- * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and
- * `params_data_length == 0` is equivalent to
- * calling psa_generate_key() or psa_key_derivation_output_key()
- * respectively.
- */
-#define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 }
-#endif /* !__cplusplus */
-
struct psa_key_policy_s {
psa_key_usage_t MBEDTLS_PRIVATE(usage);
psa_algorithm_t MBEDTLS_PRIVATE(alg);
diff --git a/tf-psa-crypto/include/psa/crypto_types.h b/tf-psa-crypto/include/psa/crypto_types.h
index f831486..bb857ab 100644
--- a/tf-psa-crypto/include/psa/crypto_types.h
+++ b/tf-psa-crypto/include/psa/crypto_types.h
@@ -479,30 +479,6 @@
*/
typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t;
-/** \brief Custom parameters for key generation or key derivation.
- *
- * This is a structure type with at least the following fields:
- *
- * - \c flags: an unsigned integer type. 0 for the default production parameters.
- * - \c data: a flexible array of bytes.
- *
- * The interpretation of this structure depend on the type of the
- * created key.
- *
- * - #PSA_KEY_TYPE_RSA_KEY_PAIR:
- * - \c flags: must be 0.
- * - \c data: the public exponent, in little-endian order.
- * This must be an odd integer and must not be 1.
- * Implementations must support 65537, should support 3 and may
- * support other values.
- * When not using a driver, Mbed TLS supports values up to \c INT_MAX.
- * If this is empty or if the custom production parameters are omitted
- * altogether, the default value 65537 is used.
- * - Other key types: reserved for future use. \c flags must be 0.
- *
- */
-typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
-
/**@}*/
#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index 4149fdb..eb84bc5 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -6947,18 +6947,6 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
-PSA key derivation: default params -> AES-128
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
-
-PSA key derivation: params.flags=1 -> AES-128
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:""
-
-PSA key derivation: params.data non-empty -> AES-128
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
-
PSA key derivation: invalid type (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
@@ -7609,30 +7597,6 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
-PSA generate key ext: RSA, params.flags=1
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
-
-PSA generate key ext: RSA, empty e
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS
-
-PSA generate key ext: RSA, e=513
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS
-
-PSA generate key ext: ECC, flags=0
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS
-
-PSA generate key ext: ECC, flags=1
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT
-
-PSA generate key ext: ECC, params.data non-empty
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
-
PSA concurrent key generation: bad type (RSA public key)
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD
concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5
@@ -7777,9 +7741,6 @@
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD
concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5
-Key production parameters initializers
-key_production_parameters_init:
-
PSA import persistent key: raw data, 8 bits
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index 7f47f27..f6503f7 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -1312,30 +1312,6 @@
}
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-static int setup_key_production_parameters(
- psa_key_production_parameters_t **params, size_t *params_data_length,
- int flags_arg, const data_t *params_data)
-{
- *params_data_length = params_data->len;
- /* If there are N bytes of padding at the end of
- * psa_key_production_parameters_t, then it's enough to allocate
- * MIN(sizeof(psa_key_production_parameters_t),
- * offsetof(psa_key_production_parameters_t, data) + params_data_length).
- *
- * For simplicity, here, we allocate up to N more bytes than necessary.
- * In practice, the current layout of psa_key_production_parameters_t
- * makes padding extremely unlikely, so we don't worry about testing
- * that the library code doesn't try to access these extra N bytes.
- */
- *params = mbedtls_calloc(1, sizeof(**params) + *params_data_length);
- TEST_ASSERT(*params != NULL);
- (*params)->flags = (uint32_t) flags_arg;
- memcpy((*params)->data, params_data->x, params_data->len);
- return 1;
-exit:
- return 0;
-}
-
#if defined(MBEDTLS_THREADING_PTHREAD)
typedef struct same_key_context {
@@ -9663,81 +9639,6 @@
/* END_CASE */
/* BEGIN_CASE */
-void derive_key_ext(int alg_arg,
- data_t *key_data,
- data_t *input1,
- data_t *input2,
- int key_type_arg, int bits_arg,
- int flags_arg,
- data_t *params_data,
- psa_status_t expected_status,
- data_t *expected_export)
-{
- mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
- mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
- const psa_algorithm_t alg = alg_arg;
- const psa_key_type_t key_type = key_type_arg;
- const size_t bits = bits_arg;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length = 0;
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- const size_t export_buffer_size =
- PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
- uint8_t *export_buffer = NULL;
- psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
- size_t export_length;
-
- TEST_CALLOC(export_buffer, export_buffer_size);
- PSA_ASSERT(psa_crypto_init());
-
- psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
- psa_set_key_algorithm(&base_attributes, alg);
- psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
- PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len,
- &base_key));
-
- if (mbedtls_test_psa_setup_key_derivation_wrap(
- &operation, base_key, alg,
- input1->x, input1->len,
- input2->x, input2->len,
- PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) {
- goto exit;
- }
-
- psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT);
- psa_set_key_algorithm(&derived_attributes, 0);
- psa_set_key_type(&derived_attributes, key_type);
- psa_set_key_bits(&derived_attributes, bits);
- if (!setup_key_production_parameters(¶ms, ¶ms_data_length,
- flags_arg, params_data)) {
- goto exit;
- }
-
- TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation,
- params, params_data_length,
- &derived_key),
- expected_status);
-
- if (expected_status == PSA_SUCCESS) {
- PSA_ASSERT(psa_export_key(derived_key,
- export_buffer, export_buffer_size,
- &export_length));
- TEST_MEMORY_COMPARE(export_buffer, export_length,
- expected_export->x, expected_export->len);
- }
-
-exit:
- mbedtls_free(export_buffer);
- mbedtls_free(params);
- psa_key_derivation_abort(&operation);
- psa_destroy_key(base_key);
- psa_destroy_key(derived_key);
- PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void derive_key(int alg_arg,
data_t *key_data, data_t *input1, data_t *input2,
int type_arg, int bits_arg,
@@ -10288,88 +10189,6 @@
}
/* END_CASE */
-/* BEGIN_CASE */
-void generate_key_ext(int type_arg,
- int bits_arg,
- int usage_arg,
- int alg_arg,
- int flags_arg,
- data_t *params_data,
- int expected_status_arg)
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t type = type_arg;
- psa_key_usage_t usage = usage_arg;
- size_t bits = bits_arg;
- psa_algorithm_t alg = alg_arg;
- psa_status_t expected_status = expected_status_arg;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length = 0;
- psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- PSA_ASSERT(psa_crypto_init());
-
- psa_set_key_usage_flags(&attributes, usage);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, type);
- psa_set_key_bits(&attributes, bits);
-
- if (!setup_key_production_parameters(¶ms, ¶ms_data_length,
- flags_arg, params_data)) {
- goto exit;
- }
-
- /* Generate a key */
- psa_status_t status = psa_generate_key_ext(&attributes,
- params, params_data_length,
- &key);
-
- TEST_EQUAL(status, expected_status);
- if (expected_status != PSA_SUCCESS) {
- goto exit;
- }
-
- /* Test the key information */
- PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
- TEST_EQUAL(psa_get_key_type(&got_attributes), type);
- TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- TEST_ASSERT(rsa_test_e(key, bits, params_data));
- }
-#endif
-
- /* Do something with the key according to its type and permitted usage. */
- if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) {
- goto exit;
- }
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&got_attributes);
- mbedtls_free(params);
- psa_destroy_key(key);
- PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void key_production_parameters_init()
-{
- psa_key_production_parameters_t init = PSA_KEY_PRODUCTION_PARAMETERS_INIT;
- psa_key_production_parameters_t zero;
- memset(&zero, 0, sizeof(zero));
-
- TEST_EQUAL(init.flags, 0);
- TEST_EQUAL(zero.flags, 0);
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void persistent_key_load_key_from_storage(data_t *data,
int type_arg, int bits_arg,