Remove psa_pake_get/set_key_share() functions
The main purpose of psa_pake_get_key_share() is to provide a more
straightforward and convenient call flow for regular PAKEs. Most PAKEs
have a single key share and need a flow like this:
op=PSA_PAKE_OPERATION_INIT;
psa_pake_setup();
psa_pake_get_key_share();
psa_pake_set_key_share();
psa_pake_get_implicit_key();
Adding psa_pake_get/set_key_share() functions cuts out the
psa_pake_data_t constants from the users vision, hiding complexity that
exists only for unrelated PAKEs that aren't relevant for the user.
This comes with the cost of the two additional API functions that we need
to maintain.
Since the current stream of work focuses on enabling J-PAKE, there are
no benefits to these functions for now.
Once algorithms that can benefit from this simplification are added,
adding back these functions can be reconsidered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 8497b14..482ff68 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -1132,26 +1132,6 @@
#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
-/** A sufficient output buffer size for psa_pake_get_key_share().
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_pake_get_key_share() will not fail due to an
- * insufficient ciphertext buffer size. The actual size of the output might be
- * smaller in any given call.
- *
- * See also #PSA_PAKE_OUTPUT_MAX_SIZE
- *
- * \param alg A PAKE algorithm (PSA_ALG_XXX value such that
- * #PSA_ALG_IS_PAKE(\p alg) is true).
- * \param cipher_suite A cipher suite that is compatible with algorithm \p alg.
- * \return A sufficient key share buffer size for the specified
- * cipher suite and algorithm. If the cipher suite or PAKE
- * algorithm is not recognized, or the parameters are
- * incompatible, return 0.
- */
-#define PSA_PAKE_KEY_SHARE_SIZE(alg, cipher_suite) \
- (PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, PSA_PAKE_DATA_KEY_SHARE)
-
/** A sufficient output buffer size for psa_pake_output().
*
* If the size of the ciphertext buffer is at least this large, it is
@@ -1172,8 +1152,8 @@
*/
#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output)
-/** Output buffer size for psa_pake_output() and psa_pake_get_key_share(),
- * for any of the supported cipher suites and PAKE algorithms.
+/** Output buffer size for psa_pake_output() for any of the supported cipher
+ * suites and PAKE algorithms.
*
* This macro must expand to a compile-time constant integer.
*