Remove psa_pake_get/set_key_share() functions
The main purpose of psa_pake_get_key_share() is to provide a more
straightforward and convenient call flow for regular PAKEs. Most PAKEs
have a single key share and need a flow like this:
op=PSA_PAKE_OPERATION_INIT;
psa_pake_setup();
psa_pake_get_key_share();
psa_pake_set_key_share();
psa_pake_get_implicit_key();
Adding psa_pake_get/set_key_share() functions cuts out the
psa_pake_data_t constants from the users vision, hiding complexity that
exists only for unrelated PAKEs that aren't relevant for the user.
This comes with the cost of the two additional API functions that we need
to maintain.
Since the current stream of work focuses on enabling J-PAKE, there are
no benefits to these functions for now.
Once algorithms that can benefit from this simplification are added,
adding back these functions can be reconsidered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 4a6b06c..1e8c9fe 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1986,7 +1986,7 @@
*
* The key exchange flow for JPAKE is as follows:
* -# To get the first round data that needs to be sent to the peer, call
- * psa_pake_get_key_share(operation, ...);
+ * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...);
* psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...);
* psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...);
* psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...);
@@ -1994,7 +1994,7 @@
* psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...);
* -# To provide the first round data received from the peer to the operation,
* call
- * psa_pake_set_key_share(operation, ...);
+ * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...);
* psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...);
* psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...);
* psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...);