Support key derivation with non-predefined capacity
psa_key_derivation requires the caller to specify a maximum capacity.
This commit adds a special value that indicates that the maximum
capacity should be the maximum supported by the algorithm. This is
currently meant only for selection algorithms used on the shared
secret produced by a key agreement.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 515e65f..8059ab9 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3122,6 +3122,15 @@
*/
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
+/** Use the maximum possible capacity for a generator.
+ *
+ * Use this value as the capacity argument when setting up a generator
+ * to indicate that the generator should have the maximum possible capacity.
+ * The value of the maximum possible capacity depends on the generator
+ * algorithm.
+ */
+#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
+
/**@}*/
/** \defgroup derivation Key derivation
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2025523..3c1cec9 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3539,6 +3539,8 @@
if( capacity <= max_capacity )
generator->capacity = capacity;
+ else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
+ generator->capacity = max_capacity;
else
return( PSA_ERROR_INVALID_ARGUMENT );