commit b0edfb513b2f256507650a48b35b69891f940f76
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 03 16:24:51 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Dec 11 16:48:13 2018 +0100
tree 576131bb154d21f3cd3ac8e7cdd865aa37c70c0e
parent bdf309ccdb51255a39abd1d29bbf19539263813b

Convert the PSA example programs to the new handle API

Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.

programs/psa/crypto_examples.c

diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 72c41fa..53b6b2a 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -44,10 +44,7 @@
 }
 #else
 
-/* Use key slot 1 for our cipher key. Key slot 0 is reserved as unused. */
-static const psa_key_slot_t key_slot_cipher = 1;
-
-static psa_status_t set_key_policy( psa_key_slot_t key_slot,
+static psa_status_t set_key_policy( psa_key_handle_t key_handle,
                                     psa_key_usage_t key_usage,
                                     psa_algorithm_t alg )
 {
@@ -56,7 +53,7 @@
 
     psa_key_policy_init( &policy );
     psa_key_policy_set_usage( &policy, key_usage, alg );
-    status = psa_set_key_policy( key_slot, &policy );
+    status = psa_set_key_policy( key_handle, &policy );
     ASSERT_STATUS( status, PSA_SUCCESS );
 exit:
     return( status );
@@ -98,7 +95,7 @@
     return( status );
 }
 
-static psa_status_t cipher_encrypt( psa_key_slot_t key_slot,
+static psa_status_t cipher_encrypt( psa_key_handle_t key_handle,
                                     psa_algorithm_t alg,
                                     uint8_t * iv,
                                     size_t iv_size,
@@ -114,7 +111,7 @@
     size_t iv_len = 0;
 
     memset( &operation, 0, sizeof( operation ) );
-    status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
+    status = psa_cipher_encrypt_setup( &operation, key_handle, alg );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
     status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
@@ -129,7 +126,7 @@
     return( status );
 }
 
-static psa_status_t cipher_decrypt( psa_key_slot_t key_slot,
+static psa_status_t cipher_decrypt( psa_key_handle_t key_handle,
                                     psa_algorithm_t alg,
                                     const uint8_t * iv,
                                     size_t iv_size,
@@ -144,7 +141,7 @@
     psa_cipher_operation_t operation;
 
     memset( &operation, 0, sizeof( operation ) );
-    status = psa_cipher_decrypt_setup( &operation, key_slot, alg );
+    status = psa_cipher_decrypt_setup( &operation, key_handle, alg );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
     status = psa_cipher_set_iv( &operation, iv, iv_size );
@@ -170,6 +167,7 @@
     const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
 
     psa_status_t status;
+    psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size];
     uint8_t input[block_size];
@@ -179,21 +177,24 @@
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = set_key_policy( key_slot_cipher,
+    status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+    ASSERT_STATUS( status, PSA_SUCCESS );
+
+    status = set_key_policy( key_handle,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                              alg );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
                              input, sizeof( input ), part_size,
                              encrypt, sizeof( encrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
                              encrypt, output_len, part_size,
                              decrypt, sizeof( decrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
@@ -202,7 +203,7 @@
     ASSERT_STATUS( status, PSA_SUCCESS );
 
 exit:
-    psa_destroy_key( key_slot_cipher );
+    psa_destroy_key( key_handle );
     return( status );
 }
 
@@ -218,6 +219,7 @@
     const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
 
     psa_status_t status;
+    psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size],
             encrypt[input_size + block_size], decrypt[input_size + block_size];
@@ -225,21 +227,24 @@
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = set_key_policy( key_slot_cipher,
+    status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+    ASSERT_STATUS( status, PSA_SUCCESS );
+
+    status = set_key_policy( key_handle,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                              alg );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
                              input, sizeof( input ), part_size,
                              encrypt, sizeof( encrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
                              encrypt, output_len, part_size,
                              decrypt, sizeof( decrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
@@ -248,7 +253,7 @@
     ASSERT_STATUS( status, PSA_SUCCESS );
 
 exit:
-    psa_destroy_key( key_slot_cipher );
+    psa_destroy_key( key_handle );
     return( status );
 }
 
@@ -263,6 +268,7 @@
     const psa_algorithm_t alg = PSA_ALG_CTR;
 
     psa_status_t status;
+    psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size], encrypt[input_size],
             decrypt[input_size];
@@ -270,21 +276,23 @@
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = set_key_policy( key_slot_cipher,
+    status = psa_allocate_key( PSA_KEY_TYPE_AES, key_bits, &key_handle );
+    ASSERT_STATUS( status, PSA_SUCCESS );
+    status = set_key_policy( key_handle,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                              alg );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
                              input, sizeof( input ), part_size,
                              encrypt, sizeof( encrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+    status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ),
                              encrypt, output_len, part_size,
                              decrypt, sizeof( decrypt ), &output_len );
     ASSERT_STATUS( status, PSA_SUCCESS );
@@ -293,7 +301,7 @@
     ASSERT_STATUS( status, PSA_SUCCESS );
 
 exit:
-    psa_destroy_key( key_slot_cipher );
+    psa_destroy_key( key_handle );
     return( status );
 }