commit d40c1fbd50858c92380229efac2491fda9d35e81
author Gilles Peskine <Gilles.Peskine@arm.com> Sat Jan 19 12:20:52 2019 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Sat Jan 19 12:20:52 2019 +0100
tree 7b1dc20e7d5a24e30efe69a72e2baaad7bba54f5
parent 8d4be19517e4c549a1706650c5ec8d59d44a8f98

Don't require a type and size when creating a key slot

Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.

include/psa/crypto.h

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 683feb8..705462e 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -124,14 +124,6 @@
  * application calls psa_close_key() or psa_destroy_key() or until the
  * application terminates.
  *
- * This function takes a key type and maximum size as arguments so that
- * the implementation can reserve a corresponding amount of memory.
- * Implementations are not required to enforce this limit: if the application
- * later tries to create a larger key or a key of a different type, it
- * is implementation-defined whether this may succeed.
- *
- * \param type          The type of key that the slot will contain.
- * \param max_bits      The maximum key size that the slot will contain.
  * \param[out] handle   On success, a handle to a volatile key slot.
  *
  * \retval #PSA_SUCCESS
@@ -140,13 +132,8 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  *         There was not enough memory, or the maximum number of key slots
  *         has been reached.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         This implementation does not support this key type.
  */
-
-psa_status_t psa_allocate_key(psa_key_type_t type,
-                              size_t max_bits,
-                              psa_key_handle_t *handle);
+psa_status_t psa_allocate_key(psa_key_handle_t *handle);
 
 /** Open a handle to an existing persistent key.
  *
@@ -192,8 +179,6 @@
  *                      area where the key material is stored. This must not
  *                      be #PSA_KEY_LIFETIME_VOLATILE.
  * \param id            The persistent identifier of the key.
- * \param type          The type of key that the slot will contain.
- * \param max_bits      The maximum key size that the slot will contain.
  * \param[out] handle   On success, a handle to the newly created key slot.
  *                      When key material is later created in this key slot,
  *                      it will be saved to the specified persistent location.
@@ -218,8 +203,6 @@
  */
 psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
                             psa_key_id_t id,
-                            psa_key_type_t type,
-                            size_t max_bits,
                             psa_key_handle_t *handle);
 
 /** Close a key handle.
@@ -261,11 +244,9 @@
  * according to a different format.
  *
  * \param handle      Handle to the slot where the key will be stored.
- *                    This must be a valid slot for a key of the chosen
- *                    type: it must have been obtained by calling
- *                    psa_allocate_key() or psa_create_key() with the
- *                    correct \p type and with a maximum size that is
- *                    compatible with \p data.
+ *                    It must have been obtained by calling
+ *                    psa_allocate_key() or psa_create_key() and must
+ *                    not contain key material yet.
  * \param type        Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
  *                    import, the key slot will contain a key of this type.
  * \param[in] data    Buffer containing the key data. The content of this
@@ -2005,12 +1986,9 @@
  * the key material is not exposed outside the isolation boundary.
  *
  * \param handle            Handle to the slot where the key will be stored.
- *                          This must be a valid slot for a key of the chosen
- *                          type: it must have been obtained by calling
- *                          psa_allocate_key() or psa_create_key() with the
- *                          correct \p type and with a maximum size that is
- *                          compatible with \p bits.
- *                          It must not contain any key material yet.
+ *                          It must have been obtained by calling
+ *                          psa_allocate_key() or psa_create_key() and must
+ *                          not contain key material yet.
  * \param type              Key type (a \c PSA_KEY_TYPE_XXX value).
  *                          This must be a symmetric key type.
  * \param bits              Key size in bits.
@@ -2232,12 +2210,9 @@
  * \brief Generate a key or key pair.
  *
  * \param handle            Handle to the slot where the key will be stored.
- *                          This must be a valid slot for a key of the chosen
- *                          type: it must have been obtained by calling
- *                          psa_allocate_key() or psa_create_key() with the
- *                          correct \p type and with a maximum size that is
- *                          compatible with \p bits.
- *                          It must not contain any key material yet.
+ *                          It must have been obtained by calling
+ *                          psa_allocate_key() or psa_create_key() and must
+ *                          not contain key material yet.
  * \param type              Key type (a \c PSA_KEY_TYPE_XXX value).
  * \param bits              Key size in bits.
  * \param[in] extra         Extra parameters for key generation. The