From fcf659b12d5d79186e7ba2447673b252d20fa693 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:25:00 +0000
Subject: [PATCH 1/8] PSA: Adapt PK test suite to modified key slot allocation
 mechanism

---
 tests/suites/test_suite_pk.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 47d72d0d0..a5edb25fe 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -84,7 +84,7 @@ psa_key_handle_t pk_psa_genkey( void )
     psa_key_policy_t policy;
 
     /* Allocate a key slot */
-    if( PSA_SUCCESS != psa_allocate_key( type, bits, &key ) )
+    if( PSA_SUCCESS != psa_allocate_key( &key ) )
         return( PK_PSA_INVALID_SLOT );
 
     /* set up policy on key slot */

From a814ae6f92335f3d7ee3b103152310a7d835651e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:25:16 +0000
Subject: [PATCH 2/8] PSA: Adapt PK test suite to new key policy initialization
 API

---
 tests/suites/test_suite_pk.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index a5edb25fe..120c1716b 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -88,7 +88,7 @@ psa_key_handle_t pk_psa_genkey( void )
         return( PK_PSA_INVALID_SLOT );
 
     /* set up policy on key slot */
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
                                       PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
     if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )

From d74dfc29846dcba30a98c48b67336085104460ee Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:26:01 +0000
Subject: [PATCH 3/8] PSA: Adapt ssl_client2 to modified key slot allocation
 API

---
 programs/ssl/ssl_client2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a8c16dc53..32db46455 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1594,7 +1594,7 @@ int main( int argc, char *argv[] )
     if( opt.psk_opaque != 0 )
     {
         /* The algorithm has already been determined earlier. */
-        status = psa_allocate_key( PSA_KEY_TYPE_DERIVE, psk_len * 8, &slot );
+        status = psa_allocate_key( &slot );
         if( status != PSA_SUCCESS )
         {
             ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;

From 2261a0ff5224235894254d0359e1ffa6bd7de89c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:26:26 +0000
Subject: [PATCH 4/8] PSA: Adapt ssl_client2 to new key policy initialization
 API

---
 programs/ssl/ssl_client2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 32db46455..fe369239e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1601,7 +1601,7 @@ int main( int argc, char *argv[] )
             goto exit;
         }
 
-        psa_key_policy_init( &policy );
+        policy = psa_key_policy_init();
         psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
 
         status = psa_set_key_policy( slot, &policy );

From f3adecf4794074d513acb5cf2992bfce40872f3f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:27:01 +0000
Subject: [PATCH 5/8] PSA: Adapt ssl_server2 to hew key policy initialization
 API

---
 programs/ssl/ssl_server2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8b3b9cd2b..545ccd64c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1239,7 +1239,7 @@ static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
     psa_status_t status;
     psa_key_policy_t policy;
 
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
 
     status = psa_set_key_policy( slot, &policy );

From 330b9a458624f139d9b804e24ff16ebe2bcf8a81 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:27:15 +0000
Subject: [PATCH 6/8] PSA: Adapt ssl_server2 to modified key allocation API

---
 programs/ssl/ssl_server2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 545ccd64c..479075361 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2667,7 +2667,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         if( opt.psk_opaque != 0 )
         {
-            status = psa_allocate_key( PSA_KEY_TYPE_DERIVE, psk_len * 8, &psk_slot );
+            status = psa_allocate_key( &psk_slot );
             if( status != PSA_SUCCESS )
             {
                 fprintf( stderr, "ALLOC FAIL\n" );
@@ -2711,7 +2711,7 @@ int main( int argc, char *argv[] )
             psk_entry *cur_psk;
             for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
             {
-                status = psa_allocate_key( PSA_KEY_TYPE_DERIVE, cur_psk->key_len * 8, &cur_psk->slot );
+                status = psa_allocate_key( &cur_psk->slot );
                 if( status != PSA_SUCCESS )
                 {
                     ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;

From 242da1e2c29eb209dcf75d7219031b4386f5328f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:29:12 +0000
Subject: [PATCH 7/8] PSA: Adapt cipher.c, pk.c, pk_wrap.c to new key slot
 allocation API

---
 library/cipher.c  | 2 +-
 library/pk.c      | 2 +-
 library/pk_wrap.c | 4 +---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/library/cipher.c b/library/cipher.c
index 03c0e0667..b2cffcd38 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -308,7 +308,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
             return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 
         /* Allocate a key slot to use. */
-        status = psa_allocate_key( key_type, key_bitlen, &cipher_psa->slot );
+        status = psa_allocate_key( &cipher_psa->slot );
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
 
diff --git a/library/pk.c b/library/pk.c
index 024dcdcb1..e25a5f21f 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -576,7 +576,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
                                  mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
 
     /* allocate a key slot */
-    if( PSA_SUCCESS != psa_allocate_key( key_type, d_len * 8, &key ) )
+    if( PSA_SUCCESS != psa_allocate_key( &key ) )
         return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
     /* set policy */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 08550d4c4..ea678a667 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -577,9 +577,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
     psa_sig_md = PSA_ALG_ECDSA( psa_md );
     psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
 
-    if( ( ret = psa_allocate_key( psa_type,
-                                  MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE(curve),
-                                  &key_slot ) ) != PSA_SUCCESS )
+    if( ( ret = psa_allocate_key( &key_slot ) ) != PSA_SUCCESS )
           return( mbedtls_psa_err_translate_pk( ret ) );
 
     psa_key_policy_init( &policy );

From 2169a5e54ded734f7844af1a16c39b993c2a992c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 25 Jan 2019 14:29:33 +0000
Subject: [PATCH 8/8] PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy
 init API

---
 library/cipher.c  | 2 +-
 library/pk.c      | 2 +-
 library/pk_wrap.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/cipher.c b/library/cipher.c
index b2cffcd38..16037fb05 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -322,7 +322,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
          * mbedtls_cipher_free() needs to be called in any case. */
 
         /* Setup policy for the new key slot. */
-        psa_key_policy_init( &key_policy );
+        key_policy = psa_key_policy_init();
 
         /* Mbed TLS' cipher layer doesn't enforce the mode of operation
          * (encrypt vs. decrypt): it is possible to setup a key for encryption
diff --git a/library/pk.c b/library/pk.c
index e25a5f21f..72f09ac2f 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -580,7 +580,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
         return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
     /* set policy */
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
                                        PSA_ALG_ECDSA(hash_alg) );
     if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index ea678a667..7f8abd488 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -580,7 +580,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
     if( ( ret = psa_allocate_key( &key_slot ) ) != PSA_SUCCESS )
           return( mbedtls_psa_err_translate_pk( ret ) );
 
-    psa_key_policy_init( &policy );
+    policy = psa_key_policy_init();
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
     if( ( ret = psa_set_key_policy( key_slot, &policy ) ) != PSA_SUCCESS )
     {