Update key_ladder_demo to the current key derivation API

2025-03-24 22:25:11 +00:00 · 2019-05-29 14:30:27 +02:00 · 2019-05-29 14:30:27 +02:00 · 4e2cc5353c
parent 343067e0d1
commit 4e2cc5353c
1 changed files with 34 additions and 31 deletions
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@ -63,27 +63,25 @@
 #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
 #include <psa/crypto.h>
 /* If the build options we need are not enabled, compile a placeholder. */
 #if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) ||     \
    !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) ||       \
    !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) ||\
-    !defined(PSA_PRE_1_0_KEY_DERIVATION)
+    defined(PSA_PRE_1_0_KEY_DERIVATION)
 int main( void )
 {
    printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
           "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
           "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO and/or "
-           "PSA_PRE_1_0_KEY_DERIVATION not defined.\n");
+           "not defined and/or PSA_PRE_1_0_KEY_DERIVATION defined.\n");
    return( 0 );
 }
 #else
 /* The real program starts here. */
 #include <psa/crypto.h>
 /* Run a system function and bail out if it fails. */
 #define SYS_CHECK( expr )                                       \
    do                                                          \
@ -281,7 +279,7 @@ static psa_status_t derive_key_ladder( const char *ladder[],
 {
    psa_status_t status = PSA_SUCCESS;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
    size_t i;
    psa_set_key_usage_flags( &attributes,
@ -295,26 +293,28 @@ static psa_status_t derive_key_ladder( const char *ladder[],
    {
        /* Start deriving material from the master key (if i=0) or from
         * the current intermediate key (if i>0). */
-        PSA_CHECK( psa_key_derivation(
+        PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
-                       &generator,
+        PSA_CHECK( psa_key_derivation_input_bytes(
-                       *key_handle,
+                       &operation, PSA_KEY_DERIVATION_INPUT_SALT,
-                       KDF_ALG,
+                       DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
-                       DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH,
+        PSA_CHECK( psa_key_derivation_input_key(
-                       (uint8_t*) ladder[i], strlen( ladder[i] ),
+                       &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
-                       KEY_SIZE_BYTES ) );
+                       *key_handle ) );
        PSA_CHECK( psa_key_derivation_input_bytes(
                       &operation, PSA_KEY_DERIVATION_INPUT_INFO,
                       (uint8_t*) ladder[i], strlen( ladder[i] ) ) );
        /* When the parent key is not the master key, destroy it,
         * since it is no longer needed. */
        PSA_CHECK( psa_close_key( *key_handle ) );
        *key_handle = 0;
-        /* Use the generator obtained from the parent key to create
+        /* Derive the next intermediate key from the parent key. */
-         * the next intermediate key. */
+        PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
-        PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator,
+                                                  key_handle ) );
-                                             key_handle ) );
+        PSA_CHECK( psa_key_derivation_abort( &operation ) );
        PSA_CHECK( psa_key_derivation_abort( &generator ) );
    }
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
    if( status != PSA_SUCCESS )
    {
        psa_close_key( *key_handle );
@ -330,7 +330,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
 {
    psa_status_t status = PSA_SUCCESS;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
    *wrapping_key_handle = 0;
    psa_set_key_usage_flags( &attributes, usage );
@ -338,18 +338,21 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
    psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
-    PSA_CHECK( psa_key_derivation(
+    PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
-                   &generator,
+    PSA_CHECK( psa_key_derivation_input_bytes(
-                   derived_key_handle,
+                   &operation, PSA_KEY_DERIVATION_INPUT_SALT,
-                   KDF_ALG,
+                   WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
-                   WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
+    PSA_CHECK( psa_key_derivation_input_key(
-                   NULL, 0,
+                   &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
-                   PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
+                   derived_key_handle ) );
-    PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator,
+    PSA_CHECK( psa_key_derivation_input_bytes(
-                                         wrapping_key_handle ) );
+                   &operation, PSA_KEY_DERIVATION_INPUT_INFO,
                   NULL, 0 ) );
    PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
                                              wrapping_key_handle ) );
 exit:
-    psa_key_derivation_abort( &generator );
+    psa_key_derivation_abort( &operation );
    if( status != PSA_SUCCESS )
    {
        psa_close_key( *wrapping_key_handle );