Use the attribute-based key creation interface in sample programs

programs/psa/crypto_examples.c

@@ -39,20 +39,6 @@ int main( void )
 }
 #else
 
-static psa_status_t set_key_policy( psa_key_handle_t key_handle,
-                                    psa_key_usage_t key_usage,
-                                    psa_algorithm_t alg )
-{
-    psa_status_t status;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-
-    psa_key_policy_set_usage( &policy, key_usage, alg );
-    status = psa_set_key_policy( key_handle, &policy );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-exit:
-    return( status );
-}
-
 static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
                                       const uint8_t * input,
                                       size_t input_size,
@@ -161,6 +147,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
     const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size];
@@ -171,15 +158,12 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_allocate_key( &key_handle );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
 
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-
-    status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( &attributes, &key_handle, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
@@ -213,6 +197,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
     const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size],
@@ -224,12 +209,12 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
     status = psa_allocate_key( &key_handle );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
 
-    status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( &attributes, &key_handle, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
@@ -262,6 +247,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
     const psa_algorithm_t alg = PSA_ALG_CTR;
 
     psa_status_t status;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_handle_t key_handle = 0;
     size_t output_len = 0;
     uint8_t iv[block_size], input[input_size], encrypt[input_size],
@@ -270,14 +256,12 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
     status = psa_generate_random( input, sizeof( input ) );
     ASSERT_STATUS( status, PSA_SUCCESS );
 
-    status = psa_allocate_key( &key_handle );
-    ASSERT_STATUS( status, PSA_SUCCESS );
-    status = set_key_policy( key_handle,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
-                             alg );
-    ASSERT_STATUS( status, PSA_SUCCESS );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
 
-    status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
+    status = psa_generate_key( &attributes, &key_handle, key_bits,
                                NULL, 0 );
     ASSERT_STATUS( status, PSA_SUCCESS );
 

programs/psa/key_ladder_demo.c

@@ -200,16 +200,14 @@ static psa_status_t generate( const char *key_file_name )
 {
     psa_status_t status = PSA_SUCCESS;
     psa_key_handle_t key_handle = 0;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    PSA_CHECK( psa_allocate_key( &key_handle ) );
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
-                              KDF_ALG );
-    PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, KDF_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
 
-    PSA_CHECK( psa_generate_key_to_handle( key_handle,
-                                 PSA_KEY_TYPE_DERIVE,
+    PSA_CHECK( psa_generate_key( &attributes, &key_handle,
                                  PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
                                  NULL, 0 ) );
 
@@ -231,7 +229,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
                                           psa_key_handle_t *master_key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     uint8_t key_data[KEY_SIZE_BYTES];
     size_t key_size;
     FILE *key_file = NULL;
@@ -252,11 +250,10 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
     SYS_CHECK( fclose( key_file ) == 0 );
     key_file = NULL;
 
-    PSA_CHECK( psa_allocate_key( master_key_handle ) );
-    psa_key_policy_set_usage( &policy, usage, alg );
-    PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
-    PSA_CHECK( psa_import_key_to_handle( *master_key_handle,
-                               PSA_KEY_TYPE_DERIVE,
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, alg );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
+    PSA_CHECK( psa_import_key( &attributes, master_key_handle,
                                key_data, key_size ) );
 exit:
     if( key_file != NULL )
@@ -282,12 +279,14 @@ static psa_status_t derive_key_ladder( const char *ladder[],
                                        psa_key_handle_t *key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
     size_t i;
-    psa_key_policy_set_usage( &policy,
-                              PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
-                              KDF_ALG );
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+    psa_set_key_algorithm( &attributes, KDF_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
 
     /* For each label in turn, ... */
     for( i = 0; i < ladder_depth; i++ )
@@ -305,13 +304,10 @@ static psa_status_t derive_key_ladder( const char *ladder[],
          * since it is no longer needed. */
         PSA_CHECK( psa_close_key( *key_handle ) );
         *key_handle = 0;
-        PSA_CHECK( psa_allocate_key( key_handle ) );
-        PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
         /* Use the generator obtained from the parent key to create
          * the next intermediate key. */
-        PSA_CHECK( psa_generator_import_key_to_handle(
-                       *key_handle,
-                       PSA_KEY_TYPE_DERIVE,
+        PSA_CHECK( psa_generator_import_key(
+                       &attributes, key_handle,
                        PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
                        &generator ) );
         PSA_CHECK( psa_generator_abort( &generator ) );
@@ -333,13 +329,13 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
                                          psa_key_handle_t *wrapping_key_handle )
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
 
     *wrapping_key_handle = 0;
-    PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
-    psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
-    PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
+    psa_set_key_usage_flags( &attributes, usage );
+    psa_set_key_algorithm( &attributes, WRAPPING_ALG );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
 
     PSA_CHECK( psa_key_derivation(
                    &generator,
@@ -348,9 +344,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
                    WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
                    NULL, 0,
                    PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
-    PSA_CHECK( psa_generator_import_key_to_handle(
-                   *wrapping_key_handle,
-                   PSA_KEY_TYPE_AES,
+    PSA_CHECK( psa_generator_import_key( &attributes, wrapping_key_handle,
                    WRAPPING_KEY_BITS,
                    &generator ) );