Slightly simplify derive_wrapping_key

No error can arise after the wrapping key is created, so remove the
corresponding cleanup code.
This commit is contained in:
Gilles Peskine 2019-05-29 14:33:00 +02:00 committed by Janos Follath
parent 4e2cc5353c
commit 2a38e2477a

View file

@ -333,11 +333,9 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
*wrapping_key_handle = 0; *wrapping_key_handle = 0;
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, WRAPPING_ALG );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
/* Set up a key derivation operation from the key derived from
* the master key. */
PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) ); PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
PSA_CHECK( psa_key_derivation_input_bytes( PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT, &operation, PSA_KEY_DERIVATION_INPUT_SALT,
@ -348,16 +346,17 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
PSA_CHECK( psa_key_derivation_input_bytes( PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO, &operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) ); NULL, 0 ) );
/* Create the wrapping key. */
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, WRAPPING_ALG );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
wrapping_key_handle ) ); wrapping_key_handle ) );
exit: exit:
psa_key_derivation_abort( &operation ); psa_key_derivation_abort( &operation );
if( status != PSA_SUCCESS )
{
psa_close_key( *wrapping_key_handle );
*wrapping_key_handle = 0;
}
return( status ); return( status );
} }