Use the attribute-based key creation interface in sample programs
This commit is contained in:
parent
ff5f0e7221
commit
dfea0a2510
2 changed files with 42 additions and 64 deletions
|
@ -39,20 +39,6 @@ int main( void )
|
|||
}
|
||||
#else
|
||||
|
||||
static psa_status_t set_key_policy( psa_key_handle_t key_handle,
|
||||
psa_key_usage_t key_usage,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
|
||||
psa_key_policy_set_usage( &policy, key_usage, alg );
|
||||
status = psa_set_key_policy( key_handle, &policy );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
exit:
|
||||
return( status );
|
||||
}
|
||||
|
||||
static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
|
||||
const uint8_t * input,
|
||||
size_t input_size,
|
||||
|
@ -161,6 +147,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
|
|||
const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size];
|
||||
|
@ -171,15 +158,12 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
|
|||
status = psa_generate_random( input, sizeof( input ) );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
status = psa_generate_key( &attributes, &key_handle, key_bits,
|
||||
NULL, 0 );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
|
@ -213,6 +197,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
|
|||
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size], input[input_size],
|
||||
|
@ -224,12 +209,12 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
|
|||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
|
||||
status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
status = psa_generate_key( &attributes, &key_handle, key_bits,
|
||||
NULL, 0 );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
|
@ -262,6 +247,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
|
|||
const psa_algorithm_t alg = PSA_ALG_CTR;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size], input[input_size], encrypt[input_size],
|
||||
|
@ -270,14 +256,12 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
|
|||
status = psa_generate_random( input, sizeof( input ) );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
|
||||
status = psa_generate_key_to_handle( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
status = psa_generate_key( &attributes, &key_handle, key_bits,
|
||||
NULL, 0 );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
|
|
|
@ -200,16 +200,14 @@ static psa_status_t generate( const char *key_file_name )
|
|||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_CHECK( psa_allocate_key( &key_handle ) );
|
||||
psa_key_policy_set_usage( &policy,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
|
||||
KDF_ALG );
|
||||
PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, KDF_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
|
||||
PSA_CHECK( psa_generate_key_to_handle( key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
PSA_CHECK( psa_generate_key( &attributes, &key_handle,
|
||||
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
|
||||
NULL, 0 ) );
|
||||
|
||||
|
@ -231,7 +229,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
|
|||
psa_key_handle_t *master_key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
uint8_t key_data[KEY_SIZE_BYTES];
|
||||
size_t key_size;
|
||||
FILE *key_file = NULL;
|
||||
|
@ -252,11 +250,10 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
|
|||
SYS_CHECK( fclose( key_file ) == 0 );
|
||||
key_file = NULL;
|
||||
|
||||
PSA_CHECK( psa_allocate_key( master_key_handle ) );
|
||||
psa_key_policy_set_usage( &policy, usage, alg );
|
||||
PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
|
||||
PSA_CHECK( psa_import_key_to_handle( *master_key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
psa_set_key_usage_flags( &attributes, usage );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
PSA_CHECK( psa_import_key( &attributes, master_key_handle,
|
||||
key_data, key_size ) );
|
||||
exit:
|
||||
if( key_file != NULL )
|
||||
|
@ -282,12 +279,14 @@ static psa_status_t derive_key_ladder( const char *ladder[],
|
|||
psa_key_handle_t *key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||
size_t i;
|
||||
psa_key_policy_set_usage( &policy,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
|
||||
KDF_ALG );
|
||||
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, KDF_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
|
||||
/* For each label in turn, ... */
|
||||
for( i = 0; i < ladder_depth; i++ )
|
||||
|
@ -305,13 +304,10 @@ static psa_status_t derive_key_ladder( const char *ladder[],
|
|||
* since it is no longer needed. */
|
||||
PSA_CHECK( psa_close_key( *key_handle ) );
|
||||
*key_handle = 0;
|
||||
PSA_CHECK( psa_allocate_key( key_handle ) );
|
||||
PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
|
||||
/* Use the generator obtained from the parent key to create
|
||||
* the next intermediate key. */
|
||||
PSA_CHECK( psa_generator_import_key_to_handle(
|
||||
*key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
PSA_CHECK( psa_generator_import_key(
|
||||
&attributes, key_handle,
|
||||
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
|
||||
&generator ) );
|
||||
PSA_CHECK( psa_generator_abort( &generator ) );
|
||||
|
@ -333,13 +329,13 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
|
|||
psa_key_handle_t *wrapping_key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||
|
||||
*wrapping_key_handle = 0;
|
||||
PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
|
||||
psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
|
||||
PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
|
||||
psa_set_key_usage_flags( &attributes, usage );
|
||||
psa_set_key_algorithm( &attributes, WRAPPING_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
|
||||
PSA_CHECK( psa_key_derivation(
|
||||
&generator,
|
||||
|
@ -348,9 +344,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
|
|||
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
|
||||
NULL, 0,
|
||||
PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
|
||||
PSA_CHECK( psa_generator_import_key_to_handle(
|
||||
*wrapping_key_handle,
|
||||
PSA_KEY_TYPE_AES,
|
||||
PSA_CHECK( psa_generator_import_key( &attributes, wrapping_key_handle,
|
||||
WRAPPING_KEY_BITS,
|
||||
&generator ) );
|
||||
|
||||
|
|
Loading…
Reference in a new issue