Remove experimental, superseded function psa_generate_key_ext

Remove the experimental functions psa_generate_key_ext() and psa_key_derivation_output_key_ext(), which require a flexible array member and therefore break C++ code that includes Mbed TLS headers. They have been replaced by psa_generate_key_custom() and psa_key_derivation_output_key_custom(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-04-23 11:42:31 +00:00 · 2024-07-31 16:59:41 +02:00 · 2024-07-31 16:59:41 +02:00 · 3077f2f9c6
commit 3077f2f9c6
parent 6b3bca5c78
7 changed files with 4 additions and 446 deletions
--- a/ChangeLog.d/psa_generate_key_custom.txt
+++ b/ChangeLog.d/psa_generate_key_custom.txt
@ -1,14 +1,9 @@
 API changes
   * The experimental functions psa_generate_key_ext() and
-     psa_key_derivation_output_key_ext() are no longer declared when compiling
+     psa_key_derivation_output_key_ext() have been replaced by
     in C++. This resolves a build failure under C++ compilers that do not
     support flexible array members (a C99 feature not adopted by C++).
     Fixes #9020.
 New deprecations
   * The experimental functions psa_generate_key_ext() and
     psa_key_derivation_output_key_ext() are deprecated in favor of
     psa_generate_key_custom() and psa_key_derivation_output_key_custom().
     They have almost exactly the same interface, but the variable-length
     data is passed in a separate parameter instead of a flexible array
-     member.
+     member. This resolves a build failure under C++ compilers that do not
     support flexible array members (a C99 feature not adopted by C++).
     Fixes #9020.
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@ -6484,20 +6484,6 @@ psa_status_t psa_key_derivation_output_key_custom(
    return status;
 }
 psa_status_t psa_key_derivation_output_key_ext(
    const psa_key_attributes_t *attributes,
    psa_key_derivation_operation_t *operation,
    const psa_key_production_parameters_t *params,
    size_t params_data_length,
    mbedtls_svc_key_id_t *key)
 {
    return psa_key_derivation_output_key_custom(
        attributes, operation,
        (const psa_custom_key_parameters_t *) params,
        params->data, params_data_length,
        key);
 }
 psa_status_t psa_key_derivation_output_key(
    const psa_key_attributes_t *attributes,
    psa_key_derivation_operation_t *operation,
@ -8032,18 +8018,6 @@ exit:
    return status;
 }
 psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
                                  const psa_key_production_parameters_t *params,
                                  size_t params_data_length,
                                  mbedtls_svc_key_id_t *key)
 {
    return psa_generate_key_custom(
        attributes,
        (const psa_custom_key_parameters_t *) params,
        params->data, params_data_length,
        key);
 }
 psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
                              mbedtls_svc_key_id_t *key)
 {
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@ -3839,88 +3839,6 @@ psa_status_t psa_key_derivation_output_key_custom(
    size_t custom_data_length,
    mbedtls_svc_key_id_t *key);
 #ifndef __cplusplus
 /* Omitted when compiling in C++, because one of the parameters is a
 * pointer to a struct with a flexible array member, and that is not
 * standard C++.
 * https://github.com/Mbed-TLS/mbedtls/issues/9020
 */
 /** Derive a key from an ongoing key derivation operation with custom
 *  production parameters.
 *
 * \note
 * This is a deprecated variant of psa_key_derivation_output_key_custom().
 * It is equivalent except that the associated variable-length data
 * is passed in `params->data` instead of a separate parameter.
 * This function will be removed in a future version of Mbed TLS.
 *
 * \param[in] attributes    The attributes for the new key.
 *                          If the key type to be created is
 *                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
 *                          the policy must be the same as in the current
 *                          operation.
 * \param[in,out] operation The key derivation operation object to read from.
 * \param[in] params        Customization parameters for the key derivation.
 *                          When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
 *                          with \p params_data_length = 0,
 *                          this function is equivalent to
 *                          psa_key_derivation_output_key().
 *                          Mbed TLS currently only supports the default
 *                          production parameters, i.e.
 *                          #PSA_KEY_PRODUCTION_PARAMETERS_INIT,
 *                          for all key types.
 * \param params_data_length
 *                          Length of `params->data` in bytes.
 * \param[out] key          On success, an identifier for the newly created
 *                          key. For persistent keys, this is the key
 *                          identifier defined in \p attributes.
 *                          \c 0 on failure.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 *         If the key is persistent, the key material and the key's metadata
 *         have been saved to persistent storage.
 * \retval #PSA_ERROR_ALREADY_EXISTS
 *         This is an attempt to create a persistent key, and there is
 *         already a persistent key with the given identifier.
 * \retval #PSA_ERROR_INSUFFICIENT_DATA
 *         There was not enough data to create the desired key.
 *         Note that in this case, no output is written to the output buffer.
 *         The operation's capacity is set to 0, thus subsequent calls to
 *         this function will not succeed, even with a smaller output buffer.
 * \retval #PSA_ERROR_NOT_SUPPORTED
 *         The key type or key size is not supported, either by the
 *         implementation in general or in this particular location.
 * \retval #PSA_ERROR_INVALID_ARGUMENT
 *         The provided key attributes are not valid for the operation.
 * \retval #PSA_ERROR_NOT_PERMITTED
 *         The #PSA_KEY_DERIVATION_INPUT_SECRET or
 *         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
 *         key; or one of the inputs was a key whose policy didn't allow
 *         #PSA_KEY_USAGE_DERIVE.
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
 * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
 * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
 * \retval #PSA_ERROR_DATA_INVALID \emptydescription
 * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
 * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
 * \retval #PSA_ERROR_BAD_STATE
 *         The operation state is not valid (it must be active and completed
 *         all required input steps), or the library has not been previously
 *         initialized by psa_crypto_init().
 *         It is implementation-dependent whether a failure to initialize
 *         results in this error code.
 */
 psa_status_t psa_key_derivation_output_key_ext(
    const psa_key_attributes_t *attributes,
    psa_key_derivation_operation_t *operation,
    const psa_key_production_parameters_t *params,
    size_t params_data_length,
    mbedtls_svc_key_id_t *key);
 #endif /* !__cplusplus */
 /** Compare output data from a key derivation operation to an expected value.
 *
 * This function calculates output bytes from a key derivation algorithm and
@ -4267,63 +4185,6 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes,
                                     size_t custom_data_length,
                                     mbedtls_svc_key_id_t *key);
 #ifndef __cplusplus
 /* Omitted when compiling in C++, because one of the parameters is a
 * pointer to a struct with a flexible array member, and that is not
 * standard C++.
 * https://github.com/Mbed-TLS/mbedtls/issues/9020
 */
 /**
 * \brief Generate a key or key pair using custom production parameters.
 *
 * \note
 * This is a deprecated variant of psa_key_derivation_output_key_custom().
 * It is equivalent except that the associated variable-length data
 * is passed in `params->data` instead of a separate parameter.
 * This function will be removed in a future version of Mbed TLS.
 *
 * \param[in] attributes    The attributes for the new key.
 * \param[in] params        Customization parameters for the key generation.
 *                          When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
 *                          with \p params_data_length = 0,
 *                          this function is equivalent to
 *                          psa_generate_key().
 * \param params_data_length
 *                          Length of `params->data` in bytes.
 * \param[out] key          On success, an identifier for the newly created
 *                          key. For persistent keys, this is the key
 *                          identifier defined in \p attributes.
 *                          \c 0 on failure.
 *
 * \retval #PSA_SUCCESS
 *         Success.
 *         If the key is persistent, the key material and the key's metadata
 *         have been saved to persistent storage.
 * \retval #PSA_ERROR_ALREADY_EXISTS
 *         This is an attempt to create a persistent key, and there is
 *         already a persistent key with the given identifier.
 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
 * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
 * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
 * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
 * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
 * \retval #PSA_ERROR_DATA_INVALID \emptydescription
 * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
 * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
 * \retval #PSA_ERROR_BAD_STATE
 *         The library has not been previously initialized by psa_crypto_init().
 *         It is implementation-dependent whether a failure to initialize
 *         results in this error code.
 */
 psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
                                  const psa_key_production_parameters_t *params,
                                  size_t params_data_length,
                                  mbedtls_svc_key_id_t *key);
 #endif /* !__cplusplus */
 /**@}*/
 /** \defgroup interruptible_hash Interruptible sign/verify hash
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@ -237,34 +237,6 @@ struct psa_custom_key_parameters_s {
 */
 #define PSA_CUSTOM_KEY_PARAMETERS_INIT { 0 }
 #ifndef __cplusplus
 /* Omitted when compiling in C++, because one of the parameters is a
 * pointer to a struct with a flexible array member, and that is not
 * standard C++.
 * https://github.com/Mbed-TLS/mbedtls/issues/9020
 */
 /* This is a deprecated variant of `struct psa_custom_key_parameters_s`.
 * It has exactly the same layout, plus an extra field which is a flexible
 * array member. Thus a `const struct psa_key_production_parameters_s *`
 * can be passed to any function that reads a
 * `const struct psa_custom_key_parameters_s *`.
 */
 struct psa_key_production_parameters_s {
    uint32_t flags;
    uint8_t data[];
 };
 /** The default production parameters for key generation or key derivation.
 *
 * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext()
 * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and
 * `params_data_length == 0` is equivalent to
 * calling psa_generate_key() or psa_key_derivation_output_key()
 * respectively.
 */
 #define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 }
 #endif /* !__cplusplus */
 struct psa_key_policy_s {
    psa_key_usage_t MBEDTLS_PRIVATE(usage);
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
--- a/tf-psa-crypto/include/psa/crypto_types.h
+++ b/tf-psa-crypto/include/psa/crypto_types.h
@ -479,30 +479,6 @@ typedef uint16_t psa_key_derivation_step_t;
 */
 typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t;
 /** \brief Custom parameters for key generation or key derivation.
 *
 * This is a structure type with at least the following fields:
 *
 * - \c flags: an unsigned integer type. 0 for the default production parameters.
 * - \c data: a flexible array of bytes.
 *
 * The interpretation of this structure depend on the type of the
 * created key.
 *
 * - #PSA_KEY_TYPE_RSA_KEY_PAIR:
 *     - \c flags: must be 0.
 *     - \c data: the public exponent, in little-endian order.
 *       This must be an odd integer and must not be 1.
 *       Implementations must support 65537, should support 3 and may
 *       support other values.
 *       When not using a driver, Mbed TLS supports values up to \c INT_MAX.
 *       If this is empty or if the custom production parameters are omitted
 *       altogether, the default value 65537 is used.
 * - Other key types: reserved for future use. \c flags must be 0.
 *
 */
 typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
 /**@}*/
 #endif /* PSA_CRYPTO_TYPES_H */
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@ -6947,18 +6947,6 @@ PSA key derivation custom: data non-empty -> AES-128
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
 derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
 PSA key derivation: default params -> AES-128
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
 derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
 PSA key derivation: params.flags=1 -> AES-128
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
 derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:""
 PSA key derivation: params.data non-empty -> AES-128
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
 derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
 PSA key derivation: invalid type (0)
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
@ -7609,30 +7597,6 @@ PSA generate key custom: ECC, data non-empty
 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
 generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
 PSA generate key ext: RSA, params.flags=1
 depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
 generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
 PSA generate key ext: RSA, empty e
 depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
 generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS
 PSA generate key ext: RSA, e=513
 depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
 generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS
 PSA generate key ext: ECC, flags=0
 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
 generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS
 PSA generate key ext: ECC, flags=1
 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
 generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT
 PSA generate key ext: ECC, params.data non-empty
 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
 generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
 PSA concurrent key generation: bad type (RSA public key)
 depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD
 concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5
@ -7777,9 +7741,6 @@ PSA concurrent key generation: FFDH, 1024 bits, invalid bits
 depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD
 concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5
 Key production parameters initializers
 key_production_parameters_init:
 PSA import persistent key: raw data, 8 bits
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
 persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@ -1312,30 +1312,6 @@ exit:
 }
 #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
 static int setup_key_production_parameters(
    psa_key_production_parameters_t **params, size_t *params_data_length,
    int flags_arg, const data_t *params_data)
 {
    *params_data_length = params_data->len;
    /* If there are N bytes of padding at the end of
     * psa_key_production_parameters_t, then it's enough to allocate
     * MIN(sizeof(psa_key_production_parameters_t),
     *     offsetof(psa_key_production_parameters_t, data) + params_data_length).
     *
     * For simplicity, here, we allocate up to N more bytes than necessary.
     * In practice, the current layout of psa_key_production_parameters_t
     * makes padding extremely unlikely, so we don't worry about testing
     * that the library code doesn't try to access these extra N bytes.
     */
    *params = mbedtls_calloc(1, sizeof(**params) + *params_data_length);
    TEST_ASSERT(*params != NULL);
    (*params)->flags = (uint32_t) flags_arg;
    memcpy((*params)->data, params_data->x, params_data->len);
    return 1;
 exit:
    return 0;
 }
 #if defined(MBEDTLS_THREADING_PTHREAD)
 typedef struct same_key_context {
@ -9662,81 +9638,6 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void derive_key_ext(int alg_arg,
                    data_t *key_data,
                    data_t *input1,
                    data_t *input2,
                    int key_type_arg, int bits_arg,
                    int flags_arg,
                    data_t *params_data,
                    psa_status_t expected_status,
                    data_t *expected_export)
 {
    mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
    mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
    const psa_algorithm_t alg = alg_arg;
    const psa_key_type_t key_type = key_type_arg;
    const size_t bits = bits_arg;
    psa_key_production_parameters_t *params = NULL;
    size_t params_data_length = 0;
    psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
    const size_t export_buffer_size =
        PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
    uint8_t *export_buffer = NULL;
    psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
    size_t export_length;
    TEST_CALLOC(export_buffer, export_buffer_size);
    PSA_ASSERT(psa_crypto_init());
    psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
    psa_set_key_algorithm(&base_attributes, alg);
    psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
    PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len,
                              &base_key));
    if (mbedtls_test_psa_setup_key_derivation_wrap(
            &operation, base_key, alg,
            input1->x, input1->len,
            input2->x, input2->len,
            PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) {
        goto exit;
    }
    psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT);
    psa_set_key_algorithm(&derived_attributes, 0);
    psa_set_key_type(&derived_attributes, key_type);
    psa_set_key_bits(&derived_attributes, bits);
    if (!setup_key_production_parameters(&params, &params_data_length,
                                         flags_arg, params_data)) {
        goto exit;
    }
    TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation,
                                                 params, params_data_length,
                                                 &derived_key),
               expected_status);
    if (expected_status == PSA_SUCCESS) {
        PSA_ASSERT(psa_export_key(derived_key,
                                  export_buffer, export_buffer_size,
                                  &export_length));
        TEST_MEMORY_COMPARE(export_buffer, export_length,
                            expected_export->x, expected_export->len);
    }
 exit:
    mbedtls_free(export_buffer);
    mbedtls_free(params);
    psa_key_derivation_abort(&operation);
    psa_destroy_key(base_key);
    psa_destroy_key(derived_key);
    PSA_DONE();
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void derive_key(int alg_arg,
                data_t *key_data, data_t *input1, data_t *input2,
@ -10288,88 +10189,6 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void generate_key_ext(int type_arg,
                      int bits_arg,
                      int usage_arg,
                      int alg_arg,
                      int flags_arg,
                      data_t *params_data,
                      int expected_status_arg)
 {
    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
    psa_key_type_t type = type_arg;
    psa_key_usage_t usage = usage_arg;
    size_t bits = bits_arg;
    psa_algorithm_t alg = alg_arg;
    psa_status_t expected_status = expected_status_arg;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_key_production_parameters_t *params = NULL;
    size_t params_data_length = 0;
    psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
    PSA_ASSERT(psa_crypto_init());
    psa_set_key_usage_flags(&attributes, usage);
    psa_set_key_algorithm(&attributes, alg);
    psa_set_key_type(&attributes, type);
    psa_set_key_bits(&attributes, bits);
    if (!setup_key_production_parameters(&params, &params_data_length,
                                         flags_arg, params_data)) {
        goto exit;
    }
    /* Generate a key */
    psa_status_t status = psa_generate_key_ext(&attributes,
                                               params, params_data_length,
                                               &key);
    TEST_EQUAL(status, expected_status);
    if (expected_status != PSA_SUCCESS) {
        goto exit;
    }
    /* Test the key information */
    PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
    TEST_EQUAL(psa_get_key_type(&got_attributes), type);
    TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
    if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
        TEST_ASSERT(rsa_test_e(key, bits, params_data));
    }
 #endif
    /* Do something with the key according to its type and permitted usage. */
    if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) {
        goto exit;
    }
 exit:
    /*
     * Key attributes may have been returned by psa_get_key_attributes()
     * thus reset them as required.
     */
    psa_reset_key_attributes(&got_attributes);
    mbedtls_free(params);
    psa_destroy_key(key);
    PSA_DONE();
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void key_production_parameters_init()
 {
    psa_key_production_parameters_t init = PSA_KEY_PRODUCTION_PARAMETERS_INIT;
    psa_key_production_parameters_t zero;
    memset(&zero, 0, sizeof(zero));
    TEST_EQUAL(init.flags, 0);
    TEST_EQUAL(zero.flags, 0);
 }
 /* END_CASE */
 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
 void persistent_key_load_key_from_storage(data_t *data,
                                          int type_arg, int bits_arg,