diff --git a/docs/getting_started.md b/docs/getting_started.md index eac8315469..3008a19ce7 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -116,14 +116,13 @@ This allows the key in the key slot to be used for RSA signing. int key_slot = 1; unsigned char key[] = "RSA_KEY"; unsigned char payload[] = "ASYMMETRIC_INPUT_FOR_SIGN"; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length; status = psa_crypto_init(); /* Import the key */ - psa_key_policy_init(&policy); psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW); status = psa_set_key_policy(key_slot, &policy); @@ -343,7 +342,7 @@ At this point the derived key slot holds a new 128-bit AES-CTR encryption key de ```C psa_key_slot_t base_key = 1; psa_key_slot_t derived_key = 2; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; unsigned char key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, @@ -358,6 +357,7 @@ At this point the derived key slot holds a new 128-bit AES-CTR encryption key de 0xf7, 0xf8, 0xf9 }; psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; size_t derived_bits = 128; size_t capacity = PSA_BITS_TO_BYTES(derived_bits); @@ -365,7 +365,6 @@ At this point the derived key slot holds a new 128-bit AES-CTR encryption key de status = psa_crypto_init(); /* Import a key for use in key derivation, if such a key has already been imported you can skip this part */ - psa_key_policy_init(&policy); psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg); status = psa_set_key_policy(base_key, &policy); @@ -416,12 +415,12 @@ To authenticate and encrypt a message: size_t output_size = 0; size_t output_length = 0; size_t tag_length = 16; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = sizeof(input_data) + tag_length; output_data = malloc(output_size); status = psa_crypto_init(); - psa_key_policy_init(&policy); psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM); status = psa_set_key_policy(slot, &policy); @@ -463,12 +462,12 @@ To authenticate and decrypt a message: unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = sizeof(input_data); output_data = malloc(output_size); status = psa_crypto_init(); - psa_key_policy_init(&policy); psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM); status = psa_set_key_policy(slot, &policy); @@ -503,10 +502,10 @@ Generate a piece of random 128-bit AES data: size_t exported_size = bits; size_t exported_length = 0; uint8_t *exported = malloc(exported_size); + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_crypto_init(); - psa_key_policy_init(&policy); psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, PSA_ALG_GCM); psa_set_key_policy(slot, &policy); diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fa8045cf40..2bc6807b27 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -571,18 +571,50 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, */ /** The type of the key policy data structure. + * + * Before calling any function on a key policy, the application must initialize + * it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_key_policy_t policy; + * memset(&policy, 0, sizeof(policy)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_key_policy_t policy = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_KEY_POLICY_INIT, + * for example: + * \code + * psa_key_policy_t policy = PSA_KEY_POLICY_INIT; + * \endcode + * - Assign the result of the function psa_key_policy_init() + * to the structure, for example: + * \code + * psa_key_policy_t policy; + * policy = psa_key_policy_init(); + * \endcode * * This is an implementation-defined \c struct. Applications should not * make any assumptions about the content of this structure except * as directed by the documentation of a specific implementation. */ typedef struct psa_key_policy_s psa_key_policy_t; -/** \brief Initialize a key policy structure to a default that forbids all - * usage of the key. +/** \def PSA_KEY_POLICY_INIT * - * \param[out] policy The policy object to initialize. + * This macro returns a suitable initializer for a key policy object of type + * #psa_key_policy_t. */ -void psa_key_policy_init(psa_key_policy_t *policy); +#ifdef __DOXYGEN_ONLY__ +/* This is an example definition for documentation purposes. + * Implementations should define a suitable value in `crypto_struct.h`. + */ +#define PSA_KEY_POLICY_INIT {0} +#endif + +/** Return an initial value for a key policy that forbids all usage of the key. + */ +static psa_key_policy_t psa_key_policy_init(void); /** \brief Set the standard fields of a policy structure. * @@ -590,9 +622,11 @@ void psa_key_policy_init(psa_key_policy_t *policy); * parameters. The values are only checked when applying the policy to * a key slot with psa_set_key_policy(). * - * \param[out] policy The policy object to modify. - * \param usage The permitted uses for the key. - * \param alg The algorithm that the key may be used for. + * \param[in,out] policy The key policy to modify. It must have been + * initialized as per the documentation for + * #psa_key_policy_t. + * \param usage The permitted uses for the key. + * \param alg The algorithm that the key may be used for. */ void psa_key_policy_set_usage(psa_key_policy_t *policy, psa_key_usage_t usage, diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 44a1a60572..320466f8ff 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -208,4 +208,11 @@ struct psa_key_policy_s psa_algorithm_t alg; }; +#define PSA_KEY_POLICY_INIT {0, 0} +static inline struct psa_key_policy_s psa_key_policy_init( void ) +{ + const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; + return( v ); +} + #endif /* PSA_CRYPTO_STRUCT_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0a47fae44a..fd76b27b48 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2938,11 +2938,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) /****************************************************************/ #if !defined(MBEDTLS_PSA_CRYPTO_SPM) -void psa_key_policy_init( psa_key_policy_t *policy ) -{ - memset( policy, 0, sizeof( *policy ) ); -} - void psa_key_policy_set_usage( psa_key_policy_t *policy, psa_key_usage_t usage, psa_algorithm_t alg ) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 53b6b2ae71..db8546863d 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -49,9 +49,8 @@ static psa_status_t set_key_policy( psa_key_handle_t key_handle, psa_algorithm_t alg ) { psa_status_t status; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, key_usage, alg ); status = psa_set_key_policy( key_handle, &policy ); ASSERT_STATUS( status, PSA_SUCCESS ); diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 4acf6b150a..66f66fc2e5 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -209,12 +209,11 @@ static psa_status_t generate( const char *key_file_name ) { psa_status_t status = PSA_SUCCESS; psa_key_handle_t key_handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ), &key_handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, KDF_ALG ); @@ -243,7 +242,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, psa_key_handle_t *master_key_handle ) { psa_status_t status = PSA_SUCCESS; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; uint8_t key_data[KEY_SIZE_BYTES]; size_t key_size; FILE *key_file = NULL; @@ -267,7 +266,6 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( key_size ), master_key_handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, alg ); PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) ); PSA_CHECK( psa_import_key( *master_key_handle, @@ -297,10 +295,9 @@ static psa_status_t derive_key_ladder( const char *ladder[], psa_key_handle_t *key_handle ) { psa_status_t status = PSA_SUCCESS; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; size_t i; - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, KDF_ALG ); @@ -351,13 +348,12 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, psa_key_handle_t *wrapping_key_handle ) { psa_status_t status = PSA_SUCCESS; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; *wrapping_key_handle = 0; PSA_CHECK( psa_allocate_key( PSA_KEY_TYPE_AES, WRAPPING_KEY_BITS, wrapping_key_handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG ); PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 848e8edfdd..09029ffdef 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -332,6 +332,9 @@ import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED PSA key policy set and get key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING +Key policy initializers zero properly +key_policy_init: + PSA key policy: MAC, sign | verify depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c1339c015a..5358799641 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -902,7 +902,7 @@ void import_twice( int alg_arg, int usage_arg, psa_status_t expected_import1_status = expected_import1_status_arg; psa_key_type_t type2 = type2_arg; psa_status_t expected_import2_status = expected_import2_status_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -911,7 +911,6 @@ void import_twice( int alg_arg, int usage_arg, MAX( KEY_BITS_FROM_DATA( type1, data1 ), KEY_BITS_FROM_DATA( type2, data2 ) ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -989,7 +988,7 @@ void import_export( data_t *data, size_t reexported_length; psa_key_type_t got_type; size_t got_bits; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; export_size = (ptrdiff_t) data->len + export_size_delta; ASSERT_ALLOC( exported, export_size ); @@ -998,7 +997,6 @@ void import_export( data_t *data, PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( type, expected_bits, &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage_arg, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1126,7 +1124,7 @@ void export_with_no_key_activity( ) psa_key_handle_t handle = 0; psa_algorithm_t alg = PSA_ALG_CTR; psa_status_t status; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; unsigned char *exported = NULL; size_t export_size = 0; size_t exported_length = INVALID_EXPORT_LENGTH; @@ -1135,7 +1133,6 @@ void export_with_no_key_activity( ) PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_RAW_DATA, 0, &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1155,7 +1152,7 @@ void cipher_with_no_key_activity( ) { psa_key_handle_t handle = 0; psa_status_t status; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_cipher_operation_t operation; int exercise_alg = PSA_ALG_CTR; @@ -1163,7 +1160,6 @@ void cipher_with_no_key_activity( ) PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_RAW_DATA, 0, &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1245,7 +1241,7 @@ void export_after_destroy_key( data_t *data, int type_arg ) psa_key_handle_t handle = 0; psa_key_type_t type = type_arg; psa_status_t status; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_algorithm_t alg = PSA_ALG_CTR; unsigned char *exported = NULL; size_t export_size = 0; @@ -1255,7 +1251,6 @@ void export_after_destroy_key( data_t *data, int type_arg ) PSA_ASSERT( psa_allocate_key( type, KEY_BITS_FROM_DATA( type, data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); export_size = (ptrdiff_t) data->len; @@ -1298,13 +1293,12 @@ void import_export_public_key( data_t *data, unsigned char *exported = NULL; size_t export_size = expected_public_key->len + export_size_delta; size_t exported_length = INVALID_EXPORT_LENGTH; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( type, KEY_BITS_FROM_DATA( type, data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1347,7 +1341,7 @@ void import_and_exercise_key( data_t *data, size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; psa_key_usage_t usage = usage_to_exercise( type, alg ); - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_type_t got_type; size_t got_bits; psa_status_t status; @@ -1356,7 +1350,6 @@ void import_and_exercise_key( data_t *data, PSA_ASSERT( psa_allocate_key( type, KEY_BITS_FROM_DATA( type, data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1389,8 +1382,8 @@ void key_policy( int usage_arg, int alg_arg ) psa_key_usage_t usage = usage_arg; psa_key_type_t key_type = PSA_KEY_TYPE_AES; unsigned char key[32] = {0}; - psa_key_policy_t policy_set; - psa_key_policy_t policy_get; + psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT; + psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT; memset( key, 0x2a, sizeof( key ) ); @@ -1398,8 +1391,6 @@ void key_policy( int usage_arg, int alg_arg ) PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( sizeof( key ) ), &handle ) ); - psa_key_policy_init( &policy_set ); - psa_key_policy_init( &policy_get ); psa_key_policy_set_usage( &policy_set, usage, alg ); TEST_EQUAL( psa_key_policy_get_usage( &policy_set ), usage ); @@ -1420,6 +1411,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void key_policy_init( ) +{ + /* Test each valid way of initializing the object, except for `= {0}`, as + * Clang 5 complains when `-Wmissing-field-initializers` is used, even + * though it's OK by the C standard. We could test for this, but we'd need + * to supress the Clang warning for the test. */ + psa_key_policy_t func = psa_key_policy_init( ); + psa_key_policy_t init = PSA_KEY_POLICY_INIT; + psa_key_policy_t zero; + + memset( &zero, 0, sizeof( zero ) ); + + /* Although not technically guaranteed by the C standard nor the PSA Crypto + * specification, we test that all valid ways of initializing the object + * have the same bit pattern. This is a stronger requirement that may not + * be valid on all platforms or PSA Crypto implementations, but implies the + * weaker actual requirement is met: that a freshly initialized object, no + * matter how it was initialized, acts the same as any other valid + * initialization. */ + TEST_EQUAL( memcmp( &func, &zero, sizeof( zero ) ), 0 ); + TEST_EQUAL( memcmp( &init, &zero, sizeof( zero ) ), 0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void mac_key_policy( int policy_usage, int policy_alg, @@ -1428,7 +1444,7 @@ void mac_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_mac_operation_t operation; psa_status_t status; unsigned char mac[PSA_MAC_MAX_SIZE]; @@ -1438,7 +1454,6 @@ void mac_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1476,7 +1491,7 @@ void cipher_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_cipher_operation_t operation; psa_status_t status; @@ -1485,7 +1500,6 @@ void cipher_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1524,7 +1538,7 @@ void aead_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; unsigned char nonce[16] = {0}; size_t nonce_length = nonce_length_arg; @@ -1540,7 +1554,6 @@ void aead_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1586,7 +1599,7 @@ void asymmetric_encryption_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; size_t key_bits; size_t buffer_length; @@ -1598,7 +1611,6 @@ void asymmetric_encryption_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1651,7 +1663,7 @@ void asymmetric_signature_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; unsigned char payload[16] = {1}; size_t payload_length = sizeof( payload ); @@ -1663,7 +1675,6 @@ void asymmetric_signature_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1704,7 +1715,7 @@ void derive_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; psa_status_t status; @@ -1713,7 +1724,6 @@ void derive_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1746,7 +1756,7 @@ void agreement_key_policy( int policy_usage, int exercise_alg ) { psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_type_t key_type = key_type_arg; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; psa_status_t status; @@ -1756,7 +1766,6 @@ void agreement_key_policy( int policy_usage, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1901,14 +1910,13 @@ void mac_setup( int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; psa_mac_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg ); @@ -1938,7 +1946,7 @@ void mac_sign( int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; /* Leave a little extra room in the output buffer. At the end of the * test, we'll check that the implementation didn't overwrite onto * this extra room. */ @@ -1955,7 +1963,6 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -1996,7 +2003,7 @@ void mac_verify( int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); @@ -2004,7 +2011,6 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2037,14 +2043,13 @@ void cipher_setup( int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2079,7 +2084,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); memset( iv, 0x2a, iv_size ); @@ -2088,7 +2093,6 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2147,7 +2151,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); memset( iv, 0x2a, iv_size ); @@ -2156,7 +2160,6 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2218,7 +2221,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); memset( iv, 0x2a, iv_size ); @@ -2227,7 +2230,6 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2291,7 +2293,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); memset( iv, 0x2a, iv_size ); @@ -2300,7 +2302,6 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2363,13 +2364,12 @@ void cipher_verify_output( int alg_arg, int key_type_arg, size_t function_output_length = 0; psa_cipher_operation_t operation1; psa_cipher_operation_t operation2; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2449,13 +2449,12 @@ void cipher_verify_output_multipart( int alg_arg, size_t function_output_length; psa_cipher_operation_t operation1; psa_cipher_operation_t operation2; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2550,7 +2549,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, size_t output_length2 = 0; size_t tag_length = 16; psa_status_t expected_result = expected_result_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = input_data->len + tag_length; ASSERT_ALLOC( output_data, output_size ); @@ -2559,7 +2558,6 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); @@ -2617,7 +2615,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, size_t output_size = 0; size_t output_length = 0; size_t tag_length = 16; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = input_data->len + tag_length; ASSERT_ALLOC( output_data, output_size ); @@ -2626,7 +2624,6 @@ void aead_encrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2667,7 +2664,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, size_t output_size = 0; size_t output_length = 0; size_t tag_length = 16; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t expected_result = expected_result_arg; output_size = input_data->len + tag_length; @@ -2677,7 +2674,6 @@ void aead_decrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2732,14 +2728,13 @@ void sign_deterministic( int key_type_arg, data_t *key_data, unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2787,7 +2782,7 @@ void sign_fail( int key_type_arg, data_t *key_data, psa_status_t expected_status = expected_status_arg; unsigned char *signature = NULL; size_t signature_length = 0xdeadbeef; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; ASSERT_ALLOC( signature, signature_size ); @@ -2796,7 +2791,6 @@ void sign_fail( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2833,14 +2827,13 @@ void sign_verify( int key_type_arg, data_t *key_data, unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg ); @@ -2903,7 +2896,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, psa_key_handle_t handle = 0; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); @@ -2912,7 +2905,6 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2941,14 +2933,13 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, psa_algorithm_t alg = alg_arg; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -2988,7 +2979,7 @@ void asymmetric_encrypt( int key_type_arg, size_t output_length = ~0; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -2996,7 +2987,6 @@ void asymmetric_encrypt( int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); PSA_ASSERT( psa_import_key( handle, key_type, @@ -3059,14 +3049,13 @@ void asymmetric_encrypt_decrypt( int key_type_arg, unsigned char *output2 = NULL; size_t output2_size; size_t output2_length = ~0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); @@ -3127,7 +3116,7 @@ void asymmetric_decrypt( int key_type_arg, unsigned char *output = NULL; size_t output_size = 0; size_t output_length = ~0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = key_data->len; ASSERT_ALLOC( output, output_size ); @@ -3137,7 +3126,6 @@ void asymmetric_decrypt( int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3194,7 +3182,7 @@ void asymmetric_decrypt_fail( int key_type_arg, size_t output_length = ~0; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; output_size = key_data->len; ASSERT_ALLOC( output, output_size ); @@ -3204,7 +3192,6 @@ void asymmetric_decrypt_fail( int key_type_arg, PSA_ASSERT( psa_allocate_key( key_type, KEY_BITS_FROM_DATA( key_type, key_data ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3258,13 +3245,12 @@ void derive_setup( int key_type_arg, size_t requested_capacity = requested_capacity_arg; psa_status_t expected_status = expected_status_arg; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3297,14 +3283,13 @@ void test_derive_invalid_generator_state( ) const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( key_type, PSA_BYTES_TO_BITS( sizeof( key_data ) ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3385,7 +3370,7 @@ void derive_output( int alg_arg, uint8_t *output_buffer = NULL; size_t expected_capacity; size_t current_capacity; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_status_t status; unsigned i; @@ -3402,7 +3387,6 @@ void derive_output( int alg_arg, PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3476,14 +3460,13 @@ void derive_full( int alg_arg, unsigned char output_buffer[16]; size_t expected_capacity = requested_capacity; size_t current_capacity; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( key_data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3547,7 +3530,7 @@ void derive_key_exercise( int alg_arg, psa_algorithm_t derived_alg = derived_alg_arg; size_t capacity = PSA_BITS_TO_BYTES( derived_bits ); psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_type_t got_type; size_t got_bits; @@ -3556,7 +3539,6 @@ void derive_key_exercise( int alg_arg, PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( key_data->len ), &base_handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) ); PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE, @@ -3614,7 +3596,7 @@ void derive_key_export( int alg_arg, psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; uint8_t *output_buffer = NULL; uint8_t *export_buffer = NULL; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; size_t length; ASSERT_ALLOC( output_buffer, capacity ); @@ -3624,7 +3606,6 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( key_data->len ), &base_handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( base_handle, &policy ) ); PSA_ASSERT( psa_import_key( base_handle, PSA_KEY_TYPE_DERIVE, @@ -3696,7 +3677,7 @@ void key_agreement_setup( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -3704,7 +3685,6 @@ void key_agreement_setup( int alg_arg, KEY_BITS_FROM_DATA( our_key_type, our_key_data ), &our_key ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( our_key, &policy ) ); PSA_ASSERT( psa_import_key( our_key, our_key_type, @@ -3734,7 +3714,7 @@ void key_agreement_capacity( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; size_t actual_capacity; unsigned char output[16]; @@ -3744,7 +3724,6 @@ void key_agreement_capacity( int alg_arg, KEY_BITS_FROM_DATA( our_key_type, our_key_data ), &our_key ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( our_key, &policy ) ); PSA_ASSERT( psa_import_key( our_key, our_key_type, @@ -3790,7 +3769,7 @@ void key_agreement_output( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; uint8_t *actual_output = NULL; ASSERT_ALLOC( actual_output, MAX( expected_output1->len, @@ -3802,7 +3781,6 @@ void key_agreement_output( int alg_arg, KEY_BITS_FROM_DATA( our_key_type, our_key_data ), &our_key ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); PSA_ASSERT( psa_set_key_policy( our_key, &policy ) ); PSA_ASSERT( psa_import_key( our_key, our_key_type, @@ -3904,12 +3882,11 @@ void generate_key( int type_arg, size_t got_bits; psa_status_t expected_info_status = expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_allocate_key( type, bits, &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); @@ -3946,11 +3923,11 @@ void persistent_key_load_key_from_storage( data_t *data, int type_arg, psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_type_t type_get; size_t bits_get; - psa_key_policy_t policy_set; - psa_key_policy_t policy_get; + psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT; + psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT; psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg; psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg; - psa_key_policy_t base_policy_set; + psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT; psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; unsigned char *first_export = NULL; @@ -3967,7 +3944,6 @@ void persistent_key_load_key_from_storage( data_t *data, int type_arg, PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1, type, bits, &handle ) ); - psa_key_policy_init( &policy_set ); psa_key_policy_set_usage( &policy_set, policy_usage, policy_alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) ); @@ -3991,7 +3967,6 @@ void persistent_key_load_key_from_storage( data_t *data, int type_arg, PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_DERIVE, PSA_BYTES_TO_BITS( data->len ), &base_key ) ); - psa_key_policy_init( &base_policy_set ); psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE, base_policy_alg ); PSA_ASSERT( psa_set_key_policy( diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 753e3d237c..939a37b56d 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -209,7 +209,7 @@ void import_export_persistent_key( data_t *data, int type_arg, size_t exported_length; psa_key_type_t got_type; size_t got_bits; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_lifetime_t lifetime_get; ASSERT_ALLOC( exported, export_size ); @@ -221,7 +221,6 @@ void import_export_persistent_key( data_t *data, int type_arg, PSA_BYTES_TO_BITS( data->len ), &handle ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, PSA_ALG_VENDOR_FLAG ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3df0887a68..670c7404a2 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -77,14 +77,13 @@ void transient_slot_lifecycle( int type_arg, int max_bits_arg, close_method_t close_method = close_method_arg; psa_key_type_t read_type; psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; PSA_ASSERT( psa_crypto_init( ) ); /* Get a handle and import a key. */ PSA_ASSERT( psa_allocate_key( type, max_bits, &handle ) ); TEST_ASSERT( handle != 0 ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage_flags, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) ); @@ -131,7 +130,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, close_method_t close_method = close_method_arg; psa_key_type_t read_type; psa_key_handle_t handle = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; TEST_MAX_KEY_ID( id ); @@ -140,7 +139,6 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, /* Get a handle and import a key. */ PSA_ASSERT( psa_create_key( lifetime, id, type, max_bits, &handle ) ); TEST_ASSERT( handle != 0 ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage_flags, alg ); PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) ); @@ -202,7 +200,8 @@ void create_existent( int lifetime_arg, int id_arg, psa_key_lifetime_t lifetime = lifetime_arg; psa_key_id_t id = id_arg; psa_key_handle_t handle1 = 0, handle2 = 0; - psa_key_policy_t policy1, read_policy; + psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT; + psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; psa_key_type_t type2 = new_type_arg; psa_key_type_t read_type; @@ -220,7 +219,6 @@ void create_existent( int lifetime_arg, int id_arg, /* Create a key. */ PSA_ASSERT( psa_create_key( lifetime, id, type1, bits1, &handle1 ) ); TEST_ASSERT( handle1 != 0 ); - psa_key_policy_init( &policy1 ); psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 ); PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) ); PSA_ASSERT( psa_import_key( handle1, type1, @@ -308,7 +306,7 @@ exit: void invalid_handle( ) { psa_key_handle_t handle1 = 0; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_type_t read_type; size_t read_bits; uint8_t material[1] = "a"; @@ -318,7 +316,6 @@ void invalid_handle( ) /* Allocate a handle and store a key in it. */ PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_RAW_DATA, 1, &handle1 ) ); TEST_ASSERT( handle1 != 0 ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, 0, 0 ); PSA_ASSERT( psa_set_key_policy( handle1, &policy ) ); PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA, @@ -350,14 +347,13 @@ void many_transient_handles( int max_handles_arg ) size_t max_handles = max_handles_arg; size_t i, j; psa_status_t status; - psa_key_policy_t policy; + psa_key_policy_t policy = PSA_KEY_POLICY_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; size_t max_bits = PSA_BITS_TO_BYTES( sizeof( exported ) ); ASSERT_ALLOC( handles, max_handles ); PSA_ASSERT( psa_crypto_init( ) ); - psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 ); for( i = 0; i < max_handles; i++ )