Move the examples to PSA 1.0

2025-04-09 21:44:28 +00:00 · 2019-08-08 11:38:18 +01:00 · 2019-08-08 11:38:18 +01:00 · be4efc2b38
commit be4efc2b38
parent df3b0892ce
2 changed files with 15 additions and 47 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -902,7 +902,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_key_handle_t slot = 0;
    psa_algorithm_t alg = 0;
-    psa_key_policy_t policy;
+    psa_key_attributes_t key_attributes;
    psa_status_t status;
 #endif
@ -2068,25 +2068,12 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    if( opt.psk_opaque != 0 )
    {
-        /* The algorithm has already been determined earlier. */
+        key_attributes = psa_key_attributes_init();
-        status = psa_allocate_key( &slot );
+        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        if( status != PSA_SUCCESS )
+        psa_set_key_algorithm( &key_attributes, alg );
-        {
+        psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
            ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
            goto exit;
        }
-        policy = psa_key_policy_init();
+        status = psa_import_key( &key_attributes, psk, psk_len, &slot );
        psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
        status = psa_set_key_policy( slot, &policy );
        if( status != PSA_SUCCESS )
        {
            ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
            goto exit;
        }
        status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
        if( status != PSA_SUCCESS )
        {
            ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1431,25 +1431,20 @@ int idle( mbedtls_net_context *fd,
 }
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
+static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t *slot,
                                            psa_algorithm_t alg,
                                            unsigned char *psk,
                                            size_t psk_len )
 {
    psa_status_t status;
-    psa_key_policy_t policy;
+    psa_key_attributes_t key_attributes;
-    policy = psa_key_policy_init();
+    key_attributes = psa_key_attributes_init();
-    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+    psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
    psa_set_key_algorithm( &key_attributes, alg );
    psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
-    status = psa_set_key_policy( slot, &policy );
+    status = psa_import_key( &key_attributes, psk, psk_len, slot );
    if( status != PSA_SUCCESS )
    {
        fprintf( stderr, "POLICY\n" );
        return( status );
    }
    status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
    if( status != PSA_SUCCESS )
    {
        fprintf( stderr, "IMPORT\n" );
@ -3076,16 +3071,8 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
        if( opt.psk_opaque != 0 )
        {
            status = psa_allocate_key( &psk_slot );
            if( status != PSA_SUCCESS )
            {
                fprintf( stderr, "ALLOC FAIL\n" );
                ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
                goto exit;
            }
            /* The algorithm has already been determined earlier. */
-            status = psa_setup_psk_key_slot( psk_slot, alg, psk, psk_len );
+            status = psa_setup_psk_key_slot( &psk_slot, alg, psk, psk_len );
            if( status != PSA_SUCCESS )
            {
                fprintf( stderr, "SETUP FAIL\n" );
@ -3120,14 +3107,8 @@ int main( int argc, char *argv[] )
            psk_entry *cur_psk;
            for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
            {
                status = psa_allocate_key( &cur_psk->slot );
                if( status != PSA_SUCCESS )
                {
                    ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
                    goto exit;
                }
-                status = psa_setup_psk_key_slot( cur_psk->slot, alg,
+                status = psa_setup_psk_key_slot( &cur_psk->slot, alg,
                                                 cur_psk->key,
                                                 cur_psk->key_len );
                if( status != PSA_SUCCESS )