Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation

Remove legacy psa key derivation

include/psa/crypto.h

@@ -3216,6 +3216,8 @@ psa_status_t psa_key_derivation_output_bytes(
  * \retval #PSA_ERROR_NOT_SUPPORTED
  *         The key type or key size is not supported, either by the
  *         implementation in general or in this particular location.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         The provided key attributes are not valid for the operation.
  * \retval #PSA_ERROR_BAD_STATE
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE

include/psa/crypto_extra.h

@@ -335,65 +335,6 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
 psa_status_t mbedtls_psa_inject_entropy(uint8_t *seed,
                                         size_t seed_size);
 
-#if defined(PSA_PRE_1_0_KEY_DERIVATION)
-/** Set up a key derivation operation.
- *
- * FIMXE This function is no longer part of the official API. Its prototype
- * is only kept around for the sake of tests that haven't been updated yet.
- *
- * A key derivation algorithm takes three inputs: a secret input \p handle and
- * two non-secret inputs \p label and p salt.
- * The result of this function is a byte generator which can
- * be used to produce keys and other cryptographic material.
- *
- * The role of \p label and \p salt is as follows:
- * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
- *   and \p label is the info string used in the "expand" step.
- *
- * \param[in,out] operation       The key derivation object to set up. It must
- *                                have been initialized as per the documentation
- *                                for #psa_key_derivation_operation_t and not
- *                                yet be in use.
- * \param handle                  Handle to the secret key.
- * \param alg                     The key derivation algorithm to compute
- *                                (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
- * \param[in] salt                Salt to use.
- * \param salt_length             Size of the \p salt buffer in bytes.
- * \param[in] label               Label to use.
- * \param label_length            Size of the \p label buffer in bytes.
- * \param capacity                The maximum number of bytes that the
- *                                operation will be able to provide.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_EMPTY_SLOT
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c key is not compatible with \c alg,
- *         or \p capacity is too large for the specified algorithm and key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
-                                psa_key_handle_t handle,
-                                psa_algorithm_t alg,
-                                const uint8_t *salt,
-                                size_t salt_length,
-                                const uint8_t *label,
-                                size_t label_length,
-                                size_t capacity);
-#endif /* PSA_PRE_1_0_KEY_DERIVATION */
-
 /** \addtogroup crypto_types
  * @{
  */

include/psa/crypto_struct.h

@@ -211,49 +211,7 @@ typedef struct
 } psa_hkdf_key_derivation_t;
 #endif /* MBEDTLS_MD_C */
 
-/*
- * If this option is not turned on, then the function `psa_key_derivation()`
- * is removed. And the new psa_tls12_prf_key_derivation_t context is used along
- * with the corresponding new API.
- *
- * The sole purpose of this option is to make the transition to the new API
- * smoother. Once the transition is complete it can and should be removed
- * along with the old API and its implementation.
- */
-#define PSA_PRE_1_0_KEY_DERIVATION
-
 #if defined(MBEDTLS_MD_C)
-#if defined(PSA_PRE_1_0_KEY_DERIVATION)
-typedef struct psa_tls12_prf_key_derivation_s
-{
-    /* The TLS 1.2 PRF uses the key for each HMAC iteration,
-     * hence we must store it for the lifetime of the operation.
-     * This is different from HKDF, where the key is only used
-     * in the extraction phase, but not during expansion. */
-    uint8_t *key;
-    size_t key_len;
-
-    /* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
-    uint8_t *Ai_with_seed;
-    size_t Ai_with_seed_len;
-
-    /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
-    uint8_t output_block[PSA_HASH_MAX_SIZE];
-
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
-
-    /* Indicates how many bytes in the current HMAC block have
-     * already been read by the user. */
-    uint8_t offset_in_block;
-
-    /* The 1-based number of the block. */
-    uint8_t block_number;
-
-} psa_tls12_prf_key_derivation_t;
-#else
-
 typedef enum
 {
     TLS12_PRF_STATE_INIT,       /* no input provided */
@@ -288,7 +246,6 @@ typedef struct psa_tls12_prf_key_derivation_s
     /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
     uint8_t output_block[PSA_HASH_MAX_SIZE];
 } psa_tls12_prf_key_derivation_t;
-#endif /* PSA_PRE_1_0_KEY_DERIVATION */
 #endif /* MBEDTLS_MD_C */
 
 struct psa_key_derivation_s