Merge pull request #111 from gilles-peskine-arm/psa-handle-param-order

Pass handle parameter last on key creation

Author: Patater

include/psa/crypto.h

@@ -631,9 +631,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
  *         results in this error code.
  */
 psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
-                            psa_key_handle_t *handle,
                             const uint8_t *data,
-                            size_t data_length);
+                            size_t data_length,
+                            psa_key_handle_t *handle);
 
 /**
  * \brief Destroy a key.
@@ -3068,9 +3068,9 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
  * The generator's capacity is decreased by the number of bytes read.
  *
  * \param[in] attributes    The attributes for the new key.
+ * \param[in,out] generator The generator object to read from.
  * \param[out] handle       On success, a handle to the newly created key.
  *                          \c 0 on failure.
- * \param[in,out] generator The generator object to read from.
  *
  * \retval #PSA_SUCCESS
  *         Success.
@@ -3099,8 +3099,8 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
  *         results in this error code.
  */
 psa_status_t psa_generate_derived_key(const psa_key_attributes_t *attributes,
-                                      psa_key_handle_t *handle,
-                                      psa_crypto_generator_t *generator);
+                                      psa_crypto_generator_t *generator,
+                                      psa_key_handle_t *handle);
 
 /** Abort a generator.
  *
@@ -3294,10 +3294,10 @@ psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator,
  *                          public key type corresponding to the type of
  *                          private_key. That is, this function performs the
  *                          equivalent of
- *                          #psa_import_key(`internal_public_key_handle`,
- *                          #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(`private_key_type`),
+ *                          #psa_import_key(...,
  *                          `peer_key`, `peer_key_length`) where
- *                          `private_key_type` is the type of `private_key`.
+ *                          with key attributes indicating the public key
+ *                          type corresponding to the type of `private_key`.
  *                          For example, for EC keys, this means that peer_key
  *                          is interpreted as a point on the curve that the
  *                          private key is on. The standard formats for public

library/psa_crypto.c

@@ -1533,9 +1533,9 @@ static psa_status_t psa_check_key_slot_attributes(
 }
 
 psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
-                             psa_key_handle_t *handle,
                              const uint8_t *data,
-                             size_t data_length )
+                             size_t data_length,
+                             psa_key_handle_t *handle )
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;
@@ -4409,8 +4409,8 @@ static psa_status_t psa_generate_derived_key_internal(
 }
 
 psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes,
-                                       psa_key_handle_t *handle,
-                                       psa_crypto_generator_t *generator )
+                                       psa_crypto_generator_t *generator,
+                                       psa_key_handle_t *handle )
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;

programs/psa/key_ladder_demo.c

@@ -252,8 +252,8 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
     psa_set_key_usage_flags( &attributes, usage );
     psa_set_key_algorithm( &attributes, alg );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
-    PSA_CHECK( psa_import_key( &attributes, master_key_handle,
-                               key_data, key_size ) );
+    PSA_CHECK( psa_import_key( &attributes, key_data, key_size,
+                               master_key_handle ) );
 exit:
     if( key_file != NULL )
         fclose( key_file );
@@ -306,8 +306,8 @@ static psa_status_t derive_key_ladder( const char *ladder[],
         *key_handle = 0;
         /* Use the generator obtained from the parent key to create
          * the next intermediate key. */
-        PSA_CHECK( psa_generate_derived_key( &attributes, key_handle,
-                                             &generator ) );
+        PSA_CHECK( psa_generate_derived_key( &attributes, &generator,
+                                             key_handle ) );
         PSA_CHECK( psa_generator_abort( &generator ) );
     }
 
@@ -343,8 +343,8 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
                    WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
                    NULL, 0,
                    PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
-    PSA_CHECK( psa_generate_derived_key( &attributes, wrapping_key_handle,
-                                         &generator ) );
+    PSA_CHECK( psa_generate_derived_key( &attributes, &generator,
+                                         wrapping_key_handle ) );
 
 exit:
     psa_generator_abort( &generator );