AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Generate cookie MAC key with psa_generate_key

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-03-04 15:00:22 +01:00
parent 77b69ab971
commit 2217d6f825
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
library/ssl_cookie.c
View File

@ -107,18 +107,14 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[COOKIE_MD_OUTLEN];
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg; psa_algorithm_t alg;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) (void)f_rng;
return( ret ); (void)p_rng;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( COOKIE_MD ); alg = mbedtls_psa_translate_md( COOKIE_MD );
if( alg == 0 ) if( alg == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -128,14 +124,20 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) ); psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
if( ( status = psa_import_key( &attributes, if( ( status = psa_generate_key( &attributes,
key, sizeof( key ), &ctx->psa_hmac ) ) != PSA_SUCCESS )
&ctx->psa_hmac ) ) != PSA_SUCCESS )
{ {
return psa_ssl_status_to_mbedtls( status ); return psa_ssl_status_to_mbedtls( status );
} }
#else #else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[COOKIE_MD_OUTLEN];
if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
return( ret );
ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 ); ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -143,9 +145,9 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) ); ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( key, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( 0 ); return( 0 );
} }