AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixup! Key derivation by small input steps: proof-of-concept

Browse Source 
Simplify the logic inside a few case statements. This removes
unreachable break statements.
This commit is contained in:
Gilles Peskine 2019-04-12 15:11:49 +02:00
parent 22c51517fb
commit 2b522db26d
1 changed files with 22 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
library/psa_crypto.c
View File

@ -4384,19 +4384,15 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
switch( step ) switch( step )
{ {
case PSA_KDF_STEP_SALT: case PSA_KDF_STEP_SALT:
if( hkdf->state == HKDF_STATE_INIT ) if( hkdf->state != HKDF_STATE_INIT )
{
status = psa_hmac_setup_internal( &hkdf->hmac,
data, data_length,
hash_alg );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
return( PSA_SUCCESS );
}
else
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
break; status = psa_hmac_setup_internal( &hkdf->hmac,
data, data_length,
hash_alg );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
return( PSA_SUCCESS );
case PSA_KDF_STEP_SECRET: case PSA_KDF_STEP_SECRET:
/* If no salt was provided, use an empty salt. */ /* If no salt was provided, use an empty salt. */
if( hkdf->state == HKDF_STATE_INIT ) if( hkdf->state == HKDF_STATE_INIT )
@ -4408,25 +4404,21 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
return( status ); return( status );
hkdf->state = HKDF_STATE_STARTED; hkdf->state = HKDF_STATE_STARTED;
} }
if( hkdf->state == HKDF_STATE_STARTED ) if( hkdf->state != HKDF_STATE_STARTED )
{
status = psa_hash_update( &hkdf->hmac.hash_ctx,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
status = psa_hmac_finish_internal( &hkdf->hmac,
hkdf->prk,
sizeof( hkdf->prk ) );
if( status != PSA_SUCCESS )
return( status );
hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
hkdf->block_number = 0;
hkdf->state = HKDF_STATE_KEYED;
return( PSA_SUCCESS );
}
else
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
break; status = psa_hash_update( &hkdf->hmac.hash_ctx,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
status = psa_hmac_finish_internal( &hkdf->hmac,
hkdf->prk,
sizeof( hkdf->prk ) );
if( status != PSA_SUCCESS )
return( status );
hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
hkdf->block_number = 0;
hkdf->state = HKDF_STATE_KEYED;
return( PSA_SUCCESS );
case PSA_KDF_STEP_INFO: case PSA_KDF_STEP_INFO:
if( hkdf->state == HKDF_STATE_OUTPUT ) if( hkdf->state == HKDF_STATE_OUTPUT )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
@ -4613,7 +4605,6 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
private_key->data.ecp, private_key->data.ecp,
shared_secret, shared_secret_size, shared_secret, shared_secret_size,
shared_secret_length ) ); shared_secret_length ) );
break;
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
default: default:
(void) private_key; (void) private_key;