Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-03-17 16:39:10 +01:00
parent 36cc13b340
commit 72c2f76c43

View File

@ -496,18 +496,12 @@ int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
goto cleanup; \ goto cleanup; \
} while( 0 ) } while( 0 )
/* Export MAC key */ /* Export MAC key
PSA_CHK( psa_export_key( key, mac_key, * We assume key length is always exactly the output size
MAX_HASH_BLOCK_LENGTH, * which is never more than the block size, thus we use block_size
&mac_key_length ) ); * as the key buffer size.
*/
if( mac_key_length > block_size ) PSA_CHK( psa_export_key( key, mac_key, block_size, &mac_key_length ) );
{
PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
PSA_CHK( psa_hash_update( &operation, mac_key, mac_key_length ) );
PSA_CHK( psa_hash_finish( &operation, mac_key,
MAX_HASH_BLOCK_LENGTH, &mac_key_length ) );
}
/* Calculate ikey/okey */ /* Calculate ikey/okey */
memset( ikey, 0x36, block_size ); memset( ikey, 0x36, block_size );