lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Key derivation: forbid output_key without input_key

Browse Source 
If none of the inputs to a key derivation is a
PSA_KEY_DERIVATION_INPUT_SECRET passed with
psa_key_derivation_input_key(), forbid
psa_key_derivation_output_key(). It usually doesn't make sense to
derive a key object if the secret isn't itself a proper key.
This commit is contained in:
Gilles Peskine
2019-09-24 18:21:06 +02:00
parent 1a2904c49a
commit 178c9aa966
5 changed files with 53 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/psa/crypto_struct.h
View File

@@ -255,6 +255,7 @@ typedef struct psa_tls12_prf_key_derivation_s
struct psa_key_derivation_s
{
psa_algorithm_t alg;
unsigned int can_output_key : 1;
size_t capacity;
union
{
@@ -268,7 +269,7 @@ struct psa_key_derivation_s
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {0}}
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;