lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Make the mbedtls_psa_hkdf_extract function more PSA compatible

Browse Source 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei
2022-02-07 18:12:07 +01:00
parent 73cb6f54de
commit 62bf024025
3 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_tls13_invasive.h
View File

@@ -28,10 +28,11 @@
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_psa_hkdf_extract( psa_algorithm_t alg, psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len, const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len, const unsigned char *ikm, size_t ikm_len,
unsigned char *prk ); unsigned char *prk, size_t prk_size,
size_t *prk_len );
/** /**
* \brief Expand the supplied \p prk into several additional pseudorandom * \brief Expand the supplied \p prk into several additional pseudorandom

14
library/ssl_tls13_keys.c
View File

@@ -139,16 +139,16 @@ static void ssl_tls13_hkdf_encode_label(
#if defined( MBEDTLS_TEST_HOOKS ) #if defined( MBEDTLS_TEST_HOOKS )
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_psa_hkdf_extract( psa_algorithm_t alg, psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len, const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len, const unsigned char *ikm, size_t ikm_len,
unsigned char *prk ) unsigned char *prk, size_t prk_size,
size_t *prk_len )
{ {
unsigned char null_salt[PSA_MAC_MAX_SIZE] = { '\0' }; unsigned char null_salt[PSA_MAC_MAX_SIZE] = { '\0' };
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t prk_len; psa_status_t ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
if( salt == NULL || salt_len == 0 ) if( salt == NULL || salt_len == 0 )
{ {
@@ -181,7 +181,7 @@ int mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
goto cleanup; goto cleanup;
} }
ret = psa_mac_compute( key, alg, ikm, ikm_len, prk, PSA_HASH_LENGTH( alg ), &prk_len ); ret = psa_mac_compute( key, alg, ikm, ikm_len, prk, prk_size, prk_len );
cleanup: cleanup:
psa_destroy_key( key ); psa_destroy_key( key );

17
tests/suites/test_suite_ssl.function
View File

@@ -3814,10 +3814,10 @@ void psa_hkdf_extract( int alg, char *hex_ikm_string,
unsigned char *salt = NULL; unsigned char *salt = NULL;
unsigned char *prk = NULL; unsigned char *prk = NULL;
unsigned char *output_prk = NULL; unsigned char *output_prk = NULL;
size_t ikm_len, salt_len, prk_len, output_prk_len; size_t ikm_len, salt_len, prk_len, output_prk_size, output_prk_len;
output_prk_len = PSA_HASH_LENGTH( alg ); output_prk_size = PSA_HASH_LENGTH( alg );
output_prk = mbedtls_calloc( 1, output_prk_len ); output_prk = mbedtls_calloc( 1, output_prk_size );
ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len ); ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len ); salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
@@ -3825,7 +3825,9 @@ void psa_hkdf_extract( int alg, char *hex_ikm_string,
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt, salt_len, PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt, salt_len,
ikm, ikm_len, output_prk ) ); ikm, ikm_len,
output_prk, output_prk_size,
&output_prk_len ) );
ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len ); ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
@@ -3846,16 +3848,19 @@ void psa_hkdf_extract_ret( int hash_len, int ret )
unsigned char *salt = NULL; unsigned char *salt = NULL;
unsigned char *ikm = NULL; unsigned char *ikm = NULL;
unsigned char *prk = NULL; unsigned char *prk = NULL;
size_t salt_len, ikm_len; size_t salt_len, ikm_len, prk_len;
prk = mbedtls_calloc( PSA_MAC_MAX_SIZE, 1 ); prk = mbedtls_calloc( PSA_MAC_MAX_SIZE, 1 );
salt_len = hash_len; salt_len = hash_len;
ikm_len = 0; ikm_len = 0;
prk_len = 0;
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
output_ret = mbedtls_psa_hkdf_extract( 0, salt, salt_len, output_ret = mbedtls_psa_hkdf_extract( 0, salt, salt_len,
ikm, ikm_len, prk ); ikm, ikm_len,
prk, PSA_MAC_MAX_SIZE, &prk_len );
TEST_ASSERT( output_ret == ret ); TEST_ASSERT( output_ret == ret );
TEST_ASSERT( prk_len == 0 );
exit: exit:
mbedtls_free(prk); mbedtls_free(prk);