Rework MAC algorithm / key type validation

Reworked the validation of MAC algorithm with the used key type by introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can be called successfully after validation of the algorithm and key type. This means psa_get_mac_output_length is no longer required. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2025-07-30 22:43:08 +03:00 · 2021-03-03 19:04:05 +01:00
parent 4ff9a29686
commit f9f7fdfe49
4 changed files with 77 additions and 91 deletions
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -1086,7 +1086,8 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
 mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS

 PSA MAC setup: bad algorithm (HMAC without specified hash)
-mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_INVALID_ARGUMENT
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED

 PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm)
 depends_on:!PSA_WANT_ALG_MD2
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@ -160,9 +160,7 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
    TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) );

 #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
-    size_t output_length = 0;
-    PSA_ASSERT( psa_get_mac_output_length( alg, key_type, &output_length ) );
-    TEST_EQUAL( length, output_length );
+    PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) );
 #endif

 exit: ;