Support key derivation with non-predefined capacity

psa_key_derivation requires the caller to specify a maximum capacity.
This commit adds a special value that indicates that the maximum
capacity should be the maximum supported by the algorithm. This is
currently meant only for selection algorithms used on the shared
secret produced by a key agreement.
This commit is contained in:
Gilles Peskine 2018-09-18 12:06:11 +02:00
parent 751d965dfc
commit 8feb3a886d
2 changed files with 11 additions and 0 deletions

View file

@ -3122,6 +3122,15 @@ psa_status_t psa_generator_import_key(psa_key_slot_t key,
*/ */
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
/** Use the maximum possible capacity for a generator.
*
* Use this value as the capacity argument when setting up a generator
* to indicate that the generator should have the maximum possible capacity.
* The value of the maximum possible capacity depends on the generator
* algorithm.
*/
#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
/**@}*/ /**@}*/
/** \defgroup derivation Key derivation /** \defgroup derivation Key derivation

View file

@ -3539,6 +3539,8 @@ static psa_status_t psa_key_derivation_internal(
if( capacity <= max_capacity ) if( capacity <= max_capacity )
generator->capacity = capacity; generator->capacity = capacity;
else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
generator->capacity = max_capacity;
else else
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );