Code flow and style improvements

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-05-06 17:58:36 +02:00
parent 22dea1d527
commit 9878a160c6
2 changed files with 50 additions and 63 deletions

View file

@ -3233,7 +3233,32 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
#define AT_LEAST_ONE_BUILTIN_KDF
#endif
#endif /* At least one builtin KDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
static psa_status_t psa_key_derivation_start_hmac(
psa_mac_operation_t *operation,
psa_algorithm_t hash_alg,
const uint8_t *hmac_key,
size_t hmac_key_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
status = psa_driver_wrapper_mac_sign_setup( operation,
&attributes,
hmac_key, hmac_key_length,
PSA_ALG_HMAC( hash_alg ) );
psa_reset_key_attributes( &attributes );
return( status );
}
#endif /* KDF algorithms reliant on HMAC */
#define HKDF_STATE_INIT 0 /* no input yet */
#define HKDF_STATE_STARTED 1 /* got salt */
@ -3374,17 +3399,10 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
++hkdf->block_number;
hkdf->offset_in_block = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes,
PSA_BYTES_TO_BITS( hash_length ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
status = psa_driver_wrapper_mac_sign_setup( &hkdf->hmac,
&attributes,
hkdf->prk, hash_length,
PSA_ALG_HMAC( hash_alg ) );
psa_reset_key_attributes( &attributes );
status = psa_key_derivation_start_hmac( &hkdf->hmac,
hash_alg,
hkdf->prk,
hash_length );
if( status != PSA_SUCCESS )
return( status );
@ -3458,17 +3476,10 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
* `block_number`.
*/
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes,
PSA_BYTES_TO_BITS( tls12_prf->secret_length ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
status = psa_driver_wrapper_mac_sign_setup( &hmac,
&attributes,
status = psa_key_derivation_start_hmac( &hmac,
hash_alg,
tls12_prf->secret,
tls12_prf->secret_length,
PSA_ALG_HMAC( hash_alg ) );
tls12_prf->secret_length );
if( status != PSA_SUCCESS )
goto cleanup;
@ -3506,11 +3517,10 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
goto cleanup;
/* Calculate HMAC_hash(secret, A(i) + label + seed). */
status = psa_driver_wrapper_mac_sign_setup( &hmac,
&attributes,
status = psa_key_derivation_start_hmac( &hmac,
hash_alg,
tls12_prf->secret,
tls12_prf->secret_length,
PSA_ALG_HMAC( hash_alg ) );
tls12_prf->secret_length );
if( status != PSA_SUCCESS )
goto cleanup;
status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
@ -3530,8 +3540,6 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
cleanup:
psa_reset_key_attributes( &attributes );
cleanup_status = psa_mac_abort( &hmac );
if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
status = cleanup_status;
@ -3860,19 +3868,9 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
return( PSA_ERROR_BAD_STATE );
else
{
/* In a scope block due to scope-local attributes variable */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes,
PSA_BYTES_TO_BITS( data_length ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
status = psa_driver_wrapper_mac_sign_setup(
&hkdf->hmac,
&attributes,
data, data_length,
PSA_ALG_HMAC( hash_alg ) );
psa_reset_key_attributes( &attributes );
status = psa_key_derivation_start_hmac( &hkdf->hmac,
hash_alg,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
@ -3882,17 +3880,9 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
/* If no salt was provided, use an empty salt. */
if( hkdf->state == HKDF_STATE_INIT )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes, 0 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
status = psa_driver_wrapper_mac_sign_setup(
&hkdf->hmac,
&attributes,
NULL, 0,
PSA_ALG_HMAC( hash_alg ) );
psa_reset_key_attributes( &attributes );
status = psa_key_derivation_start_hmac( &hkdf->hmac,
hash_alg,
NULL, 0 );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;

View file

@ -200,20 +200,20 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
size_t key_buffer_size )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t * cipher_info_tmp =
const mbedtls_cipher_info_t * cipher_info =
mbedtls_cipher_info_from_psa(
PSA_ALG_CMAC,
psa_get_key_type( attributes ),
psa_get_key_bits( attributes ),
NULL );
if( cipher_info_tmp == NULL )
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp );
ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
if( ret != 0 )
goto exit;
@ -319,15 +319,12 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
{
return( PSA_ERROR_BAD_STATE );
}
status = mac_init( operation, alg );
if( status != PSA_SUCCESS )
return( status );
if( is_sign )
operation->is_sign = 1;
operation->is_sign = is_sign;
/* Get the output length for the algorithm and key combination. None of the
* currently supported algorithms have an output length dependent on actual
@ -498,7 +495,7 @@ static psa_status_t mac_sign_finish(
size_t mac_size,
size_t *mac_length )
{
psa_status_t status;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );
@ -520,7 +517,7 @@ static psa_status_t mac_verify_finish(
size_t mac_length )
{
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
psa_status_t status;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );