yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-11 22:22:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-06-17 16:46:44 +02:00
parent 1c650a1a37
commit def68e722a
1 changed files with 16 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
library/psa_crypto.c
View file

@ -2302,51 +2302,42 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
static psa_status_t psa_mac_finalize_alg_and_key_validation( static psa_status_t psa_mac_finalize_alg_and_key_validation(
psa_algorithm_t alg, psa_algorithm_t alg,
const psa_key_attributes_t *attributes ) const psa_key_attributes_t *attributes,
uint8_t *mac_size )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t mac_size; psa_key_type_t key_type = psa_get_key_type( attributes );
size_t key_bits = psa_get_key_bits( attributes );
if( ! PSA_ALG_IS_MAC( alg ) ) if( ! PSA_ALG_IS_MAC( alg ) )
{ return( PSA_ERROR_INVALID_ARGUMENT );
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Validate the combination of key type and algorithm */ /* Validate the combination of key type and algorithm */
status = psa_mac_key_can_do( alg, psa_get_key_type( attributes ) ); status = psa_mac_key_can_do( alg, key_type );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; return( status );
/* Get the output length for the algorithm and key combination */ /* Get the output length for the algorithm and key combination */
mac_size = PSA_MAC_LENGTH( psa_get_key_type( attributes ), *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
psa_get_key_bits( attributes ),
alg );
if( mac_size < 4 ) if( *mac_size < 4 )
{ {
/* A very short MAC is too short for security since it can be /* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist, * brute-forced. Ancient protocols with 32-bit MACs do exist,
* so we make this our minimum, even though 32 bits is still * so we make this our minimum, even though 32 bits is still
* too small for security. */ * too small for security. */
status = PSA_ERROR_NOT_SUPPORTED; return( PSA_ERROR_NOT_SUPPORTED );
goto exit;
} }
if( mac_size > PSA_MAC_LENGTH( psa_get_key_type( attributes ), if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
psa_get_key_bits( attributes ), PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
{ {
/* It's impossible to "truncate" to a larger length than the full length /* It's impossible to "truncate" to a larger length than the full length
* of the algorithm. */ * of the algorithm. */
status = PSA_ERROR_INVALID_ARGUMENT; return( PSA_ERROR_INVALID_ARGUMENT );
goto exit;
} }
status = PSA_SUCCESS; return( PSA_SUCCESS );
exit:
return( status );
} }
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
@ -2374,14 +2365,12 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
.core = slot->attr .core = slot->attr
}; };
status = psa_mac_finalize_alg_and_key_validation( alg, &attributes ); status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
&operation->mac_size );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
operation->is_sign = is_sign; operation->is_sign = is_sign;
operation->mac_size = PSA_MAC_LENGTH( psa_get_key_type( &attributes ),
psa_get_key_bits( &attributes ),
alg );
/* Dispatch the MAC setup call with validated input */ /* Dispatch the MAC setup call with validated input */
if( is_sign ) if( is_sign )
{ {