commit 1062a24152c32228ff0750256e84d77f97d39cb8
author Janos Follath <janos.follath@arm.com> Fri May 14 12:02:55 2021 +0100
committer Janos Follath <janos.follath@arm.com> Thu Jun 03 12:37:32 2021 +0100
tree 0367554c1b9d3e416fce8fd0334aa2e07e325f0f
parent 14ce06afe270687e6490e038ab5d2e647b193b17

Fix psa_pake_set_password_mhf() parameter list

The type of the key derivation operation was incorrect.

Also neither the PAKE nor key_derivation algorithm knows how many bytes
to transfer at this stage.

There is no optimal or recommended size, PAKEs don't mandate it either
(with the exception of OPAQUE, but that uses it internally and won't be
using this interface).

Adding an input length parameter to allow the application to control how
many bytes the PAKE takes from the key derivation.

Signed-off-by: Janos Follath <janos.follath@arm.com>

include/psa/crypto.h

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 87b4526..00317f7 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -4367,6 +4367,8 @@
  * \param key_derivation        An ongoing key derivation operation set up from
  *                              the password and in a state suitable for
  *                              calling psa_key_derivation_output_bytes().
+ * \param input_length          Number of bytes to input from the
+ *                              \p key_derivation operation.
  *
  * \retval #PSA_SUCCESS
  *         Success.
@@ -4385,7 +4387,8 @@
  *         results in this error code.
  */
 psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation,
-                                       psa_pake_operation_t *key_derivation);
+                                       psa_key_derivation_operation_t *key_derivation,
+                                       size_t input_length);
 
 /** Set the user ID for a password-authenticated key exchange.
  *