Generate cookie MAC key with psa_generate_key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ee8cc17..a0e9680 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -107,18 +107,14 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char key[COOKIE_MD_OUTLEN];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
- return( ret );
+ (void)f_rng;
+ (void)p_rng;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( COOKIE_MD );
if( alg == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -128,14 +124,20 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
- if( ( status = psa_import_key( &attributes,
- key, sizeof( key ),
- &ctx->psa_hmac ) ) != PSA_SUCCESS )
+ if( ( status = psa_generate_key( &attributes,
+ &ctx->psa_hmac ) ) != PSA_SUCCESS )
{
return psa_ssl_status_to_mbedtls( status );
}
#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char key[COOKIE_MD_OUTLEN];
+
+ if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
+ return( ret );
+
ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
if( ret != 0 )
return( ret );
@@ -143,9 +145,9 @@
ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
if( ret != 0 )
return( ret );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( key, sizeof( key ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( 0 );
}