TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2217d6f82507aaf28c82ee234f6a8b358894a437^! / . / library / ssl_cookie.c
commit2217d6f82507aaf28c82ee234f6a8b358894a437[log] [tgz]
authorNeil Armstrong <narmstrong@baylibre.com>Fri Mar 04 15:00:22 2022 +0100
committerNeil Armstrong <narmstrong@baylibre.com>Mon Mar 07 14:33:21 2022 +0100
tree74f281b913eb4e43e1ff026b9d520bdc8a7c3c76
parent77b69ab971f6236f10d54ce30bad7db4f098509e [diff] [blame]
Generate cookie MAC key with psa_generate_key

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ee8cc17..a0e9680 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c

@@ -107,18 +107,14 @@
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[COOKIE_MD_OUTLEN];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t alg;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
-        return( ret );
+    (void)f_rng;
+    (void)p_rng;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     alg = mbedtls_psa_translate_md( COOKIE_MD );
     if( alg == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -128,14 +124,20 @@
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
     psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
 
-    if( ( status = psa_import_key( &attributes,
-                                   key, sizeof( key ),
-                                   &ctx->psa_hmac ) ) != PSA_SUCCESS )
+    if( ( status = psa_generate_key( &attributes,
+                                     &ctx->psa_hmac ) ) != PSA_SUCCESS )
     {
         return psa_ssl_status_to_mbedtls( status );
     }
 #else
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char key[COOKIE_MD_OUTLEN];
+
+    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
+        return( ret );
+
     ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
     if( ret != 0 )
         return( ret );
@@ -143,9 +145,9 @@
     ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
     if( ret != 0 )
         return( ret );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( key, sizeof( key ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     return( 0 );
 }