psa: mac: Re-organize psa_mac_setup() internal function
Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d83dd49..0d13492 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2308,14 +2308,12 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ uint8_t mac_size;
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
- if( ! PSA_ALG_IS_MAC( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
status = psa_get_and_lock_key_slot_with_policy(
key,
&slot,
@@ -2324,24 +2322,28 @@
if( status != PSA_SUCCESS )
return( status );
- psa_key_attributes_t attributes = {
+ psa_key_attributes_t key_attributes = {
.core = slot->attr
};
+ psa_key_attributes_t *attributes = &key_attributes;
+
+ if( ! PSA_ALG_IS_MAC( alg ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
/* Validate the combination of key type and algorithm */
- status = psa_mac_key_can_do( alg, psa_get_key_type( &attributes ) );
+ status = psa_mac_key_can_do( alg, psa_get_key_type( attributes ) );
if( status != PSA_SUCCESS )
goto exit;
- operation->is_sign = is_sign;
-
/* Get the output length for the algorithm and key combination */
- operation->mac_size = PSA_MAC_LENGTH(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ),
- alg );
+ mac_size = PSA_MAC_LENGTH( psa_get_key_type( attributes ),
+ psa_get_key_bits( attributes ),
+ alg );
- if( operation->mac_size < 4 )
+ if( mac_size < 4 )
{
/* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist,
@@ -2351,9 +2353,9 @@
goto exit;
}
- if( operation->mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ),
- PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
+ if( mac_size > PSA_MAC_LENGTH( psa_get_key_type( attributes ),
+ psa_get_key_bits( attributes ),
+ PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
{
/* It's impossible to "truncate" to a larger length than the full length
* of the algorithm. */
@@ -2361,11 +2363,14 @@
goto exit;
}
+ operation->is_sign = is_sign;
+ operation->mac_size = mac_size;
+
/* Dispatch the MAC setup call with validated input */
if( is_sign )
{
status = psa_driver_wrapper_mac_sign_setup( operation,
- &attributes,
+ &key_attributes,
slot->key.data,
slot->key.bytes,
alg );
@@ -2373,7 +2378,7 @@
else
{
status = psa_driver_wrapper_mac_verify_setup( operation,
- &attributes,
+ &key_attributes,
slot->key.data,
slot->key.bytes,
alg );