commit a587cbc3a4ae6063efc2aeacf6f5b43c043bb4c5
author Ronald Cron <ronald.cron@arm.com> Fri Jun 18 14:51:29 2021 +0200
committer Ronald Cron <ronald.cron@arm.com> Mon Jun 21 09:19:22 2021 +0200
tree 2a0d359d2b07b3c6800c1d0e87f664536b3435ee
parent cd989b55983363893c340a38fdb22a5bd8238491

psa: mac: Add driver delegation support for psa_mac_verify()

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ec4f7d9..466845d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2536,25 +2536,29 @@
                              size_t mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    uint8_t actual_mac[PSA_MAC_MAX_SIZE];
+    size_t actual_mac_length;
 
-    status = psa_mac_verify_setup( &operation, key, alg );
+    status = psa_mac_compute_internal( key, alg,
+                                       input, input_length,
+                                       actual_mac, sizeof( actual_mac ),
+                                       &actual_mac_length, 0 );
     if( status != PSA_SUCCESS )
         goto exit;
 
-    status = psa_mac_update( &operation, input, input_length );
-    if( status != PSA_SUCCESS )
+    if( mac_length != actual_mac_length )
+    {
+        status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
-
-    status = psa_mac_verify_finish( &operation, mac, mac_length );
-    if( status != PSA_SUCCESS )
+    }
+    if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
+    {
+        status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
+    }
 
 exit:
-    if ( status == PSA_SUCCESS )
-        status = psa_mac_abort( &operation );
-    else
-        psa_mac_abort( &operation );
+    mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
 
     return ( status );
 }