psa: mac: Introduce psa_mac_compute_internal
Introduce psa_mac_compute_internal with an
additional `is_sign` parameter compared to
the psa_mac_compute API. The intent is to
call psa_mac_compute_internal() from
psa_mac_verify() as well to compute the
message MAC.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0b86b5c..07f52f3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2512,13 +2512,14 @@
return( status == PSA_SUCCESS ? abort_status : status );
}
-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
+static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length,
+ int is_sign )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2526,7 +2527,9 @@
uint8_t operation_mac_size = 0;
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_SIGN_HASH, alg );
+ key, &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+ alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -2572,6 +2575,19 @@
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
+psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ return( psa_mac_compute_internal( key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1 ) );
+}
+
psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,