psa: mac: Introduce psa_mac_compute_internal

Introduce psa_mac_compute_internal with an additional `is_sign` parameter compared to the psa_mac_compute API. The intent is to call psa_mac_compute_internal() from psa_mac_verify() as well to compute the message MAC. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 14:23:33 +02:00 · 2021-06-18 14:23:33 +02:00 · cd989b5598
commit cd989b5598
parent 094b06a572
1 changed files with 24 additions and 8 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2452,13 +2452,14 @@ cleanup:
    return( status == PSA_SUCCESS ? abort_status : status );
 }

-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *input,
-                              size_t input_length,
-                              uint8_t *mac,
-                              size_t mac_size,
-                              size_t *mac_length)
+static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
+                                              psa_algorithm_t alg,
+                                              const uint8_t *input,
+                                              size_t input_length,
+                                              uint8_t *mac,
+                                              size_t mac_size,
+                                              size_t *mac_length,
+                                              int is_sign )
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@ -2466,7 +2467,9 @@ psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
    uint8_t operation_mac_size = 0;

    status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_SIGN_HASH, alg );
+                 key, &slot,
+                 is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+                 alg );
    if( status != PSA_SUCCESS )
        goto exit;

@ -2512,6 +2515,19 @@ exit:
    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
 }

+psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
+                              psa_algorithm_t alg,
+                              const uint8_t *input,
+                              size_t input_length,
+                              uint8_t *mac,
+                              size_t mac_size,
+                              size_t *mac_length)
+{
+    return( psa_mac_compute_internal( key, alg,
+                                      input, input_length,
+                                      mac, mac_size, mac_length, 1 ) );
+}
+
 psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
                             psa_algorithm_t alg,
                             const uint8_t *input,