From f6ea19c66c8c4b2ea3a6aafd3a9ea9642e9461b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 1 Feb 2022 13:08:21 +0100
Subject: [PATCH] Work around bug in PSA_MAC_LENGTH()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 programs/psa/hmac_demo.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
index 54fea038a..3cb0d21dd 100644
--- a/programs/psa/hmac_demo.c
+++ b/programs/psa/hmac_demo.c
@@ -102,11 +102,10 @@ void print_buf( const char *title, uint8_t *buf, size_t len )
 psa_status_t hmac_demo(void)
 {
     psa_status_t status;
-#define ALG PSA_ALG_HMAC(PSA_ALG_SHA_256)
-    const psa_algorithm_t alg = ALG;
-    // compilers with insufficient C99 support don't accept the const variable
-    // 'alg' here, so use a macro instead in order to pacify them
-    uint8_t out[PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), ALG)];
+    const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
+    uint8_t out[PSA_MAC_MAX_SIZE]; // safe but not optimal
+    /* PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), alg)
+     * should work but see https://github.com/ARMmbed/mbedtls/issues/4320 */
 
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_id_t key = 0;
@@ -130,14 +129,14 @@ psa_status_t hmac_demo(void)
     PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) );
     PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) );
     PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
-    print_buf( "msg1", out, sizeof( out ) );
+    print_buf( "msg1", out, out_len );
 
     /* compute HMAC(key, msg2_part1 | msg2_part2) */
     PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
     PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) );
     PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) );
     PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
-    print_buf( "msg2", out, sizeof( out ) );
+    print_buf( "msg2", out, out_len );
 
 exit:
     psa_mac_abort( &op ); // needed on error, harmless on success