diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-09 15:14:41 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-10 12:21:54 +0100 |
| commit | 007d3cb800fd0e4b01be8a76f0cce2c795cfc89b (patch) | |
| tree | b2c065f186542751e784f178a73da8066ab0dc06 /src/crypto/hmac_drbg.c | |
| parent | 88419b608d71247445de287c9f8bebbf5e33e0c8 (diff) | |
| download | ipxe-007d3cb800fd0e4b01be8a76f0cce2c795cfc89b.tar.gz | |
[crypto] Simplify internal HMAC API
Simplify the internal HMAC API so that the key is provided only at the
point of calling hmac_init(), and the (potentially reduced) key is
stored as part of the context for later use by hmac_final().
This simplifies the calling code, and avoids the need for callers such
as TLS to allocate a potentially variable length block in order to
retain a copy of the unmodified key.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto/hmac_drbg.c')
| -rw-r--r-- | src/crypto/hmac_drbg.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/src/crypto/hmac_drbg.c b/src/crypto/hmac_drbg.c index 098297716..57bde4d1d 100644 --- a/src/crypto/hmac_drbg.c +++ b/src/crypto/hmac_drbg.c @@ -79,7 +79,7 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *data, size_t len, const uint8_t single ) { - uint8_t context[ hash->ctxsize ]; + uint8_t context[ hmac_ctxsize ( hash ) ]; size_t out_len = hash->digestsize; DBGC ( state, "HMAC_DRBG_%s %p provided data :\n", hash->name, state ); @@ -92,13 +92,11 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, assert ( ( single == 0x00 ) || ( single == 0x01 ) ); /* K = HMAC ( K, V || single || provided_data ) */ - hmac_init ( hash, context, state->key, &out_len ); - assert ( out_len == hash->digestsize ); + hmac_init ( hash, context, state->key, out_len ); hmac_update ( hash, context, state->value, out_len ); hmac_update ( hash, context, &single, sizeof ( single ) ); hmac_update ( hash, context, data, len ); - hmac_final ( hash, context, state->key, &out_len, state->key ); - assert ( out_len == hash->digestsize ); + hmac_final ( hash, context, state->key ); DBGC ( state, "HMAC_DRBG_%s %p K = HMAC ( K, V || %#02x || " "provided_data ) :\n", hash->name, state, single ); @@ -122,7 +120,7 @@ static void hmac_drbg_update_key ( struct digest_algorithm *hash, */ static void hmac_drbg_update_value ( struct digest_algorithm *hash, struct hmac_drbg_state *state ) { - uint8_t context[ hash->ctxsize ]; + uint8_t context[ hmac_ctxsize ( hash ) ]; size_t out_len = hash->digestsize; /* Sanity checks */ @@ -130,11 +128,9 @@ static void hmac_drbg_update_value ( struct digest_algorithm *hash, assert ( state != NULL ); /* V = HMAC ( K, V ) */ - hmac_init ( hash, context, state->key, &out_len ); - assert ( out_len == hash->digestsize ); + hmac_init ( hash, context, state->key, out_len ); hmac_update ( hash, context, state->value, out_len ); - hmac_final ( hash, context, state->key, &out_len, state->value ); - assert ( out_len == hash->digestsize ); + hmac_final ( hash, context, state->value ); DBGC ( state, "HMAC_DRBG_%s %p V = HMAC ( K, V ) :\n", hash->name, state ); |