diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-09 15:14:41 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-10 12:21:54 +0100 |
| commit | 007d3cb800fd0e4b01be8a76f0cce2c795cfc89b (patch) | |
| tree | b2c065f186542751e784f178a73da8066ab0dc06 /src/tests | |
| parent | 88419b608d71247445de287c9f8bebbf5e33e0c8 (diff) | |
| download | ipxe-007d3cb800fd0e4b01be8a76f0cce2c795cfc89b.tar.gz | |
[crypto] Simplify internal HMAC API
Simplify the internal HMAC API so that the key is provided only at the
point of calling hmac_init(), and the (potentially reduced) key is
stored as part of the context for later use by hmac_final().
This simplifies the calling code, and avoids the need for callers such
as TLS to allocate a potentially variable length block in order to
retain a copy of the unmodified key.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/hmac_test.c | 14 | ||||
| -rw-r--r-- | src/tests/pccrc_test.c | 9 |
2 files changed, 8 insertions, 15 deletions
diff --git a/src/tests/hmac_test.c b/src/tests/hmac_test.c index 871926f90..5267999e4 100644 --- a/src/tests/hmac_test.c +++ b/src/tests/hmac_test.c @@ -100,26 +100,22 @@ struct hmac_test { static void hmac_okx ( struct hmac_test *test, const char *file, unsigned int line ) { struct digest_algorithm *digest = test->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; uint8_t hmac[digest->digestsize]; - uint8_t key[test->key_len]; - size_t key_len; /* Sanity checks */ + okx ( sizeof ( ctx ) == ( digest->ctxsize + digest->blocksize ), + file, line ); okx ( test->expected_len == digest->digestsize, file, line ); - /* Create modifiable copy of key */ - memcpy ( key, test->key, test->key_len ); - key_len = test->key_len; - /* Calculate HMAC */ DBGC ( test, "HMAC-%s key:\n", digest->name ); DBGC_HDA ( test, 0, test->key, test->key_len ); DBGC ( test, "HMAC-%s data:\n", digest->name ); DBGC_HDA ( test, 0, test->data, test->data_len ); - hmac_init ( digest, ctx, key, &key_len ); + hmac_init ( digest, ctx, test->key, test->key_len ); hmac_update ( digest, ctx, test->data, test->data_len ); - hmac_final ( digest, ctx, key, &key_len, hmac ); + hmac_final ( digest, ctx, hmac ); DBGC ( test, "HMAC-%s result:\n", digest->name ); DBGC_HDA ( test, 0, hmac, sizeof ( hmac ) ); diff --git a/src/tests/pccrc_test.c b/src/tests/pccrc_test.c index f4ab573ac..e69493202 100644 --- a/src/tests/pccrc_test.c +++ b/src/tests/pccrc_test.c @@ -467,11 +467,10 @@ peerdist_info_passphrase_okx ( struct peerdist_info_segment_test *test, uint8_t *pass, size_t pass_len, const char *file, unsigned int line ) { struct digest_algorithm *digest = info->digest; - uint8_t ctx[digest->ctxsize]; + uint8_t ctx[ hmac_ctxsize ( digest ) ]; uint8_t secret[digest->digestsize]; uint8_t expected[digest->digestsize]; size_t digestsize = info->digestsize; - size_t secretsize = digestsize; /* Calculate server secret */ digest_init ( digest, ctx ); @@ -479,11 +478,9 @@ peerdist_info_passphrase_okx ( struct peerdist_info_segment_test *test, digest_final ( digest, ctx, secret ); /* Calculate expected segment secret */ - hmac_init ( digest, ctx, secret, &secretsize ); - assert ( secretsize == digestsize ); + hmac_init ( digest, ctx, secret, digestsize ); hmac_update ( digest, ctx, test->expected_hash, digestsize ); - hmac_final ( digest, ctx, secret, &secretsize, expected ); - assert ( secretsize == digestsize ); + hmac_final ( digest, ctx, expected ); /* Verify segment secret */ okx ( memcmp ( test->expected_secret, expected, digestsize ) == 0, |