From 1062a24152c32228ff0750256e84d77f97d39cb8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 May 2021 12:02:55 +0100 Subject: [PATCH] Fix psa_pake_set_password_mhf() parameter list The type of the key derivation operation was incorrect. Also neither the PAKE nor key_derivation algorithm knows how many bytes to transfer at this stage. There is no optimal or recommended size, PAKEs don't mandate it either (with the exception of OPAQUE, but that uses it internally and won't be using this interface). Adding an input length parameter to allow the application to control how many bytes the PAKE takes from the key derivation. Signed-off-by: Janos Follath --- include/psa/crypto.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 87b4526eb..00317f7ff 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4367,6 +4367,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \param key_derivation An ongoing key derivation operation set up from * the password and in a state suitable for * calling psa_key_derivation_output_bytes(). + * \param input_length Number of bytes to input from the + * \p key_derivation operation. * * \retval #PSA_SUCCESS * Success. @@ -4385,7 +4387,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, - psa_pake_operation_t *key_derivation); + psa_key_derivation_operation_t *key_derivation, + size_t input_length); /** Set the user ID for a password-authenticated key exchange. *