From 2cd649684af255a20628679628dd9fada0cc8d4c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:38:57 +0530 Subject: [PATCH] Add pbkdf2_cmac to key derivation setup Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4d8979caf..f29d1abde 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6142,6 +6142,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + return 1; + } #endif return 0; } @@ -6168,10 +6173,14 @@ static psa_status_t psa_key_derivation_setup_kdf( } /* All currently supported key derivation algorithms (apart from - * ecjpake to pms) are based on a hash algorithm. */ + * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + hash_size = AES_CMAC_PRF_128_OUTPUT_SIZE; + } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; } @@ -6183,8 +6192,6 @@ static psa_status_t psa_key_derivation_setup_kdf( if (status != PSA_SUCCESS) { return status; } - } else { - hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||