Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/constant_time.c b/library/constant_time.c
index 0cab376..d32a40c 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -496,18 +496,12 @@
goto cleanup; \
} while( 0 )
- /* Export MAC key */
- PSA_CHK( psa_export_key( key, mac_key,
- MAX_HASH_BLOCK_LENGTH,
- &mac_key_length ) );
-
- if( mac_key_length > block_size )
- {
- PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
- PSA_CHK( psa_hash_update( &operation, mac_key, mac_key_length ) );
- PSA_CHK( psa_hash_finish( &operation, mac_key,
- MAX_HASH_BLOCK_LENGTH, &mac_key_length ) );
- }
+ /* Export MAC key
+ * We assume key length is always exactly the output size
+ * which is never more than the block size, thus we use block_size
+ * as the key buffer size.
+ */
+ PSA_CHK( psa_export_key( key, mac_key, block_size, &mac_key_length ) );
/* Calculate ikey/okey */
memset( ikey, 0x36, block_size );