commit cb4317b7236ccaafd2be4c8fd1699d11e30dd864
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Sep 27 14:28:31 2021 +0200
committer Gabor Mezei <gabor.mezei@arm.com> Thu Nov 11 10:59:04 2021 +0100
tree 9e51bf995bc38564d1e8d7251f8f5a4ddb6b87bf
parent 0f7b9e43e9729073bb342f1810bd2301893662fc

Move mbedtls_cf_hmac function to the constant-time module

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/constant_time.h

diff --git a/library/constant_time.h b/library/constant_time.h
index 060aca3..a8d142b 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -23,6 +23,10 @@
 #include "mbedtls/bignum.h"
 #endif
 
+#if defined(MBEDTLS_SSL_TLS_C)
+#include "mbedtls/ssl_internal.h"
+#endif
+
 #include <stddef.h>
 
 int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n );
@@ -98,3 +102,47 @@
                                size_t offset_secret,
                                size_t offset_min, size_t offset_max,
                                size_t len );
+
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+
+/** Compute the HMAC of variable-length data with constant flow.
+ *
+ * This function computes the HMAC of the concatenation of \p add_data and \p
+ * data, and does with a code flow and memory access pattern that does not
+ * depend on \p data_len_secret, but only on \p min_data_len and \p
+ * max_data_len. In particular, this function always reads exactly \p
+ * max_data_len bytes from \p data.
+ *
+ * \param ctx               The HMAC context. It must have keys configured
+ *                          with mbedtls_md_hmac_starts() and use one of the
+ *                          following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
+ *                          It is reset using mbedtls_md_hmac_reset() after
+ *                          the computation is complete to prepare for the
+ *                          next computation.
+ * \param add_data          The additional data prepended to \p data. This
+ *                          must point to a readable buffer of \p add_data_len
+ *                          bytes.
+ * \param add_data_len      The length of \p add_data in bytes.
+ * \param data              The data appended to \p add_data. This must point
+ *                          to a readable buffer of \p max_data_len bytes.
+ * \param data_len_secret   The length of the data to process in \p data.
+ *                          This must be no less than \p min_data_len and no
+ *                          greater than \p max_data_len.
+ * \param min_data_len      The minimal length of \p data in bytes.
+ * \param max_data_len      The maximal length of \p data in bytes.
+ * \param output            The HMAC will be written here. This must point to
+ *                          a writable buffer of sufficient size to hold the
+ *                          HMAC value.
+ *
+ * \retval 0 on success.
+ * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
+ *         The hardware accelerator failed.
+ */
+int mbedtls_ssl_cf_hmac(
+        mbedtls_md_context_t *ctx,
+        const unsigned char *add_data, size_t add_data_len,
+        const unsigned char *data, size_t data_len_secret,
+        size_t min_data_len, size_t max_data_len,
+        unsigned char *output );
+
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */