Improve some comments and internal documentation

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-07-22 10:37:27 +02:00
parent c3219006ff
commit baccf803ad
2 changed files with 8 additions and 4 deletions

View File

@ -42,9 +42,11 @@
* max_data_len bytes from \p data. * max_data_len bytes from \p data.
* *
* \param ctx The HMAC context. It must have keys configured * \param ctx The HMAC context. It must have keys configured
* with mbedtls_md_hmac_starts(). It is reset using * with mbedtls_md_hmac_starts() and use one of the
* mbedtls_md_hmac_reset() after the computation is * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
* complete to prepare for the next computation. * It is reset using mbedtls_md_hmac_reset() after
* the computation is complete to prepare for the
* next computation.
* \param add_data The additional data prepended to \p data. This * \param add_data The additional data prepended to \p data. This
* must point to a readable buffer of \p add_data_len * must point to a readable buffer of \p add_data_len
* bytes. * bytes.

View File

@ -1127,7 +1127,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
* extension to the MD API in order to get constant-flow behaviour. * extension to the MD API in order to get constant-flow behaviour.
* *
* HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
* concatenation, and okey/ikey is the XOR of the key with some fix bit * concatenation, and okey/ikey are the XOR of the key with some fixed bit
* patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
* *
* We'll first compute inner_hash = HASH(ikey + msg) by hashing up to * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
@ -1137,6 +1137,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
* Then we only need to compute HASH(okey + inner_hash) and we're done. * Then we only need to compute HASH(okey + inner_hash) and we're done.
*/ */
const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info ); const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
/* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
* all of which have the same block size except SHA-384. */
const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
const unsigned char * const ikey = (unsigned char *) ctx->hmac_ctx; const unsigned char * const ikey = (unsigned char *) ctx->hmac_ctx;
const unsigned char * const okey = ikey + block_size; const unsigned char * const okey = ikey + block_size;