From 844eb0e5fae1f1f9e1cae45cfa08e34caa587e1e Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Wed, 19 Jun 2019 12:10:49 +0100
Subject: [PATCH] Add tls12_prf_read for the new API

Technically we could have reused the old one for the new API, but then
we had to set an extra field during setup. The new version works when
all the fields that haven't been set explicitely are zero-initialised.
---
 include/psa/crypto_struct.h |  4 ++--
 library/psa_crypto.c        | 41 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index d9e9b86da3..fdf78a8eb4 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -250,8 +250,8 @@ typedef struct psa_tls12_prf_key_derivation_s
 #endif
 
     /* Indicates how many bytes in the current HMAC block have
-     * already been read by the user. */
-    uint8_t offset_in_block;
+     * not yet been read by the user. */
+    uint8_t left_in_block;
 
     /* The 1-based number of the block. */
     uint8_t block_number;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 74ca1d671c..ba9b3e3466 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4144,7 +4144,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
 
     /* We need a new block */
     ++tls12_prf->block_number;
-    tls12_prf->offset_in_block = 0;
+    tls12_prf->left_in_block = hash_length;
 
     /* Recall the definition of the TLS-1.2-PRF from RFC 5246:
      *
@@ -4211,6 +4211,45 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
 
     return( PSA_SUCCESS );
 }
+#else
+static psa_status_t psa_key_derivation_tls12_prf_read(
+    psa_tls12_prf_key_derivation_t *tls12_prf,
+    psa_algorithm_t alg,
+    uint8_t *output,
+    size_t output_length )
+{
+    psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
+    uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
+    psa_status_t status;
+    uint8_t offset, length;
+
+    while( output_length != 0 )
+    {
+        /* Check if we have fully processed the current block. */
+        if( tls12_prf->left_in_block == 0 )
+        {
+            status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
+                                                                       alg );
+            if( status != PSA_SUCCESS )
+                return( status );
+
+            continue;
+        }
+
+        if( tls12_prf->left_in_block > output_length )
+            length = (uint8_t) output_length;
+        else
+            length = tls12_prf->left_in_block;
+
+        offset = hash_length - tls12_prf->left_in_block;
+        memcpy( output, tls12_prf->output_block + offset, length );
+        output += length;
+        output_length -= length;
+        tls12_prf->left_in_block -= length;
+    }
+
+    return( PSA_SUCCESS );
+}
 #endif /* PSA_PRE_1_0_KEY_DERIVATION */
 #endif /* MBEDTLS_MD_C */