While reworking the key formats and derivation methods (see the open issue in #177), I have noticed a long-term anomaly in the specification. HMAC keys describe being truncated on import, based on the block size of the associated hash algorithm. See PSA_KEY_TYPE_HMAC, and also the entry for HMAC keys in Key formats.
The latter is written as if the HMAC key is parameterised:
PSA_KEY_TYPE_HMAC (hash_alg)
For HMAC keys that are shorter than, or equal in size to, the block size of hash_alg, the format is the raw bytes of the key.
HMAC keys that are longer than the block size of hash_alg, are permitted in a call to psa_import_key(). For such a key, the output of psa_export_key() is an implementation defined choice between the following:
- The raw bytes of the key.
- The raw bytes of the hash of the key, using hash_alg.
This is clearly wrong. Only the HMAC algorithm is parameterised.
While reworking the key formats and derivation methods (see the open issue in #177), I have noticed a long-term anomaly in the specification. HMAC keys describe being truncated on import, based on the block size of the associated hash algorithm. See
PSA_KEY_TYPE_HMAC, and also the entry for HMAC keys in Key formats.The latter is written as if the HMAC key is parameterised:
This is clearly wrong. Only the HMAC algorithm is parameterised.