commit 29c0c040fcc3fe3744e3dc048764b1ed3f2d77b2
author Neil Armstrong <narmstrong@baylibre.com> Thu Mar 17 17:47:28 2022 +0100
committer Neil Armstrong <narmstrong@baylibre.com> Fri Mar 18 11:10:09 2022 +0100
tree 8d940fda442a45baa0f8e34b7050a499e6c0c526
parent 9ebb9ff60c96b7eb371b655d7f49d7b044a20247

Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform()

This requires moving the HMAC init after CIPHER init.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 183e003..233e176 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7291,61 +7291,6 @@
         goto end;
     }
 
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    /* For HMAC-based ciphersuites, initialize the HMAC transforms.
-       For AEAD-based ciphersuites, there is nothing to do here. */
-    if( mac_key_len != 0 )
-    {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
-        if( alg == 0 )
-        {
-                ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_md_type_to_psa", ret );
-                goto end;
-        }
-
-        transform->psa_mac_alg = PSA_ALG_HMAC( alg );
-
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-        psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
-        psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
-
-        if( ( status = psa_import_key( &attributes,
-                                       mac_enc, mac_key_len,
-                                       &transform->psa_mac_enc ) ) != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
-            goto end;
-        }
-
-        /* mbedtls_ct_hmac() requires the key to be exportable */
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
-                                              PSA_KEY_USAGE_VERIFY_HASH );
-
-        if( ( status = psa_import_key( &attributes,
-                                       mac_dec, mac_key_len,
-                                       &transform->psa_mac_dec ) ) != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
-            goto end;
-        }
-#else
-        ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        if( ret != 0 )
-            goto end;
-        ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
-        if( ret != 0 )
-            goto end;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-    ((void) mac_dec);
-    ((void) mac_enc);
-
     if( ssl != NULL && ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
@@ -7450,6 +7395,66 @@
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+    /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+       For AEAD-based ciphersuites, there is nothing to do here. */
+    if( mac_key_len != 0 )
+    {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+        if( alg == 0 )
+        {
+                ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_md_type_to_psa", ret );
+                goto end;
+        }
+
+        transform->psa_mac_alg = PSA_ALG_HMAC( alg );
+
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+        psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+        psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+        if( ( status = psa_import_key( &attributes,
+                                       mac_enc, mac_key_len,
+                                       &transform->psa_mac_enc ) ) != PSA_SUCCESS )
+        {
+            ret = psa_ssl_status_to_mbedtls( status );
+            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+            goto end;
+        }
+
+        if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
+              transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) &&
+            transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
+            /* mbedtls_ct_hmac() requires the key to be exportable */
+            psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+                                                  PSA_KEY_USAGE_VERIFY_HASH );
+        else
+            psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+
+        if( ( status = psa_import_key( &attributes,
+                                       mac_dec, mac_key_len,
+                                       &transform->psa_mac_dec ) ) != PSA_SUCCESS )
+        {
+            ret = psa_ssl_status_to_mbedtls( status );
+            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+            goto end;
+        }
+#else
+        ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+        if( ret != 0 )
+            goto end;
+        ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+        if( ret != 0 )
+            goto end;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+    }
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+    ((void) mac_dec);
+    ((void) mac_enc);
+
 end:
     mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
     return( ret );