commit df3b0892ce2f5aea104750b62823c74fb67da7be
author Janos Follath <janos.follath@arm.com> Thu Aug 08 11:12:24 2019 +0100
committer Janos Follath <janos.follath@arm.com> Fri Aug 16 13:37:32 2019 +0100
tree cef5e54df50ff182f9b2a72b3211f2e3bf51a46b
parent 1239d70870e1e73a9b921e8a71b654adf2978f1a

Use psa_raw_key_agreement

In PSA 1.0 raw key agreement has been moved from
psa_key_derivation_key_agreement() to its own separate function call,
called psa_raw_key_agreement().

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4a466ea..f403aa0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3238,9 +3238,6 @@
         unsigned char *own_pubkey_ecpoint;
         size_t own_pubkey_ecpoint_len;
 
-        psa_key_derivation_operation_t generator =
-            PSA_KEY_DERIVATION_OPERATION_INIT;
-
         header_len = 4;
 
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
@@ -3258,8 +3255,7 @@
          * of the ECDH secret and the application of the TLS 1.2 PRF. */
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes,
-                               PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
+        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
         psa_set_key_type( &key_attributes,
                           PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve )
                         );
@@ -3268,7 +3264,7 @@
 
         /* Generate ECDH private key. */
         status = psa_generate_key( &key_attributes,
-                                   handshake->ecdh_psa_privkey );
+                                   &handshake->ecdh_psa_privkey );
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
 
@@ -3294,31 +3290,16 @@
                 own_pubkey_ecpoint, own_pubkey_ecpoint_len );
         content_len = own_pubkey_ecpoint_len + 1;
 
-        /* Compute ECDH shared secret. */
-        status = psa_key_derivation_key_agreement(
-                &generator,
-                handshake->ecdh_psa_privkey,
-                handshake->ecdh_psa_peerkey,
-                handshake->ecdh_psa_peerkey_len,
-                PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
         /* The ECDH secret is the premaster secret used for key derivation. */
 
-        ssl->handshake->pmslen =
-            MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve );
-
-        status = psa_key_derivation_output_bytes( &generator,
-                                                  ssl->handshake->premaster,
-                                                  ssl->handshake->pmslen );
-        if( status != PSA_SUCCESS )
-        {
-            psa_key_derivation_abort( &generator );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
-        status = psa_key_derivation_abort( &generator );
+        /* Compute ECDH shared secret. */
+        status = psa_raw_key_agreement( PSA_ALG_ECDH,
+                                        handshake->ecdh_psa_privkey,
+                                        handshake->ecdh_psa_peerkey,
+                                        handshake->ecdh_psa_peerkey_len,
+                                        ssl->handshake->premaster,
+                                        sizeof( ssl->handshake->premaster ),
+                                        &ssl->handshake->pmslen );
         if( status != PSA_SUCCESS )
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );