From bca99ee0ac871e555452f3959d78eaf892bbb870 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 10:20:20 +0100
Subject: [PATCH 01/12] Add PSA key in mbedtls_ssl_cookie_ctx

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/mbedtls/ssl_cookie.h | 4 ++++
 library/ssl_cookie.c         | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 34452aae6..b39c09a96 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -53,6 +53,10 @@ extern "C" {
  */
 typedef struct mbedtls_ssl_cookie_ctx
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac);   /*!< key id for the HMAC portion   */
+    psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
 #if !defined(MBEDTLS_HAVE_TIME)
     unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 358169e87..9f27a87cf 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -68,6 +68,9 @@
 
 void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    ctx->psa_hmac = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_md_init( &ctx->hmac_ctx );
 #if !defined(MBEDTLS_HAVE_TIME)
     ctx->serial = 0;
@@ -86,6 +89,9 @@ void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long
 
 void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( ctx->psa_hmac );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_md_free( &ctx->hmac_ctx );
 
 #if defined(MBEDTLS_THREADING_C)

From d63320127999707a53d50f3926b5cab4500bd2d3 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 10:26:16 +0100
Subject: [PATCH 02/12] Import PSA HMAC key in mbedtls_ssl_cookie_setup()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 9f27a87cf..ba5d8b95c 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -107,10 +107,34 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char key[COOKIE_MD_OUTLEN];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_algorithm_t alg;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
         return( ret );
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    alg = mbedtls_psa_translate_md( COOKIE_MD );
+    if( alg == 0 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    ctx->psa_hmac_alg = PSA_ALG_HMAC( alg );
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+    psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+    if( ( status = psa_import_key( &attributes,
+                                   key, sizeof( key ),
+                                   &ctx->psa_hmac ) ) != PSA_SUCCESS )
+    {
+        return psa_ssl_status_to_mbedtls( status );
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
     if( ret != 0 )
         return( ret );

From 23d34ce372877acc06ffb98e33043ae93969b559 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 10:32:26 +0100
Subject: [PATCH 03/12] Use PSA HMAC API in ssl_cookie_hmac()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 59 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ba5d8b95c..e3a7f3d99 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -133,8 +133,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     {
         return psa_ssl_status_to_mbedtls( status );
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
+#else
     ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
     if( ret != 0 )
         return( ret );
@@ -142,6 +141,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
     if( ret != 0 )
         return( ret );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( key, sizeof( key ) );
 
@@ -151,15 +151,53 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
 /*
  * Generate the HMAC part of a cookie
  */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_cookie_hmac( mbedtls_ssl_cookie_ctx *ctx,
+                            const unsigned char time[4],
+                            unsigned char **p, unsigned char *end,
+                            const unsigned char *cli_id, size_t cli_id_len )
+#else
 static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
                             const unsigned char time[4],
                             unsigned char **p, unsigned char *end,
                             const unsigned char *cli_id, size_t cli_id_len )
+#endif
 {
     unsigned char hmac_out[COOKIE_MD_OUTLEN];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t sign_mac_length = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( psa_mac_sign_setup( &operation, ctx->psa_hmac,
+                            ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cookie_hmac_exit;
+    }
+
+    if( psa_mac_update( &operation, time, 4 ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cookie_hmac_exit;
+    }
+
+    if( psa_mac_update( &operation, cli_id,
+                        cli_id_len ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cookie_hmac_exit;
+    }
+
+    if( psa_mac_sign_finish( &operation, hmac_out, COOKIE_MD_OUTLEN,
+                             &sign_mac_length ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cookie_hmac_exit;
+    }
+
+    ret = 0;
+#else
     if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
         mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
         mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
@@ -167,11 +205,20 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
     {
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
     *p += COOKIE_HMAC_LEN;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+cookie_hmac_exit:
+    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+
+    return ret;
+#else
     return( 0 );
+#endif
 }
 
 /*
@@ -204,7 +251,11 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    ret = ssl_cookie_hmac( ctx, *p - 4,
+#else
     ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
                            p, end, cli_id, cli_id_len );
 
 #if defined(MBEDTLS_THREADING_C)
@@ -240,7 +291,11 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ssl_cookie_hmac( ctx, cookie,
+#else
     if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
                          &p, p + sizeof( ref_hmac ),
                          cli_id, cli_id_len ) != 0 )
         ret = -1;

From 77b69ab971f6236f10d54ce30bad7db4f098509e Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 14:35:13 +0100
Subject: [PATCH 04/12] Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/mbedtls/ssl_cookie.h | 3 ++-
 library/ssl_cookie.c         | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index b39c09a96..723a13e5e 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -56,8 +56,9 @@ typedef struct mbedtls_ssl_cookie_ctx
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac);   /*!< key id for the HMAC portion   */
     psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
     mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if !defined(MBEDTLS_HAVE_TIME)
     unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
 #endif
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index e3a7f3d99..ee8cc171d 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -70,8 +70,9 @@ void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     ctx->psa_hmac = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
     mbedtls_md_init( &ctx->hmac_ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if !defined(MBEDTLS_HAVE_TIME)
     ctx->serial = 0;
 #endif
@@ -91,8 +92,9 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key( ctx->psa_hmac );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
     mbedtls_md_free( &ctx->hmac_ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );

From 2217d6f82507aaf28c82ee234f6a8b358894a437 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 15:00:22 +0100
Subject: [PATCH 05/12] Generate cookie MAC key with psa_generate_key

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ee8cc171d..a0e968029 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -107,18 +107,14 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[COOKIE_MD_OUTLEN];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t alg;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
-        return( ret );
+    (void)f_rng;
+    (void)p_rng;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     alg = mbedtls_psa_translate_md( COOKIE_MD );
     if( alg == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -128,14 +124,20 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
     psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
 
-    if( ( status = psa_import_key( &attributes,
-                                   key, sizeof( key ),
-                                   &ctx->psa_hmac ) ) != PSA_SUCCESS )
+    if( ( status = psa_generate_key( &attributes,
+                                     &ctx->psa_hmac ) ) != PSA_SUCCESS )
     {
         return psa_ssl_status_to_mbedtls( status );
     }
 #else
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char key[COOKIE_MD_OUTLEN];
+
+    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
+        return( ret );
+
     ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
     if( ret != 0 )
         return( ret );
@@ -143,9 +145,9 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
     if( ret != 0 )
         return( ret );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( key, sizeof( key ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     return( 0 );
 }

From 7cd0270d6c9e0b4afc3d72ed0e908cd0a1a50477 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Fri, 4 Mar 2022 15:08:43 +0100
Subject: [PATCH 06/12] Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/mbedtls/ssl_cookie.h |  2 ++
 library/ssl_cookie.c         | 25 ++++++++++++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 723a13e5e..0278bcfa8 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -65,9 +65,11 @@ typedef struct mbedtls_ssl_cookie_ctx
     unsigned long   MBEDTLS_PRIVATE(timeout);    /*!< timeout delay, in seconds if HAVE_TIME,
                                      or in number of tickets issued */
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
 #endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 } mbedtls_ssl_cookie_ctx;
 
 /**
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a0e968029..a742888a4 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -78,9 +78,11 @@ void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
 #endif
     ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_init( &ctx->mutex );
 #endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 
 void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
@@ -94,11 +96,11 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
     psa_destroy_key( ctx->psa_hmac );
 #else
     mbedtls_md_free( &ctx->hmac_ctx );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
 }
@@ -250,16 +252,16 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     MBEDTLS_PUT_UINT32_BE(t, *p, 0);
     *p += 4;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    ret = ssl_cookie_hmac( ctx, *p - 4,
+                           p, end, cli_id, cli_id_len );
+#else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = ssl_cookie_hmac( ctx, *p - 4,
-#else
     ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                            p, end, cli_id, cli_id_len );
 
 #if defined(MBEDTLS_THREADING_C)
@@ -267,6 +269,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
                 MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     return( ret );
 }
@@ -290,16 +293,19 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
     if( cookie_len != COOKIE_LEN )
         return( -1 );
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ssl_cookie_hmac( ctx, cookie,
+                         &p, p + sizeof( ref_hmac ),
+                         cli_id, cli_id_len ) != 0 )
+        ret = -1;
+
+#else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ssl_cookie_hmac( ctx, cookie,
-#else
     if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                          &p, p + sizeof( ref_hmac ),
                          cli_id, cli_id_len ) != 0 )
         ret = -1;
@@ -311,6 +317,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
                                  MBEDTLS_ERR_THREADING_MUTEX_ERROR );
     }
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ret != 0 )
         goto exit;

From be52f500c8cc5974898949a58785fd3436fca817 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 7 Mar 2022 14:17:26 +0100
Subject: [PATCH 07/12] Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN
 in mbedtls_ssl_cookie_setup()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a742888a4..155edfdac 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -121,10 +121,11 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     if( alg == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    ctx->psa_hmac_alg = PSA_ALG_HMAC( alg );
+    ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
+                                               COOKIE_HMAC_LEN );
 
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+    psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
     psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
 

From 6d5baf5f1e86ae1a0158b3105926cfc1a4fc6615 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 7 Mar 2022 14:25:18 +0100
Subject: [PATCH 08/12] Use PSA MAC verify API in mbedtls_ssl_cookie_check()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 155edfdac..de5c5435e 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -124,7 +124,8 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
                                                COOKIE_HMAC_LEN );
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
+                                          PSA_KEY_USAGE_SIGN_MESSAGE );
     psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
     psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
     psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
@@ -282,9 +283,13 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
                       const unsigned char *cookie, size_t cookie_len,
                       const unsigned char *cli_id, size_t cli_id_len )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#else
     unsigned char ref_hmac[COOKIE_HMAC_LEN];
-    int ret = 0;
     unsigned char *p = ref_hmac;
+#endif
+    int ret = 0;
     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
     unsigned long cur_time, cookie_time;
 
@@ -295,11 +300,28 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
         return( -1 );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ssl_cookie_hmac( ctx, cookie,
-                         &p, p + sizeof( ref_hmac ),
-                         cli_id, cli_id_len ) != 0 )
-        ret = -1;
+    if( psa_mac_verify_setup( &operation, ctx->psa_hmac,
+                              ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
 
+    if( psa_mac_update( &operation, cookie, 4 ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    if( psa_mac_update( &operation, cli_id,
+                        cli_id_len ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    if( psa_mac_verify_finish( &operation, cookie + 4,
+                               COOKIE_HMAC_LEN ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
 #else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -318,7 +340,6 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
                                  MBEDTLS_ERR_THREADING_MUTEX_ERROR );
     }
 #endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ret != 0 )
         goto exit;
@@ -328,6 +349,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
         ret = -1;
         goto exit;
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_HAVE_TIME)
     cur_time = (unsigned long) mbedtls_time( NULL );
@@ -347,7 +369,12 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
     }
 
 exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+#else
     mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     return( ret );
 }
 #endif /* MBEDTLS_SSL_COOKIE_C */

From 2d5e343c75e54ab1ef1bbbae2193267fff02465e Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 21 Mar 2022 11:39:52 +0100
Subject: [PATCH 09/12] Use inline PSA code instead of using ssl_cookie_hmac in
 mbedtls_ssl_cookie_write()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 86 +++++++++++++++++++-------------------------
 1 file changed, 37 insertions(+), 49 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index de5c5435e..a1fdad587 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -156,56 +156,19 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     return( 0 );
 }
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 /*
  * Generate the HMAC part of a cookie
  */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int ssl_cookie_hmac( mbedtls_ssl_cookie_ctx *ctx,
-                            const unsigned char time[4],
-                            unsigned char **p, unsigned char *end,
-                            const unsigned char *cli_id, size_t cli_id_len )
-#else
 static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
                             const unsigned char time[4],
                             unsigned char **p, unsigned char *end,
                             const unsigned char *cli_id, size_t cli_id_len )
-#endif
 {
     unsigned char hmac_out[COOKIE_MD_OUTLEN];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t sign_mac_length = 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( psa_mac_sign_setup( &operation, ctx->psa_hmac,
-                            ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cookie_hmac_exit;
-    }
-
-    if( psa_mac_update( &operation, time, 4 ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cookie_hmac_exit;
-    }
-
-    if( psa_mac_update( &operation, cli_id,
-                        cli_id_len ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cookie_hmac_exit;
-    }
-
-    if( psa_mac_sign_finish( &operation, hmac_out, COOKIE_MD_OUTLEN,
-                             &sign_mac_length ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cookie_hmac_exit;
-    }
-
-    ret = 0;
-#else
     if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
         mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
         mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
@@ -213,21 +176,13 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
     {
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
     *p += COOKIE_HMAC_LEN;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-cookie_hmac_exit:
-    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-
-    return ret;
-#else
     return( 0 );
-#endif
 }
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 
 /*
  * Generate cookie for DTLS ClientHello verification
@@ -236,6 +191,10 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
                       unsigned char **p, unsigned char *end,
                       const unsigned char *cli_id, size_t cli_id_len )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    size_t sign_mac_length = 0;
+#endif
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
     unsigned long t;
@@ -255,8 +214,32 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     *p += 4;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = ssl_cookie_hmac( ctx, *p - 4,
-                           p, end, cli_id, cli_id_len );
+    if( psa_mac_sign_setup( &operation, ctx->psa_hmac,
+                            ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    if( psa_mac_update( &operation, *p - 4, 4 ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    if( psa_mac_update( &operation, cli_id,
+                        cli_id_len ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    if( psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
+                             &sign_mac_length ) != PSA_SUCCESS ) {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto exit;
+    }
+
+    *p += COOKIE_HMAC_LEN;
+
+    ret = 0;
 #else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -273,6 +256,11 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     return( ret );
 }
 

From 79daea25dbaed848489b01b9e5c8336b6ff457bc Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 21 Mar 2022 12:05:51 +0100
Subject: [PATCH 10/12] Handle and return translated PSA errors in ssl_cookie.c

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_cookie.c | 73 ++++++++++++++++++++++++++++----------------
 1 file changed, 47 insertions(+), 26 deletions(-)

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a1fdad587..8b59da7a7 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -193,6 +193,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t sign_mac_length = 0;
 #endif
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -214,26 +215,33 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     *p += 4;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( psa_mac_sign_setup( &operation, ctx->psa_hmac,
-                            ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_sign_setup( &operation, ctx->psa_hmac,
+                                 ctx->psa_hmac_alg );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_update( &operation, *p - 4, 4 ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_update( &operation, *p - 4, 4 );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_update( &operation, cli_id,
-                        cli_id_len ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_update( &operation, cli_id, cli_id_len );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
-                             &sign_mac_length ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
+                                  &sign_mac_length );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
@@ -258,8 +266,9 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
-    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_abort( &operation );
+    if( status != PSA_SUCCESS )
+        ret = psa_ssl_status_to_mbedtls( status );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     return( ret );
 }
@@ -273,6 +282,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 #else
     unsigned char ref_hmac[COOKIE_HMAC_LEN];
     unsigned char *p = ref_hmac;
@@ -288,28 +298,38 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
         return( -1 );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( psa_mac_verify_setup( &operation, ctx->psa_hmac,
-                              ctx->psa_hmac_alg ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_verify_setup( &operation, ctx->psa_hmac,
+                                   ctx->psa_hmac_alg );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_update( &operation, cookie, 4 ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_update( &operation, cookie, 4 );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_update( &operation, cli_id,
-                        cli_id_len ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_update( &operation, cli_id,
+                             cli_id_len );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
 
-    if( psa_mac_verify_finish( &operation, cookie + 4,
-                               COOKIE_HMAC_LEN ) != PSA_SUCCESS ) {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_verify_finish( &operation, cookie + 4,
+                                    COOKIE_HMAC_LEN );
+    if( status != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         goto exit;
     }
+
+    ret = 0;
 #else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -358,8 +378,9 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
 
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( psa_mac_abort( &operation ) != PSA_SUCCESS )
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    status = psa_mac_abort( &operation );
+    if( status != PSA_SUCCESS )
+        ret = psa_ssl_status_to_mbedtls( status );
 #else
     mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

From c0db7623ec2af8adf08dbc8c0a2014503054954f Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Tue, 22 Mar 2022 10:38:58 +0100
Subject: [PATCH 11/12] Also guard include of mbedtls/threading.h in
 ssl_cookie.h when USE_PSA_CRYPTO is set

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/mbedtls/ssl_cookie.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 0278bcfa8..4da392305 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -27,9 +27,11 @@
 
 #include "mbedtls/ssl.h"
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
 #include "mbedtls/threading.h"
 #endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 
 /**
  * \name SECTION: Module settings

From 488a40eecb22719ff17500ccef3d7fb487144516 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Tue, 22 Mar 2022 10:41:38 +0100
Subject: [PATCH 12/12] Rename psa_hmac to psa_hmac_key in
 mbedtls_ssl_cookie_ctx

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/mbedtls/ssl_cookie.h |  2 +-
 library/ssl_cookie.c         | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 4da392305..c5b80d936 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -56,7 +56,7 @@ extern "C" {
 typedef struct mbedtls_ssl_cookie_ctx
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac);   /*!< key id for the HMAC portion   */
+    mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac_key);  /*!< key id for the HMAC portion   */
     psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */
 #else
     mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 8b59da7a7..3be4b45d4 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -69,7 +69,7 @@
 void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ctx->psa_hmac = MBEDTLS_SVC_KEY_ID_INIT;
+    ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
 #else
     mbedtls_md_init( &ctx->hmac_ctx );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -93,7 +93,7 @@ void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long
 void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_destroy_key( ctx->psa_hmac );
+    psa_destroy_key( ctx->psa_hmac_key );
 #else
     mbedtls_md_free( &ctx->hmac_ctx );
 
@@ -131,7 +131,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
     psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
 
     if( ( status = psa_generate_key( &attributes,
-                                     &ctx->psa_hmac ) ) != PSA_SUCCESS )
+                                     &ctx->psa_hmac_key ) ) != PSA_SUCCESS )
     {
         return psa_ssl_status_to_mbedtls( status );
     }
@@ -215,7 +215,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
     *p += 4;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_mac_sign_setup( &operation, ctx->psa_hmac,
+    status = psa_mac_sign_setup( &operation, ctx->psa_hmac_key,
                                  ctx->psa_hmac_alg );
     if( status != PSA_SUCCESS )
     {
@@ -298,7 +298,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
         return( -1 );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_mac_verify_setup( &operation, ctx->psa_hmac,
+    status = psa_mac_verify_setup( &operation, ctx->psa_hmac_key,
                                    ctx->psa_hmac_alg );
     if( status != PSA_SUCCESS )
     {