Add PSA key in mbedtls_ssl_cookie_ctx

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 10:20:20 +01:00 · 2022-03-04 10:20:20 +01:00 · bca99ee0ac
commit bca99ee0ac
parent 052deb941f
2 changed files with 10 additions and 0 deletions
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@ -53,6 +53,10 @@ extern "C" {
 */
 typedef struct mbedtls_ssl_cookie_ctx
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac);   /*!< key id for the HMAC portion   */
+    psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
 #if !defined(MBEDTLS_HAVE_TIME)
    unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@ -68,6 +68,9 @@

 void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    ctx->psa_hmac = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    mbedtls_md_init( &ctx->hmac_ctx );
 #if !defined(MBEDTLS_HAVE_TIME)
    ctx->serial = 0;
@ -86,6 +89,9 @@ void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long

 void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( ctx->psa_hmac );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    mbedtls_md_free( &ctx->hmac_ctx );

 #if defined(MBEDTLS_THREADING_C)