From ed6d6589b37998b0b54495872debd9ee6429283f Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Sat, 26 Mar 2022 17:28:06 +0100
Subject: [PATCH] Use hash algoritm for parameter instead of HMAC

To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_tls13_invasive.h     | 13 ++++-------
 library/ssl_tls13_keys.c         | 14 ++++++-----
 tests/suites/test_suite_ssl.data | 40 ++++++++++++++------------------
 3 files changed, 30 insertions(+), 37 deletions(-)

diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index 8a3a50170..4e39f90cf 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -30,10 +30,7 @@
  *  \brief  Take the input keying material \p ikm and extract from it a
  *          fixed-length pseudorandom key \p prk.
  *
- *  \param       alg       The HMAC algorithm to use
- *                         (\c #PSA_ALG_HMAC( PSA_ALG_XXX ) value such that
- *                         PSA_ALG_XXX is a hash algorithm and
- *                         #PSA_ALG_IS_HMAC(\p alg) is true).
+ *  \param       hash_alg  Hash algorithm to use.
  *  \param       salt      An optional salt value (a non-secret random value);
  *                         if the salt is not provided, a string of all zeros
  *                         of the length of the hash provided by \p alg is used
@@ -51,7 +48,7 @@
  *  \return An PSA_ERROR_* error for errors returned from the underlying
  *          PSA layer.
  */
-psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg,
                                        const unsigned char *salt, size_t salt_len,
                                        const unsigned char *ikm, size_t ikm_len,
                                        unsigned char *prk, size_t prk_size,
@@ -61,9 +58,7 @@ psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
  *  \brief  Expand the supplied \p prk into several additional pseudorandom
  *          keys, which is the output of the HKDF.
  *
- *  \param  alg       The HMAC algorithm to use (\c #PSA_ALG_HMAC( PSA_ALG_XXX )
- *                    value such that PSA_ALG_XXX is a hash algorithm and
- *                    #PSA_ALG_IS_HMAC(\p alg) is true).
+ *  \param  hash_alg  Hash algorithm to use.
  *  \param  prk       A pseudorandom key of \p prk_len bytes. \p prk is
  *                    usually the output from the HKDF extract step.
  *  \param  prk_len   The length in bytes of \p prk.
@@ -80,7 +75,7 @@ psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
  *  \return An PSA_ERROR_* error for errors returned from the underlying
  *          PSA layer.
  */
-psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg,
                                       const unsigned char *prk, size_t prk_len,
                                       const unsigned char *info, size_t info_len,
                                       unsigned char *okm, size_t okm_len );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 2ce654ba8..5c851c712 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -137,7 +137,7 @@ static void ssl_tls13_hkdf_encode_label(
 }
 
 MBEDTLS_STATIC_TESTABLE
-psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg,
                                        const unsigned char *salt, size_t salt_len,
                                        const unsigned char *ikm, size_t ikm_len,
                                        unsigned char *prk, size_t prk_size,
@@ -148,6 +148,7 @@ psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
 
     if( salt == NULL || salt_len == 0 )
     {
@@ -190,7 +191,7 @@ cleanup:
 }
 
 MBEDTLS_STATIC_TESTABLE
-psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg,
                                       const unsigned char *prk, size_t prk_len,
                                       const unsigned char *info, size_t info_len,
                                       unsigned char *okm, size_t okm_len )
@@ -206,6 +207,7 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
     unsigned char t[PSA_MAC_MAX_SIZE];
+    psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
 
     if( okm == NULL )
     {
@@ -350,7 +352,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
                                  &hkdf_label_len );
 
     return( psa_ssl_status_to_mbedtls(
-                mbedtls_psa_hkdf_expand( PSA_ALG_HMAC( hash_alg ),
+                mbedtls_psa_hkdf_expand( hash_alg,
                                          secret, secret_len,
                                          hkdf_label, hkdf_label_len,
                                          buf, buf_len ) ) );
@@ -521,7 +523,7 @@ int mbedtls_ssl_tls13_evolve_secret(
      * The salt is the old secret, and the input key material
      * is the input secret (PSK / ECDHE). */
     ret = psa_ssl_status_to_mbedtls(
-            mbedtls_psa_hkdf_extract( PSA_ALG_HMAC( hash_alg ),
+            mbedtls_psa_hkdf_extract( hash_alg,
                                       tmp_secret, hlen,
                                       tmp_input, ilen,
                                       secret_new, hlen, &secret_len ) );
@@ -914,8 +916,8 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
                                unsigned char *result )
 {
     int ret = 0;
-    unsigned char binder_key[MBEDTLS_MD_MAX_SIZE];
-    unsigned char early_secret[MBEDTLS_MD_MAX_SIZE];
+    unsigned char binder_key[PSA_MAC_MAX_SIZE];
+    unsigned char early_secret[PSA_MAC_MAX_SIZE];
     size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
     size_t actual_len;
 
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 438345459..b8ca7ffe8 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -4396,84 +4396,80 @@ ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b2070558
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Extract
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Extract
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_256):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244"
+psa_hkdf_extract:PSA_ALG_SHA_256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Extract
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04"
+psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Extract
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243"
+psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Extract
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_1):"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6"
+psa_hkdf_extract:PSA_ALG_SHA_1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Extract
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_1):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01"
+psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Extract
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd"
+psa_hkdf_extract:PSA_ALG_SHA_1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd"
 
 SSL TLS 1.3 Key schedule: HKDF extract fails with wrong hash alg
 psa_hkdf_extract_ret:0:PSA_ERROR_INVALID_ARGUMENT
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Expand
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_256):"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+psa_hkdf_expand:PSA_ALG_SHA_256:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Expand
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_256):"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
+psa_hkdf_expand:PSA_ALG_SHA_256:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Expand
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_256):"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
+psa_hkdf_expand:PSA_ALG_SHA_256:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Expand
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_1):"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
+psa_hkdf_expand:PSA_ALG_SHA_1:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Expand
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_1):"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
+psa_hkdf_expand:PSA_ALG_SHA_1:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Expand
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_1):"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
+psa_hkdf_expand:PSA_ALG_SHA_1:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
 
 SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Expand
 depends_on:PSA_WANT_ALG_SHA_1
-psa_hkdf_expand:PSA_ALG_HMAC(PSA_ALG_SHA_1):"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
+psa_hkdf_expand:PSA_ALG_SHA_1:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
 
 SSL TLS 1.3 Key schedule: HKDF expand fails with NULL okm
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:0:PSA_ERROR_INVALID_ARGUMENT
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:0:PSA_ERROR_INVALID_ARGUMENT
 
 SSL TLS 1.3 Key schedule: HKDF expand fails with invalid alg
 psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT
 
-SSL TLS 1.3 Key schedule: HKDF expand fails with incompatible alg
-depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INVALID_ARGUMENT
-
 SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):16:32:PSA_ERROR_INVALID_ARGUMENT
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:16:32:PSA_ERROR_INVALID_ARGUMENT
 
 SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255
-psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:8192:PSA_ERROR_INVALID_ARGUMENT
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:8192:PSA_ERROR_INVALID_ARGUMENT
 
 SSL TLS 1.3 Key schedule: HKDF expand fails with key import
 depends_on:PSA_WANT_ALG_SHA_256
-psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:32:PSA_ERROR_INSUFFICIENT_MEMORY
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INSUFFICIENT_MEMORY
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)