From e6d867f476765b165af5d6e6f8cd8159d0302347 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 10 Mar 2022 15:04:58 +0100
Subject: [PATCH 1/8] Typo

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index b04e184776..18ec20d9d4 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -166,7 +166,7 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
 
     ctx->ticket_lifetime = lifetime;
 
-    cipher_info = mbedtls_cipher_info_from_type( cipher);
+    cipher_info = mbedtls_cipher_info_from_type( cipher );
 
     if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
         mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )

From 2a020512861f656e99a3f36532ce115c57fc740d Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 10 Mar 2022 15:15:46 +0100
Subject: [PATCH 2/8] Use PSA in TLS ticket handling

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 include/mbedtls/ssl_ticket.h |  11 +++
 library/ssl_ticket.c         | 129 ++++++++++++++++++++++++++++++-----
 2 files changed, 123 insertions(+), 17 deletions(-)

diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 855930953a..98fd287079 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -34,6 +34,10 @@
 #include "mbedtls/ssl.h"
 #include "mbedtls/cipher.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
 #if defined(MBEDTLS_THREADING_C)
 #include "mbedtls/threading.h"
 #endif
@@ -53,7 +57,14 @@ typedef struct mbedtls_ssl_ticket_key
     unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
                                                      /*!< random key identifier              */
     uint32_t MBEDTLS_PRIVATE(generation_time);       /*!< key generation timestamp (seconds) */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx);   /*!< context for auth enc/decryption    */
+#else
+    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key);       /*!< key used for auth enc/decryption   */
+    psa_algorithm_t MBEDTLS_PRIVATE(alg);            /*!< algorithm of auth enc/decryption   */
+    psa_key_type_t MBEDTLS_PRIVATE(key_type);        /*!< key type                           */
+    size_t MBEDTLS_PRIVATE(key_bits);                /*!< key length in bits                 */
+#endif
 }
 mbedtls_ssl_ticket_key;
 
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 18ec20d9d4..f48831b3db 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -73,6 +73,10 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
     unsigned char buf[MAX_KEY_BYTES];
     mbedtls_ssl_ticket_key *key = ctx->keys + index;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME)
     key->generation_time = (uint32_t) mbedtls_time( NULL );
 #endif
@@ -83,11 +87,28 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
     if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
         return( ret );
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, key->alg );
+    psa_set_key_type( &attributes, key->key_type );
+    psa_set_key_bits( &attributes, key->key_bits );
+
+    ret = psa_ssl_status_to_mbedtls(
+            psa_import_key( &attributes, buf,
+                            PSA_BITS_TO_BYTES( key->key_bits ),
+                            &key->key ) );
+
+#else
+
     /* With GCM and CCM, same context can encrypt & decrypt */
     ret = mbedtls_cipher_setkey( &key->ctx, buf,
                                  mbedtls_cipher_get_key_bitlen( &key->ctx ),
                                  MBEDTLS_ENCRYPT );
 
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
 
     return( ret );
@@ -106,6 +127,10 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
         uint32_t current_time = (uint32_t) mbedtls_time( NULL );
         uint32_t key_time = ctx->keys[ctx->active].generation_time;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#endif
+
         if( current_time >= key_time &&
             current_time - key_time < ctx->ticket_lifetime )
         {
@@ -114,6 +139,14 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
 
         ctx->active = 1 - ctx->active;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+        if( ( ret = psa_ssl_status_to_mbedtls(
+                        psa_destroy_key( ctx->keys[ctx->active].key ) ) ) != 0 )
+            return( ret );
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
         return( ssl_ticket_gen_key( ctx, ctx->active ) );
     }
     else
@@ -131,16 +164,44 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
 {
     const unsigned char idx = 1 - ctx->active;
     mbedtls_ssl_ticket_key * const key = ctx->keys + idx;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    const int bitlen = key->key_bits;
+#else
     const int bitlen = mbedtls_cipher_get_key_bitlen( &key->ctx );
-    int ret;
+#endif
+
     if( nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t)bitlen )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-    /* With GCM and CCM, same context can encrypt & decrypt */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+    if( ( ret = psa_ssl_status_to_mbedtls(
+                    psa_destroy_key( key->key ) ) ) != 0 )
+        return( ret );
+
+    psa_set_key_usage_flags( &attributes,
+                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+    psa_set_key_algorithm( &attributes, key->alg );
+    psa_set_key_type( &attributes, key->key_type );
+    psa_set_key_bits( &attributes, key->key_bits );
+
+    if( ( ret = psa_ssl_status_to_mbedtls(
+                    psa_import_key( &attributes, k,
+                                    PSA_BITS_TO_BYTES( key->key_bits ),
+                                    &key->key ) ) ) != 0 )
+        return( ret );
+
+#else
+
     ret = mbedtls_cipher_setkey( &key->ctx, k, bitlen, MBEDTLS_ENCRYPT );
     if( ret != 0 )
         return( ret );
 
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     ctx->active = idx;
     ctx->ticket_lifetime = lifetime;
     memcpy( key->name, name, TICKET_KEY_NAME_BYTES );
@@ -161,6 +222,12 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_algorithm_t alg;
+    psa_key_type_t key_type;
+    size_t key_bits;
+#endif
+
     ctx->f_rng = f_rng;
     ctx->p_rng = p_rng;
 
@@ -178,27 +245,29 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
-                                    cipher_info, TICKET_AUTH_TAG_BYTES );
-    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        return( ret );
-    /* We don't yet expect to support all ciphers through PSA,
-     * so allow fallback to ordinary mbedtls_cipher_setup(). */
-    if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if( mbedtls_ssl_cipher_to_psa( cipher_info->type, TICKET_AUTH_TAG_BYTES,
+                                   &alg, &key_type, &key_bits ) != PSA_SUCCESS )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    ctx->keys[0].alg = alg;
+    ctx->keys[0].key_type = key_type;
+    ctx->keys[0].key_bits = key_bits;
+
+    ctx->keys[1].alg = alg;
+    ctx->keys[1].key_type = key_type;
+    ctx->keys[1].key_bits = key_bits;
+
+#else
+
     if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
         return( ret );
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
-                                    cipher_info, TICKET_AUTH_TAG_BYTES );
-    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        return( ret );
-    if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
         return( ret );
 
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
         ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
     {
@@ -275,6 +344,13 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
     MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
 
     /* Encrypt and authenticate */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ( ret = psa_ssl_status_to_mbedtls(
+                    psa_aead_encrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+                                      key_name, TICKET_ADD_DATA_LEN,
+                                      state, clear_len,
+                                      state, end - state, &ciph_len ) ) ) != 0 )
+#else
     if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
                     iv, TICKET_IV_BYTES,
                     /* Additional data: key name, IV and length */
@@ -282,9 +358,11 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
                     state, clear_len,
                     state, end - state, &ciph_len,
                     TICKET_AUTH_TAG_BYTES ) ) != 0 )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
         goto cleanup;
     }
+
     if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
     {
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -367,6 +445,13 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
     }
 
     /* Decrypt and authenticate */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ( ret = psa_ssl_status_to_mbedtls(
+                    psa_aead_decrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+                                      key_name, TICKET_ADD_DATA_LEN,
+                                      ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+                                      ticket, enc_len, &clear_len ) ) ) != 0 )
+#else
     if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
                     iv, TICKET_IV_BYTES,
                     /* Additional data: key name, IV and length */
@@ -374,6 +459,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
                     ticket, enc_len + TICKET_AUTH_TAG_BYTES,
                     ticket, enc_len, &clear_len,
                     TICKET_AUTH_TAG_BYTES ) ) != 0 )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
         if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
             ret = MBEDTLS_ERR_SSL_INVALID_MAC;
@@ -418,9 +504,18 @@ cleanup:
  */
 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+    psa_destroy_key( ctx->keys[0].key );
+    psa_destroy_key( ctx->keys[1].key );
+
+#else
+
     mbedtls_cipher_free( &ctx->keys[0].ctx );
     mbedtls_cipher_free( &ctx->keys[1].ctx );
 
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );
 #endif

From 2fa1c311cd4ea064d6c4b167986bcf6faf9553eb Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 10 Mar 2022 15:23:38 +0100
Subject: [PATCH 3/8] Remove test dependency

The SSL ticket rotation test case is enabled when PSA is used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 tests/ssl-opt.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dd05716edd..960320a545 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2816,7 +2816,6 @@ run_test    "Session resume using tickets: basic" \
             -c "a session has been resumed"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Session resume using tickets: manual rotation" \
             "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \
             "$P_CLI debug_level=3 tickets=1 reconnect=1" \

From 49c8eb3a5a11b9ce1b61e7bf32daf87fc1a3407e Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 10 Mar 2022 16:13:17 +0100
Subject: [PATCH 4/8] Enable chachcapoly cipher for SSL tickets

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c |  3 ++-
 tests/ssl-opt.sh     | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index f48831b3db..ed9c7a5b4c 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -236,7 +236,8 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     cipher_info = mbedtls_cipher_info_from_type( cipher );
 
     if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
-        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )
+        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM &&
+        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CHACHAPOLY )
     {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 960320a545..7b11590a82 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3108,6 +3108,21 @@ run_test    "Session resume using tickets: ARIA-256-CCM" \
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "Session resume using tickets: CHACHA20-POLY1305" \
+            "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \
+            "$P_CLI debug_level=3 tickets=1 reconnect=1" \
+            0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -s "server hello, adding session ticket extension" \
+            -c "found session_ticket extension" \
+            -c "parse new session ticket" \
+            -S "session successfully restored from cache" \
+            -s "session successfully restored from ticket" \
+            -s "a session has been resumed" \
+            -c "a session has been resumed"
+
 # Tests for Session Tickets with DTLS
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

From 4f4bac7e22b6a1e8ea8fd0e01b429a092e7a3a0d Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Wed, 16 Mar 2022 12:54:27 +0100
Subject: [PATCH 5/8] Remove blank lines

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index ed9c7a5b4c..976778378b 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -88,7 +88,6 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
         return( ret );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
     psa_set_key_usage_flags( &attributes,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
     psa_set_key_algorithm( &attributes, key->alg );
@@ -99,14 +98,11 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
             psa_import_key( &attributes, buf,
                             PSA_BITS_TO_BYTES( key->key_bits ),
                             &key->key ) );
-
 #else
-
     /* With GCM and CCM, same context can encrypt & decrypt */
     ret = mbedtls_cipher_setkey( &key->ctx, buf,
                                  mbedtls_cipher_get_key_bitlen( &key->ctx ),
                                  MBEDTLS_ENCRYPT );
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -140,11 +136,9 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
         ctx->active = 1 - ctx->active;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
         if( ( ret = psa_ssl_status_to_mbedtls(
                         psa_destroy_key( ctx->keys[ctx->active].key ) ) ) != 0 )
             return( ret );
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         return( ssl_ticket_gen_key( ctx, ctx->active ) );
@@ -177,7 +171,6 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
     if( ( ret = psa_ssl_status_to_mbedtls(
                     psa_destroy_key( key->key ) ) ) != 0 )
         return( ret );
@@ -193,13 +186,10 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
                                     PSA_BITS_TO_BYTES( key->key_bits ),
                                     &key->key ) ) ) != 0 )
         return( ret );
-
 #else
-
     ret = mbedtls_cipher_setkey( &key->ctx, k, bitlen, MBEDTLS_ENCRYPT );
     if( ret != 0 )
         return( ret );
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     ctx->active = idx;
@@ -246,7 +236,6 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
     if( mbedtls_ssl_cipher_to_psa( cipher_info->type, TICKET_AUTH_TAG_BYTES,
                                    &alg, &key_type, &key_bits ) != PSA_SUCCESS )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -258,15 +247,12 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     ctx->keys[1].alg = alg;
     ctx->keys[1].key_type = key_type;
     ctx->keys[1].key_bits = key_bits;
-
 #else
-
     if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
         return( ret );
 
     if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
         return( ret );
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
@@ -506,15 +492,11 @@ cleanup:
 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
     psa_destroy_key( ctx->keys[0].key );
     psa_destroy_key( ctx->keys[1].key );
-
 #else
-
     mbedtls_cipher_free( &ctx->keys[0].ctx );
     mbedtls_cipher_free( &ctx->keys[1].ctx );
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_THREADING_C)

From 36c9f51ef2b820e9a4791c912c0b5f8ee319e28e Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Wed, 16 Mar 2022 12:55:32 +0100
Subject: [PATCH 6/8] Use size_t instead of int to silence compiler warnings

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 976778378b..ce4607ec2a 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -162,7 +162,7 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    const int bitlen = key->key_bits;
+    const size_t bitlen = key->key_bits;
 #else
     const int bitlen = mbedtls_cipher_get_key_bitlen( &key->ctx );
 #endif

From 5b8b890a61bbba4901b7aeda2d3bdad5c9c61750 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Wed, 16 Mar 2022 12:56:58 +0100
Subject: [PATCH 7/8] Check PSA functions' return value before converting

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c | 66 +++++++++++++++++++++++++++++---------------
 1 file changed, 44 insertions(+), 22 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index ce4607ec2a..a0d8b3ffc9 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -124,7 +124,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
         uint32_t key_time = ctx->keys[ctx->active].generation_time;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 #endif
 
         if( current_time >= key_time &&
@@ -136,9 +136,10 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
         ctx->active = 1 - ctx->active;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( ret = psa_ssl_status_to_mbedtls(
-                        psa_destroy_key( ctx->keys[ctx->active].key ) ) ) != 0 )
-            return( ret );
+        if( ( status = psa_destroy_key( ctx->keys[ctx->active].key ) ) != PSA_SUCCESS )
+        {
+            return psa_ssl_status_to_mbedtls( ret );
+        }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         return( ssl_ticket_gen_key( ctx, ctx->active ) );
@@ -161,6 +162,7 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     const size_t bitlen = key->key_bits;
 #else
@@ -171,9 +173,11 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = psa_ssl_status_to_mbedtls(
-                    psa_destroy_key( key->key ) ) ) != 0 )
+    if( ( status = psa_destroy_key( key->key ) ) != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         return( ret );
+    }
 
     psa_set_key_usage_flags( &attributes,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
@@ -181,11 +185,13 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
     psa_set_key_type( &attributes, key->key_type );
     psa_set_key_bits( &attributes, key->key_bits );
 
-    if( ( ret = psa_ssl_status_to_mbedtls(
-                    psa_import_key( &attributes, k,
-                                    PSA_BITS_TO_BYTES( key->key_bits ),
-                                    &key->key ) ) ) != 0 )
+    if( ( ret = psa_import_key( &attributes, k,
+                                PSA_BITS_TO_BYTES( key->key_bits ),
+                                &key->key ) ) != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
         return( ret );
+    }
 #else
     ret = mbedtls_cipher_setkey( &key->ctx, k, bitlen, MBEDTLS_ENCRYPT );
     if( ret != 0 )
@@ -294,6 +300,10 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
     unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
     size_t clear_len, ciph_len;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
     *tlen = 0;
 
     if( ctx == NULL || ctx->f_rng == NULL )
@@ -332,11 +342,15 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
 
     /* Encrypt and authenticate */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = psa_ssl_status_to_mbedtls(
-                    psa_aead_encrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
-                                      key_name, TICKET_ADD_DATA_LEN,
-                                      state, clear_len,
-                                      state, end - state, &ciph_len ) ) ) != 0 )
+    if( ( status = psa_aead_encrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+                                     key_name, TICKET_ADD_DATA_LEN,
+                                     state, clear_len,
+                                     state, end - state,
+                                     &ciph_len ) ) != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
+        goto cleanup;
+    }
 #else
     if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
                     iv, TICKET_IV_BYTES,
@@ -345,10 +359,10 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
                     state, clear_len,
                     state, end - state, &ciph_len,
                     TICKET_AUTH_TAG_BYTES ) ) != 0 )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
         goto cleanup;
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
     {
@@ -400,6 +414,10 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
     unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
     size_t enc_len, clear_len;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
     if( ctx == NULL || ctx->f_rng == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
@@ -433,11 +451,14 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
 
     /* Decrypt and authenticate */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = psa_ssl_status_to_mbedtls(
-                    psa_aead_decrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
-                                      key_name, TICKET_ADD_DATA_LEN,
-                                      ticket, enc_len + TICKET_AUTH_TAG_BYTES,
-                                      ticket, enc_len, &clear_len ) ) ) != 0 )
+    if( ( status = psa_aead_decrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
+                                     key_name, TICKET_ADD_DATA_LEN,
+                                     ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+                                     ticket, enc_len, &clear_len ) ) != PSA_SUCCESS )
+    {
+        ret = psa_ssl_status_to_mbedtls( status );
+        goto cleanup;
+    }
 #else
     if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
                     iv, TICKET_IV_BYTES,
@@ -446,13 +467,14 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
                     ticket, enc_len + TICKET_AUTH_TAG_BYTES,
                     ticket, enc_len, &clear_len,
                     TICKET_AUTH_TAG_BYTES ) ) != 0 )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
         if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
             ret = MBEDTLS_ERR_SSL_INVALID_MAC;
 
         goto cleanup;
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     if( clear_len != enc_len )
     {
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;

From 103e08aab9eed0fa823d0186a5e5ea840a79cd26 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Wed, 16 Mar 2022 13:40:11 +0100
Subject: [PATCH 8/8] Fix return value handling

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_ticket.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index a0d8b3ffc9..7f658497ef 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -138,7 +138,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         if( ( status = psa_destroy_key( ctx->keys[ctx->active].key ) ) != PSA_SUCCESS )
         {
-            return psa_ssl_status_to_mbedtls( ret );
+            return psa_ssl_status_to_mbedtls( status );
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -185,9 +185,9 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
     psa_set_key_type( &attributes, key->key_type );
     psa_set_key_bits( &attributes, key->key_bits );
 
-    if( ( ret = psa_import_key( &attributes, k,
-                                PSA_BITS_TO_BYTES( key->key_bits ),
-                                &key->key ) ) != PSA_SUCCESS )
+    if( ( status = psa_import_key( &attributes, k,
+                                   PSA_BITS_TO_BYTES( key->key_bits ),
+                                   &key->key ) ) != PSA_SUCCESS )
     {
         ret = psa_ssl_status_to_mbedtls( status );
         return( ret );