Merge pull request #10061 from amtkarm1/iss9322

Replace psa_pake_get_implicit_key() with psa_pake_get_shared_key()
2026-03-21 19:51:07 +01:00 · 2025-08-29 15:40:31 +00:00
parent fda51526b5 68f658c95e
commit 1fd0546ab3
2 changed files with 23 additions and 3 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6385,8 +6385,28 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
            }

-            status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx,
-                                               &derivation);
+            mbedtls_svc_key_id_t shared_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+
+            psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+            psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE);
+            psa_set_key_algorithm(&shared_key_attributes, alg);
+            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE);
+
+            status = psa_pake_get_shared_key(&handshake->psa_pake_ctx,
+                                             &shared_key_attributes,
+                                             &shared_key_id);
+
+            if (status != PSA_SUCCESS) {
+                psa_key_derivation_abort(&derivation);
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+            }
+
+            status = psa_key_derivation_input_key(&derivation,
+                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                  shared_key_id);
+
+            psa_destroy_key(shared_key_id);
+
            if (status != PSA_SUCCESS) {
                psa_key_derivation_abort(&derivation);
                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
--- a/2
+++ b/2