PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index df4835b..e274d5b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2085,7 +2085,7 @@
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
@@ -2115,9 +2115,7 @@
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Convert given PSA status to mbedtls error code.
*
@@ -2145,6 +2143,6 @@
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index c04eff7..8a3a501 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -20,14 +20,12 @@
#include "common.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_TEST_HOOKS)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
/**
* \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk.
@@ -87,8 +85,8 @@
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
#endif /* MBEDTLS_TEST_HOOKS */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index d6a027a..44db38f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -136,8 +136,6 @@
*dst_len = total_hkdf_lbl_len;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
MBEDTLS_STATIC_TESTABLE
psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len,
@@ -312,8 +310,6 @@
return( ( status == PSA_SUCCESS ) ? destroy_status : status );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t secret_len,
@@ -324,11 +320,7 @@
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg;
-#else
- const mbedtls_md_info_t *md_info;
-#endif
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{
@@ -350,17 +342,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
alg = PSA_ALG_HMAC( alg );
-#else
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_tls13_hkdf_encode_label( buf_len,
label, label_len,
@@ -368,18 +354,11 @@
hkdf_label,
&hkdf_label_len );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return( psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_expand( alg,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, buf_len ) ) );
-#else
- return mbedtls_hkdf_expand( md_info,
- secret, secret_len,
- hkdf_label, hkdf_label_len,
- buf, buf_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/*
@@ -500,7 +479,6 @@
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t secret_len;
psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
@@ -508,14 +486,6 @@
alg = PSA_ALG_HMAC( alg );
hlen = PSA_HASH_LENGTH( alg );
-#else
- const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- hlen = mbedtls_md_get_size( md_info );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
@@ -545,18 +515,11 @@
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_extract( alg,
tmp_secret, hlen,
tmp_input, ilen,
secret_new, hlen, &secret_len ) );
-#else
- ret = mbedtls_hkdf_extract( md_info,
- tmp_secret, hlen,
- tmp_input, ilen,
- secret_new );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup:
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 5e02d10..81a0f48 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3885,7 +3885,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract( int alg,
data_t *ikm,
data_t *salt,
@@ -3913,7 +3913,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract_ret( int alg, int ret )
{
int output_ret;
@@ -3942,7 +3942,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand( int alg,
data_t *info,
data_t *prk,
@@ -3970,7 +3970,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
{
int output_ret;
@@ -4062,7 +4062,7 @@
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg,
@@ -4074,7 +4074,7 @@
ASSERT_COMPARE( dst, (size_t) desired_length,
expected->x, (size_t) expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4098,7 +4098,7 @@
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
expected_client_write_key->len == (size_t) desired_key_len );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
(mbedtls_md_type_t) hash_alg,
@@ -4125,7 +4125,7 @@
expected_server_write_iv->x,
(size_t) desired_iv_len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4156,7 +4156,7 @@
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
(mbedtls_md_type_t) hash_alg,
@@ -4169,7 +4169,7 @@
ASSERT_COMPARE( dst, desired_length,
expected->x, desired_length );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4192,7 +4192,7 @@
traffic_expected->len == md_size &&
exporter_expected->len == md_size );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
md_type, secret->x, transcript->x, transcript->len,
@@ -4203,7 +4203,7 @@
ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4226,7 +4226,7 @@
client_expected->len == md_size &&
server_expected->len == md_size );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
md_type, secret->x, transcript->x, transcript->len,
@@ -4237,7 +4237,7 @@
ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
server_expected->x, server_expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4262,7 +4262,7 @@
server_expected->len == md_size &&
exporter_expected->len == md_size );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
md_type, secret->x, transcript->x, transcript->len,
@@ -4275,7 +4275,7 @@
ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4296,7 +4296,7 @@
transcript->len == md_size &&
resumption_expected->len == md_size );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
md_type, secret->x, transcript->x, transcript->len,
@@ -4305,7 +4305,7 @@
ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
resumption_expected->x, resumption_expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4326,7 +4326,7 @@
transcript->len == md_size &&
binder_expected->len == md_size );
- USE_PSA_INIT( );
+ PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */
@@ -4339,7 +4339,7 @@
ASSERT_COMPARE( binder, md_size,
binder_expected->x, binder_expected->len );
- USE_PSA_DONE( );
+ PSA_DONE( );
}
/* END_CASE */
@@ -4452,7 +4452,7 @@
{
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
- USE_PSA_INIT();
+ PSA_INIT();
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
(mbedtls_md_type_t) hash_alg,
@@ -4463,7 +4463,7 @@
ASSERT_COMPARE( secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len );
- USE_PSA_DONE();
+ PSA_DONE();
}
/* END_CASE */