PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index df4835b..e274d5b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2085,7 +2085,7 @@
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
@@ -2115,9 +2115,7 @@
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Convert given PSA status to mbedtls error code.
*
@@ -2145,6 +2143,6 @@
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index c04eff7..8a3a501 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -20,14 +20,12 @@
#include "common.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_TEST_HOOKS)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
/**
* \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk.
@@ -87,8 +85,8 @@
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
#endif /* MBEDTLS_TEST_HOOKS */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index d6a027a..44db38f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -136,8 +136,6 @@
*dst_len = total_hkdf_lbl_len;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
MBEDTLS_STATIC_TESTABLE
psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len,
@@ -312,8 +310,6 @@
return( ( status == PSA_SUCCESS ) ? destroy_status : status );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t secret_len,
@@ -324,11 +320,7 @@
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg;
-#else
- const mbedtls_md_info_t *md_info;
-#endif
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{
@@ -350,17 +342,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
alg = PSA_ALG_HMAC( alg );
-#else
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_tls13_hkdf_encode_label( buf_len,
label, label_len,
@@ -368,18 +354,11 @@
hkdf_label,
&hkdf_label_len );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return( psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_expand( alg,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, buf_len ) ) );
-#else
- return mbedtls_hkdf_expand( md_info,
- secret, secret_len,
- hkdf_label, hkdf_label_len,
- buf, buf_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/*
@@ -500,7 +479,6 @@
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t secret_len;
psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
@@ -508,14 +486,6 @@
alg = PSA_ALG_HMAC( alg );
hlen = PSA_HASH_LENGTH( alg );
-#else
- const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type( hash_alg );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- hlen = mbedtls_md_get_size( md_info );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
@@ -545,18 +515,11 @@
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_extract( alg,
tmp_secret, hlen,
tmp_input, ilen,
secret_new, hlen, &secret_len ) );
-#else
- ret = mbedtls_hkdf_extract( md_info,
- tmp_secret, hlen,
- tmp_input, ilen,
- secret_new );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup: