diff --git a/library/ssl_misc.h b/library/ssl_misc.h index df4835b506..e274d5b1a7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2085,7 +2085,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #define MBEDTLS_SSL_SIG_ALG( hash ) #endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is * guaranteed to not be a valid PSA algorithm identifier. @@ -2115,9 +2115,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ psa_algorithm_t *alg, psa_key_type_t *key_type, size_t *key_size ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) /** * \brief Convert given PSA status to mbedtls error code. * @@ -2145,6 +2143,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index c04eff741d..8a3a50170f 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -20,14 +20,12 @@ #include "common.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + #include "psa/crypto.h" -#endif #if defined(MBEDTLS_TEST_HOOKS) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /** * \brief Take the input keying material \p ikm and extract from it a * fixed-length pseudorandom key \p prk. @@ -87,8 +85,8 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d6a027a4cb..44db38ffa0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -136,8 +136,6 @@ static void ssl_tls13_hkdf_encode_label( *dst_len = total_hkdf_lbl_len; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - MBEDTLS_STATIC_TESTABLE psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg, const unsigned char *salt, size_t salt_len, @@ -312,8 +310,6 @@ cleanup: return( ( status == PSA_SUCCESS ) ? destroy_status : status ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - int mbedtls_ssl_tls13_hkdf_expand_label( mbedtls_md_type_t hash_alg, const unsigned char *secret, size_t secret_len, @@ -324,11 +320,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label( unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; size_t hkdf_label_len; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg; -#else - const mbedtls_md_info_t *md_info; -#endif if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) { @@ -350,17 +342,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = mbedtls_psa_translate_md( hash_alg ); if( ! PSA_ALG_IS_HASH( alg ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); alg = PSA_ALG_HMAC( alg ); -#else - md_info = mbedtls_md_info_from_type( hash_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl_tls13_hkdf_encode_label( buf_len, label, label_len, @@ -368,18 +354,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( hkdf_label, &hkdf_label_len ); -#if defined(MBEDTLS_USE_PSA_CRYPTO) return( psa_ssl_status_to_mbedtls( mbedtls_psa_hkdf_expand( alg, secret, secret_len, hkdf_label, hkdf_label_len, buf, buf_len ) ) ); -#else - return mbedtls_hkdf_expand( md_info, - secret, secret_len, - hkdf_label, hkdf_label_len, - buf, buf_len ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } /* @@ -500,7 +479,6 @@ int mbedtls_ssl_tls13_evolve_secret( unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t secret_len; psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg ); if( ! PSA_ALG_IS_HASH( alg ) ) @@ -508,14 +486,6 @@ int mbedtls_ssl_tls13_evolve_secret( alg = PSA_ALG_HMAC( alg ); hlen = PSA_HASH_LENGTH( alg ); -#else - const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type( hash_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - hlen = mbedtls_md_get_size( md_info ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* For non-initial runs, call Derive-Secret( ., "derived", "") * on the old secret. */ @@ -545,18 +515,11 @@ int mbedtls_ssl_tls13_evolve_secret( /* HKDF-Extract takes a salt and input key material. * The salt is the old secret, and the input key material * is the input secret (PSK / ECDHE). */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = psa_ssl_status_to_mbedtls( mbedtls_psa_hkdf_extract( alg, tmp_secret, hlen, tmp_input, ilen, secret_new, hlen, &secret_len ) ); -#else - ret = mbedtls_hkdf_extract( md_info, - tmp_secret, hlen, - tmp_input, ilen, - secret_new ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cleanup: diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5e02d10c72..81a0f48a0b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3885,7 +3885,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ void psa_hkdf_extract( int alg, data_t *ikm, data_t *salt, @@ -3913,7 +3913,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ void psa_hkdf_extract_ret( int alg, int ret ) { int output_ret; @@ -3942,7 +3942,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ void psa_hkdf_expand( int alg, data_t *info, data_t *prk, @@ -3970,7 +3970,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret ) { int output_ret; @@ -4062,7 +4062,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length == expected->len ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label( (mbedtls_md_type_t) hash_alg, @@ -4074,7 +4074,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST ASSERT_COMPARE( dst, (size_t) desired_length, expected->x, (size_t) expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4098,7 +4098,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg, TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len && expected_client_write_key->len == (size_t) desired_key_len ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys( (mbedtls_md_type_t) hash_alg, @@ -4125,7 +4125,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg, expected_server_write_iv->x, (size_t) desired_iv_len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4156,7 +4156,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length == expected->len ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_derive_secret( (mbedtls_md_type_t) hash_alg, @@ -4169,7 +4169,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST ASSERT_COMPARE( dst, desired_length, expected->x, desired_length ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4192,7 +4192,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg, traffic_expected->len == md_size && exporter_expected->len == md_size ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets( md_type, secret->x, transcript->x, transcript->len, @@ -4203,7 +4203,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg, ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size, exporter_expected->x, exporter_expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4226,7 +4226,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg, client_expected->len == md_size && server_expected->len == md_size ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets( md_type, secret->x, transcript->x, transcript->len, @@ -4237,7 +4237,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg, ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size, server_expected->x, server_expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4262,7 +4262,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg, server_expected->len == md_size && exporter_expected->len == md_size ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets( md_type, secret->x, transcript->x, transcript->len, @@ -4275,7 +4275,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg, ASSERT_COMPARE( secrets.exporter_master_secret, md_size, exporter_expected->x, exporter_expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4296,7 +4296,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg, transcript->len == md_size && resumption_expected->len == md_size ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret( md_type, secret->x, transcript->x, transcript->len, @@ -4305,7 +4305,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg, ASSERT_COMPARE( secrets.resumption_master_secret, md_size, resumption_expected->x, resumption_expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4326,7 +4326,7 @@ void ssl_tls13_create_psk_binder( int hash_alg, transcript->len == md_size && binder_expected->len == md_size ); - USE_PSA_INIT( ); + PSA_INIT( ); TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder( NULL, /* SSL context for debugging only */ @@ -4339,7 +4339,7 @@ void ssl_tls13_create_psk_binder( int hash_alg, ASSERT_COMPARE( binder, md_size, binder_expected->x, binder_expected->len ); - USE_PSA_DONE( ); + PSA_DONE( ); } /* END_CASE */ @@ -4452,7 +4452,7 @@ void ssl_tls13_key_evolution( int hash_alg, { unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ]; - USE_PSA_INIT(); + PSA_INIT(); TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret( (mbedtls_md_type_t) hash_alg, @@ -4463,7 +4463,7 @@ void ssl_tls13_key_evolution( int hash_alg, ASSERT_COMPARE( secret_new, (size_t) expected->len, expected->x, (size_t) expected->len ); - USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */