diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index cdc2be171f..2e3ffc2100 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -1040,7 +1040,8 @@ #endif #if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) + !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif @@ -1141,7 +1142,9 @@ #error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ + !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 495cd5ab3b..53c03b5d3b 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -192,4 +192,24 @@ #define MBEDTLS_CIPHER_PADDING_PKCS7 #endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_SSL_HAVE_GCM +#endif + +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_SSL_HAVE_CCM +#endif + +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_SSL_HAVE_CHACHAPOLY +#endif + +#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) +#define MBEDTLS_SSL_HAVE_AEAD +#endif + #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index bbf57ceee7..4e1e996c6f 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -80,7 +80,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_CAMELLIA_C) MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA, #endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) MBEDTLS_CIPHER_BASE_INDEX_CCM_AES, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -104,7 +104,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_DES_C) MBEDTLS_CIPHER_BASE_INDEX_DES, #endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) MBEDTLS_CIPHER_BASE_INDEX_GCM_AES, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) @@ -576,7 +576,9 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } +#endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t gcm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -598,12 +600,21 @@ static const mbedtls_cipher_base_t gcm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_STREAM) NULL, #endif +#if defined(MBEDTLS_GCM_C) gcm_aes_setkey_wrap, gcm_aes_setkey_wrap, gcm_ctx_alloc, gcm_ctx_free, +#else + NULL, + NULL, + NULL, + NULL, +#endif /* MBEDTLS_GCM_C */ }; +#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */ +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_gcm_info = { "AES-128-GCM", 16, @@ -638,7 +649,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; #endif -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */ #if defined(MBEDTLS_CCM_C) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, @@ -647,7 +658,9 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } +#endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t ccm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -669,12 +682,21 @@ static const mbedtls_cipher_base_t ccm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_STREAM) NULL, #endif +#if defined(MBEDTLS_CCM_C) ccm_aes_setkey_wrap, ccm_aes_setkey_wrap, ccm_ctx_alloc, ccm_ctx_free, +#else + NULL, + NULL, + NULL, + NULL, +#endif }; +#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */ +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_ccm_info = { "AES-128-CCM", 16, @@ -709,7 +731,9 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif +#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */ +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", 16, @@ -744,7 +768,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA */ #endif /* MBEDTLS_AES_C */ @@ -2245,19 +2269,21 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif #endif -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, #endif +#endif +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, @@ -2387,7 +2413,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_CAMELLIA_C) [MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info, #endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) [MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -2411,7 +2437,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_DES_C) [MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info, #endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) [MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8d..c1915bce9e 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -36,6 +36,44 @@ extern "C" { #endif +/* Support for GCM either through Mbed TLS SW implementation or PSA */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA +#endif + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA +#endif + +#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA +#endif + +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA) +#define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA +#endif + /** * Base cipher information. The non-mode specific functions and values. */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 2368489df2..95aa5816ce 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -293,7 +293,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, @@ -308,8 +308,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_GCM */ +#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ @@ -320,19 +320,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CCM_C */ +#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, "TLS1-3-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_MD_CAN_SHA256 */ +#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_CHACHAPOLY_C) && \ +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) @@ -391,7 +391,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#endif /* MBEDTLS_CHACHAPOLY_C && +#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -415,12 +415,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -429,14 +429,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, @@ -453,7 +453,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -474,7 +474,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -489,7 +489,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -523,12 +523,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -537,12 +537,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -564,7 +564,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -579,7 +579,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -595,7 +595,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_GCM_C) + defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -603,12 +603,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", @@ -636,7 +636,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -653,7 +653,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -682,7 +682,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -696,7 +696,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -704,7 +704,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_GCM_C) + defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -712,12 +712,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", @@ -745,7 +745,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -762,7 +762,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -792,7 +792,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, @@ -806,7 +806,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -832,12 +832,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -846,12 +846,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -873,7 +873,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -888,7 +888,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -922,12 +922,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -936,12 +936,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -963,7 +963,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -978,7 +978,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -993,7 +993,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1007,7 +1007,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1036,7 +1036,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 0, @@ -1053,7 +1053,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1073,7 +1073,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1087,14 +1087,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1108,7 +1108,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1137,7 +1137,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, @@ -1154,7 +1154,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1174,7 +1174,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1188,7 +1188,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -1249,7 +1249,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1263,7 +1263,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1311,7 +1311,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1325,19 +1325,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c312d816ea..12b8f9bf01 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -863,9 +863,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, *add_data_len = cur - add_data; } -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_SSL_HAVE_AEAD) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_transform_aead_dynamic_iv_is_explicit( mbedtls_ssl_transform const *transform) @@ -910,7 +908,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, dst_iv += dst_iv_len - dynamic_iv_len; mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len); } -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, @@ -1146,9 +1144,7 @@ hmac_failed_etm_disabled: } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1258,7 +1254,7 @@ hmac_failed_etm_disabled: auth_done++; } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { @@ -1496,9 +1492,9 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec) { -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD) size_t olen; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */ mbedtls_ssl_mode_t ssl_mode; int ret; @@ -1559,9 +1555,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, * so there's no encryption to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1677,7 +1671,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d3a7ddb42f..827b7fbcfc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8287,9 +8287,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; #endif -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { size_t explicit_ivlen; @@ -8324,7 +8322,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, explicit_ivlen = transform->ivlen - transform->fixed_ivlen; transform->minlen = explicit_ivlen + transform->taglen; } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || ssl_mode == MBEDTLS_SSL_MODE_CBC || diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0eecf4fdd6..fdcf7b48a4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3521,8 +3521,8 @@ component_test_psa_crypto_config_accel_cipher () { # Configure # --------- - # Start from the default config (no TLS 1.3, no USE_PSA) - helper_libtestdriver1_adjust_config "default" + # Start from the full config + helper_libtestdriver1_adjust_config "full" # There is no intended accelerator support for ALG CMAC. Therefore, asking # for it in the build implies the inclusion of the Mbed TLS cipher @@ -3561,21 +3561,19 @@ component_test_psa_crypto_config_accel_cipher () { component_test_psa_crypto_config_accel_aead () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \ + KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" # Configure # --------- - # Start from default config (no TLS 1.3, no USE_PSA) - helper_libtestdriver1_adjust_config "default" + # Start from full config + helper_libtestdriver1_adjust_config "full" # Disable things that are being accelerated scripts/config.py unset MBEDTLS_GCM_C scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CHACHAPOLY_C - # Features that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C # Build # ----- diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index fdf22a92fe..e6970129ea 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -6,7 +6,7 @@ #include "mbedtls/gcm.h" #endif -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_AUTH_CRYPT #endif @@ -85,7 +85,7 @@ exit: return 0; } -#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* Helper for resetting key/direction * * The documentation doesn't explicitly say whether calling @@ -842,7 +842,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, data_t *ad, data_t *cipher, data_t *tag, char *result, data_t *clear, int use_psa)