yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3

Browse source 
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei 2022-03-24 17:49:14 +01:00
parent 1e64f7a643
commit 5d9a1fe9e9
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
4 changed files with 28 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
library/ssl_misc.h
View file

@ -2085,7 +2085,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#define MBEDTLS_SSL_SIG_ALG( hash ) #define MBEDTLS_SSL_SIG_ALG( hash )
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_PSA_CRYPTO_C)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier. * guaranteed to not be a valid PSA algorithm identifier.
@ -2115,9 +2115,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ
psa_algorithm_t *alg, psa_algorithm_t *alg,
psa_key_type_t *key_type, psa_key_type_t *key_type,
size_t *key_size ); size_t *key_size );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/** /**
* \brief Convert given PSA status to mbedtls error code. * \brief Convert given PSA status to mbedtls error code.
* *
@ -2145,6 +2143,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
} }
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* ssl_misc.h */ #endif /* ssl_misc.h */

10
library/ssl_tls13_invasive.h
View file

@ -20,14 +20,12 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h" #include "psa/crypto.h"
#endif
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/** /**
* \brief Take the input keying material \p ikm and extract from it a * \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk. * fixed-length pseudorandom key \p prk.
@ -87,8 +85,8 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
const unsigned char *info, size_t info_len, const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len ); unsigned char *okm, size_t okm_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */ #endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */

37
library/ssl_tls13_keys.c
View file

@ -136,8 +136,6 @@ static void ssl_tls13_hkdf_encode_label(
*dst_len = total_hkdf_lbl_len; *dst_len = total_hkdf_lbl_len;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg, psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len, const unsigned char *salt, size_t salt_len,
@ -312,8 +310,6 @@ cleanup:
return( ( status == PSA_SUCCESS ) ? destroy_status : status ); return( ( status == PSA_SUCCESS ) ? destroy_status : status );
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int mbedtls_ssl_tls13_hkdf_expand_label( int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg, mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t secret_len, const unsigned char *secret, size_t secret_len,
@ -324,11 +320,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len; size_t hkdf_label_len;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg; psa_algorithm_t alg;
#else
const mbedtls_md_info_t *md_info;
#endif
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{ {
@ -350,17 +342,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( hash_alg ); alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) ) if( ! PSA_ALG_IS_HASH( alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
alg = PSA_ALG_HMAC( alg ); alg = PSA_ALG_HMAC( alg );
#else
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_tls13_hkdf_encode_label( buf_len, ssl_tls13_hkdf_encode_label( buf_len,
label, label_len, label, label_len,
@ -368,18 +354,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
hkdf_label, hkdf_label,
&hkdf_label_len ); &hkdf_label_len );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return( psa_ssl_status_to_mbedtls( return( psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_expand( alg, mbedtls_psa_hkdf_expand( alg,
secret, secret_len, secret, secret_len,
hkdf_label, hkdf_label_len, hkdf_label, hkdf_label_len,
buf, buf_len ) ) ); buf, buf_len ) ) );
#else
return mbedtls_hkdf_expand( md_info,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, buf_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} }
/* /*
@ -500,7 +479,6 @@ int mbedtls_ssl_tls13_evolve_secret(
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t secret_len; size_t secret_len;
psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg ); psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) ) if( ! PSA_ALG_IS_HASH( alg ) )
@ -508,14 +486,6 @@ int mbedtls_ssl_tls13_evolve_secret(
alg = PSA_ALG_HMAC( alg ); alg = PSA_ALG_HMAC( alg );
hlen = PSA_HASH_LENGTH( alg ); hlen = PSA_HASH_LENGTH( alg );
#else
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* For non-initial runs, call Derive-Secret( ., "derived", "") /* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */ * on the old secret. */
@ -545,18 +515,11 @@ int mbedtls_ssl_tls13_evolve_secret(
/* HKDF-Extract takes a salt and input key material. /* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material * The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */ * is the input secret (PSK / ECDHE). */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = psa_ssl_status_to_mbedtls( ret = psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_extract( alg, mbedtls_psa_hkdf_extract( alg,
tmp_secret, hlen, tmp_secret, hlen,
tmp_input, ilen, tmp_input, ilen,
secret_new, hlen, &secret_len ) ); secret_new, hlen, &secret_len ) );
#else
ret = mbedtls_hkdf_extract( md_info,
tmp_secret, hlen,
tmp_input, ilen,
secret_new );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup: cleanup:

44
tests/suites/test_suite_ssl.function
View file

@ -3885,7 +3885,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract( int alg, void psa_hkdf_extract( int alg,
data_t *ikm, data_t *ikm,
data_t *salt, data_t *salt,
@ -3913,7 +3913,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract_ret( int alg, int ret ) void psa_hkdf_extract_ret( int alg, int ret )
{ {
int output_ret; int output_ret;
@ -3942,7 +3942,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand( int alg, void psa_hkdf_expand( int alg,
data_t *info, data_t *info,
data_t *prk, data_t *prk,
@ -3970,7 +3970,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret ) void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
{ {
int output_ret; int output_ret;
@ -4062,7 +4062,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len ); TEST_ASSERT( (size_t) desired_length == expected->len );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label( TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
@ -4074,7 +4074,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
ASSERT_COMPARE( dst, (size_t) desired_length, ASSERT_COMPARE( dst, (size_t) desired_length,
expected->x, (size_t) expected->len ); expected->x, (size_t) expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4098,7 +4098,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len && TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
expected_client_write_key->len == (size_t) desired_key_len ); expected_client_write_key->len == (size_t) desired_key_len );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys( TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
@ -4125,7 +4125,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
expected_server_write_iv->x, expected_server_write_iv->x,
(size_t) desired_iv_len ); (size_t) desired_iv_len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4156,7 +4156,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len ); TEST_ASSERT( (size_t) desired_length == expected->len );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret( TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
@ -4169,7 +4169,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
ASSERT_COMPARE( dst, desired_length, ASSERT_COMPARE( dst, desired_length,
expected->x, desired_length ); expected->x, desired_length );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4192,7 +4192,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
traffic_expected->len == md_size && traffic_expected->len == md_size &&
exporter_expected->len == md_size ); exporter_expected->len == md_size );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets( TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
md_type, secret->x, transcript->x, transcript->len, md_type, secret->x, transcript->x, transcript->len,
@ -4203,7 +4203,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size, ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len ); exporter_expected->x, exporter_expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4226,7 +4226,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
client_expected->len == md_size && client_expected->len == md_size &&
server_expected->len == md_size ); server_expected->len == md_size );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets( TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
md_type, secret->x, transcript->x, transcript->len, md_type, secret->x, transcript->x, transcript->len,
@ -4237,7 +4237,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size, ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
server_expected->x, server_expected->len ); server_expected->x, server_expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4262,7 +4262,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
server_expected->len == md_size && server_expected->len == md_size &&
exporter_expected->len == md_size ); exporter_expected->len == md_size );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets( TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
md_type, secret->x, transcript->x, transcript->len, md_type, secret->x, transcript->x, transcript->len,
@ -4275,7 +4275,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
ASSERT_COMPARE( secrets.exporter_master_secret, md_size, ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len ); exporter_expected->x, exporter_expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4296,7 +4296,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
transcript->len == md_size && transcript->len == md_size &&
resumption_expected->len == md_size ); resumption_expected->len == md_size );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret( TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
md_type, secret->x, transcript->x, transcript->len, md_type, secret->x, transcript->x, transcript->len,
@ -4305,7 +4305,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
ASSERT_COMPARE( secrets.resumption_master_secret, md_size, ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
resumption_expected->x, resumption_expected->len ); resumption_expected->x, resumption_expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4326,7 +4326,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
transcript->len == md_size && transcript->len == md_size &&
binder_expected->len == md_size ); binder_expected->len == md_size );
USE_PSA_INIT( ); PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder( TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */ NULL, /* SSL context for debugging only */
@ -4339,7 +4339,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
ASSERT_COMPARE( binder, md_size, ASSERT_COMPARE( binder, md_size,
binder_expected->x, binder_expected->len ); binder_expected->x, binder_expected->len );
USE_PSA_DONE( ); PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
@ -4452,7 +4452,7 @@ void ssl_tls13_key_evolution( int hash_alg,
{ {
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ]; unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
USE_PSA_INIT(); PSA_INIT();
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret( TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
@ -4463,7 +4463,7 @@ void ssl_tls13_key_evolution( int hash_alg,
ASSERT_COMPARE( secret_new, (size_t) expected->len, ASSERT_COMPARE( secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len ); expected->x, (size_t) expected->len );
USE_PSA_DONE(); PSA_DONE();
} }
/* END_CASE */ /* END_CASE */