PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3

With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei 2022-03-24 17:49:14 +01:00
parent 1e64f7a643
commit 5d9a1fe9e9
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
4 changed files with 28 additions and 69 deletions

View file

@ -2085,7 +2085,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
@ -2115,9 +2115,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Convert given PSA status to mbedtls error code.
*
@ -2145,6 +2143,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* ssl_misc.h */

View file

@ -20,14 +20,12 @@
#include "common.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
#endif
#if defined(MBEDTLS_TEST_HOOKS)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk.
@ -87,8 +85,8 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */

View file

@ -136,8 +136,6 @@ static void ssl_tls13_hkdf_encode_label(
*dst_len = total_hkdf_lbl_len;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_STATIC_TESTABLE
psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
const unsigned char *salt, size_t salt_len,
@ -312,8 +310,6 @@ cleanup:
return( ( status == PSA_SUCCESS ) ? destroy_status : status );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t secret_len,
@ -324,11 +320,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg;
#else
const mbedtls_md_info_t *md_info;
#endif
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{
@ -350,17 +342,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
alg = PSA_ALG_HMAC( alg );
#else
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_tls13_hkdf_encode_label( buf_len,
label, label_len,
@ -368,18 +354,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
hkdf_label,
&hkdf_label_len );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return( psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_expand( alg,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, buf_len ) ) );
#else
return mbedtls_hkdf_expand( md_info,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, buf_len );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
/*
@ -500,7 +479,6 @@ int mbedtls_ssl_tls13_evolve_secret(
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t secret_len;
psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg );
if( ! PSA_ALG_IS_HASH( alg ) )
@ -508,14 +486,6 @@ int mbedtls_ssl_tls13_evolve_secret(
alg = PSA_ALG_HMAC( alg );
hlen = PSA_HASH_LENGTH( alg );
#else
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
@ -545,18 +515,11 @@ int mbedtls_ssl_tls13_evolve_secret(
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = psa_ssl_status_to_mbedtls(
mbedtls_psa_hkdf_extract( alg,
tmp_secret, hlen,
tmp_input, ilen,
secret_new, hlen, &secret_len ) );
#else
ret = mbedtls_hkdf_extract( md_info,
tmp_secret, hlen,
tmp_input, ilen,
secret_new );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup:

View file

@ -3885,7 +3885,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract( int alg,
data_t *ikm,
data_t *salt,
@ -3913,7 +3913,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_extract_ret( int alg, int ret )
{
int output_ret;
@ -3942,7 +3942,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand( int alg,
data_t *info,
data_t *prk,
@ -3970,7 +3970,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
{
int output_ret;
@ -4062,7 +4062,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg,
@ -4074,7 +4074,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
ASSERT_COMPARE( dst, (size_t) desired_length,
expected->x, (size_t) expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4098,7 +4098,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
expected_client_write_key->len == (size_t) desired_key_len );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
(mbedtls_md_type_t) hash_alg,
@ -4125,7 +4125,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
expected_server_write_iv->x,
(size_t) desired_iv_len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4156,7 +4156,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
(mbedtls_md_type_t) hash_alg,
@ -4169,7 +4169,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
ASSERT_COMPARE( dst, desired_length,
expected->x, desired_length );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4192,7 +4192,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
traffic_expected->len == md_size &&
exporter_expected->len == md_size );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
md_type, secret->x, transcript->x, transcript->len,
@ -4203,7 +4203,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4226,7 +4226,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
client_expected->len == md_size &&
server_expected->len == md_size );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
md_type, secret->x, transcript->x, transcript->len,
@ -4237,7 +4237,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
server_expected->x, server_expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4262,7 +4262,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
server_expected->len == md_size &&
exporter_expected->len == md_size );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
md_type, secret->x, transcript->x, transcript->len,
@ -4275,7 +4275,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
exporter_expected->x, exporter_expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4296,7 +4296,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
transcript->len == md_size &&
resumption_expected->len == md_size );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
md_type, secret->x, transcript->x, transcript->len,
@ -4305,7 +4305,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
resumption_expected->x, resumption_expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4326,7 +4326,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
transcript->len == md_size &&
binder_expected->len == md_size );
USE_PSA_INIT( );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */
@ -4339,7 +4339,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
ASSERT_COMPARE( binder, md_size,
binder_expected->x, binder_expected->len );
USE_PSA_DONE( );
PSA_DONE( );
}
/* END_CASE */
@ -4452,7 +4452,7 @@ void ssl_tls13_key_evolution( int hash_alg,
{
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
USE_PSA_INIT();
PSA_INIT();
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
(mbedtls_md_type_t) hash_alg,
@ -4463,7 +4463,7 @@ void ssl_tls13_key_evolution( int hash_alg,
ASSERT_COMPARE( secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len );
USE_PSA_DONE();
PSA_DONE();
}
/* END_CASE */