PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
parent
1e64f7a643
commit
5d9a1fe9e9
4 changed files with 28 additions and 69 deletions
|
@ -2085,7 +2085,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
|
|||
#define MBEDTLS_SSL_SIG_ALG( hash )
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
|
||||
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
|
||||
* guaranteed to not be a valid PSA algorithm identifier.
|
||||
|
@ -2115,9 +2115,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ
|
|||
psa_algorithm_t *alg,
|
||||
psa_key_type_t *key_type,
|
||||
size_t *key_size );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/**
|
||||
* \brief Convert given PSA status to mbedtls error code.
|
||||
*
|
||||
|
@ -2145,6 +2143,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
|
|||
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#endif /* ssl_misc.h */
|
||||
|
|
|
@ -20,14 +20,12 @@
|
|||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
/**
|
||||
* \brief Take the input keying material \p ikm and extract from it a
|
||||
* fixed-length pseudorandom key \p prk.
|
||||
|
@ -87,8 +85,8 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
|
|||
const unsigned char *info, size_t info_len,
|
||||
unsigned char *okm, size_t okm_len );
|
||||
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_TEST_HOOKS */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */
|
||||
|
|
|
@ -136,8 +136,6 @@ static void ssl_tls13_hkdf_encode_label(
|
|||
*dst_len = total_hkdf_lbl_len;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
|
@ -312,8 +310,6 @@ cleanup:
|
|||
return( ( status == PSA_SUCCESS ) ? destroy_status : status );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
int mbedtls_ssl_tls13_hkdf_expand_label(
|
||||
mbedtls_md_type_t hash_alg,
|
||||
const unsigned char *secret, size_t secret_len,
|
||||
|
@ -324,11 +320,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
|
|||
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
|
||||
size_t hkdf_label_len;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_algorithm_t alg;
|
||||
#else
|
||||
const mbedtls_md_info_t *md_info;
|
||||
#endif
|
||||
|
||||
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
|
||||
{
|
||||
|
@ -350,17 +342,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
alg = mbedtls_psa_translate_md( hash_alg );
|
||||
if( ! PSA_ALG_IS_HASH( alg ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
alg = PSA_ALG_HMAC( alg );
|
||||
#else
|
||||
md_info = mbedtls_md_info_from_type( hash_alg );
|
||||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
ssl_tls13_hkdf_encode_label( buf_len,
|
||||
label, label_len,
|
||||
|
@ -368,18 +354,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
|
|||
hkdf_label,
|
||||
&hkdf_label_len );
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
return( psa_ssl_status_to_mbedtls(
|
||||
mbedtls_psa_hkdf_expand( alg,
|
||||
secret, secret_len,
|
||||
hkdf_label, hkdf_label_len,
|
||||
buf, buf_len ) ) );
|
||||
#else
|
||||
return mbedtls_hkdf_expand( md_info,
|
||||
secret, secret_len,
|
||||
hkdf_label, hkdf_label_len,
|
||||
buf, buf_len );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -500,7 +479,6 @@ int mbedtls_ssl_tls13_evolve_secret(
|
|||
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
|
||||
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t secret_len;
|
||||
psa_algorithm_t alg = mbedtls_psa_translate_md( hash_alg );
|
||||
if( ! PSA_ALG_IS_HASH( alg ) )
|
||||
|
@ -508,14 +486,6 @@ int mbedtls_ssl_tls13_evolve_secret(
|
|||
|
||||
alg = PSA_ALG_HMAC( alg );
|
||||
hlen = PSA_HASH_LENGTH( alg );
|
||||
#else
|
||||
const mbedtls_md_info_t *md_info;
|
||||
md_info = mbedtls_md_info_from_type( hash_alg );
|
||||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* For non-initial runs, call Derive-Secret( ., "derived", "")
|
||||
* on the old secret. */
|
||||
|
@ -545,18 +515,11 @@ int mbedtls_ssl_tls13_evolve_secret(
|
|||
/* HKDF-Extract takes a salt and input key material.
|
||||
* The salt is the old secret, and the input key material
|
||||
* is the input secret (PSK / ECDHE). */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
ret = psa_ssl_status_to_mbedtls(
|
||||
mbedtls_psa_hkdf_extract( alg,
|
||||
tmp_secret, hlen,
|
||||
tmp_input, ilen,
|
||||
secret_new, hlen, &secret_len ) );
|
||||
#else
|
||||
ret = mbedtls_hkdf_extract( md_info,
|
||||
tmp_secret, hlen,
|
||||
tmp_input, ilen,
|
||||
secret_new );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
cleanup:
|
||||
|
||||
|
|
|
@ -3885,7 +3885,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void psa_hkdf_extract( int alg,
|
||||
data_t *ikm,
|
||||
data_t *salt,
|
||||
|
@ -3913,7 +3913,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void psa_hkdf_extract_ret( int alg, int ret )
|
||||
{
|
||||
int output_ret;
|
||||
|
@ -3942,7 +3942,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void psa_hkdf_expand( int alg,
|
||||
data_t *info,
|
||||
data_t *prk,
|
||||
|
@ -3970,7 +3970,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret )
|
||||
{
|
||||
int output_ret;
|
||||
|
@ -4062,7 +4062,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
|||
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
|
||||
TEST_ASSERT( (size_t) desired_length == expected->len );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
|
||||
(mbedtls_md_type_t) hash_alg,
|
||||
|
@ -4074,7 +4074,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
|||
ASSERT_COMPARE( dst, (size_t) desired_length,
|
||||
expected->x, (size_t) expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4098,7 +4098,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
|
|||
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
|
||||
expected_client_write_key->len == (size_t) desired_key_len );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
|
||||
(mbedtls_md_type_t) hash_alg,
|
||||
|
@ -4125,7 +4125,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
|
|||
expected_server_write_iv->x,
|
||||
(size_t) desired_iv_len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4156,7 +4156,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
|||
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
|
||||
TEST_ASSERT( (size_t) desired_length == expected->len );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
|
||||
(mbedtls_md_type_t) hash_alg,
|
||||
|
@ -4169,7 +4169,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
|||
ASSERT_COMPARE( dst, desired_length,
|
||||
expected->x, desired_length );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4192,7 +4192,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
|
|||
traffic_expected->len == md_size &&
|
||||
exporter_expected->len == md_size );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
|
@ -4203,7 +4203,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
|
|||
ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
|
||||
exporter_expected->x, exporter_expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4226,7 +4226,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
|
|||
client_expected->len == md_size &&
|
||||
server_expected->len == md_size );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
|
@ -4237,7 +4237,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
|
|||
ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
|
||||
server_expected->x, server_expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4262,7 +4262,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
|
|||
server_expected->len == md_size &&
|
||||
exporter_expected->len == md_size );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
|
@ -4275,7 +4275,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
|
|||
ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
|
||||
exporter_expected->x, exporter_expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4296,7 +4296,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
|
|||
transcript->len == md_size &&
|
||||
resumption_expected->len == md_size );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
|
@ -4305,7 +4305,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
|
|||
ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
|
||||
resumption_expected->x, resumption_expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4326,7 +4326,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
|
|||
transcript->len == md_size &&
|
||||
binder_expected->len == md_size );
|
||||
|
||||
USE_PSA_INIT( );
|
||||
PSA_INIT( );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
|
||||
NULL, /* SSL context for debugging only */
|
||||
|
@ -4339,7 +4339,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
|
|||
ASSERT_COMPARE( binder, md_size,
|
||||
binder_expected->x, binder_expected->len );
|
||||
|
||||
USE_PSA_DONE( );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -4452,7 +4452,7 @@ void ssl_tls13_key_evolution( int hash_alg,
|
|||
{
|
||||
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
|
||||
|
||||
USE_PSA_INIT();
|
||||
PSA_INIT();
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
|
||||
(mbedtls_md_type_t) hash_alg,
|
||||
|
@ -4463,7 +4463,7 @@ void ssl_tls13_key_evolution( int hash_alg,
|
|||
ASSERT_COMPARE( secret_new, (size_t) expected->len,
|
||||
expected->x, (size_t) expected->len );
|
||||
|
||||
USE_PSA_DONE();
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
Loading…
Reference in a new issue