Translate from mbedtls_md_type_t to psa_algorithm_t
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 0c6e313..4383454 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -4379,18 +4379,20 @@
SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
SSL TLS 1.3 Key schedule: Secret evolution #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Early secret to Handshake Secret
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
SSL TLS 1.3 Key schedule: Secret evolution #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Handshake secret to Master Secret
-ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Extract
depends_on:PSA_WANT_ALG_SHA_256
@@ -4477,120 +4479,144 @@
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
SSL TLS 1.3 Key schedule: HKDF Expand Label #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
SSL TLS 1.3 Key schedule: HKDF Expand Label #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
SSL TLS 1.3 Key schedule: HKDF Expand Label #4
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic Key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic Key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448)
# Calculation of finished_key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448)
# Calculation of resumption key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
SSL TLS 1.3 Key schedule: Traffic key generation #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
-ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448)
# Vector RFC 8448
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
-ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( Early-Secret, "derived", "")
# Tests the case where context isn't yet hashed (empty string here,
# but still needs to be hashed)
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( MasterSecret, "s ap traffic", hash)
# Tests the case where context is already hashed
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
# Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: Early secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_early_secrets:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_handshake_secrets:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@@ -4650,17 +4676,20 @@
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
# Vector from RFC 8448
-ssl_tls13_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_derive_resumption_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: PSK binder
# Vector from RFC 8448
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
-ssl_tls13_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
+depends_on:PSA_WANT_ALG_SHA_256
+ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 81a0f48..cc7baba 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4065,7 +4065,7 @@
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
ctx->x, ctx->len,
@@ -4101,7 +4101,7 @@
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
client_secret->x,
server_secret->x,
client_secret->len /* == server_secret->len */,
@@ -4159,7 +4159,7 @@
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
ctx->x, ctx->len,
@@ -4183,24 +4183,23 @@
mbedtls_ssl_tls13_early_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- traffic_expected->len == md_size &&
- exporter_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ traffic_expected->len == hash_len &&
+ exporter_expected->len == hash_len );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.client_early_traffic_secret, hash_len,
traffic_expected->x, traffic_expected->len );
- ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
+ ASSERT_COMPARE( secrets.early_exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len );
PSA_DONE( );
@@ -4217,24 +4216,23 @@
mbedtls_ssl_tls13_handshake_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- client_expected->len == md_size &&
- server_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ client_expected->len == hash_len &&
+ server_expected->len == hash_len );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.client_handshake_traffic_secret, hash_len,
client_expected->x, client_expected->len );
- ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
+ ASSERT_COMPARE( secrets.server_handshake_traffic_secret, hash_len,
server_expected->x, server_expected->len );
PSA_DONE( );
@@ -4252,27 +4250,26 @@
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- client_expected->len == md_size &&
- server_expected->len == md_size &&
- exporter_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ client_expected->len == hash_len &&
+ server_expected->len == hash_len &&
+ exporter_expected->len == hash_len );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
+ ASSERT_COMPARE( secrets.client_application_traffic_secret_N, hash_len,
client_expected->x, client_expected->len );
- ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
+ ASSERT_COMPARE( secrets.server_application_traffic_secret_N, hash_len,
server_expected->x, server_expected->len );
- ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
+ ASSERT_COMPARE( secrets.exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len );
PSA_DONE( );
@@ -4288,21 +4285,20 @@
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- secret->len == md_size &&
- transcript->len == md_size &&
- resumption_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ secret->len == hash_len &&
+ transcript->len == hash_len &&
+ resumption_expected->len == hash_len );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
- md_type, secret->x, transcript->x, transcript->len,
+ alg, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
- ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
+ ASSERT_COMPARE( secrets.resumption_master_secret, hash_len,
resumption_expected->x, resumption_expected->len );
PSA_DONE( );
@@ -4319,24 +4315,23 @@
unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
/* Double-check that we've passed sane parameters. */
- mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
- mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
- size_t const md_size = mbedtls_md_get_size( md_info );
- TEST_ASSERT( md_info != 0 &&
- transcript->len == md_size &&
- binder_expected->len == md_size );
+ psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
+ size_t const hash_len = PSA_HASH_LENGTH( alg );
+ TEST_ASSERT( PSA_ALG_IS_HASH( alg ) &&
+ transcript->len == hash_len &&
+ binder_expected->len == hash_len );
PSA_INIT( );
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */
- md_type,
+ alg,
psk->x, psk->len,
psk_type,
transcript->x,
binder ) == 0 );
- ASSERT_COMPARE( binder, md_size,
+ ASSERT_COMPARE( binder, hash_len,
binder_expected->x, binder_expected->len );
PSA_DONE( );
@@ -4455,7 +4450,7 @@
PSA_INIT();
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
- (mbedtls_md_type_t) hash_alg,
+ (psa_algorithm_t) hash_alg,
secret->len ? secret->x : NULL,
input->len ? input->x : NULL, input->len,
secret_new ) == 0 );