Replace PSA/Cipher logic with mbedtls_get_mode_from_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c55c60f..0bfe4c9 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -523,9 +523,7 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_cipher_mode_t mode;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
@@ -566,15 +564,13 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ ssl_mode = mbedtls_get_mode_from_transform( transform );
+
data = rec->buf + rec->data_offset;
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
@@ -654,17 +650,8 @@
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
- ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING
-#else
- if( mode == MBEDTLS_MODE_STREAM ||
- ( mode == MBEDTLS_MODE_CBC
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
-#endif
- ) )
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC )
{
if( post_avail < transform->maclen )
{
@@ -748,11 +735,7 @@
* Encrypt
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
-#else
- if( mode == MBEDTLS_MODE_STREAM )
-#endif
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding",
@@ -767,13 +750,7 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
-#else
- if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -891,11 +868,8 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
-#else
- if( mode == MBEDTLS_MODE_CBC )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
@@ -1139,14 +1113,9 @@
mbedtls_record *rec )
{
size_t olen;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_ssl_mode_t ssl_mode;
int ret;
-#else
- mbedtls_cipher_mode_t mode;
- int ret;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
@@ -1171,9 +1140,7 @@
}
data = rec->buf + rec->data_offset;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ssl_mode = mbedtls_get_mode_from_transform( transform );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
@@ -1187,11 +1154,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
-#else
- if( mode == MBEDTLS_MODE_STREAM )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
{
/* The only supported stream cipher is "NULL",
* so there's nothing to do here.*/
@@ -1201,13 +1164,7 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
-#else
- if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -1333,11 +1290,8 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
-#else
- if( mode == MBEDTLS_MODE_CBC )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
size_t minlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1391,7 +1345,7 @@
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;