Merge pull request #9872 from rojer/tls_hs_defrag_in
Defragment incoming TLS handshake messages
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 155f114..a637fe4 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -11,6 +11,7 @@
- [ ] **changelog** provided | not required because:
- [ ] **development PR** provided # | not required because:
+- [ ] **TF-PSA-Crypto PR** provided # | not required because:
- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required
- [ ] **3.6 PR** provided # | not required because:
- [ ] **2.28 PR** provided # | not required because:
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index bc0701e..96d651a 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -17,7 +17,7 @@
python: "3.9"
jobs:
pre_build:
- - ./scripts/apidoc_full.sh
+ - ./framework/scripts/apidoc_full.sh
- breathe-apidoc -o docs/api apidoc/xml
post_build:
- |
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index 2fbc989..321e888 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -86,6 +86,6 @@
## How `ChangeLog` is updated
-Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
-from a Git working copy
+Run [`../framework/scripts/assemble_changelog.py`]
+(../framework/scripts/assemble_changelog.py) from a Git working copy
to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt
new file mode 100644
index 0000000..115ded8
--- /dev/null
+++ b/ChangeLog.d/9684.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove support for the DHE-PSK key exchange in TLS 1.2.
diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt
new file mode 100644
index 0000000..9820aff
--- /dev/null
+++ b/ChangeLog.d/9685.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove support for the DHE-RSA key exchange in TLS 1.2.
diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt
new file mode 100644
index 0000000..a4d2e03
--- /dev/null
+++ b/ChangeLog.d/9874.txt
@@ -0,0 +1,5 @@
+API changes
+ * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API.
+ Instead of taking a mbedtls_cipher_type_t as an argument, this function
+ now takes 3 new arguments: a PSA algorithm, key type and key size, to
+ specify the AEAD for ticket protection.
diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt
new file mode 100644
index 0000000..01d21b6
--- /dev/null
+++ b/ChangeLog.d/9892.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was
+ already deprecated and superseeded by
+ mbedtls_x509write_crt_set_serial_raw().
diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt
index 49edb3e..45f4d9b 100644
--- a/ChangeLog.d/psa-always-on.txt
+++ b/ChangeLog.d/psa-always-on.txt
@@ -1,9 +1,10 @@
Default behavior changes
* The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
to perform cryptographic operations, with a few exceptions documented
- in docs/use-psa-crypto.md. This corresponds to the behavior of
- Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. In effect,
- MBEDTLS_USE_PSA_CRYPTO is now always enabled.
+ in docs/architecture/psa-migration/psa-limitations.md. This
+ corresponds to the behavior of Mbed TLS 3.x when
+ MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO
+ is now always enabled.
* psa_crypto_init() must be called before performing any cryptographic
operation, including indirect requests such as parsing a key or
certificate or starting a TLS handshake.
diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt
new file mode 100644
index 0000000..4b29adc
--- /dev/null
+++ b/ChangeLog.d/rm-ssl-conf-curves.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the function mbedtls_ssl_conf_curves() which had been deprecated
+ in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1.
+
diff --git a/Makefile b/Makefile
index c9f5750..a580736 100644
--- a/Makefile
+++ b/Makefile
@@ -49,11 +49,14 @@
mbedtls_test:
$(MAKE) -C tests mbedtls_test
-library/%:
+.PHONY: FORCE
+FORCE:
+
+library/%: FORCE
$(MAKE) -C library $*
-programs/%:
+programs/%: FORCE
$(MAKE) -C programs $*
-tests/%:
+tests/%: FORCE
$(MAKE) -C tests $*
.PHONY: generated_files
diff --git a/README.md b/README.md
index 317874f..b00d21a 100644
--- a/README.md
+++ b/README.md
@@ -295,8 +295,6 @@
Mbed TLS includes a reference implementation of the PSA Cryptography API.
However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms.
-The X.509 and TLS code can use PSA cryptography for most operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`. Note that TLS 1.3 uses PSA cryptography for most operations regardless of this option. See `docs/use-psa-crypto.md` for details.
-
### PSA drivers
Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS.
diff --git a/SECURITY.md b/SECURITY.md
index 9506eb9..4682f7a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -144,3 +144,22 @@
The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED`
configuration option is defined. This option is off by default.
+
+#### Formatting of X.509 certificates and certificate signing requests
+
+When parsing X.509 certificates and certificate signing requests (CSRs),
+Mbed TLS does not check that they are strictly compliant with X.509 and other
+relevant standards. In the case of signed certificates, the signing party is
+assumed to have performed this validation (and the certificate is trusted to
+be correctly formatted as long as the signature is correct).
+Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant.
+
+**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra
+validation is performed separately to ensure that they are compliant to the
+relevant specifications. This makes Mbed TLS on its own unsuitable for use in
+a Certificate Authority (CA).
+
+However, Mbed TLS aims to protect against memory corruption and other
+undefined behavior when parsing certificates and CSRs. If a CSR or signed
+certificate causes undefined behavior when it is parsed by Mbed TLS, that
+is considered a security vulnerability.
diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h
deleted file mode 100644
index be8a746..0000000
--- a/configs/crypto-config-ccm-aes-sha256.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * \file configs/crypto-config-ccm-aes-sha256.h
- *
- * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
- * SHA-256 and key derivation (uses HMAC).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_CONFIG_H
-#define PSA_CRYPTO_CONFIG_H
-
-#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_SHA_256 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_AES 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-
-
-#define MBEDTLS_PSA_CRYPTO_C
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
-
-#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
index 3eea061..3fec3d0 100644
--- a/configs/crypto-config-suite-b.h
+++ b/configs/crypto-config-suite-b.h
@@ -1,5 +1,5 @@
/**
- * \file crypto-config-symmetric-only.h
+ * \file crypto-config-suite-b.h
*
* \brief \brief Minimal crypto configuration for
* TLS NSA Suite B Profile (RFC 6460).
diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h
deleted file mode 100644
index dfe9e81..0000000
--- a/configs/crypto-config-symmetric-only.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * \file crypto-config-symmetric-only.h
- *
- * \brief Crypto configuration without any asymmetric cryptography.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/**
- * To be used in conjunction with configs/config-symmetric-only.h. */
-
-#ifndef PSA_CRYPTO_CONFIG_H
-#define PSA_CRYPTO_CONFIG_H
-
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
-#define PSA_WANT_ALG_CFB 1
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define PSA_WANT_ALG_CMAC 1
-#define PSA_WANT_ALG_CTR 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_GCM 1
-#define PSA_WANT_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF_EXTRACT 1
-#define PSA_WANT_ALG_HKDF_EXPAND 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_ALG_MD5 1
-#define PSA_WANT_ALG_OFB 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_SHA_1 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define PSA_WANT_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA3_224 1
-#define PSA_WANT_ALG_SHA3_256 1
-#define PSA_WANT_ALG_SHA3_384 1
-#define PSA_WANT_ALG_SHA3_512 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-
-/* XTS is not yet supported via the PSA API in Mbed TLS. */
-//#define PSA_WANT_ALG_XTS 1
-
-#define PSA_WANT_KEY_TYPE_AES 1
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_KEY_TYPE_DES 1
-#define PSA_WANT_KEY_TYPE_HMAC 1
-
-#define MBEDTLS_SELF_TEST
-
-#define MBEDTLS_PSA_CRYPTO_C
-
-/* System support */
-//#define MBEDTLS_HAVE_ASM
-#define MBEDTLS_HAVE_TIME
-#define MBEDTLS_HAVE_TIME_DATE
-
-#define MBEDTLS_FS_IO
-#define MBEDTLS_ENTROPY_NV_SEED
-
-/* Mbed TLS modules */
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_ERROR_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_NIST_KW_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
-#define MBEDTLS_PKCS5_C
-#define MBEDTLS_PKCS12_C
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_PSA_CRYPTO_SE_C
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-#define MBEDTLS_PSA_ITS_FILE_C
-
-//#define MBEDTLS_THREADING_C
-
-#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/ext/README.md b/configs/ext/README.md
index b07cbc1..f679e32 100644
--- a/configs/ext/README.md
+++ b/configs/ext/README.md
@@ -1,26 +1,22 @@
Summary
-------
-The two files:
+The file:
-* crypto_config_profile_medium.h
* tfm_mbedcrypto_config_profile_medium.h
-are copyright The Mbed TLS Contributors, and are distributed under the license normally
+is copyright The Mbed TLS Contributors, and is distributed under the license normally
used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license.
Background
----------
-The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h
-are taken verbatim from the TF-M source code here:
+The file tfm_mbedcrypto_config_profile_medium.h was derived from the file tfm_mbedcrypto_config_profile_medium.h taken from the TF-M source code here:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config
-In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files.
+It was derived according to the Mbed TLS configuration file split that occurred as part of the Mbed TLS repository split, see https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/config-split.md.
-In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors.
+In TF-M, the original file is distributed under a 3-Clause BSD license, as noted at the top of the file.
-We only retain the note at the top of the files because the intent is to take these files verbatim,
-for ease of maintenance. Currently however, they contain changes, showing how these configurations
-will need to be adapted for 4.0.
+In Mbed TLS, with permission from the TF-M project, tfm_mbedcrypto_config_profile_medium.h is distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors.
diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h
deleted file mode 100644
index 67de4c0..0000000
--- a/configs/ext/crypto_config_profile_medium.h
+++ /dev/null
@@ -1,705 +0,0 @@
-/*
- * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-/**
- * \file psa/crypto_config.h
- * \brief PSA crypto configuration options (set of defines)
- *
- */
-
-#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
-#define PROFILE_M_PSA_CRYPTO_CONFIG_H
-
-/**
- * \name SECTION: Platform abstraction layer
- *
- * This section sets platform specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other modules rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default Mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling #MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * An overview of how the value of mbedtls_calloc is determined:
- *
- * - if !MBEDTLS_PLATFORM_MEMORY
- * - mbedtls_calloc = calloc
- * - if MBEDTLS_PLATFORM_MEMORY
- * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
- * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
- * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
- * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
- * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
- * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
- * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
- * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
- * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
- * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
- * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
- * - if !MBEDTLS_PLATFORM_STD_CALLOC:
- * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
- *
- * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
- * - if !MBEDTLS_PLATFORM_STD_CALLOC
- * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
- *
- * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
- *
- * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
- * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
- * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
- * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
- * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
- * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-#define MBEDTLS_PLATFORM_PRINTF_ALT
-
-/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-
-#include <stdio.h>
-
-#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
-
-#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h>
-
-/** \} name SECTION: Platform abstraction layer */
-
-/**
- * \name SECTION: SECTION Cryptographic mechanism selection (PSA API)
- *
- * This section sets PSA API settings.
- * \{
- */
-/*
- * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
- */
-//#define PSA_WANT_ALG_CBC_MAC 1
-//#define PSA_WANT_ALG_CBC_NO_PADDING 1
-//#define PSA_WANT_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CCM 1
-//#define PSA_WANT_ALG_CMAC 1
-//#define PSA_WANT_ALG_CFB 1
-//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-//#define PSA_WANT_ALG_CTR 1
-//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-//#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDSA 1
-//#define PSA_WANT_ALG_GCM 1
-#define PSA_WANT_ALG_HKDF 1
-#define PSA_WANT_ALG_HMAC 1
-//#define PSA_WANT_ALG_MD5 1
-//#define PSA_WANT_ALG_OFB 1
-/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
- * Note: when adding support, also adjust include/mbedtls/config_psa.h */
-//#define PSA_WANT_ALG_PBKDF2_HMAC 1
-//#define PSA_WANT_ALG_RIPEMD160 1
-//#define PSA_WANT_ALG_RSA_OAEP 1
-//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-//#define PSA_WANT_ALG_RSA_PSS 1
-//#define PSA_WANT_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_256 1
-//#define PSA_WANT_ALG_SHA_384 1
-//#define PSA_WANT_ALG_SHA_512 1
-//#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
- * Note: when adding support, also adjust include/mbedtls/config_psa.h */
-//#define PSA_WANT_ALG_XTS 1
-
-//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
-//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
-//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
-//#define PSA_WANT_ECC_MONTGOMERY_255 1
-//#define PSA_WANT_ECC_MONTGOMERY_448 1
-//#define PSA_WANT_ECC_SECP_K1_192 1
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
- * default.
- */
-//#define PSA_WANT_ECC_SECP_K1_224 1
-//#define PSA_WANT_ECC_SECP_K1_256 1
-//#define PSA_WANT_ECC_SECP_R1_192 1
-//#define PSA_WANT_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_256 1
-//#define PSA_WANT_ECC_SECP_R1_384 1
-//#define PSA_WANT_ECC_SECP_R1_521 1
-
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_HMAC 1
-#define PSA_WANT_KEY_TYPE_AES 1
-//#define PSA_WANT_KEY_TYPE_ARIA 1
-//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-//#define PSA_WANT_KEY_TYPE_CHACHA20 1
-//#define PSA_WANT_KEY_TYPE_DES 1
-//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
-//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-
-/*
- * The following symbols extend and deprecate the legacy
- * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
- * the name's suffix. "_USE" is the most generic and it can be used to describe
- * a generic suport, whereas other ones add more features on top of that and
- * they are more specific.
- */
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-
-/** \} name SECTION Cryptographic mechanism selection (PSA API) */
-
-/**
- * \name SECTION: PSA core
- *
- * This section sets PSA specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-#define MBEDTLS_ENTROPY_NV_SEED
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
- * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
- * is enabled in PSA (unless it's fully accelerated, see
- * docs/driver-only-builds.md about that).
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * If you enable this option, your build environment must include a header
- * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
- * header files, or in another directory on the compiler's include search
- * path). Alternatively, your platform may customize the header
- * `psa/crypto_platform.h`, in which case it can skip or replace the
- * inclusion of `"crypto_spe.h"`.
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/** \} name SECTION: PSA core */
-
-/**
- * \name SECTION: Builtin drivers
- *
- * This section sets driver specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- */
-#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- */
-#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
- *
- * Use only 128-bit keys in AES operations to save ROM.
- *
- * Uncomment this macro to remove support for AES operations that use 192-
- * or 256-bit keys.
- *
- * Uncommenting this macro reduces the size of AES code by ~300 bytes
- * on v8-M/Thumb2.
- *
- * Module: library/aes.c
- *
- * Requires: MBEDTLS_AES_C
- */
-#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aesni.h
- * library/aria.c
- * library/bn_mul.h
- * library/constant_time.c
- *
- * Required by:
- * MBEDTLS_AESCE_C
- * MBEDTLS_AESNI_C (on some platforms)
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * Uncomment to enable p256-m. This is an alternative implementation of
- * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
- * Compared to the default implementation:
- *
- * - p256-m has a much smaller code size and RAM footprint.
- * - p256-m is only available via the PSA API. This includes the pk module.
- * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
- * over the core arithmetic, or deterministic derivation of keys.
- *
- * We recommend enabling this option if your application uses the PSA API
- * and the only elliptic curve support it needs is ECDH and ECDSA over
- * SECP256R1.
- *
- * If you enable this option, you do not need to enable any ECC-related
- * MBEDTLS_xxx option. You do need to separately request support for the
- * cryptographic mechanisms through the PSA API:
- * - #MBEDTLS_PSA_CRYPTO_C for PSA-based configuration;
- * - #PSA_WANT_ECC_SECP_R1_256;
- * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
- * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
- *
- * \note To benefit from the smaller code size of p256-m, make sure that you
- * do not enable any ECC-related option not supported by p256-m: this
- * would cause the built-in ECC implementation to be built as well, in
- * order to provide the required option.
- * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
- * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
- * SECP256R1 are disabled as they are not supported by this driver.
- * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
- * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
- * the built-in ECC implementation, see docs/driver-only-builds.md.
- */
-#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-#define MBEDTLS_SHA256_SMALLER
-
-/* ECP options */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */
-
-/** \} name SECTION: Builtin drivers */
-
-/**
- * \name SECTION: Legacy cryptography
- *
- * This section sets legacy settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller: library/ccm.c
- * library/cmac.c
- * library/gcm.c
- * library/nist_kw.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/psa_crypto_aead.c
- * library/psa_crypto_mac.c
- * library/ssl_ciphersuites.c
- * library/ssl_msg.c
- * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
- * (see the documentation of that option for details).
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
- *
- * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA.
- * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
- * is used.
- *
- * \warning When using PSA, the user should call `psa_crypto_init()` before
- * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
- *
- * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
- *
- * \note To achieve a 256-bit security strength with CTR_DRBG,
- * you must use AES-256 *and* use sufficient entropy.
- * See ctr_drbg.h for more details.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C or
- * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
- * MBEDTLS_PSA_CRYPTO_C)
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-/** \} name SECTION: Legacy cryptography */
-
-/***********************************************************/
-/* Tweak the configuration to remove dependencies on TF-M. */
-/***********************************************************/
-
-/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */
-#undef MBEDTLS_PSA_CRYPTO_SPM
-
-/* Disable buffer-based memory allocator. This isn't strictly required,
- * but using the native allocator is faster and works better with
- * memory management analysis frameworks such as ASan. */
-#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-// This macro is enabled in TFM Medium but is disabled here because it is
-// incompatible with baremetal builds in Mbed TLS.
-#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-// This macro is enabled in TFM Medium but is disabled here because it is
-// incompatible with baremetal builds in Mbed TLS.
-#undef MBEDTLS_ENTROPY_NV_SEED
-
-// These platform-related TF-M settings are not useful here.
-#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#undef MBEDTLS_PLATFORM_STD_MEM_HDR
-#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#undef MBEDTLS_PLATFORM_PRINTF_ALT
-#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-
-/*
- * In order to get an example config that works cleanly out-of-the-box
- * for both baremetal and non-baremetal builds, we detect baremetal builds
- * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some
- * variables accordingly.
- */
-#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__)
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#else
-/* Use built-in platform entropy functions (TF-M provides its own). */
-#undef MBEDTLS_NO_PLATFORM_ENTROPY
-#endif
-
-/***********************************************************************
- * Local changes to crypto config below this delimiter
- **********************************************************************/
-
-// We expect TF-M to pick this up soon
-#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
-
-/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
- * does not need CIPHER_C to be enabled, so we can disable it in order
- * to reduce code size further. */
-#undef MBEDTLS_CIPHER_C
-
-#if CRYPTO_NV_SEED
-#include "tfm_mbedcrypto_config_extra_nv_seed.h"
-#endif /* CRYPTO_NV_SEED */
-
-#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
-#include "mbedtls_entropy_nv_seed_config.h"
-#endif
-
-#ifdef CRYPTO_HW_ACCELERATOR
-#include "crypto_accelerator_config.h"
-#endif
-
-#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 63a13ad..42af9db 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -748,7 +748,7 @@
The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves.
-If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection.
+If you prefer a different order, call `mbedtls_ssl_conf_groups()` when configuring a TLS connection.
### SSL key export interface change
@@ -1025,7 +1025,7 @@
my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
```
-If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
+If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_groups()` with the desired lists.
### Remove 3DES ciphersuites
diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md
deleted file mode 100644
index 91e26ed..0000000
--- a/docs/architecture/psa-migration/md-cipher-dispatch.md
+++ /dev/null
@@ -1,612 +0,0 @@
-PSA migration strategy for hashes and ciphers
-=============================================
-
-## Introduction
-
-This document discusses a migration strategy for code that is not subject to `MBEDTLS_USE_PSA_CRYPTO`, is currently using legacy cryptography APIs, and should transition to PSA, without a major version change.
-
-### Relationship with the main strategy document
-
-This is complementary to the main [strategy document](strategy.html) and is intended as a refinement. However, at this stage, there may be contradictions between the strategy proposed here and some of the earlier strategy.
-
-A difference between the original strategy and the current one is that in this work, we are not treating PSA as a black box. We can change experimental features, and we can call internal interfaces.
-
-## Requirements
-
-### User stories
-
-#### Backward compatibility user story
-
-As a developer of an application that uses Mbed TLS's interfaces (including legacy crypto),
-I want Mbed TLS to preserve backward compatibility,
-so that my code keeps working in new minor versions of Mbed TLS.
-
-#### Interface design user story
-
-As a developer of library code that uses Mbed TLS to perform cryptographic operations,
-I want to know which functions to call and which feature macros to check,
-so that my code works in all Mbed TLS configurations.
-
-Note: this is the same problem we face in X.509 and TLS.
-
-#### Hardware accelerator vendor user stories
-
-As a vendor of a platform with hardware acceleration for some crypto,
-I want to build Mbed TLS in a way that uses my hardware wherever relevant,
-so that my customers maximally benefit from my hardware.
-
-As a vendor of a platform with hardware acceleration for some crypto,
-I want to build Mbed TLS without software that replicates what my hardware does,
-to minimize the code size.
-
-#### Maintainer user stories
-
-As a maintainer of Mbed TLS,
-I want to have clear rules for when to use which interface,
-to avoid bugs in “unusual” configurations.
-
-As a maintainer of Mbed TLS,
-I want to avoid duplicating code,
-because this is inefficient and error-prone.
-
-### Use PSA more
-
-In the long term, all code using cryptography should use PSA interfaces, to benefit from PSA drivers, allow eliminating legacy interfaces (less code size, less maintenance). However, this can't be done without breaking [backward compatibility](#backward-compatibility).
-
-The goal of this work is to arrange for more non-PSA interfaces to use PSA interfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA interfaces has two benefits:
-
-* Where a PSA driver is available, it likely has better performance, and sometimes better security, than the built-in software implementation.
-* In many scenarios, where a PSA driver is available, this allows removing the software implementation altogether.
-* We may be able to get rid of some redundancies, for example the duplication between the implementations of HMAC in `md.c` and in `psa_crypto_mac.c`, and HKDF in `hkdf.c` and `psa_crypto.c`.
-
-### Correct dependencies
-
-Traditionally, to determine whether a cryptographic mechanism was available, you had to check whether the corresponding Mbed TLS module or submodule was present: `MBEDTLS_SHA256_C` for SHA256, `MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC` for AES-CBC, etc. In code that uses the PSA interfaces, this needs to change to `PSA_WANT_xxx` symbols.
-
-### Backward compatibility
-
-All documented behavior must be preserved, except for interfaces currently described as experimental or unstable. Those interfaces can change, but we should minimize disruption by providing a transition path for reasonable use cases.
-
-#### Changeable configuration options
-
-The following configuration options are described as experimental, and are likely to change at least marginally:
-
-* `MBEDTLS_PSA_CRYPTO_CLIENT`: “This interface is experimental and may change or be removed without notice.” In practice we don't want to remove this, but we may constrain how it's used.
-* `MBEDTLS_PSA_CRYPTO_DRIVERS`: “This interface is experimental. We intend to maintain backward compatibility with application code that relies on drivers, but the driver interfaces may change without notice.” In practice, this may mean constraints not only on how to write drivers, but also on how to integrate drivers into code that is platform code more than application code.
-
-### Non-goals
-
-It is not a goal at this stage to make more code directly call `psa_xxx` functions. Rather, the goal is to make more code call PSA drivers where available. How dispatch is done is secondary.
-
-## Problem analysis
-
-### Scope analysis
-
-#### Limitations of `MBEDTLS_USE_PSA_CRYPTO`
-
-The option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the library to call the PSA API instead of legacy APIs for cryptographic calculations. `MBEDTLS_USE_PSA_CRYPTO` only applies to `pk.h`, X.509 and TLS. When this option is enabled, applications must call `psa_crypto_init()` before calling any of the functions in these modules.
-
-In this work, we want two things:
-
-* Make non-covered modules call PSA, but only [when this will actually work](#why-psa-is-not-always-possible). This effectively brings those modules to a partial use-PSA behavior (benefiting from PSA accelerators when they're usable) regardless of whether the option is enabled.
-* Call PSA when a covered module calls a non-covered module which calls another module, for example X.509 calling pk for PSS verification which calls RSA which calculates a hash ([see issue \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497)). This effectively extends the option to modules that aren't directly covered.
-
-#### Classification of callers
-
-We can classify code that implements or uses cryptographic mechanisms into several groups:
-
-* Software implementations of primitive cryptographic mechanisms. These are not expected to change.
-* Software implementations of constructed cryptographic mechanisms (e.g. HMAC, CTR_DRBG, RSA (calling a hash for PSS/OAEP, and needing to know the hash length in PKCS1v1.5 sign/verify), …). These need to keep working whenever a legacy implementation of the auxiliary mechanism is available, regardless of whether a PSA implementation is also available.
-* Code implementing the PSA crypto interface. This is not expected to change, except perhaps to expose some internal functionality to overhauled glue code.
-* Code that's subject to `MBEDTLS_USE_PSA_CRYPTO`: `pk.h`, X.509, TLS (excluding parts specific TLS 1.3).
-* Code that always uses PSA for crypto: TLS 1.3 (except things common with 1.2), LMS.
-
-For the purposes of this work, three domains emerge:
-
-* **Legacy domain**: does not interact with PSA. Implementations of hashes, of cipher primitives, of arithmetic.
-* **Mixed domain**: does not currently use PSA, but should [when possible](#why-psa-is-not-always-possible). This consists of the constructed cryptographic primitives (except LMS), as well as pk, X.509 and TLS when `MBEDTLS_USE_PSA_CRYPTO` is disabled.
-* **PSA domain**: includes pk, X.509 and TLS when `MBEDTLS_USE_PSA_CRYPTO` is enabled. Also TLS 1.3, LMS.
-
-#### Non-use-PSA modules
-
-The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption.
-
-Hashes and HMAC (after the work on driver-only hashes):
-
-* entropy (hashes via MD-light)
-* ECDSA (HMAC\_DRBG; `md.h` exposed through API)
-* ECJPAKE (hashes via MD-light; `md.h` exposed through API)
-* MD (hashes and HMAC)
-* HKDF (HMAC via `md.h`; `md.h` exposed through API)
-* HMAC\_DRBG (hashes and HMAC via `md.h`; `md.h` exposed through API)
-* PKCS12 (hashes via MD-light)
-* PKCS5 (HMAC via `md.h`; `md.h` exposed through API)
-* PKCS7 (hashes via MD)
-* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API)
-* PEM (MD5 hash via MD-light)
-
-Symmetric ciphers and AEADs (before work on driver-only cipher):
-
-* PEM:
- * AES, DES or 3DES in CBC mode without padding, decrypt only (!).
- * Currently using low-level non-generic APIs.
- * No hard dependency, features guarded by `AES_C` resp. `DES_C`.
- * Functions called: `setkey_dec()` + `crypt_cbc()`.
-* PKCS12:
- * In practice: 2DES or 3DES in CBC mode with PKCS7 padding, decrypt only
- (when called from pkparse).
- * In principle: any cipher-mode (default padding), passed an
- `mbedtls_cipher_type_t` as an argument, no documented restriction.
- * Cipher, generically, selected from ASN.1 or function parameters;
- no documented restriction but in practice TODO (inc. padding and
- en/decrypt, look at standards and tests)
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Note: `cipher.h` exposed through API.
- * Functions called: `setup`, `setkey`, `set_iv`, `reset`, `update`, `finish` (in sequence, once).
-* PKCS5 (PBES2, `mbedtls_pkcs5_pbes2()`):
- * 3DES or DES in CBC mode with PKCS7 padding, both encrypt and decrypt.
- * Note: could also be AES in the future, see #7038.
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Functions called: `setup`, `setkey`, `crypt`.
-* CTR\_DRBG:
- * AES in ECB mode, encrypt only.
- * Currently using low-level non-generic API (`aes.h`).
- * Unconditional dependency on `AES_C` in `check_config.h`.
- * Functions called: `setkey_enc`, `crypt_ecb`.
-* CCM:
- * AES, Camellia or Aria in ECB mode, encrypt only.
- * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`.
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Note: also called by `cipher.c` if enabled.
- * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
-* CMAC:
- * AES or DES in ECB mode, encrypt only.
- * Unconditional dependency on `AES_C || DES_C` in `check_config.h`.
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Note: also called by `cipher.c` if enabled.
- * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
-* GCM:
- * AES, Camellia or Aria in ECB mode, encrypt only.
- * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`.
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Note: also called by `cipher.c` if enabled.
- * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
-* NIST\_KW:
- * AES in ECB mode, both encryt and decrypt.
- * Unconditional dependency on `AES_C || DES_C` in `check_config.h`.
- * Unconditional dependency on `CIPHER_C` in `check_config.h`.
- * Note: also called by `cipher.c` if enabled.
- * Note: `cipher.h` exposed through API.
- * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
-* Cipher:
- * potentially any cipher/AEAD in any mode and any direction
-
-Note: PSA cipher is built on Cipher, but PSA AEAD directly calls the underlying AEAD modules (GCM, CCM, ChachaPoly).
-
-### Difficulties
-
-#### Why PSA is not always possible
-
-Here are some reasons why calling `psa_xxx()` to perform a hash or cipher calculation might not be desirable in some circumstances, explaining why the application would arrange to call the legacy software implementation instead.
-
-* `MBEDTLS_PSA_CRYPTO_C` is disabled.
-* There is a PSA driver which has not been initialized (this happens in `psa_crypto_init()`).
-* For ciphers, the keystore is not initialized yet, and Mbed TLS uses a custom implementation of PSA ITS where the file system is not accessible yet (because something else needs to happen first, and the application takes care that it happens before it calls `psa_crypto_init()`). A possible workaround may be to dispatch to the internal functions that are called after the keystore lookup, rather than to the PSA API functions (but this is incompatible with `MBEDTLS_PSA_CRYPTO_CLIENT`).
-* The requested mechanism is enabled in the legacy interface but not in the PSA interface. This was not really intended, but is possible, for example, if you enable `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't supported for `PSA_ALG_RSA_PSS` and `PSA_ALG_DETERMINISTIC_ECDSA`.
-* `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, and the client has not yet activated the connection to the server (this happens in `psa_crypto_init()`).
-* `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, but the operation is part of the implementation of an encrypted communication with the crypto service, or the local implementation is faster because it avoids a costly remote procedure call.
-
-#### Indirect knowledge
-
-Consider for example the code in `rsa.c` to perform an RSA-PSS signature. It needs to calculate a hash. If `mbedtls_rsa_rsassa_pss_sign()` is called directly by application code, it is supposed to call the built-in implementation: calling a PSA accelerator would be a behavior change, acceptable only if this does not add a risk of failure or performance degradation ([PSA is impossible or undesirable in some circumstances](#why-psa-is-not-always-possible)). Note that this holds regardless of the state of `MBEDTLS_USE_PSA_CRYPTO`, since `rsa.h` is outside the scope of `MBEDTLS_USE_PSA_CRYPTO`. On the other hand, if `mbedtls_rsa_rsassa_pss_sign()` is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is [bug \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497).
-
-Generally speaking, modules in the mixed domain:
-
-* must call PSA if called by a module in the PSA domain;
-* must not call PSA (or must have a fallback) if their caller is not in the PSA domain and the PSA call is not guaranteed to work.
-
-#### Non-support guarantees: requirements
-
-Generally speaking, just because some feature is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabled in the build. We can enable additional features through `build_info.h`.
-
-If `PSA_WANT_xxx` is disabled, this should guarantee that attempting xxx through the PSA API will fail. This is generally guaranteed by the test suite `test_suite_psa_crypto_not_supported` with automatically enumerated test cases, so it would be inconvenient to carve out an exception.
-
-### Technical requirements
-
-Based on the preceding analysis, the core of the problem is: for code in the mixed domain (see [“Classification of callers”](#classification-of-callers)), how do we handle a cryptographic mechanism? This has several related subproblems:
-
-* How the mechanism is encoded (e.g. `mbedtls_md_type_t` vs `const *mbedtls_md_info_t` vs `psa_algorithm_t` for hashes).
-* How to decide whether a specific algorithm or key type is supported (eventually based on `MBEDTLS_xxx_C` vs `PSA_WANT_xxx`).
-* How to obtain metadata about algorithms (e.g. hash/MAC/tag size, key size).
-* How to perform the operation (context type, which functions to call).
-
-We need a way to decide this based on the available information:
-
-* Who's the ultimate caller — see [indirect knowledge](#indirect-knowledge) — which is not actually available.
-* Some parameter indicating which algorithm to use.
-* The available cryptographic implementations, based on preprocessor symbols (`MBEDTLS_xxx_C`, `PSA_WANT_xxx`, `MBEDTLS_PSA_ACCEL_xxx`, etc.).
-* Possibly additional runtime state (for example, we might check whether `psa_crypto_init` has been called).
-
-And we need to take care of the [the cases where PSA is not possible](#why-psa-is-not-always-possible): either make sure the current behavior is preserved, or (where allowed by backward compatibility) document a behavior change and, preferably, a workaround.
-
-### Working through an example: RSA-PSS
-
-Let us work through the example of RSA-PSS which calculates a hash, as in [see issue \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497).
-
-RSA is in the [mixed domain](#classification-of-callers). So:
-
-* When called from `psa_sign_hash` and other PSA functions, it must call the PSA hash accelerator if there is one.
-* When called from user code, it must call the built-in hash implementation if PSA is not available (regardless of whether this is because `MBEDTLS_PSA_CRYPTO_C` is disabled, or because `PSA_WANT_ALG_xxx` is disabled for this hash, or because there is an accelerator driver which has not been initialized yet).
-
-RSA knows which hash algorithm to use based on a parameter of type `mbedtls_md_type_t`. (More generally, all mixed-domain modules that take an algorithm specification as a parameter take it via a numerical type, except HMAC\_DRBG and HKDF which take a `const mbedtls_md_info_t*` instead, and CMAC which takes a `const mbedtls_cipher_info_t *`.)
-
-#### Double encoding solution
-
-A natural solution is to double up the encoding of hashes in `mbedtls_md_type_t`. Pass `MBEDTLS_MD_SHA256` and `md` will dispatch to the legacy code, pass a new constant `MBEDTLS_MD_SHA256_USE_PSA` and `md` will dispatch through PSA.
-
-This maximally preserves backward compatibility, but then no non-PSA code benefits from PSA accelerators, and there's little potential for removing the software implementation.
-
-#### Availability of hashes in RSA-PSS
-
-Here we try to answer the question: As a caller of RSA-PSS via `rsa.h`, how do I know whether it can use a certain hash?
-
-* For a caller in the legacy domain: if e.g. `MBEDTLS_SHA256_C` is enabled, then I want RSA-PSS to support SHA-256. I don't care about negative support. So `MBEDTLS_SHA256_C` must imply support for RSA-PSS-SHA-256. It must work at all times, regardless of the state of PSA (e.g. drivers not initialized).
-* For a caller in the PSA domain: if e.g. `PSA_WANT_ALG_SHA_256` is enabled, then I want RSA-PSS to support SHA-256, provided that `psa_crypto_init()` has been called. In some limited cases, such as `test_suite_psa_crypto_not_supported` when PSA implements RSA-PSS in software, we care about negative support: if `PSA_WANT_ALG_SHA_256` is disabled then `psa_verify_hash` must reject `PSA_WANT_ALG_SHA_256`. This can be done at the level of PSA before it calls the RSA module, though, so it doesn't have any implication on the RSA module. As far as `rsa.c` is concerned, what matters is that `PSA_WANT_ALG_SHA_256` implies that SHA-256 is supported after `psa_crypto_init()` has been called.
-* For a caller in the mixed domain: requirements depend on the caller. Whatever solution RSA has to determine the availability of algorithms will apply to its caller as well.
-
-Conclusion so far: RSA must be able to do SHA-256 if either `MBEDTLS_SHA256_C` or `PSA_WANT_ALG_SHA_256` is enabled. If only `PSA_WANT_ALG_SHA_256` and not `MBEDTLS_SHA256_C` is enabled (which implies that PSA's SHA-256 comes from an accelerator driver), then SHA-256 only needs to work if `psa_crypto_init()` has been called.
-
-#### More in-depth discussion of compile-time availability determination
-
-The following combinations of compile-time support are possible:
-
-* `MBEDTLS_PSA_CRYPTO_CLIENT`. Then calling PSA may or may not be desirable for performance. There are plausible use cases where only the server has access to an accelerator so it's best to call the server, and plausible use cases where calling the server has overhead that negates the savings from using acceleration, if there are savings at all. In any case, calling PSA only works if the connection to the server has been established, meaning `psa_crypto_init` has been called successfully. In the rest of this case enumeration, assume `MBEDTLS_PSA_CRYPTO_CLIENT` is disabled.
-* No PSA accelerator. Then just call `mbedtls_sha256`, it's all there is, and it doesn't matter (from an API perspective) exactly what call chain leads to it.
-* PSA accelerator, no software implementation. Then we might as well call the accelerator, unless it's important that the call fails. At the time of writing, I can't think of a case where we would want to guarantee that if `MBEDTLS_xxx_C` is not enabled, but xxx is enabled through PSA, then a request to use algorithm xxx through some legacy interface must fail.
-* Both PSA acceleration and the built-in implementation. In this case, we would prefer PSA for the acceleration, but we can only do this if the accelerator driver is working. For hashes, it's enough to assume the driver is initialized; we've [considered requiring hash drivers to work without initialization](https://github.com/Mbed-TLS/mbedtls/pull/6470). For ciphers, this is more complicated because the cipher functions require the keystore, and plausibly a cipher accelerator might want entropy (for side channel countermeasures) which might not be available at boot time.
-
-Note that it's a bit tricky to determine which algorithms are available. In the case where there is a PSA accelerator but no software implementation, we don't want the preprocessor symbols to indicate that the algorithm is available through the legacy domain, only through the PSA domain. What does this mean for the interfaces in the mixed domain? They can't guarantee the availability of the algorithm, but they must try if requested.
-
-### Designing an interface for hashes
-
-In this section, we specify a hash metadata and calculation for the [mixed domain](#classification-of-callers), i.e. code that can be called both from legacy code and from PSA code.
-
-#### Availability of hashes
-
-Generalizing the analysis in [“Availability of hashes in RSA-PSS”](#availability-of-hashes-in-RSA-PSS):
-
-A hash is available through the mixed-domain interface iff either of the following conditions is true:
-
-* A legacy hash interface is available and the hash algorithm is implemented in software.
-* PSA crypto is enabled and the hash algorithm is implemented via PSA.
-
-We could go further and make PSA accelerators available to legacy callers that call any legacy hash interface, e.g. `md.h` or `shaX.h`. There is little point in doing this, however: callers should just use the mixed-domain interface.
-
-#### Implications between legacy availability and PSA availability
-
-There is no mandatory relationship between PSA support and legacy support for a mechanism. Users can configure legacy support and PSA support independently. Legacy support is automatically enabled if PSA support is requested, but only if there is no accelerator.
-
-It is strongly desirable to allow mechanisms available through PSA but not legacy: this allows saving code size when an accelerator is present.
-
-There is no strong reason to allow mechanisms available through legacy but not PSA when `MBEDTLS_PSA_CRYPTO_C` is enabled. This would only save at best a very small amount of code size in the PSA dispatch code. This may be more desirable when `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled (having a mechanism available only locally and not in the crypto service), but we do not have an explicit request for this and it would be entirely reasonable to forbid it.
-
-In this analysis, we have not found a compelling reason to require all legacy mechanisms to also be available through PSA. However, this can simplify both the implementation and the use of dispatch code thanks to some simplifying properties:
-
-* Mixed-domain code can call PSA code if it knows that `psa_crypto_init()` has been called, without having to inspect the specifics of algorithm support.
-* Mixed-domain code can assume that PSA buffer calculations work correctly for all algorithms that it supports.
-
-#### Shape of the mixed-domain hash interface
-
-We now need to create an abstraction for mixed-domain hash calculation. (We could not create an abstraction, but that would require every piece of mixed-domain code to replicate the logic here. We went that route in Mbed TLS 3.3, but it made it effectively impossible to get something that works correctly.)
-
-Requirements: given a hash algorithm,
-
-* Obtain some metadata about it (size, block size).
-* Calculate the hash.
-* Set up a multipart operation to calculate the hash. The operation must support update, finish, reset, abort, clone.
-
-The existing interface in `md.h` is close to what we want, but not perfect. What's wrong with it?
-
-* It has an extra step of converting from `mbedtls_md_type_t` to `const mbedtls_md_info_t *`.
-* It includes extra fluff such as names and HMAC. This costs code size.
-* The md module has some legacy baggage dating from when it was more open, which we don't care about anymore. This may cost code size.
-
-These problems are easily solvable.
-
-* `mbedtls_md_info_t` can become a very thin type. We can't remove the extra function call from the source code of callers, but we can make it a very thin abstraction that compilers can often optimize.
-* We can make names and HMAC optional. The mixed-domain hash interface won't be the full `MBEDTLS_MD_C` but a subset.
-* We can optimize `md.c` without making API changes to `md.h`.
-
-### Scope reductions and priorities for 3.x
-
-This section documents things that we chose to temporarily exclude from the scope in the 3.x branch (which will eventually be in scope again after 4.0) as well as things we chose to prioritize if we don't have time to support everything.
-
-#### Don't support PK, X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO`
-
-We do not need to support driver-only hashes and ciphers in PK. X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO`. Users who want to take full advantage of drivers will need to enabled this macro.
-
-Note that this applies to TLS 1.3 as well, as some uses of hashes and all uses of ciphers there are common with TLS 1.2, hence governed by `MBEDTLS_USE_PSA_CRYPTO`, see [this macro's extended documentation](../../docs/use-psa-crypto.html).
-
-This will go away naturally in 4.0 when this macros is not longer an option (because it's always on).
-
-#### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`
-
-We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, both `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`.
-
-Considering this existing restriction which we do not plan to lift before 4.0, it is acceptable driver-only hashes and cipher support to have the same restriction in 3.x.
-
-It is however desirable for the design to keep support for `MBEDTLS_PSA_CRYPTO_CLIENT` in mind, in order to avoid making it more difficult to add in the future.
-
-#### For cipher: prioritize constrained devices and modern TLS
-
-The primary target is a configuration like TF-M's medium profile, plus TLS with only AEAD ciphersuites.
-
-This excludes things like:
-- Support for encrypted PEM, PKCS5 and PKCS12 encryption, and PKCS8 encrypted keys in PK parse. (Not widely used on highly constrained devices.)
-- Support for NIST-KW. (Same justification.)
-- Support for CMAC. (Same justification, plus can be directly accelerated.)
-- Support for CBC ciphersuites in TLS. (They've been recommended against for a while now.)
-
-### Dual-dispatch for block cipher primitives
-
-Considering the priorities stated above, initially we want to support GCM, CCM and CTR-DRBG. All three of them use the block cipher primitive only in the encrypt direction. Currently, GCM and CCM use the Cipher layer in order to work with AES, Aria and Camellia (DES is excluded by the standards due to its smaller block size) and CTR-DRBG directly uses the low-level API from `aes.h`. In all cases, access to the "block cipher primitive" is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contrary to PSA which implements actual ECB mode).
-
-The two AEAD modes, GCM and CCM, have very similar needs and positions in the stack, strongly suggesting using the same design for both. On the other hand, there are a number of differences between CTR-DRBG and them.
-- CTR-DRBG only uses AES (and there is no plan to extend it to other block ciphers at the moment), while GCM and CCM need to work with 3 block ciphers already.
-- CTR-DRBG holds a special position in the stack: most users don't care about it per se, they only care about getting random numbers - in fact PSA users don't even need to know what DRBG is used. In particular, no part of the stack is asking questions like "is CTR-DRBG-AES available?" - an RNG needs to be available and that's it - contrary to similar questions about AES-GCM etc. which are asked for example by TLS.
-
-So, it makes sense to use different designs for CTR-DRBG on one hand, and GCM/CCM on the other hand:
-- CTR-DRBG can just check if `AES_C` is present and "fall back" to PSA if not.
-- GCM and CCM need an common abstraction layer that allows:
- - Using AES, Aria or Camellia in a uniform way.
- - Dispatching to built-in or driver.
-
-The abstraction layer used by GCM and CCM may either be a new internal module, or a subset of the existing Cipher API, extended with the ability to dispatch to a PSA driver.
-
-Reasons for making this layer's API a subset of the existing Cipher API:
-- No need to design, implement and test a new module. (Will need to test the new subset though, as well as the extended behaviour.)
-- No code change in GCM and CCM - only need to update dependencies.
-- No risk for code duplication between a potential new module and Cipher: source-level, and in in particular in builds that still have `CIPHER_C` enabled. (Compiled-code duplication could be avoided by excluding the new module in such builds, though.)
-- If want to support other users of Cipher later (such as NIST-KW, CMAC, PKCS5 and PKCS12), we can just extend dual-dispatch support to other modes/operations in Cipher and keep those extra modules unchanged as well.
-
-Possible costs of re-using (a subset of) the existing Cipher API instead of defining a new one:
-- We carry over costs associated with `cipher_info_t` structures. (Currently the info structure is used for 3 things: (1) to check if the cipher is supported, (2) to check its block size, (3) because `setup()` requires it).
-- We carry over questionable implementation decisions, like dynamic allocation of context.
-
-Those costs could be avoided by refactoring (parts of) Cipher, but that would probably mean either:
-- significant differences in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset;
-- or more work to apply the simplifications to all of Cipher.
-
-Prototyping both approaches showed better code size savings and cleaner code with a new internal module (see section "Internal "block cipher" abstraction (Cipher light)" below).
-
-## Specification
-
-### MD light
-
-#### Definition of MD light
-
-MD light is a subset of `md.h` that implements the hash calculation interface described in ”[Designing an interface for hashes](#designing-an-interface-for-hashes)”. It is activated by `MBEDTLS_MD_LIGHT` in `mbedtls_config.h`.
-
-The following things enable MD light automatically in `build_info.h`:
-
-* A [mixed-domain](#classification-of-callers) module that needs to calculate hashes is enabled.
-* `MBEDTLS_MD_C` is enabled.
-
-MD light includes the following types:
-
-* `mbedtls_md_type_t`
-* `mbedtls_md_info_t`
-* `mbedtls_md_context_t`
-
-MD light includes the following functions:
-
-* `mbedtls_md_info_from_type`
-* `mbedtls_md_init`
-* `mbedtls_md_free`
-* `mbedtls_md_setup` — but `hmac` must be 0 if `MBEDTLS_MD_C` is disabled.
-* `mbedtls_md_clone`
-* `mbedtls_md_get_size`
-* `mbedtls_md_get_type`
-* `mbedtls_md_starts`
-* `mbedtls_md_update`
-* `mbedtls_md_finish`
-* `mbedtls_md`
-
-Unlike the full MD, MD light does not support null pointers as `mbedtls_md_context_t *`. At least some functions still need to support null pointers as `const mbedtls_md_info_t *` because this arises when you try to use an unsupported algorithm (`mbedtls_md_info_from_type` returns `NULL`).
-
-#### MD algorithm support macros
-
-For each hash algorithm, `md.h` defines a macro `MBEDTLS_MD_CAN_xxx` whenever the corresponding hash is available through MD light. These macros are only defined when `MBEDTLS_MD_LIGHT` is enabled. Per “[Availability of hashes](#availability-of-hashes)”, `MBEDTLS_MD_CAN_xxx` is enabled if:
-
-* the corresponding `MBEDTLS_xxx_C` is defined; or
-* one of `MBEDTLS_PSA_CRYPTO_C` or `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, and the corresponding `PSA_WANT_ALG_xxx` is enabled.
-
-Note that some algorithms have different spellings in legacy and PSA. Since MD is a legacy interface, we'll use the legacy names. Thus, for example:
-
-```
-#if defined(MBEDTLS_MD_LIGHT)
-#if defined(MBEDTLS_SHA256_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && PSA_WANT_ALG_SHA_256)
-#define MBEDTLS_MD_CAN_SHA256
-#endif
-#endif
-```
-
-Note: in the future, we may want to replace `defined(MBEDTLS_PSA_CRYPTO_C)`
-with `defined(MBEDTLS_PSA_CRYTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)` but
-for now this is out of scope.
-
-#### MD light internal support macros
-
-* If at least one hash has a PSA driver, define `MBEDTLS_MD_SOME_PSA`.
-* If at least one hash has a legacy implementation, defined `MBEDTLS_MD_SOME_LEGACY`.
-
-#### Support for PSA in the MD context
-
-An MD context needs to contain either a legacy module's context (or a pointer to one, as is the case now), or a PSA context (or a pointer to one).
-
-I am inclined to remove the pointer indirection, but this means that an MD context would always be as large as the largest supported hash context. So for the time being, this specification keeps a pointer. For uniformity, PSA will also have a pointer (we may simplify this later).
-
-```
-enum {
- MBEDTLS_MD_ENGINE_LEGACY,
- MBEDTLS_MD_ENGINE_PSA,
-} mbedtls_md_engine_t; // private type
-
-typedef struct mbedtls_md_context_t {
- mbedtls_md_type_t type;
-#if defined(MBEDTLS_MD_SOME_PSA)
- mbedtls_md_engine_t engine;
-#endif
- void *md_ctx; // mbedtls_xxx_context or psa_hash_operation
-#if defined(MBEDTLS_MD_C)
- void *hmac_ctx;
-#endif
-} mbedtls_md_context_t;
-```
-
-All fields are private.
-
-The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure.
-
-#### Inclusion of MD info structures
-
-MD light needs to support hashes that are only enabled through PSA. Therefore the `mbedtls_md_info_t` structures must be included based on `MBEDTLS_MD_CAN_xxx` instead of just the legacy module.
-
-The same criterion applies in `mbedtls_md_info_from_type`.
-
-#### Conversion to PSA encoding
-
-The implementation needs to convert from a legacy type encoding to a PSA encoding.
-
-```
-static inline psa_algorithm_t psa_alg_of_md_info(
- const mbedtls_md_info_t *md_info );
-```
-
-#### Determination of PSA support at runtime
-
-```
-int psa_can_do_hash(psa_algorithm_t hash_alg);
-```
-
-The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA.
-
-As a starting point, return 1 if PSA crypto's driver subsystem has been initialized.
-
-Usage note: for algorithms that are not enabled via PSA, calling `psa_can_do_hash` is generally safe: whether it returns 0 or 1, you can call a PSA hash function on the algorithm and it will return `PSA_ERROR_NOT_SUPPORTED`.
-
-#### Support for PSA dispatch in hash operations
-
-Each function that performs some hash operation or context management needs to know whether to dispatch via PSA or legacy.
-
-If given an established context, use its `engine` field.
-
-If given an algorithm as an `mbedtls_md_type_t type` (possibly being the `type` field of a `const mbedtls_md_info_t *`):
-
-* If there is a PSA accelerator for this hash and `psa_can_do_hash(alg)`, call the corresponding PSA function, and if applicable set the engine to `MBEDTLS_MD_ENGINE_PSA`. (Skip this is `MBEDTLS_MD_SOME_PSA` is not defined.)
-* Otherwise dispatch to the legacy module based on the type as currently done. (Skip this is `MBEDTLS_MD_SOME_LEGACY` is not defined.)
-* If no dispatch is possible, return `MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE`.
-
-Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. Document this.
-
-#### Error code conversion
-
-After calling a PSA function, MD light calls `mbedtls_md_error_from_psa` to convert its status code.
-
-### Support all legacy algorithms in PSA
-
-As discussed in [“Implications between legacy availability and PSA availability”](#implications-between-legacy-availability-and-psa-availability), we require the following property:
-
-> If an algorithm has a legacy implementation, it is also available through PSA.
-
-### MD light optimizations
-
-This section is not necessary to implement MD light, but will cut down its code size.
-
-#### Split names out of MD light
-
-Remove hash names from `mbedtls_md_info_t`. Use a simple switch-case or a separate list to implement `mbedtls_md_info_from_string` and `mbedtls_md_get_name`.
-
-#### Remove metadata from the info structure
-
-In `mbedtls_md_get_size` and in modules that want a hash's block size, instead of looking up hash metadata in the info structure, call the PSA macros.
-
-#### Optimize type conversions
-
-To allow optimizing conversions between `mbedtls_md_type_t` and `psa_algorithm_t`, renumber the `mbedtls_md_type_t` enum so that the values are the 8 lower bits of the PSA encoding.
-
-With this optimization,
-```
-static inline psa_algorithm_t psa_alg_of_md_info(
- const mbedtls_md_info_t *md_info )
-{
- if( md_info == NULL )
- return( PSA_ALG_NONE );
- return( PSA_ALG_CATEGORY_HASH | md_info->type );
-}
-```
-
-Work in progress on this conversion is at https://github.com/gilles-peskine-arm/mbedtls/tree/hash-unify-ids-wip-1
-
-#### Unify HMAC with PSA
-
-PSA has its own HMAC implementation. In builds with both `MBEDTLS_MD_C` and `PSA_WANT_ALG_HMAC` not fully provided by drivers, we should have a single implementation. Replace the one in `md.h` by calls to the PSA driver interface. This will also give mixed-domain modules access to HMAC accelerated directly by a PSA driver (eliminating the need to a HMAC interface in software if all supported hashes have an accelerator that includes HMAC support).
-
-### Improving support for `MBEDTLS_PSA_CRYPTO_CLIENT`
-
-So far, MD light only dispatches to PSA if an algorithm is available via `MBEDTLS_PSA_CRYPTO_C`, not if it's available via `MBEDTLS_PSA_CRYPTO_CLIENT`. This is acceptable because `MBEDTLS_USE_PSA_CRYPTO` requires `MBEDTLS_PSA_CRYPTO_C`, hence mixed-domain code never invokes PSA.
-
-The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a little extra work. Here is an overview of the task breakdown, which should be fleshed up after we've done the first [migration](#migration-to-md-light):
-
-* Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`.
-* Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim.
-
-### Internal "block cipher" abstraction (previously known as "Cipher light")
-
-#### Definition
-
-The new module is automatically enabled in `config_adjust_legacy_crypto.h` by modules that need
-it (namely: CCM, GCM) only when `CIPHER_C` is not available, or the new module
-is needed for PSA dispatch (see next section). Note: CCM and GCM currently
-depend on the full `CIPHER_C` (enforced by `check_config.h`); this hard
-dependency would be replaced by the above auto-enablement.
-
-The following API functions are offered:
-```
-void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx);
-void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx);
-int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx,
- mbedtls_cipher_id_t cipher_id);
-int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx,
- const unsigned char *key,
- unsigned key_bitlen);
-int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx,
- const unsigned char input[16],
- unsigned char output[16]);
-```
-
-The only supported ciphers are AES, ARIA and Camellia. They are identified by
-an `mbedtls_cipher_id_t` in the `setup()` function, because that's how they're
-identifed by callers (GCM/CCM).
-
-#### Block cipher dual dispatch
-
-Support for dual dispatch in the new internal module `block_cipher` is extremely similar to that in MD light.
-
-A block cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key identifier; it has a field indicating which one is in use. All fields are private.
-
-The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure.
-
-Support is determined at runtime using the new internal function
-```
-int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg);
-```
-
-The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, return 1 if PSA crypto's driver subsystem has been initialized.
-
-Each function in the module needs to know whether to dispatch via PSA or legacy. All functions consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above.
-
-Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress.
-
-After calling a PSA function, `block_cipher` functions call `mbedtls_cipher_error_from_psa` to convert its status code.
diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh
index bbcdffd..e1a5f09 100755
--- a/docs/architecture/psa-migration/outcome-analysis.sh
+++ b/docs/architecture/psa-migration/outcome-analysis.sh
@@ -3,10 +3,9 @@
# This script runs tests before and after a PR and analyzes the results in
# order to highlight any difference in the set of tests skipped.
#
-# It can be used to check the first testing criterion mentioned in strategy.md,
-# end of section "Supporting builds with drivers without the software
-# implementation", namely: the sets of tests skipped in the default config and
-# the full config must be the same before and after the PR.
+# It can be used to check for unintended consequences when making non-trivial
+# changes to compile time guards: the sets of tests skipped in the default
+# config and the full config must be the same before and after the PR.
#
# USAGE:
# - First, commit any uncommited changes. (Also, see warning below.)
diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md
deleted file mode 100644
index 912344e..0000000
--- a/docs/architecture/psa-migration/psa-legacy-bridges.md
+++ /dev/null
@@ -1,344 +0,0 @@
-Bridges between legacy and PSA crypto APIs
-==========================================
-
-## Introduction
-
-### Goal of this document
-
-This document explores the needs of applications that use both Mbed TLS legacy crypto interfaces and PSA crypto interfaces. Based on [requirements](#requirements), we [analyze gaps](#gap-analysis) and [API design](#api-design).
-
-This is a design document. The target audience is library maintainers. See the companion document [“Transitioning to the PSA API”](../../psa-transition.md) for a user focus on the same topic.
-
-### Keywords
-
-* [TODO] A part of the analysis that isn't finished.
-* [OPEN] Open question: a specific aspect of the design where there are several plausible decisions.
-* [ACTION] A finalized part of the design that will need to be carried out.
-
-### Context
-
-Mbed TLS 3.x supports two cryptographic APIs:
-
-* The legacy API `mbedtls_xxx` is inherited from PolarSSL.
-* The PSA API `psa_xxx` was introduced in Mbed TLS 2.17.
-
-Mbed TLS is gradually shifting from the legacy API to the PSA API. Mbed TLS 4.0 will be the first version where the PSA API is considered the main API, and large parts of the legacy API will be removed.
-
-In Mbed TLS 4.0, the cryptography will be provided by a separate project [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto). For simplicity, in this document, we just refer to the whole as “Mbed TLS”.
-
-### Document history
-
-This document was originally written when preparing Mbed TLS 3.6. Mbed TLS 3.6 includes both PSA and legacy APIs covering largely overlapping ground. Many legacy APIs will be removed in Mbed TLS 4.0.
-
-## Requirements
-
-### Why mix APIs?
-
-There is functionality that is tied to one API and is not directly available in the other API:
-
-* Only PSA fully supports PSA accelerators and secure element integration.
-* Only PSA supports isolating cryptographic material in a secure service.
-* The legacy API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys.
-
-The legacy API can partially leverage PSA features via `MBEDTLS_USE_PSA_CRYPTO`, but this has limited scope.
-
-In addition, many applications cannot be migrated in a single go. For large projects, it is impractical to rewrite a significant part of the code all at once. (For example, Mbed TLS itself will have taken more than 6 years to transition.) Projects that use one or more library in addition to Mbed TLS must follow the evolution of these libraries, each of which might have its own pace.
-
-### Where mixing happens
-
-Mbed TLS can be, and normally is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs.
-
-Special effort is necessary to use both APIs as part of the implementation of the same feature. From an informal analysis of typical application requirements, we identify four parts of the use of cryptography which can be provided by different APIs:
-
-* Metadata manipulation: parsing and producing encrypted or signed files, finding mutually supported algorithms in a network protocol negotiation, etc.
-* Key management: parsing, generating, deriving and formatting cryptographic keys.
-* Data manipulation other than keys. In practice, most data formats within the scope of the legacy crypto APIs are trivial (ciphertexts, hashes, MACs, shared secrets). The one exception is ECDSA signatures.
-* Cryptographic operations: hash, sign, encrypt, etc.
-
-From this, we deduce the following requirements:
-
-* Convert between PSA and legacy metadata.
-* Creating a key with the legacy API and consuming it in the PSA API.
-* Creating a key with the PSA API and consuming it in the legacy API.
-* Manipulating data formats, other than keys, where the PSA API is lacking.
-
-### Scope limitations
-
-The goal of this document is to bridge the legacy API and the PSA API. The goal is not to provide a PSA way to do everything that is currently possible with the legacy API. The PSA API is less flexible in some regards, and extending it is out of scope in the present study.
-
-With respect to the legacy API, we do not consider functionality of low-level modules for individual algorithms. Our focus is on applications that use high-level legacy crypto modules (md, cipher, pk) and need to combine that with uses of the PSA APIs.
-
-## Gap analysis
-
-The document [“Transitioning to the PSA API”](../../psa-transition.md) enumerates the public header files in Mbed TLS 3.4 and the API elements (especially enums and functions) that they provide, listing PSA equivalents where they exist. There are gaps in two cases:
-
-* Where the PSA equivalents do not provide the same functionality. A typical example is parsing and formatting asymmetric keys.
-* To convert between data representations used by legacy APIs and data representations used by PSA APIs.
-
-Based on “[Where mixing happens](#where-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explores the gaps in each family of cryptographic mechanisms.
-
-### Generic metadata gaps
-
-#### Need for error code conversion
-
-Do we need public functions to convert between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` error codes? We have such functions for internal use.
-
-Mbed TLS needs these conversions because it has many functions that expose one API (legacy/API) but are implemented on top of the other API. Most applications would convert legacy and PSA error code to their own error codes, and converting between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` is not particularly helpful for that. Application code might need such conversion functions when implementing an X.509 or TLS callback (returning `MBEDTLS_ERR_xxx`) on top of PSA functions, but this is a very limited use case.
-
-Conclusion: no need for public error code conversion functions.
-
-### Hash gap analysis
-
-Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with metadata, namely specifying a hash algorithm.
-
-Hashes are often used as building blocks for other mechanisms (HMAC, signatures, key derivation, etc.). Therefore metadata about hashes is relevant not only when calculating hashes, but also when performing many other cryptographic operations.
-
-Gap: functions to convert between `psa_algorithm_t` hash algorithms and `mbedtls_md_type_t`. Such functions exist in Mbed TLS 3.5 (`mbedtls_md_psa_alg_from_type`, `mbedtls_md_type_from_psa_alg`) but they are declared only in private headers.
-
-### MAC gap analysis
-
-[TODO]
-
-### Cipher and AEAD gap analysis
-
-[TODO]
-
-### Key derivation gap analysis
-
-[TODO]
-
-### Random generation gap analysis
-
-[TODO]
-
-### Asymmetric cryptography gap analysis
-
-#### Asymmetric cryptography metadata
-
-The legacy API only has generic support for two key types: RSA and ECC, via the pk module. ECC keys can also be further classified according to their curve. The legacy API also supports DHM (Diffie-Hellman-Merkle = FFDH: finite-field Diffie-Hellman) keys, but those are not integrated in the pk module.
-
-An RSA or ECC key can potentially be used for different algorithms in the scope of the pk module:
-
-* RSA: PKCS#1v1.5 signature, PSS signature, PKCS#1v1.5 encryption, OAEP encryption.
-* ECC: ECDSA signature (randomized or deterministic), ECDH key agreement (via `mbedtls_pk_ec`).
-
-ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only needs one piece of metadata, namely, to identify a curve.
-
-Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (for the most part) limits them to one algorithm, there does not seem to be a need to convert between legacy and PSA asymmetric key types on their own. The useful metadata conversions are:
-
-* Selecting an **elliptic curve**.
-
- This means converting between an `mbedtls_ecp_group_id` and a pair of `{psa_ecc_family_t; size_t}`.
-
- This is fulfilled by `mbedtls_ecc_group_to_psa` and `mbedtls_ecc_group_from_psa`, which were introduced into the public API between Mbed TLS 3.5 and 3.6 ([#8664](https://github.com/Mbed-TLS/mbedtls/pull/8664)).
-
-* Selecting A **DHM group**.
-
- PSA only supports predefined groups, whereas legacy only supports ad hoc groups. An existing application referring to `MBEDTLS_DHM_RFC7919_FFDHExxx` values would need to refer to `PSA_DH_FAMILY_RFC7919`; an existing application using arbitrary groups cannot migrate to PSA.
-
-* Simultaneously supporting **a key type and an algorithm**.
-
- On the legacy side, this is an `mbedtls_pk_type_t` value and more. For ECDSA, the choice between randomized and deterministic is made at compile time. For RSA, the choice of encryption or signature algorithm is made either by configuring the underlying `mbedtls_rsa_context` or when calling the operation function.
-
- On the PSA side, this is a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `psa_key_attributes_t`. The algorithm is also needed in its own right when calling operation functions.
-
-#### Using a legacy key pair or public key with PSA
-
-There are several scenarios where an application has a legacy key pair or public key (`mbedtls_pk_context`) and needs to create a PSA key object (`psa_key_id_t`).
-
-Reasons for first creating a legacy key object, where it's impossible or impractical to directly create a PSA key:
-
-* A very common case where the input is a legacy key object is parsing. PSA does not (yet) have an equivalent of the `mbedtls_pk_parse_xxx` functions.
-* The PSA key creation interface is less flexible in some cases. In particular, PSA RSA key generation does not (yet) allow choosing the public exponent.
-* The pk object may be created by a part of the application (or a third-party library) that hasn't been migrated to the PSA API yet.
-
-Reasons for needing a PSA key object:
-
-* Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.)
-* Benefiting from a PSA accelerator, or from PSA's world separation, even without `MBEDTLS_USE_PSA_CRYPTO`. (Not a priority scenario: we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA.)
-
-Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below.
-
-#### Using a PSA key as a PK context
-
-There are several scenarios where an application has a PSA key and needs to use it through an interface that wants an `mbedtls_pk_context` object. Typically, there is an existing key in the PSA key store (possibly in a secure element and non-exportable), and the key needs to be used in an interface that requires a `mbedtls_pk_context *` input, such as Mbed TLS's X.509 and TLS APIs or a similar third-party interface, or the `mbedtls_pk_write_xxx` interfaces which do not (yet) have PSA equivalents.
-
-There is a function `mbedtls_pk_setup_opaque` that mostly does this. However, it has several limitations:
-
-* It creates a PK key of type `MBEDTLS_PK_OPAQUE` that wraps the PSA key. This is good enough in some scenarios, but not others. For example, it's ok for pkwrite, because we've upgraded the pkwrite code to handle `MBEDTLS_PK_OPAQUE`. That doesn't help users of third-party libraries that haven't yet been upgraded.
-* It ties the lifetime of the PK object to the PSA key, which is error-prone: if the PSA key is destroyed but the PK object isn't, there is no way to reliably detect any subsequent misuse of the PK object.
-* It is only available under `MBEDTLS_USE_PSA_CRYPTO`. This is not a priority concern, since we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA. However, this function is useful to use specific PSA keys in X.509/TLS regardless of whether X.509/TLS use the PSA API for all cryptographic operations, so this is a wart in the current API.
-
-It therefore appears that we need two ways to “convert” a PSA key to PK:
-
-* Wrapping, which is what `mbedtls_pk_setup_opaque` does. This works for any PSA key but is limited by the key's lifetime and creates a PK object with limited functionality.
-* Copying, which requires a new function. This requires an exportable key but creates a fully independent, fully functional PK object.
-
-Gap: a way to copy a PSA key into a PK context. This can only be expected to work if the PSA key is exportable.
-
-After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. We only want to generalize it to non-`MBEDTLS_USE_PSA_CRYPTO` and to document it better.
-
-#### Signature formats
-
-The pk module uses signature formats intended for X.509. The PSA module uses the simplest sensible signature format.
-
-* For RSA, the formats are the same.
-* For ECDSA, PSA uses a fixed-size concatenation of (r,s), whereas X.509 and pk use an ASN.1 DER encoding of the sequence (r,s).
-
-Gap: We need APIs to convert between these two formats. The conversion code already exists under the hood, but it's in pieces that can't be called directly.
-
-There is a design choice here: do we provide conversions functions for ECDSA specifically, or do we provide conversion functions that take an algorithm as argument and just happen to be a no-op with RSA? One factor is plausible extensions. These conversions functions will remain useful in Mbed TLS 4.x and perhaps beyond. We will at least add EdDSA support, and its signature encoding is the fixed-size concatenation (r,s) even in X.509. We may well also add support for some post-quantum signatures, and their concrete format is still uncertain.
-
-Given the uncertainty, it would be nice to provide a sufficiently generic interface to convert between the PSA and the pk signature format, parametrized by the algorithm. However, it is difficult to predict exactly what parameters are needed. For example, converting from an ASN.1 ECDSA signature to (r,s) requires the knowledge of the curve, or at least the curve's size. Therefore we are not going to add a generic function at this stage.
-
-For ECDSA, there are two plausible APIs: follow the ASN.1/X.509 write/parse APIs, or present an ordinary input/output API. The ASN.1 APIs are the way they are to accommodate nested TLV structures. But ECDSA signatures do not appear nested in TLV structures in either TLS (there's just a signature field) or X.509 (the signature is inside a BITSTRING, not directly in a SEQUENCE). So there does not seem to be a need for an ASN.1-like API for the ASN.1 format, just the format conversion itself in a buffer that just contains the signature.
-
-#### Asymmetric cryptography TODO
-
-[TODO] Other gaps?
-
-## New APIs
-
-This section presents new APIs to implement based on the [gap analysis](#gap-analysis).
-
-### General notes
-
-Each action to implement a function entails:
-
-* Implement the library function.
-* Document it precisely, including error conditions.
-* Unit-test it.
-* Mention it where relevant in the PSA transition guide.
-
-### Hash APIs
-
-Based on the [gap analysis](#hash-gap-analysis):
-
-[ACTION] [#8340](https://github.com/Mbed-TLS/mbedtls/issues/8340) Move `mbedtls_md_psa_alg_from_type` and `mbedtls_md_type_from_psa_alg` from `library/md_psa.h` to `include/mbedtls/md.h`.
-
-### MAC APIs
-
-[TODO]
-
-### Cipher and AEAD APIs
-
-[TODO]
-
-### Key derivation APIs
-
-[TODO]
-
-### Random generation APIs
-
-[TODO]
-
-### Asymmetric cryptography APIs
-
-#### Asymmetric cryptography metadata APIs
-
-Based on the [gap analysis](#asymmetric-cryptography-metadata):
-
-* No further work is needed about RSA specifically. The amount of metadata other than hashes is sufficiently small to be handled in ad hoc ways in applications, and hashes have [their own conversions](#hash-apis).
-* No further work is needed about ECC specifically. We have just added adequate functions.
-* No further work is needed about DHM specifically. There is no good way to translate the relevant information.
-* [OPEN] Is there a decent way to convert between `mbedtls_pk_type_t` plus extra information, and `psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with different splits between key type, policy information and operation algorithm.
- Thinking so far: there isn't really a nice way to present this conversion. For a specific key, `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_copy_from_psa` do the job.
-
-#### API to create a PSA key from a PK context
-
-Based on the [gap analysis](#using-a-legacy-key-pair-or-public-key-with-psa):
-
-Given an `mbedtls_pk_context`, we want a function that creates a PSA key with the same key material and algorithm. “Same key material” is straightforward, but “same algorithm” is not, because a PK context has incomplete algorithm information. For example, there is no way to distinguish between an RSA key that is intended for signature or for encryption. Between algorithms of the same nature, there is no way to distinguish a key intended for PKCS#1v1.5 and one intended for PKCS#1v2.1 (OAEP/PSS): this is indicated in the underlying RSA context, but the indication there is only a default that can be overridden by calling `mbedtls_pk_{sign,verify}_ext`. Also there is no way to distinguish between `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)` and `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`: in the legacy interface, this is only determined when actually doing a signature/verification operation. Therefore the function that creates the PSA key needs extra information to indicate which algorithm to put in the key's policy.
-
-When creating a PSA key, apart from the key material, the key is determined by attributes, which fall under three categories:
-
-* Type and size. These are directly related to the key material and can be deduced from it if the key material is in a structured format, which is the case with an `mbedtls_pk_context` input.
-* Policy. This includes the chosen algorithm, which as discussed above cannot be fully deduced from the `mbedtls_pk_context` object. Just choosing one algorithm is problematic because it doesn't allow implementation-specific extensions, such as Mbed TLS's enrollment algorithm. The intended usage flags cannot be deduced from the PK context either, but the conversion function could sensibly just enable all the relevant usage flags. Users who want a more restrictive usage can call `psa_copy_key` and `psa_destroy_key` to obtain a PSA key object with a more restrictive usage.
-* Persistence and location. This is completely orthogonal to the information from the `mbedtls_pk_context` object. It is convenient, but not necessary, for the conversion function to allow customizing these aspects. If it doesn't, users can call the conversion function and then call `psa_copy_key` and `psa_destroy_key` to move the key to its desired location.
-
-To allow the full flexibility around policies, and make the creation of a persistent key more convenient, the conversion function shall take a `const psa_key_attributes_t *` input, like all other functions that create a PSA key. In addition, there shall be a helper function to populate a `psa_key_attributes_t` with a sensible default. This lets the caller choose a more flexible, or just different usage policy, unlike the default-then-copy approach which only allows restricting the policy.
-
-This is close to the existing function `mbedtls_pk_wrap_as_opaque`, but does not bake in the implementation-specific consideration that a PSA key has exactly two algorithms, and also allows the caller to benefit from default for the policy in more cases.
-
-[ACTION] [#8708](https://github.com/Mbed-TLS/mbedtls/issues/8708) Implement `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_import_into_psa` as described below. These functions are available whenever `MBEDTLS_PK_C` and `MBEDTLS_PSA_CRYPTO_CLIENT` are both defined. Deprecate `mbedtls_pk_wrap_as_opaque`.
-
-```
-int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
- psa_key_usage_flags_t usage,
- psa_key_attributes_t *attributes);
-int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
- const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *key_id);
-```
-
-* `mbedtls_pk_get_psa_attributes` does not change the id/lifetime fields of the attributes (which indicate a volatile key by default).
- * [OPEN] Or should it reset them to 0? Resetting is more convenient for the case where the pk key is a `MBEDTLS_PK_OPAQUE`. But that's an uncommon use case. It's probably less surprising if this function leaves the lifetime-related alone, since its job is to set the type-related and policy-related attributes.
-* `mbedtls_pk_get_psa_attributes` sets the type and size based on what's in the pk context.
- * The key type is a key pair if the context contains a private key and the indicated usage is a private-key usage. The key type is a public key if the context only contains a public key, in which case a private-key usage is an error.
-* `mbedtls_pk_get_psa_attributes` sets the usage flags based on the `usage` parameter. It extends the usage to other usage that is possible:
- * `EXPORT` and `COPY` are always set.
- * If `SIGN_{HASH,MESSAGE}` is set then so is `VERIFY_{HASH,MESSAGE}`.
- * If `DECRYPT` is set then so is `ENCRYPT`.
- * It is an error if `usage` has more than one flag set, or has a usage that is incompatible with the key type.
-* `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key object and on `usage`.
- * For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_PKCS1V15_CRYPT` for an encrypt/decrypt usage.
- * For an RSA key with the `MBEDTLS_RSA_PKCS_V21` padding mode, the algorithm policy is `PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_OAEP(hash)` for an encrypt/decrypt usage where `hash` is from the RSA key's parameters. (Note that `PSA_ALG_ANY_HASH` is only allowed in signature algorithms.)
- * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDSA` with a sign/verify usage, the algorithm policy is `PSA_ALG_DETERMINISTIC_ECDSA` if `MBEDTLS_ECDSA_DETERMINISTIC` is enabled and `PSA_ALG_ECDSA` otherwise. In either case, the hash policy is `PSA_ALG_ANY_HASH`.
- * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDKEY_DH` with the usage `PSA_KEY_USAGE_DERIVE`, the algorithm is `PSA_ALG_ECDH`.
- * For a `MBEDTLS_PK_OPAQUE`, this function reads the attributes of the existing PK key and copies them (without overriding the lifetime and key identifier in `attributes`), then applies a public-key restriction if needed.
- * Public-key restriction: if `usage` is a public-key usage, change the type to the corresponding public-key type, and remove private-key usage flags from the usage flags read from the existing key.
-* `mbedtls_pk_import_into_psa` checks that the type field in the attributes is consistent with the content of the `mbedtls_pk_context` object (RSA/ECC, and availability of the private key).
- * The key type can be a public key even if the private key is available.
-* `mbedtls_pk_import_into_psa` does not need to check the bit-size in the attributes: `psa_import_key` will do enough checks.
-* `mbedtls_pk_import_into_psa` does not check that the policy in the attributes is sensible. That's on the user.
-
-#### API to copy a PSA key to a PK context
-
-Based on the [gap analysis](#using-a-psa-key-as-a-pk-context):
-
-[ACTION] [#8709](https://github.com/Mbed-TLS/mbedtls/issues/8709) Implement `mbedtls_pk_copy_from_psa` as described below.
-
-```
-int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id,
- mbedtls_pk_context *pk);
-```
-
-* `pk` must be initialized, but not set up.
-* It is an error if the key is neither a key pair nor a public key.
-* It is an error if the key is not exportable.
-* The resulting pk object has a transparent type, not `MBEDTLS_PK_OPAQUE`. That's `MBEDTLS_PK_RSA` for RSA keys (since pk objects don't use `MBEDTLS_PK_RSASSA_PSS` as a type), and `MBEDTLS_PK_ECKEY` for ECC keys (following the example of pkparse).
-* Once this function returns, the pk object is completely independent of the PSA key.
-* Calling `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt` on the resulting pk context will perform an algorithm that is compatible with the PSA key's primary algorithm policy (`psa_get_key_algorithm`) if that is a matching operation type (sign/verify, encrypt/decrypt), but with no restriction on the hash (as if the policy had `PSA_ALG_ANY_HASH` instead of a specific hash, and with `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` merged with `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`).
- * For ECDSA, the choice of deterministic vs randomized will be based on the compile-time setting `MBEDTLS_ECDSA_DETERMINISTIC`, like `mbedtls_pk_sign` today.
- * For an RSA key, the output key will allow both encrypt/decrypt and sign/verify regardless of the original key's policy. The original key's policy determines the output key's padding mode.
- * The primary intent of this requirement is to allow an application to switch to PSA for creating the key material (for example to benefit from a PSA accelerator driver, or to start using a secure element), without modifying the code that consumes the key. For RSA keys, the PSA primary algorithm policy is how one conveys the same information as RSA key padding information in the legacy API. Convey this in the documentation.
-
-#### API to create a PK object that wraps a PSA key
-
-Based on the [gap analysis](#using-a-psa-key-as-a-pk-context):
-
-[ACTION] [#8712](https://github.com/Mbed-TLS/mbedtls/issues/8712) Clarify the documentation of `mbedtls_pk_setup_opaque` regarding which algorithms the resulting key will perform with `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt`.
-
-[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, not just when `MBEDTLS_USE_PSA_CRYPTO` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly.
-
-[OPEN] What about `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext`?
-
-#### API to convert between signature formats
-
-Based on the [gap analysis](#signature-formats):
-
-[ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below.
-
-```
-int mbedtls_ecdsa_raw_to_der(size_t bits,
- const unsigned char *raw, size_t raw_len,
- unsigned char *der, size_t der_size, size_t *der_len);
-int mbedtls_ecdsa_der_to_raw(size_t bits,
- const unsigned char *der, size_t der_len,
- unsigned char *raw, size_t raw_size, size_t *raw_len);
-```
-
-* These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`.
-* The input and output buffers can overlap.
-* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice.
-* Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015).
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index 29d7c53..8f6b606 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -1,7 +1,8 @@
This document lists current limitations of the PSA Crypto API (as of version
1.1) that may impact our ability to (1) use it for all crypto operations in
TLS and X.509 and (2) support isolation of all long-term secrets in TLS (that
-is, goals G1 and G2 in [strategy.md](strategy.md) in the same directory).
+is, goals G1 and G2 in
+[strategy.md](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/architecture/psa-migration/strategy.md)).
This is supposed to be a complete list, based on a exhaustive review of crypto
operations done in TLS and X.509 code, but of course it's still possible that
@@ -21,11 +22,11 @@
- <https://github.com/Mbed-TLS/mbedtls/issues/7293>;
- <https://github.com/Mbed-TLS/mbedtls/issues/7294>.
-Currently, when `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_ECP_RESTARTABLE` are
-both enabled, some operations that should be restartable are not (ECDH in TLS
-1.2 clients using ECDHE-ECDSA), as they are using PSA instead, and some
-operations that should use PSA do not (signature generation & verification) as
-they use the legacy API instead, in order to get restartable behaviour.
+Currently, when `MBEDTLS_ECP_RESTARTABLE` is enabled, some operations that
+should be restartable are not (ECDH in TLS 1.2 clients using ECDHE-ECDSA), as
+they are using PSA instead, and some operations that should use PSA do not
+(signature generation & verification) as they use the legacy API instead, in
+order to get restartable behaviour.
Things that are in the API but not implemented yet
--------------------------------------------------
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
deleted file mode 100644
index b985a77..0000000
--- a/docs/architecture/psa-migration/strategy.md
+++ /dev/null
@@ -1,486 +0,0 @@
-This document explains the strategy that was used so far in starting the
-migration to PSA Crypto and mentions future perspectives and open questions.
-
-Goals
-=====
-
-Several benefits are expected from migrating to PSA Crypto:
-
-G1. Use PSA Crypto drivers when available.
-G2. Allow isolation of long-term secrets (for example, private keys).
-G3. Allow isolation of short-term secrets (for example, TLS session keys).
-G4. Have a clean, unified API for Crypto (retire the legacy API).
-G5. Code size: compile out our implementation when a driver is available.
-
-As of Mbed TLS 3.2, most of (G1) and all of (G2) is implemented when
-`MBEDTLS_USE_PSA_CRYPTO` is enabled. For (G2) to take effect, the application
-needs to be changed to use new APIs. For a more detailed account of what's
-implemented, see `docs/use-psa-crypto.md`, where new APIs are about (G2), and
-internal changes implement (G1).
-
-As of early 2023, work towards G5 is in progress: Mbed TLS 3.3 and 3.4 saw
-some improvements in this area, and more will be coming in future releases.
-
-Generally speaking, the numbering above doesn't mean that each goal requires
-the preceding ones to be completed.
-
-
-Compile-time options
-====================
-
-We currently have a few compile-time options that are relevant to the migration:
-
-- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA
- Crypto APIs.
-- `MBEDTLS_USE_PSA_CRYPTO` - disabled by default (enabled in "full" config),
- controls usage of PSA Crypto APIs to perform operations in X.509 and TLS
-(G1 above), as well as the availability of some new APIs (G2 above).
-- `PSA_CRYPTO_CONFIG` - disabled by default, supports builds with drivers and
- without the corresponding software implementation (G5 above).
-
-The reasons why `MBEDTLS_USE_PSA_CRYPTO` is optional and disabled by default
-are:
-- it's not fully compatible with `MBEDTLS_ECP_RESTARTABLE`: you can enable
- both, but then you won't get the full effect of RESTARTBLE (see the
-documentation of this option in `mbedtls_config.h`);
-- to avoid a hard/default dependency of TLS, X.509 and PK on
- `MBEDTLS_PSA_CRYPTO_C`, for backward compatibility reasons:
- - When `MBEDTLS_PSA_CRYPTO_C` is enabled and used, applications need to call
- `psa_crypto_init()` before TLS/X.509 uses PSA functions. (This prevents us
-from even enabling the option by default.)
- - `MBEDTLS_PSA_CRYPTO_C` has a hard dependency on `MBEDTLS_ENTROPY_C ||
- MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` but it's
- currently possible to compile TLS and X.509 without any of the options.
- Also, we can't just auto-enable `MBEDTLS_ENTROPY_C` as it doesn't build
- out of the box on all platforms, and even less
- `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as it requires a user-provided RNG
- function.
-
-The downside of this approach is that until we are able to make
-`MBDEDTLS_USE_PSA_CRYPTO` non-optional (always enabled), we have to maintain
-two versions of some parts of the code: one using PSA, the other using the
-legacy APIs. However, see next section for strategies that can lower that
-cost. The rest of this section explains the reasons for the
-incompatibilities mentioned above.
-
-At the time of writing (early 2022) it is unclear what could be done about the
-backward compatibility issues, and in particular if the cost of implementing
-solutions to these problems would be higher or lower than the cost of
-maintaining dual code paths until the next major version. (Note: these
-solutions would probably also solve other problems at the same time.)
-
-### `MBEDTLS_ECP_RESTARTABLE`
-
-Currently this option controls not only the presence of restartable APIs in
-the crypto library, but also their use in the TLS and X.509 layers. Since PSA
-Crypto does not support restartable operations, there's a clear conflict: the
-TLS and X.509 layers can't both use only PSA APIs and get restartable
-behaviour.
-
-Support for restartable (aka interruptible) ECDSA sign/verify operation was
-added to PSA in Mbed TLS 3.4, but support for ECDH is not present yet.
-
-It will then require follow-up work to make use of the new PSA APIs in
-PK/X.509/TLS in all places where we currently allow restartable operations.
-
-### Backward compatibility issues with making `MBEDTLS_USE_PSA_CRYPTO` always on
-
-1. Existing applications may not be calling `psa_crypto_init()` before using
- TLS, X.509 or PK. We can try to work around that by calling (the relevant
-part of) it ourselves under the hood as needed, but that would likely require
-splitting init between the parts that can fail and the parts that can't (see
-<https://github.com/ARM-software/psa-crypto-api/pull/536> for that).
-2. It's currently not possible to enable `MBEDTLS_PSA_CRYPTO_C` in
- configurations that don't have `MBEDTLS_ENTROPY_C`, and we can't just
-auto-enable the latter, as it won't build or work out of the box on all
-platforms. There are two kinds of things we'd need to do if we want to work
-around that:
- 1. Make it possible to enable the parts of PSA Crypto that don't require an
- RNG (typically, public key operations, symmetric crypto, some key
-management functions (destroy etc)) in configurations that don't have
-`ENTROPY_C`. This requires going through the PSA code base to adjust
-dependencies. Risk: there may be annoying dependencies, some of which may be
-surprising.
- 2. For operations that require an RNG, provide an alternative function
- accepting an explicit `f_rng` parameter (see #5238), that would be
-available in entropy-less builds. (Then code using those functions still needs
-to have one version using it, for entropy-less builds, and one version using
-the standard function, for driver support in build with entropy.)
-
-See <https://github.com/Mbed-TLS/mbedtls/issues/5156>.
-
-Taking advantage of the existing abstractions layers - or not
-=============================================================
-
-The Crypto library in Mbed TLS currently has 3 abstraction layers that offer
-algorithm-agnostic APIs for a class of algorithms:
-
-- MD for messages digests aka hashes (including HMAC)
-- Cipher for symmetric ciphers (included AEAD)
-- PK for asymmetric (aka public-key) cryptography (excluding key exchange)
-
-Note: key exchange (FFDH, ECDH) is not covered by an abstraction layer.
-
-These abstraction layers typically provide, in addition to the API for crypto
-operations, types and numerical identifiers for algorithms (for
-example `mbedtls_cipher_mode_t` and its values). The
-current strategy is to keep using those identifiers in most of the code, in
-particular in existing structures and public APIs, even when
-`MBEDTLS_USE_PSA_CRYPTO` is enabled. (This is not an issue for G1, G2, G3
-above, and is only potentially relevant for G4.)
-
-The are multiple strategies that can be used regarding the place of those
-layers in the migration to PSA.
-
-Silently call to PSA from the abstraction layer
------------------------------------------------
-
-- Provide a new definition (conditionally on `USE_PSA_CRYPTO`) of wrapper
- functions in the abstraction layer, that calls PSA instead of the legacy
-crypto API.
-- Upside: changes contained to a single place, no need to change TLS or X.509
- code anywhere.
-- Downside: tricky to implement if the PSA implementation is currently done on
- top of that layer (dependency loop).
-
-This strategy is currently (early 2023) used for all operations in the PK
-layer; the MD layer uses a variant where it dispatches to PSA if a driver is
-available and the driver subsystem has been initialized, regardless of whether
-`USE_PSA_CRYPTO` is enabled; see `md-cipher-dispatch.md` in the same directory
-for details.
-
-This strategy is not very well suited to the Cipher layer, as the PSA
-implementation is currently done on top of that layer.
-
-This strategy will probably be used for some time for the PK layer, while we
-figure out what the future of that layer is: parts of it (parse/write, ECDSA
-signatures in the format that X.509 & TLS want) are not covered by PSA, so
-they will need to keep existing in some way. (Also, the PK layer is a good
-place for dispatching to either PSA or `mbedtls_xxx_restartable` while that
-part is not covered by PSA yet, if we decide to do that.)
-
-Replace calls for each operation
---------------------------------
-
-- For every operation that's done through this layer in TLS or X.509, just
- replace function call with calls to PSA (conditionally on `USE_PSA_CRYPTO`)
-- Upside: conceptually simple, and if the PSA implementation is currently done
- on top of that layer, avoids concerns about dependency loops.
-- Upside: opens the door to building TLS/X.509 without that layer, saving some
- code size.
-- Downside: TLS/X.509 code has to be done for each operation.
-
-This strategy is currently (early 2023) used for the MD layer and the Cipher
-layer in X.509 and TLS. Crypto modules however always call to MD which may
-then dispatch to PSA, see `md-cipher-dispatch.md`.
-
-Opt-in use of PSA from the abstraction layer
---------------------------------------------
-
-- Provide a new way to set up a context that causes operations on that context
- to be done via PSA.
-- Upside: changes mostly contained in one place, TLS/X.509 code only needs to
- be changed when setting up the context, but not when using it. In
- particular, no changes to/duplication of existing public APIs that expect a
- key to be passed as a context of this layer (eg, `mbedtls_pk_context`).
-- Upside: avoids dependency loop when PSA implemented on top of that layer.
-- Downside: when the context is typically set up by the application, requires
- changes in application code.
-
-This strategy is not useful when no context is used, for example with the
-one-shot function `mbedtls_md()`.
-
-There are two variants of this strategy: one where using the new setup
-function also allows for key isolation (the key is only held by PSA,
-supporting both G1 and G2 in that area), and one without isolation (the key is
-still stored outside of PSA most of the time, supporting only G1).
-
-This strategy, with support for key isolation, is currently (early 2022) used for
-private-key operations in the PK layer - see `mbedtls_pk_setup_opaque()`. This
-allows use of PSA-held private ECDSA keys in TLS and X.509 with no change to
-the TLS/X.509 code, but a contained change in the application.
-
-This strategy, without key isolation, was also previously used (until 3.1
-included) in the Cipher layer - see `mbedtls_cipher_setup_psa()`. This allowed
-use of PSA for cipher operations in TLS with no change to the application
-code, and a contained change in TLS code. (It only supported a subset of
-ciphers.)
-
-Note: for private key operations in the PK layer, both the "silent" and the
-"opt-in" strategy can apply, and can complement each other, as one provides
-support for key isolation, but at the (unavoidable) code of change in
-application code, while the other requires no application change to get
-support for drivers, but fails to provide isolation support.
-
-Summary
--------
-
-Strategies currently (early 2022) used with each abstraction layer:
-
-- PK (for G1): silently call PSA
-- PK (for G2): opt-in use of PSA (new key type)
-- Cipher (G1): replace calls at each call site
-- MD (G1, X.509 and TLS): replace calls at each call site (depending on
- `USE_PSA_CRYPTO`)
-- MD (G5): silently call PSA when a driver is available, see
- `md-cipher-dispatch.md`.
-
-
-Supporting builds with drivers without the software implementation
-==================================================================
-
-This section presents a plan towards G5: save code size by compiling out our
-software implementation when a driver is available.
-
-Let's expand a bit on the definition of the goal: in such a configuration
-(driver used, software implementation and abstraction layer compiled out),
-we want:
-
-a. the library to build in a reasonably-complete configuration,
-b. with all tests passing,
-c. and no more tests skipped than the same configuration with software
- implementation.
-
-Criterion (c) ensures not only test coverage, but that driver-based builds are
-at feature parity with software-based builds.
-
-We can roughly divide the work needed to get there in the following steps:
-
-0. Have a working driver interface for the algorithms we want to replace.
-1. Have users of these algorithms call to PSA or an abstraction layer than can
- dispatch to PSA, but not the low-level legacy API, for all operations.
-(This is G1, and for PK, X.509 and TLS this is controlled by
-`MBEDTLS_USE_PSA_CRYPTO`.) This needs to be done in the library and tests.
-2. Have users of these algorithms not depend on the legacy API for information
- management (getting a size for a given algorithm, etc.)
-3. Adapt compile-time guards used to query availability of a given algorithm;
- this needs to be done in the library (for crypto operations and data) and
-tests.
-
-Note: the first two steps enable use of drivers, but not by themselves removal
-of the software implementation.
-
-Note: the fact that step 1 is not achieved for all of libmbedcrypto (see
-below) is the reason why criterion (a) has "a reasonably-complete
-configuration", to allow working around internal crypto dependencies when
-working on other parts such as X.509 and TLS - for example, a configuration
-without RSA PKCS#1 v2.1 still allows reasonable use of X.509 and TLS.
-
-Note: this is a conceptual division that will sometimes translate to how the
-work is divided into PRs, sometimes not. For example, in situations where it's
-not possible to achieve good test coverage at the end of step 1 or step 2, it
-is preferable to group with the next step(s) in the same PR until good test
-coverage can be reached.
-
-**Status as of end of March 2023 (shortly after 3.4):**
-
-- Step 0 is achieved for most algorithms, with only a few gaps remaining.
-- Step 1 is achieved for most of PK, X.509, and TLS when
- `MBEDTLS_USE_PSA_CRYPTO` is enabled with only a few gaps remaining (see
- docs/use-psa-crypto.md).
-- Step 1 is achieved for the crypto library regarding hashes: everything uses
- MD (not low-level hash APIs), which then dispatches to PSA if applicable.
-- Step 1 is not achieved for all of the crypto library when it come to
- ciphers. For example,`ctr_drbg.c` calls the legacy API `mbedtls_aes`.
-- Step 2 is achieved for most of X.509 and TLS (same gaps as step 1) when
- `MBEDTLS_USE_PSA_CRYPTO` is enabled.
-- Step 3 is done for hashes and top-level ECC modules (ECDSA, ECDH, ECJPAKE).
-
-**Strategy for step 1:**
-
-Regarding PK, X.509, and TLS, this is mostly achieved with only a few gaps.
-(The strategy was outlined in the previous section.)
-
-Regarding libmbedcrypto:
-- for hashes and ciphers, see `md-cipher-dispatch.md` in the same directory;
-- for ECC, we have no internal uses of the top-level algorithms (ECDSA, ECDH,
- ECJPAKE), however they all depend on `ECP_C` which in turn depends on
-`BIGNUM_C`. So, direct calls from TLS, X.509 and PK to ECP and Bignum will
-need to be replaced; see <https://github.com/Mbed-TLS/mbedtls/issues/6839> and
-linked issues for a summary of intermediate steps and open points.
-
-**Strategy for step 2:**
-
-The most satisfying situation here is when we can just use the PSA Crypto API
-for information management as well. However sometimes it may not be
-convenient, for example in parts of the code that accept old-style identifiers
-(such as `mbedtls_md_type_t`) in their API and can't assume PSA to be
-compiled in (such as `rsa.c`).
-
-When using an existing abstraction layer such as MD, it can provide
-information management functions. In other cases, information that was in a
-low-level module but logically belongs in a higher-level module can be moved
-to that module (for example, TLS identifiers of curves and there conversion
-to/from PSA or legacy identifiers belongs in TLS, not `ecp.c`).
-
-**Strategy for step 3:**
-
-There are currently two (complementary) ways for crypto-using code to check if a
-particular algorithm is supported: using `MBEDTLS_xxx` macros, and using
-`PSA_WANT_xxx` macros. For example, PSA-based code that want to use SHA-256
-will check for `PSA_WANT_ALG_SHA_256`, while legacy-based code that wants to
-use SHA-256 will check for `MBEDTLS_SHA256_C` if using the `mbedtls_sha256`
-API, or for `MBEDTLS_MD_C && MBEDTLS_SHA256_C` if using the `mbedtls_md` API.
-
-Code that obeys `MBEDTLS_USE_PSA_CRYPTO` will want to use one of the two
-dependencies above depending on whether `MBEDTLS_USE_PSA_CRYPTO` is defined:
-if it is, the code want the algorithm available in PSA, otherwise, it wants it
-available via the legacy API(s) is it using (MD and/or low-level).
-
-As much as possible, we're trying to create for each algorithm a single new
-macro that can be used to express dependencies everywhere (except pure PSA
-code that should always use `PSA_WANT`). For example, for hashes this is the
-`MBEDTLS_MD_CAN_xxx` family. For ECC algorithms, we have similar
-`MBEDTLS_PK_CAN_xxx` macros.
-
-Note that in order to achieve that goal, even for code that obeys
-`USE_PSA_CRYPTO`, it is useful to impose that all algorithms that are
-available via the legacy APIs are also available via PSA.
-
-Executing step 3 will mostly consist of using the right dependency macros in
-the right places (once the previous steps are done).
-
-**Note on testing**
-
-Since supporting driver-only builds is not about adding features, but about
-supporting existing features in new types of builds, testing will not involve
-adding cases to the test suites, but instead adding new components in `all.sh`
-that build and run tests in newly-supported configurations. For example, if
-we're making some part of the library work with hashes provided only by
-drivers when `MBEDTLS_USE_PSA_CRYPTO` is defined, there should be a place in
-`all.sh` that builds and run tests in such a configuration.
-
-There is however a risk, especially in step 3 where we change how dependencies
-are expressed (sometimes in bulk), to get things wrong in a way that would
-result in more tests being skipped, which is easy to miss. Care must be
-taken to ensure this does not happen. The following criteria can be used:
-
-1. The sets of tests skipped in the default config and the full config must be
- the same before and after the PR that implements step 3. This is tested
-manually for each PR that changes dependency declarations by using the script
-`outcome-analysis.sh` in the present directory.
-2. The set of tests skipped in the driver-only build is the same as in an
- equivalent software-based configuration. This is tested automatically by the
-CI in the "Results analysis" stage, by running
-`tests/scripts/analyze_outcomes.py`. See the
-`analyze_driver_vs_reference_xxx` actions in the script and the comments above
-their declaration for how to do that locally.
-
-
-Migrating away from the legacy API
-==================================
-
-This section briefly introduces questions and possible plans towards G4,
-mainly as they relate to choices in previous stages.
-
-The role of the PK/Cipher/MD APIs in user migration
----------------------------------------------------
-
-We're currently taking advantage of the existing PK layer in order
-to reduce the number of places where library code needs to be changed. It's
-only natural to consider using the same strategy (with the PK, MD and Cipher
-layers) for facilitating migration of application code.
-
-Note: a necessary first step for that would be to make sure PSA is no longer
-implemented of top of the concerned layers
-
-### Zero-cost compatibility layer?
-
-The most favourable case is if we can have a zero-cost abstraction (no
-runtime, RAM usage or code size penalty), for example just a bunch of
-`#define`s, essentially mapping `mbedtls_` APIs to their `psa_` equivalent.
-
-Unfortunately that's unlikely to fully work. For example, the MD layer uses the
-same context type for hashes and HMACs, while the PSA API (rightfully) has
-distinct operation types. Similarly, the Cipher layer uses the same context
-type for unauthenticated and AEAD ciphers, which again the PSA API
-distinguishes.
-
-It is unclear how much value, if any, a zero-cost compatibility layer that's
-incomplete (for example, for MD covering only hashes, or for Cipher covering
-only AEAD) or differs significantly from the existing API (for example,
-introducing new context types) would provide to users.
-
-### Low-cost compatibility layers?
-
-Another possibility is to keep most or all of the existing API for the PK, MD
-and Cipher layers, implemented on top of PSA, aiming for the lowest possible
-cost. For example, `mbedtls_md_context_t` would be defined as a (tagged) union
-of `psa_hash_operation_t` and `psa_mac_operation_t`, then `mbedtls_md_setup()`
-would initialize the correct part, and the rest of the functions be simple
-wrappers around PSA functions. This would vastly reduce the complexity of the
-layers compared to the existing (no need to dispatch through function
-pointers, just call the corresponding PSA API).
-
-Since this would still represent a non-zero cost, not only in terms of code
-size, but also in terms of maintenance (testing, etc.) this would probably
-be a temporary solution: for example keep the compatibility layers in 4.0 (and
-make them optional), but remove them in 5.0.
-
-Again, this provides the most value to users if we can manage to keep the
-existing API unchanged. Their might be conflicts between this goal and that of
-reducing the cost, and judgment calls may need to be made.
-
-Note: when it comes to holding public keys in the PK layer, depending on how
-the rest of the code is structured, it may be worth holding the key data in
-memory controlled by the PK layer as opposed to a PSA key slot, moving it to a
-slot only when needed (see current `ecdsa_verify_wrap` when
-`MBEDTLS_USE_PSA_CRYPTO` is defined) For example, when parsing a large
-number, N, of X.509 certificates (for example the list of trusted roots), it
-might be undesirable to use N PSA key slots for their public keys as long as
-the certs are loaded. OTOH, this could also be addressed by merging the "X.509
-parsing on-demand" (#2478), and then the public key data would be held as
-bytes in the X.509 CRT structure, and only moved to a PK context / PSA slot
-when it's actually used.
-
-Note: the PK layer actually consists of two relatively distinct parts: crypto
-operations, which will be covered by PSA, and parsing/writing (exporting)
-from/to various formats, which is currently not fully covered by the PSA
-Crypto API.
-
-### Algorithm identifiers and other identifiers
-
-It should be easy to provide the user with a bunch of `#define`s for algorithm
-identifiers, for example `#define MBEDTLS_MD_SHA256 PSA_ALG_SHA_256`; most of
-those would be in the MD, Cipher and PK compatibility layers mentioned above,
-but there might be some in other modules that may be worth considering, for
-example identifiers for elliptic curves.
-
-### Lower layers
-
-Generally speaking, we would retire all of the low-level, non-generic modules,
-such as AES, SHA-256, RSA, DHM, ECDH, ECP, bignum, etc, without providing
-compatibility APIs for them. People would be encouraged to switch to the PSA
-API. (The compatibility implementation of the existing PK, MD, Cipher APIs
-would mostly benefit people who already used those generic APis rather than
-the low-level, alg-specific ones.)
-
-### APIs in TLS and X.509
-
-Public APIs in TLS and X.509 may be affected by the migration in at least two
-ways:
-
-1. APIs that rely on a legacy `mbedtls_` crypto type: for example
- `mbedtls_ssl_conf_own_cert()` to configure a (certificate and the
-associated) private key. Currently the private key is passed as a
-`mbedtls_pk_context` object, which would probably change to a `psa_key_id_t`.
-Since some users would probably still be using the compatibility PK layer, it
-would need a way to easily extract the PSA key ID from the PK context.
-
-2. APIs the accept list of identifiers: for example
- `mbedtls_ssl_conf_curves()` taking a list of `mbedtls_ecp_group_id`s. This
-could be changed to accept a list of pairs (`psa_ecc_family_t`, size) but we
-should probably take this opportunity to move to a identifier independent from
-the underlying crypto implementation and use TLS-specific identifiers instead
-(based on IANA values or custom enums), as is currently done in the new
-`mbedtls_ssl_conf_groups()` API, see #4859).
-
-Testing
--------
-
-An question that needs careful consideration when we come around to removing
-the low-level crypto APIs and making PK, MD and Cipher optional compatibility
-layers is to be sure to preserve testing quality. A lot of the existing test
-cases use the low level crypto APIs; we would need to either keep using that
-API for tests, or manually migrate tests to the PSA Crypto API. Perhaps a
-combination of both, perhaps evolving gradually over time.
diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh
index 6c9686e..0fc55dd 100755
--- a/docs/architecture/psa-migration/syms.sh
+++ b/docs/architecture/psa-migration/syms.sh
@@ -11,7 +11,7 @@
#
# Usage:
# - build the library with debug symbols and the config you're interested in
-# (default, full minus MBEDTLS_USE_PSA_CRYPTO, full, etc.)
+# (default, full, etc.)
# - launch this script with 1 or more arguments depending on the analysis' goal:
# - if only 1 argument is used (which is the name of the used config,
# ex: full), then the analysis is done on libmbedx509 and libmbedtls
diff --git a/docs/architecture/psa-migration/testing.md b/docs/architecture/psa-migration/testing.md
deleted file mode 100644
index f205c16..0000000
--- a/docs/architecture/psa-migration/testing.md
+++ /dev/null
@@ -1,99 +0,0 @@
-Testing strategy for `MBEDTLS_USE_PSA_CRYPTO`
-=============================================
-
-This document records the testing strategy used so far in implementing
-`MBEDTLS_USE_PSA_CRYPTO`.
-
-
-General considerations
-----------------------
-
-There needs to be at least one build in `all.sh` that enables
-`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's
-ensured by the fact that `scripts/config.py full` enables
-`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with
-`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's
-ensured by the fact that it's disabled in the default config.
-
-Generally, code review is enough to ensure that PSA APIs are indeed used where
-they should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
-
-However, when it comes to TLS, we also have the option of using debug messages
-to confirm which code path is taken. This is generally unnecessary, except when
-a decision is made at run-time about whether to use the PSA or legacy code
-path. (For example, for record protection, previously (until 3.1), some ciphers were supported
-via PSA while some others weren't, with a run-time fallback. In this case, it's
-good to have a debug message checked by the test case to confirm that the
-right decision was made at run-time, i. e. that we didn't use the fallback for
-ciphers that are supposed to be supported.)
-
-
-New APIs meant for application use
-----------------------------------
-
-For example, `mbedtls_pk_setup_opaque()` is meant to be used by applications
-in order to create PK contexts that can then be passed to existing TLS and
-X.509 APIs (which remain unchanged).
-
-In that case, we want:
-
-- unit testing of the new API and directly-related APIs - for example:
- - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises
- `mbedtls_pk_setup_opaque()` and checks that various utility functions
- (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to
- fail (`mbedtls_pk_verify()` etc) return the expected error.
- - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to
- check that signature generation works as expected
- - in `test_suite_pkwrite` we should have a new test function checking that
- exporting (writing out) the public part of the key works as expected and
- that exporting the private key fails as expected.
-- integration testing of the new API with each existing API which should
- accepts a context created this way - for example:
- - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the
- new API to be used, and one or more tests in `ssl-opt.sh` using that.
- (We should have the same server-side.)
- - in `test_suite_x509write` we have a new test function
- `x509_csr_check_opaque()` checking integration of the new API with the
- existing `mbedtls_x509write_csr_set_key()`. (And also
- `mbedtls_x509write_crt_set_issuer_key()` since #5710.)
-
-For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in
-`test_suite_ssl` was historically not possible, so we only have testing in
-`ssl-opt.sh`.
-
-New APIs meant for internal use
--------------------------------
-
-For example, `mbedtls_cipher_setup_psa()` (no longer used, soon to be
-deprecated - #5261) was meant to be used by the TLS layer, but probably not
-directly by applications.
-
-In that case, we want:
-
-- unit testing of the new API and directly-related APIs - for example:
- - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and
- `test_vec_crypt` gained a new parameter `use_psa` and corresponding test
- cases
-- integration testing:
- - usually already covered by existing tests for higher-level modules:
- - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already
- covered by running the existing TLS tests in a build with
- `MBEDTLS_USA_PSA_CRYPTO` enabled
- - however if use of the new API in higher layers involves more logic that
- use of the old API, specific integrations test may be required
- - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to
- `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in
- `ssl-opt.sh`.
-
-Internal changes
-----------------
-
-For example, use of PSA to compute the TLS 1.2 PRF.
-
-Changes in this category rarely require specific testing, as everything should
-be already be covered by running the existing tests in a build with
-`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing
-test have sufficient coverage, and improve them if necessary.
-
-However, if additional logic is involved, or there are run-time decisions about
-whether to use the PSA or legacy code paths, specific tests might be in order.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 6904c50..aa09e30 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -115,10 +115,8 @@
| MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no |
| | |
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
- | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
- | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
@@ -126,7 +124,6 @@
| MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a |
| | |
| MBEDTLS_PSA_CRYPTO_C | no (1) |
- | MBEDTLS_USE_PSA_CRYPTO | yes |
(1) These options must remain in their default state of enabled.
(2) See the TLS 1.3 specific build options section below.
diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile
index 7f5254f..b9f6e24 100644
--- a/docs/proposed/Makefile
+++ b/docs/proposed/Makefile
@@ -4,10 +4,6 @@
all_markdown = \
config-split.md \
- psa-conditional-inclusion-c.md \
- psa-driver-developer-guide.md \
- psa-driver-integration-guide.md \
- psa-driver-interface.md \
# This line is intentionally left blank
html: $(all_markdown:.md=.html)
diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index 07326f3..1baab35 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -290,7 +290,6 @@
//#define MBEDTLS_SHA512_SMALLER
//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
-//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
//#define MBEDTLS_ECP_WINDOW_SIZE 4
diff --git a/docs/psa-transition.md b/docs/psa-transition.md
index 2d7ad15..0758061 100644
--- a/docs/psa-transition.md
+++ b/docs/psa-transition.md
@@ -50,8 +50,6 @@
To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.)
-You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood.
-
By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”.
### Header files
@@ -228,7 +226,7 @@
In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library.
-The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-builds.md) for more information.
+The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/driver-only-builds.md) for more information.
### Self-tests
@@ -908,7 +906,7 @@
* [`mbedtls_pk_copy_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. The PSA key must be exportable. The PK object remains valid even if the PSA key is destroyed.
* [`mbedtls_pk_copy_public_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. The PK object remains valid even if the PSA key is destroyed.
-* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. This functionality is only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive.
+* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive.
Here is some sample code illustrating how to use the PK module to format a PSA public key or the public key of a PSA key pair.
```
@@ -1278,7 +1276,7 @@
#### RSA-ALT interface
-Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md).
+Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md).
* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code.
* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g.
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
deleted file mode 100644
index f2983bd..0000000
--- a/docs/use-psa-crypto.md
+++ /dev/null
@@ -1,169 +0,0 @@
-This document describes the compile-time configuration option
-`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective.
-
-This option:
-- makes the X.509 and TLS libraries use PSA for cryptographic operations as
- much as possible, see "Internal changes" below;
-- enables new APIs for using keys handled by PSA Crypto, such as
- `mbedtls_pk_setup_opaque()` and `mbedtls_ssl_conf_psk_opaque()`, see
-"New APIs / API extensions" below.
-
-General considerations
-----------------------
-
-**Application code:** when this option is enabled, you need to call
-`psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK
-modules, except for the various mbedtls_xxx_init() functions which can be called
-at any time.
-
-**Why enable this option:** to fully take advantage of PSA drivers in PK,
-X.509 and TLS. For example, enabling this option is what allows use of drivers
-for ECDSA, ECDH and EC J-PAKE in those modules. However, note that even with
-this option disabled, some code in PK, X.509, TLS or the crypto library might
-still use PSA drivers, if it can determine it's safe to do so; currently
-that's the case for hashes.
-
-**Relationship with other options:** This option depends on
-`MBEDTLS_PSA_CRYPTO_C`. These two options differ in the following way:
-- `MBEDTLS_PSA_CRYPTO_C` enables the implementation of the PSA Crypto API.
- When it is enabled, `psa_xxx()` APIs are available and you must call
-`psa_crypto_init()` before you call any other `psa_xxx()` function. Other
-modules in the library (non-PSA crypto APIs, X.509, TLS) may or may not use
-PSA Crypto but you're not required to call `psa_crypto_init()` before calling
-non-PSA functions, unless explicitly documented (TLS 1.3).
-- `MBEDTLS_USE_PSA_CRYPTO` means that X.509 and TLS will use PSA Crypto as
- much as possible (that is, everywhere except for features that are not
-supported by PSA Crypto, see "Internal Changes" below for a complete list of
-exceptions). When it is enabled, you need to call `psa_crypto_init()` before
-calling any function from PK, X.509 or TLS; however it doesn't change anything
-for the rest of the library.
-
-**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on modules other than PK,
-X.509 and TLS. It also has no effect on most of the TLS 1.3 code, which always
-uses PSA crypto. The parts of the TLS 1.3 code that will use PSA Crypto or not
-depending on this option being set or not are:
-- record protection;
-- running handshake hash;
-- asymmetric signature verification & generation;
-- X.509 certificate chain verification.
-You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you want TLS 1.3 to use PSA
-everywhere.
-
-**Historical note:** This option was introduced at a time when PSA Crypto was
-still beta and not ready for production, so we made its use in X.509 and TLS
-opt-in: by default, these modules would keep using the stable,
-production-ready legacy (pre-PSA) crypto APIs. So, the scope of was X.509 and
-TLS, as well as some of PK for technical reasons. Nowadays PSA Crypto is no
-longer beta, and production quality, so there's no longer any reason to make
-its use in other modules opt-in. However, PSA Crypto functions require that
-`psa_crypto_init()` has been called before their use, and for backwards
-compatibility reasons we can't impose this requirement on non-PSA functions
-that didn't have such a requirement before. So, nowadays the main meaning of
-`MBEDTLS_USE_PSA_CRYPTO` is that the user promises to call `psa_crypto_init()`
-before calling any PK, X.509 or TLS functions. For the same compatibility
-reasons, we can't extend its scope. However, new modules in the library, such
-as TLS 1.3, can be introduced with a requirement to call `psa_crypto_init()`.
-
-New APIs / API extensions
--------------------------
-
-### PSA-held (opaque) keys in the PK layer
-
-**New API function:** `mbedtls_pk_setup_opaque()` - can be used to
-wrap a PSA key pair into a PK context. The key can be used for private-key
-operations and its public part can be exported.
-
-**Benefits:** isolation of long-term secrets, use of PSA Crypto drivers.
-
-**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()`
-for a full list of supported operations and limitations.
-
-**Use in X.509 and TLS:** opt-in. The application needs to construct the PK context
-using the new API in order to get the benefits; it can then pass the
-resulting context to the following existing APIs:
-
-- `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the
- key together with a certificate for certificate-based key exchanges;
-- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature
- request);
-- `mbedtls_x509write_crt_set_issuer_key()` to generate a certificate.
-
-### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
-
-**New API functions:** `mbedtls_ssl_conf_psk_opaque()` and
-`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
-register a PSA key for use with a PSK key exchange.
-
-**Benefits:** isolation of long-term secrets.
-
-**Limitations:** none.
-
-**Use in TLS:** opt-in. The application needs to register the key using one of
-the new APIs to get the benefits.
-
-### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange
-
-**New API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`.
-Call this function from an application to register a PSA key for use with the
-TLS 1.2 EC J-PAKE key exchange.
-
-**Benefits:** isolation of long-term secrets.
-
-**Limitations:** none.
-
-**Use in TLS:** opt-in. The application needs to register the key using one of
-the new APIs to get the benefits.
-
-### PSA-based operations in the Cipher layer
-
-There is a new API function `mbedtls_cipher_setup_psa()` to set up a context
-that will call PSA to store the key and perform the operations.
-
-This function only worked for a small number of ciphers. It is now deprecated
-and it is recommended to use `psa_cipher_xxx()` or `psa_aead_xxx()` functions
-directly instead.
-
-**Warning:** This function will be removed in a future version of Mbed TLS. If
-you are using it and would like us to keep it, please let us know about your
-use case.
-
-Internal changes
-----------------
-
-All of these internal changes are active as soon as `MBEDTLS_USE_PSA_CRYPTO`
-is enabled, no change required on the application side.
-
-### TLS: most crypto operations based on PSA
-
-Current exceptions:
-
-- Finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA,
- DHE-PSK).
-- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see
- the documentation of that option).
-
-Other than the above exceptions, all crypto operations are based on PSA when
-`MBEDTLS_USE_PSA_CRYPTO` is enabled.
-
-### X.509: most crypto operations based on PSA
-
-Current exceptions:
-
-- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see
- the documentation of that option).
-
-Other than the above exception, all crypto operations are based on PSA when
-`MBEDTLS_USE_PSA_CRYPTO` is enabled.
-
-### PK layer: most crypto operations based on PSA
-
-Current exceptions:
-
-- Verification of RSA-PSS signatures with an MGF hash that's different from
- the message hash.
-- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see
- the documentation of that option).
-
-Other than the above exceptions, all crypto operations are based on PSA when
-`MBEDTLS_USE_PSA_CRYPTO` is enabled.
-
diff --git a/framework b/framework
index 2db6804..2eb60b8 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 2db68049e1ba586407a1db6a37e94a1f9836142f
+Subproject commit 2eb60b8da3745f8882741f6fa4c2b316abf5478a
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 9deb14f..c2b5200 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -43,7 +43,6 @@
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
- defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
@@ -70,21 +69,11 @@
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
!defined(MBEDTLS_CAN_ECDH)
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
@@ -104,20 +93,12 @@
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(PSA_WANT_ALG_JPAKE) || \
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
!defined(PSA_WANT_ECC_SECP_R1_256) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Use of EC J-PAKE in TLS requires SHA-256. */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
@@ -175,19 +156,22 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
#error "One or more versions of the TLS protocol are enabled " \
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512))
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
@@ -215,11 +199,6 @@
#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
- defined(MBEDTLS_USE_PSA_CRYPTO))
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-
/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
#if defined(MBEDTLS_SSL_TLS_C) && \
!(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
@@ -294,11 +273,6 @@
#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
- !defined(MBEDTLS_USE_PSA_CRYPTO) )
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_SSL_TICKET_C) && \
!( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
@@ -321,15 +295,13 @@
#if defined(MBEDTLS_X509_USE_C) && \
(!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_PK_PARSE_C) || \
- ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
+ !defined(MBEDTLS_PK_PARSE_C))
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CREATE_C) && \
(!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
- !defined(MBEDTLS_PK_PARSE_C) || \
- ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
+ !defined(MBEDTLS_PK_PARSE_C))
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index ce90991..7070283 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -62,11 +62,9 @@
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_RENEGOTIATION
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 64bf7ee..dd9ccac 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -207,68 +207,6 @@
#define MBEDTLS_DEBUG_C
/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
-/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
@@ -897,8 +835,7 @@
* Module: library/ssl_ticket.c
* Caller:
*
- * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
- * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
+ * Requires: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
*/
#define MBEDTLS_SSL_TICKET_C
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0e0bee5..0c0c8bb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -657,9 +657,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -669,10 +666,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
@@ -1567,10 +1560,6 @@
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
-#endif
-
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
#if defined(MBEDTLS_DHM_C)
@@ -1580,14 +1569,12 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
* configured, this has value \c 0.
*/
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
@@ -3638,7 +3625,6 @@
const unsigned char *psk, size_t psk_len,
const unsigned char *psk_identity, size_t psk_identity_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
@@ -3680,7 +3666,6 @@
mbedtls_svc_key_id_t psk,
const unsigned char *psk_identity,
size_t psk_identity_len);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief Set the pre-shared Key (PSK) for the current handshake.
@@ -3701,7 +3686,6 @@
int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Set an opaque pre-shared Key (PSK) for the current handshake.
*
@@ -3724,7 +3708,6 @@
*/
int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t psk);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
/**
@@ -3815,54 +3798,6 @@
unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Set the allowed curves in order of preference.
- *
- * On server: this only affects selection of the ECDHE curve;
- * the curves used for ECDH and ECDSA are determined by the
- * list of available certificates instead.
- *
- * On client: this affects the list of curves offered for any
- * use. The server can override our preference order.
- *
- * Both sides: limits the set of curves accepted for use in
- * ECDHE and in the peer's end-entity certificate.
- *
- * \deprecated Superseded by mbedtls_ssl_conf_groups().
- *
- * \note This has no influence on which curves are allowed inside the
- * certificate chains, see \c mbedtls_ssl_conf_cert_profile()
- * for that. For the end-entity certificate however, the key
- * will be accepted only if it is allowed both by this list
- * and by the cert profile.
- *
- * \note This list should be ordered by decreasing preference
- * (preferred curve first).
- *
- * \note The default list is the same set of curves that
- * #mbedtls_x509_crt_profile_default allows, plus
- * ECDHE-only curves selected according to the same criteria.
- * The order favors curves with the lowest resource usage.
- *
- * \note New minor versions of Mbed TLS may extend this list,
- * for example if new curves are added to the library.
- * New minor versions of Mbed TLS will not remove items
- * from this list unless serious security concerns require it.
- * New minor versions of Mbed TLS may change the order in
- * keeping with the general principle of favoring the lowest
- * resource usage.
- *
- * \param conf SSL configuration
- * \param curves Ordered list of allowed curves,
- * terminated by MBEDTLS_ECP_DP_NONE.
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
/**
* \brief Set the allowed groups in order of preference.
*
@@ -3874,13 +3809,6 @@
* Both sides: limits the set of groups accepted for use in
* key sharing.
*
- * \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
- * which only allows ECP curves to be configured.
- *
- * \note The most recent invocation of either mbedtls_ssl_conf_curves()
- * or mbedtls_ssl_conf_groups() nullifies all previous invocations
- * of both.
- *
* \note This list should be ordered by decreasing preference
* (preferred group first).
*
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 18e3c4a..5d5b4b9 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -28,57 +28,35 @@
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
-
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
-
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
@@ -124,8 +102,6 @@
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
@@ -136,8 +112,6 @@
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
@@ -148,12 +122,8 @@
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
@@ -168,8 +138,6 @@
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
@@ -181,32 +149,20 @@
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
@@ -219,10 +175,8 @@
/* RFC 7905 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
/* RFC 8446, Appendix B.4 */
#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */
@@ -237,11 +191,9 @@
typedef enum {
MBEDTLS_KEY_EXCHANGE_NONE = 0,
MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -250,7 +202,6 @@
/* Key exchanges using a certificate */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -297,8 +248,7 @@
#endif
/* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
#endif
@@ -317,9 +267,7 @@
#endif
/* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -328,17 +276,10 @@
/* Key exchanges using a PSK */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
#endif
-/* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
-#endif
-
/* Key exchanges using ECDHE */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
@@ -382,19 +323,12 @@
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED
#endif
-/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */
-#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED))
-#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED
-#endif
-
/* The handshake params structure has a set of fields called xxdh_psa which are used:
* - by TLS 1.2 to do ECDH or ECDHE;
* - by TLS 1.3 to do ECDHE or FFDHE.
* The following macros can be used to guard their declaration and use.
*/
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 71c258e..afeb07b 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -15,11 +15,6 @@
#include "mbedtls/ssl.h"
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/**
* \name SECTION: Module settings
@@ -42,23 +37,14 @@
* \brief Context for the default cookie functions.
*/
typedef struct mbedtls_ssl_cookie_ctx {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */
psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */
-#else
- mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_ssl_cookie_ctx;
/**
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 2ee1400..ef97e8f 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -20,15 +20,12 @@
*/
#include "mbedtls/ssl.h"
-#include "mbedtls/cipher.h"
#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
@@ -54,14 +51,10 @@
* tickets created under that key.
*/
uint32_t MBEDTLS_PRIVATE(lifetime);
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
-#else
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */
psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */
psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */
size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */
-#endif
}
mbedtls_ssl_ticket_key;
@@ -99,8 +92,9 @@
* \param ctx Context to be set up
* \param f_rng RNG callback function (mandatory)
* \param p_rng RNG callback context
- * \param cipher AEAD cipher to use for ticket protection.
- * Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
+ * \param alg AEAD cipher to use for ticket protection.
+ * \param key_type Cryptographic key type to use.
+ * \param key_bits Cryptographic key size to use in bits.
* \param lifetime Tickets lifetime in seconds
* Recommended value: 86400 (one day).
*
@@ -123,7 +117,7 @@
*/
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
+ psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
uint32_t lifetime);
/**
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 491343f..5943cfc 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -943,28 +943,6 @@
*/
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
-#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Set the serial number for a Certificate.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library. Please use
- * mbedtls_x509write_crt_set_serial_raw() instead.
- *
- * \note Even though the MBEDTLS_BIGNUM_C guard looks redundant since
- * X509 depends on PK and PK depends on BIGNUM, this emphasizes
- * a direct dependency between X509 and BIGNUM which is going
- * to be deprecated in the future.
- *
- * \param ctx CRT context to use
- * \param serial serial number to set
- *
- * \return 0 if successful
- */
-int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(
- mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
-#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
-
/**
* \brief Set the serial number for a Certificate.
*
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index f462187..e4cc226 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -16,9 +16,7 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
-#endif
#include <string.h>
@@ -51,102 +49,62 @@
/* Chacha-Poly ephemeral suites */
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
/* All AES-256 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All ARIA-256 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
/* All AES-128 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
- MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
/* All ARIA-128 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
/* The PSK ephemeral suites */
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
- MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
- MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
/* The ECJPAKE suite */
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
@@ -239,9 +197,6 @@
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
- MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
- MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
MBEDTLS_TLS_RSA_WITH_NULL_SHA,
@@ -318,14 +273,6 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
- MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
- MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
{ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
@@ -342,14 +289,6 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
- "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
- MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
- MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
PSA_WANT_ALG_SHA_256 &&
MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -551,115 +490,6 @@
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_384) && \
- defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
- MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_GCM)
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
- MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_CCM)
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CCM */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(PSA_WANT_ALG_SHA_384) && \
@@ -1051,107 +881,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
- MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
- MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
- MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
- MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_CCM)
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
- MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
- { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
- MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_CIPHERSUITE_SHORT_TAG,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CCM */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if defined(PSA_WANT_KEY_TYPE_AES)
@@ -1264,29 +993,6 @@
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(PSA_WANT_ALG_SHA_1)
- { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-
-#if defined(PSA_WANT_ALG_SHA_256)
- { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384)
- { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
- MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_CIPHERSUITE_WEAK,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if defined(PSA_WANT_ALG_SHA_1)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
@@ -1544,76 +1250,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
- "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
- "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
- MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
- "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
- "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
- "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
- MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_384))
- { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
- "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
- MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
- "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
- MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- defined(PSA_WANT_ALG_SHA_256))
- { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
- "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
- MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- 0,
- MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
#endif /* PSA_WANT_KEY_TYPE_ARIA */
@@ -1732,7 +1368,6 @@
size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t key_type;
psa_algorithm_t alg;
@@ -1747,12 +1382,6 @@
}
return key_bits;
-#else
- const mbedtls_cipher_info_t * const cipher_info =
- mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
-
- return mbedtls_cipher_info_get_key_bitlen(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_PK_C)
@@ -1760,7 +1389,6 @@
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return MBEDTLS_PK_RSA;
@@ -1776,13 +1404,11 @@
}
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
return PSA_ALG_RSA_PKCS1V15_CRYPT;
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return PSA_ALG_RSA_PKCS1V15_SIGN(
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
@@ -1804,7 +1430,6 @@
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
return PSA_KEY_USAGE_DECRYPT;
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return PSA_KEY_USAGE_SIGN_HASH;
@@ -1817,12 +1442,10 @@
return 0;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return MBEDTLS_PK_RSA;
@@ -1863,7 +1486,6 @@
{
switch (info->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
return 1;
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index 4f71bc0..b60acdc 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -14,10 +14,8 @@
#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
#endif /* MBEDTLS_PK_C */
@@ -28,8 +26,6 @@
static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
@@ -76,7 +72,6 @@
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -92,7 +87,6 @@
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -104,20 +98,6 @@
}
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
@@ -138,7 +118,6 @@
const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
return 1;
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 8237081..be4d621 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -222,7 +222,7 @@
unsigned char *p = buf;
unsigned char *named_group_list; /* Start of named_group_list */
size_t named_group_list_len; /* Length of named_group_list */
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
*out_len = 0;
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 0e37467..01b90e1 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -22,7 +22,6 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
@@ -33,7 +32,6 @@
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif
/*
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
@@ -59,21 +57,12 @@
void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_md_init(&ctx->hmac_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
ctx->serial = 0;
#endif
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init(&ctx->mutex);
-#endif
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay)
@@ -87,15 +76,7 @@
return;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->psa_hmac_key);
-#else
- mbedtls_md_free(&ctx->hmac_ctx);
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free(&ctx->mutex);
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
}
@@ -104,7 +85,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg;
@@ -130,57 +110,10 @@
&ctx->psa_hmac_key)) != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status);
}
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char key[COOKIE_MD_OUTLEN];
-
- if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) {
- return ret;
- }
-
- ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1);
- if (ret != 0) {
- return ret;
- }
-
- ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key));
- if (ret != 0) {
- return ret;
- }
-
- mbedtls_platform_zeroize(key, sizeof(key));
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return 0;
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Generate the HMAC part of a cookie
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx,
- const unsigned char time[4],
- unsigned char **p, unsigned char *end,
- const unsigned char *cli_id, size_t cli_id_len)
-{
- unsigned char hmac_out[COOKIE_MD_OUTLEN];
-
- MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN);
-
- if (mbedtls_md_hmac_reset(hmac_ctx) != 0 ||
- mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 ||
- mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 ||
- mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- memcpy(*p, hmac_out, COOKIE_HMAC_LEN);
- *p += COOKIE_HMAC_LEN;
-
- return 0;
-}
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/*
* Generate cookie for DTLS ClientHello verification
@@ -189,11 +122,9 @@
unsigned char **p, unsigned char *end,
const unsigned char *cli_id, size_t cli_id_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t sign_mac_length = 0;
-#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long t;
@@ -213,7 +144,6 @@
MBEDTLS_PUT_UINT32_BE(t, *p, 0);
*p += 4;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
ctx->psa_hmac_alg);
if (status != PSA_SUCCESS) {
@@ -243,31 +173,12 @@
*p += COOKIE_HMAC_LEN;
ret = 0;
-#else
-#if defined(MBEDTLS_THREADING_C)
- if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
- }
-#endif
- ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4,
- p, end, cli_id, cli_id_len);
-
-#if defined(MBEDTLS_THREADING_C)
- if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
- MBEDTLS_ERR_THREADING_MUTEX_ERROR);
- }
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
exit:
status = psa_mac_abort(&operation);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return ret;
}
@@ -278,13 +189,8 @@
const unsigned char *cookie, size_t cookie_len,
const unsigned char *cli_id, size_t cli_id_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#else
- unsigned char ref_hmac[COOKIE_HMAC_LEN];
- unsigned char *p = ref_hmac;
-#endif
int ret = 0;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long cur_time, cookie_time;
@@ -297,7 +203,6 @@
return -1;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
ctx->psa_hmac_alg);
if (status != PSA_SUCCESS) {
@@ -326,35 +231,6 @@
}
ret = 0;
-#else
-#if defined(MBEDTLS_THREADING_C)
- if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
- }
-#endif
-
- if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie,
- &p, p + sizeof(ref_hmac),
- cli_id, cli_id_len) != 0) {
- ret = -1;
- }
-
-#if defined(MBEDTLS_THREADING_C)
- if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
- ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
- MBEDTLS_ERR_THREADING_MUTEX_ERROR);
- }
-#endif
-
- if (ret != 0) {
- goto exit;
- }
-
- if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) {
- ret = -1;
- goto exit;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time(NULL);
@@ -370,14 +246,10 @@
}
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_abort(&operation);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
}
-#else
- mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return ret;
}
#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 45aaea5..2140ac4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -18,10 +18,9 @@
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
#include "psa_util_internal.h"
-#endif
+extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
#if defined(PSA_WANT_ALG_MD5)
#include "mbedtls/md5.h"
@@ -39,11 +38,6 @@
#include "mbedtls/sha512.h"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- !defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/ecjpake.h"
-#endif
-
#include "mbedtls/pk.h"
#include "ssl_ciphersuites_internal.h"
#include "x509_internal.h"
@@ -773,12 +767,6 @@
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
- mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
-#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
psa_key_type_t xxdh_psa_type;
size_t xxdh_psa_bits;
@@ -789,13 +777,9 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */
mbedtls_svc_key_id_t psa_pake_password;
uint8_t psa_pake_ctx_is_ok;
-#else
- mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C)
unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
size_t ecjpake_cache_len; /*!< Length of cached data */
@@ -809,13 +793,8 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
uint8_t psk_opaque_is_internal;
-#else
- unsigned char *psk; /*!< PSK from the callback */
- size_t psk_len; /*!< Length of PSK from callback */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
uint16_t selected_identity;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
@@ -923,18 +902,10 @@
* Checksum contexts
*/
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
-#else
- mbedtls_md_context_t fin_sha256;
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha384_psa;
-#else
- mbedtls_md_context_t fin_sha384;
-#endif
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1129,14 +1100,9 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */
mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */
psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */
-#else
- mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
- mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
@@ -1146,14 +1112,9 @@
mbedtls_ssl_protocol_version tls_version;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */
psa_algorithm_t psa_alg; /*!< psa algorithm */
-#else
- mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
- mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
@@ -1498,20 +1459,11 @@
unsigned hs_type,
size_t total_hs_len);
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
- mbedtls_key_exchange_type_t key_ex);
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf);
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* Get the first defined opaque PSK by order of precedence:
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
@@ -1532,31 +1484,6 @@
return MBEDTLS_SVC_KEY_ID_INIT;
}
-#else
-/**
- * Get the first defined PSK by order of precedence:
- * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
- * 2. static PSK configured by \c mbedtls_ssl_conf_psk()
- * Return a code and update the pair (PSK, PSK length) passed to this function
- */
-static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
- const unsigned char **psk, size_t *psk_len)
-{
- if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
- *psk = ssl->handshake->psk;
- *psk_len = ssl->handshake->psk_len;
- } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
- *psk = ssl->conf->psk;
- *psk_len = ssl->conf->psk_len;
- } else {
- *psk = NULL;
- *psk_len = 0;
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
- }
-
- return 0;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
@@ -2269,30 +2196,6 @@
size_t *olen);
/*
- * Return supported groups.
- *
- * In future, invocations can be changed to ssl->conf->group_list
- * when mbedtls_ssl_conf_curves() is deleted.
- *
- * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
- * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
- * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
- *
- */
-static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl)
-{
- #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
- return ssl->conf->group_list;
- #else
- if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) {
- return ssl->handshake->group_list;
- } else {
- return ssl->conf->group_list;
- }
- #endif
-}
-
-/*
* Helper functions for NamedGroup.
*/
static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
@@ -2334,7 +2237,7 @@
static inline int mbedtls_ssl_named_group_is_offered(
const mbedtls_ssl_context *ssl, uint16_t named_group)
{
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
if (group_list == NULL) {
return 0;
@@ -2628,7 +2531,6 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
@@ -2689,10 +2591,8 @@
}
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
typedef enum {
MBEDTLS_ECJPAKE_ROUND_ONE,
@@ -2735,7 +2635,7 @@
size_t len, size_t *olen,
mbedtls_ecjpake_rounds_t round);
-#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
/**
* \brief TLS record protection modes
@@ -2966,12 +2866,9 @@
* max_data_len. In particular, this function always reads exactly \p
* max_data_len bytes from \p data.
*
- * \param ctx The HMAC context. It must have keys configured
- * with mbedtls_md_hmac_starts() and use one of the
- * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
- * It is reset using mbedtls_md_hmac_reset() after
- * the computation is complete to prepare for the
- * next computation.
+ * \param key The HMAC key.
+ * \param mac_alg The hash algorithm.
+ * Must be one of SHA-384, SHA-256, SHA-1 or MD-5.
* \param add_data The first part of the message whose HMAC is being
* calculated. This must point to a readable buffer
* of \p add_data_len bytes.
@@ -2994,7 +2891,6 @@
* \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
* The hardware accelerator failed.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
psa_algorithm_t mac_alg,
const unsigned char *add_data,
@@ -3004,16 +2900,6 @@
size_t min_data_len,
size_t max_data_len,
unsigned char *output);
-#else
-int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output);
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
#endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */
#endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index a920e46..a87785c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -26,16 +26,13 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa_util_internal.h"
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
@@ -45,11 +42,9 @@
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(PSA_WANT_ALG_SHA_384)
#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384)
@@ -179,99 +174,6 @@
#undef MAX_HASH_BLOCK_LENGTH
-#else
-MBEDTLS_STATIC_TESTABLE
-int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output)
-{
- /*
- * This function breaks the HMAC abstraction and uses the md_clone()
- * extension to the MD API in order to get constant-flow behaviour.
- *
- * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
- * concatenation, and okey/ikey are the XOR of the key with some fixed bit
- * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
- *
- * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
- * minlen, then cloning the context, and for each byte up to maxlen
- * finishing up the hash computation, keeping only the correct result.
- *
- * Then we only need to compute HASH(okey + inner_hash) and we're done.
- */
- const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info);
- /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5,
- * all of which have the same block size except SHA-384. */
- const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
- const unsigned char * const ikey = ctx->hmac_ctx;
- const unsigned char * const okey = ikey + block_size;
- const size_t hash_size = mbedtls_md_get_size(ctx->md_info);
-
- unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
- mbedtls_md_context_t aux;
- size_t offset;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init(&aux);
-
-#define MD_CHK(func_call) \
- do { \
- ret = (func_call); \
- if (ret != 0) \
- goto cleanup; \
- } while (0)
-
- MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0));
-
- /* After hmac_start() of hmac_reset(), ikey has already been hashed,
- * so we can start directly with the message */
- MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len));
- MD_CHK(mbedtls_md_update(ctx, data, min_data_len));
-
- /* Fill the hash buffer in advance with something that is
- * not a valid hash (barring an attack on the hash and
- * deliberately-crafted input), in case the caller doesn't
- * check the return status properly. */
- memset(output, '!', hash_size);
-
- /* For each possible length, compute the hash up to that point */
- for (offset = min_data_len; offset <= max_data_len; offset++) {
- MD_CHK(mbedtls_md_clone(&aux, ctx));
- MD_CHK(mbedtls_md_finish(&aux, aux_out));
- /* Keep only the correct inner_hash in the output buffer */
- mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret),
- output, aux_out, NULL, hash_size);
-
- if (offset < max_data_len) {
- MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
- }
- }
-
- /* The context needs to finish() before it starts() again */
- MD_CHK(mbedtls_md_finish(ctx, aux_out));
-
- /* Now compute HASH(okey + inner_hash) */
- MD_CHK(mbedtls_md_starts(ctx));
- MD_CHK(mbedtls_md_update(ctx, okey, block_size));
- MD_CHK(mbedtls_md_update(ctx, output, hash_size));
- MD_CHK(mbedtls_md_finish(ctx, output));
-
- /* Done, get ready for next time */
- MD_CHK(mbedtls_md_hmac_reset(ctx));
-
-#undef MD_CHK
-
-cleanup:
- mbedtls_md_free(&aux);
- return ret;
-}
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -1039,17 +941,14 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t sign_mac_length = 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
transform->tls_version,
transform->taglen);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_sign_setup(&operation, transform->psa_mac_enc,
transform->psa_mac_alg);
if (status != PSA_SUCCESS) {
@@ -1071,25 +970,6 @@
if (status != PSA_SUCCESS) {
goto hmac_failed_etm_disabled;
}
-#else
- ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data,
- add_data_len);
- if (ret != 0) {
- goto hmac_failed_etm_disabled;
- }
- ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len);
- if (ret != 0) {
- goto hmac_failed_etm_disabled;
- }
- ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
- if (ret != 0) {
- goto hmac_failed_etm_disabled;
- }
- ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
- if (ret != 0) {
- goto hmac_failed_etm_disabled;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy(data + rec->data_len, mac, transform->maclen);
#endif
@@ -1103,13 +983,11 @@
hmac_failed_etm_disabled:
mbedtls_platform_zeroize(mac, transform->maclen);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = PSA_TO_MBEDTLS_ERR(status);
status = psa_mac_abort(&operation);
if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret);
return ret;
@@ -1138,9 +1016,7 @@
size_t dynamic_iv_len;
int dynamic_iv_is_explicit =
ssl_transform_aead_dynamic_iv_is_explicit(transform);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Check that there's space for the authentication tag. */
@@ -1192,7 +1068,6 @@
/*
* Encrypt and authenticate
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_aead_encrypt(transform->psa_key_enc,
transform->psa_alg,
iv, transform->ivlen,
@@ -1206,18 +1081,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret);
return ret;
}
-#else
- if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc,
- iv, transform->ivlen,
- add_data, add_data_len,
- data, rec->data_len, /* src */
- data, rec->buf_len - (size_t) (data - rec->buf), /* dst */
- &rec->data_len,
- transform->taglen)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag",
data + rec->data_len - transform->taglen,
@@ -1248,11 +1111,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
size_t olen;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t part_len;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Currently we're always using minimal padding
* (up to 255 bytes would be allowed). */
@@ -1307,7 +1168,6 @@
rec->data_len, transform->ivlen,
padlen + 1));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_cipher_encrypt_setup(&cipher_op,
transform->psa_key_enc, transform->psa_alg);
@@ -1349,16 +1209,6 @@
}
olen += part_len;
-#else
- if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
- transform->iv_enc,
- transform->ivlen,
- data, rec->data_len,
- data, &olen)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (rec->data_len != olen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
@@ -1372,10 +1222,8 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if (auth_done == 0) {
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
size_t sign_mac_length = 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length))
*/
@@ -1392,7 +1240,6 @@
MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
add_data_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_sign_setup(&operation, transform->psa_mac_enc,
transform->psa_mac_alg);
if (status != PSA_SUCCESS) {
@@ -1414,27 +1261,6 @@
if (status != PSA_SUCCESS) {
goto hmac_failed_etm_enabled;
}
-#else
-
- ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data,
- add_data_len);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_update(&transform->md_ctx_enc,
- data, rec->data_len);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy(data + rec->data_len, mac, transform->maclen);
@@ -1444,13 +1270,11 @@
hmac_failed_etm_enabled:
mbedtls_platform_zeroize(mac, transform->maclen);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = PSA_TO_MBEDTLS_ERR(status);
status = psa_mac_abort(&operation);
if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret);
return ret;
@@ -1547,9 +1371,7 @@
unsigned char iv[12];
unsigned char *dynamic_iv;
size_t dynamic_iv_len;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Extract dynamic part of nonce for AEAD decryption.
@@ -1619,7 +1441,6 @@
/*
* Decrypt and authenticate
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_aead_decrypt(transform->psa_key_dec,
transform->psa_alg,
iv, transform->ivlen,
@@ -1633,23 +1454,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret);
return ret;
}
-#else
- if ((ret = mbedtls_cipher_auth_decrypt_ext
- (&transform->cipher_ctx_dec,
- iv, transform->ivlen,
- add_data, add_data_len,
- data, rec->data_len + transform->taglen, /* src */
- data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */
- transform->taglen)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret);
-
- if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
- return MBEDTLS_ERR_SSL_INVALID_MAC;
- }
-
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
auth_done++;
@@ -1664,11 +1468,9 @@
if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
size_t minlen = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t part_len;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Check immediate ciphertext sanity
@@ -1716,11 +1518,7 @@
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#else
- unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
@@ -1742,7 +1540,6 @@
/* Calculate expected MAC. */
MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
add_data_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_mac_verify_setup(&operation, transform->psa_mac_dec,
transform->psa_mac_alg);
if (status != PSA_SUCCESS) {
@@ -1765,51 +1562,14 @@
if (status != PSA_SUCCESS) {
goto hmac_failed_etm_enabled;
}
-#else
- ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data,
- add_data_len);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_update(&transform->md_ctx_dec,
- data, rec->data_len);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
- ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec);
- if (ret != 0) {
- goto hmac_failed_etm_enabled;
- }
-
- MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len,
- transform->maclen);
- MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect,
- transform->maclen);
-
- /* Compare expected MAC with MAC at the end of the record. */
- if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect,
- transform->maclen) != 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
- ret = MBEDTLS_ERR_SSL_INVALID_MAC;
- goto hmac_failed_etm_enabled;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
auth_done++;
hmac_failed_etm_enabled:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = PSA_TO_MBEDTLS_ERR(status);
status = psa_mac_abort(&operation);
if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
}
-#else
- mbedtls_platform_zeroize(mac_expect, transform->maclen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ret != 0) {
if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret);
@@ -1847,7 +1607,6 @@
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_cipher_decrypt_setup(&cipher_op,
transform->psa_key_dec, transform->psa_alg);
@@ -1886,15 +1645,6 @@
}
olen += part_len;
-#else
-
- if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
- transform->iv_dec, transform->ivlen,
- data, rec->data_len, data, &olen)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Double-check that length hasn't changed during decryption. */
if (rec->data_len != olen) {
@@ -2036,18 +1786,11 @@
const size_t max_len = rec->data_len + padlen;
const size_t min_len = (max_len > 256) ? max_len - 256 : 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_ct_hmac(transform->psa_mac_dec,
transform->psa_mac_alg,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect);
-#else
- ret = mbedtls_ct_hmac(&transform->md_ctx_dec,
- add_data, add_data_len,
- data, rec->data_len, min_len, max_len,
- mac_expect);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret);
goto hmac_failed_etm_disabled;
@@ -5516,10 +5259,8 @@
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl);
@@ -5528,7 +5269,6 @@
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (transform->psa_alg == PSA_ALG_GCM ||
transform->psa_alg == PSA_ALG_CCM ||
transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) ||
@@ -5559,41 +5299,6 @@
("Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
-#else
- switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) {
- case MBEDTLS_MODE_GCM:
- case MBEDTLS_MODE_CCM:
- case MBEDTLS_MODE_CHACHAPOLY:
- case MBEDTLS_MODE_STREAM:
- transform_expansion = transform->minlen;
- break;
-
- case MBEDTLS_MODE_CBC:
-
- block_size = mbedtls_cipher_get_block_size(
- &transform->cipher_ctx_enc);
-
- /* Expansion due to the addition of the MAC. */
- transform_expansion += transform->maclen;
-
- /* Expansion due to the addition of CBC padding;
- * Theoretically up to 256 bytes, but we never use
- * more than the block size of the underlying cipher. */
- transform_expansion += block_size;
-
- /* For TLS 1.2 or higher, an explicit IV is added
- * after the record header. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- transform_expansion += block_size;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
- break;
-
- default:
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (transform->out_cid_len != 0) {
@@ -6278,22 +5983,12 @@
return;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(transform->psa_key_enc);
psa_destroy_key(transform->psa_key_dec);
-#else
- mbedtls_cipher_free(&transform->cipher_ctx_enc);
- mbedtls_cipher_free(&transform->cipher_ctx_dec);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(transform->psa_mac_enc);
psa_destroy_key(transform->psa_mac_dec);
-#else
- mbedtls_md_free(&transform->md_ctx_enc);
- mbedtls_md_free(&transform->md_ctx_dec);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif
mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform));
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 615b37f..8653e2d 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -17,7 +17,6 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
@@ -27,7 +26,6 @@
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif
/*
* Initialize context
@@ -67,9 +65,7 @@
unsigned char buf[MAX_KEY_BYTES] = { 0 };
mbedtls_ssl_ticket_key *key = ctx->keys + index;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-#endif
#if defined(MBEDTLS_HAVE_TIME)
key->generation_time = mbedtls_time(NULL);
@@ -87,7 +83,6 @@
return ret;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, key->alg);
@@ -98,12 +93,6 @@
psa_import_key(&attributes, buf,
PSA_BITS_TO_BYTES(key->key_bits),
&key->key));
-#else
- /* With GCM and CCM, same context can encrypt & decrypt */
- ret = mbedtls_cipher_setkey(&key->ctx, buf,
- mbedtls_cipher_get_key_bitlen(&key->ctx),
- MBEDTLS_ENCRYPT);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize(buf, sizeof(buf));
@@ -124,9 +113,7 @@
mbedtls_time_t current_time = mbedtls_time(NULL);
mbedtls_time_t key_time = key->generation_time;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
if (current_time >= key_time &&
(uint64_t) (current_time - key_time) < key->lifetime) {
@@ -135,11 +122,9 @@
ctx->active = 1 - ctx->active;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return ssl_ticket_gen_key(ctx, ctx->active);
} else
@@ -159,19 +144,14 @@
mbedtls_ssl_ticket_key * const key = ctx->keys + idx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const size_t bitlen = key->key_bits;
-#else
- const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx);
-#endif
if (nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t) bitlen) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
return ret;
@@ -189,12 +169,6 @@
ret = PSA_TO_MBEDTLS_ERR(status);
return ret;
}
-#else
- ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT);
- if (ret != 0) {
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ctx->active = idx;
ctx->ticket_lifetime = lifetime;
@@ -212,39 +186,14 @@
*/
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
+ psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
uint32_t lifetime)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t key_bits;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm_t alg;
- psa_key_type_t key_type;
-#else
- const mbedtls_cipher_info_t *cipher_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES,
- &alg, &key_type, &key_bits) != PSA_SUCCESS) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
if (PSA_ALG_IS_AEAD(alg) == 0) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
-#else
- cipher_info = mbedtls_cipher_info_from_type(cipher);
-
- if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM &&
- mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CCM &&
- mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CHACHAPOLY) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- key_bits = mbedtls_cipher_info_get_key_bitlen(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (key_bits > 8 * MAX_KEY_BYTES) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -255,7 +204,6 @@
ctx->ticket_lifetime = lifetime;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->keys[0].alg = alg;
ctx->keys[0].key_type = key_type;
ctx->keys[0].key_bits = key_bits;
@@ -263,15 +211,6 @@
ctx->keys[1].alg = alg;
ctx->keys[1].key_type = key_type;
ctx->keys[1].key_bits = key_bits;
-#else
- if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) {
- return ret;
- }
-
- if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) {
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||
(ret = ssl_ticket_gen_key(ctx, 1)) != 0) {
@@ -311,9 +250,7 @@
unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
size_t clear_len, ciph_len;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
*tlen = 0;
@@ -355,7 +292,6 @@
MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0);
/* Encrypt and authenticate */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = psa_aead_encrypt(key->key, key->alg, iv, TICKET_IV_BYTES,
key_name, TICKET_ADD_DATA_LEN,
state, clear_len,
@@ -364,17 +300,6 @@
ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup;
}
-#else
- if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,
- iv, TICKET_IV_BYTES,
- /* Additional data: key name, IV and length */
- key_name, TICKET_ADD_DATA_LEN,
- state, clear_len,
- state, (size_t) (end - state), &ciph_len,
- TICKET_AUTH_TAG_BYTES)) != 0) {
- goto cleanup;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -428,9 +353,7 @@
unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
size_t enc_len, clear_len;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
if (ctx == NULL || ctx->f_rng == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -466,7 +389,6 @@
}
/* Decrypt and authenticate */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = psa_aead_decrypt(key->key, key->alg, iv, TICKET_IV_BYTES,
key_name, TICKET_ADD_DATA_LEN,
ticket, enc_len + TICKET_AUTH_TAG_BYTES,
@@ -474,21 +396,6 @@
ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup;
}
-#else
- if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,
- iv, TICKET_IV_BYTES,
- /* Additional data: key name, IV and length */
- key_name, TICKET_ADD_DATA_LEN,
- ticket, enc_len + TICKET_AUTH_TAG_BYTES,
- ticket, enc_len, &clear_len,
- TICKET_AUTH_TAG_BYTES)) != 0) {
- if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
- ret = MBEDTLS_ERR_SSL_INVALID_MAC;
- }
-
- goto cleanup;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (clear_len != enc_len) {
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -537,13 +444,8 @@
return;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->keys[0].key);
psa_destroy_key(ctx->keys[1].key);
-#else
- mbedtls_cipher_free(&ctx->keys[0].ctx);
- mbedtls_cipher_free(&ctx->keys[1].ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free(&ctx->mutex);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 991b431..7d20b3c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -27,18 +27,15 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "md_psa.h"
#include "psa_util_internal.h"
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Define local translating functions to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
@@ -48,7 +45,6 @@
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif
#if defined(MBEDTLS_TEST_HOOKS)
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
@@ -835,16 +831,11 @@
{
#if defined(PSA_WANT_ALG_SHA_256) || \
defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
#else /* SHA-256 or SHA-384 */
((void) ssl);
#endif /* SHA-256 or SHA-384 */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
@@ -853,23 +844,8 @@
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- mbedtls_md_free(&ssl->handshake->fin_sha256);
- mbedtls_md_init(&ssl->handshake->fin_sha256);
- ret = mbedtls_md_setup(&ssl->handshake->fin_sha256,
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- 0);
- if (ret != 0) {
- return ret;
- }
- ret = mbedtls_md_starts(&ssl->handshake->fin_sha256);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
@@ -878,19 +854,6 @@
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- mbedtls_md_free(&ssl->handshake->fin_sha384);
- mbedtls_md_init(&ssl->handshake->fin_sha384);
- ret = mbedtls_md_setup(&ssl->handshake->fin_sha384,
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
- if (ret != 0) {
- return ret;
- }
- ret = mbedtls_md_starts(&ssl->handshake->fin_sha384);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
return 0;
}
@@ -900,41 +863,23 @@
{
#if defined(PSA_WANT_ALG_SHA_256) || \
defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
#else /* SHA-256 or SHA-384 */
((void) ssl);
(void) buf;
(void) len;
#endif /* SHA-256 or SHA-384 */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
return 0;
}
@@ -943,12 +888,8 @@
static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha256_psa, buf, len));
-#else
- return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
-#endif
}
#endif
@@ -956,12 +897,8 @@
static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha384_psa, buf, len));
-#else
- return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
-#endif
}
#endif
@@ -970,18 +907,10 @@
memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params));
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
-#else
- mbedtls_md_init(&handshake->fin_sha256);
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
-#else
- mbedtls_md_init(&handshake->fin_sha384);
-#endif
#endif
handshake->update_checksum = ssl_update_checksum_start;
@@ -989,17 +918,9 @@
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_init(&handshake->dhm_ctx);
#endif
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
- mbedtls_ecdh_init(&handshake->ecdh_ctx);
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->psa_pake_ctx = psa_pake_operation_init();
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_ecjpake_init(&handshake->ecjpake_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C)
handshake->ecjpake_cache = NULL;
handshake->ecjpake_cache_len = 0;
@@ -1024,22 +945,12 @@
{
memset(transform, 0, sizeof(mbedtls_ssl_transform));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_cipher_init(&transform->cipher_ctx_enc);
- mbedtls_cipher_init(&transform->cipher_ctx_dec);
-#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_md_init(&transform->md_ctx_enc);
- mbedtls_md_init(&transform->md_ctx_dec);
-#endif
#endif
}
@@ -1158,48 +1069,6 @@
}
#endif
-/*
- * curve_list is translated to IANA TLS group identifiers here because
- * mbedtls_ssl_conf_curves returns void and so can't return
- * any error codes.
- */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- /* Heap allocate and translate curve_list from internal to IANA group ids */
- if (ssl->conf->curve_list != NULL) {
- size_t length;
- const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
-
- for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) {
- }
-
- /* Leave room for zero termination */
- uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t));
- if (group_list == NULL) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
-
- for (size_t i = 0; i < length; i++) {
- uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
- curve_list[i]);
- if (tls_id == 0) {
- mbedtls_free(group_list);
- return MBEDTLS_ERR_SSL_BAD_CONFIG;
- }
- group_list[i] = tls_id;
- }
-
- group_list[length] = 0;
-
- ssl->handshake->group_list = group_list;
- ssl->handshake->group_list_heap_allocated = 1;
- } else {
- ssl->handshake->group_list = ssl->conf->group_list;
- ssl->handshake->group_list_heap_allocated = 0;
- }
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1952,7 +1821,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
@@ -2068,35 +1936,6 @@
return 0;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len)
-{
- mbedtls_ecjpake_role role;
-
- if (ssl->handshake == NULL || ssl->conf == NULL) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /* Empty password is not valid */
- if ((pw == NULL) || (pw_len == 0)) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
- role = MBEDTLS_ECJPAKE_SERVER;
- } else {
- role = MBEDTLS_ECJPAKE_CLIENT;
- }
-
- return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
- role,
- MBEDTLS_MD_SHA256,
- MBEDTLS_ECP_DP_SECP256R1,
- pw, pw_len);
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@@ -2107,11 +1946,9 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
return 1;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL && conf->psk_len != 0) {
return 1;
@@ -2123,13 +1960,11 @@
static void ssl_conf_remove_psk(mbedtls_ssl_config *conf)
{
/* Remove reference to existing PSK, if any. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
/* The maintenance of the PSK key slot is the
* user's responsibility. */
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
@@ -2211,7 +2046,6 @@
static void ssl_remove_psk(mbedtls_ssl_context *ssl)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
/* The maintenance of the external PSK key slot is the
* user's responsibility. */
@@ -2221,25 +2055,15 @@
}
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#else
- if (ssl->handshake->psk != NULL) {
- mbedtls_zeroize_and_free(ssl->handshake->psk,
- ssl->handshake->psk_len);
- ssl->handshake->psk_len = 0;
- ssl->handshake->psk = NULL;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg = PSA_ALG_NONE;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (psk == NULL || ssl->handshake == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -2251,7 +2075,6 @@
ssl_remove_psk(ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
@@ -2282,19 +2105,8 @@
/* Allow calling psa_destroy_key() on psk remove */
ssl->handshake->psk_opaque_is_internal = 1;
return mbedtls_ssl_set_hs_psk_opaque(ssl, key);
-#else
- if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
-
- ssl->handshake->psk_len = psk_len;
- memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
-
- return 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
mbedtls_svc_key_id_t psk,
const unsigned char *psk_identity,
@@ -2335,7 +2147,6 @@
ssl->handshake->psk_opaque = psk;
return 0;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
@@ -2350,7 +2161,6 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
psa_algorithm_t alg)
{
@@ -2365,30 +2175,6 @@
return MBEDTLS_SSL_MODE_STREAM;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
- mbedtls_cipher_mode_t mode)
-{
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if (mode == MBEDTLS_MODE_CBC) {
- return MBEDTLS_SSL_MODE_CBC;
- }
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
- if (mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY) {
- return MBEDTLS_SSL_MODE_AEAD;
- }
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-
- return MBEDTLS_SSL_MODE_STREAM;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
mbedtls_ssl_mode_t base_mode,
@@ -2409,11 +2195,7 @@
const mbedtls_ssl_transform *transform)
{
mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_alg
-#else
- mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)
-#endif
);
int encrypt_then_mac = 0;
@@ -2431,7 +2213,6 @@
{
mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_algorithm_t alg;
psa_key_type_t type;
@@ -2441,15 +2222,6 @@
if (status == PSA_SUCCESS) {
base_mode = mbedtls_ssl_get_base_mode(alg);
}
-#else
- const mbedtls_cipher_info_t *cipher =
- mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher);
- if (cipher != NULL) {
- base_mode =
- mbedtls_ssl_get_base_mode(
- mbedtls_cipher_info_get_mode(cipher));
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac = 0;
@@ -2457,7 +2229,6 @@
return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac);
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const mbedtls_error_pair_t psa_to_ssl_errors[] =
{
@@ -2666,7 +2437,6 @@
return PSA_SUCCESS;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
@@ -2742,34 +2512,12 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Set the allowed elliptic curves
- *
- * mbedtls_ssl_setup() takes the provided list
- * and translates it to a list of IANA TLS group identifiers,
- * stored in ssl->handshake->group_list.
- *
- */
-void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curve_list)
-{
- conf->curve_list = curve_list;
- conf->group_list = NULL;
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
-
/*
* Set the allowed groups
*/
void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
const uint16_t *group_list)
{
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
conf->group_list = group_list;
}
@@ -4790,30 +4538,17 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha256_psa);
-#else
- mbedtls_md_free(&handshake->fin_sha256);
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha384_psa);
-#else
- mbedtls_md_free(&handshake->fin_sha384);
-#endif
#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_free(&handshake->dhm_ctx);
#endif
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
- mbedtls_ecdh_free(&handshake->ecdh_ctx);
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_pake_abort(&handshake->psa_pake_ctx);
/*
* Opaque keys are not stored in the handshake's data and it's the user
@@ -4824,9 +4559,6 @@
psa_destroy_key(handshake->psa_pake_password);
}
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_ecjpake_free(&handshake->ecjpake_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C)
mbedtls_free(handshake->ecjpake_cache);
handshake->ecjpake_cache = NULL;
@@ -4842,7 +4574,6 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
/* The maintenance of the external PSK key slot is the
* user's responsibility. */
@@ -4852,11 +4583,6 @@
}
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#else
- if (handshake->psk != NULL) {
- mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len);
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
@@ -5601,7 +5327,7 @@
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
- * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * See the documentation of mbedtls_ssl_conf_groups() for what we promise
* about this list.
*/
static const uint16_t ssl_preset_default_groups[] = {
@@ -5990,9 +5716,6 @@
conf->sig_algs = ssl_preset_suiteb_sig_algs;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
conf->group_list = ssl_preset_suiteb_groups;
break;
@@ -6016,9 +5739,6 @@
conf->sig_algs = ssl_preset_default_sig_algs;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->curve_list = NULL;
-#endif
conf->group_list = ssl_preset_default_groups;
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -6044,11 +5764,9 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
@@ -6196,7 +5914,7 @@
*/
int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id)
{
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
if (group_list == NULL) {
return -1;
@@ -6258,9 +5976,6 @@
#if defined(PSA_WANT_ECC_SECP_R1_224)
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
#endif
-#if defined(PSA_WANT_ECC_SECP_K1_224)
- { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
-#endif
#if defined(PSA_WANT_ECC_SECP_R1_192)
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
#endif
@@ -6352,7 +6067,6 @@
}
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md,
unsigned char *dst,
@@ -6399,116 +6113,6 @@
#endif
return PSA_TO_MBEDTLS_ERR(status);
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(PSA_WANT_ALG_SHA_384)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- int ret;
- mbedtls_md_context_t sha384;
-
- if (dst_len < 48) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- mbedtls_md_init(&sha384);
- ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
- if (ret != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
- *olen = 48;
-
-exit:
-
- mbedtls_md_free(&sha384);
- return ret;
-}
-#endif /* PSA_WANT_ALG_SHA_384 */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- int ret;
- mbedtls_md_context_t sha256;
-
- if (dst_len < 32) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- mbedtls_md_init(&sha256);
- ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
- if (ret != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
- *olen = 32;
-
-exit:
-
- mbedtls_md_free(&sha256);
- return ret;
-}
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- switch (md) {
-
-#if defined(PSA_WANT_ALG_SHA_384)
- case MBEDTLS_MD_SHA384:
- return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
-#endif /* PSA_WANT_ALG_SHA_384*/
-
-#if defined(PSA_WANT_ALG_SHA_256)
- case MBEDTLS_MD_SHA256:
- return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen);
-#endif /* PSA_WANT_ALG_SHA_256*/
-
- default:
-#if !defined(PSA_WANT_ALG_SHA_384) && \
- !defined(PSA_WANT_ALG_SHA_256)
- (void) ssl;
- (void) dst;
- (void) dst_len;
- (void) olen;
-#endif
- break;
- }
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-}
-
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* mbedtls_ssl_parse_sig_alg_ext()
@@ -6617,7 +6221,6 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation,
mbedtls_svc_key_id_t key,
@@ -6760,116 +6363,6 @@
return 0;
}
#endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_MD_C) && \
- (defined(PSA_WANT_ALG_SHA_256) || \
- defined(PSA_WANT_ALG_SHA_384))
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic(mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen)
-{
- size_t nb;
- size_t i, j, k, md_len;
- unsigned char *tmp;
- size_t tmp_len = 0;
- unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init(&md_ctx);
-
- if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- md_len = mbedtls_md_get_size(md_info);
-
- tmp_len = md_len + strlen(label) + rlen;
- tmp = mbedtls_calloc(1, tmp_len);
- if (tmp == NULL) {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- nb = strlen(label);
- memcpy(tmp + md_len, label, nb);
- memcpy(tmp + md_len + nb, random, rlen);
- nb += rlen;
-
- /*
- * Compute P_<hash>(secret, label + random)[0..dlen]
- */
- if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
- if (ret != 0) {
- goto exit;
- }
-
- for (i = 0; i < dlen; i += md_len) {
- ret = mbedtls_md_hmac_reset(&md_ctx);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_hmac_reset(&md_ctx);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
- if (ret != 0) {
- goto exit;
- }
-
- k = (i + md_len > dlen) ? dlen % md_len : md_len;
-
- for (j = 0; j < k; j++) {
- dstbuf[i + j] = h_i[j];
- }
- }
-
-exit:
- mbedtls_md_free(&md_ctx);
-
- if (tmp != NULL) {
- mbedtls_platform_zeroize(tmp, tmp_len);
- }
-
- mbedtls_platform_zeroize(h_i, sizeof(h_i));
-
- mbedtls_free(tmp);
-
- return ret;
-}
-#endif /* MBEDTLS_MD_C && ( PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 ) */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_SHA_256)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -6980,8 +6473,7 @@
#if !defined(MBEDTLS_DEBUG_C) && \
!defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
- !(defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+ !defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
#endif
@@ -7005,8 +6497,7 @@
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) {
/* Perform PSK-to-MS expansion in a single step. */
psa_status_t status;
@@ -7035,7 +6526,6 @@
* length of the other key.
*/
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0);
other_secret = handshake->premaster + 2;
break;
@@ -7070,8 +6560,7 @@
} else
#endif
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
psa_status_t status;
psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS;
@@ -7220,7 +6709,6 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl,
const psa_hash_operation_t *hs_op,
size_t buffer_size,
@@ -7251,59 +6739,14 @@
psa_hash_abort(&cloned_op);
return mbedtls_md_error_from_psa(status);
}
-#else
-static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl,
- const mbedtls_md_context_t *hs_ctx,
- unsigned char *hash,
- size_t *hlen)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_context_t cloned_ctx;
-
- mbedtls_md_init(&cloned_ctx);
-
-#if !defined(MBEDTLS_DEBUG_C)
- (void) ssl;
-#endif
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify"));
-
- ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&cloned_ctx, hs_ctx);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_finish(&cloned_ctx, hash);
- if (ret != 0) {
- goto exit;
- }
-
- *hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx));
-
- MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
-
-exit:
- mbedtls_md_free(&cloned_ctx);
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_SHA_256)
int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
hash, hlen);
-#else
- return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
- hash, hlen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* PSA_WANT_ALG_SHA_256 */
@@ -7312,127 +6755,11 @@
unsigned char *hash,
size_t *hlen)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
hash, hlen);
-#else
- return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
- hash, hlen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* PSA_WANT_ALG_SHA_384 */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
-{
- unsigned char *p = ssl->handshake->premaster;
- unsigned char *end = p + sizeof(ssl->handshake->premaster);
- const unsigned char *psk = NULL;
- size_t psk_len = 0;
- int psk_ret = mbedtls_ssl_get_psk(ssl, &psk, &psk_len);
-
- if (psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) {
- /*
- * This should never happen because the existence of a PSK is always
- * checked before calling this function.
- *
- * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with
- * the shared secret without PSK.
- */
- if (key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- }
-
- /*
- * PMS = struct {
- * opaque other_secret<0..2^16-1>;
- * opaque psk<0..2^16-1>;
- * };
- * with "other_secret" depending on the particular key exchange
- */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) {
- if (end - p < 2) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
- p += 2;
-
- if (end < p || (size_t) (end - p) < psk_len) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- memset(p, 0, psk_len);
- p += psk_len;
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len;
-
- /* Write length only when we know the actual value */
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- p + 2, (size_t) (end - (p + 2)), &len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
- return ret;
- }
- MBEDTLS_PUT_UINT16_BE(len, p, 0);
- p += 2 + len;
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t zlen;
-
- if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
- p + 2, (size_t) (end - (p + 2)),
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
- return ret;
- }
-
- MBEDTLS_PUT_UINT16_BE(zlen, p, 0);
- p += 2 + zlen;
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z);
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
- {
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- /* opaque psk<0..2^16-1>; */
- if (end - p < 2) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
- p += 2;
-
- if (end < p || (size_t) (end - p) < psk_len) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- memcpy(p, psk, psk_len);
- p += psk_len;
-
- ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster);
-
- return 0;
-}
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_hello_request(mbedtls_ssl_context *ssl);
@@ -8057,17 +7384,10 @@
{
unsigned int len = 12;
const char *sender;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_hash_operation_t *hs_op = ctx;
psa_hash_operation_t cloned_op = PSA_HASH_OPERATION_INIT;
size_t hash_size;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_context_t *hs_ctx = ctx;
- mbedtls_md_context_t cloned_ctx;
- mbedtls_md_init(&cloned_ctx);
-#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
if (!session) {
@@ -8078,7 +7398,6 @@
? "client finished"
: "server finished";
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls"));
status = psa_hash_clone(hs_op, &cloned_op);
@@ -8091,23 +7410,6 @@
goto exit;
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen);
-#else
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls"));
-
- ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&cloned_ctx, hs_ctx);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_finish(&cloned_ctx, padbuf);
- if (ret != 0) {
- goto exit;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen);
@@ -8126,13 +7428,8 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&cloned_op);
return mbedtls_md_error_from_psa(status);
-#else
- mbedtls_md_free(&cloned_ctx);
- return ret;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(PSA_WANT_ALG_SHA_256)
@@ -8141,11 +7438,7 @@
{
unsigned char padbuf[32];
return ssl_calc_finished_tls_generic(ssl,
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&ssl->handshake->fin_sha256_psa,
-#else
- &ssl->handshake->fin_sha256,
-#endif
padbuf, sizeof(padbuf),
buf, from);
}
@@ -8158,11 +7451,7 @@
{
unsigned char padbuf[48];
return ssl_calc_finished_tls_generic(ssl,
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&ssl->handshake->fin_sha384_psa,
-#else
- &ssl->handshake->fin_sha384,
-#endif
padbuf, sizeof(padbuf),
buf, from);
}
@@ -8540,19 +7829,13 @@
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
mbedtls_ssl_mode_t ssl_mode;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- const mbedtls_cipher_info_t *cipher_info;
- const mbedtls_md_info_t *md_info;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
psa_algorithm_t mac_alg = 0;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
/*
* Some data just needs copying into the structure
@@ -8595,7 +7878,6 @@
ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
transform->taglen,
&alg,
@@ -8605,30 +7887,13 @@
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
goto end;
}
-#else
- cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher);
- if (cipher_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
- ciphersuite_info->cipher));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
if (mac_alg == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
(unsigned) ciphersuite_info->mac));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
-#else
- md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
- if (md_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found",
- (unsigned) ciphersuite_info->mac));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Copy own and peer's CID if the use of the CID
@@ -8668,11 +7933,7 @@
* Determine the appropriate key, IV and MAC length.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
keylen = PSA_BITS_TO_BYTES(key_bits);
-#else
- keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
-#endif
#if defined(MBEDTLS_SSL_HAVE_AEAD)
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
@@ -8692,12 +7953,7 @@
transform->ivlen = 12;
int is_chachapoly = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20);
-#else
- is_chachapoly = (mbedtls_cipher_info_get_mode(cipher_info)
- == MBEDTLS_MODE_CHACHAPOLY);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (is_chachapoly) {
transform->fixed_ivlen = 12;
@@ -8714,34 +7970,14 @@
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
-#else
- size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Get MAC length */
mac_key_len = PSA_HASH_LENGTH(mac_alg);
-#else
- /* Initialize HMAC contexts */
- if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 ||
- (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
- goto end;
- }
-
- /* Get MAC length */
- mac_key_len = mbedtls_md_get_size(md_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
transform->maclen = mac_key_len;
/* IV length */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
-#else
- transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Minimum length */
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
@@ -8834,7 +8070,6 @@
tls_prf_get_type(tls_prf));
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_alg = alg;
if (alg != MBEDTLS_SSL_NULL_CIPHER) {
@@ -8863,55 +8098,11 @@
goto end;
}
}
-#else
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1,
- (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_ENCRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2,
- (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_DECRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- goto end;
- }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (mbedtls_cipher_info_get_mode(cipher_info) == MBEDTLS_MODE_CBC) {
- if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
- goto end;
- }
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
For AEAD-based ciphersuites, there is nothing to do here. */
if (mac_key_len != 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
@@ -8946,16 +8137,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
goto end;
}
-#else
- ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len);
- if (ret != 0) {
- goto end;
- }
- ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len);
- if (ret != 0) {
- goto end;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -8967,8 +8148,7 @@
return ret;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_psa_ecjpake_read_round(
psa_pake_operation_t *pake_ctx,
const unsigned char *buf,
@@ -9052,9 +8232,8 @@
return 0;
}
-#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
@@ -9109,61 +8288,6 @@
return 0;
}
-#else
-
-int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg)
-{
- int ret = 0;
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
- *hashlen = mbedtls_md_get_size(md_info);
-
- MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange"));
-
- mbedtls_md_init(&ctx);
-
- /*
- * digitally-signed struct {
- * opaque client_random[32];
- * opaque server_random[32];
- * ServerDHParams params;
- * };
- */
- if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_starts(&ctx)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
-exit:
- mbedtls_md_free(&ctx);
-
- if (ret != 0) {
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
- }
-
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -9194,7 +8318,6 @@
}
if (sig_alg == sig_alg_received) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
psa_algorithm_t psa_hash_alg =
mbedtls_md_psa_alg_from_type(md_alg);
@@ -9214,7 +8337,6 @@
continue;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return hash_alg_received;
}
@@ -9246,14 +8368,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- ssl->handshake->psa_pake_ctx_is_ok != 1)
-#else
- if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
+ ssl->handshake->psa_pake_ctx_is_ok != 1) {
return -1;
}
#endif
@@ -9682,7 +8798,6 @@
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break;
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
@@ -9696,7 +8811,6 @@
/* Don't use default: we want warnings when adding new values */
case MBEDTLS_KEY_EXCHANGE_NONE:
case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
usage = 0;
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 14ce377..36f79cb 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -17,7 +17,6 @@
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa_util_internal.h"
#include "psa/crypto.h"
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -31,7 +30,6 @@
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
@@ -136,15 +134,9 @@
*olen = 0;
/* Skip costly extension if we can't use EC J-PAKE anyway */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
return 0;
}
-#else
- if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
- return 0;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding ecjpake_kkpp extension"));
@@ -163,7 +155,6 @@
ssl->handshake->ecjpake_cache_len == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters"));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
p + 2, end - p - 2, &kkpp_len,
MBEDTLS_ECJPAKE_ROUND_ONE);
@@ -173,16 +164,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
return ret;
}
-#else
- ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ecjpake_write_round_one", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);
if (ssl->handshake->ecjpake_cache == NULL) {
@@ -828,15 +809,6 @@
while (list_size > 0) {
if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
- ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
- p[0]);
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
return 0;
}
@@ -873,7 +845,6 @@
ssl->handshake->ecjpake_cache = NULL;
ssl->handshake->ecjpake_cache_len = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_psa_ecjpake_read_round(
&ssl->handshake->psa_pake_ctx, buf, len,
MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
@@ -889,19 +860,6 @@
}
return 0;
-#else
- if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
- buf, len)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
- return ret;
- }
-
- return 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -1660,49 +1618,6 @@
return 0;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end)
-{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t dhm_actual_bitlen;
-
- /*
- * Ephemeral DH parameters:
- *
- * struct {
- * opaque dh_p<1..2^16-1>;
- * opaque dh_g<1..2^16-1>;
- * opaque dh_Ys<1..2^16-1>;
- * } ServerDHParams;
- */
- if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,
- p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret);
- return ret;
- }
-
- dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx);
- if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
- dhm_actual_bitlen,
- ssl->conf->dhm_min_bitlen));
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- }
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
-
- return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -1776,89 +1691,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#else
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
-{
- uint16_t tls_id;
- mbedtls_ecp_group_id grp_id;
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- grp_id = ssl->handshake->ecdh_ctx.grp.id;
-#else
- grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
-
- tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
- if (tls_id == 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
- mbedtls_ssl_get_curve_name_from_tls_id(tls_id)));
-
- if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
- return -1;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP);
-
- return 0;
-}
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
- unsigned char **p,
- unsigned char *end)
-{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
- /*
- * Ephemeral ECDH parameters:
- *
- * struct {
- * ECParameters curve_params;
- * ECPoint public;
- * } ServerECDHParams;
- */
- if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,
- (const unsigned char **) p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret);
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
- }
-#endif
- return ret;
- }
-
- if (ssl_check_server_ecdh_params(ssl) != 0) {
- MBEDTLS_SSL_DEBUG_MSG(1,
- ("bad server key exchange message (ECDHE curve)"));
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- }
-
- return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
@@ -2007,7 +1839,6 @@
const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk);
#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk);
@@ -2049,18 +1880,6 @@
}
ssl->handshake->xxdh_psa_peerkey_len = olen;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
- MBEDTLS_ECDH_THEIRS)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
- return ret;
- }
-
- if (ssl_check_server_ecdh_params(ssl) != 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
- return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
@@ -2171,7 +1990,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
@@ -2189,21 +2007,6 @@
; /* nothing more to do */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
- if (ssl_parse_server_dh_params(ssl, &p, end) != 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -2224,7 +2027,6 @@
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* The first 3 bytes are:
* [0] MBEDTLS_ECP_TLS_NAMED_CURVE
@@ -2261,18 +2063,6 @@
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
-#else
- ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
- p, end - p);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
@@ -2703,40 +2493,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange"));
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
- /*
- * DHM key exchange -- send G^X mod P
- */
- content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
-
- MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4);
- header_len = 6;
-
- ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
- (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
- &ssl->out_msg[header_len], content_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
-
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -2745,7 +2501,6 @@
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t key_attributes;
@@ -2817,74 +2572,12 @@
if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
-#else
- /*
- * ECDH key exchange -- send client public value
- */
- header_len = 4;
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if (ssl->handshake->ecrs_enabled) {
- if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {
- goto ecdh_calc_secret;
- }
-
- mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);
- }
-#endif
-
- ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
- &content_len,
- &ssl->out_msg[header_len], 1000,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
- }
-#endif
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q);
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if (ssl->handshake->ecrs_enabled) {
- ssl->handshake->ecrs_n = content_len;
- ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
- }
-
-ecdh_calc_secret:
- if (ssl->handshake->ecrs_enabled) {
- content_len = ssl->handshake->ecrs_n;
- }
-#endif
- if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
- }
-#endif
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3007,8 +2700,7 @@
MBEDTLS_PUT_UINT16_BE(zlen, pms, 0);
pms += zlen_size + zlen;
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) {
/*
@@ -3043,85 +2735,11 @@
content_len = 0;
} else
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
- /*
- * ClientDiffieHellmanPublic public (DHM send G^X mod P)
- */
- content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
-
- if (header_len + 2 + content_len >
- MBEDTLS_SSL_OUT_CONTENT_LEN) {
- MBEDTLS_SSL_DEBUG_MSG(1,
- ("psk identity or DHM size too long or SSL buffer too short"));
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
- }
-
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
-
- ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
- (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
- &ssl->out_msg[header_len], content_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
- return ret;
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char *pms = ssl->handshake->premaster;
- unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
- size_t pms_len;
-
- /* Write length only when we know the actual value */
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- pms + 2, pms_end - (pms + 2), &pms_len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
- return ret;
- }
- MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0);
- pms += 2 + pms_len;
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
-#endif
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
- /*
- * ClientECDiffieHellmanPublic public;
- */
- ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
- &content_len,
- &ssl->out_msg[header_len],
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q);
- } else
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
- (mbedtls_key_exchange_type_t) ciphersuite_info->
- key_exchange)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ssl_psk_derive_premaster", ret);
- return ret;
- }
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
@@ -3137,7 +2755,6 @@
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
header_len = 4;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char *out_p = ssl->out_msg + header_len;
unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
header_len;
@@ -3150,25 +2767,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
return ret;
}
-#else
- ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,
- ssl->out_msg + header_len,
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
- &content_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
- return ret;
- }
-
- ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
- ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
{
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index aca37fd..a302af4 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -20,7 +20,6 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
@@ -33,7 +32,6 @@
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
-#endif
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
@@ -88,11 +86,9 @@
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
return 1;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL && conf->psk_len != 0) {
return 1;
@@ -261,15 +257,6 @@
while (list_size > 0) {
if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
- ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
- p[0]);
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
return 0;
}
@@ -292,17 +279,11 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (ssl->handshake->psa_pake_ctx_is_ok != 1)
-#else
- if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
+ if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_psa_ecjpake_read_round(
&ssl->handshake->psa_pake_ctx, buf, len,
MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
@@ -317,15 +298,6 @@
return ret;
}
-#else
- if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
- buf, len)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Only mark the extension as OK when we're sure it is */
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
@@ -687,15 +659,10 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
{
mbedtls_ssl_key_cert *cur, *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info);
psa_key_usage_t pk_usage =
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info);
-#else
- mbedtls_pk_type_t pk_alg =
- mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
uint32_t flags;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -706,11 +673,7 @@
list = ssl->conf->key_cert;
int pk_alg_is_none = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
pk_alg_is_none = (pk_alg == PSA_ALG_NONE);
-#else
- pk_alg_is_none = (pk_alg == MBEDTLS_PK_NONE);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (pk_alg_is_none) {
return 0;
}
@@ -728,7 +691,6 @@
cur->cert);
int key_type_matches = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
ssl->conf->f_async_decrypt_start != NULL ||
@@ -738,9 +700,6 @@
key_type_matches = (
mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage));
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#else
- key_type_matches = mbedtls_pk_can_do(&cur->cert->pk, pk_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (!key_type_matches) {
MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type"));
continue;
@@ -1926,7 +1885,6 @@
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
p += 2;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
p + 2, (size_t) (end - p - 2), &kkpp_len,
MBEDTLS_ECJPAKE_ROUND_ONE);
@@ -1936,15 +1894,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
return;
}
-#else
- ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
- p + 2, (size_t) (end - p - 2), &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret);
- return;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
p += 2;
@@ -2563,7 +2512,6 @@
#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
@@ -2710,33 +2658,6 @@
return ret;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
- if (private_key == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no server private key"));
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
- }
-
- if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
- }
-
- if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
- mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)),
- MBEDTLS_ECDH_OURS)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
- return ret;
- }
-
- return 0;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -2809,7 +2730,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char *out_p = ssl->out_msg + ssl->out_msglen;
unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
ssl->out_msglen;
@@ -2846,89 +2766,20 @@
output_offset += output_len;
ssl->out_msglen += output_offset;
-#else
- size_t len = 0;
-
- ret = mbedtls_ecjpake_write_round_two(
- &ssl->handshake->ecjpake_ctx,
- ssl->out_msg + ssl->out_msglen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
- return ret;
- }
-
- ssl->out_msglen += len;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
/*
- * For (EC)DHE key exchanges with PSK, parameters are prefixed by support
+ * For ECDHE key exchanges with PSK, parameters are prefixed by support
* identity hint (RFC 4279, Sec. 3). Until someone needs this feature,
* we use empty support identity hints here.
**/
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
ssl->out_msg[ssl->out_msglen++] = 0x00;
ssl->out_msg[ssl->out_msglen++] = 0x00;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
- /*
- * - DHE key exchanges
- */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
- if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
- if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set"));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /*
- * Ephemeral DH parameters:
- *
- * struct {
- * opaque dh_p<1..2^16-1>;
- * opaque dh_g<1..2^16-1>;
- * opaque dh_Ys<1..2^16-1>;
- * } ServerDHParams;
- */
- if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx,
- &ssl->conf->dhm_P,
- &ssl->conf->dhm_G)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret);
- return ret;
- }
-
- if ((ret = mbedtls_dhm_make_params(
- &ssl->handshake->dhm_ctx,
- (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
- ssl->out_msg + ssl->out_msglen, &len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret);
- return ret;
- }
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
- dig_signed = ssl->out_msg + ssl->out_msglen;
-#endif
-
- ssl->out_msglen += len;
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
- }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
/*
* - ECDHE key exchanges
@@ -2944,7 +2795,7 @@
* } ServerECDHParams;
*/
uint16_t *curr_tls_id = ssl->handshake->curves_tls_id;
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
@@ -2970,7 +2821,6 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s",
mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id)));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -3052,28 +2902,6 @@
/* Determine full message length. */
len += header_size;
-#else
- mbedtls_ecp_group_id curr_grp_id =
- mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
-
- if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
- curr_grp_id)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret);
- return ret;
- }
-
- if ((ret = mbedtls_ecdh_make_params(
- &ssl->handshake->ecdh_ctx, &len,
- ssl->out_msg + ssl->out_msglen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret);
- return ret;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
dig_signed = ssl->out_msg + ssl->out_msglen;
@@ -3353,45 +3181,6 @@
return 0;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p,
- const unsigned char *end)
-{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t n;
-
- /*
- * Receive G^Y mod P, premaster = (G^Y)^X mod P
- */
- if (*p + 2 > end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- n = MBEDTLS_GET_UINT16_BE(*p, 0);
- *p += 2;
-
- if (*p + n > end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- *p += n;
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
-
- return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -3674,30 +3463,6 @@
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
- if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
- return ret;
- }
-
- if (p != end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -3706,7 +3471,6 @@
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t data_len = (size_t) (*p++);
size_t buf_len = (size_t) (end - p);
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3767,28 +3531,6 @@
}
}
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
- p, (size_t) (end - p))) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP);
-
- if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
@@ -3806,61 +3548,10 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
- (mbedtls_key_exchange_type_t) ciphersuite_info->
- key_exchange)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
- return ret;
- }
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
- if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
- return ret;
- }
- if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
- return ret;
- }
-
- if (p != end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char *pms = ssl->handshake->premaster;
- unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
- size_t pms_len;
-
- /* Write length only when we know the actual value */
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- pms + 2, pms_end - (pms + 2), &pms_len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
- return ret;
- }
- MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0);
- pms += 2 + pms_len;
-
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
-#else
- if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
- (mbedtls_key_exchange_type_t) ciphersuite_info->
- key_exchange)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- } else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
size_t ecpoint_len;
@@ -3942,28 +3633,6 @@
MBEDTLS_PUT_UINT16_BE(zlen, psm, 0);
psm += zlen_size + zlen;
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
- return ret;
- }
-
- if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
- p, (size_t) (end - p))) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
-
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP);
-
- if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
- (mbedtls_key_exchange_type_t) ciphersuite_info->
- key_exchange)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
@@ -3976,7 +3645,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_psa_ecjpake_read_round(
&ssl->handshake->psa_pake_ctx, p, (size_t) (end - p),
MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
@@ -3986,22 +3654,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret);
return ret;
}
-#else
- ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
- p, (size_t) (end - p));
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
- ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng);
- if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
} else
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 53c519c..9386801 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -216,7 +216,7 @@
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
/* Pick first available ECDHE group compatible with TLS 1.3 */
if (group_list == NULL) {
return MBEDTLS_ERR_SSL_BAD_CONFIG;
@@ -318,6 +318,7 @@
ssl, group_id, p, end, &key_exchange_len);
p += key_exchange_len;
if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange"));
return ret;
}
@@ -381,7 +382,7 @@
int selected_group;
int found = 0;
- const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+ const uint16_t *group_list = ssl->conf->group_list;
if (group_list == NULL) {
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5128a41..a421a06 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -925,23 +925,17 @@
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */)
{
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- int ret;
- mbedtls_cipher_info_t const *cipher_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
unsigned char const *iv_enc;
unsigned char const *key_dec;
unsigned char const *iv_dec;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_SUCCESS;
-#endif
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */
@@ -955,29 +949,6 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
- if (cipher_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
- ciphersuite_info->cipher));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /*
- * Setup cipher contexts in target transform
- */
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- return ret;
- }
-
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
if (endpoint == MBEDTLS_SSL_IS_SERVER) {
@@ -1003,21 +974,6 @@
memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len);
memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len);
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
- key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_ENCRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- return ret;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
- key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_DECRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Setup other fields in SSL transform
@@ -1041,7 +997,6 @@
transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup psa keys and alg
*/
@@ -1082,7 +1037,6 @@
return PSA_TO_MBEDTLS_ERR(status);
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return 0;
}
@@ -1298,8 +1252,7 @@
ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, NULL, psk, psk_len,
handshake->tls13_master_secrets.early);
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
mbedtls_free((void *) psk);
#endif
if (ret != 0) {
@@ -1839,7 +1792,6 @@
unsigned char **psk,
size_t *psk_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1869,14 +1821,6 @@
return PSA_TO_MBEDTLS_ERR(status);
}
return 0;
-#else
- *psk = ssl->handshake->psk;
- *psk_len = ssl->handshake->psk_len;
- if (*psk == NULL) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- return 0;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index ab27c94..7273eb9 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -435,9 +435,7 @@
psk, psk_len, psk_type,
transcript,
server_computed_binder);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_free((void *) psk);
-#endif
if (ret != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@@ -739,11 +737,7 @@
*olen = 0;
int not_using_psk = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
-#else
- not_using_psk = (ssl->handshake->psk == NULL);
-#endif
if (not_using_psk) {
/* We shouldn't have called this extension writer unless we've
* chosen to use a PSK. */
@@ -1078,7 +1072,6 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
{
switch (sig_alg) {
@@ -1104,7 +1097,6 @@
return PSA_ALG_NONE;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Pick best ( private key, certificate chain ) pair based on the signature
@@ -1139,9 +1131,7 @@
for (key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = PSA_ALG_NONE;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
key_cert->cert);
@@ -1165,17 +1155,13 @@
"check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str(*sig_alg),
*sig_alg));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&& psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH) == 1
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
) {
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG(3,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index d72e2fb..113eb1b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -32,11 +32,9 @@
#include "mbedtls/pem.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "pk_internal.h"
#include "mbedtls/platform.h"
@@ -2013,11 +2011,7 @@
{
int flags = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_algorithm;
-#else
- const mbedtls_md_info_t *md_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t hash_length;
if (ca == NULL) {
@@ -2051,7 +2045,6 @@
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
if (psa_hash_compute(psa_algorithm,
crl_list->tbs.p,
@@ -2063,18 +2056,6 @@
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
-#else
- md_info = mbedtls_md_info_from_type(crl_list->sig_md);
- hash_length = mbedtls_md_get_size(md_info);
- if (mbedtls_md(md_info,
- crl_list->tbs.p,
- crl_list->tbs.len,
- hash) != 0) {
- /* Note: this can't happen except after an internal error */
- flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
- break;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (x509_profile_check_key(profile, &ca->pk) != 0) {
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
@@ -2126,16 +2107,6 @@
{
size_t hash_len;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- const mbedtls_md_info_t *md_info;
- md_info = mbedtls_md_info_from_type(child->sig_md);
- hash_len = mbedtls_md_get_size(md_info);
-
- /* Note: hash errors can happen only after an internal error */
- if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
- return -1;
- }
-#else
psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2149,7 +2120,6 @@
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Skip expensive computation on obvious mismatch */
if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
return -1;
diff --git a/library/x509write.c b/library/x509write.c
index 8288c89..0906a5a 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -22,11 +22,9 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#include "md_psa.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#define CHECK_OVERFLOW_ADD(a, b) \
do \
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8bce1cc..8a47697 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -30,11 +30,9 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
{
@@ -92,30 +90,6 @@
return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
}
-#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
- const mbedtls_mpi *serial)
-{
- int ret;
- size_t tmp_len;
-
- /* Ensure that the MPI value fits into the buffer */
- tmp_len = mbedtls_mpi_size(serial);
- if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
- return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
- }
-
- ctx->serial_len = tmp_len;
-
- ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
- if (ret < 0) {
- return ret;
- }
-
- return 0;
-}
-#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
-
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
unsigned char *serial, size_t serial_len)
{
@@ -203,10 +177,8 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf);
size_t len = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hash_length;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
memset(buf, 0, sizeof(buf));
MBEDTLS_ASN1_CHK_ADD(len,
@@ -217,7 +189,6 @@
ctx->subject_key));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_compute(PSA_ALG_SHA_1,
buf + sizeof(buf) - len,
len,
@@ -227,14 +198,6 @@
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
-#else
- ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
- buf + sizeof(buf) - len, len,
- buf + sizeof(buf) - 20);
- if (ret != 0) {
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
c = buf + sizeof(buf) - 20;
len = 20;
@@ -427,10 +390,8 @@
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t hash_length = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t psa_algorithm;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
@@ -596,7 +557,6 @@
*/
/* Compute hash of CRT. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg);
status = psa_hash_compute(psa_algorithm,
@@ -608,12 +568,6 @@
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
-#else
- if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
- len, hash)) != 0) {
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 604c94c..dd75d8f 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -20,11 +20,9 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "psa_util_internal.h"
#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
#include <stdlib.h>
@@ -145,10 +143,8 @@
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_len;
psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Write the CSR backwards starting from the end of buf */
c = buf + size;
@@ -213,7 +209,6 @@
* Sign the written CSR data into the sig buffer
* Note: hash errors can happen only after an internal error
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (psa_hash_compute(hash_alg,
c,
len,
@@ -222,12 +217,6 @@
&hash_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
- if (ret != 0) {
- return ret;
- }
-#endif
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
sig, sig_size, &sig_len,
f_rng, p_rng)) != 0) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 64b35ed..28f9e33 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -131,10 +131,13 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
if (options & 0x4) {
- if (mbedtls_ssl_ticket_setup(&ticket_ctx,
- dummy_random, &ctr_drbg,
- MBEDTLS_CIPHER_AES_256_GCM,
- 86400) != 0) {
+ if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context
+ dummy_random, //f_rng
+ &ctr_drbg, //p_rng
+ PSA_ALG_GCM, //alg
+ PSA_KEY_TYPE_AES, //key_type
+ 256, //key_bits
+ 86400) != 0) { //lifetime
goto exit;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 579c0a1..d9e5701 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -115,7 +115,9 @@
#define DFL_DUMMY_TICKET 0
#define DFL_TICKET_ROTATE 0
#define DFL_TICKET_TIMEOUT 86400
-#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM
+#define DFL_TICKET_ALG PSA_ALG_GCM
+#define DFL_TICKET_KEY_TYPE PSA_KEY_TYPE_AES
+#define DFL_TICKET_KEY_BITS 256
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
#define DFL_CACHE_REMOVE 0
@@ -661,7 +663,9 @@
int dummy_ticket; /* enable / disable dummy ticket generator */
int ticket_rotate; /* session ticket rotate (code coverage) */
int ticket_timeout; /* session ticket lifetime */
- int ticket_aead; /* session ticket protection */
+ int ticket_alg; /* session ticket algorithm */
+ int ticket_key_type; /* session ticket key type */
+ int ticket_key_bits; /* session ticket key size in bits */
int cache_max; /* max number of session cache entries */
#if defined(MBEDTLS_HAVE_TIME)
int cache_timeout; /* expiration delay of session cache entries*/
@@ -1472,38 +1476,71 @@
static int parse_cipher(char *buf)
{
+ int ret = 0;
if (strcmp(buf, "AES-128-CCM")) {
- return MBEDTLS_CIPHER_AES_128_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_AES;
+ opt.ticket_key_bits = 128;
} else if (strcmp(buf, "AES-128-GCM")) {
- return MBEDTLS_CIPHER_AES_128_GCM;
+ opt.ticket_alg = PSA_ALG_GCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_AES;
+ opt.ticket_key_bits = 128;
} else if (strcmp(buf, "AES-192-CCM")) {
- return MBEDTLS_CIPHER_AES_192_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_AES;
+ opt.ticket_key_bits = 192;
} else if (strcmp(buf, "AES-192-GCM")) {
- return MBEDTLS_CIPHER_AES_192_GCM;
+ opt.ticket_alg = PSA_ALG_GCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_AES;
+ opt.ticket_key_bits = 192;
} else if (strcmp(buf, "AES-256-CCM")) {
- return MBEDTLS_CIPHER_AES_256_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_AES;
+ opt.ticket_key_bits = 256;
} else if (strcmp(buf, "ARIA-128-CCM")) {
- return MBEDTLS_CIPHER_ARIA_128_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 128;
} else if (strcmp(buf, "ARIA-128-GCM")) {
- return MBEDTLS_CIPHER_ARIA_128_GCM;
+ opt.ticket_alg = PSA_ALG_GCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 128;
} else if (strcmp(buf, "ARIA-192-CCM")) {
- return MBEDTLS_CIPHER_ARIA_192_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 192;
} else if (strcmp(buf, "ARIA-192-GCM")) {
- return MBEDTLS_CIPHER_ARIA_192_GCM;
+ opt.ticket_alg = PSA_ALG_GCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 192;
} else if (strcmp(buf, "ARIA-256-CCM")) {
- return MBEDTLS_CIPHER_ARIA_256_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 256;
} else if (strcmp(buf, "ARIA-256-GCM")) {
- return MBEDTLS_CIPHER_ARIA_256_GCM;
+ opt.ticket_alg = PSA_ALG_GCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_ARIA;
+ opt.ticket_key_bits = 256;
} else if (strcmp(buf, "CAMELLIA-128-CCM")) {
- return MBEDTLS_CIPHER_CAMELLIA_128_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA;
+ opt.ticket_key_bits = 128;
} else if (strcmp(buf, "CAMELLIA-192-CCM")) {
- return MBEDTLS_CIPHER_CAMELLIA_192_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA;
+ opt.ticket_key_bits = 192;
} else if (strcmp(buf, "CAMELLIA-256-CCM")) {
- return MBEDTLS_CIPHER_CAMELLIA_256_CCM;
+ opt.ticket_alg = PSA_ALG_CCM;
+ opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA;
+ opt.ticket_key_bits = 256;
} else if (strcmp(buf, "CHACHA20-POLY1305")) {
- return MBEDTLS_CIPHER_CHACHA20_POLY1305;
+ opt.ticket_alg = PSA_ALG_CHACHA20_POLY1305;
+ opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20;
+ opt.ticket_key_bits = 256;
+ } else {
+ ret = -1;
}
- return MBEDTLS_CIPHER_NONE;
+ return ret;
}
int main(int argc, char *argv[])
@@ -1740,7 +1777,9 @@
opt.dummy_ticket = DFL_DUMMY_TICKET;
opt.ticket_rotate = DFL_TICKET_ROTATE;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
- opt.ticket_aead = DFL_TICKET_AEAD;
+ opt.ticket_alg = DFL_TICKET_ALG;
+ opt.ticket_key_type = DFL_TICKET_KEY_TYPE;
+ opt.ticket_key_bits = DFL_TICKET_KEY_BITS;
opt.cache_max = DFL_CACHE_MAX;
#if defined(MBEDTLS_HAVE_TIME)
opt.cache_timeout = DFL_CACHE_TIMEOUT;
@@ -2191,9 +2230,7 @@
goto usage;
}
} else if (strcmp(p, "ticket_aead") == 0) {
- opt.ticket_aead = parse_cipher(q);
-
- if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) {
+ if (parse_cipher(q) != 0) {
goto usage;
}
} else if (strcmp(p, "cache_max") == 0) {
@@ -2963,8 +3000,11 @@
#endif /* MBEDTLS_HAVE_TIME */
{
if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx,
- rng_get, &rng,
- opt.ticket_aead,
+ rng_get,
+ &rng,
+ opt.ticket_alg,
+ opt.ticket_key_type,
+ opt.ticket_key_bits,
opt.ticket_timeout)) != 0) {
mbedtls_printf(
" failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n",
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 2aa2d88..2c68489 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -518,11 +518,6 @@
#else
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
-#else
- { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
-#endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
#else
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
deleted file mode 100755
index 34daf37..0000000
--- a/scripts/apidoc_full.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-# Generate doxygen documentation with a full mbedtls_config.h (this ensures that every
-# available flag is documented, and avoids warnings about documentation
-# without a corresponding #define).
-#
-# /!\ This must not be a Makefile target, as it would create a race condition
-# when multiple targets are invoked in the same parallel build.
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-set -eu
-
-CONFIG_H='include/mbedtls/mbedtls_config.h'
-
-if [ -r $CONFIG_H ]; then :; else
- echo "$CONFIG_H not found" >&2
- exit 1
-fi
-
-CONFIG_BAK=${CONFIG_H}.bak
-cp -p $CONFIG_H $CONFIG_BAK
-
-scripts/config.py realfull
-make apidoc
-
-mv $CONFIG_BAK $CONFIG_H
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
deleted file mode 100755
index 07e6fc5..0000000
--- a/scripts/assemble_changelog.py
+++ /dev/null
@@ -1,534 +0,0 @@
-#!/usr/bin/env python3
-
-"""Assemble Mbed TLS change log entries into the change log file.
-
-Add changelog entries to the first level-2 section.
-Create a new level-2 section for unreleased changes if needed.
-Remove the input files unless --keep-entries is specified.
-
-In each level-3 section, entries are sorted in chronological order
-(oldest first). From oldest to newest:
-* Merged entry files are sorted according to their merge date (date of
- the merge commit that brought the commit that created the file into
- the target branch).
-* Committed but unmerged entry files are sorted according to the date
- of the commit that adds them.
-* Uncommitted entry files are sorted according to their modification time.
-
-You must run this program from within a git working directory.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import argparse
-from collections import OrderedDict, namedtuple
-import datetime
-import functools
-import glob
-import os
-import re
-import subprocess
-import sys
-
-class InputFormatError(Exception):
- def __init__(self, filename, line_number, message, *args, **kwargs):
- message = '{}:{}: {}'.format(filename, line_number,
- message.format(*args, **kwargs))
- super().__init__(message)
-
-class CategoryParseError(Exception):
- def __init__(self, line_offset, error_message):
- self.line_offset = line_offset
- self.error_message = error_message
- super().__init__('{}: {}'.format(line_offset, error_message))
-
-class LostContent(Exception):
- def __init__(self, filename, line):
- message = ('Lost content from {}: "{}"'.format(filename, line))
- super().__init__(message)
-
-class FilePathError(Exception):
- def __init__(self, filenames):
- message = ('Changelog filenames do not end with .txt: {}'.format(", ".join(filenames)))
- super().__init__(message)
-
-# The category names we use in the changelog.
-# If you edit this, update ChangeLog.d/README.md.
-STANDARD_CATEGORIES = (
- 'API changes',
- 'Default behavior changes',
- 'Requirement changes',
- 'New deprecations',
- 'Removals',
- 'Features',
- 'Security',
- 'Bugfix',
- 'Changes',
-)
-
-# The maximum line length for an entry
-MAX_LINE_LENGTH = 80
-
-CategoryContent = namedtuple('CategoryContent', [
- 'name', 'title_line', # Title text and line number of the title
- 'body', 'body_line', # Body text and starting line number of the body
-])
-
-class ChangelogFormat:
- """Virtual class documenting how to write a changelog format class."""
-
- @classmethod
- def extract_top_version(cls, changelog_file_content):
- """Split out the top version section.
-
- If the top version is already released, create a new top
- version section for an unreleased version.
-
- Return ``(header, top_version_title, top_version_body, trailer)``
- where the "top version" is the existing top version section if it's
- for unreleased changes, and a newly created section otherwise.
- To assemble the changelog after modifying top_version_body,
- concatenate the four pieces.
- """
- raise NotImplementedError
-
- @classmethod
- def version_title_text(cls, version_title):
- """Return the text of a formatted version section title."""
- raise NotImplementedError
-
- @classmethod
- def split_categories(cls, version_body):
- """Split a changelog version section body into categories.
-
- Return a list of `CategoryContent` the name is category title
- without any formatting.
- """
- raise NotImplementedError
-
- @classmethod
- def format_category(cls, title, body):
- """Construct the text of a category section from its title and body."""
- raise NotImplementedError
-
-class TextChangelogFormat(ChangelogFormat):
- """The traditional Mbed TLS changelog format."""
-
- _unreleased_version_text = '= {} x.x.x branch released xxxx-xx-xx'
- @classmethod
- def is_released_version(cls, title):
- # Look for an incomplete release date
- return not re.search(r'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
-
- _top_version_re = re.compile(r'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
- re.DOTALL)
- _name_re = re.compile(r'=\s(.*)\s[0-9x]+\.', re.DOTALL)
- @classmethod
- def extract_top_version(cls, changelog_file_content):
- """A version section starts with a line starting with '='."""
- m = re.search(cls._top_version_re, changelog_file_content)
- top_version_start = m.start(1)
- top_version_end = m.end(2)
- top_version_title = m.group(1)
- top_version_body = m.group(2)
- name = re.match(cls._name_re, top_version_title).group(1)
- if cls.is_released_version(top_version_title):
- top_version_end = top_version_start
- top_version_title = cls._unreleased_version_text.format(name) + '\n\n'
- top_version_body = ''
- return (changelog_file_content[:top_version_start],
- top_version_title, top_version_body,
- changelog_file_content[top_version_end:])
-
- @classmethod
- def version_title_text(cls, version_title):
- return re.sub(r'\n.*', version_title, re.DOTALL)
-
- _category_title_re = re.compile(r'(^\w.*)\n+', re.MULTILINE)
- @classmethod
- def split_categories(cls, version_body):
- """A category title is a line with the title in column 0."""
- if not version_body:
- return []
- title_matches = list(re.finditer(cls._category_title_re, version_body))
- if not title_matches or title_matches[0].start() != 0:
- # There is junk before the first category.
- raise CategoryParseError(0, 'Junk found where category expected')
- title_starts = [m.start(1) for m in title_matches]
- body_starts = [m.end(0) for m in title_matches]
- body_ends = title_starts[1:] + [len(version_body)]
- bodies = [version_body[body_start:body_end].rstrip('\n') + '\n'
- for (body_start, body_end) in zip(body_starts, body_ends)]
- title_lines = [version_body[:pos].count('\n') for pos in title_starts]
- body_lines = [version_body[:pos].count('\n') for pos in body_starts]
- return [CategoryContent(title_match.group(1), title_line,
- body, body_line)
- for title_match, title_line, body, body_line
- in zip(title_matches, title_lines, bodies, body_lines)]
-
- @classmethod
- def format_category(cls, title, body):
- # `split_categories` ensures that each body ends with a newline.
- # Make sure that there is additionally a blank line between categories.
- if not body.endswith('\n\n'):
- body += '\n'
- return title + '\n' + body
-
-class ChangeLog:
- """An Mbed TLS changelog.
-
- A changelog file consists of some header text followed by one or
- more version sections. The version sections are in reverse
- chronological order. Each version section consists of a title and a body.
-
- The body of a version section consists of zero or more category
- subsections. Each category subsection consists of a title and a body.
-
- A changelog entry file has the same format as the body of a version section.
-
- A `ChangelogFormat` object defines the concrete syntax of the changelog.
- Entry files must have the same format as the changelog file.
- """
-
- # Only accept dotted version numbers (e.g. "3.1", not "3").
- # Refuse ".x" in a version number where x is a letter: this indicates
- # a version that is not yet released. Something like "3.1a" is accepted.
- _version_number_re = re.compile(r'[0-9]+\.[0-9A-Za-z.]+')
- _incomplete_version_number_re = re.compile(r'.*\.[A-Za-z]')
- _only_url_re = re.compile(r'^\s*\w+://\S+\s*$')
- _has_url_re = re.compile(r'.*://.*')
-
- def add_categories_from_text(self, filename, line_offset,
- text, allow_unknown_category):
- """Parse a version section or entry file."""
- try:
- categories = self.format.split_categories(text)
- except CategoryParseError as e:
- raise InputFormatError(filename, line_offset + e.line_offset,
- e.error_message)
- for category in categories:
- if not allow_unknown_category and \
- category.name not in self.categories:
- raise InputFormatError(filename,
- line_offset + category.title_line,
- 'Unknown category: "{}"',
- category.name)
-
- body_split = category.body.splitlines()
-
- for line_number, line in enumerate(body_split, 1):
- if not self._only_url_re.match(line) and \
- len(line) > MAX_LINE_LENGTH:
- long_url_msg = '. URL exceeding length limit must be alone in its line.' \
- if self._has_url_re.match(line) else ""
- raise InputFormatError(filename,
- category.body_line + line_number,
- 'Line is longer than allowed: '
- 'Length {} (Max {}){}',
- len(line), MAX_LINE_LENGTH,
- long_url_msg)
-
- self.categories[category.name] += category.body
-
- def __init__(self, input_stream, changelog_format):
- """Create a changelog object.
-
- Populate the changelog object from the content of the file
- input_stream.
- """
- self.format = changelog_format
- whole_file = input_stream.read()
- (self.header,
- self.top_version_title, top_version_body,
- self.trailer) = self.format.extract_top_version(whole_file)
- # Split the top version section into categories.
- self.categories = OrderedDict()
- for category in STANDARD_CATEGORIES:
- self.categories[category] = ''
- offset = (self.header + self.top_version_title).count('\n') + 1
-
- self.add_categories_from_text(input_stream.name, offset,
- top_version_body, True)
-
- def add_file(self, input_stream):
- """Add changelog entries from a file.
- """
- self.add_categories_from_text(input_stream.name, 1,
- input_stream.read(), False)
-
- def write(self, filename):
- """Write the changelog to the specified file.
- """
- with open(filename, 'w', encoding='utf-8') as out:
- out.write(self.header)
- out.write(self.top_version_title)
- for title, body in self.categories.items():
- if not body:
- continue
- out.write(self.format.format_category(title, body))
- out.write(self.trailer)
-
-
-@functools.total_ordering
-class EntryFileSortKey:
- """This classes defines an ordering on changelog entry files: older < newer.
-
- * Merged entry files are sorted according to their merge date (date of
- the merge commit that brought the commit that created the file into
- the target branch).
- * Committed but unmerged entry files are sorted according to the date
- of the commit that adds them.
- * Uncommitted entry files are sorted according to their modification time.
-
- This class assumes that the file is in a git working directory with
- the target branch checked out.
- """
-
- # Categories of files. A lower number is considered older.
- MERGED = 0
- COMMITTED = 1
- LOCAL = 2
-
- @staticmethod
- def creation_hash(filename):
- """Return the git commit id at which the given file was created.
-
- Return None if the file was never checked into git.
- """
- hashes = subprocess.check_output(['git', 'log', '--format=%H',
- '--follow',
- '--', filename])
- m = re.search('(.+)$', hashes.decode('ascii'))
- if not m:
- # The git output is empty. This means that the file was
- # never checked in.
- return None
- # The last commit in the log is the oldest one, which is when the
- # file was created.
- return m.group(0)
-
- @staticmethod
- def list_merges(some_hash, target, *options):
- """List merge commits from some_hash to target.
-
- Pass options to git to select which commits are included.
- """
- text = subprocess.check_output(['git', 'rev-list',
- '--merges', *options,
- '..'.join([some_hash, target])])
- return text.decode('ascii').rstrip('\n').split('\n')
-
- @classmethod
- def merge_hash(cls, some_hash):
- """Return the git commit id at which the given commit was merged.
-
- Return None if the given commit was never merged.
- """
- target = 'HEAD'
- # List the merges from some_hash to the target in two ways.
- # The ancestry list is the ones that are both descendants of
- # some_hash and ancestors of the target.
- ancestry = frozenset(cls.list_merges(some_hash, target,
- '--ancestry-path'))
- # The first_parents list only contains merges that are directly
- # on the target branch. We want it in reverse order (oldest first).
- first_parents = cls.list_merges(some_hash, target,
- '--first-parent', '--reverse')
- # Look for the oldest merge commit that's both on the direct path
- # and directly on the target branch. That's the place where some_hash
- # was merged on the target branch. See
- # https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
- for commit in first_parents:
- if commit in ancestry:
- return commit
- return None
-
- @staticmethod
- def commit_timestamp(commit_id):
- """Return the timestamp of the given commit."""
- text = subprocess.check_output(['git', 'show', '-s',
- '--format=%ct',
- commit_id])
- return datetime.datetime.utcfromtimestamp(int(text))
-
- @staticmethod
- def file_timestamp(filename):
- """Return the modification timestamp of the given file."""
- mtime = os.stat(filename).st_mtime
- return datetime.datetime.fromtimestamp(mtime)
-
- def __init__(self, filename):
- """Determine position of the file in the changelog entry order.
-
- This constructor returns an object that can be used with comparison
- operators, with `sort` and `sorted`, etc. Older entries are sorted
- before newer entries.
- """
- self.filename = filename
- creation_hash = self.creation_hash(filename)
- if not creation_hash:
- self.category = self.LOCAL
- self.datetime = self.file_timestamp(filename)
- return
- merge_hash = self.merge_hash(creation_hash)
- if not merge_hash:
- self.category = self.COMMITTED
- self.datetime = self.commit_timestamp(creation_hash)
- return
- self.category = self.MERGED
- self.datetime = self.commit_timestamp(merge_hash)
-
- def sort_key(self):
- """"Return a concrete sort key for this entry file sort key object.
-
- ``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
- """
- return (self.category, self.datetime, self.filename)
-
- def __eq__(self, other):
- return self.sort_key() == other.sort_key()
-
- def __lt__(self, other):
- return self.sort_key() < other.sort_key()
-
-
-def check_output(generated_output_file, main_input_file, merged_files):
- """Make sanity checks on the generated output.
-
- The intent of these sanity checks is to have reasonable confidence
- that no content has been lost.
-
- The sanity check is that every line that is present in an input file
- is also present in an output file. This is not perfect but good enough
- for now.
- """
- with open(generated_output_file, 'r', encoding='utf-8') as fd:
- generated_output = set(fd)
- for line in open(main_input_file, 'r', encoding='utf-8'):
- if line not in generated_output:
- raise LostContent('original file', line)
- for merged_file in merged_files:
- for line in open(merged_file, 'r', encoding='utf-8'):
- if line not in generated_output:
- raise LostContent(merged_file, line)
-
-def finish_output(changelog, output_file, input_file, merged_files):
- """Write the changelog to the output file.
-
- The input file and the list of merged files are used only for sanity
- checks on the output.
- """
- if os.path.exists(output_file) and not os.path.isfile(output_file):
- # The output is a non-regular file (e.g. pipe). Write to it directly.
- output_temp = output_file
- else:
- # The output is a regular file. Write to a temporary file,
- # then move it into place atomically.
- output_temp = output_file + '.tmp'
- changelog.write(output_temp)
- check_output(output_temp, input_file, merged_files)
- if output_temp != output_file:
- os.rename(output_temp, output_file)
-
-def remove_merged_entries(files_to_remove):
- for filename in files_to_remove:
- os.remove(filename)
-
-def list_files_to_merge(options):
- """List the entry files to merge, oldest first.
-
- "Oldest" is defined by `EntryFileSortKey`.
-
- Also check for required .txt extension
- """
- files_to_merge = glob.glob(os.path.join(options.dir, '*'))
-
- # Ignore 00README.md
- readme = os.path.join(options.dir, "00README.md")
- if readme in files_to_merge:
- files_to_merge.remove(readme)
-
- # Identify files without the required .txt extension
- bad_files = [x for x in files_to_merge if not x.endswith(".txt")]
- if bad_files:
- raise FilePathError(bad_files)
-
- files_to_merge.sort(key=EntryFileSortKey)
- return files_to_merge
-
-def merge_entries(options):
- """Merge changelog entries into the changelog file.
-
- Read the changelog file from options.input.
- Check that all entries have a .txt extension
- Read entries to merge from the directory options.dir.
- Write the new changelog to options.output.
- Remove the merged entries if options.keep_entries is false.
- """
- with open(options.input, 'r', encoding='utf-8') as input_file:
- changelog = ChangeLog(input_file, TextChangelogFormat)
- files_to_merge = list_files_to_merge(options)
- if not files_to_merge:
- sys.stderr.write('There are no pending changelog entries.\n')
- return
- for filename in files_to_merge:
- with open(filename, 'r', encoding='utf-8') as input_file:
- changelog.add_file(input_file)
- finish_output(changelog, options.output, options.input, files_to_merge)
- if not options.keep_entries:
- remove_merged_entries(files_to_merge)
-
-def show_file_timestamps(options):
- """List the files to merge and their timestamp.
-
- This is only intended for debugging purposes.
- """
- files = list_files_to_merge(options)
- for filename in files:
- ts = EntryFileSortKey(filename)
- print(ts.category, ts.datetime, filename)
-
-def set_defaults(options):
- """Add default values for missing options."""
- output_file = getattr(options, 'output', None)
- if output_file is None:
- options.output = options.input
- if getattr(options, 'keep_entries', None) is None:
- options.keep_entries = (output_file is not None)
-
-def main():
- """Command line entry point."""
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--dir', '-d', metavar='DIR',
- default='ChangeLog.d',
- help='Directory to read entries from'
- ' (default: ChangeLog.d)')
- parser.add_argument('--input', '-i', metavar='FILE',
- default='ChangeLog',
- help='Existing changelog file to read from and augment'
- ' (default: ChangeLog)')
- parser.add_argument('--keep-entries',
- action='store_true', dest='keep_entries', default=None,
- help='Keep the files containing entries'
- ' (default: remove them if --output/-o is not specified)')
- parser.add_argument('--no-keep-entries',
- action='store_false', dest='keep_entries',
- help='Remove the files containing entries after they are merged'
- ' (default: remove them if --output/-o is not specified)')
- parser.add_argument('--output', '-o', metavar='FILE',
- help='Output changelog file'
- ' (default: overwrite the input)')
- parser.add_argument('--list-files-only',
- action='store_true',
- help=('Only list the files that would be processed '
- '(with some debugging information)'))
- options = parser.parse_args()
- set_defaults(options)
- if options.list_files_only:
- show_file_timestamps(options)
- return
- merge_entries(options)
-
-if __name__ == '__main__':
- main()
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index ce752e4..8ed5f9c 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -146,7 +146,7 @@
sys.exit(1)
TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h'
-TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h'
+TFM_MEDIUM_CRYPTO_CONFIG_H = 'tf-psa-crypto/configs/ext/crypto_config_profile_medium.h'
CONFIG_H = 'include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h'
diff --git a/scripts/config.py b/scripts/config.py
index db2bc57..3508ce4 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -60,13 +60,8 @@
'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR'
])
-PSA_UNSTABLE_FEATURE = frozenset([
- 'PSA_WANT_ECC_SECP_K1_224'
-])
-
EXCLUDE_FROM_CRYPTO = PSA_UNSUPPORTED_FEATURE | \
- PSA_DEPRECATED_FEATURE | \
- PSA_UNSTABLE_FEATURE
+ PSA_DEPRECATED_FEATURE
# The goal of the full configuration is to have everything that can be tested
# together. This includes deprecated or insecure options. It excludes:
@@ -114,7 +109,6 @@
'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
*PSA_UNSUPPORTED_FEATURE,
*PSA_DEPRECATED_FEATURE,
- *PSA_UNSTABLE_FEATURE
])
def is_seamless_alt(name):
@@ -367,8 +361,6 @@
if name in PSA_UNSUPPORTED_FEATURE:
raise ValueError(f'Feature is unsupported: \'{name}\'')
- if name in PSA_UNSTABLE_FEATURE:
- raise ValueError(f'Feature is unstable: \'{name}\'')
if name not in self.settings:
self._get_configfile().templates.append((name, '', '#define ' + name + ' '))
@@ -417,8 +409,6 @@
if configfile == self.crypto_configfile:
if name in PSA_UNSUPPORTED_FEATURE:
raise ValueError(f'Feature is unsupported: \'{name}\'')
- if name in PSA_UNSTABLE_FEATURE:
- raise ValueError(f'Feature is unstable: \'{name}\'')
# The default value in the crypto config is '1'
if not value and re.match(self._crypto_regexp, name):
diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py
index b36f906..a67b761 100755
--- a/scripts/min_requirements.py
+++ b/scripts/min_requirements.py
@@ -5,125 +5,12 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-import argparse
import os
-import re
-import subprocess
-import sys
-import tempfile
-import typing
-
-from typing import List, Optional
-
import framework_scripts_path # pylint: disable=unused-import
-from mbedtls_framework import typing_util
+from mbedtls_framework import min_requirements
-def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations(
- _list: List[typing.Any],
-) -> None:
- pass
-
-
-class Requirements:
- """Collect and massage Python requirements."""
-
- def __init__(self) -> None:
- self.requirements = [] #type: List[str]
-
- def adjust_requirement(self, req: str) -> str:
- """Adjust a requirement to the minimum specified version."""
- # allow inheritance #pylint: disable=no-self-use
- # If a requirement specifies a minimum version, impose that version.
- split_req = req.split(';', 1)
- split_req[0] = re.sub(r'>=|~=', r'==', split_req[0])
- return ';'.join(split_req)
-
- def add_file(self, filename: str) -> None:
- """Add requirements from the specified file.
-
- This method supports a subset of pip's requirement file syntax:
- * One requirement specifier per line, which is passed to
- `adjust_requirement`.
- * Comments (``#`` at the beginning of the line or after whitespace).
- * ``-r FILENAME`` to include another file.
- """
- for line in open(filename):
- line = line.strip()
- line = re.sub(r'(\A|\s+)#.*', r'', line)
- if not line:
- continue
- m = re.match(r'-r\s+', line)
- if m:
- nested_file = os.path.join(os.path.dirname(filename),
- line[m.end(0):])
- self.add_file(nested_file)
- continue
- self.requirements.append(self.adjust_requirement(line))
-
- def write(self, out: typing_util.Writable) -> None:
- """List the gathered requirements."""
- for req in self.requirements:
- out.write(req + '\n')
-
- def install(
- self,
- pip_general_options: Optional[List[str]] = None,
- pip_install_options: Optional[List[str]] = None,
- ) -> None:
- """Call pip to install the requirements."""
- if pip_general_options is None:
- pip_general_options = []
- if pip_install_options is None:
- pip_install_options = []
- with tempfile.TemporaryDirectory() as temp_dir:
- # This is more complicated than it needs to be for the sake
- # of Windows. Use a temporary file rather than the command line
- # to avoid quoting issues. Use a temporary directory rather
- # than NamedTemporaryFile because with a NamedTemporaryFile on
- # Windows, the subprocess can't open the file because this process
- # has an exclusive lock on it.
- req_file_name = os.path.join(temp_dir, 'requirements.txt')
- with open(req_file_name, 'w') as req_file:
- self.write(req_file)
- subprocess.check_call([sys.executable, '-m', 'pip'] +
- pip_general_options +
- ['install'] + pip_install_options +
- ['-r', req_file_name])
-
+# The default file is located in the same folder as this script.
DEFAULT_REQUIREMENTS_FILE = 'ci.requirements.txt'
-def main() -> None:
- """Command line entry point."""
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--no-act', '-n',
- action='store_true',
- help="Don't act, just print what will be done")
- parser.add_argument('--pip-install-option',
- action='append', dest='pip_install_options',
- help="Pass this option to pip install")
- parser.add_argument('--pip-option',
- action='append', dest='pip_general_options',
- help="Pass this general option to pip")
- parser.add_argument('--user',
- action='append_const', dest='pip_install_options',
- const='--user',
- help="Install to the Python user install directory"
- " (short for --pip-install-option --user)")
- parser.add_argument('files', nargs='*', metavar='FILE',
- help="Requirement files"
- " (default: {} in the script's directory)" \
- .format(DEFAULT_REQUIREMENTS_FILE))
- options = parser.parse_args()
- if not options.files:
- options.files = [os.path.join(os.path.dirname(__file__),
- DEFAULT_REQUIREMENTS_FILE)]
- reqs = Requirements()
- for filename in options.files:
- reqs.add_file(filename)
- reqs.write(sys.stdout)
- if not options.no_act:
- reqs.install(pip_general_options=options.pip_general_options,
- pip_install_options=options.pip_install_options)
-
-if __name__ == '__main__':
- main()
+min_requirements.main(os.path.join(os.path.dirname(__file__),
+ DEFAULT_REQUIREMENTS_FILE))
diff --git a/scripts/sbom.cdx.json b/scripts/sbom.cdx.json
new file mode 100644
index 0000000..59798d9
--- /dev/null
+++ b/scripts/sbom.cdx.json
@@ -0,0 +1,48 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "authors": [
+ {
+ "name": "@VCS_SBOM_AUTHORS@"
+ }
+ ]
+ },
+ "components": [
+ {
+ "type": "library",
+ "bom-ref": "pkg:github/Mbed-TLS/mbedtls@@VCS_TAG@",
+ "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:@VCS_TAG@:*:*:*:*:*:*:*",
+ "name": "mbedtls",
+ "version": "@VCS_VERSION@",
+ "description": "Implements cryptographic primitives, X.509 certificate manipulation and SSL/TLS and DTLS protocols",
+ "authors": [
+ {
+ "name": "@VCS_AUTHORS@"
+ }
+ ],
+ "supplier": {
+ "name": "Trusted Firmware"
+ },
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/Mbed-TLS/mbedtls"
+ }
+ ]
+ }
+ ]
+}
diff --git a/tests/Makefile b/tests/Makefile
index e13eb50..7bd9953 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -127,6 +127,7 @@
generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
## The generated file only depends on the options that are present in
diff --git a/tests/compat.sh b/tests/compat.sh
index 05102e3..de8c1bb 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -320,14 +320,6 @@
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
@@ -393,9 +385,6 @@
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
@@ -406,9 +395,6 @@
"PSK")
CIPHERS="$CIPHERS \
- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \
- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \
- TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
TLS_PSK_WITH_ARIA_128_GCM_SHA256 \
TLS_PSK_WITH_ARIA_256_GCM_SHA384 \
@@ -447,14 +433,6 @@
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_AES_128_CCM \
- TLS_DHE_RSA_WITH_AES_128_CCM_8 \
- TLS_DHE_RSA_WITH_AES_256_CCM \
- TLS_DHE_RSA_WITH_AES_256_CCM_8 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
@@ -472,22 +450,6 @@
"PSK")
CIPHERS="$CIPHERS \
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA \
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \
- TLS_DHE_PSK_WITH_AES_128_CCM \
- TLS_DHE_PSK_WITH_AES_128_CCM_8 \
- TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA \
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \
- TLS_DHE_PSK_WITH_AES_256_CCM \
- TLS_DHE_PSK_WITH_AES_256_CCM_8 \
- TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \
- TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
- TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
- TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
- TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
- TLS_DHE_PSK_WITH_NULL_SHA256 \
- TLS_DHE_PSK_WITH_NULL_SHA384 \
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \
@@ -542,8 +504,6 @@
"RSA")
M_CIPHERS="$M_CIPHERS \
- TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
@@ -554,9 +514,6 @@
"PSK")
# *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
M_CIPHERS="$M_CIPHERS \
- TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \
- TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \
- TLS_DHE_PSK_WITH_NULL_SHA \
TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_PSK_WITH_NULL_SHA \
@@ -620,7 +577,7 @@
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
- G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE"
+ G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE"
# The default prime for `openssl s_server` depends on the version:
# * OpenSSL <= 1.0.2a: 512-bit
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 90d51b7..e5b8d74 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -66,8 +66,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
#endif
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index ad1cf37..e68c2cb 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -33,41 +33,6 @@
r'.*\b(?:' + r'|'.join(words) + r')\b.*',
re.DOTALL)
- # generate_psa_tests.py generates test cases involving cryptographic
- # mechanisms (key types, families, algorithms) that are declared but
- # not implemented. Until we improve the Python scripts, ignore those
- # test cases in the analysis.
- # https://github.com/Mbed-TLS/mbedtls/issues/9572
- _PSA_MECHANISMS_NOT_IMPLEMENTED = [
- r'CBC_MAC',
- r'DETERMINISTIC_DSA',
- r'DET_DSA',
- r'DSA',
- r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
- r'ECC_KEY_PAIR\(SECP_K1\) 225-bit',
- r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit',
- r'ECC_PAIR\(SECP_K1\) 225-bit',
- r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
- r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit',
- r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit',
- r'ECC_PUB\(SECP_K1\) 225-bit',
- r'ED25519PH',
- r'ED448PH',
- r'PEPPER',
- r'PURE_EDDSA',
- r'SECP_R2',
- r'SECT_K1',
- r'SECT_R1',
- r'SECT_R2',
- r'SHAKE256_512',
- r'SHA_512_224',
- r'SHA_512_256',
- r'TWISTED_EDWARDS',
- r'XTS',
- ]
- PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \
- _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED)
-
IGNORED_TESTS = {
'ssl-opt': [
# We don't run ssl-opt.sh with Valgrind on the CI because
@@ -132,8 +97,6 @@
'Config: PSA_WANT_ALG_CBC_MAC',
# Algorithm declared but not supported.
'Config: PSA_WANT_ALG_XTS',
- # Family declared but not supported.
- 'Config: PSA_WANT_ECC_SECP_K1_224',
# More granularity of key pair type enablement macros
# than we care to test.
# https://github.com/Mbed-TLS/mbedtls/issues/9590
@@ -200,16 +163,6 @@
# https://github.com/Mbed-TLS/mbedtls/issues/9592
re.compile(r'.*ECDSA.*only deterministic supported'),
],
- 'test_suite_psa_crypto_generate_key.generated': [
- # Ignore mechanisms that are not implemented, except
- # for public keys for which we always test that
- # psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT
- # regardless of whether the specific key type is supported.
- _has_word_re((mech
- for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED
- if not mech.startswith('ECC_PUB')),
- exclude=r'ECC_PUB'),
- ],
'test_suite_psa_crypto_metadata': [
# Algorithms declared but not supported.
# https://github.com/Mbed-TLS/mbedtls/issues/9579
@@ -223,10 +176,6 @@
'MAC: CBC_MAC-AES-256',
],
'test_suite_psa_crypto_not_supported.generated': [
- # It is a bug that not-supported test cases aren't getting
- # run for never-implemented key types.
- # https://github.com/Mbed-TLS/mbedtls/issues/7915
- PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
# We never test with DH key support disabled but support
# for a DH group enabled. The dependencies of these test
# cases don't really make sense.
@@ -240,18 +189,6 @@
'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported',
],
'test_suite_psa_crypto_op_fail.generated': [
- # Ignore mechanisms that are not implemented, except
- # for test cases that assume the mechanism is not supported.
- _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED,
- exclude=(r'.*: !(?:' +
- r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) +
- r')\b')),
- # Incorrect dependency generation. To be fixed as part of the
- # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167
- # by forward-porting the commit
- # "PSA test case generation: dependency inference class: operation fail"
- # from https://github.com/Mbed-TLS/mbedtls/pull/9025 .
- re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'),
# We don't test this unusual, but sensible configuration.
# https://github.com/Mbed-TLS/mbedtls/issues/9592
re.compile(r'.*: !ECDSA but DETERMINISTIC_ECDSA with ECC_.*'),
@@ -259,18 +196,18 @@
# key type disabled. Those dependencies don't really make sense.
# https://github.com/Mbed-TLS/mbedtls/issues/9573
re.compile(r'.* !HMAC with HMAC'),
+ # We don't test with ECDH disabled but the key type enabled.
+ # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/161
+ re.compile(r'PSA key_agreement.* !ECDH with ECC_KEY_PAIR\(.*'),
+ # We don't test with FFDH disabled but the key type enabled.
+ # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/160
+ re.compile(r'PSA key_agreement.* !FFDH with DH_KEY_PAIR\(.*'),
],
'test_suite_psa_crypto_op_fail.misc': [
# We don't test this unusual, but sensible configuration.
# https://github.com/Mbed-TLS/mbedtls/issues/9592
'PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long
],
- 'test_suite_psa_crypto_storage_format.current': [
- PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
- ],
- 'test_suite_psa_crypto_storage_format.v0': [
- PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
- ],
'tls13-misc': [
# Disabled due to OpenSSL bug.
# https://github.com/openssl/openssl/issues/10714
@@ -451,10 +388,6 @@
re.compile(r'ECP point multiplication .*'),
re.compile(r'ECP test vectors .*'),
],
- 'test_suite_ssl': [
- # This deprecated function is only present when ECP_C is On.
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
@@ -491,10 +424,6 @@
re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
@@ -538,10 +467,6 @@
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
@@ -556,17 +481,10 @@
'psa_crypto_ecp',
]
IGNORED_TESTS = {
- 'ssl-opt': [
- # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
- # (because it needs custom groups, which PSA does not
- # provide), even with MBEDTLS_USE_PSA_CRYPTO.
- re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
- ],
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
- re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'),
re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
],
'test_suite_platform': [
@@ -593,10 +511,6 @@
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
- # See ecp_light_only
- 'test_suite_ssl': [
- 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
- ],
}
class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
deleted file mode 100755
index 3199c2a..0000000
--- a/tests/scripts/check-doxy-blocks.pl
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/env perl
-
-# Detect comment blocks that are likely meant to be doxygen blocks but aren't.
-#
-# More precisely, look for normal comment block containing '\'.
-# Of course one could use doxygen warnings, eg with:
-# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
-# but that would warn about any undocumented item, while our goal is to find
-# items that are documented, but not marked as such by mistake.
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-use warnings;
-use strict;
-use File::Basename;
-
-# C/header files in the following directories will be checked
-my @directories = qw(include/mbedtls library doxygen/input);
-
-# very naive pattern to find directives:
-# everything with a backslach except '\0' and backslash at EOL
-my $doxy_re = qr/\\(?!0|\n)/;
-
-# Return an error code to the environment if a potential error in the
-# source code is found.
-my $exit_code = 0;
-
-sub check_file {
- my ($fname) = @_;
- open my $fh, '<', $fname or die "Failed to open '$fname': $!\n";
-
- # first line of the last normal comment block,
- # or 0 if not in a normal comment block
- my $block_start = 0;
- while (my $line = <$fh>) {
- $block_start = $. if $line =~ m/\/\*(?![*!])/;
- $block_start = 0 if $line =~ m/\*\//;
- if ($block_start and $line =~ m/$doxy_re/) {
- print "$fname:$block_start: directive on line $.\n";
- $block_start = 0; # report only one directive per block
- $exit_code = 1;
- }
- }
-
- close $fh;
-}
-
-sub check_dir {
- my ($dirname) = @_;
- for my $file (<$dirname/*.[ch]>) {
- check_file($file);
- }
-}
-
-# Check that the script is being run from the project's root directory.
-for my $dir (@directories) {
- if (! -d $dir) {
- die "This script must be run from the Mbed TLS root directory";
- } else {
- check_dir($dir)
- }
-}
-
-exit $exit_code;
-
-__END__
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
deleted file mode 100755
index 77102ba..0000000
--- a/tests/scripts/check-python-files.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#! /usr/bin/env sh
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-# Purpose: check Python files for potential programming errors or maintenance
-# hurdles. Run pylint to detect some potential mistakes and enforce PEP8
-# coding standards. Run mypy to perform static type checking.
-
-# We'll keep going on errors and report the status at the end.
-ret=0
-
-if type python3 >/dev/null 2>/dev/null; then
- PYTHON=python3
-else
- PYTHON=python
-fi
-
-check_version () {
- $PYTHON - "$2" <<EOF
-import packaging.version
-import sys
-import $1 as package
-actual = package.__version__
-wanted = sys.argv[1]
-if packaging.version.parse(actual) < packaging.version.parse(wanted):
- sys.stderr.write("$1: version %s is too old (want %s)\n" % (actual, wanted))
- exit(1)
-EOF
-}
-
-can_pylint () {
- # Pylint 1.5.2 from Ubuntu 16.04 is too old:
- # E: 34, 0: Unable to import 'mbedtls_framework' (import-error)
- # Pylint 1.8.3 from Ubuntu 18.04 passed on the first commit containing this line.
- check_version pylint 1.8.3
-}
-
-can_mypy () {
- # mypy 0.770 is too old:
- # tests/scripts/test_psa_constant_names.py:34: error: Cannot find implementation or library stub for module named 'mbedtls_framework'
- # mypy 0.780 from pip passed on the first commit containing this line.
- check_version mypy.version 0.780
-}
-
-# With just a --can-xxx option, check whether the tool for xxx is available
-# with an acceptable version, and exit without running any checks. The exit
-# status is true if the tool is available and acceptable and false otherwise.
-if [ "$1" = "--can-pylint" ]; then
- can_pylint
- exit
-elif [ "$1" = "--can-mypy" ]; then
- can_mypy
- exit
-fi
-
-echo 'Running pylint ...'
-$PYTHON -m pylint framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || {
- echo >&2 "pylint reported errors"
- ret=1
-}
-
-echo
-echo 'Running mypy ...'
-$PYTHON -m mypy framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py ||
- ret=1
-
-exit $ret
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
deleted file mode 100755
index 8f34444..0000000
--- a/tests/scripts/check_names.py
+++ /dev/null
@@ -1,991 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-This script confirms that the naming of all symbols and identifiers in Mbed TLS
-are consistent with the house style and are also self-consistent. It only runs
-on Linux and macOS since it depends on nm.
-
-It contains two major Python classes, CodeParser and NameChecker. They both have
-a comprehensive "run-all" function (comprehensive_parse() and perform_checks())
-but the individual functions can also be used for specific needs.
-
-CodeParser makes heavy use of regular expressions to parse the code, and is
-dependent on the current code formatting. Many Python C parser libraries require
-preprocessed C code, which means no macro parsing. Compiler tools are also not
-very helpful when we want the exact location in the original source (which
-becomes impossible when e.g. comments are stripped).
-
-NameChecker performs the following checks:
-
-- All exported and available symbols in the library object files, are explicitly
- declared in the header files. This uses the nm command.
-- All macros, constants, and identifiers (function names, struct names, etc)
- follow the required regex pattern.
-- Typo checking: All words that begin with MBED|PSA exist as macros or constants.
-
-The script returns 0 on success, 1 on test failure, and 2 if there is a script
-error. It must be run from Mbed TLS root.
-"""
-
-import abc
-import argparse
-import fnmatch
-import glob
-import textwrap
-import os
-import sys
-import traceback
-import re
-import enum
-import shutil
-import subprocess
-import logging
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_framework import build_tree
-
-
-# Naming patterns to check against. These are defined outside the NameCheck
-# class for ease of modification.
-PUBLIC_MACRO_PATTERN = r"^(MBEDTLS|PSA|TF_PSA)_[0-9A-Z_]*[0-9A-Z]$"
-INTERNAL_MACRO_PATTERN = r"^[0-9A-Za-z_]*[0-9A-Z]$"
-CONSTANTS_PATTERN = PUBLIC_MACRO_PATTERN
-IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$"
-
-class Match(): # pylint: disable=too-few-public-methods
- """
- A class representing a match, together with its found position.
-
- Fields:
- * filename: the file that the match was in.
- * line: the full line containing the match.
- * line_no: the line number.
- * pos: a tuple of (start, end) positions on the line where the match is.
- * name: the match itself.
- """
- def __init__(self, filename, line, line_no, pos, name):
- # pylint: disable=too-many-arguments
- self.filename = filename
- self.line = line
- self.line_no = line_no
- self.pos = pos
- self.name = name
-
- def __str__(self):
- """
- Return a formatted code listing representation of the erroneous line.
- """
- gutter = format(self.line_no, "4d")
- underline = self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^"
-
- return (
- " {0} |\n".format(" " * len(gutter)) +
- " {0} | {1}".format(gutter, self.line) +
- " {0} | {1}\n".format(" " * len(gutter), underline)
- )
-
-class Problem(abc.ABC): # pylint: disable=too-few-public-methods
- """
- An abstract parent class representing a form of static analysis error.
- It extends an Abstract Base Class, which means it is not instantiable, and
- it also mandates certain abstract methods to be implemented in subclasses.
- """
- # Class variable to control the quietness of all problems
- quiet = False
- def __init__(self):
- self.textwrapper = textwrap.TextWrapper()
- self.textwrapper.width = 80
- self.textwrapper.initial_indent = " > "
- self.textwrapper.subsequent_indent = " "
-
- def __str__(self):
- """
- Unified string representation method for all Problems.
- """
- if self.__class__.quiet:
- return self.quiet_output()
- return self.verbose_output()
-
- @abc.abstractmethod
- def quiet_output(self):
- """
- The output when --quiet is enabled.
- """
- pass
-
- @abc.abstractmethod
- def verbose_output(self):
- """
- The default output with explanation and code snippet if appropriate.
- """
- pass
-
-class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods
- """
- A problem that occurs when an exported/available symbol in the object file
- is not explicitly declared in header files. Created with
- NameCheck.check_symbols_declared_in_header()
-
- Fields:
- * symbol_name: the name of the symbol.
- """
- def __init__(self, symbol_name):
- self.symbol_name = symbol_name
- Problem.__init__(self)
-
- def quiet_output(self):
- return "{0}".format(self.symbol_name)
-
- def verbose_output(self):
- return self.textwrapper.fill(
- "'{0}' was found as an available symbol in the output of nm, "
- "however it was not declared in any header files."
- .format(self.symbol_name))
-
-class PatternMismatch(Problem): # pylint: disable=too-few-public-methods
- """
- A problem that occurs when something doesn't match the expected pattern.
- Created with NameCheck.check_match_pattern()
-
- Fields:
- * pattern: the expected regex pattern
- * match: the Match object in question
- """
- def __init__(self, pattern, match):
- self.pattern = pattern
- self.match = match
- Problem.__init__(self)
-
-
- def quiet_output(self):
- return (
- "{0}:{1}:{2}"
- .format(self.match.filename, self.match.line_no, self.match.name)
- )
-
- def verbose_output(self):
- return self.textwrapper.fill(
- "{0}:{1}: '{2}' does not match the required pattern '{3}'."
- .format(
- self.match.filename,
- self.match.line_no,
- self.match.name,
- self.pattern
- )
- ) + "\n" + str(self.match)
-
-class Typo(Problem): # pylint: disable=too-few-public-methods
- """
- A problem that occurs when a word using MBED or PSA doesn't
- appear to be defined as constants nor enum values. Created with
- NameCheck.check_for_typos()
-
- Fields:
- * match: the Match object of the MBED|PSA name in question.
- """
- def __init__(self, match):
- self.match = match
- Problem.__init__(self)
-
- def quiet_output(self):
- return (
- "{0}:{1}:{2}"
- .format(self.match.filename, self.match.line_no, self.match.name)
- )
-
- def verbose_output(self):
- return self.textwrapper.fill(
- "{0}:{1}: '{2}' looks like a typo. It was not found in any "
- "macros or any enums. If this is not a typo, put "
- "//no-check-names after it."
- .format(self.match.filename, self.match.line_no, self.match.name)
- ) + "\n" + str(self.match)
-
-class CodeParser():
- """
- Class for retrieving files and parsing the code. This can be used
- independently of the checks that NameChecker performs, for example for
- list_internal_identifiers.py.
- """
- def __init__(self, log):
- self.log = log
- build_tree.check_repo_path()
-
- # Memo for storing "glob expression": set(filepaths)
- self.files = {}
-
- # Globally excluded filenames.
- # Note that "*" can match directory separators in exclude lists.
- self.excluded_files = ["*/bn_mul", "*/compat-2.x.h"]
-
- def comprehensive_parse(self):
- """
- Comprehensive ("default") function to call each parsing function and
- retrieve various elements of the code, together with the source location.
-
- Returns a dict of parsed item key to the corresponding List of Matches.
- """
- self.log.info("Parsing source code...")
- self.log.debug(
- "The following files are excluded from the search: {}"
- .format(str(self.excluded_files))
- )
-
- all_macros = {"public": [], "internal": [], "private":[]}
- all_macros["public"] = self.parse_macros([
- "include/mbedtls/*.h",
- "include/psa/*.h",
- "tf-psa-crypto/include/psa/*.h",
- "tf-psa-crypto/include/tf-psa-crypto/*.h",
- "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
- "tf-psa-crypto/drivers/everest/include/everest/everest.h",
- "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
- ])
- all_macros["internal"] = self.parse_macros([
- "library/*.h",
- "tf-psa-crypto/core/*.h",
- "tf-psa-crypto/drivers/builtin/src/*.h",
- "framework/tests/include/test/drivers/*.h",
- ])
- all_macros["private"] = self.parse_macros([
- "library/*.c",
- "tf-psa-crypto/core/*.c",
- "tf-psa-crypto/drivers/builtin/src/*.c",
- ])
- enum_consts = self.parse_enum_consts([
- "include/mbedtls/*.h",
- "include/psa/*.h",
- "tf-psa-crypto/include/psa/*.h",
- "tf-psa-crypto/include/tf-psa-crypto/*.h",
- "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
- "library/*.h",
- "tf-psa-crypto/core/*.h",
- "tf-psa-crypto/drivers/builtin/src/*.h",
- "library/*.c",
- "tf-psa-crypto/core/*.c",
- "tf-psa-crypto/drivers/builtin/src/*.c",
- "tf-psa-crypto/drivers/everest/include/everest/everest.h",
- "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
- ])
- identifiers, excluded_identifiers = self.parse_identifiers([
- "include/mbedtls/*.h",
- "include/psa/*.h",
- "tf-psa-crypto/include/psa/*.h",
- "tf-psa-crypto/include/tf-psa-crypto/*.h",
- "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
- "library/*.h",
- "tf-psa-crypto/core/*.h",
- "tf-psa-crypto/drivers/builtin/src/*.h",
- "tf-psa-crypto/drivers/everest/include/everest/everest.h",
- "tf-psa-crypto/drivers/everest/include/everest/x25519.h"
- ], ["tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h"])
- mbed_psa_words = self.parse_mbed_psa_words([
- "include/mbedtls/*.h",
- "include/psa/*.h",
- "tf-psa-crypto/include/psa/*.h",
- "tf-psa-crypto/include/tf-psa-crypto/*.h",
- "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
- "library/*.h",
- "tf-psa-crypto/core/*.h",
- "tf-psa-crypto/drivers/builtin/src/*.h",
- "tf-psa-crypto/drivers/everest/include/everest/everest.h",
- "tf-psa-crypto/drivers/everest/include/everest/x25519.h",
- "library/*.c",
- "tf-psa-crypto/core/*.c",
- "tf-psa-crypto/drivers/builtin/src/*.c",
- "tf-psa-crypto/drivers/everest/library/everest.c",
- "tf-psa-crypto/drivers/everest/library/x25519.c"
- ], ["tf-psa-crypto/core/psa_crypto_driver_wrappers.h"])
- symbols = self.parse_symbols()
-
- # Remove identifier macros like mbedtls_printf or mbedtls_calloc
- identifiers_justname = [x.name for x in identifiers]
- actual_macros = {"public": [], "internal": []}
- for scope in actual_macros:
- for macro in all_macros[scope]:
- if macro.name not in identifiers_justname:
- actual_macros[scope].append(macro)
-
- self.log.debug("Found:")
- # Aligns the counts on the assumption that none exceeds 4 digits
- for scope in actual_macros:
- self.log.debug(" {:4} Total {} Macros"
- .format(len(all_macros[scope]), scope))
- self.log.debug(" {:4} {} Non-identifier Macros"
- .format(len(actual_macros[scope]), scope))
- self.log.debug(" {:4} Enum Constants".format(len(enum_consts)))
- self.log.debug(" {:4} Identifiers".format(len(identifiers)))
- self.log.debug(" {:4} Exported Symbols".format(len(symbols)))
- return {
- "public_macros": actual_macros["public"],
- "internal_macros": actual_macros["internal"],
- "private_macros": all_macros["private"],
- "enum_consts": enum_consts,
- "identifiers": identifiers,
- "excluded_identifiers": excluded_identifiers,
- "symbols": symbols,
- "mbed_psa_words": mbed_psa_words
- }
-
- def is_file_excluded(self, path, exclude_wildcards):
- """Whether the given file path is excluded."""
- # exclude_wildcards may be None. Also, consider the global exclusions.
- exclude_wildcards = (exclude_wildcards or []) + self.excluded_files
- for pattern in exclude_wildcards:
- if fnmatch.fnmatch(path, pattern):
- return True
- return False
-
- def get_all_files(self, include_wildcards, exclude_wildcards):
- """
- Get all files that match any of the included UNIX-style wildcards
- and filter them into included and excluded lists.
- While the check_names script is designed only for use on UNIX/macOS
- (due to nm), this function alone will work fine on Windows even with
- forward slashes in the wildcard.
-
- Args:
- * include_wildcards: a List of shell-style wildcards to match filepaths.
- * exclude_wildcards: a List of shell-style wildcards to exclude.
-
- Returns:
- * inc_files: A List of relative filepaths for included files.
- * exc_files: A List of relative filepaths for excluded files.
- """
- accumulator = set()
- all_wildcards = include_wildcards + (exclude_wildcards or [])
- for wildcard in all_wildcards:
- accumulator = accumulator.union(glob.iglob(wildcard))
-
- inc_files = []
- exc_files = []
- for path in accumulator:
- if self.is_file_excluded(path, exclude_wildcards):
- exc_files.append(path)
- else:
- inc_files.append(path)
- return (inc_files, exc_files)
-
- def get_included_files(self, include_wildcards, exclude_wildcards):
- """
- Get all files that match any of the included UNIX-style wildcards.
- While the check_names script is designed only for use on UNIX/macOS
- (due to nm), this function alone will work fine on Windows even with
- forward slashes in the wildcard.
-
- Args:
- * include_wildcards: a List of shell-style wildcards to match filepaths.
- * exclude_wildcards: a List of shell-style wildcards to exclude.
-
- Returns a List of relative filepaths.
- """
- accumulator = set()
-
- for include_wildcard in include_wildcards:
- accumulator = accumulator.union(glob.iglob(include_wildcard))
-
- return list(path for path in accumulator
- if not self.is_file_excluded(path, exclude_wildcards))
-
- def parse_macros(self, include, exclude=None):
- """
- Parse all macros defined by #define preprocessor directives.
-
- Args:
- * include: A List of glob expressions to look for files through.
- * exclude: A List of glob expressions for excluding files.
-
- Returns a List of Match objects for the found macros.
- """
- macro_regex = re.compile(r"# *define +(?P<macro>\w+)")
- exclusions = (
- "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
- )
-
- files = self.get_included_files(include, exclude)
- self.log.debug("Looking for macros in {} files".format(len(files)))
-
- macros = []
- for header_file in files:
- with open(header_file, "r", encoding="utf-8") as header:
- for line_no, line in enumerate(header):
- for macro in macro_regex.finditer(line):
- if macro.group("macro").startswith(exclusions):
- continue
-
- macros.append(Match(
- header_file,
- line,
- line_no,
- macro.span("macro"),
- macro.group("macro")))
-
- return macros
-
- def parse_mbed_psa_words(self, include, exclude=None):
- """
- Parse all words in the file that begin with MBED|PSA, in and out of
- macros, comments, anything.
-
- Args:
- * include: A List of glob expressions to look for files through.
- * exclude: A List of glob expressions for excluding files.
-
- Returns a List of Match objects for words beginning with MBED|PSA.
- """
- # Typos of TLS are common, hence the broader check below than MBEDTLS.
- mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*")
- exclusions = re.compile(r"// *no-check-names|#error")
-
- files = self.get_included_files(include, exclude)
- self.log.debug(
- "Looking for MBED|PSA words in {} files"
- .format(len(files))
- )
-
- mbed_psa_words = []
- for filename in files:
- with open(filename, "r", encoding="utf-8") as fp:
- for line_no, line in enumerate(fp):
- if exclusions.search(line):
- continue
-
- for name in mbed_regex.finditer(line):
- mbed_psa_words.append(Match(
- filename,
- line,
- line_no,
- name.span(0),
- name.group(0)))
-
- return mbed_psa_words
-
- def parse_enum_consts(self, include, exclude=None):
- """
- Parse all enum value constants that are declared.
-
- Args:
- * include: A List of glob expressions to look for files through.
- * exclude: A List of glob expressions for excluding files.
-
- Returns a List of Match objects for the findings.
- """
- files = self.get_included_files(include, exclude)
- self.log.debug("Looking for enum consts in {} files".format(len(files)))
-
- # Emulate a finite state machine to parse enum declarations.
- # OUTSIDE_KEYWORD = outside the enum keyword
- # IN_BRACES = inside enum opening braces
- # IN_BETWEEN = between enum keyword and opening braces
- states = enum.Enum("FSM", ["OUTSIDE_KEYWORD", "IN_BRACES", "IN_BETWEEN"])
- enum_consts = []
- for header_file in files:
- state = states.OUTSIDE_KEYWORD
- with open(header_file, "r", encoding="utf-8") as header:
- for line_no, line in enumerate(header):
- # Match typedefs and brackets only when they are at the
- # beginning of the line -- if they are indented, they might
- # be sub-structures within structs, etc.
- optional_c_identifier = r"([_a-zA-Z][_a-zA-Z0-9]*)?"
- if (state == states.OUTSIDE_KEYWORD and
- re.search(r"^(typedef +)?enum " + \
- optional_c_identifier + \
- r" *{", line)):
- state = states.IN_BRACES
- elif (state == states.OUTSIDE_KEYWORD and
- re.search(r"^(typedef +)?enum", line)):
- state = states.IN_BETWEEN
- elif (state == states.IN_BETWEEN and
- re.search(r"^{", line)):
- state = states.IN_BRACES
- elif (state == states.IN_BRACES and
- re.search(r"^}", line)):
- state = states.OUTSIDE_KEYWORD
- elif (state == states.IN_BRACES and
- not re.search(r"^ *#", line)):
- enum_const = re.search(r"^ *(?P<enum_const>\w+)", line)
- if not enum_const:
- continue
-
- enum_consts.append(Match(
- header_file,
- line,
- line_no,
- enum_const.span("enum_const"),
- enum_const.group("enum_const")))
-
- return enum_consts
-
- IGNORED_CHUNK_REGEX = re.compile('|'.join([
- r'/\*.*?\*/', # block comment entirely on one line
- r'//.*', # line comment
- r'(?P<string>")(?:[^\\\"]|\\.)*"', # string literal
- ]))
-
- def strip_comments_and_literals(self, line, in_block_comment):
- """Strip comments and string literals from line.
-
- Continuation lines are not supported.
-
- If in_block_comment is true, assume that the line starts inside a
- block comment.
-
- Return updated values of (line, in_block_comment) where:
- * Comments in line have been replaced by a space (or nothing at the
- start or end of the line).
- * String contents have been removed.
- * in_block_comment indicates whether the line ends inside a block
- comment that continues on the next line.
- """
-
- # Terminate current multiline comment?
- if in_block_comment:
- m = re.search(r"\*/", line)
- if m:
- in_block_comment = False
- line = line[m.end(0):]
- else:
- return '', True
-
- # Remove full comments and string literals.
- # Do it all together to handle cases like "/*" correctly.
- # Note that continuation lines are not supported.
- line = re.sub(self.IGNORED_CHUNK_REGEX,
- lambda s: '""' if s.group('string') else ' ',
- line)
-
- # Start an unfinished comment?
- # (If `/*` was part of a complete comment, it's already been removed.)
- m = re.search(r"/\*", line)
- if m:
- in_block_comment = True
- line = line[:m.start(0)]
-
- return line, in_block_comment
-
- IDENTIFIER_REGEX = re.compile('|'.join([
- # Match " something(a" or " *something(a". Functions.
- # Assumptions:
- # - function definition from return type to one of its arguments is
- # all on one line
- # - function definition line only contains alphanumeric, asterisk,
- # underscore, and open bracket
- r".* \**(\w+) *\( *\w",
- # Match "(*something)(".
- r".*\( *\* *(\w+) *\) *\(",
- # Match names of named data structures.
- r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$",
- # Match names of typedef instances, after closing bracket.
- r"}? *(\w+)[;[].*",
- ]))
- # The regex below is indented for clarity.
- EXCLUSION_LINES = re.compile("|".join([
- r"extern +\"C\"",
- r"(typedef +)?(struct|union|enum)( *{)?$",
- r"} *;?$",
- r"$",
- r"//",
- r"#",
- ]))
-
- def parse_identifiers_in_file(self, header_file, identifiers):
- """
- Parse all lines of a header where a function/enum/struct/union/typedef
- identifier is declared, based on some regex and heuristics. Highly
- dependent on formatting style.
-
- Append found matches to the list ``identifiers``.
- """
-
- with open(header_file, "r", encoding="utf-8") as header:
- in_block_comment = False
- # The previous line variable is used for concatenating lines
- # when identifiers are formatted and spread across multiple
- # lines.
- previous_line = ""
-
- for line_no, line in enumerate(header):
- line, in_block_comment = \
- self.strip_comments_and_literals(line, in_block_comment)
-
- if self.EXCLUSION_LINES.match(line):
- previous_line = ""
- continue
-
- # If the line contains only space-separated alphanumeric
- # characters (or underscore, asterisk, or open parenthesis),
- # and nothing else, high chance it's a declaration that
- # continues on the next line
- if re.search(r"^([\w\*\(]+\s+)+$", line):
- previous_line += line
- continue
-
- # If previous line seemed to start an unfinished declaration
- # (as above), concat and treat them as one.
- if previous_line:
- line = previous_line.strip() + " " + line.strip() + "\n"
- previous_line = ""
-
- # Skip parsing if line has a space in front = heuristic to
- # skip function argument lines (highly subject to formatting
- # changes)
- if line[0] == " ":
- continue
-
- identifier = self.IDENTIFIER_REGEX.search(line)
-
- if not identifier:
- continue
-
- # Find the group that matched, and append it
- for group in identifier.groups():
- if not group:
- continue
-
- identifiers.append(Match(
- header_file,
- line,
- line_no,
- identifier.span(),
- group))
-
- def parse_identifiers(self, include, exclude=None):
- """
- Parse all lines of a header where a function/enum/struct/union/typedef
- identifier is declared, based on some regex and heuristics. Highly
- dependent on formatting style. Identifiers in excluded files are still
- parsed
-
- Args:
- * include: A List of glob expressions to look for files through.
- * exclude: A List of glob expressions for excluding files.
-
- Returns: a Tuple of two Lists of Match objects with identifiers.
- * included_identifiers: A List of Match objects with identifiers from
- included files.
- * excluded_identifiers: A List of Match objects with identifiers from
- excluded files.
- """
-
- included_files, excluded_files = \
- self.get_all_files(include, exclude)
-
- self.log.debug("Looking for included identifiers in {} files".format \
- (len(included_files)))
-
- included_identifiers = []
- excluded_identifiers = []
- for header_file in included_files:
- self.parse_identifiers_in_file(header_file, included_identifiers)
- for header_file in excluded_files:
- self.parse_identifiers_in_file(header_file, excluded_identifiers)
-
- return (included_identifiers, excluded_identifiers)
-
- def parse_symbols(self):
- """
- Compile the Mbed TLS libraries, and parse the TLS, Crypto, and x509
- object files using nm to retrieve the list of referenced symbols.
- Exceptions thrown here are rethrown because they would be critical
- errors that void several tests, and thus needs to halt the program. This
- is explicitly done for clarity.
-
- Returns a List of unique symbols defined and used in the libraries.
- """
- self.log.info("Compiling...")
- symbols = []
-
- # Back up the config and atomically compile with the full configuration.
- shutil.copy(
- "include/mbedtls/mbedtls_config.h",
- "include/mbedtls/mbedtls_config.h.bak"
- )
- try:
- # Use check=True in all subprocess calls so that failures are raised
- # as exceptions and logged.
- subprocess.run(
- ["python3", "scripts/config.py", "full"],
- universal_newlines=True,
- check=True
- )
- my_environment = os.environ.copy()
- my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables"
- # Run make clean separately to lib to prevent unwanted behavior when
- # make is invoked with parallelism.
- subprocess.run(
- ["make", "clean"],
- universal_newlines=True,
- check=True
- )
- subprocess.run(
- ["make", "lib"],
- env=my_environment,
- universal_newlines=True,
- stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT,
- check=True
- )
-
- # Perform object file analysis using nm
- symbols = self.parse_symbols_from_nm([
- "library/libmbedcrypto.a",
- "library/libmbedtls.a",
- "library/libmbedx509.a"
- ])
-
- subprocess.run(
- ["make", "clean"],
- universal_newlines=True,
- check=True
- )
- except subprocess.CalledProcessError as error:
- self.log.debug(error.output)
- raise error
- finally:
- # Put back the original config regardless of there being errors.
- # Works also for keyboard interrupts.
- shutil.move(
- "include/mbedtls/mbedtls_config.h.bak",
- "include/mbedtls/mbedtls_config.h"
- )
-
- return symbols
-
- def parse_symbols_from_nm(self, object_files):
- """
- Run nm to retrieve the list of referenced symbols in each object file.
- Does not return the position data since it is of no use.
-
- Args:
- * object_files: a List of compiled object filepaths to search through.
-
- Returns a List of unique symbols defined and used in any of the object
- files.
- """
- nm_undefined_regex = re.compile(r"^\S+: +U |^$|^\S+:$")
- nm_valid_regex = re.compile(r"^\S+( [0-9A-Fa-f]+)* . _*(?P<symbol>\w+)")
- exclusions = ("FStar", "Hacl")
-
- symbols = []
-
- # Gather all outputs of nm
- nm_output = ""
- for lib in object_files:
- nm_output += subprocess.run(
- ["nm", "-og", lib],
- universal_newlines=True,
- stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT,
- check=True
- ).stdout
-
- for line in nm_output.splitlines():
- if not nm_undefined_regex.search(line):
- symbol = nm_valid_regex.search(line)
- if (symbol and not symbol.group("symbol").startswith(exclusions)):
- symbols.append(symbol.group("symbol"))
- else:
- self.log.error(line)
-
- return symbols
-
-class NameChecker():
- """
- Representation of the core name checking operation performed by this script.
- """
- def __init__(self, parse_result, log):
- self.parse_result = parse_result
- self.log = log
-
- def perform_checks(self, quiet=False):
- """
- A comprehensive checker that performs each check in order, and outputs
- a final verdict.
-
- Args:
- * quiet: whether to hide detailed problem explanation.
- """
- self.log.info("=============")
- Problem.quiet = quiet
- problems = 0
- problems += self.check_symbols_declared_in_header()
-
- pattern_checks = [
- ("public_macros", PUBLIC_MACRO_PATTERN),
- ("internal_macros", INTERNAL_MACRO_PATTERN),
- ("enum_consts", CONSTANTS_PATTERN),
- ("identifiers", IDENTIFIER_PATTERN)
- ]
- for group, check_pattern in pattern_checks:
- problems += self.check_match_pattern(group, check_pattern)
-
- problems += self.check_for_typos()
-
- self.log.info("=============")
- if problems > 0:
- self.log.info("FAIL: {0} problem(s) to fix".format(str(problems)))
- if quiet:
- self.log.info("Remove --quiet to see explanations.")
- else:
- self.log.info("Use --quiet for minimal output.")
- return 1
- else:
- self.log.info("PASS")
- return 0
-
- def check_symbols_declared_in_header(self):
- """
- Perform a check that all detected symbols in the library object files
- are properly declared in headers.
- Assumes parse_names_in_source() was called before this.
-
- Returns the number of problems that need fixing.
- """
- problems = []
- all_identifiers = self.parse_result["identifiers"] + \
- self.parse_result["excluded_identifiers"]
-
- for symbol in self.parse_result["symbols"]:
- found_symbol_declared = False
- for identifier_match in all_identifiers:
- if symbol == identifier_match.name:
- found_symbol_declared = True
- break
-
- if not found_symbol_declared:
- problems.append(SymbolNotInHeader(symbol))
-
- self.output_check_result("All symbols in header", problems)
- return len(problems)
-
- def check_match_pattern(self, group_to_check, check_pattern):
- """
- Perform a check that all items of a group conform to a regex pattern.
- Assumes parse_names_in_source() was called before this.
-
- Args:
- * group_to_check: string key to index into self.parse_result.
- * check_pattern: the regex to check against.
-
- Returns the number of problems that need fixing.
- """
- problems = []
-
- for item_match in self.parse_result[group_to_check]:
- if not re.search(check_pattern, item_match.name):
- problems.append(PatternMismatch(check_pattern, item_match))
- # Double underscore should not be used for names
- if re.search(r".*__.*", item_match.name):
- problems.append(
- PatternMismatch("no double underscore allowed", item_match))
-
- self.output_check_result(
- "Naming patterns of {}".format(group_to_check),
- problems)
- return len(problems)
-
- def check_for_typos(self):
- """
- Perform a check that all words in the source code beginning with MBED are
- either defined as macros, or as enum constants.
- Assumes parse_names_in_source() was called before this.
-
- Returns the number of problems that need fixing.
- """
- problems = []
-
- # Set comprehension, equivalent to a list comprehension wrapped by set()
- all_caps_names = {
- match.name
- for match
- in self.parse_result["public_macros"] +
- self.parse_result["internal_macros"] +
- self.parse_result["private_macros"] +
- self.parse_result["enum_consts"]
- }
- typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|"
- r"MBEDTLS_TEST_LIBTESTDRIVER*|"
- r"PSA_CRYPTO_DRIVER_TEST")
-
- for name_match in self.parse_result["mbed_psa_words"]:
- found = name_match.name in all_caps_names
-
- # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the
- # PSA driver, they will not exist as macros. However, they
- # should still be checked for typos using the equivalent
- # BUILTINs that exist.
- if "MBEDTLS_PSA_ACCEL_" in name_match.name:
- found = name_match.name.replace(
- "MBEDTLS_PSA_ACCEL_",
- "MBEDTLS_PSA_BUILTIN_") in all_caps_names
-
- if not found and not typo_exclusion.search(name_match.name):
- problems.append(Typo(name_match))
-
- self.output_check_result("Likely typos", problems)
- return len(problems)
-
- def output_check_result(self, name, problems):
- """
- Write out the PASS/FAIL status of a performed check depending on whether
- there were problems.
-
- Args:
- * name: the name of the test
- * problems: a List of encountered Problems
- """
- if problems:
- self.log.info("{}: FAIL\n".format(name))
- for problem in problems:
- self.log.warning(str(problem))
- else:
- self.log.info("{}: PASS".format(name))
-
-def main():
- """
- Perform argument parsing, and create an instance of CodeParser and
- NameChecker to begin the core operation.
- """
- parser = argparse.ArgumentParser(
- formatter_class=argparse.RawDescriptionHelpFormatter,
- description=(
- "This script confirms that the naming of all symbols and identifiers "
- "in Mbed TLS are consistent with the house style and are also "
- "self-consistent.\n\n"
- "Expected to be run from the Mbed TLS root directory.")
- )
- parser.add_argument(
- "-v", "--verbose",
- action="store_true",
- help="show parse results"
- )
- parser.add_argument(
- "-q", "--quiet",
- action="store_true",
- help="hide unnecessary text, explanations, and highlights"
- )
-
- args = parser.parse_args()
-
- # Configure the global logger, which is then passed to the classes below
- log = logging.getLogger()
- log.setLevel(logging.DEBUG if args.verbose else logging.INFO)
- log.addHandler(logging.StreamHandler())
-
- try:
- code_parser = CodeParser(log)
- parse_result = code_parser.comprehensive_parse()
- except Exception: # pylint: disable=broad-except
- traceback.print_exc()
- sys.exit(2)
-
- name_checker = NameChecker(parse_result, log)
- return_code = name_checker.perform_checks(quiet=args.quiet)
-
- sys.exit(return_code)
-
-if __name__ == "__main__":
- main()
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 99fd0d7..3ee88a3 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -11,9 +11,9 @@
component_check_recursion () {
msg "Check: recursion.pl" # < 1s
- tests/scripts/recursion.pl library/*.c
- tests/scripts/recursion.pl ${PSA_CORE_PATH}/*.c
- tests/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c
+ ./framework/scripts/recursion.pl library/*.c
+ ./framework/scripts/recursion.pl ${PSA_CORE_PATH}/*.c
+ ./framework/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c
}
component_check_generated_files () {
@@ -38,7 +38,7 @@
component_check_doxy_blocks () {
msg "Check: doxygen markup outside doxygen blocks" # < 1s
- tests/scripts/check-doxy-blocks.pl
+ ./framework/scripts/check-doxy-blocks.pl
}
component_check_files () {
@@ -49,7 +49,7 @@
component_check_changelog () {
msg "Check: changelog entries" # < 1s
rm -f ChangeLog.new
- scripts/assemble_changelog.py -o ChangeLog.new
+ ./framework/scripts/assemble_changelog.py -o ChangeLog.new
if [ -e ChangeLog.new ]; then
# Show the diff for information. It isn't an error if the diff is
# non-empty.
@@ -60,7 +60,7 @@
component_check_names () {
msg "Check: declared and exported names (builds the library)" # < 3s
- tests/scripts/check_names.py -v
+ framework/scripts/check_names.py -v
}
component_check_test_cases () {
@@ -74,68 +74,9 @@
unset opt
}
-component_check_test_dependencies () {
- msg "Check: test case dependencies: legacy vs PSA" # < 1s
- # The purpose of this component is to catch unjustified dependencies on
- # legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking,
- # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely
- # MBEDTLS_PSA_xxx).
- #
- # Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which
- # this component is meant to catch. However a few of them are justified,
- # mostly by the absence of a PSA equivalent, so this component includes a
- # list of expected exceptions.
-
- found="check-test-deps-found-$$"
- expected="check-test-deps-expected-$$"
-
- # Find legacy dependencies in PSA tests
- grep 'depends_on' \
- tf-psa-crypto/tests/suites/test_suite_psa*.data \
- tf-psa-crypto/tests/suites/test_suite_psa*.function |
- grep -Eo '!?MBEDTLS_[^: ]*' |
- grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ |
- sort -u > $found
-
- # Expected ones with justification - keep in sorted order by ASCII table!
- rm -f $expected
- # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
- echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected
- # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
- echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected
- # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto
- # in order to build a fake RSA key of the wanted size based on
- # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by
- # the test code and that's probably the most convenient way of achieving
- # the test's goal.
- echo "MBEDTLS_ASN1_WRITE_C" >> $expected
- # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size
- # for raw key generation.
- echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected
- # No PSA equivalent - we should probably have one in the future.
- echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
- # No PSA equivalent - needed by some init tests
- echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected
- # No PSA equivalent - required to run threaded tests.
- echo "MBEDTLS_THREADING_PTHREAD" >> $expected
-
- # Compare reality with expectation.
- # We want an exact match, to ensure the above list remains up-to-date.
- #
- # The output should be empty. When it's not:
- # - Each '+' line is a macro that was found but not expected. You want to
- # find where that macro occurs, and either replace it with PSA macros, or
- # add it to the exceptions list above with a justification.
- # - Each '-' line is a macro that was expected but not found; it means the
- # exceptions list above should be updated by removing that macro.
- diff -U0 $expected $found
-
- rm $found $expected
-}
-
component_check_doxygen_warnings () {
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
- tests/scripts/doxygen.sh
+ ./framework/scripts/doxygen.sh
}
component_check_code_style () {
@@ -152,7 +93,7 @@
component_check_python_files () {
msg "Lint: Python scripts"
- tests/scripts/check-python-files.sh
+ ./framework/scripts/check-python-files.sh
}
component_check_test_helpers () {
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index f3a8d19..d6ad88a 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -116,7 +116,7 @@
./cmake_package
if [[ "$OSTYPE" == linux* ]]; then
PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" \
- ${root_dir}/tests/scripts/pkgconfig.sh \
+ ${root_dir}/framework/scripts/pkgconfig.sh \
mbedtls mbedx509 mbedcrypto
# These are the EXPECTED package names. Renaming these could break
# consumers of pkg-config, consider carefully.
@@ -137,7 +137,7 @@
./cmake_package
if [[ "$OSTYPE" == linux* ]]; then
PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \
- ${root_dir}/tests/scripts/pkgconfig.sh \
+ ${root_dir}/framework/scripts/pkgconfig.sh \
tfpsacrypto
# This is the EXPECTED package name. Renaming it could break consumers
# of pkg-config, consider carefully.
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 0598b2d..cb6dd92 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -16,7 +16,7 @@
component_build_tfm_armcc () {
# test the TF-M configuration can build cleanly with various warning flags enabled
cp configs/config-tfm.h "$CONFIG_H"
- cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+ cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh
index 16a306d..cce0890 100644
--- a/tests/scripts/components-compliance.sh
+++ b/tests/scripts/components-compliance.sh
@@ -15,7 +15,7 @@
CC=gcc make -C library libmbedcrypto.a
msg "unit test: test_psa_compliance.py"
- CC=gcc ./tests/scripts/test_psa_compliance.py --build-dir="."
+ CC=gcc $FRAMEWORK/scripts/test_psa_compliance.py --build-dir="."
}
support_test_psa_compliance () {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index b7cef0d..34b3107 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -412,7 +412,7 @@
component_test_config_symmetric_only () {
msg "build: configs/config-symmetric-only.h"
MBEDTLS_CONFIG="configs/config-symmetric-only.h"
- CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h"
+ CRYPTO_CONFIG="tf-psa-crypto/configs/crypto-config-symmetric-only.h"
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -478,20 +478,6 @@
! nm "$@" 2>/dev/null | grep -v ':$' | grep .
}
-component_build_crypto_default () {
- msg "build: make, crypto only"
- scripts/config.py crypto
- make CFLAGS='-O1 -Werror'
- are_empty_libraries library/libmbedx509.* library/libmbedtls.*
-}
-
-component_build_crypto_full () {
- msg "build: make, crypto only, full config"
- scripts/config.py crypto_full
- make CFLAGS='-O1 -Werror'
- are_empty_libraries library/libmbedx509.* library/libmbedtls.*
-}
-
component_test_crypto_for_psa_service () {
msg "build: make, config for PSA crypto service"
scripts/config.py crypto
@@ -585,49 +571,6 @@
tests/ssl-opt.sh -f "ffdh"
}
-component_build_no_pk_rsa_alt_support () {
- msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
-
- scripts/config.py full
- scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
- scripts/config.py set MBEDTLS_RSA_C
- scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
-
- # Only compile - this is primarily to test for compile issues
- make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
-}
-
-component_build_module_alt () {
- msg "build: MBEDTLS_XXX_ALT" # ~30s
- scripts/config.py full
-
- # Disable options that are incompatible with some ALT implementations:
- # aesni.c references mbedtls_aes_context fields directly.
- scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_AESCE_C
- # MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
- scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
- # You can only have one threading implementation: alt or pthread, not both.
- scripts/config.py unset MBEDTLS_THREADING_PTHREAD
- # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
- # directly and assumes the implementation works with partial groups.
- scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
- # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
- scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
- scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
- # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
- scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
- scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
-
- # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
- # MBEDTLS_XXX_YYY_ALT which are for single functions.
- scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
-
- # We can only compile, not link, since we don't have any implementations
- # suitable for testing with the dummy alt headers.
- make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
-}
-
component_test_psa_crypto_config_accel_ecdsa () {
msg "build: accelerated ECDSA"
@@ -728,10 +671,6 @@
# Disable the module that's accelerated
scripts/config.py unset MBEDTLS_DHM_C
- # Disable things that depend on it
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
# Build
# -----
@@ -758,9 +697,6 @@
# Start with full (USE_PSA and TLS 1.3)
helper_libtestdriver1_adjust_config "full"
- # Disable things that are not supported
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
make
msg "test suites: full with non-accelerated FFDH alg"
@@ -1233,26 +1169,20 @@
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
# Also disable key exchanges that depend on RSA
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
if [ "$test_target" = "ECC" ]; then
# When testing ECC only, we disable FFDH support, both from builtin and
- # PSA sides, and also disable the key exchanges that depend on DHM.
+ # PSA sides.
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
scripts/config.py unset MBEDTLS_DHM_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
else
- # When testing ECC and DH instead, we disable DHM and depending key
- # exchanges only in the accelerated build
+ # When testing ECC and DH instead, we disable DHM.
if [ "$driver_only" -eq 1 ]; then
scripts/config.py unset MBEDTLS_DHM_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
fi
fi
@@ -1395,7 +1325,7 @@
component_test_tfm_config_as_is () {
msg "build: configs/config-tfm.h"
MBEDTLS_CONFIG="configs/config-tfm.h"
- CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h"
+ CRYPTO_CONFIG="tf-psa-crypto/configs/ext/crypto_config_profile_medium.h"
CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1409,7 +1339,7 @@
common_tfm_config () {
# Enable TF-M config
cp configs/config-tfm.h "$CONFIG_H"
- cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+ cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
# Config adjustment for better test coverage in our environment.
# This is not needed just to build and pass tests.
@@ -1604,7 +1534,6 @@
# Remove RSA support and its dependencies
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -2158,7 +2087,7 @@
# Setting a blank config disables everyhing in the library side.
echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H"
- cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
+ cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
make
msg "test: CCM + AES + SHA256 configuration"
@@ -2600,15 +2529,6 @@
make test
}
-component_test_se_default () {
- msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
- make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
-
- msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
- make test
-}
-
component_test_full_static_keystore () {
msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC"
scripts/config.py full
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 7440845..cee4d63 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -148,7 +148,7 @@
tests/scripts/run_demos.py
msg "test: psa_constant_names (full config, clang)" # ~ 1s
- tests/scripts/test_psa_constant_names.py
+ $FRAMEWORK/scripts/test_psa_constant_names.py
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
@@ -236,7 +236,7 @@
# the configuration that works on mainstream platforms is in
# configs/config-tfm.h, tested via test-ref-configs.pl.
cp configs/config-tfm.h "$CONFIG_H"
- cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+ cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
msg "build: TF-M config, clang, armv7-m thumb2"
make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index f7fc60f..a08ede5 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -274,21 +274,19 @@
'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'],
'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'],
- 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'],
- 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'],
- 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'],
- 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'],
- 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'],
- 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'],
- 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'],
- 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256',
- 'PSA_WANT_ALG_JPAKE',
- 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
- 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'],
- 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'],
- 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'],
- 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'],
- 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
+ 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
+ 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
+ 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C',
+ 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
+ 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
@@ -316,8 +314,7 @@
'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
'PSA_WANT_ALG_RSA_OAEP',
'PSA_WANT_ALG_RSA_PSS'],
- 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+ 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'],
@@ -362,12 +359,12 @@
EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_TLS_C'],
- 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
- '-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_ECJPAKE_C',],
- 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C',
- '-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_ECJPAKE_C'],
+ 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C',
+ '-MBEDTLS_ECDSA_DETERMINISTIC',
+ '-MBEDTLS_ECJPAKE_C',],
+ 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C',
+ '-MBEDTLS_ECDSA_DETERMINISTIC',
+ '-MBEDTLS_ECJPAKE_C'],
'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC',
'-PSA_WANT_ALG_CCM',
'-PSA_WANT_ALG_GCM',
@@ -512,8 +509,12 @@
# Find hash modules by name.
hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
- # Find elliptic curve enabling macros by name.
- curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
+
+ # Find elliptic curve enabling macros
+ # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves
+ curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|'
+ r'MBEDTLS_ECP_DP_SECP224K1_ENABLED')
+
# Find key exchange enabling macros by name.
key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
@@ -541,8 +542,11 @@
'cipher_padding': ExclusiveDomain(cipher_padding_symbols,
build_and_test),
+
# Elliptic curves. Run the test suites.
- 'curves': ExclusiveDomain(curve_symbols, build_and_test),
+ 'curves': ExclusiveDomain(curve_symbols, build_and_test,
+ exclude=r'MBEDTLS_ECP_DP_SECP224K1_ENABLED'),
+
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
# across various modules, but it depends on either SHA256 or SHA512.
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
deleted file mode 100755
index b6a1d45..0000000
--- a/tests/scripts/doxygen.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-# Make sure the doxygen documentation builds without warnings
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-# Abort on errors (and uninitialised variables)
-set -eu
-
-if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from Mbed TLS root" >&2
- exit 1
-fi
-
-if scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else
- cat doc.err
- echo "FAIL" >&2
- exit 1;
-fi
-
-cat doc.out doc.err | \
- grep -v "warning: ignoring unsupported tag" \
- > doc.filtered
-
-if grep -E "(warning|error):" doc.filtered; then
- echo "FAIL" >&2
- exit 1;
-fi
-
-make apidoc_clean
-rm -f doc.out doc.err doc.filtered
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 4ccac23..9032baf 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -49,6 +49,6 @@
use. It is a thin wrapper around list_internal_identifiers.py.
check-names.sh, which used to depend on this script, has been replaced with
-check_names.py and is now self-complete.
+framework/scripts/check_names.py and is now self-complete.
EOF
fi
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 052feca..2cbfdce 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -10,7 +10,8 @@
exclusion file list for ABI/API checking, since we do not promise compatibility
for them.
-It uses the CodeParser class from check_names.py to perform the parsing.
+It uses the CodeParser class from framework/scripts/check_names.py to perform
+the parsing.
The script returns 0 on success, 1 if there is a script error.
Must be run from Mbed TLS root.
@@ -18,6 +19,7 @@
import argparse
import logging
+import scripts_path # pylint: disable=unused-import
from check_names import CodeParser
def main():
diff --git a/tests/scripts/pkgconfig.sh b/tests/scripts/pkgconfig.sh
deleted file mode 100755
index 07a73b3..0000000
--- a/tests/scripts/pkgconfig.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# Test pkgconfig files.
-#
-# For each of the build pkg-config files, .pc files, check that
-# they validate and do some basic sanity testing on the output,
-# i.e. that the strings are non-empty.
-#
-# NOTE: This requires the built pc files to be on the pkg-config
-# search path, this can be controlled with env variable
-# PKG_CONFIG_PATH. See man(1) pkg-config for details.
-#
-
-set -e -u
-
-if [ $# -le 0 ]
-then
- echo " [!] No package names specified" >&2
- echo "Usage: $0 <package name 1> <package name 2> ..." >&2
- exit 1
-fi
-
-for pc in "$@"; do
- printf "testing package config file: ${pc} ... "
- pkg-config --validate "${pc}"
- version="$(pkg-config --modversion "${pc}")"
- test -n "$version"
- cflags="$(pkg-config --cflags "${pc}")"
- test -n "$cflags"
- libs="$(pkg-config --libs "${pc}")"
- test -n "$libs"
- printf "passed\n"
-done
-
-exit 0
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
deleted file mode 100755
index 3cdeff7..0000000
--- a/tests/scripts/recursion.pl
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/env perl
-
-# Find functions making recursive calls to themselves.
-# (Multiple recursion where a() calls b() which calls a() not covered.)
-#
-# When the recursion depth might depend on data controlled by the attacker in
-# an unbounded way, those functions should use iteration instead.
-#
-# Typical usage: scripts/recursion.pl library/*.c
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-use warnings;
-use strict;
-
-use utf8;
-use open qw(:std utf8);
-
-# exclude functions that are ok:
-# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
-# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
-my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
-
-my $cur_name;
-my $inside;
-my @funcs;
-
-die "Usage: $0 file.c [...]\n" unless @ARGV;
-
-while (<>)
-{
- if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
- chomp( $cur_name = $_ ) unless $inside;
- } elsif( /^{/ && $cur_name ) {
- $inside = 1;
- $cur_name =~ s/.* ([^ ]*)\(.*/$1/;
- } elsif( /^}/ && $inside ) {
- undef $inside;
- undef $cur_name;
- } elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
- push @funcs, $cur_name unless /$known_ok/;
- }
-}
-
-print "$_\n" for @funcs;
-exit @funcs;
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
deleted file mode 100755
index 7c09afc..0000000
--- a/tests/scripts/test_psa_compliance.py
+++ /dev/null
@@ -1,172 +0,0 @@
-#!/usr/bin/env python3
-"""Run the PSA Crypto API compliance test suite.
-Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
-Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test
-number - are ignored, while unexpected failures AND successes are reported as errors, to help
-keep the list of known defects as up to date as possible.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import argparse
-import os
-import re
-import shutil
-import subprocess
-import sys
-from typing import List
-
-#pylint: disable=unused-import
-import scripts_path
-from mbedtls_framework import build_tree
-
-# PSA Compliance tests we expect to fail due to known defects in Mbed TLS /
-# TF-PSA-Crypto (or the test suite).
-# The test numbers correspond to the numbers used by the console output of the test suite.
-# Test number 2xx corresponds to the files in the folder
-# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
-EXPECTED_FAILURES = {} # type: dict
-
-PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC'
-
-#pylint: disable=too-many-branches,too-many-statements,too-many-locals
-def main(library_build_dir: str):
- root_dir = os.getcwd()
-
- in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir)
-
- crypto_name = build_tree.crypto_library_filename(root_dir)
-
- # Temporary, while the crypto library is still located in the library
- # directory. This will not be the case anymore when it will be built by
- # the TF-PSA-Crypto build system.
- if in_tf_psa_crypto_repo:
- library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
- else:
- library_subdir = 'library'
-
- crypto_lib_filename = (library_build_dir + '/' +
- library_subdir + '/' +
- 'lib' + crypto_name + '.a')
-
- if not os.path.exists(crypto_lib_filename):
- #pylint: disable=bad-continuation
- subprocess.check_call([
- 'cmake', '.',
- '-GUnix Makefiles',
- '-B' + library_build_dir
- ])
- subprocess.check_call(['cmake', '--build', library_build_dir,
- '--target', crypto_name])
-
- psa_arch_tests_dir = 'psa-arch-tests'
- os.makedirs(psa_arch_tests_dir, exist_ok=True)
- try:
- os.chdir(psa_arch_tests_dir)
-
- # Reuse existing local clone
- subprocess.check_call(['git', 'init'])
- subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF])
- subprocess.check_call(['git', 'checkout', 'FETCH_HEAD'])
-
- build_dir = 'api-tests/build'
- try:
- shutil.rmtree(build_dir)
- except FileNotFoundError:
- pass
- os.mkdir(build_dir)
- os.chdir(build_dir)
-
- # Temporary while the PSA compliance test suite is still run as part
- # of Mbed TLS testing. When it is not the case anymore, the second case
- # can be removed.
- if in_tf_psa_crypto_repo:
- extra_includes = ';{}/drivers/builtin/include'.format(root_dir)
- elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')):
- extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \
- (';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir))
-
- #pylint: disable=bad-continuation
- subprocess.check_call([
- 'cmake', '..',
- '-GUnix Makefiles',
- '-DTARGET=tgt_dev_apis_stdc',
- '-DTOOLCHAIN=HOST_GCC',
- '-DSUITE=CRYPTO',
- '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir,
- crypto_lib_filename),
- ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir)
- ])
- subprocess.check_call(['cmake', '--build', '.'])
-
- proc = subprocess.Popen(['./psa-arch-tests-crypto'],
- bufsize=1, stdout=subprocess.PIPE, universal_newlines=True)
-
- test_re = re.compile(
- '^TEST: (?P<test_num>[0-9]*)|'
- '^TEST RESULT: (?P<test_result>FAILED|PASSED)'
- )
- test = -1
- unexpected_successes = set(EXPECTED_FAILURES)
- expected_failures = [] # type: List[int]
- unexpected_failures = [] # type: List[int]
- if proc.stdout is None:
- return 1
-
- for line in proc.stdout:
- print(line, end='')
- match = test_re.match(line)
- if match is not None:
- groupdict = match.groupdict()
- test_num = groupdict['test_num']
- if test_num is not None:
- test = int(test_num)
- elif groupdict['test_result'] == 'FAILED':
- try:
- unexpected_successes.remove(test)
- expected_failures.append(test)
- print('Expected failure, ignoring')
- except KeyError:
- unexpected_failures.append(test)
- print('ERROR: Unexpected failure')
- elif test in unexpected_successes:
- print('ERROR: Unexpected success')
- proc.wait()
-
- print()
- print('***** test_psa_compliance.py report ******')
- print()
- print('Expected failures:', ', '.join(str(i) for i in expected_failures))
- print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures))
- print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes)))
- print()
- if unexpected_successes or unexpected_failures:
- if unexpected_successes:
- print('Unexpected successes encountered.')
- print('Please remove the corresponding tests from '
- 'EXPECTED_FAILURES in tests/scripts/compliance_test.py')
- print()
- print('FAILED')
- return 1
- else:
- print('SUCCESS')
- return 0
- finally:
- os.chdir(root_dir)
-
-if __name__ == '__main__':
- BUILD_DIR = 'out_of_source_build'
-
- # pylint: disable=invalid-name
- parser = argparse.ArgumentParser()
- parser.add_argument('--build-dir', nargs=1,
- help='path to Mbed TLS / TF-PSA-Crypto build directory')
- args = parser.parse_args()
-
- if args.build_dir is not None:
- BUILD_DIR = args.build_dir[0]
-
- sys.exit(main(BUILD_DIR))
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
deleted file mode 100755
index e697d17..0000000
--- a/tests/scripts/test_psa_constant_names.py
+++ /dev/null
@@ -1,194 +0,0 @@
-#!/usr/bin/env python3
-"""Test the program psa_constant_names.
-Gather constant names from header files and test cases. Compile a C program
-to print out their numerical values, feed these numerical values to
-psa_constant_names, and check that the output is the original name.
-Return 0 if all test cases pass, 1 if the output was not always as expected,
-or 1 (with a Python backtrace) if there was an operational error.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import argparse
-from collections import namedtuple
-import os
-import re
-import subprocess
-import sys
-from typing import Iterable, List, Optional, Tuple
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_framework import c_build_helper
-from mbedtls_framework.macro_collector import InputsForTest, PSAMacroEnumerator
-from mbedtls_framework import typing_util
-
-def gather_inputs(headers: Iterable[str],
- test_suites: Iterable[str],
- inputs_class=InputsForTest) -> PSAMacroEnumerator:
- """Read the list of inputs to test psa_constant_names with."""
- inputs = inputs_class()
- for header in headers:
- inputs.parse_header(header)
- for test_cases in test_suites:
- inputs.parse_test_cases(test_cases)
- inputs.add_numerical_values()
- inputs.gather_arguments()
- return inputs
-
-def run_c(type_word: str,
- expressions: Iterable[str],
- include_path: Optional[str] = None,
- keep_c: bool = False) -> List[str]:
- """Generate and run a program to print out numerical values of C expressions."""
- if type_word == 'status':
- cast_to = 'long'
- printf_format = '%ld'
- else:
- cast_to = 'unsigned long'
- printf_format = '0x%08lx'
- return c_build_helper.get_c_expression_values(
- cast_to, printf_format,
- expressions,
- caller='test_psa_constant_names.py for {} values'.format(type_word),
- file_label=type_word,
- header='#include <psa/crypto.h>',
- include_path=include_path,
- keep_c=keep_c
- )
-
-NORMALIZE_STRIP_RE = re.compile(r'\s+')
-def normalize(expr: str) -> str:
- """Normalize the C expression so as not to care about trivial differences.
-
- Currently "trivial differences" means whitespace.
- """
- return re.sub(NORMALIZE_STRIP_RE, '', expr)
-
-ALG_TRUNCATED_TO_SELF_RE = \
- re.compile(r'PSA_ALG_AEAD_WITH_SHORTENED_TAG\('
- r'PSA_ALG_(?:CCM|CHACHA20_POLY1305|GCM)'
- r', *16\)\Z')
-
-def is_simplifiable(expr: str) -> bool:
- """Determine whether an expression is simplifiable.
-
- Simplifiable expressions can't be output in their input form, since
- the output will be the simple form. Therefore they must be excluded
- from testing.
- """
- if ALG_TRUNCATED_TO_SELF_RE.match(expr):
- return True
- return False
-
-def collect_values(inputs: InputsForTest,
- type_word: str,
- include_path: Optional[str] = None,
- keep_c: bool = False) -> Tuple[List[str], List[str]]:
- """Generate expressions using known macro names and calculate their values.
-
- Return a list of pairs of (expr, value) where expr is an expression and
- value is a string representation of its integer value.
- """
- names = inputs.get_names(type_word)
- expressions = sorted(expr
- for expr in inputs.generate_expressions(names)
- if not is_simplifiable(expr))
- values = run_c(type_word, expressions,
- include_path=include_path, keep_c=keep_c)
- return expressions, values
-
-class Tests:
- """An object representing tests and their results."""
-
- Error = namedtuple('Error',
- ['type', 'expression', 'value', 'output'])
-
- def __init__(self, options) -> None:
- self.options = options
- self.count = 0
- self.errors = [] #type: List[Tests.Error]
-
- def run_one(self, inputs: InputsForTest, type_word: str) -> None:
- """Test psa_constant_names for the specified type.
-
- Run the program on the names for this type.
- Use the inputs to figure out what arguments to pass to macros that
- take arguments.
- """
- expressions, values = collect_values(inputs, type_word,
- include_path=self.options.include,
- keep_c=self.options.keep_c)
- output_bytes = subprocess.check_output([self.options.program,
- type_word] + values)
- output = output_bytes.decode('ascii')
- outputs = output.strip().split('\n')
- self.count += len(expressions)
- for expr, value, output in zip(expressions, values, outputs):
- if self.options.show:
- sys.stdout.write('{} {}\t{}\n'.format(type_word, value, output))
- if normalize(expr) != normalize(output):
- self.errors.append(self.Error(type=type_word,
- expression=expr,
- value=value,
- output=output))
-
- def run_all(self, inputs: InputsForTest) -> None:
- """Run psa_constant_names on all the gathered inputs."""
- for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group',
- 'key_type', 'key_usage']:
- self.run_one(inputs, type_word)
-
- def report(self, out: typing_util.Writable) -> None:
- """Describe each case where the output is not as expected.
-
- Write the errors to ``out``.
- Also write a total.
- """
- for error in self.errors:
- out.write('For {} "{}", got "{}" (value: {})\n'
- .format(error.type, error.expression,
- error.output, error.value))
- out.write('{} test cases'.format(self.count))
- if self.errors:
- out.write(', {} FAIL\n'.format(len(self.errors)))
- else:
- out.write(' PASS\n')
-
-HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h']
-TEST_SUITES = ['tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data']
-
-def main():
- parser = argparse.ArgumentParser(description=globals()['__doc__'])
- parser.add_argument('--include', '-I',
- action='append', default=['tf-psa-crypto/include',
- 'tf-psa-crypto/drivers/builtin/include',
- 'tf-psa-crypto/drivers/everest/include',
- 'include'],
- help='Directory for header files')
- parser.add_argument('--keep-c',
- action='store_true', dest='keep_c', default=False,
- help='Keep the intermediate C file')
- parser.add_argument('--no-keep-c',
- action='store_false', dest='keep_c',
- help='Don\'t keep the intermediate C file (default)')
- parser.add_argument('--program',
- default='tf-psa-crypto/programs/psa/psa_constant_names',
- help='Program to test')
- parser.add_argument('--show',
- action='store_true',
- help='Show tested values on stdout')
- parser.add_argument('--no-show',
- action='store_false', dest='show',
- help='Don\'t show tested values (default)')
- options = parser.parse_args()
- headers = [os.path.join(options.include[0], h) for h in HEADERS]
- inputs = gather_inputs(headers, TEST_SUITES)
- tests = Tests(options)
- tests.run_all(inputs)
- tests.report(sys.stdout)
- if tests.errors:
- sys.exit(1)
-
-if __name__ == '__main__':
- main()
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1c4fae7..23b692c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -310,7 +310,6 @@
}
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
@@ -320,7 +319,6 @@
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
@@ -2276,23 +2274,6 @@
-S "error" \
-C "error"
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
-requires_hash_alg SHA_256
-run_test "Opaque key for client authentication: DHE-RSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key" \
- "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- key_opaque_algs=rsa-sign-pkcs1,none" \
- 0 \
- -c "key type: Opaque" \
- -c "Ciphersuite is TLS-DHE-RSA" \
- -s "Verifying peer X.509 certificate... ok" \
- -s "Ciphersuite is TLS-DHE-RSA" \
- -S "error" \
- -C "error"
-
# Test using an EC opaque private key for server authentication
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -2524,21 +2505,6 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
-run_test "Opaque key for server authentication: DHE-RSA" \
- "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -c "Verifying peer X.509 certificate... ok" \
- -c "Ciphersuite is TLS-DHE-RSA" \
- -s "key types: Opaque, none" \
- -s "Ciphersuite is TLS-DHE-RSA" \
- -S "error" \
- -C "error"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
-requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-" \
"$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \
@@ -2553,11 +2519,12 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
-run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
"$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-s "key types: Opaque, none" \
-s "got ciphersuites in common, but none of them usable" \
@@ -2586,20 +2553,21 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
+run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \
crt_file2=$DATA_FILES_PATH/server4.crt \
key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "Verifying peer X.509 certificate... ok" \
- -c "Ciphersuite is TLS-DHE-RSA" \
+ -c "Ciphersuite is TLS-ECDHE-RSA" \
-c "CN=Polarssl Test EC CA" \
-s "key types: Opaque, Opaque" \
- -s "Ciphersuite is TLS-DHE-RSA" \
+ -s "Ciphersuite is TLS-ECDHE-RSA" \
-S "error" \
-C "error"
@@ -2642,26 +2610,6 @@
-S "error" \
-C "error"
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
-requires_hash_alg SHA_256
-run_test "Opaque key for client/server authentication: DHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
- key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -c "key type: Opaque" \
- -c "Verifying peer X.509 certificate... ok" \
- -c "Ciphersuite is TLS-DHE-RSA" \
- -s "key types: Opaque, none" \
- -s "Verifying peer X.509 certificate... ok" \
- -s "Ciphersuite is TLS-DHE-RSA" \
- -S "error" \
- -C "error"
-
-
# Test ciphersuites which we expect to be fully supported by PSA Crypto
# and check that we don't fall back to Mbed TLS' internal crypto primitives.
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
@@ -2690,13 +2638,6 @@
run_test_psa_force_curve "brainpoolP256r1"
requires_config_enabled PSA_WANT_ECC_SECP_R1_224
run_test_psa_force_curve "secp224r1"
-## SECP224K1 is buggy via the PSA API
-## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
-## so it is disabled in PSA even when it's enabled in Mbed TLS.
-## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
-## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
-#requires_config_enabled PSA_WANT_ECC_SECP_K1_224
-#run_test_psa_force_curve "secp224k1"
requires_config_enabled PSA_WANT_ECC_SECP_R1_192
run_test_psa_force_curve "secp192r1"
requires_config_enabled PSA_WANT_ECC_SECP_K1_192
@@ -7789,12 +7730,12 @@
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
-run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
+run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
- -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
+ -c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
@@ -7850,11 +7791,11 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
+run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
@@ -7870,11 +7811,11 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \
+run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=3 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
@@ -7883,11 +7824,11 @@
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \
+run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=3 auth_mode=optional \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
@@ -7895,11 +7836,11 @@
-C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
-run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \
+run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
@@ -8422,96 +8363,6 @@
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-# Tests for DHM parameters loading
-
-run_test "DHM parameters: reference" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=3" \
- 0 \
- -c "value of 'DHM: P ' (2048 bits)" \
- -c "value of 'DHM: G ' (2 bits)"
-
-run_test "DHM parameters: other parameters" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=3" \
- 0 \
- -c "value of 'DHM: P ' (1024 bits)" \
- -c "value of 'DHM: G ' (2 bits)"
-
-# Tests for DHM client-side size checking
-
-run_test "DHM size: server default, client default, OK" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server default, client 2048, OK" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=2048" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 1024, client default, OK" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 999, client 999, OK" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=999" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 1000, client 1000, OK" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=1000" \
- 0 \
- -C "DHM prime too short:"
-
-run_test "DHM size: server 1000, client default, rejected" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1" \
- 1 \
- -c "DHM prime too short:"
-
-run_test "DHM size: server 1000, client 1001, rejected" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=1001" \
- 1 \
- -c "DHM prime too short:"
-
-run_test "DHM size: server 999, client 1000, rejected" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=1000" \
- 1 \
- -c "DHM prime too short:"
-
-run_test "DHM size: server 998, client 999, rejected" \
- "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=999" \
- 1 \
- -c "DHM prime too short:"
-
-run_test "DHM size: server default, client 2049, rejected" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- debug_level=1 dhmlen=2049" \
- 1 \
- -c "DHM prime too short:"
-
# Tests for PSK callback
run_test "PSK callback: psk, no callback" \
@@ -8611,50 +8462,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: opaque dhe-psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -8747,52 +8554,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368 extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -8885,52 +8646,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=def psk=beef" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -9223,7 +8938,7 @@
requires_gnutls
run_test "ClientHello without extensions: PSK" \
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
- "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
+ "$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
0 \
-s "Ciphersuite is .*-PSK-.*" \
-S "Ciphersuite is .*-EC.*" \
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 8135ef1..cd0c303 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -372,9 +372,9 @@
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
-Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
+Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
@@ -400,9 +400,9 @@
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
-DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
+DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
@@ -417,7 +417,6 @@
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2
-depends_on:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
DTLS Handshake fragmentation, MFL=512
@@ -452,30 +451,6 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@ -785,53 +760,53 @@
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
-DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
-DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0
@@ -3086,10 +3061,7 @@
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
-Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
-conf_curve:
-
-Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
+Test configuration of EC groups through mbedtls_ssl_conf_groups()
conf_group:
Version config: valid client TLS 1.2 only
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3802074..2b50f0e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -63,6 +63,10 @@
}
#endif
+#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#define TEST_GCM_OR_CHACHAPOLY_ENABLED
+#endif
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -2744,7 +2748,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:TEST_GCM_OR_CHACHAPOLY_ENABLED */
void handshake_serialization()
{
mbedtls_test_handshake_test_options options;
@@ -2761,7 +2765,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -2778,7 +2782,7 @@
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
- options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
+ options.cipher = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384";
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;
@@ -3009,57 +3013,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_ECC_SECP_R1_256 */
-void conf_curve()
-{
-
- mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
- MBEDTLS_ECP_DP_SECP224R1,
- MBEDTLS_ECP_DP_SECP256R1,
- MBEDTLS_ECP_DP_NONE };
- uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
-
- mbedtls_ssl_config conf;
- mbedtls_ssl_config_init(&conf);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
- mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
-#else
- mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
- mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3);
-#endif
- mbedtls_ssl_conf_curves(&conf, curve_list);
-
- mbedtls_ssl_context ssl;
- mbedtls_ssl_init(&ssl);
- MD_OR_USE_PSA_INIT();
-
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
-
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
-
- TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL);
- TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL);
-
- TEST_EQUAL(ssl.handshake->
- group_list[ARRAY_LENGTH(iana_tls_group_list) - 1],
- MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
-
- for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) {
- TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]);
- }
-
-exit:
- mbedtls_ssl_free(&ssl);
- mbedtls_ssl_config_free(&conf);
- MD_OR_USE_PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
+/* BEGIN_CASE */
void conf_group()
{
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
@@ -3071,8 +3025,9 @@
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
- mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
- mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
+ mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT);
mbedtls_ssl_conf_groups(&conf, iana_tls_group_list);
@@ -3595,11 +3550,6 @@
#else
TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
#endif
-#if defined(PSA_WANT_ECC_SECP_K1_224)
- TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
-#else
- TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
-#endif
#if defined(PSA_WANT_ECC_SECP_R1_192)
TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
#else
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index d0fdd8a..d1df9e3 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -471,14 +471,8 @@
mbedtls_x509write_crt_set_version(&crt, ver);
}
-#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
- TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x,
- serial_arg->len) == 0);
- TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0);
-#else
TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x,
serial_arg->len) == 0);
-#endif
TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
not_after) == 0);
mbedtls_x509write_crt_set_md_alg(&crt, md_type);
@@ -665,13 +659,6 @@
USE_PSA_INIT();
memset(invalid_serial, 0x01, sizeof(invalid_serial));
-#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
- TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
- sizeof(invalid_serial)), 0);
- TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
- MBEDTLS_ERR_X509_BAD_INPUT_DATA);
-#endif
-
TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial,
sizeof(invalid_serial)),
MBEDTLS_ERR_X509_BAD_INPUT_DATA);
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 9e4ac37..dcbe6fc 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 9e4ac374e2be67892e70b9c653c6872ba8a2031b
+Subproject commit dcbe6fc1da160e17ffa6ad8d2f503e13d7f505ff