Rm dead !USE_PSA code: ssl_tls12_server.c (part 1)

unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 86a8cb1..3d91228 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -20,7 +20,6 @@
 
 #include <string.h>
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
@@ -33,7 +32,6 @@
 }
 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
 #endif
-#endif
 
 #if defined(MBEDTLS_ECP_C)
 #include "mbedtls/ecp.h"
@@ -88,11 +86,9 @@
     }
 
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
         return 1;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (conf->psk != NULL && conf->psk_len != 0) {
         return 1;
@@ -292,17 +288,11 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if (ssl->handshake->psa_pake_ctx_is_ok != 1)
-#else
-    if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-    {
+    if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
         return 0;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if ((ret = mbedtls_psa_ecjpake_read_round(
              &ssl->handshake->psa_pake_ctx, buf, len,
              MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
@@ -317,15 +307,6 @@
 
         return ret;
     }
-#else
-    if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
-                                              buf, len)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
-        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
-        return ret;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* Only mark the extension as OK when we're sure it is */
     ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
@@ -687,15 +668,10 @@
                          const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
 {
     mbedtls_ssl_key_cert *cur, *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t pk_alg =
         mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info);
     psa_key_usage_t pk_usage =
         mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info);
-#else
-    mbedtls_pk_type_t pk_alg =
-        mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     uint32_t flags;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -706,11 +682,7 @@
     list = ssl->conf->key_cert;
 
     int pk_alg_is_none = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     pk_alg_is_none = (pk_alg == PSA_ALG_NONE);
-#else
-    pk_alg_is_none = (pk_alg == MBEDTLS_PK_NONE);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     if (pk_alg_is_none) {
         return 0;
     }
@@ -728,7 +700,6 @@
                               cur->cert);
 
         int key_type_matches = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
         key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
                              ssl->conf->f_async_decrypt_start != NULL ||
@@ -738,9 +709,6 @@
         key_type_matches = (
             mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage));
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#else
-        key_type_matches = mbedtls_pk_can_do(&cur->cert->pk, pk_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (!key_type_matches) {
             MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type"));
             continue;
@@ -1948,7 +1916,6 @@
     MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
     p += 2;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
                                           p + 2, (size_t) (end - p - 2), &kkpp_len,
                                           MBEDTLS_ECJPAKE_ROUND_ONE);
@@ -1958,15 +1925,6 @@
         MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
         return;
     }
-#else
-    ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
-                                          p + 2, (size_t) (end - p - 2), &kkpp_len,
-                                          ssl->conf->f_rng, ssl->conf->p_rng);
-    if (ret != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret);
-        return;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
     p += 2;
@@ -2585,7 +2543,6 @@
 
 #if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
 {
@@ -2732,33 +2689,6 @@
 
     return ret;
 }
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
-    if (private_key == NULL) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("got no server private key"));
-        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
-    }
-
-    if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
-        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-    }
-
-    if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
-                                       mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)),
-                                       MBEDTLS_ECDH_OURS)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
-        return ret;
-    }
-
-    return 0;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
@@ -2831,7 +2761,6 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         unsigned char *out_p = ssl->out_msg + ssl->out_msglen;
         unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
                                ssl->out_msglen;
@@ -2868,21 +2797,6 @@
 
         output_offset += output_len;
         ssl->out_msglen += output_offset;
-#else
-        size_t len = 0;
-
-        ret = mbedtls_ecjpake_write_round_two(
-            &ssl->handshake->ecjpake_ctx,
-            ssl->out_msg + ssl->out_msglen,
-            MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
-            ssl->conf->f_rng, ssl->conf->p_rng);
-        if (ret != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
-            return ret;
-        }
-
-        ssl->out_msglen += len;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
@@ -2989,7 +2903,6 @@
         MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s",
                                   mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id)));
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_GENERIC_ERROR;
         psa_key_attributes_t key_attributes;
         mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -3071,28 +2984,6 @@
 
         /* Determine full message length. */
         len += header_size;
-#else
-        mbedtls_ecp_group_id curr_grp_id =
-            mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
-
-        if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
-                                      curr_grp_id)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret);
-            return ret;
-        }
-
-        if ((ret = mbedtls_ecdh_make_params(
-                 &ssl->handshake->ecdh_ctx, &len,
-                 ssl->out_msg + ssl->out_msglen,
-                 MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
-                 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret);
-            return ret;
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
-                               MBEDTLS_DEBUG_ECDH_Q);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
         dig_signed = ssl->out_msg + ssl->out_msglen;
@@ -3723,7 +3614,6 @@
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         size_t data_len = (size_t) (*p++);
         size_t buf_len = (size_t) (end - p);
         psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3784,28 +3674,6 @@
             }
         }
         handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-#else
-        if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
-                                            p, (size_t) (end - p))) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
-                               MBEDTLS_DEBUG_ECDH_QP);
-
-        if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
-                                            &ssl->handshake->pmslen,
-                                            ssl->handshake->premaster,
-                                            MBEDTLS_MPI_MAX_SIZE,
-                                            ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
-                               MBEDTLS_DEBUG_ECDH_Z);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
@@ -3823,19 +3691,10 @@
             return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
-                                                    (mbedtls_key_exchange_type_t) ciphersuite_info->
-                                                    key_exchange)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
-            return ret;
-        }
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
         size_t ecpoint_len;
@@ -3917,28 +3776,6 @@
         MBEDTLS_PUT_UINT16_BE(zlen, psm, 0);
         psm += zlen_size + zlen;
 
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
-            return ret;
-        }
-
-        if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
-                                            p, (size_t) (end - p))) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
-            return MBEDTLS_ERR_SSL_DECODE_ERROR;
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
-                               MBEDTLS_DEBUG_ECDH_QP);
-
-        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
-                                                    (mbedtls_key_exchange_type_t) ciphersuite_info->
-                                                    key_exchange)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
-            return ret;
-        }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
@@ -3951,7 +3788,6 @@
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if ((ret = mbedtls_psa_ecjpake_read_round(
                  &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p),
                  MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
@@ -3961,22 +3797,6 @@
             MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret);
             return ret;
         }
-#else
-        ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
-                                             p, (size_t) (end - p));
-        if (ret != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
-            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        }
-
-        ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
-                                            ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                                            ssl->conf->f_rng, ssl->conf->p_rng);
-        if (ret != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
-            return ret;
-        }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
     {