diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1ced6e5780a5..22a34821e3f3 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -703,8 +703,7 @@ */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ ( ( !defined(MBEDTLS_HKDF_C) ) || \ - ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \ - ( !defined(MBEDTLS_PSA_CRYPTO_C) ) ) + ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4a9c1c72e3e3..c2d92bd8d416 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -654,14 +654,14 @@ struct mbedtls_ssl_handshake_params */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) || (defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)) psa_key_type_t ecdh_psa_type; size_t ecdh_bits; mbedtls_svc_key_id_t ecdh_psa_privkey; uint8_t ecdh_psa_privkey_is_external; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_USE_PSA_CRYPTO || (defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)) */ #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -2695,7 +2695,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ size_t *key_size ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) || (defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)) /** * \brief Convert given PSA status to mbedtls error code. * @@ -2725,6 +2725,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_USE_PSA_CRYPTO || (defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3))*/ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ed682af2b6a5..a5582417fd31 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3771,11 +3771,12 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_ssl_buffering_free( ssl ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_ECDH_C) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) +#if defined(MBEDTLS_ECDH_C) && ( defined(MBEDTLS_USE_PSA_CRYPTO) \ + || ( defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) ) ) if( handshake->ecdh_psa_privkey_is_external == 0 ) psa_destroy_key( handshake->ecdh_psa_privkey ); -#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_ECDH_C && ( defined(MBEDTLS_USE_PSA_CRYPTO) \ + || ( defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) ) ) */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free( handshake->transform_handshake ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 57d26bcf37b6..06c1e8defc40 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -45,6 +45,8 @@ #define mbedtls_free free #endif +#include "ecp_internal.h" + /* Write extensions */ /* @@ -197,6 +199,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -210,6 +213,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) } ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return( 0 ); } else @@ -226,6 +230,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) * Functions for writing key_share extension. */ #if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) static int ssl_tls13_generate_and_write_ecdh_key_exchange( mbedtls_ssl_context *ssl, uint16_t named_group, @@ -282,6 +287,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange( return( 0 ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C */ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, @@ -388,8 +394,34 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); p += 4; +#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, p, end, &key_exchange_len ); +#else + mbedtls_ecp_group_id ecp_group_id = mbedtls_ecp_named_group_to_id( group_id ); + if( ecp_group_id == MBEDTLS_ECP_DP_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Unrecognized NamedGroup %u", + (unsigned) group_id ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, ecp_group_id); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_setup", ret ); + return( ret ); + } + + ret = mbedtls_ecdh_make_tls13_params( &ssl->handshake->ecdh_ctx, &key_exchange_len, + p, end - p, + ssl->conf->f_rng, ssl->conf->p_rng ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_tls_13_params", ret ); + return( ret ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ p += key_exchange_len; if( ret != 0 ) return( ret ); @@ -439,6 +471,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t buf_len ) @@ -460,6 +493,7 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, return( 0 ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C */ /* @@ -585,9 +619,18 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p ); if( ret != 0 ) return( ret ); +#else + if( ( ret = mbedtls_ecdh_import_public_raw( &ssl->handshake->ecdh_ctx, p, + end ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_import_public_raw" ), ret ); + return( ret ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_ECDH_C */ @@ -997,7 +1040,10 @@ int mbedtls_ssl_tls13_write_pre_shared_key_ext_binders( return( ret ); ret = mbedtls_ssl_tls13_create_psk_binder( ssl, - mbedtls_psa_translate_md( suite_info->mac ), +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_translate_md +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ( suite_info->mac ), psk, psk_len, psk_type, transcript, p ); if( ret != 0 ) @@ -3382,7 +3428,10 @@ static int ssl_tls13_new_session_ticket_parse( mbedtls_ssl_context *ssl, * "resumption", ticket_nonce, Hash.length ) */ ret = mbedtls_ssl_tls13_hkdf_expand_label( - mbedtls_psa_translate_md( suite_info->mac ), +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_translate_md +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ( suite_info->mac ), ssl->session->app_secrets.resumption_master_secret, hash_length, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ), diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 51d6f1a13f82..f9e8ff32dcf7 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1984,6 +1984,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, @@ -1992,6 +1993,16 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); } +#else + if( ( ret = mbedtls_pk_sign( own_key, md_alg, + verify_hash, verify_hash_len, + p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); + return( ret ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 ); p += 2 + signature_len; @@ -2262,14 +2273,6 @@ int mbedtls_ecdh_make_tls13_params( mbedtls_ecdh_context *ctx, size_t *out_len, #endif } -static int ecdh_import_public_raw( mbedtls_ecdh_context_mbed *ctx, - const unsigned char *buf, - const unsigned char *end ) -{ - return( mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Qp, - buf, end - buf ) ); -} - #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) static int everest_import_public_raw( mbedtls_x25519_context *ctx, const unsigned char *buf, const unsigned char *end ) @@ -2291,7 +2294,8 @@ int mbedtls_ecdh_import_public_raw( mbedtls_ecdh_context *ctx, ECDH_VALIDATE_RET( end != NULL ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_read_tls13_params_internal( ctx, buf, end ) ); + return( mbedtls_ecp_tls13_read_point( &ctx->grp, &ctx->Qp, &buf, + end - buf ) ); #else switch( ctx->var ) { @@ -2301,8 +2305,8 @@ int mbedtls_ecdh_import_public_raw( mbedtls_ecdh_context *ctx, buf, end) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_import_public_raw( &ctx->ctx.mbed_ecdh, - buf, end ) ); + return( mbedtls_ecp_tls13_read_point( &ctx->ctx.mbed_ecdh.grp, + &ctx->ctx.mbed_ecdh.Qp, &buf, end - buf ) ); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index f1b49818c43e..30f84deeafee 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -32,7 +32,9 @@ #include "ssl_tls13_keys.h" #include "ssl_tls13_invasive.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -144,6 +146,7 @@ static void ssl_tls13_hkdf_encode_label( *dst_len = total_hkdf_lbl_len; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_STATIC_TESTABLE psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg, const unsigned char *salt, size_t salt_len, @@ -319,14 +322,22 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg, return( ( status == PSA_SUCCESS ) ? destroy_status : status ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ int mbedtls_ssl_tls13_hkdf_expand_label( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, const unsigned char *ctx, size_t ctx_len, unsigned char *buf, size_t buf_len ) { +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + const mbedtls_md_info_t *md_info; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; size_t hkdf_label_len; @@ -350,8 +361,14 @@ int mbedtls_ssl_tls13_hkdf_expand_label( return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +#else + md_info = mbedtls_md_info_from_type( hash_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl_tls13_hkdf_encode_label( buf_len, label, label_len, @@ -359,11 +376,18 @@ int mbedtls_ssl_tls13_hkdf_expand_label( hkdf_label, &hkdf_label_len ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) return( psa_ssl_status_to_mbedtls( mbedtls_psa_hkdf_expand( hash_alg, secret, secret_len, hkdf_label, hkdf_label_len, buf, buf_len ) ) ); +#else + return( mbedtls_hkdf_expand( md_info, + secret, secret_len, + hkdf_label, hkdf_label_len, + buf, buf_len ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } /* @@ -383,7 +407,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( * keys in a single function call. */ int mbedtls_ssl_tls13_make_traffic_keys( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *client_secret, const unsigned char *server_secret, size_t secret_len, size_t key_len, size_t iv_len, @@ -430,7 +458,11 @@ int mbedtls_ssl_tls13_make_traffic_keys( } int mbedtls_ssl_tls13_derive_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, const unsigned char *ctx, size_t ctx_len, @@ -438,6 +470,7 @@ int mbedtls_ssl_tls13_derive_secret( unsigned char *dstbuf, size_t dstbuf_len ) { int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char hashed_context[ PSA_HASH_MAX_SIZE ]; if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) { @@ -451,6 +484,22 @@ int mbedtls_ssl_tls13_derive_secret( return ret; } } +#else + unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ]; + + const mbedtls_md_info_t *md_info; + md_info = mbedtls_md_info_from_type( hash_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) + { + ret = mbedtls_md( md_info, ctx, ctx_len, hashed_context ); + if( ret != 0 ) + return( ret ); + ctx_len = mbedtls_md_get_size( md_info ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ else { if( ctx_len > sizeof(hashed_context) ) @@ -474,13 +523,18 @@ int mbedtls_ssl_tls13_derive_secret( } int mbedtls_ssl_tls13_evolve_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret_old, const unsigned char *input, size_t input_len, unsigned char *secret_new ) { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; +#if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ MBEDTLS_SSL_TLS1_3_MAX_IKM_SIZE ] = { 0 }; size_t secret_len; @@ -489,6 +543,17 @@ int mbedtls_ssl_tls13_evolve_secret( return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); hlen = PSA_HASH_LENGTH( hash_alg ); +#else + unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_input [ MBEDTLS_SSL_TLS1_3_MAX_IKM_SIZE ] = { 0 }; + + const mbedtls_md_info_t *md_info; + md_info = mbedtls_md_info_from_type( hash_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + hlen = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* For non-initial runs, call Derive-Secret( ., "derived", "") * on the old secret. */ @@ -518,11 +583,18 @@ int mbedtls_ssl_tls13_evolve_secret( /* HKDF-Extract takes a salt and input key material. * The salt is the old secret, and the input key material * is the input secret (PSK / ECDHE). */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = psa_ssl_status_to_mbedtls( mbedtls_psa_hkdf_extract( hash_alg, tmp_secret, hlen, tmp_input, ilen, secret_new, hlen, &secret_len ) ); +#else + ret = mbedtls_hkdf_extract( md_info, + tmp_secret, hlen, + tmp_input, ilen, + secret_new ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ cleanup: @@ -532,18 +604,32 @@ int mbedtls_ssl_tls13_evolve_secret( } int mbedtls_ssl_tls13_derive_early_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *early_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_early_secrets *derived ) { int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); /* We should never call this function with an unknown hash, * but add an assertion anyway. */ if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * 0 @@ -585,18 +671,33 @@ int mbedtls_ssl_tls13_derive_early_secrets( } int mbedtls_ssl_tls13_derive_handshake_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *handshake_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_handshake_secrets *derived ) { int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); +#else + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* We should never call this function with an unknown hash, * but add an assertion anyway. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * @@ -646,18 +747,32 @@ int mbedtls_ssl_tls13_derive_handshake_secrets( } int mbedtls_ssl_tls13_derive_application_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *application_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_application_secrets *derived ) { int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); /* We should never call this function with an unknown hash, * but add an assertion anyway. */ if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Generate {client,server}_application_traffic_secret_0 * @@ -715,18 +830,32 @@ int mbedtls_ssl_tls13_derive_application_secrets( * This is not integrated with mbedtls_ssl_tls13_derive_application_secrets() * because it uses the transcript hash up to and including ClientFinished. */ int mbedtls_ssl_tls13_derive_resumption_master_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *application_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_application_secrets *derived ) { int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); /* We should never call this function with an unknown hash, * but add an assertion anyway. */ if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_ssl_tls13_derive_secret( hash_alg, application_secret, hash_len, @@ -768,7 +897,10 @@ int mbedtls_ssl_tls13_generate_resumption_master_secret( return( ret ); ret = mbedtls_ssl_tls13_derive_resumption_master_secret( - mbedtls_psa_translate_md( md_type ), +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_translate_md +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ( md_type ), ssl->handshake->tls13_master_secrets.app, transcript, transcript_len, &ssl->session_negotiate->app_secrets ); @@ -793,8 +925,19 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t const hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); +#if defined(MBEDTLS_DEBUG_C) + size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); +#endif /* MBEDTLS_DEBUG_C */ +#else + mbedtls_md_type_t const hash_alg = handshake->ciphersuite_info->mac; +#if defined(MBEDTLS_DEBUG_C) + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_DEBUG_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Compute MasterSecret @@ -810,29 +953,45 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( } MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret", - handshake->tls13_master_secrets.app, PSA_HASH_LENGTH( hash_alg ) ); + handshake->tls13_master_secrets.app, hash_len ); return( 0 ); } -static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg, +static int ssl_tls13_calc_finished_core( +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *base_key, unsigned char const *transcript, unsigned char *dst, size_t *dst_len ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t hash_len = PSA_HASH_LENGTH( hash_alg ); unsigned char finished_key[PSA_MAC_MAX_SIZE]; +#else + const mbedtls_md_info_t * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); + unsigned char finished_key[MBEDTLS_MD_MAX_SIZE]; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg; /* We should never call this function with an unknown hash, * but add an assertion anyway. */ if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* TLS 1.3 Finished message * @@ -851,6 +1010,7 @@ static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg, * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length ) */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg, base_key, hash_len, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ), @@ -874,12 +1034,28 @@ static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg, status = psa_mac_compute( key, alg, transcript, hash_len, dst, hash_len, dst_len ); ret = psa_ssl_status_to_mbedtls( status ); +#else + ret = mbedtls_ssl_tls13_hkdf_expand_label( + hash_alg, base_key, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ), + NULL, 0, + finished_key, hash_len ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_md_hmac( md_info, finished_key, hash_len, transcript, hash_len, dst ); + if( ret != 0 ) + goto exit; + *dst_len = hash_len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_destroy_key( key ); if( ret == 0 ) ret = psa_ssl_status_to_mbedtls( status ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) ); @@ -902,11 +1078,19 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &ssl->handshake->tls13_hs_secrets; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ssl->handshake->ciphersuite_info->mac ); size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); +#else + mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; + mbedtls_md_type_t hash_alg = md_type; + const mbedtls_md_info_t* const md_info = + mbedtls_md_info_from_type( md_type ); + size_t const hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) ); @@ -967,16 +1151,27 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, * ... */ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, +#if defined(MBEDTLS_USE_PSA_CRYPTO) const psa_algorithm_t hash_alg, +#else + const mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *psk, size_t psk_len, int psk_type, unsigned char const *transcript, unsigned char *result ) { int ret = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char binder_key[PSA_MAC_MAX_SIZE]; unsigned char early_secret[PSA_MAC_MAX_SIZE]; size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); +#else + unsigned char binder_key[MBEDTLS_MD_MAX_SIZE]; + unsigned char early_secret[MBEDTLS_MD_MAX_SIZE]; + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t actual_len; #if !defined(MBEDTLS_DEBUG_C) @@ -986,8 +1181,13 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, /* We should never call this function with an unknown hash, * but add an assertion anyway. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#else + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * 0 @@ -1236,7 +1436,11 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg; +#else + mbedtls_md_type_t hash_alg; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_handshake_params *handshake = ssl->handshake; if( handshake->ciphersuite_info == NULL ) @@ -1245,7 +1449,11 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); +#else + hash_alg = handshake->ciphersuite_info->mac; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, handshake->psk, handshake->psk_len, @@ -1268,8 +1476,13 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, mbedtls_md_type_t md_type; +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg; size_t hash_len; +#else + mbedtls_md_info_t const *md_info; + size_t hash_len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; @@ -1289,8 +1502,14 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; +#if defined(MBEDTLS_USE_PSA_CRYPTO) hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); hash_len = PSA_HASH_LENGTH( hash_alg ); +#else + mbedtls_md_type_t hash_alg = md_type; + md_info = mbedtls_md_info_from_type( md_type ); + hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, transcript, @@ -1315,11 +1534,11 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret", - tls13_hs_secrets->client_handshake_traffic_secret, - hash_len ); + tls13_hs_secrets->client_handshake_traffic_secret, + hash_len ); MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret", - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len ); + tls13_hs_secrets->server_handshake_traffic_secret, + hash_len ); /* * Export client handshake traffic secret @@ -1379,12 +1598,23 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) && defined(MBEDTLS_ECDH_C) psa_status_t status = PSA_ERROR_GENERIC_ERROR; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; psa_algorithm_t const hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_DEBUG_C) + size_t hash_len = PSA_HASH_LENGTH( hash_alg ); +#endif /* MBEDTLS_DEBUG_C */ +#else + mbedtls_md_type_t const hash_alg = handshake->ciphersuite_info->mac; +#if defined(MBEDTLS_DEBUG_C) + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( hash_alg ); + size_t const hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_DEBUG_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) /* @@ -1397,6 +1627,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) ) { #if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Compute ECDH shared secret. */ status = psa_raw_key_agreement( PSA_ALG_ECDH, handshake->ecdh_psa_privkey, @@ -1419,6 +1650,17 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) } handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; +#else + ret = mbedtls_ecdh_calc_secret( &handshake->ecdh_ctx, + &handshake->pmslen, handshake->premaster, sizeof( handshake->premaster ), + ssl->conf->f_rng, + ssl->conf->p_rng ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); + return( ret ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C */ } else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) ) @@ -1445,8 +1687,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret", - handshake->tls13_master_secrets.handshake, - PSA_HASH_LENGTH( hash_alg ) ); + handshake->tls13_master_secrets.handshake, hash_len ); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) mbedtls_platform_zeroize( handshake->premaster, sizeof( handshake->premaster ) ); @@ -1475,8 +1716,13 @@ int mbedtls_ssl_tls13_generate_application_keys( /* Variables relating to the hash for the chosen ciphersuite. */ mbedtls_md_type_t md_type; +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg; size_t hash_len; +#else + mbedtls_md_info_t const *md_info; + size_t hash_len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Variables relating to the cipher for the chosen ciphersuite. */ mbedtls_cipher_info_t const *cipher_info; @@ -1493,8 +1739,14 @@ int mbedtls_ssl_tls13_generate_application_keys( md_type = handshake->ciphersuite_info->mac; +#if defined(MBEDTLS_USE_PSA_CRYPTO) hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); hash_len = PSA_HASH_LENGTH( hash_alg ); +#else + mbedtls_md_type_t hash_alg = md_type; + md_info = mbedtls_md_info_from_type( md_type ); + hash_len = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Compute current handshake transcript. It's the caller's responsiblity * to call this at the right time, that is, after the ServerFinished. */ @@ -1619,7 +1871,10 @@ int mbedtls_ssl_tls13_generate_early_data_keys( } ret = mbedtls_ssl_tls13_derive_early_secrets( - mbedtls_psa_translate_md( md_type ), +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_translate_md +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ( md_type ), ssl->handshake->tls13_master_secrets.early, transcript, transcript_len, &ssl->handshake->early_secrets ); @@ -1647,7 +1902,10 @@ int mbedtls_ssl_tls13_generate_early_data_keys( #endif /* MBEDTLS_SSL_EXPORT_KEYS */ ret = mbedtls_ssl_tls13_make_traffic_keys( - mbedtls_psa_translate_md( md_type ), +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_translate_md +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ( md_type ), ssl->handshake->early_secrets.client_early_traffic_secret, ssl->handshake->early_secrets.client_early_traffic_secret, md_size, key_len, iv_len, traffic_keys ); diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 27693836933d..8a84367619ed 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -160,7 +160,11 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; */ int mbedtls_ssl_tls13_hkdf_expand_label( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, const unsigned char *ctx, size_t ctx_len, @@ -198,7 +202,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( */ int mbedtls_ssl_tls13_make_traffic_keys( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *client_secret, const unsigned char *server_secret, size_t secret_len, size_t key_len, size_t iv_len, @@ -244,7 +252,11 @@ int mbedtls_ssl_tls13_make_traffic_keys( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_derive_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, const unsigned char *ctx, size_t ctx_len, @@ -294,7 +306,11 @@ int mbedtls_ssl_tls13_derive_secret( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_derive_early_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *early_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_early_secrets *derived ); @@ -339,7 +355,11 @@ int mbedtls_ssl_tls13_derive_early_secrets( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_derive_handshake_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *handshake_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_handshake_secrets *derived ); @@ -389,7 +409,11 @@ int mbedtls_ssl_tls13_derive_handshake_secrets( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_derive_application_secrets( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *master_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_application_secrets *derived ); @@ -419,7 +443,11 @@ int mbedtls_ssl_tls13_derive_application_secrets( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_derive_resumption_master_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *application_secret, unsigned char const *transcript, size_t transcript_len, mbedtls_ssl_tls13_application_secrets *derived ); @@ -493,7 +521,11 @@ int mbedtls_ssl_tls13_derive_resumption_master_secret( */ int mbedtls_ssl_tls13_evolve_secret( +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t hash_alg, +#else + mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ const unsigned char *secret_old, const unsigned char *input, size_t input_len, unsigned char *secret_new ); @@ -522,7 +554,11 @@ int mbedtls_ssl_tls13_evolve_secret( * \returns A negative error code on failure. */ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, +#if defined(MBEDTLS_USE_PSA_CRYPTO) const psa_algorithm_t hash_alg, +#else + const mbedtls_md_type_t hash_alg, +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char const *psk, size_t psk_len, int psk_type, unsigned char const *transcript, diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 20a89808dbd0..41fc40ae59b7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10812,6 +10812,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ @@ -10829,6 +10830,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ @@ -10845,6 +10847,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -10862,6 +10865,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ @@ -10878,6 +10882,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -10895,6 +10900,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \