TLS Cipher 4: clean up

[mpg]

Complete the replacement that was started in #5204.

• In ssl_tls12_populate_transform() and mbedtls_ssl_tls13_populate_transform(), remove calls to mbedtls_cipher_setkey() and mbedtls_cipher_setup_psa()/mbedtls_cipher_setup() when MBEDTLS_USE_PSA_CRYPTO is enabled
• In struct mbedtls_transform, remove the filedscipher_ctx_enc/cipher_ctx_dec and do the corresponding adaptations in mbedtls_ssl_transform_init and mbedtls_ssl_transform_free() when MBEDTLS_USE_PSA_CRYPTO is enabled

Depends on: #5205 and #5206

[mprse]

I see potential problem with removing cipher_ctx_enc/cipher_ctx_dec when PSA is enabled.
At least in mbedtls_ssl_encrypt_buf()/mbedtls_ssl_decrypt_buf() mode is determined as follows (using cipher_ctx_enc/cipher_ctx_dec):
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );

Maybe for PSA we need also mode field?

[gilles-peskine-arm]

A psa_algorithm_t encodes the same information as a mbedtls_cipher_mode_t. PSA doesn't need a mode field. It needs an alg field if there isn't already one.

[mpg]

That's also mentioned in the description of #5205 (first bullet point), on which this issue depends, precisely for this reason :) Since you seem to be tackling the whole cipher series you probably want to assign yourself 5205 too.

[mpg]

Btw, see also programs/psa/aead_cipher_psa.c introduced in #5436 regarding how data is represented in PSA vs Cipher: unless I missed something, with PSA the key + alg contains all the information that with Cipher was represented as context + tag length (see the _info() functions in that program in particular).