commit 07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2
author Soby Mathew <soby.mathew@arm.com> Mon Jul 20 21:09:23 2020 +0100
committer Soby Mathew <soby.mathew@arm.com> Fri Aug 21 04:19:52 2020 +0000
tree 3ed40afeb45fd02d22b018c7e457a948be0463ff
parent 54507b1645087e92b5a115919ae8fd571ace8bdb

Crypto: migrate support to MbedTLS v2.23.0

This patch migrates the mbedcrypto dependancy for TF-M to
mbedTLS repo v2.23.0 which is the latest release tag. The
PSA crypto headers and the crypto service implementation in
TF-M is updated for additional functionality in this version.
The userguide and other relevant documentation are updated to
reflect the changes to location of repo.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ia7d3f95dc961c5815eb4416d2afbd90ec5c0c19e

secure_fw/partitions/crypto/crypto_hash.c

diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index dcd71dc..9d5ae46 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -319,21 +319,60 @@
 #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
 }
 
-psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
-                                     size_t in_len,
-                                     psa_outvec out_vec[],
-                                     size_t out_len)
-{
-    /* FixMe: To be implemented */
-    return PSA_ERROR_NOT_SUPPORTED;
-}
-
 psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[],
                                      size_t in_len,
                                      psa_outvec out_vec[],
                                      size_t out_len)
 {
-    /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
     return PSA_ERROR_NOT_SUPPORTED;
+#else
+    if ((in_len != 2) || (out_len != 1)) {
+        return PSA_ERROR_CONNECTION_REFUSED;
+    }
+
+    if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+         return PSA_ERROR_CONNECTION_REFUSED;
+    }
+
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    uint8_t *hash = out_vec[0].base;
+    size_t hash_size = out_vec[0].len;
+
+    /* Initialize hash_length to zero */
+    out_vec[0].len = 0;
+    return psa_hash_compute(alg, input, input_length, hash, hash_size,
+                            &out_vec[0].len);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
+                                     size_t in_len,
+                                     psa_outvec out_vec[],
+                                     size_t out_len)
+{
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
+    return PSA_ERROR_NOT_SUPPORTED;
+#else
+    if (in_len != 3) {
+        return PSA_ERROR_CONNECTION_REFUSED;
+    }
+
+    if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+         return PSA_ERROR_CONNECTION_REFUSED;
+    }
+
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    const uint8_t *hash = in_vec[2].base;
+    size_t hash_length = in_vec[2].len;
+
+    return psa_hash_compare(alg, input, input_length, hash, hash_length);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
 }
 /*!@}*/