Crypto: Align to Mbed TLS 3.5.0
Align to Mbed TLS 3.5.0. Main changes:
- MBEDCRYPTO_VERSION update to mbedtls-3.5.0
- psa header files are aligned with Mbed TLS 3.5.0
- Musca S1 crypto stack size is expanded to 0x2500
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Co-authored-by: Summer Qin <summer.qin@arm.com>
Change-Id: Ib0a06a9c87668ca1a295e080d0c507b1217d9142
diff --git a/config/config_base.cmake b/config/config_base.cmake
index 353dcc1..93b3401 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -24,7 +24,7 @@
# External libraries source and version
set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
set(MBEDCRYPTO_FORCE_PATCH OFF CACHE BOOL "Always apply MBed Crypto patches")
-set(MBEDCRYPTO_VERSION "mbedtls-3.4.0" CACHE STRING "The version of Mbed Crypto to use")
+set(MBEDCRYPTO_VERSION "mbedtls-3.5.0" CACHE STRING "The version of Mbed Crypto to use")
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 79e4c5e..8906ebf 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -30,8 +30,10 @@
#ifndef PSA_CRYPTO_SIZES_H
#define PSA_CRYPTO_SIZES_H
-#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
-#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
+#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
+#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
+ (c) : (b) : (a) <= (c) ? (c) : (a))
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
(((length) + (block_size) - 1) / (block_size) * (block_size))
@@ -50,20 +52,20 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
+ 0u)
/** The input block size of a hash algorithm, in bytes.
*
@@ -82,20 +84,20 @@
*/
#define PSA_HASH_BLOCK_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
+ 0u)
/** \def PSA_HASH_MAX_SIZE
*
@@ -104,22 +106,49 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a hash in bytes.
*/
-/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
+/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
+/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
+ * see the note on MBEDTLS_MD_MAX_SIZE for details.
+ */
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#if defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
+#elif defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
+#elif defined(PSA_WANT_ALG_SHA_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
+#elif defined(PSA_WANT_ALG_SHA_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
+#elif defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
+#elif defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
+#elif defined(PSA_WANT_ALG_SHA_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#elif defined(PSA_WANT_ALG_SHA_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#else /* SHA-1 or smaller */
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#endif
-#else
+
+#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HASH_MAX_SIZE 64u
+#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HASH_MAX_SIZE 48u
+#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HASH_MAX_SIZE 32u
+#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HASH_MAX_SIZE 28u
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20u
+#endif
+#else /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
/* Without any PSA configuration we must assume the maximum size possible. */
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#endif
+#define PSA_HASH_MAX_SIZE 64u
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
/** \def PSA_MAC_MAX_SIZE
*
@@ -159,13 +188,13 @@
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- ((void) (key_bits), 0))
+ ((void) (key_bits), 0u))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
* See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
-#define PSA_AEAD_TAG_MAX_SIZE 16
+#define PSA_AEAD_TAG_MAX_SIZE 16u
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -180,39 +209,58 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
+
+/* The minimum size of an RSA key on this implementation, in bits.
+ * This is a vendor-specific macro.
+ *
+ * Limits RSA key generation to a minimum due to avoid accidental misuse.
+ * This value cannot be less than 128 bits.
+ */
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
+#else
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
+#endif
+
+/* The maximum size of an DH key on this implementation, in bits.
+ *
+ * Note that an implementation may set different size limits for different
+ * operations, and does not need to accept all key sizes up to the limit.
+ */
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#if defined(PSA_WANT_ECC_SECP_R1_521)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
#elif defined(PSA_WANT_ECC_SECP_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_SECP_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_SECP_K1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
#elif defined(PSA_WANT_ECC_SECP_R1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_K1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_R1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#elif defined(PSA_WANT_ECC_SECP_K1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#else
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
#endif
#else /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
/* Without any PSA configuration we must assume the maximum size possible. */
@@ -234,19 +282,24 @@
* Therefore, no implementation should define a value smaller than 64
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
*/
-#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
* which is expected to work with P-256 curve only. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
+#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
/* The size of a serialized K.X coordinate to be used in
* psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
* curve. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
+
+/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
+ * This is a vendor-specific macro. This can be configured if necessary.
+ */
+#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
/** The maximum size of a block cipher. */
-#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
+#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
@@ -273,7 +326,7 @@
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- ((void) (key_type), (void) (key_bits), 0))
+ ((void) (key_type), (void) (key_bits), 0u))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -304,7 +357,7 @@
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -358,7 +411,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
(ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
(ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -408,12 +461,12 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
- 0 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
+ 0u : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
- 0)
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
+ 0u)
/** The maximum default nonce size among all supported pairs of key types and
* AEAD algorithms, in bytes.
@@ -426,7 +479,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 13
+#define PSA_AEAD_NONCE_MAX_SIZE 13u
/** A sufficient output buffer size for psa_aead_update().
*
@@ -463,7 +516,7 @@
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
(input_length) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -503,7 +556,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
@@ -537,7 +590,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
@@ -548,8 +601,8 @@
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
- 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
- 11 /*PKCS#1v1.5*/)
+ 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
+ 11u /*PKCS#1v1.5*/)
/**
* \brief ECDSA signature size for a given curve bit size
@@ -560,7 +613,7 @@
* \note This macro returns a compile-time constant if its argument is one.
*/
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
- (PSA_BITS_TO_BYTES(curve_bits) * 2)
+ (PSA_BITS_TO_BYTES(curve_bits) * 2u)
/** Sufficient signature buffer size for psa_sign_hash().
*
@@ -590,7 +643,7 @@
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
- ((void) alg, 0))
+ ((void) alg, 0u))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
@@ -602,10 +655,18 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a signature in bytes.
*/
-#define PSA_SIGNATURE_MAX_SIZE \
- (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
- PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
+#define PSA_SIGNATURE_MAX_SIZE 1
+
+#if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
+ (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE)
+#undef PSA_SIGNATURE_MAX_SIZE
+#define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
+#endif
+#if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE)
+#undef PSA_SIGNATURE_MAX_SIZE
+#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
/** Sufficient output buffer size for psa_asymmetric_encrypt().
*
@@ -635,7 +696,7 @@
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
* supported asymmetric encryption.
@@ -674,7 +735,7 @@
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
* supported asymmetric decryption.
@@ -697,7 +758,7 @@
* - 0 to 1 bytes of leading 0 due to the sign bit.
*/
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
- ((bits) / 8 + 5)
+ ((bits) / 8u + 5u)
/* Maximum size of the export encoding of an RSA public key.
* Assumes that the public exponent is less than 2^32.
@@ -711,7 +772,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
/* Maximum size of the export encoding of an RSA key pair.
* Assumes that the public exponent is less than 2^32 and that the size
@@ -736,7 +797,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
+ (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
/* Maximum size of the export encoding of a DSA public key.
*
@@ -755,7 +816,7 @@
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
/* Maximum size of the export encoding of a DSA key pair.
*
@@ -774,7 +835,7 @@
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
/* Maximum size of the export encoding of an ECC public key.
*
@@ -787,7 +848,7 @@
* - 1 byte + 2 * point size.
*/
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
+ (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
/* Maximum size of the export encoding of an ECC key pair.
*
@@ -796,6 +857,18 @@
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits))
+/* Maximum size of the export encoding of an DH key pair.
+ *
+ * An DH key pair is represented by the secret value.
+ */
+#define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
+/* Maximum size of the export encoding of an DH public key.
+ */
+#define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
/** Sufficient output buffer size for psa_export_key() or
* psa_export_public_key().
*
@@ -837,13 +910,14 @@
*/
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ 0u)
/** Sufficient output buffer size for psa_export_public_key().
*
@@ -893,7 +967,8 @@
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ 0u)
/** Sufficient buffer size for exporting any asymmetric key pair.
*
@@ -903,11 +978,29 @@
*
* See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** Sufficient buffer size for exporting any asymmetric public key.
*
@@ -918,11 +1011,29 @@
*
* See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** Sufficient output buffer size for psa_raw_key_agreement().
*
@@ -947,11 +1058,9 @@
* If the parameters are not valid,
* the return value is unspecified.
*/
-/* FFDH is not yet supported in PSA. */
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
- (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
- PSA_BITS_TO_BYTES(key_bits) : \
- 0)
+ ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
+ PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
/** Maximum size of the output from psa_raw_key_agreement().
*
@@ -960,8 +1069,18 @@
*
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
- (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1
+
+#if defined(PSA_WANT_ALG_ECDH) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
+#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_ALG_FFDH) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
+#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** The default IV size for a cipher algorithm, in bytes.
*
@@ -996,15 +1115,15 @@
(alg) == PSA_ALG_CBC_NO_PADDING || \
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
- (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
- 0)
+ (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
+ (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
+ 0u)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
* See also #PSA_CIPHER_IV_LENGTH().
*/
-#define PSA_CIPHER_IV_MAX_SIZE 16
+#define PSA_CIPHER_IV_MAX_SIZE 16u
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
*
@@ -1029,15 +1148,15 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (alg == PSA_ALG_CBC_PKCS7 ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- (input_length) + 1) + \
- PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
- 0))
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1u) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0u))
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1050,9 +1169,9 @@
* \param input_length Size of the input in bytes.
*
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
- (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
- (input_length) + 1) + \
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1u) + \
PSA_CIPHER_IV_MAX_SIZE)
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
@@ -1074,11 +1193,11 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) && \
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
- (input_length) : \
- 0)
+ (input_length) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1111,16 +1230,16 @@
* algorithm. If the key type or cipher algorithm is not
* recognized, or the parameters are incompatible, return 0.
*/
-#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- (((alg) == PSA_ALG_CBC_PKCS7 || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_ECB_NO_PADDING) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- input_length) : \
- (input_length)) : 0) : \
- 0)
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : 0u) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_update(), for any of the
* supported key types and cipher algorithms.
@@ -1156,8 +1275,8 @@
(PSA_ALG_IS_CIPHER(alg) ? \
(alg == PSA_ALG_CBC_PKCS7 ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0) : \
- 0)
+ 0u) : \
+ 0u)
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
* supported key types and cipher algorithms.
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index fde7427..c41053d 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -426,7 +426,7 @@
#ifndef __DOXYGEN_ONLY__
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto defines this type in crypto_types.h because it is also
+/* Mbed TLS defines this type in crypto_types.h because it is also
* visible to applications through an implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
* via crypto_se_driver.h.
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
index 1905384..e5ae6eb 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
@@ -358,7 +358,7 @@
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- if( cipher_info->MBEDTLS_PRIVATE(base) == NULL )
+ if( cipher_info->MBEDTLS_PRIVATE(name) == NULL )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
diff --git a/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
similarity index 61%
rename from lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch
rename to lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
index 9bd25f5..c6de430 100644
--- a/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch
+++ b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
@@ -1,32 +1,37 @@
-From c21add49b5bb920220ab5ef67a394e1ca3d86d6d Mon Sep 17 00:00:00 2001
-From: Raef Coles <raef.coles@arm.com>
-Date: Tue, 19 Jul 2022 11:12:30 +0100
-Subject: [PATCH 4/8] Add TF-M builtin key driver
+From 6a2f9ac84d44e2644056322efbc108f2973152eb Mon Sep 17 00:00:00 2001
+From: Antonio de Angelis <Antonio.deAngelis@arm.com>
+Date: Fri, 6 Oct 2023 10:20:44 +0100
+Subject: [PATCH 1/6] Add TF-M Builtin Key Loader driver entry points
+
+TF-M requires a mechanism to leverage the drivers and builtin keys
+at the same time to allow for "transparent builtin keys". More details
+are in the TF-M design doc. Provide directly the wrappers instead of
+modifying the autogen scripts, for the time being.
Signed-off-by: Raef Coles <raef.coles@arm.com>
Co-authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
---
- library/psa_crypto.c | 11 +++-
- library/psa_crypto_driver_wrappers.c | 97 +++++++++++++++++++++++++++-
- 2 files changed, 106 insertions(+), 2 deletions(-)
+ library/psa_crypto.c | 10 +-
+ library/psa_crypto_driver_wrappers.h | 102 +++++++++++++++++-
+ .../psa_crypto_driver_wrappers_no_static.c | 40 ++++++-
+ 3 files changed, 143 insertions(+), 9 deletions(-)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index bc19ed07..df7776f3 100644
+index 1faf1dd6..52f34497 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -82,6 +82,11 @@
+@@ -85,6 +85,10 @@
#include "mbedtls/sha512.h"
- #include "hash_info.h"
+ #include "md_psa.h"
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+#include "tfm_crypto_defs.h"
+#include "tfm_builtin_key_loader.h"
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+
- #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
-
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
-@@ -1011,7 +1016,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+@@ -1144,7 +1148,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
return status;
}
@@ -34,18 +39,18 @@
+ if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+ && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
-+ ) {
++#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++ ) {
psa_unlock_key_slot(*p_slot);
*p_slot = NULL;
return PSA_ERROR_NOT_SUPPORTED;
-diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index ce26b346..38251f11 100644
---- a/library/psa_crypto_driver_wrappers.c
-+++ b/library/psa_crypto_driver_wrappers.c
-@@ -59,6 +59,18 @@
- #include "cc3xx.h"
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
+diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
+index 6ab95976..8b468b46 100644
+--- a/library/psa_crypto_driver_wrappers.h
++++ b/library/psa_crypto_driver_wrappers.h
+@@ -54,16 +54,32 @@
+
+ #endif
+/* Include TF-M builtin key driver */
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
@@ -55,24 +60,32 @@
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif
-+#include "tfm_crypto_defs.h"
+#include "tfm_builtin_key_loader.h"
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+
- #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* END-driver headers */
-@@ -72,6 +84,9 @@
- #if defined(PSA_CRYPTO_DRIVER_CC3XX)
- #define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ /* Auto-generated values depending on which drivers are registered.
+ * ID 0 is reserved for unallocated operations.
+ * ID 1 is reserved for the Mbed TLS software driver. */
+ /* BEGIN-driver id definition */
+-#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+-#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
+-#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
+-#define P256_TRANSPARENT_DRIVER_ID (4)
++enum {
++ PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
++ MBEDTLS_TEST_OPAQUE_DRIVER_ID,
++ MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
++ P256_TRANSPARENT_DRIVER_ID,
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5)
++ PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++};
/* END-driver id */
-@@ -93,6 +108,12 @@ psa_status_t psa_driver_wrapper_init( void )
+@@ -85,6 +101,12 @@ static inline psa_status_t psa_driver_wrapper_init( void )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -82,10 +95,10 @@
+ return ( status );
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+
- #if defined(PSA_CRYPTO_DRIVER_CC3XX)
- status = cc3xx_init();
- if (status != PSA_SUCCESS)
-@@ -156,6 +177,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ status = psa_init_all_se_drivers( );
+ if( status != PSA_SUCCESS )
+@@ -138,6 +160,9 @@ static inline psa_status_t psa_driver_wrapper_sign_message(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -95,7 +108,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -244,6 +268,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -212,6 +237,9 @@ static inline psa_status_t psa_driver_wrapper_verify_message(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -105,7 +118,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -343,6 +370,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -299,6 +327,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -115,7 +128,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -439,6 +469,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -403,6 +434,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -125,20 +138,27 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -828,7 +861,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
- return( ( *key_buffer_size != 0 ) ?
- PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
- #endif /* PSA_CRYPTO_DRIVER_TEST */
--
+@@ -532,6 +566,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+ return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
-+ key_buffer_size);
-+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
- default:
- (void)key_type;
- (void)key_bits;
-@@ -868,6 +905,9 @@ psa_status_t psa_driver_wrapper_generate_key(
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -620,6 +657,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -765,6 +805,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -148,7 +168,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys */
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
-@@ -960,6 +1000,9 @@ psa_status_t psa_driver_wrapper_import_key(
+@@ -865,6 +908,9 @@ static inline psa_status_t psa_driver_wrapper_import_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -158,7 +178,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1046,6 +1089,9 @@ psa_status_t psa_driver_wrapper_export_key(
+@@ -966,6 +1012,9 @@ static inline psa_status_t psa_driver_wrapper_export_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -168,7 +188,7 @@
return( psa_export_key_internal( attributes,
key_buffer,
key_buffer_size,
-@@ -1111,6 +1157,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -1072,6 +1121,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -178,7 +198,211 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1196,6 +1245,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
+@@ -1162,6 +1214,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -1239,6 +1294,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -1312,6 +1370,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -1712,6 +1773,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -1764,6 +1828,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -1813,6 +1880,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -1861,6 +1931,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+@@ -2197,6 +2270,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2261,6 +2337,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2333,6 +2412,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2533,6 +2615,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2591,6 +2676,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2655,6 +2743,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2735,6 +2826,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ status = PSA_ERROR_NOT_SUPPORTED;
+diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c
+index de1511ba..af677746 100644
+--- a/library/psa_crypto_driver_wrappers_no_static.c
++++ b/library/psa_crypto_driver_wrappers_no_static.c
+@@ -53,16 +53,32 @@
+
+ #endif
+
++/* Include TF-M builtin key driver */
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++#ifndef PSA_CRYPTO_DRIVER_PRESENT
++#define PSA_CRYPTO_DRIVER_PRESENT
++#endif
++#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#endif
++#include "tfm_builtin_key_loader.h"
++#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++
+ /* END-driver headers */
+
+ /* Auto-generated values depending on which drivers are registered.
+ * ID 0 is reserved for unallocated operations.
+ * ID 1 is reserved for the Mbed TLS software driver. */
+ /* BEGIN-driver id definition */
+-#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+-#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
+-#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
+-#define P256_TRANSPARENT_DRIVER_ID (4)
++enum {
++ PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
++ MBEDTLS_TEST_OPAQUE_DRIVER_ID,
++ MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
++ P256_TRANSPARENT_DRIVER_ID,
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
++#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++};
+
+ /* END-driver id */
+
+@@ -124,6 +140,12 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
+ PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++ return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
++ key_buffer_size);
++#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++
+ default:
+ (void)key_type;
+ (void)key_bits;
+@@ -165,6 +187,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
++ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
++#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -255,6 +280,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -192,136 +416,6 @@
default:
(void) slot_number;
(void) key_buffer;
-@@ -1281,6 +1337,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1385,6 +1444,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1474,6 +1536,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1557,6 +1622,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2041,6 +2109,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
-
-@@ -2104,6 +2175,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
-
-@@ -2164,6 +2238,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
-
-@@ -2221,6 +2298,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
-
-@@ -2618,6 +2698,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2688,6 +2771,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2769,6 +2855,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2997,6 +3086,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -3069,6 +3161,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
-+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
--
2.25.1
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-For-IAR-support.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-For-IAR-support.patch
deleted file mode 100644
index 21d2a3b..0000000
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-For-IAR-support.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 8be39b4353bdeee2f80e42c23a73a276cbd9a8ad Mon Sep 17 00:00:00 2001
-From: TTornblom <thomas.tornblom@iar.com>
-Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/8] BUILD: Update For IAR support
-
-Applied the same change as in mbed-crypto for using this as a sub
-project with the IAR toolchain. Use __asm generic ,and avoid empty
-enum. Avoid declaration of array with null size.
-
-Signed-off-by: TTornblom <thomas.tornblom@iar.com>
-Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
----
- CMakeLists.txt | 4 +++-
- include/mbedtls/ssl.h | 1 +
- library/constant_time.c | 2 +-
- library/psa_crypto.c | 7 ++++++-
- 4 files changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 8d3f08a98..096bb6e14 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -222,7 +222,9 @@ if(CMAKE_COMPILER_IS_CLANG)
- endif(CMAKE_COMPILER_IS_CLANG)
-
- if(CMAKE_COMPILER_IS_IAR)
-- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts -Ohz")
-+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
-+ set(CMAKE_C_FLAGS_RELEASE "-Ohz")
-+ set(CMAKE_C_FLAGS_DEBUG "--debug -On")
- endif(CMAKE_COMPILER_IS_IAR)
-
- if(CMAKE_COMPILER_IS_MSVC)
-diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
-index 68e8d040f..fbd150638 100644
---- a/include/mbedtls/ssl.h
-+++ b/include/mbedtls/ssl.h
-@@ -620,6 +620,7 @@
-
- /* Dummy type used only for its size */
- union mbedtls_ssl_premaster_secret {
-+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
- #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
- #endif
-diff --git a/library/constant_time.c b/library/constant_time.c
-index 552a918f4..471d91618 100644
---- a/library/constant_time.c
-+++ b/library/constant_time.c
-@@ -77,7 +77,7 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi
- */
- uint32_t r;
- #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__)
-- asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
-+ __asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
- #elif defined(__aarch64__)
- asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :);
- #endif
-diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index bc19ed07c..8b9f28f4d 100644
---- a/library/psa_crypto.c
-+++ b/library/psa_crypto.c
-@@ -6611,8 +6611,13 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o
- size_t peer_key_length)
- {
- psa_status_t status;
-+#if PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE != 0
- uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
-+ size_t shared_secret_length = sizeof(shared_secret);
-+#else
-+ uint8_t *shared_secret = NULL;
- size_t shared_secret_length = 0;
-+#endif
- psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
-
- /* Step 1: run the secret agreement algorithm to generate the shared
-@@ -6621,7 +6626,7 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o
- private_key,
- peer_key, peer_key_length,
- shared_secret,
-- sizeof(shared_secret),
-+ shared_secret_length,
- &shared_secret_length);
- if (status != PSA_SUCCESS) {
- goto exit;
---
-2.32.0
-
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index c806a0d..ed0309c 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,21 +1,21 @@
-From fd4884a48284665bdc1bc47f5bff36d3260d2078 Mon Sep 17 00:00:00 2001
+From 3ff9c6c84191499859116b322f00da18e2472079 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/8] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/6] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
- library/code_share.c | 3 +++
+ code_share.c | 3 +++
library/platform.c | 4 ++--
library/platform_util.c | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
- create mode 100644 library/code_share.c
+ create mode 100644 code_share.c
-diff --git a/library/code_share.c b/library/code_share.c
+diff --git a/code_share.c b/code_share.c
new file mode 100644
index 00000000..2bf67fb4
--- /dev/null
-+++ b/library/code_share.c
++++ b/code_share.c
@@ -0,0 +1,3 @@
+/* This is a deliberately empty file just to check whether the patch for enabling
+ * extensive crypto code sharing was already applied on the mbedtls library.
@@ -36,12 +36,12 @@
void *mbedtls_calloc(size_t nmemb, size_t size)
{
diff --git a/library/platform_util.c b/library/platform_util.c
-index f891cd48..e3c50635 100644
+index 09216edf..3c0a50b0 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
-@@ -99,7 +99,7 @@
- */
- #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !defined(__STDC_LIB_EXT1__) \
+@@ -100,7 +100,7 @@
+ #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !(defined(__STDC_LIB_EXT1__) && \
+ !defined(__IAR_SYSTEMS_ICC__)) \
&& !defined(_WIN32)
-static void *(*const volatile memset_func)(void *, int, size_t) = memset;
+void *(*const volatile memset_func)(void *, int, size_t) = memset;
diff --git a/lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
similarity index 75%
rename from lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
rename to lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
index 9faad15..a08fc5c 100644
--- a/lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
+++ b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
@@ -1,7 +1,7 @@
-From 4ccc9712faa8e9c0110247809f67e4c17dccc8e9 Mon Sep 17 00:00:00 2001
+From d5421c159bd09f557eb1a98dd10c56b961fa235b Mon Sep 17 00:00:00 2001
From: Benjamin Baratte <benjamin.baratte@st.com>
Date: Thu, 9 Feb 2023 10:35:01 +0100
-Subject: [PATCH 7/8] Allow SE key to use key vendor id within PSA crypto
+Subject: [PATCH 3/6] Allow SE key to use key vendor id within PSA crypto
Signed-off-by: Benjamin Baratte <benjamin.baratte@st.com>
---
@@ -9,10 +9,10 @@
1 file changed, 4 insertions(+)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 6fe509c28..41838022d 100644
+index 52f34497..755091aa 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -1573,7 +1573,11 @@ static psa_status_t psa_validate_key_attributes(
+@@ -1718,7 +1718,11 @@ static psa_status_t psa_validate_key_attributes(
return PSA_ERROR_INVALID_ARGUMENT;
}
} else {
diff --git a/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
similarity index 81%
rename from lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
rename to lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
index c132038..c94e50c 100644
--- a/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
+++ b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
@@ -1,7 +1,7 @@
-From 624a78c552eb50c0631532306d2ed3fd3116e5e0 Mon Sep 17 00:00:00 2001
+From 05d237704ded16405382cbef7cc867e2d7382e13 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Tue, 23 Aug 2022 13:06:07 +0100
-Subject: [PATCH 6/8] Initialise driver wrappers as first step in
+Subject: [PATCH 4/6] Initialise driver wrappers as first step in
psa_crypto_init()
This patch amends the order of initialisations performed in psa_crypto_init()
@@ -15,10 +15,10 @@
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index df7776f39..6fe509c28 100644
+index 755091aa..0b934079 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -7148,6 +7148,11 @@ psa_status_t psa_crypto_init(void)
+@@ -7730,6 +7730,11 @@ psa_status_t psa_crypto_init(void)
return PSA_SUCCESS;
}
@@ -30,7 +30,7 @@
/* Init drivers */
status = psa_driver_wrapper_init();
if (status != PSA_SUCCESS) {
-@@ -7164,11 +7169,6 @@ psa_status_t psa_crypto_init(void)
+@@ -7746,11 +7751,6 @@ psa_status_t psa_crypto_init(void)
}
global_data.rng_state = RNG_SEEDED;
diff --git a/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch b/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
deleted file mode 100644
index c953c72..0000000
--- a/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
+++ /dev/null
@@ -1,638 +0,0 @@
-From 48001404810b4a10b41dd8dc43f2b2b1a39a5e61 Mon Sep 17 00:00:00 2001
-From: Antonio de Angelis <Antonio.deAngelis@arm.com>
-Date: Tue, 2 Aug 2022 13:05:05 +0200
-Subject: [PATCH 5/8] CC3XX: Manually enforce no-software builtin fallback when
- CC3XX is available
-
-This wil be enforced by the autogen framework eventually, but for the time
-being we need to manually enforce it for the CC3XX driver only to make sure
-that multiple drivers can coexist indepedently.
-
-Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
----
- library/psa_crypto_driver_wrappers.c | 144 ++++++++++++++-------------
- 1 file changed, 76 insertions(+), 68 deletions(-)
-
-diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 38251f11..f48452b0 100644
---- a/library/psa_crypto_driver_wrappers.c
-+++ b/library/psa_crypto_driver_wrappers.c
-@@ -212,6 +212,7 @@ psa_status_t psa_driver_wrapper_sign_message(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_message_builtin( attributes,
- key_buffer,
-@@ -222,7 +223,7 @@ psa_status_t psa_driver_wrapper_sign_message(
- signature,
- signature_size,
- signature_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -301,6 +302,7 @@ psa_status_t psa_driver_wrapper_verify_message(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_verify_message_builtin( attributes,
- key_buffer,
-@@ -310,7 +312,7 @@ psa_status_t psa_driver_wrapper_verify_message(
- input_length,
- signature,
- signature_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -403,6 +405,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_hash_builtin( attributes,
- key_buffer,
-@@ -413,7 +416,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
- signature,
- signature_size,
- signature_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -501,7 +504,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_TEST */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- return( psa_verify_hash_builtin( attributes,
- key_buffer,
- key_buffer_size,
-@@ -510,7 +513,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
- hash_length,
- signature,
- signature_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1189,6 +1192,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
-
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_export_public_key_internal( attributes,
- key_buffer,
-@@ -1196,7 +1200,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
- data,
- data_size,
- data_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-
-@@ -1375,7 +1379,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- return( mbedtls_psa_cipher_encrypt( attributes,
- key_buffer,
- key_buffer_size,
-@@ -1389,7 +1393,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
- output_length ) );
- #else
- return( PSA_ERROR_NOT_SUPPORTED );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1478,7 +1482,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- return( mbedtls_psa_cipher_decrypt( attributes,
- key_buffer,
- key_buffer_size,
-@@ -1490,7 +1494,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
- output_length ) );
- #else
- return( PSA_ERROR_NOT_SUPPORTED );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1567,7 +1571,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
- attributes,
-@@ -1579,7 +1583,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
-
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
- return( PSA_ERROR_NOT_SUPPORTED );
-
- /* Add cases for opaque driver here */
-@@ -1653,7 +1657,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
- attributes,
-@@ -1702,12 +1706,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
- iv,
- iv_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1746,7 +1750,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
- input,
-@@ -1754,7 +1758,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
- output,
- output_size,
- output_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1797,13 +1801,13 @@ psa_status_t psa_driver_wrapper_cipher_finish(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
- output,
- output_size,
- output_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1840,10 +1844,10 @@ psa_status_t psa_driver_wrapper_cipher_abort(
-
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
--#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1907,7 +1911,7 @@ psa_status_t psa_driver_wrapper_hash_compute(
- #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* If software fallback is compiled in, try fallback */
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- status = mbedtls_psa_hash_compute( alg, input, input_length,
- hash, hash_size, hash_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
-@@ -1948,7 +1952,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* If software fallback is compiled in, try fallback */
- status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
- if( status == PSA_SUCCESS )
-@@ -1956,7 +1960,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
-
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-+#endif
- /* Nothing left to try if we fall through here */
- (void) status;
- (void) operation;
-@@ -1987,12 +1991,12 @@ psa_status_t psa_driver_wrapper_hash_clone(
-
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
- &target_operation->ctx.mbedtls_ctx ) );
--#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-+#endif
- default:
- (void) target_operation;
- return( PSA_ERROR_BAD_STATE );
-@@ -2020,11 +2024,11 @@ psa_status_t psa_driver_wrapper_hash_update(
- input, input_length ) );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
- input, input_length ) );
--#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-+#endif
- default:
- (void) input;
- (void) input_length;
-@@ -2054,11 +2058,11 @@ psa_status_t psa_driver_wrapper_hash_finish(
- hash, hash_size, hash_length ) );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
- hash, hash_size, hash_length ) );
--#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-+#endif
- default:
- (void) hash;
- (void) hash_size;
-@@ -2084,10 +2088,10 @@ psa_status_t psa_driver_wrapper_hash_abort(
- &operation->ctx.cc3xx_driver_ctx ) );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
--#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-+#endif
- default:
- return( PSA_ERROR_BAD_STATE );
- }
-@@ -2140,7 +2144,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( mbedtls_psa_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
-@@ -2149,7 +2153,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
-
- default:
-@@ -2206,7 +2210,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- return( mbedtls_psa_aead_decrypt(
- attributes, key_buffer, key_buffer_size,
-@@ -2215,7 +2219,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length ) );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
-
- default:
-@@ -2266,7 +2270,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- status = mbedtls_psa_aead_encrypt_setup(
-@@ -2275,7 +2279,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
- alg );
-
- return( status );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
-
- default:
-@@ -2328,7 +2332,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- status = mbedtls_psa_aead_decrypt_setup(
-@@ -2338,7 +2342,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
- alg );
-
- return( status );
--
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
-
- default:
-@@ -2355,13 +2359,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
- nonce,
- nonce_length ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2396,13 +2400,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
- ad_length,
- plaintext_length ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2437,13 +2441,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
- input,
- input_length ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2481,14 +2485,14 @@ psa_status_t psa_driver_wrapper_aead_update(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
- input, input_length,
- output, output_size,
- output_length ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2532,7 +2536,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
- ciphertext,
-@@ -2540,7 +2544,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
- ciphertext_length, tag,
- tag_size, tag_length ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2584,7 +2588,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- {
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-@@ -2612,7 +2616,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
- return( status );
- }
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2650,11 +2654,11 @@ psa_status_t psa_driver_wrapper_aead_abort(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
-+#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
-
--#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2720,7 +2724,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_compute(
- attributes, key_buffer, key_buffer_size, alg,
-@@ -2728,7 +2732,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
- mac, mac_size, mac_length );
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
- return( PSA_ERROR_NOT_SUPPORTED );
-
- /* Add cases for opaque driver here */
-@@ -2800,7 +2804,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
- return status;
- #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
- attributes,
-@@ -2811,7 +2815,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
-
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
- return( PSA_ERROR_NOT_SUPPORTED );
-
- /* Add cases for opaque driver here */
-@@ -2884,7 +2888,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
- return status;
- #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- /* Fell through, meaning no accelerator supports this operation */
- status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
- attributes,
-@@ -2895,7 +2899,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
-
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
- return( PSA_ERROR_NOT_SUPPORTED );
-
- /* Add cases for opaque driver here */
-@@ -2932,11 +2936,11 @@ psa_status_t psa_driver_wrapper_mac_update(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
- input, input_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2970,11 +2974,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
- mac, mac_size, mac_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -3009,11 +3013,11 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
- mac, mac_length ) );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -3046,10 +3050,10 @@ psa_status_t psa_driver_wrapper_mac_abort(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-+#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
--#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-+#endif
-
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -3116,10 +3120,12 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_TEST */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- return( mbedtls_psa_asymmetric_encrypt( attributes,
- key_buffer, key_buffer_size, alg, input, input_length,
- salt, salt_length, output, output_size, output_length )
- );
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -3191,10 +3197,12 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
- return( status );
- #endif /* PSA_CRYPTO_DRIVER_TEST */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if !defined(PSA_CRYPTO_DRIVER_CC3XX)
- return( mbedtls_psa_asymmetric_decrypt( attributes,
- key_buffer, key_buffer_size, alg,input, input_length,
- salt, salt_length, output, output_size,
- output_length ) );
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- /* Add cases for opaque driver here */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- #if defined(PSA_CRYPTO_DRIVER_TEST)
---
-2.25.1
-
diff --git a/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
similarity index 72%
rename from lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
rename to lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
index 059e48c..4f5cd90 100644
--- a/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
+++ b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
@@ -1,39 +1,37 @@
-From f8efea5a32f5397c911608df5d54a24ac4dc49a8 Mon Sep 17 00:00:00 2001
+From f80c7d78790db53422cf7d2347187033e7fbfd42 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
-Date: Fri, 15 Jul 2022 12:41:34 +0100
-Subject: [PATCH 3/8] Driver wrapper entry points for CC3XX
+Date: Sat, 30 Sep 2023 22:51:48 +0100
+Subject: [PATCH 5/6] Hardcode CC3XX entry points
Manually hardcode PSA driver entry points for the CC3XX driver
-into psa_crypto_driver_wrappers.c (and provide missing entry point
+into psa crypto driver wrappers file (and provide missing entry point
definitions if any). This is a temporary solution until the codegen
framework is available for automatic integration.
-Signed-off-by: Summer Qin <summer.qin@arm.com>
-Signed-off-by: Salome Thirot <salome.thirot@arm.com>
-Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
-Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
---
- .../psa/crypto_driver_contexts_composites.h | 9 +
- .../psa/crypto_driver_contexts_primitives.h | 9 +
- library/psa_crypto_driver_wrappers.c | 486 ++++++++++++++++--
- 3 files changed, 452 insertions(+), 52 deletions(-)
+ .../psa/crypto_driver_contexts_composites.h | 10 +
+ .../psa/crypto_driver_contexts_primitives.h | 10 +
+ library/psa_crypto_driver_wrappers.h | 421 ++++++++++++++++--
+ .../psa_crypto_driver_wrappers_no_static.c | 24 +
+ 4 files changed, 435 insertions(+), 30 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
-index 6c56a51d..4ed6aded 100644
+index d0188647..9da29765 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
-@@ -41,6 +41,9 @@
-
+@@ -42,6 +42,10 @@
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
+
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+#include "cc3xx_crypto_primitives_private.h"
+#endif
-
++
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include <libtestdriver1/include/psa/crypto.h>
-@@ -130,6 +133,9 @@ typedef union {
+ #endif
+@@ -130,6 +134,9 @@ typedef union {
mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
#endif
@@ -43,7 +41,7 @@
} psa_driver_mac_context_t;
typedef union {
-@@ -138,6 +144,9 @@ typedef union {
+@@ -138,6 +145,9 @@ typedef union {
#if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
#endif
@@ -54,20 +52,21 @@
typedef union {
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
-index 620a4b3a..12de0ff1 100644
+index b27a768e..dd657029 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
-@@ -40,6 +40,9 @@
-
+@@ -41,6 +41,10 @@
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
+
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+#include "cc3xx_crypto_primitives_private.h"
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-
++
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include <libtestdriver1/include/psa/crypto.h>
-@@ -102,6 +105,9 @@ typedef union {
+ #endif
+@@ -102,6 +106,9 @@ typedef union {
#if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
#endif
@@ -77,7 +76,7 @@
} psa_driver_hash_context_t;
typedef union {
-@@ -111,6 +117,9 @@ typedef union {
+@@ -111,6 +118,9 @@ typedef union {
mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
#endif
@@ -87,13 +86,13 @@
} psa_driver_cipher_context_t;
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
-diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 9e946e36..ce26b346 100644
---- a/library/psa_crypto_driver_wrappers.c
-+++ b/library/psa_crypto_driver_wrappers.c
-@@ -49,6 +49,16 @@
-
- #endif
+diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
+index 8b468b46..bdaa25ca 100644
+--- a/library/psa_crypto_driver_wrappers.h
++++ b/library/psa_crypto_driver_wrappers.h
+@@ -65,6 +65,16 @@
+ #include "tfm_builtin_key_loader.h"
+ #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+#ifndef PSA_CRYPTO_DRIVER_PRESENT
@@ -105,47 +104,48 @@
+#include "cc3xx.h"
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
- #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* END-driver headers */
-@@ -59,6 +69,9 @@
- #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
- #define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
- #define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
+ /* Auto-generated values depending on which drivers are registered.
+@@ -79,6 +89,9 @@ enum {
+ #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+ PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
+ #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+#define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
++ PSA_CRYPTO_CC3XX_DRIVER_ID,
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ };
/* END-driver id */
-
-@@ -80,6 +93,12 @@ psa_status_t psa_driver_wrapper_init( void )
- {
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+@@ -123,6 +136,11 @@ static inline psa_status_t psa_driver_wrapper_init( void )
+ return( status );
+ #endif
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_init();
+ if (status != PSA_SUCCESS)
+ return ( status );
+#endif
+ (void) status;
+ return( PSA_SUCCESS );
+ }
+@@ -139,6 +157,10 @@ static inline void psa_driver_wrapper_free( void )
+ mbedtls_test_transparent_free( );
+ mbedtls_test_opaque_free( );
+ #endif
+
- #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- status = psa_init_all_se_drivers( );
- if( status != PSA_SUCCESS )
-@@ -102,6 +121,10 @@ psa_status_t psa_driver_wrapper_init( void )
-
- void psa_driver_wrapper_free( void )
- {
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ (void)cc3xx_free();
+#endif
-+
- #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- /* Unregister all secure element drivers, so that we restart from
- * a pristine state. */
-@@ -151,8 +174,30 @@ psa_status_t psa_driver_wrapper_sign_message(
+ }
+
+ /* Start delegation functions */
+@@ -181,8 +203,29 @@ static inline psa_status_t psa_driver_wrapper_sign_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+- break;
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_sign_message(
+ attributes,
@@ -159,29 +159,27 @@
+ signature_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-- break;
-+ /* Fell through, meaning no accelerator supports this operation */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( psa_sign_message_builtin( attributes,
-+ key_buffer,
-+ key_buffer_size,
-+ alg,
-+ input,
-+ input_length,
-+ signature,
-+ signature_size,
-+ signature_length ) );
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -176,18 +221,10 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -206,18 +249,8 @@ static inline psa_status_t psa_driver_wrapper_sign_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
- break;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-
+-
- return( psa_sign_message_builtin( attributes,
- key_buffer,
- key_buffer_size,
@@ -191,11 +189,10 @@
- signature,
- signature_size,
- signature_length ) );
-+ return status;
}
- psa_status_t psa_driver_wrapper_verify_message(
-@@ -224,8 +261,28 @@ psa_status_t psa_driver_wrapper_verify_message(
+ static inline psa_status_t psa_driver_wrapper_verify_message(
+@@ -257,8 +290,27 @@ static inline psa_status_t psa_driver_wrapper_verify_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -213,19 +210,18 @@
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- break;
-+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_verify_message_builtin( attributes,
-+ key_buffer,
-+ key_buffer_size,
-+ alg,
-+ input,
-+ input_length,
-+ signature,
-+ signature_length ) );
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -248,17 +305,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -281,17 +333,8 @@ static inline psa_status_t psa_driver_wrapper_verify_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -241,11 +237,10 @@
- input_length,
- signature,
- signature_length ) );
-+ return status;
}
- psa_status_t psa_driver_wrapper_sign_hash(
-@@ -311,6 +360,18 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ static inline psa_status_t psa_driver_wrapper_sign_hash(
+@@ -347,6 +390,18 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -261,13 +256,13 @@
+ signature_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_hash_builtin( attributes,
-@@ -381,6 +442,17 @@ psa_status_t psa_driver_wrapper_verify_hash(
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+@@ -454,6 +509,17 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_verify_hash( attributes,
+ key_buffer,
@@ -279,41 +274,23 @@
+ signature_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_signature_verify_hash(
- attributes,
-@@ -801,6 +873,12 @@ psa_status_t psa_driver_wrapper_generate_key(
- if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
- {
- /* Cycle through all known transparent accelerators */
+ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+@@ -821,6 +887,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ break;
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_generate_key(
+ attributes, key_buffer, key_buffer_size,
+ key_buffer_length );
+ break;
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_generate_key(
- attributes, key_buffer, key_buffer_size,
-@@ -1050,7 +1128,16 @@ psa_status_t psa_driver_wrapper_export_public_key(
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
- #endif
--
-+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ status = cc3xx_export_public_key(
-+ attributes,
-+ key_buffer,
-+ key_buffer_size,
-+ data,
-+ data_size,
-+ data_length );
-+ return( status );
-+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* Fell through, meaning no accelerator supports this operation */
-@@ -1213,6 +1300,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
+@@ -1143,6 +1215,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -334,7 +311,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1301,6 +1402,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1234,6 +1320,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -353,7 +330,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1378,6 +1491,16 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1314,6 +1412,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -370,7 +347,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1451,6 +1574,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1390,6 +1498,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -387,7 +364,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1520,6 +1653,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1459,6 +1577,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -400,7 +377,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1563,6 +1702,13 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1502,6 +1626,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -414,7 +391,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1603,6 +1749,12 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1542,6 +1673,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -427,7 +404,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1643,6 +1795,15 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1582,6 +1719,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -443,7 +420,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1664,13 +1825,19 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1603,12 +1749,19 @@ static inline psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
@@ -454,18 +431,17 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
-#endif
--
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
+ hash_length);
+ return status;
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute( alg, input, input_length,
-@@ -1696,6 +1863,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1635,6 +1788,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
@@ -473,7 +449,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
-@@ -1704,17 +1872,23 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1643,7 +1797,13 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -486,30 +462,12 @@
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-- /* If software fallback is compiled in, try fallback */
+ /* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+ /* If software fallback is compiled in, try fallback */
- status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
- if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
--#endif
-+#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
- /* Nothing left to try if we fall through here */
- (void) status;
- (void) operation;
-@@ -1728,19 +1902,29 @@ psa_status_t psa_driver_wrapper_hash_clone(
- {
- switch( source_operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-- target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
-- &target_operation->ctx.mbedtls_ctx ) );
--#endif
+@@ -1673,13 +1833,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone(
+ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
+ &target_operation->ctx.mbedtls_ctx ) );
+ #endif
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
@@ -528,24 +486,13 @@
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-+ target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-+ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
-+ &target_operation->ctx.mbedtls_ctx ) );
-+#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
default:
(void) target_operation;
return( PSA_ERROR_BAD_STATE );
-@@ -1754,17 +1938,25 @@ psa_status_t psa_driver_wrapper_hash_update(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
-- input, input_length ) );
--#endif
+@@ -1698,12 +1868,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update(
+ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
+ input, input_length ) );
+ #endif
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
@@ -561,23 +508,13 @@
+ input, input_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-+ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
-+ input, input_length ) );
-+#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
default:
(void) input;
(void) input_length;
-@@ -1780,17 +1972,25 @@ psa_status_t psa_driver_wrapper_hash_finish(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
-- hash, hash_size, hash_length ) );
--#endif
+@@ -1724,12 +1902,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish(
+ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
+ hash, hash_size, hash_length ) );
+ #endif
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
@@ -593,22 +530,13 @@
+ hash, hash_size, hash_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-+ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
-+ hash, hash_size, hash_length ) );
-+#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
default:
(void) hash;
(void) hash_size;
-@@ -1804,15 +2004,22 @@ psa_status_t psa_driver_wrapper_hash_abort(
- {
- switch( operation->id )
- {
--#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
--#endif
+@@ -1747,11 +1933,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort(
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
@@ -622,14 +550,10 @@
+ &operation->ctx.cc3xx_driver_ctx ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-+ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
-+#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
default:
return( PSA_ERROR_BAD_STATE );
}
-@@ -1850,6 +2057,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1792,6 +1985,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -647,7 +571,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1902,6 +2120,17 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1847,6 +2051,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -665,7 +589,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1950,6 +2179,15 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1898,6 +2113,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -681,7 +605,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1999,6 +2237,16 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1950,6 +2174,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -698,21 +622,20 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -2045,6 +2293,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1996,6 +2230,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return( cc3xx_aead_set_nonce(
-+ &operation->ctx.cc3xx_driver_ctx,
-+ nonce, nonce_length ) );
-+
++ &operation->ctx.cc3xx_driver_ctx,
++ nonce, nonce_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2079,6 +2334,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -2030,6 +2270,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -721,12 +644,11 @@
+ return( cc3xx_aead_set_lengths(
+ &operation->ctx.cc3xx_driver_ctx,
+ ad_length, plaintext_length ) );
-+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2113,6 +2375,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -2064,6 +2310,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -735,12 +657,11 @@
+ return( cc3xx_aead_update_ad(
+ &operation->ctx.cc3xx_driver_ctx,
+ input, input_length ) );
-+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2152,6 +2421,14 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -2103,6 +2355,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -750,12 +671,11 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ input, input_length, output, output_size,
+ output_length ) );
-+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2196,6 +2473,14 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -2147,6 +2406,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -765,12 +685,11 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ ciphertext, ciphertext_size,
+ ciphertext_length, tag, tag_size, tag_length ) );
-+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2260,6 +2545,14 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -2211,6 +2477,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -780,25 +699,23 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ plaintext, plaintext_size,
+ plaintext_length, tag, tag_length ) );
-+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2292,6 +2585,12 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2243,6 +2516,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
-+ return( cc3xx_aead_abort(
-+ &operation->ctx.cc3xx_driver_ctx ) );
-+
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_abort(
++ &operation->ctx.cc3xx_driver_ctx ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2331,6 +2630,12 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2285,6 +2563,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -811,7 +728,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2399,6 +2704,15 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2356,6 +2640,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -823,11 +740,11 @@
+ alg);
+ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
+ return status;
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2471,6 +2785,15 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2431,6 +2724,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -839,22 +756,22 @@
+ alg);
+ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
+ return status;
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2538,6 +2861,10 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2498,6 +2800,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2572,6 +2899,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2532,6 +2838,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -862,11 +779,11 @@
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
+ mac, mac_size, mac_length));
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2606,6 +2938,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2566,6 +2877,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -875,25 +792,25 @@
+ return(cc3xx_mac_verify_finish(
+ &operation->ctx.cc3xx_driver_ctx,
+ mac, mac_length));
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2633,6 +2971,10 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2593,6 +2910,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
-+#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
return( PSA_ERROR_INVALID_ARGUMENT );
-@@ -2658,6 +3000,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2630,6 +2951,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_encrypt( attributes,
+ key_buffer,
@@ -908,13 +825,13 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( mbedtls_psa_asymmetric_encrypt( attributes,
key_buffer, key_buffer_size, alg, input, input_length,
-@@ -2716,6 +3072,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
- #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -2691,6 +3026,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_decrypt( attributes,
+ key_buffer,
@@ -929,10 +846,10 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
- key_buffer, key_buffer_size, alg, input, input_length,
-@@ -2789,6 +3159,18 @@ psa_status_t psa_driver_wrapper_key_agreement(
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( mbedtls_psa_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg,input, input_length,
+@@ -2758,6 +3107,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -948,9 +865,58 @@
+ alg );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDH(alg) &&
+diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c
+index af677746..a9df9a0a 100644
+--- a/library/psa_crypto_driver_wrappers_no_static.c
++++ b/library/psa_crypto_driver_wrappers_no_static.c
+@@ -64,6 +64,16 @@
+ #include "tfm_builtin_key_loader.h"
+ #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
- /* Software Fallback */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#ifndef PSA_CRYPTO_DRIVER_PRESENT
++#define PSA_CRYPTO_DRIVER_PRESENT
++#endif
++#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#endif
++#include "cc3xx.h"
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
+ /* END-driver headers */
+
+ /* Auto-generated values depending on which drivers are registered.
+@@ -78,6 +88,9 @@ enum {
+ #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+ PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
+ #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ PSA_CRYPTO_CC3XX_DRIVER_ID,
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ };
+
+ /* END-driver id */
+@@ -208,6 +221,17 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ return( status );
+ #endif
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_export_public_key(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ data,
++ data_size,
++ data_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
+ #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
+ status = p256_transparent_export_public_key
+ (attributes,
--
2.25.1
diff --git a/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch
new file mode 100644
index 0000000..c5f036b
--- /dev/null
+++ b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch
@@ -0,0 +1,31 @@
+From 5667b4408046e1c6384586cf84ee76b80513c68e Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Fri, 13 Oct 2023 15:22:59 +0800
+Subject: [PATCH 6/6] Enable psa_can_do_hash
+
+CC312 driver want to use hash in md for entropy operations.
+Enable psa_can_do_hash by directly returning 1.
+This is a workaround for current cc312 driver. After switching
+to new driver, this workaround is not needed.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ library/psa_crypto.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/library/psa_crypto.c b/library/psa_crypto.c
+index 0b934079..71ea2066 100644
+--- a/library/psa_crypto.c
++++ b/library/psa_crypto.c
+@@ -130,7 +130,7 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
+ int psa_can_do_hash(psa_algorithm_t hash_alg)
+ {
+ (void) hash_alg;
+- return global_data.drivers_initialized;
++ return 1;
+ }
+ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \
+--
+2.25.1
+
diff --git a/lib/ext/mbedcrypto/0008-Auto-enable-MBEDTLS_MD_LIGHT-after-MBEDTLS_PSA_CRYPT.patch b/lib/ext/mbedcrypto/0008-Auto-enable-MBEDTLS_MD_LIGHT-after-MBEDTLS_PSA_CRYPT.patch
deleted file mode 100644
index 8251a31..0000000
--- a/lib/ext/mbedcrypto/0008-Auto-enable-MBEDTLS_MD_LIGHT-after-MBEDTLS_PSA_CRYPT.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 90e24d8259fc2aea1f261e47da1b753c66cc52d8 Mon Sep 17 00:00:00 2001
-From: Summer Qin <summer.qin@arm.com>
-Date: Mon, 3 Apr 2023 10:12:31 +0800
-Subject: [PATCH 8/8] Auto-enable MBEDTLS_MD_LIGHT after
- MBEDTLS_PSA_CRYPTO_CONFIG
-
-PSA_WANT_xxx influences MBEDTLS_xxx, so it can also auto-enable MBEDTLS_MD_LIGHT.
-
-Signed-off-by: Summer Qin <summer.qin@arm.com>
----
- include/mbedtls/build_info.h | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
-index 1b3d59fab..b13f9308a 100644
---- a/include/mbedtls/build_info.h
-+++ b/include/mbedtls/build_info.h
-@@ -80,20 +80,6 @@
- #include MBEDTLS_USER_CONFIG_FILE
- #endif
-
--/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
-- * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
-- */
--#if defined(MBEDTLS_MD_C)
--#define MBEDTLS_MD_LIGHT
--#endif
--
--/* Auto-enable MBEDTLS_MD_LIGHT if some module needs it.
-- */
--#if defined(MBEDTLS_PEM_PARSE_C) || \
-- defined(MBEDTLS_RSA_C)
--#define MBEDTLS_MD_LIGHT
--#endif
--
- /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-@@ -148,6 +134,20 @@
- #include "mbedtls/config_psa.h"
- #endif
-
-+/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
-+ * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
-+ */
-+#if defined(MBEDTLS_MD_C)
-+#define MBEDTLS_MD_LIGHT
-+#endif
-+
-+/* Auto-enable MBEDTLS_MD_LIGHT if some module needs it.
-+ */
-+#if defined(MBEDTLS_PEM_PARSE_C) || \
-+ defined(MBEDTLS_RSA_C)
-+#define MBEDTLS_MD_LIGHT
-+#endif
-+
- #include "mbedtls/check_config.h"
-
- #endif /* MBEDTLS_BUILD_INFO_H */
---
-2.25.1
-
diff --git a/platform/ext/accelerator/cc312/crypto_accelerator_config.h b/platform/ext/accelerator/cc312/crypto_accelerator_config.h
index eca4996..2f9dacb 100644
--- a/platform/ext/accelerator/cc312/crypto_accelerator_config.h
+++ b/platform/ext/accelerator/cc312/crypto_accelerator_config.h
@@ -92,7 +92,10 @@
#endif
#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
#endif
#ifdef PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
@@ -164,7 +167,6 @@
#ifdef PSA_WANT_ALG_SHA_256
#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
-#define MBEDTLS_SHA256_C
#endif
#ifdef PSA_WANT_ALG_RSA_OAEP
diff --git a/platform/ext/target/arm/musca_s1/config_tfm_target.h b/platform/ext/target/arm/musca_s1/config_tfm_target.h
index 778a36b..0d91448 100644
--- a/platform/ext/target/arm/musca_s1/config_tfm_target.h
+++ b/platform/ext/target/arm/musca_s1/config_tfm_target.h
@@ -12,7 +12,7 @@
#define CRYPTO_NV_SEED 0
#ifdef PSA_API_TEST_CRYPTO
-#define CRYPTO_STACK_SIZE 0x2200
+#define CRYPTO_STACK_SIZE 0x2500
#endif
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/stm/common/hal/accelerator/ecdsa_alt.c b/platform/ext/target/stm/common/hal/accelerator/ecdsa_alt.c
index daab6dd..5b4f00f 100644
--- a/platform/ext/target/stm/common/hal/accelerator/ecdsa_alt.c
+++ b/platform/ext/target/stm/common/hal/accelerator/ecdsa_alt.c
@@ -180,21 +180,6 @@
return ret;
}
-
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
-{
- switch( gid )
- {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
- case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
- case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
- default: return 1;
- }
-}
-
#endif /* MBEDTLS_ECDSA_SIGN_ALT*/
#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h
index 0edc713..8fff29d 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_api.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_api.h
@@ -12,6 +12,7 @@
extern "C" {
#endif
+#include <limits.h>
#include <stdint.h>
#include "tfm_crypto_defs.h"
#include "tfm_crypto_key.h"