Crypto: Update to Mbed TLS 3.3.0
Update Mbed TLS to v3.3.0
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I5fec93201ed829db313f5a114c5e56a5212ee8a0
diff --git a/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch b/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
new file mode 100644
index 0000000..95cc8e7
--- /dev/null
+++ b/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -0,0 +1,956 @@
+From 6c54899b07c7cc9615e98eba30781500f4b906c6 Mon Sep 17 00:00:00 2001
+From: Antonio de Angelis <Antonio.deAngelis@arm.com>
+Date: Fri, 15 Jul 2022 12:41:34 +0100
+Subject: [PATCH 3/6] Driver wrapper entry points for CC3XX
+
+Manually hardcode PSA driver entry points for the CC3XX driver
+into psa_crypto_driver_wrappers.c (and provide missing entry point
+definitions if any). This is a temporary solution until the codegen
+framework is available for automatic integration.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+Signed-off-by: Salome Thirot <salome.thirot@arm.com>
+Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
+Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
+Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
+---
+ .../psa/crypto_driver_contexts_composites.h | 9 +
+ .../psa/crypto_driver_contexts_primitives.h | 9 +
+ library/psa_crypto_driver_wrappers.c | 486 ++++++++++++++++--
+ 3 files changed, 452 insertions(+), 52 deletions(-)
+
+diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
+index 3f1c8af4..2fdf9561 100644
+--- a/include/psa/crypto_driver_contexts_composites.h
++++ b/include/psa/crypto_driver_contexts_composites.h
+@@ -41,6 +41,9 @@
+
+ /* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#include "cc3xx_crypto_primitives_private.h"
++#endif
+
+ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+ #include <libtestdriver1/include/psa/crypto.h>
+@@ -104,6 +107,9 @@ typedef union {
+ mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
+ mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_mac_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_mac_context_t;
+
+ typedef union {
+@@ -112,6 +118,9 @@ typedef union {
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_aead_operation_t cc3xx_driver_ctx;
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ } psa_driver_aead_context_t;
+
+ #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
+diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
+index 2bb01ed4..2bc0bda7 100644
+--- a/include/psa/crypto_driver_contexts_primitives.h
++++ b/include/psa/crypto_driver_contexts_primitives.h
+@@ -40,6 +40,9 @@
+
+ /* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#include "cc3xx_crypto_primitives_private.h"
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
+ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+ #include <libtestdriver1/include/psa/crypto.h>
+@@ -102,6 +105,9 @@ typedef union {
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_hash_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_hash_context_t;
+
+ typedef union {
+@@ -111,6 +117,9 @@ typedef union {
+ mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
+ mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_cipher_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_cipher_context_t;
+
+ #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
+diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
+index 19819413..e822eef0 100644
+--- a/library/psa_crypto_driver_wrappers.c
++++ b/library/psa_crypto_driver_wrappers.c
+@@ -48,6 +48,16 @@
+
+ #endif
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#ifndef PSA_CRYPTO_DRIVER_PRESENT
++#define PSA_CRYPTO_DRIVER_PRESENT
++#endif
++#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#endif
++#include "cc3xx.h"
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
+ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
+ /* END-driver headers */
+
+@@ -58,6 +68,9 @@
+ #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+ #define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
+ #define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
+ /* END-driver id */
+
+@@ -79,6 +92,12 @@ psa_status_t psa_driver_wrapper_init( void )
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_init();
++ if (status != PSA_SUCCESS)
++ return ( status );
++#endif
++
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ status = psa_init_all_se_drivers( );
+ if( status != PSA_SUCCESS )
+@@ -101,6 +120,10 @@ psa_status_t psa_driver_wrapper_init( void )
+
+ void psa_driver_wrapper_free( void )
+ {
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ (void)cc3xx_free();
++#endif
++
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* Unregister all secure element drivers, so that we restart from
+ * a pristine state. */
+@@ -150,8 +173,30 @@ psa_status_t psa_driver_wrapper_sign_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_sign_message(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+- break;
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_sign_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length ) );
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -175,18 +220,10 @@ psa_status_t psa_driver_wrapper_sign_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+- return( psa_sign_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_size,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_verify_message(
+@@ -223,8 +260,28 @@ psa_status_t psa_driver_wrapper_verify_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_verify_message(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+- break;
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_verify_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length ) );
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -247,17 +304,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+-
+- return( psa_verify_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -310,6 +359,18 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_sign_hash( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ hash,
++ hash_length,
++ signature,
++ signature_size,
++ signature_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_sign_hash_builtin( attributes,
+@@ -380,6 +441,17 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_verify_hash( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ hash,
++ hash_length,
++ signature,
++ signature_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_verify_hash(
+ attributes,
+@@ -555,6 +627,12 @@ psa_status_t psa_driver_wrapper_generate_key(
+ if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
+ {
+ /* Cycle through all known transparent accelerators */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_generate_key(
++ attributes, key_buffer, key_buffer_size,
++ key_buffer_length );
++ break;
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_generate_key(
+ attributes, key_buffer, key_buffer_size,
+@@ -804,7 +882,16 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif
+-
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_export_public_key(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ data,
++ data_size,
++ data_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -967,6 +1054,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_encrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ iv,
++ iv_length,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+@@ -1055,6 +1156,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_decrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+@@ -1132,6 +1245,16 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_encrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg );
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1205,6 +1328,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_decrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg );
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1273,6 +1406,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+ &operation->ctx.opaque_test_driver_ctx,
+ iv, iv_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_set_iv(
++ &operation->ctx.cc3xx_driver_ctx,
++ iv, iv_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1316,6 +1455,13 @@ psa_status_t psa_driver_wrapper_cipher_update(
+ input, input_length,
+ output, output_size, output_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length,
++ output, output_size, output_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1356,6 +1502,12 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ output, output_size, output_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ output, output_size, output_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX*/
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1396,6 +1548,15 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+ sizeof( operation->ctx.opaque_test_driver_ctx ) );
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ status = cc3xx_cipher_abort(
++ &operation->ctx.cc3xx_driver_ctx );
++ mbedtls_platform_zeroize(
++ &operation->ctx.cc3xx_driver_ctx,
++ sizeof( operation->ctx.cc3xx_driver_ctx ) );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1417,13 +1578,19 @@ psa_status_t psa_driver_wrapper_hash_compute(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_compute(
+ alg, input, input_length, hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+-#endif
+-
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
++ hash_length);
++ return status;
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* If software fallback is compiled in, try fallback */
+ #if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_compute( alg, input, input_length,
+@@ -1449,6 +1616,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try setup on accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_setup(
+ &operation->ctx.test_driver_ctx, alg );
+@@ -1457,17 +1625,23 @@ psa_status_t psa_driver_wrapper_hash_setup(
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+-#endif
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+- /* If software fallback is compiled in, try fallback */
+ #if defined(MBEDTLS_PSA_BUILTIN_HASH)
++ /* If software fallback is compiled in, try fallback */
+ status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+-#endif
++#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
+ /* Nothing left to try if we fall through here */
+ (void) status;
+ (void) operation;
+@@ -1481,19 +1655,29 @@ psa_status_t psa_driver_wrapper_hash_clone(
+ {
+ switch( source_operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
+- &target_operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
+ target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
+ return( mbedtls_test_transparent_hash_clone(
+ &source_operation->ctx.test_driver_ctx,
+ &target_operation->ctx.test_driver_ctx ) );
+-#endif
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return( cc3xx_hash_clone(
++ &source_operation->ctx.cc3xx_driver_ctx,
++ &target_operation->ctx.cc3xx_driver_ctx ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
++ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
++ &target_operation->ctx.mbedtls_ctx ) );
++#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
+ default:
+ (void) target_operation;
+ return( PSA_ERROR_BAD_STATE );
+@@ -1507,17 +1691,25 @@ psa_status_t psa_driver_wrapper_hash_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
+- input, input_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_update(
+ &operation->ctx.test_driver_ctx,
+ input, input_length ) );
+-#endif
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
++ input, input_length ) );
++#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
+ default:
+ (void) input;
+ (void) input_length;
+@@ -1533,17 +1725,25 @@ psa_status_t psa_driver_wrapper_hash_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
+- hash, hash_size, hash_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_finish(
+ &operation->ctx.test_driver_ctx,
+ hash, hash_size, hash_length ) );
+-#endif
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ hash, hash_size, hash_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
++ hash, hash_size, hash_length ) );
++#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
+ default:
+ (void) hash;
+ (void) hash_size;
+@@ -1557,15 +1757,22 @@ psa_status_t psa_driver_wrapper_hash_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_abort(
+ &operation->ctx.test_driver_ctx ) );
+-#endif
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_abort(
++ &operation->ctx.cc3xx_driver_ctx ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
++#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+@@ -1603,6 +1810,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_aead_encrypt(
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ plaintext, plaintext_length,
++ ciphertext, ciphertext_size, ciphertext_length );
++
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1655,6 +1873,17 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_aead_decrypt(
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ ciphertext, ciphertext_length,
++ plaintext, plaintext_size, plaintext_length );
++
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1703,6 +1932,15 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ status = cc3xx_aead_encrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes, key_buffer, key_buffer_size,
++ alg );
++
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1752,6 +1990,16 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ status = cc3xx_aead_decrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg );
++
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -1798,6 +2046,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_set_nonce(
++ &operation->ctx.cc3xx_driver_ctx,
++ nonce, nonce_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1832,6 +2087,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_set_lengths(
++ &operation->ctx.cc3xx_driver_ctx,
++ ad_length, plaintext_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1866,6 +2128,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_update_ad(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1905,6 +2174,14 @@ psa_status_t psa_driver_wrapper_aead_update(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length, output, output_size,
++ output_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1949,6 +2226,14 @@ psa_status_t psa_driver_wrapper_aead_finish(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ ciphertext, ciphertext_size,
++ ciphertext_length, tag, tag_size, tag_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -2013,6 +2298,14 @@ psa_status_t psa_driver_wrapper_aead_verify(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_verify(
++ &operation->ctx.cc3xx_driver_ctx,
++ plaintext, plaintext_size,
++ plaintext_length, tag, tag_length ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -2045,6 +2338,12 @@ psa_status_t psa_driver_wrapper_aead_abort(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_abort(
++ &operation->ctx.cc3xx_driver_ctx ) );
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -2084,6 +2383,12 @@ psa_status_t psa_driver_wrapper_mac_compute(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
++ input, input_length,
++ mac, mac_size, mac_length);
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -2152,6 +2457,15 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_sign_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg);
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return status;
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -2224,6 +2538,15 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_verify_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg);
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return status;
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+@@ -2291,6 +2614,10 @@ psa_status_t psa_driver_wrapper_mac_update(
+ &operation->ctx.opaque_test_driver_ctx,
+ input, input_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) input;
+@@ -2325,6 +2652,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_size, mac_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
++ mac, mac_size, mac_length));
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+@@ -2359,6 +2691,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_verify_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ mac, mac_length));
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+@@ -2386,6 +2724,10 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ return( mbedtls_test_opaque_mac_abort(
+ &operation->ctx.opaque_test_driver_ctx ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
++#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+@@ -2411,6 +2753,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_asymmetric_encrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ salt,
++ salt_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+@@ -2469,6 +2825,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_asymmetric_decrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ salt,
++ salt_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+@@ -2542,6 +2912,18 @@ psa_status_t psa_driver_wrapper_key_agreement(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_key_agreement( attributes,
++ key_buffer,
++ key_buffer_size,
++ peer_key,
++ peer_key_length,
++ shared_secret,
++ shared_secret_size,
++ shared_secret_length,
++ alg );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Software Fallback */
+--
+2.25.1
+