Crypto: Upgrade Mbed TLS to v3.1.0 Update TF-M to migrate to Mbed TLS v3.1.0. And cherry-picks from the feature-cc-psa-crypto-drivers branch the following patches: * [2a233b8] CC312: Access curve info members w/o private suffixes * [330b0ba] CC312: Stub multipart CCM APIs Change-Id: I850cc171fd8c8857150cfef0f2366a4564b27959 Signed-off-by: Summer Qin <summer.qin@arm.com> Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com> Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>

commit: f07cc31545bbba3bad1806ed078c3aee3a09dc52 [log] [tgz]
author: Summer Qin <summer.qin@arm.com> Wed Jan 05 16:52:54 2022 +0800
committer: David Hu <david.hu@arm.com> Wed Jan 12 07:27:03 2022 +0100
tree: 80bce9894f10c4bac50bde5c40c5e4bc447b7417
parent: 80266baecc9161e0870e3898f04c8d75e134a18f [diff]
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ccm_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ccm_alt.c
index 93074e9..78a3907 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ccm_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ccm_alt.c

@@ -22,6 +22,7 @@
 #include "mbedtls_ccm_internal.h"
 #include "mbedtls_ccm_common.h"
 
+#define MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED        -0x0020  /**< API is NOT supported. */
 
 /************************ Public Functions **********************/
 /*
@@ -113,6 +114,66 @@
 
 }
 
+int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
+                        int mode,
+                        const unsigned char *iv,
+                        size_t iv_len )
+{
+    CC_UNUSED_PARAM(ctx);
+    CC_UNUSED_PARAM(mode);
+    CC_UNUSED_PARAM(iv);
+    CC_UNUSED_PARAM(iv_len);
 
+    return (MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED);
+}
+
+int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
+                             size_t total_ad_len,
+                             size_t plaintext_len,
+                             size_t tag_len )
+{
+    CC_UNUSED_PARAM(ctx);
+    CC_UNUSED_PARAM(total_ad_len);
+    CC_UNUSED_PARAM(plaintext_len);
+    CC_UNUSED_PARAM(tag_len);
+
+    return (MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED);
+}
+
+int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
+                           const unsigned char *ad,
+                           size_t ad_len )
+{
+    CC_UNUSED_PARAM(ctx);
+    CC_UNUSED_PARAM(ad);
+    CC_UNUSED_PARAM(ad_len);
+
+    return (MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED);
+}
+
+int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
+                        const unsigned char *input, size_t input_len,
+                        unsigned char *output, size_t output_size,
+                        size_t *output_len )
+{
+    CC_UNUSED_PARAM(ctx);
+    CC_UNUSED_PARAM(input);
+    CC_UNUSED_PARAM(input_len);
+    CC_UNUSED_PARAM(output);
+    CC_UNUSED_PARAM(output_size);
+    CC_UNUSED_PARAM(output_len);
+
+    return (MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED);
+}
+
+int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
+                        unsigned char *tag, size_t tag_len )
+{
+    CC_UNUSED_PARAM(ctx);
+    CC_UNUSED_PARAM(tag);
+    CC_UNUSED_PARAM(tag_len);
+
+    return (MBEDTLS_ERR_CCM_API_IS_NOT_SUPPORTED);
+}
 
 #endif /* defined(MBEDTLS_CCM_C) && defined (MBEDTLS_CCM_ALT) */

diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c
index 087f704..d97f4b2 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c

@@ -108,8 +108,8 @@
     /*
      * Next two bytes are the namedcurve value
      */
-    buf[0] = curve_info->MBEDTLS_PRIVATE(tls_id) >> 8;
-    buf[1] = curve_info->MBEDTLS_PRIVATE(tls_id) & 0xFF;
+    buf[0] = curve_info->tls_id >> 8;
+    buf[1] = curve_info->tls_id & 0xFF;
 
     return( 0 );
 }
@@ -181,10 +181,10 @@
     tls_id <<= 8;
     tls_id |= *(*buf)++;
 
-    if (curve_info->MBEDTLS_PRIVATE(tls_id) != tls_id){
+    if (curve_info->tls_id != tls_id){
             return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
     }
-    return mbedtls_ecp_group_load( grp, curve_info->MBEDTLS_PRIVATE(grp_id) );
+    return mbedtls_ecp_group_load( grp, curve_info->grp_id );
 }
 
 /*

diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 47c6448..e5bd70f 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch

@@ -1,7 +1,7 @@
-From 2d0f9e77a1165aa78f78436a2f5c185cc65ad6c1 Mon Sep 17 00:00:00 2001
+From 4497e653fb8ed68efd0c4a9cdac82e93490f4e4e Mon Sep 17 00:00:00 2001
 From: TTornblom <thomas.tornblom@iar.com>
 Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 4/4] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/3] BUILD: Update IAR support in CMakeLists.txt
 
 Applied the same change as in mbed-crypto for using this as a sub
 project with the IAR toolchain.
@@ -12,10 +12,10 @@
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index a671575b7..3e59a47ba 100644
+index 6debe35d..fd1c07ca 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -193,7 +193,10 @@ if(CMAKE_COMPILER_IS_CLANG)
+@@ -209,7 +209,10 @@ if(CMAKE_COMPILER_IS_CLANG)
  endif(CMAKE_COMPILER_IS_CLANG)
  
  if(CMAKE_COMPILER_IS_IAR)
@@ -28,5 +28,5 @@
  
  if(CMAKE_COMPILER_IS_MSVC)
 -- 
-2.20.1
+2.17.1
 

diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index 3c220b4..d789d59 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch

@@ -1,7 +1,7 @@
-From 8355985e8f739daaa2e243d28dc49a2d6971a383 Mon Sep 17 00:00:00 2001
+From 5de1387b7c433dc0a81960ba1243b63fb8310ad4 Mon Sep 17 00:00:00 2001
 From: Tamas Ban <tamas.ban@arm.com>
 Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/3] Enable crypto code sharing between independent binaries
 
 Signed-off-by: Tamas Ban <tamas.ban@arm.com>
 ---
@@ -13,7 +13,7 @@
 
 diff --git a/library/code_share.c b/library/code_share.c
 new file mode 100644
-index 0000000..2bf67fb
+index 00000000..2bf67fb4
 --- /dev/null
 +++ b/library/code_share.c
 @@ -0,0 +1,3 @@
@@ -21,10 +21,10 @@
 + * extensive crypto code sharing was already applied on the mbedtls library.
 + */
 diff --git a/library/platform.c b/library/platform.c
-index 420d09e..b3a135c 100644
+index e742fde7..c309dc0c 100644
 --- a/library/platform.c
 +++ b/library/platform.c
-@@ -59,8 +59,8 @@ static void platform_free_uninit( void *ptr )
+@@ -53,8 +53,8 @@ static void platform_free_uninit( void *ptr )
  #define MBEDTLS_PLATFORM_STD_FREE     platform_free_uninit
  #endif /* !MBEDTLS_PLATFORM_STD_FREE */
  
@@ -36,10 +36,10 @@
  void * mbedtls_calloc( size_t nmemb, size_t size )
  {
 diff --git a/library/platform_util.c b/library/platform_util.c
-index b1f7450..29b4403 100644
+index 3d5cb5ba..277ec70b 100644
 --- a/library/platform_util.c
 +++ b/library/platform_util.c
-@@ -68,7 +68,7 @@
+@@ -62,7 +62,7 @@
   * mbedtls_platform_zeroize() to use a suitable implementation for their
   * platform and needs.
   */
@@ -49,5 +49,5 @@
  void mbedtls_platform_zeroize( void *buf, size_t len )
  {
 -- 
-2.7.4
+2.17.1
 

diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
index 565a92e..e7e70d7 100644
--- a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
+++ b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch

@@ -1,7 +1,7 @@
-From e109c8ed57457a2bd62afcf21b5b99dd2a30edea Mon Sep 17 00:00:00 2001
+From 0eac701c20e719599e5f30e260b7b0420d92af49 Mon Sep 17 00:00:00 2001
 From: Summer Qin <summer.qin@arm.com>
-Date: Tue, 13 Jul 2021 17:46:47 +0800
-Subject: [PATCH] Disable export MbedTLSTargets
+Date: Wed, 5 Jan 2022 15:00:49 +0800
+Subject: [PATCH 3/3] Disable export MbedTLSTargets
 
 Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
 MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
@@ -13,10 +13,10 @@
  1 file changed, 26 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 3eef42ec..5ad56c81 100644
+index fd1c07ca..3f32a8f3 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -307,32 +307,6 @@ if(ENABLE_TESTING)
+@@ -328,32 +328,6 @@ if(ENABLE_TESTING)
      endif()
  endif()
  
@@ -28,7 +28,7 @@
 -write_basic_package_version_file(
 -    "cmake/MbedTLSConfigVersion.cmake"
 -        COMPATIBILITY SameMajorVersion
--        VERSION 3.0.0)
+-        VERSION 3.1.0)
 -
 -install(
 -    FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
@@ -46,7 +46,7 @@
 -    DESTINATION "cmake"
 -    FILE "MbedTLSTargets.cmake")
 -
- if(CMAKE_VERSION VERSION_GREATER 3.14)
+ if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
      # Do not export the package by default
      cmake_policy(SET CMP0090 NEW)
 --
commit	f07cc31545bbba3bad1806ed078c3aee3a09dc52	[log] [tgz]
author	Summer Qin <summer.qin@arm.com>	Wed Jan 05 16:52:54 2022 +0800
committer	David Hu <david.hu@arm.com>	Wed Jan 12 07:27:03 2022 +0100
tree	80bce9894f10c4bac50bde5c40c5e4bc447b7417
parent	80266baecc9161e0870e3898f04c8d75e134a18f [diff]