CC312: XXX_ALT is not needed when use PSA driver
XXX_ALT is not needed when CC312 use PSA driver.
Use PSA driver for CC3XX driver to avoid fallback to software
implementation which will save 7.85KB in ROM size.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I7f4b7497f8e6513718423d3b69d37b5f0fd9a1b0
diff --git a/bl2/CMakeLists.txt b/bl2/CMakeLists.txt
index a4dffb5..b803cd4 100644
--- a/bl2/CMakeLists.txt
+++ b/bl2/CMakeLists.txt
@@ -78,6 +78,7 @@
MBEDTLS_CONFIG_FILE="${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}"
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
$<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
+ $<$<BOOL:${CC312_LEGACY_DRIVER_API_ENABLED}>:CC312_LEGACY_DRIVER_API_ENABLED>
)
cmake_policy(SET CMP0079 NEW)
diff --git a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
index 66f03f0..49f2f13 100644
--- a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
+++ b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
@@ -82,7 +82,18 @@
#endif /* CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING */
#ifdef CRYPTO_HW_ACCELERATOR
+#ifndef CC312_LEGACY_DRIVER_API_ENABLED
+/*
+ * Forcing the legacy driver API enabled all the time regardless of
+ * cmake configuration in BL2.
+ */
+#define CC312_LEGACY_DRIVER_API_ENABLED
+#warning "Use CC312 legacy driver API for BL2"
#include "mbedtls_accelerator_config.h"
+#undef CC312_LEGACY_DRIVER_API_ENABLED
+#else
+#include "mbedtls_accelerator_config.h"
+#endif /* !CC312_LEGACY_DRIVER_API_ENABLED */
#endif
#endif /* __MCUBOOT_MBEDTLS_CFG__ */
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 9eece4c..4182771 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
@@ -1,7 +1,7 @@
-From 8d1aed1f571f9c1a1d63d7eaea1fd2f4fbf946f0 Mon Sep 17 00:00:00 2001
+From 7646887f31114085b21cfaf75e54b32ba984d9f5 Mon Sep 17 00:00:00 2001
From: TTornblom <thomas.tornblom@iar.com>
Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/7] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/8] BUILD: Update IAR support in CMakeLists.txt
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain.
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index bb577ba..39b5905 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,7 +1,7 @@
-From 4dcc55721de024febe47b5b04bc9455a9a7de560 Mon Sep 17 00:00:00 2001
+From 12019676c1a5f4a32a07bf94d6751b45529c4c0a Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/7] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/8] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
index 7f3cabd..ce89462 100644
--- a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
+++ b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
@@ -1,7 +1,7 @@
-From b3ae4414b56e72acd2baf346e1af7dd05a7c933a Mon Sep 17 00:00:00 2001
+From 80359134a00ca37c48355b30aa9810db9fb54b29 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Wed, 5 Jan 2022 15:00:49 +0800
-Subject: [PATCH 3/7] Disable export MbedTLSTargets
+Subject: [PATCH 3/8] Disable export MbedTLSTargets
Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
diff --git a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch b/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
index 210a0fc..ae85b9d 100644
--- a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
+++ b/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
@@ -1,8 +1,12 @@
-From fc5fd24aa2e287ed57ecf8dd9b85d871d369d871 Mon Sep 17 00:00:00 2001
+From 183db7cb5970816ab6e0b1e4d6d93b734bb84440 Mon Sep 17 00:00:00 2001
From: Salome Thirot <salome.thirot@arm.com>
Date: Wed, 7 Jul 2021 10:24:43 +0100
-Subject: [PATCH 4/7] CC3XX: Hardcode entry points for the CC3XX driver
+Subject: [PATCH 4/8] CC3XX: Hardcode entry points for the CC3XX driver
+Use PSA driver for CC3XX driver to avoid fallback to software
+implementation. This will save 22.23KB in RO size.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@@ -10,10 +14,10 @@
---
.../psa/crypto_driver_contexts_composites.h | 9 +
.../psa/crypto_driver_contexts_primitives.h | 9 +
- library/psa_crypto.c | 65 ++-
- library/psa_crypto_driver_wrappers.c | 536 ++++++++++++++++++
+ library/psa_crypto.c | 65 +-
+ library/psa_crypto_driver_wrappers.c | 925 ++++++++++++++----
library/psa_crypto_driver_wrappers.h | 29 +
- 5 files changed, 644 insertions(+), 4 deletions(-)
+ 5 files changed, 834 insertions(+), 203 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index 3f1c8af4..2fdf9561 100644
@@ -175,7 +179,7 @@
if( status != PSA_SUCCESS )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 8d864786..eed2ce40 100644
+index 8d864786..22273b8c 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -44,6 +44,16 @@
@@ -228,7 +232,49 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_message(
attributes,
-@@ -201,6 +230,20 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -142,8 +171,19 @@ psa_status_t psa_driver_wrapper_sign_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_sign_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -167,18 +207,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+-
+- return( psa_sign_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_size,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_verify_message(
+@@ -201,6 +232,20 @@ psa_status_t psa_driver_wrapper_verify_message(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -249,7 +295,47 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_message(
attributes,
-@@ -288,6 +331,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -215,8 +260,18 @@ psa_status_t psa_driver_wrapper_verify_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_verify_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -239,17 +294,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+-
+- return( psa_verify_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -288,6 +335,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -270,7 +356,33 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_hash( attributes,
key_buffer,
-@@ -372,6 +429,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -302,7 +363,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_sign_hash_builtin( attributes,
+ key_buffer,
+@@ -313,6 +375,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ signature,
+ signature_size,
+ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -334,6 +397,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -372,6 +436,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -290,22 +402,49 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_hash(
attributes,
-@@ -547,6 +617,14 @@ psa_status_t psa_driver_wrapper_generate_key(
+@@ -386,8 +463,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( psa_verify_hash_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -396,6 +473,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ hash_length,
+ signature,
+ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -416,6 +494,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ /** Calculate the key buffer size required to store the key material of a key
+@@ -547,6 +626,14 @@ psa_status_t psa_driver_wrapper_generate_key(
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
/* Cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ status = cc3xx_generate_key(
-+ attributes, key_buffer, key_buffer_size,
-+ key_buffer_length );
-+ /* Declared with fallback == true */
-+ if( status != PSA_ERROR_NOT_SUPPORTED )
-+ break;
++ status = cc3xx_generate_key(
++ attributes, key_buffer, key_buffer_size,
++ key_buffer_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ break;
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
-@@ -758,6 +836,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -758,6 +845,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -324,10 +463,39 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_export_public_key(
attributes,
-@@ -907,6 +997,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -770,7 +869,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_export_public_key_internal( attributes,
+ key_buffer,
+@@ -778,6 +878,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ data,
+ data_size,
+ data_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -795,6 +896,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ /* Key is declared with a lifetime not known to us */
+ return( status );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_get_builtin_key(
+@@ -907,9 +1009,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_cipher_encrypt( attributes,
+ key_buffer,
@@ -344,13 +512,26 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_encrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -958,6 +1075,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
- #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -995,6 +1101,20 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -995,9 +1113,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_cipher_decrypt( attributes,
+ key_buffer,
@@ -365,13 +546,25 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_decrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -1040,6 +1171,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
- #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1072,6 +1192,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1072,8 +1204,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_cipher_encrypt_setup(
+ &operation->ctx.cc3xx_driver_ctx,
@@ -386,13 +579,25 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1145,6 +1279,20 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -1113,6 +1259,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ (void)alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1145,8 +1292,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_cipher_decrypt_setup(
+ &operation->ctx.cc3xx_driver_ctx,
@@ -407,10 +612,34 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1213,6 +1361,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+ status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -1185,6 +1346,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ (void)alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1194,13 +1356,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
+- iv,
+- iv_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1213,6 +1368,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -420,10 +649,32 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ iv, iv_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
++ iv,
++ iv_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1256,6 +1410,13 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1232,16 +1398,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
+- input,
+- input_length,
+- output,
+- output_size,
+- output_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1256,6 +1412,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -434,10 +685,33 @@
+ input, input_length,
+ output, output_size, output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1296,6 +1457,12 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1276,14 +1447,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
+- output,
+- output_size,
+- output_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1296,6 +1459,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -447,10 +721,28 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ output, output_size, output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX*/
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
++ output,
++ output_size,
++ output_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1336,6 +1503,15 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1313,11 +1488,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1336,6 +1506,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -463,23 +755,45 @@
+ sizeof( operation->ctx.cc3xx_driver_ctx ) );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1363,6 +1539,12 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1357,15 +1539,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_compute(
+ alg, input, input_length, hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif
+-
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
+ hash_length);
+ if (status != PSA_ERROR_NOT_SUPPORTED)
+ return status;
+#endif
-
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
/* If software fallback is compiled in, try fallback */
- #if defined(MBEDTLS_PSA_BUILTIN_HASH)
-@@ -1399,6 +1581,16 @@ psa_status_t psa_driver_wrapper_hash_setup(
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+@@ -1389,6 +1577,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try setup on accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_setup(
+ &operation->ctx.test_driver_ctx, alg );
+@@ -1399,8 +1588,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
return( status );
#endif
@@ -493,13 +807,30 @@
+ }
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
/* If software fallback is compiled in, try fallback */
- #if defined(MBEDTLS_PSA_BUILTIN_HASH)
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
-@@ -1434,6 +1626,13 @@ psa_status_t psa_driver_wrapper_hash_clone(
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1421,18 +1620,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
+ {
+ switch( source_operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
+- &target_operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ return( mbedtls_test_transparent_hash_clone(
&source_operation->ctx.test_driver_ctx,
&target_operation->ctx.test_driver_ctx ) );
- #endif
++#endif
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
@@ -507,70 +838,149 @@
+ &source_operation->ctx.cc3xx_driver_ctx,
+ &target_operation->ctx.cc3xx_driver_ctx ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
++ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
++ &target_operation->ctx.mbedtls_ctx ) );
+ #endif
default:
(void) target_operation;
- return( PSA_ERROR_BAD_STATE );
-@@ -1458,6 +1657,12 @@ psa_status_t psa_driver_wrapper_hash_update(
+@@ -1447,16 +1654,23 @@ psa_status_t psa_driver_wrapper_hash_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
+- input, input_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_update(
&operation->ctx.test_driver_ctx,
input, input_length ) );
- #endif
++#endif
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return( cc3xx_hash_update(
+ &operation->ctx.cc3xx_driver_ctx,
+ input, input_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
++ input, input_length ) );
+ #endif
default:
(void) input;
- (void) input_length;
-@@ -1484,6 +1689,12 @@ psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1473,16 +1687,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
+- hash, hash_size, hash_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_finish(
&operation->ctx.test_driver_ctx,
hash, hash_size, hash_length ) );
- #endif
++#endif
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return( cc3xx_hash_finish(
+ &operation->ctx.cc3xx_driver_ctx,
+ hash, hash_size, hash_length ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
++ hash, hash_size, hash_length ) );
+ #endif
default:
(void) hash;
- (void) hash_size;
-@@ -1506,6 +1717,11 @@ psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1497,14 +1718,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_hash_abort(
&operation->ctx.test_driver_ctx ) );
- #endif
++#endif
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return( cc3xx_hash_abort(
+ &operation->ctx.cc3xx_driver_ctx ) );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif
default:
return( PSA_ERROR_BAD_STATE );
- }
-@@ -1543,6 +1759,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1543,24 +1770,39 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
+- /* Fell through, meaning no accelerator supports this operation */
+- return( mbedtls_psa_aead_encrypt(
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_aead_encrypt(
-+ attributes, key_buffer, key_buffer_size,
-+ alg,
-+ nonce, nonce_length,
-+ additional_data, additional_data_length,
-+ plaintext, plaintext_length,
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+- ciphertext, ciphertext_size, ciphertext_length ) );
+-
+- /* Add cases for opaque driver here */
+ ciphertext, ciphertext_size, ciphertext_length );
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++
++ /* Fell through, meaning no accelerator supports this operation */
++ return( mbedtls_psa_aead_encrypt(
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ plaintext, plaintext_length,
++ ciphertext, ciphertext_size, ciphertext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++
++ /* Add cases for opaque driver here */
- /* Fell through, meaning no accelerator supports this operation */
-@@ -1595,6 +1823,18 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1595,7 +1837,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_aead_decrypt(
+ attributes, key_buffer, key_buffer_size,
@@ -583,13 +993,32 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1643,6 +1883,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ return( mbedtls_psa_aead_decrypt(
+@@ -1605,6 +1860,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+
+@@ -1613,6 +1869,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1643,7 +1900,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
+ status = cc3xx_aead_encrypt_setup(
@@ -601,13 +1030,35 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1692,6 +1943,18 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1651,9 +1919,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ &operation->ctx.mbedtls_ctx, attributes,
+ key_buffer, key_buffer_size,
+ alg );
+-
+- return( status );
+-
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
+ /* Add cases for opaque driver here */
+
+ default:
+@@ -1661,6 +1928,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1692,7 +1960,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
+ status = cc3xx_aead_decrypt_setup(
@@ -620,10 +1071,46 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1738,6 +2001,15 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1701,9 +1981,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+-
+- return( status );
+-
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
+ /* Add cases for opaque driver here */
+
+ default:
+@@ -1711,6 +1990,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1720,14 +2000,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
+- nonce,
+- nonce_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1738,6 +2010,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -636,10 +1123,30 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
++ nonce,
++ nonce_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1772,6 +2044,15 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1754,14 +2040,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
+- ad_length,
+- plaintext_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1772,6 +2050,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -652,10 +1159,30 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
++ ad_length,
++ plaintext_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1806,6 +2087,15 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1788,14 +2080,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
+- input,
+- input_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1806,6 +2090,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -668,10 +1195,31 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
++ input,
++ input_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1845,6 +2135,16 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1825,15 +2123,6 @@ psa_status_t psa_driver_wrapper_aead_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
+- input, input_length,
+- output, output_size,
+- output_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1845,6 +2134,22 @@ psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -685,10 +1233,33 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
++ input, input_length,
++ output, output_size,
++ output_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1889,6 +2189,16 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1868,16 +2173,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+- ciphertext,
+- ciphertext_size,
+- ciphertext_length, tag,
+- tag_size, tag_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1889,6 +2184,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -702,13 +1273,32 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
++ ciphertext,
++ ciphertext_size,
++ ciphertext_length, tag,
++ tag_size, tag_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1953,6 +2263,16 @@ psa_status_t psa_driver_wrapper_aead_verify(
- /* Add cases for opaque driver here */
-
- #endif /* PSA_CRYPTO_DRIVER_TEST */
+@@ -1912,7 +2224,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_TEST)
++ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
++ return( mbedtls_test_transparent_aead_verify(
++ &operation->ctx.transparent_test_driver_ctx,
++ plaintext, plaintext_size,
++ plaintext_length, tag, tag_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return( cc3xx_aead_verify(
@@ -719,10 +1309,45 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+@@ -1939,20 +2272,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
+
+ return( status );
+ }
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+-#if defined(PSA_CRYPTO_DRIVER_TEST)
+- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+- return( mbedtls_test_transparent_aead_verify(
+- &operation->ctx.transparent_test_driver_ctx,
+- plaintext, plaintext_size,
+- plaintext_length, tag, tag_length ) );
+-
+- /* Add cases for opaque driver here */
+-
+-#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1985,6 +2305,14 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -1970,12 +2289,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1985,6 +2298,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -734,13 +1359,18 @@
+ /* Add cases for opaque driver here */
+
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2024,6 +2352,14 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2024,8 +2348,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
@@ -749,13 +1379,25 @@
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- #if defined(MBEDTLS_PSA_BUILTIN_MAC)
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2092,6 +2428,17 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+ status = mbedtls_psa_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+@@ -2060,6 +2392,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
+ (void) status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2092,8 +2425,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_mac_sign_setup(
+ &operation->ctx.cc3xx_driver_ctx,
@@ -767,13 +1409,25 @@
+ if (status != PSA_ERROR_NOT_SUPPORTED)
+ return status;
+#endif
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- #if defined(MBEDTLS_PSA_BUILTIN_MAC)
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2164,6 +2511,17 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+ status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -2132,6 +2476,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2164,8 +2509,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_mac_verify_setup(
+ &operation->ctx.cc3xx_driver_ctx,
@@ -785,10 +1439,33 @@
+ if (status != PSA_ERROR_NOT_SUPPORTED)
+ return status;
+#endif
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- #if defined(MBEDTLS_PSA_BUILTIN_MAC)
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2231,6 +2589,10 @@ psa_status_t psa_driver_wrapper_mac_update(
+ status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -2204,6 +2560,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2213,12 +2570,6 @@ psa_status_t psa_driver_wrapper_mac_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
+- input, input_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2231,6 +2582,14 @@ psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -796,10 +1473,27 @@
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
+#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
++ input, input_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2265,6 +2627,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2247,12 +2606,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
+- mac, mac_size, mac_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2265,6 +2618,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -808,10 +1502,27 @@
+ return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
+ mac, mac_size, mac_length));
+#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
++ mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2299,6 +2666,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2281,12 +2643,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
+- mac, mac_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2299,6 +2655,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -821,10 +1532,26 @@
+ &operation->ctx.cc3xx_driver_ctx,
+ mac, mac_length));
+#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
++ mac, mac_length ) );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2326,10 +2699,173 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2312,11 +2678,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2326,10 +2687,176 @@ psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -832,12 +1559,15 @@
+ case PSA_CRYPTO_CC3XX_DRIVER_ID:
+ return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
+#endif
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- default:
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
-
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ default:
++ return( PSA_ERROR_INVALID_ARGUMENT );
++ }
++}
++
+/*
+ * Key agreement functions
+ */
@@ -871,7 +1601,7 @@
+ alg );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ (void) status;
+ return ( PSA_ERROR_NOT_SUPPORTED );
+ default:
@@ -928,7 +1658,7 @@
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ (void) status;
+ return ( PSA_ERROR_NOT_SUPPORTED );
-+ default:
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void) key_buffer;
+ (void) key_buffer_size;
@@ -941,10 +1671,10 @@
+ (void) output_size;
+ (void) output_length;
+
-+ return( PSA_ERROR_INVALID_ARGUMENT );
-+ }
-+}
-+
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+
+psa_status_t psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg,
diff --git a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
index 98617d0..271ed97 100644
--- a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
+++ b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
@@ -1,7 +1,7 @@
-From 072755e80839bbeb47d60ce29e67516471793016 Mon Sep 17 00:00:00 2001
+From 72d36ceab1854403646db0f1d1d8d39431806bb6 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Wed, 18 May 2022 18:13:12 +0800
-Subject: [PATCH 5/7] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+Subject: [PATCH 5/8] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
Signed-off-by: Summer Qin <summer.qin@arm.com>
---
diff --git a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
index cefc971..ef5aafb 100644
--- a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
+++ b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
@@ -1,7 +1,7 @@
-From 5234b70e4604e0af6bd148feb37e775c1614cb06 Mon Sep 17 00:00:00 2001
+From 5be6ef47c3ad2e8befc1882d362a1ee66918796c Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 5 May 2022 14:11:32 +0100
-Subject: [PATCH 6/7] Fix key_id and owner_id accessor macros
+Subject: [PATCH 6/8] Fix key_id and owner_id accessor macros
The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
need to have the MBEDTLS_PRIVATE() specifier as these fields are private
diff --git a/lib/ext/mbedcrypto/0006-Add-LMS-implementation.patch b/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
similarity index 99%
rename from lib/ext/mbedcrypto/0006-Add-LMS-implementation.patch
rename to lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
index f7db541..ae3b950 100644
--- a/lib/ext/mbedcrypto/0006-Add-LMS-implementation.patch
+++ b/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
@@ -1,7 +1,7 @@
-From feb6e8d492cd61c9d7eb4fcbeba454e90da5a2ea Mon Sep 17 00:00:00 2001
+From 9bbe4b0c89e2f92f8e661955b91d06c80cde7b77 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Wed, 21 Jul 2021 12:42:15 +0100
-Subject: [PATCH] Add LMS implementation
+Subject: [PATCH 7/8] Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.
@@ -35,7 +35,7 @@
diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt
new file mode 100644
-index 000000000..0f09f0186
+index 00000000..0f09f018
--- /dev/null
+++ b/ChangeLog.d/LMS.txt
@@ -0,0 +1,12 @@
@@ -52,7 +52,7 @@
+ required for LMS. This can be used independently, but each key can only be
+ used to sign one message so is impractical for most circumstances.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
-index ce97f6a35..96a89a639 100644
+index ce97f6a3..96a89a63 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -291,6 +291,16 @@
@@ -73,7 +73,7 @@
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
-index 8b2b9ea58..73d61dbc6 100644
+index 8b2b9ea5..73d61dbc 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -82,6 +82,8 @@
@@ -87,7 +87,7 @@
* Name ID Nr of Errors
diff --git a/include/mbedtls/lmots.h b/include/mbedtls/lmots.h
new file mode 100644
-index 000000000..c98f3bfd7
+index 00000000..c98f3bfd
--- /dev/null
+++ b/include/mbedtls/lmots.h
@@ -0,0 +1,303 @@
@@ -396,7 +396,7 @@
+#endif /* MBEDTLS_LMOTS_H */
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
new file mode 100644
-index 000000000..77559e24b
+index 00000000..77559e24
--- /dev/null
+++ b/include/mbedtls/lms.h
@@ -0,0 +1,271 @@
@@ -672,7 +672,7 @@
+
+#endif /* MBEDTLS_LMS_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
-index 0558ee001..3c886ebd5 100644
+index 0558ee00..3c886ebd 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2361,6 +2361,34 @@
@@ -711,7 +711,7 @@
* \def MBEDTLS_NIST_KW_C
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 07599f5d1..aea6c2e78 100644
+index 07599f5d..aea6c2e7 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -40,6 +40,8 @@ set(src_crypto
@@ -724,7 +724,7 @@
md5.c
memory_buffer_alloc.c
diff --git a/library/Makefile b/library/Makefile
-index 5c23aebfe..cca9556c2 100644
+index 5c23aebf..cca9556c 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -105,6 +105,8 @@ OBJS_CRYPTO= \
@@ -738,7 +738,7 @@
memory_buffer_alloc.o \
diff --git a/library/lmots.c b/library/lmots.c
new file mode 100644
-index 000000000..7319d29be
+index 00000000..7319d29b
--- /dev/null
+++ b/library/lmots.c
@@ -0,0 +1,684 @@
@@ -1428,7 +1428,7 @@
+#endif /* MBEDTLS_LMOTS_C */
diff --git a/library/lms.c b/library/lms.c
new file mode 100644
-index 000000000..e1ac7b935
+index 00000000..e1ac7b93
--- /dev/null
+++ b/library/lms.c
@@ -0,0 +1,718 @@
@@ -2151,7 +2151,7 @@
+
+#endif /* MBEDTLS_LMS_C */
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
-index 0a03f02e9..d333f6590 100755
+index 0a03f02e..d333f659 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -47,7 +47,7 @@ my $error_format_file = $data_dir.'/error.fmt';
@@ -2165,7 +2165,7 @@
my @high_level_modules = qw( CIPHER DHM ECP MD
diff --git a/tests/suites/test_suite_lmots.data b/tests/suites/test_suite_lmots.data
new file mode 100644
-index 000000000..ed192bf7d
+index 00000000..ed192bf7
--- /dev/null
+++ b/tests/suites/test_suite_lmots.data
@@ -0,0 +1,29 @@
@@ -2200,7 +2200,7 @@
+lmots_reuse_test:"cfcd1e81193e310c9d931d1b00818d14"
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
new file mode 100644
-index 000000000..6de94d124
+index 00000000..6de94d12
--- /dev/null
+++ b/tests/suites/test_suite_lmots.function
@@ -0,0 +1,108 @@
@@ -2314,7 +2314,7 @@
+/* END_CASE */
diff --git a/tests/suites/test_suite_lms.data b/tests/suites/test_suite_lms.data
new file mode 100644
-index 000000000..b17fddc15
+index 00000000..b17fddc1
--- /dev/null
+++ b/tests/suites/test_suite_lms.data
@@ -0,0 +1,32 @@
@@ -2352,7 +2352,7 @@
+lms_import_export_test:"00000006000000046B0927585C8547228D495361D73B970C287A2254BF8F1B170E55ACC9520A56CE5D2C711B6617718B49247D28CCC6D11D"
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
new file mode 100644
-index 000000000..b19d074fa
+index 00000000..b19d074f
--- /dev/null
+++ b/tests/suites/test_suite_lms.function
@@ -0,0 +1,85 @@
@@ -2442,5 +2442,5 @@
+/* END_CASE */
+
--
-2.34.1
+2.17.1
diff --git a/lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch b/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
similarity index 87%
rename from lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
rename to lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
index a15ae4f..7c7c282 100644
--- a/lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
+++ b/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
@@ -1,7 +1,7 @@
-From 19c808fa4ffd3bd6631f68c7c21056ed4d93dcba Mon Sep 17 00:00:00 2001
+From fbcda7268ab105c4bc598d8169c95bf610b5aa22 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Thu, 30 Jun 2022 14:14:11 +0800
-Subject: [PATCH 7/7] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
+Subject: [PATCH 8/8] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C are needed when
PSA_WANT_ALG_CHACHA20_POLY1305 is defined.
diff --git a/lib/ext/psa_arch_tests/0001-Init-non-volatile-memory-before-using-in-an521-dev-a.patch b/lib/ext/psa_arch_tests/0001-Init-non-volatile-memory-before-using-in-an521-dev-a.patch
index ef08482..f7a8c24 100644
--- a/lib/ext/psa_arch_tests/0001-Init-non-volatile-memory-before-using-in-an521-dev-a.patch
+++ b/lib/ext/psa_arch_tests/0001-Init-non-volatile-memory-before-using-in-an521-dev-a.patch
@@ -1,7 +1,7 @@
-From 86f1cd6dc04ed5141b54a0a72f63d209f7a04655 Mon Sep 17 00:00:00 2001
+From 52c3af7597167c84168a73700315b65dcc4771ce Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Mon, 11 Apr 2022 11:20:35 +0800
-Subject: [PATCH 1/3] Init non-volatile memory before using in an521 dev apis
+Subject: [PATCH 1/4] Init non-volatile memory before using in an521 dev apis
psa arch test read data from non-volatile memory directly
without initializing it. The data maybe randomly which may
diff --git a/lib/ext/psa_arch_tests/0002-Disable-obsolete-algorithms.patch b/lib/ext/psa_arch_tests/0002-Disable-obsolete-algorithms.patch
index 752fca0..0bebd0c 100644
--- a/lib/ext/psa_arch_tests/0002-Disable-obsolete-algorithms.patch
+++ b/lib/ext/psa_arch_tests/0002-Disable-obsolete-algorithms.patch
@@ -1,7 +1,7 @@
-From 534d847765c669f307c93b03384bad7e1cb919b3 Mon Sep 17 00:00:00 2001
+From fe20f1185ef25986eb704074b1a12ddb40303b95 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Fri, 10 Jun 2022 10:13:43 +0800
-Subject: [PATCH 2/3] Disable obsolete algorithms
+Subject: [PATCH 2/4] Disable obsolete algorithms
curves of size <255 are obsolete algorithms, should be disabled.
diff --git a/lib/ext/psa_arch_tests/0003-Fix-2-issues-in-FF-test.patch b/lib/ext/psa_arch_tests/0003-Fix-2-issues-in-FF-test.patch
index fd2e472..abedd32 100644
--- a/lib/ext/psa_arch_tests/0003-Fix-2-issues-in-FF-test.patch
+++ b/lib/ext/psa_arch_tests/0003-Fix-2-issues-in-FF-test.patch
@@ -1,7 +1,7 @@
-From d205709b36671c774b996de1dab815108dc74f8f Mon Sep 17 00:00:00 2001
+From 1f7a61b48ec3c6ac8cbefc1c4a49e40477f3ae00 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Fri, 17 Jun 2022 15:42:55 +0800
-Subject: [PATCH 3/3] Fix 2 issues in FF test
+Subject: [PATCH 3/4] Fix 2 issues in FF test
- Disable secure test when testing version policy. Otherwise, the
received signal is not matched.
diff --git a/lib/ext/psa_arch_tests/0004-SHA-384-and-SHA-512-are-not-supported-in-CC3XX-PSA-d.patch b/lib/ext/psa_arch_tests/0004-SHA-384-and-SHA-512-are-not-supported-in-CC3XX-PSA-d.patch
new file mode 100644
index 0000000..2ff6783
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0004-SHA-384-and-SHA-512-are-not-supported-in-CC3XX-PSA-d.patch
@@ -0,0 +1,66 @@
+From 3a624e3ed4d87498d750908b840ad471319b52b9 Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Wed, 13 Jul 2022 10:29:26 +0800
+Subject: [PATCH 4/4] SHA-384 and SHA-512 are not supported in CC3XX PSA driver
+
+For psa arch crypto test, SHA-384 and SHA-512 are not supported
+in CC3XX PSA driver.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ api-tests/CMakeLists.txt | 3 +++
+ .../targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h | 2 ++
+ .../targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h | 2 ++
+ 3 files changed, 7 insertions(+)
+
+diff --git a/api-tests/CMakeLists.txt b/api-tests/CMakeLists.txt
+index 55c456b..618a775 100644
+--- a/api-tests/CMakeLists.txt
++++ b/api-tests/CMakeLists.txt
+@@ -641,6 +641,9 @@ endif()
+ if(${SP_HEAP_MEM_SUPP} EQUAL 1)
+ add_definitions(-DSP_HEAP_MEM_SUPP)
+ endif()
++if(${CC312_LEGACY_DRIVER_API_ENABLED})
++ add_definitions(-DCC312_LEGACY_DRIVER_API_ENABLED)
++endif()
+
+ # Build PAL NSPE LIB
+ include(${PSA_ROOT_DIR}/platform/targets/${TARGET}/target.cmake)
+diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
+index 10ee013..1ec1e0c 100644
+--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
+@@ -271,10 +271,12 @@
+ #define ARCH_TEST_SHA256
+ #ifndef TF_M_PROFILE_SMALL
+ #ifndef TF_M_PROFILE_MEDIUM
++#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+ #define ARCH_TEST_SHA384
+ #define ARCH_TEST_SHA512
+ #endif
+ #endif
++#endif
+ //#define ARCH_TEST_SHA512_224
+ //#define ARCH_TEST_SHA512_256
+ //#define ARCH_TEST_SHA3_224
+diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
+index 92f73d9..bc38f16 100644
+--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
+@@ -271,10 +271,12 @@
+ #define ARCH_TEST_SHA256
+ #ifndef TF_M_PROFILE_SMALL
+ #ifndef TF_M_PROFILE_MEDIUM
++#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+ #define ARCH_TEST_SHA384
+ #define ARCH_TEST_SHA512
+ #endif
+ #endif
++#endif
+ //#define ARCH_TEST_SHA512_224
+ //#define ARCH_TEST_SHA512_256
+ //#define ARCH_TEST_SHA3_224
+--
+2.17.1
+
diff --git a/lib/ext/tf-m-tests/repo_config_default.cmake b/lib/ext/tf-m-tests/repo_config_default.cmake
index 5f47a6d..6345ae8 100644
--- a/lib/ext/tf-m-tests/repo_config_default.cmake
+++ b/lib/ext/tf-m-tests/repo_config_default.cmake
@@ -8,5 +8,5 @@
# Default configs of tf-m-tests repo
set(TFM_TEST_REPO_PATH "DOWNLOAD" CACHE PATH "Path to TFM-TEST repo (or DOWNLOAD to fetch automatically")
-set(TFM_TEST_REPO_VERSION "710c640" CACHE STRING "The version of tf-m-tests to use")
+set(TFM_TEST_REPO_VERSION "66ba1d4" CACHE STRING "The version of tf-m-tests to use")
set(CMSIS_5_PATH "DOWNLOAD" CACHE PATH "Path to CMSIS_5 (or DOWNLOAD to fetch automatically")
diff --git a/platform/ext/accelerator/cc312/CMakeLists.txt b/platform/ext/accelerator/cc312/CMakeLists.txt
index 9535fd1..4b7268c 100644
--- a/platform/ext/accelerator/cc312/CMakeLists.txt
+++ b/platform/ext/accelerator/cc312/CMakeLists.txt
@@ -239,6 +239,7 @@
PUBLIC
CRYPTO_HW_ACCELERATOR
MBEDTLS_ECDH_LEGACY_CONTEXT
+ $<$<BOOL:${CC312_LEGACY_DRIVER_API_ENABLED}>:CC312_LEGACY_DRIVER_API_ENABLED>
)
target_compile_options(crypto_service_cc312
diff --git a/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h b/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
index a2d6e41..2506f78 100644
--- a/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
+++ b/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
@@ -23,7 +23,7 @@
#define MBEDTLS_ENTROPY_FORCE_SHA256
/* Main Config */
-
+#ifdef CC312_LEGACY_DRIVER_API_ENABLED
#ifdef MBEDTLS_DHM_C
#define MBEDTLS_DHM_ALT
#endif /* MBEDTLS_DHM_C */
@@ -35,6 +35,7 @@
#ifdef MBEDTLS_POLY1305_C
#define MBEDTLS_POLY1305_ALT
#endif /* MBEDTLS_POLY1305_C */
+#endif /* CC312_LEGACY_DRIVER_API_ENABLED */
/****************************************************************/
/* Require built-in implementations based on PSA requirements */
@@ -48,6 +49,8 @@
#undef PSA_WANT_ALG_CFB
#endif /* PSA_WANT_ALG_CFB */
+#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+
#ifdef PSA_WANT_KEY_TYPE_AES
#define MBEDTLS_AES_ALT
#define MBEDTLS_AES_SETKEY_ENC_ALT
@@ -93,17 +96,6 @@
#define MBEDTLS_GCM_ALT
#endif /* PSA_WANT_ALG_GCM */
-#if defined(PSA_WANT_ALG_RSA_OAEP) || \
- defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || \
- defined(PSA_WANT_ALG_RSA_PSS) || \
- defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_RSA_ALT
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-#define MBEDTLS_GENPRIME
-#endif
-
#ifdef PSA_WANT_ALG_SHA_1
#define MBEDTLS_SHA1_ALT
#define MBEDTLS_SHA1_PROCESS_ALT
@@ -125,6 +117,21 @@
#define MBEDTLS_ECJPAKE_ALT
#endif
+#endif /* CC312_LEGACY_DRIVER_API_ENABLED */
+
+#if defined(PSA_WANT_ALG_RSA_OAEP) || \
+ defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(PSA_WANT_ALG_RSA_PSS) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+#define MBEDTLS_RSA_ALT
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif /* CC312_LEGACY_DRIVER_API_ENABLED */
+#define MBEDTLS_GENPRIME
+#endif
+
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
/****************************************************************/
/* Infer PSA requirements from Mbed TLS capabilities */
@@ -136,6 +143,8 @@
#undef MBEDTLS_CIPHER_MODE_CFB
#endif /* MBEDTLS_CIPHER_MODE_CFB */
+#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+
#ifdef MBEDTLS_AES_C
#define MBEDTLS_AES_ALT
#define MBEDTLS_AES_SETKEY_ENC_ALT
@@ -182,12 +191,6 @@
#define MBEDTLS_GCM_ALT
#endif /* MBEDTLS_GCM_C */
-#ifdef MBEDTLS_RSA_C
-#define MBEDTLS_RSA_ALT
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-#define MBEDTLS_GENPRIME
-#endif /* MBEDTLS_RSA_C */
-
#ifdef MBEDTLS_SHA1_C
#define MBEDTLS_SHA1_ALT
#define MBEDTLS_SHA1_PROCESS_ALT
@@ -202,6 +205,16 @@
#define MBEDTLS_ECJPAKE_ALT
#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */
+#endif /* CC312_LEGACY_DRIVER_API_ENABLED */
+
+#ifdef MBEDTLS_RSA_C
+#ifdef CC312_LEGACY_DRIVER_API_ENABLED
+#define MBEDTLS_RSA_ALT
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif /* CC312_LEGACY_DRIVER_API_ENABLED */
+#define MBEDTLS_GENPRIME
+#endif /* MBEDTLS_RSA_C */
+
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
#ifdef __cplusplus