Crypto: Update to Mbed TLS 3.6.3
- Bump Mbed TLS version to 3.6.3,
- Re-align mbedtls/psa interface headers,
- Rebase patch files and fix 0005.
Change-Id: I7a21c95f64d9d7e82b1167dd5fdc7b196b049808
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/config/config_base.cmake b/config/config_base.cmake
index 07fc4df..e522b55 100644
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -37,7 +37,7 @@
# External libraries source and version
set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
set(MBEDCRYPTO_FORCE_PATCH OFF CACHE BOOL "Always apply MBed Crypto patches")
-set(MBEDCRYPTO_VERSION "mbedtls-3.6.2" CACHE STRING "The version of Mbed Crypto to use")
+set(MBEDCRYPTO_VERSION "mbedtls-3.6.3" CACHE STRING "The version of Mbed Crypto to use")
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
diff --git a/interface/include/mbedtls/build_info.h b/interface/include/mbedtls/build_info.h
index d91d296..e70c4d7 100644
--- a/interface/include/mbedtls/build_info.h
+++ b/interface/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6
-#define MBEDTLS_VERSION_PATCH 2
+#define MBEDTLS_VERSION_PATCH 3
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03060200
-#define MBEDTLS_VERSION_STRING "3.6.2"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.2"
+#define MBEDTLS_VERSION_NUMBER 0x03060300
+#define MBEDTLS_VERSION_STRING "3.6.3"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.3"
/* Macros for build-time platform detection */
diff --git a/interface/include/mbedtls/check_config.h b/interface/include/mbedtls/check_config.h
index 67a05f8..aec5050 100644
--- a/interface/include/mbedtls/check_config.h
+++ b/interface/include/mbedtls/check_config.h
@@ -247,6 +247,9 @@
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
#endif
+#if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM)
+#error "MemorySanitizer does not support assembly implementation"
+#endif
#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
#if defined(MBEDTLS_CCM_C) && \
@@ -738,6 +741,11 @@
#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
#endif
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
+ defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
+#endif
+
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
diff --git a/interface/include/mbedtls/config_adjust_legacy_crypto.h b/interface/include/mbedtls/config_adjust_legacy_crypto.h
index 3ba987e..331ac9b 100644
--- a/interface/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/interface/include/mbedtls/config_adjust_legacy_crypto.h
@@ -48,6 +48,13 @@
#endif
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
+/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
+ * is defined as well to include all PSA code.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
* in PSA. */
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
@@ -158,7 +165,66 @@
#define MBEDTLS_MD_SHA3_512_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+
+#if defined(PSA_WANT_ALG_MD5)
+#define MBEDTLS_MD_CAN_MD5
+#define MBEDTLS_MD_MD5_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA_1)
+#define MBEDTLS_MD_CAN_SHA1
+#define MBEDTLS_MD_SHA1_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA_224)
+#define MBEDTLS_MD_CAN_SHA224
+#define MBEDTLS_MD_SHA224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA_256)
+#define MBEDTLS_MD_CAN_SHA256
+#define MBEDTLS_MD_SHA256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA_384)
+#define MBEDTLS_MD_CAN_SHA384
+#define MBEDTLS_MD_SHA384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA_512)
+#define MBEDTLS_MD_CAN_SHA512
+#define MBEDTLS_MD_SHA512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_RIPEMD160)
+#define MBEDTLS_MD_CAN_RIPEMD160
+#define MBEDTLS_MD_RIPEMD160_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA3_224)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_SHA3_224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA3_256)
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_SHA3_256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA3_384)
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_SHA3_384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(PSA_WANT_ALG_SHA3_512)
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SHA3_512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+
+#endif /* !MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
/* Built-in implementations */
#if defined(MBEDTLS_MD5_C)
@@ -352,13 +418,6 @@
#define MBEDTLS_PK_CAN_ECDSA_SOME
#endif
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
/* Helpers to state that each key is supported either on the builtin or PSA side. */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
#define MBEDTLS_ECP_HAVE_SECP521R1
diff --git a/interface/include/mbedtls/config_adjust_legacy_from_psa.h b/interface/include/mbedtls/config_adjust_legacy_from_psa.h
index 04bdae6..48f1bab 100644
--- a/interface/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/interface/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -69,7 +69,6 @@
(defined(PSA_WANT_ECC_SECP_R1_384) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)) || \
(defined(PSA_WANT_ECC_SECP_R1_521) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)) || \
(defined(PSA_WANT_ECC_SECP_K1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)) || \
- (defined(PSA_WANT_ECC_SECP_K1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)) || \
(defined(PSA_WANT_ECC_SECP_K1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
@@ -225,17 +224,6 @@
#endif /* missing accel */
#endif /* PSA_WANT_ECC_SECP_K1_192 */
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
- defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
- defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-/* https://github.com/Mbed-TLS/mbedtls/issues/3541 */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#endif /* missing accel */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
#if defined(PSA_WANT_ECC_SECP_K1_256)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
@@ -782,13 +770,6 @@
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
#endif
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
#if defined(PSA_WANT_ALG_CMAC)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
diff --git a/interface/include/mbedtls/config_adjust_psa_superset_legacy.h b/interface/include/mbedtls/config_adjust_psa_superset_legacy.h
index ef65cce..1a232cb 100644
--- a/interface/include/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/interface/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -136,13 +136,6 @@
#endif /* PSA_WANT_ECC_SECP_K1_192 */
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if !defined(PSA_WANT_ECC_SECP_K1_224)
-#define PSA_WANT_ECC_SECP_K1_224 1
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#if !defined(PSA_WANT_ECC_SECP_K1_256)
#define PSA_WANT_ECC_SECP_K1_256 1
diff --git a/interface/include/mbedtls/debug.h b/interface/include/mbedtls/debug.h
index 424ed4b..e6f5dad 100644
--- a/interface/include/mbedtls/debug.h
+++ b/interface/include/mbedtls/debug.h
@@ -108,16 +108,16 @@
*
* This module provides debugging functions.
*/
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900)
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#else \
- /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+ /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
#endif \
- /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+ /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */
#if !defined(MBEDTLS_PRINTF_MS_TIME)
#include <inttypes.h>
diff --git a/interface/include/mbedtls/entropy.h b/interface/include/mbedtls/entropy.h
index 20fd687..6c64e3e 100644
--- a/interface/include/mbedtls/entropy.h
+++ b/interface/include/mbedtls/entropy.h
@@ -17,12 +17,13 @@
#include "md.h"
-#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_512)) && \
+ !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
#else
-#if defined(MBEDTLS_MD_CAN_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA256) || defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256
#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
diff --git a/interface/include/mbedtls/error.h b/interface/include/mbedtls/error.h
index 186589a..635f7cd 100644
--- a/interface/include/mbedtls/error.h
+++ b/interface/include/mbedtls/error.h
@@ -81,7 +81,7 @@
* MD 5 5
* HKDF 5 1 (Started from top)
* PKCS7 5 12 (Started from 0x5300)
- * SSL 5 2 (Started from 0x5F00)
+ * SSL 5 3 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 22 (Started from top, plus 0x6000)
* SSL 7 20 (Started from 0x7000, gaps at
diff --git a/interface/include/mbedtls/gcm.h b/interface/include/mbedtls/gcm.h
index 98faa43..390ed4c 100644
--- a/interface/include/mbedtls/gcm.h
+++ b/interface/include/mbedtls/gcm.h
@@ -115,10 +115,9 @@
/**
* \brief This function performs GCM encryption or decryption of a buffer.
*
- * \note For encryption, the output buffer can be the same as the
- * input buffer. For decryption, the output buffer cannot be
- * the same as input buffer. If the buffers overlap, the output
- * buffer must trail at least 8 Bytes behind the input buffer.
+ * \note The output buffer \p output can be the same as the input
+ * buffer \p input. If \p output is greater than \p input, they
+ * cannot overlap.
*
* \warning When this function performs a decryption, it outputs the
* authentication tag and does not verify that the data is
@@ -179,9 +178,11 @@
* \brief This function performs a GCM authenticated decryption of a
* buffer.
*
- * \note For decryption, the output buffer cannot be the same as
- * input buffer. If the buffers overlap, the output buffer
- * must trail at least 8 Bytes behind the input buffer.
+ * \note The output buffer \p output can be the same as the input
+ * buffer \p input. If \p output is greater than \p input, they
+ * cannot overlap. Implementations which require
+ * MBEDTLS_GCM_ALT to be enabled may not provide support for
+ * overlapping buffers.
*
* \param ctx The GCM context. This must be initialized.
* \param length The length of the ciphertext to decrypt, which is also
@@ -287,9 +288,11 @@
* to this function during an operation, then it is
* correct to use \p output_size = \p input_length.
*
- * \note For decryption, the output buffer cannot be the same as
- * input buffer. If the buffers overlap, the output buffer
- * must trail at least 8 Bytes behind the input buffer.
+ * \note The output buffer \p output can be the same as the input
+ * buffer \p input. If \p output is greater than \p input, they
+ * cannot overlap. Implementations which require
+ * MBEDTLS_GCM_ALT to be enabled may not provide support for
+ * overlapping buffers.
*
* \param ctx The GCM context. This must be initialized.
* \param input The buffer holding the input data. If \p input_length
diff --git a/interface/include/mbedtls/net_sockets.h b/interface/include/mbedtls/net_sockets.h
index 85c1197..8e69bc0 100644
--- a/interface/include/mbedtls/net_sockets.h
+++ b/interface/include/mbedtls/net_sockets.h
@@ -229,7 +229,7 @@
/**
* \brief Write at most 'len' characters. If no error occurs,
- * the actual amount read is returned.
+ * the actual amount written is returned.
*
* \param ctx Socket
* \param buf The buffer to read from
diff --git a/interface/include/mbedtls/pk.h b/interface/include/mbedtls/pk.h
index 1b7e4f1..52f4cc6 100644
--- a/interface/include/mbedtls/pk.h
+++ b/interface/include/mbedtls/pk.h
@@ -362,7 +362,7 @@
* \brief Initialize a PK context to wrap a PSA key.
*
* This function creates a PK context which wraps a PSA key. The PSA wrapped
- * key must be an EC or RSA key pair (DH is not supported in the PK module).
+ * key must be an EC or RSA key pair (DH is not suported in the PK module).
*
* Under the hood PSA functions will be used to perform the required
* operations and, based on the key type, used algorithms will be:
diff --git a/interface/include/mbedtls/psa_util.h b/interface/include/mbedtls/psa_util.h
index c78cc23..b898f1f 100644
--- a/interface/include/mbedtls/psa_util.h
+++ b/interface/include/mbedtls/psa_util.h
@@ -161,6 +161,16 @@
* \param[out] der_len On success it contains the amount of valid data
* (in bytes) written to \p der. It's undefined
* in case of failure.
+ *
+ * \note The behavior is undefined if \p der is null,
+ * even if \p der_size is 0.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p der_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if one of the
+ * numbers in the signature is 0.
*/
int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
unsigned char *der, size_t der_size, size_t *der_len);
@@ -177,6 +187,15 @@
* \param[out] raw_len On success it is updated with the amount of valid
* data (in bytes) written to \p raw. It's undefined
* in case of failure.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p raw_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the data in
+ * \p der is inconsistent with \p bits.
+ * \return An \c MBEDTLS_ERR_ASN1_xxx error code if
+ * \p der is malformed.
*/
int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
unsigned char *raw, size_t raw_size, size_t *raw_len);
diff --git a/interface/include/mbedtls/ssl.h b/interface/include/mbedtls/ssl.h
index 42fffbf..f9b103e 100644
--- a/interface/include/mbedtls/ssl.h
+++ b/interface/include/mbedtls/ssl.h
@@ -166,6 +166,42 @@
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
/** Invalid value in SSL config */
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
+/* Error space gap */
+/** Attempt to verify a certificate without an expected hostname.
+ * This is usually insecure.
+ *
+ * In TLS clients, when a client authenticates a server through its
+ * certificate, the client normally checks three things:
+ * - the certificate chain must be valid;
+ * - the chain must start from a trusted CA;
+ * - the certificate must cover the server name that is expected by the client.
+ *
+ * Omitting any of these checks is generally insecure, and can allow a
+ * malicious server to impersonate a legitimate server.
+ *
+ * The third check may be safely skipped in some unusual scenarios,
+ * such as networks where eavesdropping is a risk but not active attacks,
+ * or a private PKI where the client equally trusts all servers that are
+ * accredited by the root CA.
+ *
+ * You should call mbedtls_ssl_set_hostname() with the expected server name
+ * before starting a TLS handshake on a client (unless the client is
+ * set up to only use PSK-based authentication, which does not rely on the
+ * host name). If you have determined that server name verification is not
+ * required for security in your scenario, call mbedtls_ssl_set_hostname()
+ * with \p NULL as the server name.
+ *
+ * This error is raised if all of the following conditions are met:
+ *
+ * - A TLS client is configured with the authentication mode
+ * #MBEDTLS_SSL_VERIFY_REQUIRED (default).
+ * - Certificate authentication is enabled.
+ * - The client does not call mbedtls_ssl_set_hostname().
+ * - The configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is not enabled.
+ */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80
/*
* Constants from RFC 8446 for TLS 1.3 PSK modes
@@ -1724,7 +1760,16 @@
int MBEDTLS_PRIVATE(early_data_state);
#endif
- unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
+ /** Multipurpose field.
+ *
+ * - DTLS: records with a bad MAC received.
+ * - TLS: accumulated length of handshake fragments (up to \c in_hslen).
+ *
+ * This field is multipurpose in order to preserve the ABI in the
+ * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS
+ * and called `badmac_seen`.
+ */
+ unsigned MBEDTLS_PRIVATE(badmac_seen_or_in_hsfraglen);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
@@ -1884,8 +1929,35 @@
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
- (and SNI if available) */
+ /** Expected peer CN for verification.
+ *
+ * Also used on clients for SNI,
+ * and for TLS 1.3 session resumption using tickets.
+ *
+ * The value of this field can be:
+ * - \p NULL in a newly initialized or reset context.
+ * - A heap-allocated copy of the last value passed to
+ * mbedtls_ssl_set_hostname(), if the last call had a non-null
+ * \p hostname argument.
+ * - A special value to indicate that mbedtls_ssl_set_hostname()
+ * was called with \p NULL (as opposed to never having been called).
+ * See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
+ *
+ * If this field contains the value \p NULL and the configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is unset, on a TLS client, attempting to verify a server certificate
+ * results in the error
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+ *
+ * If this field contains the special value described above, or if
+ * the value is \p NULL and the configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is set, then the peer name verification is skipped, which may be
+ * insecure, especially on a client. Furthermore, on a client, the
+ * server_name extension is not sent, and the server name is ignored
+ * in TLS 1.3 session resumption using tickets.
+ */
+ char *MBEDTLS_PRIVATE(hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
@@ -1993,6 +2065,14 @@
* Calling mbedtls_ssl_setup again is not supported, even
* if no session is active.
*
+ * \warning After setting up a client context, if certificate-based
+ * authentication is enabled, you should call
+ * mbedtls_ssl_set_hostname() to specifiy the expected
+ * name of the server. Without this, in most scenarios,
+ * the TLS connection is insecure. See
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * for more information.
+ *
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
@@ -3967,16 +4047,29 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set or reset the hostname to check against the received
- * server certificate. It sets the ServerName TLS extension,
- * too, if that extension is enabled. (client-side only)
+ * peer certificate. On a client, this also sets the
+ * ServerName TLS extension, if that extension is enabled.
+ * On a TLS 1.3 client, this also sets the server name in
+ * the session resumption ticket, if that feature is enabled.
*
* \param ssl SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
-
- * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ * \param hostname The server hostname. This may be \c NULL to clear
+ * the hostname.
*
- * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ *
+ * \note If the hostname is \c NULL on a client, then the server
+ * is not authenticated: it only needs to have a valid
+ * certificate, not a certificate matching its name.
+ * Therefore you should always call this function on a client,
+ * unless the connection is set up to only allow
+ * pre-shared keys, or in scenarios where server
+ * impersonation is not a concern. See the documentation of
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * for more details.
+ *
+ * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
+ * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared
@@ -4440,6 +4533,10 @@
* with \c mbedtls_ssl_read()), not handshake messages.
* With DTLS, this affects both ApplicationData and handshake.
*
+ * \note Defragmentation of TLS handshake messages is supported
+ * with some limitations. See the documentation of
+ * mbedtls_ssl_handshake() for details.
+ *
* \note This sets the maximum length for a record's payload,
* excluding record overhead that will be added to it, see
* \c mbedtls_ssl_get_record_expansion().
@@ -4970,6 +5067,24 @@
* if a negotiation involving TLS 1.3 takes place (this may
* be the case even if TLS 1.3 is offered but eventually
* not selected).
+ *
+ * \note In TLS, reception of fragmented handshake messages is
+ * supported with some limitations (those limitations do
+ * not apply to DTLS, where defragmentation is fully
+ * supported):
+ * - On an Mbed TLS server that only accepts TLS 1.2,
+ * the initial ClientHello message must not be fragmented.
+ * A TLS 1.2 ClientHello may be fragmented if the server
+ * also accepts TLS 1.3 connections (meaning
+ * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the
+ * accepted versions have not been restricted with
+ * mbedtls_ssl_conf_max_tls_version() or the like).
+ * - The first fragment of a handshake message must be
+ * at least 4 bytes long.
+ * - Non-handshake records must not be interleaved between
+ * the fragments of a handshake message. (This is permitted
+ * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it
+ * even in TLS 1.2.)
*/
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
diff --git a/interface/include/mbedtls/threading.h b/interface/include/mbedtls/threading.h
index d50d04e..b4df0e3 100644
--- a/interface/include/mbedtls/threading.h
+++ b/interface/include/mbedtls/threading.h
@@ -30,7 +30,7 @@
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* WARNING - state should only be accessed when holding the mutex lock in
- * tests/src/threading_helpers.c, otherwise corruption can occur.
+ * framework/tests/src/threading_helpers.c, otherwise corruption can occur.
* state will be 0 after a failed init or a free, and nonzero after a
* successful init. This field is for testing only and thus not considered
* part of the public API of Mbed TLS and may change without notice.*/
diff --git a/interface/include/psa/crypto_extra.h b/interface/include/psa/crypto_extra.h
index 0cf42c6..a046ba5 100644
--- a/interface/include/psa/crypto_extra.h
+++ b/interface/include/psa/crypto_extra.h
@@ -32,6 +32,16 @@
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
+/* If the size of static key slots is not explicitly defined by the user, then
+ * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
+ * PSA_CIPHER_MAX_KEY_LENGTH.
+ * See mbedtls_config.h for the definition. */
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
+ PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
+#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
+
/** \addtogroup attributes
* @{
*/
@@ -573,6 +583,35 @@
/** @} */
+/** \defgroup psa_crypto_client Functions defined by a client provider
+ *
+ * The functions in this group are meant to be implemented by providers of
+ * the PSA Crypto client interface. They are provided by the library when
+ * #MBEDTLS_PSA_CRYPTO_C is enabled.
+ *
+ * \note All functions in this group are experimental, as using
+ * alternative client interface providers is experimental.
+ *
+ * @{
+ */
+
+/** Check if PSA is capable of handling the specified hash algorithm.
+ *
+ * This means that PSA core was built with the corresponding PSA_WANT_ALG_xxx
+ * set and that psa_crypto_init has already been called.
+ *
+ * \note When using Mbed TLS version of PSA core (i.e. MBEDTLS_PSA_CRYPTO_C is
+ * set) for now this function only checks the state of the driver
+ * subsystem, not the algorithm. This might be improved in the future.
+ *
+ * \param hash_alg The hash algorithm.
+ *
+ * \return 1 if the PSA can handle \p hash_alg, 0 otherwise.
+ */
+int psa_can_do_hash(psa_algorithm_t hash_alg);
+
+/**@}*/
+
/** \addtogroup crypto_types
* @{
*/
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 635ee98..87b8c39 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -1038,6 +1038,10 @@
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+
/** Sufficient output buffer size for psa_raw_key_agreement().
*
* This macro returns a compile-time constant if its arguments are
@@ -1085,6 +1089,27 @@
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+/** Maximum key length for ciphers.
+ *
+ * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of
+ * the key once a cipher is enabled (as it happens for asymmetric keys for
+ * example), the maximum key length is taken into account for each cipher.
+ * The resulting value will be the maximum cipher's key length given depending
+ * on which ciphers are enabled.
+ *
+ * Note: max value for AES used below would be doubled if XTS were enabled, but
+ * this mode is currently not supported in Mbed TLS implementation of PSA
+ * APIs.
+ */
+#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
+#define PSA_CIPHER_MAX_KEY_LENGTH 32u
+#elif defined(PSA_WANT_KEY_TYPE_DES)
+#define PSA_CIPHER_MAX_KEY_LENGTH 24u
+#else
+#define PSA_CIPHER_MAX_KEY_LENGTH 0u
+#endif
+
/** The default IV size for a cipher algorithm, in bytes.
*
* The IV that is generated as part of a call to #psa_cipher_encrypt() is always
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 8e97bd6..1d678db 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -28,15 +28,6 @@
#define PSA_CRYPTO_VALUES_H
#include "mbedtls/private_access.h"
-#ifdef PSA_WANT_ALG_LMS
-/* Note: TF-M supports LMS as a vendor extension and requires some LMS/HMS specific
- * values to be available to properly override the PSA_ALG_IS_VENDOR_HASH_AND_SIGN
- * macro. Eventually LMS/HMS will be standardized in Mbed TLS hence dropping the
- * need to carry vendor extensions in a separate header
- */
-#include "crypto_values_lms.h"
-#endif
-
/** \defgroup error Error codes
* @{
*/
@@ -1673,9 +1664,7 @@
/* Default definition, to be overridden if the library is extended with
* more hash-and-sign algorithms that we want to keep out of this header
* file. */
-#ifndef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
-#endif
/** Whether the specified algorithm is a signature algorithm that can be used
* with psa_sign_hash() and psa_verify_hash().
diff --git a/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
index a884963..1948c83 100644
--- a/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
+++ b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch
@@ -1,4 +1,4 @@
-From 4b2df7aeedd3fec1f46766afb39a36f5e2b6be59 Mon Sep 17 00:00:00 2001
+From be4c9dfe3429d7f8420b896614cd15bd04d85868 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 21 Mar 2024 11:44:56 +0000
Subject: [PATCH 1/7] Add TF-M Builtin Key Loader driver entry points
@@ -18,7 +18,7 @@
3 files changed, 143 insertions(+), 9 deletions(-)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index c4f41db10b..5180435dea 100644
+index 3ec92cc06..5c05acac4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -73,6 +73,10 @@
@@ -32,7 +32,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-@@ -1166,7 +1170,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
+@@ -1172,7 +1176,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
return status;
}
@@ -46,7 +46,7 @@
*p_slot = NULL;
return PSA_ERROR_NOT_SUPPORTED;
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
-index b901557208..2e828115f8 100644
+index 0ed221b50..17b129a02 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -42,16 +42,32 @@
@@ -129,7 +129,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -391,6 +422,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
+@@ -390,6 +421,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -139,7 +139,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -521,6 +555,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start(
+@@ -519,6 +553,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -149,7 +149,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -613,6 +650,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start(
+@@ -611,6 +648,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -159,7 +159,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -776,6 +816,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
+@@ -774,6 +814,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -169,7 +169,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys. */
/* We don't support passing custom production parameters
-@@ -880,6 +923,9 @@ static inline psa_status_t psa_driver_wrapper_import_key(
+@@ -878,6 +921,9 @@ static inline psa_status_t psa_driver_wrapper_import_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -179,7 +179,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -981,6 +1027,9 @@ static inline psa_status_t psa_driver_wrapper_export_key(
+@@ -979,6 +1025,9 @@ static inline psa_status_t psa_driver_wrapper_export_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -189,7 +189,7 @@
return( psa_export_key_internal( attributes,
key_buffer,
key_buffer_size,
-@@ -1087,6 +1136,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -1085,6 +1134,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -199,7 +199,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1177,6 +1229,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1175,6 +1227,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -209,7 +209,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1254,6 +1309,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1252,6 +1307,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -219,7 +219,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1327,6 +1385,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1325,6 +1383,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -229,7 +229,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1727,6 +1788,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1725,6 +1786,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -239,7 +239,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1779,6 +1843,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1777,6 +1841,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -249,7 +249,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1828,6 +1895,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1826,6 +1893,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -259,7 +259,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1876,6 +1946,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1874,6 +1944,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -269,7 +269,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -2212,6 +2285,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2210,6 +2283,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -279,7 +279,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2276,6 +2352,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2274,6 +2350,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -289,7 +289,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2348,6 +2427,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2346,6 +2425,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -299,7 +299,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2548,6 +2630,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+@@ -2546,6 +2628,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -309,7 +309,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2606,6 +2691,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+@@ -2604,6 +2689,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -319,7 +319,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2670,6 +2758,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
+@@ -2668,6 +2756,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -329,7 +329,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2750,6 +2841,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup(
+@@ -2748,6 +2839,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -340,7 +340,7 @@
* cycle through all known transparent accelerators */
status = PSA_ERROR_NOT_SUPPORTED;
diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c
-index de8a5269b3..436a650fc3 100644
+index de8a5269b..436a650fc 100644
--- a/library/psa_crypto_driver_wrappers_no_static.c
+++ b/library/psa_crypto_driver_wrappers_no_static.c
@@ -41,16 +41,32 @@
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index f26e583..813cd25 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,4 +1,4 @@
-From 3d59b2503307a50882e54553ea2b879f30fc1f00 Mon Sep 17 00:00:00 2001
+From 1d0d43cd46f4518663943be133a473e094bcacb3 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
Subject: [PATCH 2/7] Enable crypto code sharing between independent binaries
@@ -13,7 +13,7 @@
diff --git a/code_share.c b/code_share.c
new file mode 100644
-index 0000000000..2bf67fb42e
+index 000000000..2bf67fb42
--- /dev/null
+++ b/code_share.c
@@ -0,0 +1,3 @@
@@ -21,7 +21,7 @@
+ * extensive crypto code sharing was already applied on the mbedtls library.
+ */
diff --git a/library/platform.c b/library/platform.c
-index 890c4cbaba..f8109c73f3 100644
+index 890c4cbab..f8109c73f 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -41,8 +41,8 @@ static void platform_free_uninit(void *ptr)
@@ -36,7 +36,7 @@
void *mbedtls_calloc(size_t nmemb, size_t size)
{
diff --git a/library/platform_util.c b/library/platform_util.c
-index 19ef07aead..2d9c731d91 100644
+index 19ef07aea..2d9c731d9 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -88,7 +88,7 @@
diff --git a/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
index 49098b3..5594949 100644
--- a/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
+++ b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
@@ -1,4 +1,4 @@
-From 5035d84a049e59fd5973c61a913db38b0dc20949 Mon Sep 17 00:00:00 2001
+From 5033d3b320432de663f9e0ea89f1696905281c59 Mon Sep 17 00:00:00 2001
From: Benjamin Baratte <benjamin.baratte@st.com>
Date: Thu, 9 Feb 2023 10:35:01 +0100
Subject: [PATCH 3/7] Allow SE key to use key vendor id within PSA crypto
@@ -9,10 +9,10 @@
1 file changed, 4 insertions(+)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 5180435dea..589a00e6e2 100644
+index 5c05acac4..75a7034ee 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -1719,7 +1719,11 @@ static psa_status_t psa_validate_key_attributes(
+@@ -1732,7 +1732,11 @@ static psa_status_t psa_validate_key_attributes(
return PSA_ERROR_INVALID_ARGUMENT;
}
} else {
diff --git a/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
index e62a7d0..defc3f1 100644
--- a/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
+++ b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
@@ -1,4 +1,4 @@
-From f7ee76eb24a88e7168749e273f76282658da6ca9 Mon Sep 17 00:00:00 2001
+From ba5d54dc39ca40e6b224dd2bcce9eea9e8998aff Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 21 Mar 2024 11:58:19 +0000
Subject: [PATCH 4/7] Initialise driver wrappers as first step in
@@ -16,10 +16,10 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 589a00e6e2..d3f7293201 100644
+index 75a7034ee..08906dc68 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -8341,12 +8341,12 @@ psa_status_t psa_crypto_init(void)
+@@ -8483,12 +8483,12 @@ psa_status_t psa_crypto_init(void)
return PSA_SUCCESS;
}
diff --git a/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
index 3b586e2..28af5bf 100644
--- a/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
+++ b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch
@@ -1,4 +1,4 @@
-From 0b250e65d8360b0e581078ab2540ce8c451596e8 Mon Sep 17 00:00:00 2001
+From f8ba7db996a4326c3bf8a63264bf7c622a3bf34e Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 21 Mar 2024 12:58:37 +0000
Subject: [PATCH 5/7] Hardcode CC3XX entry points
@@ -17,7 +17,7 @@
4 files changed, 446 insertions(+), 29 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
-index d717c51909..f6a54aefde 100644
+index d717c5190..f6a54aefd 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -30,6 +30,10 @@
@@ -52,7 +52,7 @@
typedef union {
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
-index c90a5fbe74..3f00006f82 100644
+index c90a5fbe7..3f00006f8 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -29,6 +29,10 @@
@@ -87,7 +87,7 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
-index 2e828115f8..3e849caeb7 100644
+index 17b129a02..5c581ff72 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -53,6 +53,16 @@
@@ -258,8 +258,8 @@
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
- PSA_ALG_IS_ECDSA(alg) &&
-@@ -442,6 +499,17 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
+ PSA_ALG_IS_RANDOMIZED_ECDSA(alg) &&
+@@ -441,6 +498,17 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -277,7 +277,7 @@
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
PSA_ALG_IS_ECDSA(alg) &&
-@@ -835,6 +903,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
+@@ -833,6 +901,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -290,7 +290,7 @@
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
-@@ -1158,6 +1232,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -1156,6 +1230,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -311,7 +311,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1249,6 +1337,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1247,6 +1335,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -330,7 +330,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1329,6 +1429,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1327,6 +1427,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -347,7 +347,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1405,6 +1515,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1403,6 +1513,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -364,7 +364,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1474,6 +1594,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1472,6 +1592,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -377,7 +377,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1517,6 +1643,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1515,6 +1641,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -391,7 +391,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1557,6 +1690,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1555,6 +1688,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -404,7 +404,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1597,6 +1736,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1595,6 +1734,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -420,7 +420,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1618,12 +1766,24 @@ static inline psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1616,12 +1764,24 @@ static inline psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
@@ -446,7 +446,7 @@
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-@@ -1650,6 +1810,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1648,6 +1808,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
@@ -454,7 +454,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
-@@ -1658,7 +1819,18 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1656,7 +1817,18 @@ static inline psa_status_t psa_driver_wrapper_hash_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -474,7 +474,7 @@
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-@@ -1688,13 +1860,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone(
+@@ -1686,13 +1858,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone(
return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
&target_operation->ctx.mbedtls_ctx ) );
#endif
@@ -499,7 +499,7 @@
default:
(void) target_operation;
return( PSA_ERROR_BAD_STATE );
-@@ -1713,12 +1895,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update(
+@@ -1711,12 +1893,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update(
return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
#endif
@@ -521,7 +521,7 @@
default:
(void) input;
(void) input_length;
-@@ -1739,12 +1929,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1737,12 +1927,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish(
return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
hash, hash_size, hash_length ) );
#endif
@@ -543,7 +543,7 @@
default:
(void) hash;
(void) hash_size;
-@@ -1762,11 +1960,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1760,11 +1958,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort(
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
#endif
@@ -563,7 +563,7 @@
default:
return( PSA_ERROR_BAD_STATE );
}
-@@ -1807,6 +2012,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1805,6 +2010,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -581,7 +581,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1862,6 +2078,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1860,6 +2076,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -599,7 +599,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1913,6 +2140,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1911,6 +2138,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -615,7 +615,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1965,6 +2201,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1963,6 +2199,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -632,7 +632,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -2011,6 +2257,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -2009,6 +2255,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -645,7 +645,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2045,6 +2297,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -2043,6 +2295,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -658,7 +658,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2079,6 +2337,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -2077,6 +2335,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -671,7 +671,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2118,6 +2382,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update(
+@@ -2116,6 +2380,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -685,7 +685,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2162,6 +2433,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish(
+@@ -2160,6 +2431,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -699,7 +699,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2226,6 +2504,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify(
+@@ -2224,6 +2502,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -713,7 +713,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2258,6 +2543,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2256,6 +2541,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -725,7 +725,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2300,6 +2590,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2298,6 +2588,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -738,7 +738,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2371,6 +2667,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2369,6 +2665,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -754,7 +754,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2446,6 +2751,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2444,6 +2749,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -770,7 +770,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2513,6 +2827,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update(
+@@ -2511,6 +2825,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -781,7 +781,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2547,6 +2865,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2545,6 +2863,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -793,7 +793,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2581,6 +2904,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2579,6 +2902,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -806,7 +806,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2608,6 +2937,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2606,6 +2935,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -817,7 +817,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
return( PSA_ERROR_INVALID_ARGUMENT );
-@@ -2645,6 +2978,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+@@ -2643,6 +2976,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -838,7 +838,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( mbedtls_psa_asymmetric_encrypt( attributes,
key_buffer, key_buffer_size, alg, input, input_length,
-@@ -2706,6 +3053,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+@@ -2704,6 +3051,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -859,7 +859,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( mbedtls_psa_asymmetric_decrypt( attributes,
key_buffer, key_buffer_size, alg,input, input_length,
-@@ -2773,6 +3134,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
+@@ -2771,6 +3132,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -879,7 +879,7 @@
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
PSA_ALG_IS_ECDH(alg) &&
diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c
-index 436a650fc3..bc65e2c7f9 100644
+index 436a650fc..bc65e2c7f 100644
--- a/library/psa_crypto_driver_wrappers_no_static.c
+++ b/library/psa_crypto_driver_wrappers_no_static.c
@@ -52,6 +52,16 @@
diff --git a/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch
index b1900fe..7a083dd 100644
--- a/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch
+++ b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch
@@ -1,4 +1,4 @@
-From e414327494638eb02ce48aca1276f584fc4f8dcc Mon Sep 17 00:00:00 2001
+From 82735c44ddbd94b574e8873e2388c7e2796246c3 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 21 Mar 2024 13:02:44 +0000
Subject: [PATCH 6/7] Enable psa_can_do_hash
@@ -14,7 +14,7 @@
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index d3f7293201..68895738ea 100644
+index 08906dc68..80220ac4b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -288,7 +288,8 @@ static uint8_t psa_get_drivers_initialized(void)
diff --git a/lib/ext/mbedcrypto/0007-P256M-Add-option-to-force-not-use-of-asm.patch b/lib/ext/mbedcrypto/0007-P256M-Add-option-to-force-not-use-of-asm.patch
index 354860d..51927a0 100644
--- a/lib/ext/mbedcrypto/0007-P256M-Add-option-to-force-not-use-of-asm.patch
+++ b/lib/ext/mbedcrypto/0007-P256M-Add-option-to-force-not-use-of-asm.patch
@@ -1,4 +1,4 @@
-From 938042ec4b3270891b8a74ae342427dd7eafe6a5 Mon Sep 17 00:00:00 2001
+From 50076f9bfcbca17c0a8648ab3d5077ea420da385 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Wed, 9 Oct 2024 13:36:42 +0100
Subject: [PATCH 7/7] P256M: Add option to force not use of asm
@@ -13,7 +13,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
-index 42c35b5bf5..558a8bc950 100644
+index 42c35b5bf..558a8bc95 100644
--- a/3rdparty/p256-m/p256-m/p256-m.c
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -197,7 +197,7 @@ static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t);