Crypto: Update to mbed TLS 3.2.1
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I92274fc6496219a2fef35db4cf02a6fe66f3a276
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 398339c..a4bc99b 100755
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -164,7 +164,7 @@
################################## Dependencies ################################
set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
-set(MBEDCRYPTO_VERSION "mbedtls-3.1.0" CACHE STRING "The version of Mbed Crypto to use")
+set(MBEDCRYPTO_VERSION "mbedtls-3.2.1" CACHE STRING "The version of Mbed Crypto to use")
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MBEDCRYPTO_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING "Build type of Mbed Crypto library")
set(TFM_MBEDCRYPTO_CONFIG_PATH
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index c4a103d..60f38d0 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -95,6 +95,12 @@
* @{
*/
+/** \def PSA_KEY_ATTRIBUTES_INIT
+ *
+ * This macro returns a suitable initializer for a key attribute structure
+ * of type #psa_key_attributes_t.
+ */
+
/** Return an initial value for a key attributes structure.
*/
static psa_key_attributes_t psa_key_attributes_init(void);
@@ -455,17 +461,14 @@
* This is an attempt to create a persistent key, and there is
* already a persistent key with the given identifier.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The lifetime or identifier in \p attributes are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The policy constraints on the source and specified in
- * \p attributes are incompatible.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The lifetime or identifier in \p attributes are invalid, or
+ * the policy constraints on the source and specified in
+ * \p attributes are incompatible, or
* \p attributes specifies a key type or key size
* which does not match the attributes of the source key.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The source key is not exportable and its lifetime does not
+ * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ * the source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -592,11 +595,9 @@
* The key type or key size is not supported, either by the
* implementation in general or in this particular persistent location.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key attributes, as a whole, are invalid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key data is not correctly formatted.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size in \p attributes is nonzero and does not match the size
+ * The key attributes, as a whole, are invalid, or
+ * the key data is not correctly formatted, or
+ * the size in \p attributes is nonzero and does not match the size
* of the key data.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
@@ -820,7 +821,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -856,7 +856,6 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -898,6 +897,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
+/** \def PSA_HASH_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a hash operation object
+ * of type #psa_hash_operation_t.
+ */
+
/** Return an initial value for a hash operation object.
*/
static psa_hash_operation_t psa_hash_operation_init(void);
@@ -940,14 +945,13 @@
* \p alg is not a supported hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -967,14 +971,13 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it muct be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -988,7 +991,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1010,8 +1013,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p hash buffer is too small. You can determine a
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
@@ -1021,7 +1022,8 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1039,7 +1041,7 @@
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1056,14 +1058,13 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1114,16 +1115,14 @@
* It must be initialized but not active.
*
* \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- * The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- * The \p target_operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The \p source_operation state is not valid (it must be active), or
+ * the \p target_operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1257,6 +1256,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_mac_operation_s psa_mac_operation_t;
+/** \def PSA_MAC_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a MAC operation object of type
+ * #psa_mac_operation_t.
+ */
+
/** Return an initial value for a MAC operation object.
*/
static psa_mac_operation_t psa_mac_operation_init(void);
@@ -1314,9 +1319,8 @@
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1375,11 +1379,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage
+ * The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1402,15 +1405,14 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1424,7 +1426,7 @@
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1448,9 +1450,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac sign
- * operation).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
* sufficient buffer size by calling PSA_MAC_LENGTH().
@@ -1460,7 +1459,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac sign
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1478,7 +1479,7 @@
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1495,16 +1496,15 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac verify
- * operation).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active mac verify
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1669,6 +1669,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
+/** \def PSA_CIPHER_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a cipher operation object of
+ * type #psa_cipher_operation_t.
+ */
+
/** Return an initial value for a cipher operation object.
*/
static psa_cipher_operation_t psa_cipher_operation_init(void);
@@ -1727,9 +1733,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1791,9 +1796,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1821,8 +1825,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no IV set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1831,7 +1833,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no IV set),
+ * or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1861,9 +1865,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active cipher
- * encrypt operation, with no IV set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
@@ -1873,7 +1874,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active cipher
+ * encrypt operation, with no IV set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1904,9 +1907,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1915,7 +1915,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -1937,7 +1939,7 @@
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
@@ -1957,9 +1959,6 @@
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -1968,7 +1967,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2186,6 +2187,12 @@
* Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
+/** \def PSA_AEAD_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for an AEAD operation object of
+ * type #psa_aead_operation_t.
+ */
+
/** Return an initial value for an AEAD operation object.
*/
static psa_aead_operation_t psa_aead_operation_init(void);
@@ -2239,7 +2246,8 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2251,7 +2259,6 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
@@ -2305,8 +2312,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -2319,7 +2324,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2348,9 +2354,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active aead encrypt
- * operation, with no nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2359,7 +2362,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active aead encrypt
+ * operation, with no nonce set), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2389,9 +2394,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no nonce
- * set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2400,7 +2402,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with no nonce
+ * set), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2434,10 +2438,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, and
- * psa_aead_update_ad() and psa_aead_update() must not have been
- * called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
@@ -2446,7 +2446,10 @@
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, and
+ * psa_aead_update_ad() and psa_aead_update() must not have been
+ * called yet), or the library has not been previously initialized
+ * by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2482,10 +2485,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, have lengths set if required by the algorithm, and
- * psa_aead_update() must not have been called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
@@ -2495,7 +2494,10 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, have lengths set if required by the algorithm, and
+ * psa_aead_update() must not have been called yet), or the library
+ * has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2560,9 +2562,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, have a nonce
- * set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
@@ -2571,9 +2570,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total input length overflows the plaintext length that
+ * specified with psa_aead_set_lengths(), or
+ * the total input length overflows the plaintext length that
* was previously specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -2581,7 +2579,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, have a nonce
+ * set, and have lengths set if required by the algorithm), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2606,7 +2606,7 @@
* preceding calls to psa_aead_update().
* - \p tag contains the authentication tag.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2645,9 +2645,6 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active encryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
* #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2658,9 +2655,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2669,7 +2665,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active encryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2698,7 +2696,7 @@
* plaintext and reports success. If the authentication tag is not correct,
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2732,9 +2730,6 @@
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculations were successful, but the authentication tag is
* not correct.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active decryption
- * operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
* #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
@@ -2743,9 +2738,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
- * specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total length of input to psa_aead_update() so far is
+ * specified with psa_aead_set_lengths(), or
+ * the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -2754,7 +2748,9 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be an active decryption
+ * operation with a nonce set), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -2998,7 +2994,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was perfomed successfully, but the passed
+ * The calculation was performed successfully, but the passed
* signature is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3022,7 +3018,7 @@
/**
* \brief Encrypt a short message with a public key.
*
- * \param key Identifer of the key to use for the operation.
+ * \param key Identifier of the key to use for the operation.
* It must be a public key or an asymmetric key
* pair. It must allow the usage
* #PSA_KEY_USAGE_ENCRYPT.
@@ -3178,6 +3174,12 @@
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
+/** \def PSA_KEY_DERIVATION_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a key derivation operation
+ * object of type #psa_key_derivation_operation_t.
+ */
+
/** Return an initial value for a key derivation operation object.
*/
static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
@@ -3235,9 +3237,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3256,12 +3257,11 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3284,13 +3284,12 @@
* \p capacity is larger than the operation's current capacity.
* In this case, the operation object remains valid and its capacity
* remains unchanged.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active).
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active), or the
+ * library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3334,8 +3333,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow direct inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3343,9 +3341,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3379,8 +3376,7 @@
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow numeric inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3388,9 +3384,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3447,8 +3442,7 @@
* #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
* algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step is not compatible with the operation's algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm, or
* \c step does not allow key inputs of the given type
* or does not allow key inputs at all.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -3457,9 +3451,8 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this input \p step.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this input \p step, or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3511,25 +3504,23 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid for this key agreement \p step.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
* or \p peer_key is not valid for \c alg or not compatible with
- * \c private_key.
+ * \c private_key, or \c step does not allow an input resulting
+ * from a key agreement.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c step does not allow an input resulting from a key agreement.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid for this key agreement \p step,
+ * or the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3568,16 +3559,15 @@
* The operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3618,6 +3608,7 @@
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
+ * - #PSA_KEY_TYPE_ARIA;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
* - #PSA_KEY_TYPE_HMAC;
@@ -3715,9 +3706,6 @@
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
* key; or one of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
@@ -3727,7 +3715,9 @@
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3761,7 +3751,7 @@
*
* \param[in,out] operation The key derivation operation object to read from.
* \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length Length ot the expected output; this is also the
+ * \param output_length Length of the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS
@@ -3777,16 +3767,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3842,16 +3831,15 @@
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active and completed
- * all required input steps).
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
@@ -3917,8 +3905,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p alg is not a key agreement algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p alg is not a key agreement algorithm, or
* \p private_key is not compatible with \p alg,
* or \p peer_key is not valid for \p alg or not compatible with
* \p private_key.
diff --git a/interface/include/psa/crypto_extra.h b/interface/include/psa/crypto_extra.h
index ad0e8cc..efa164c 100644
--- a/interface/include/psa/crypto_extra.h
+++ b/interface/include/psa/crypto_extra.h
@@ -45,7 +45,7 @@
* length of the byte string is the private key size in bytes (leading zeroes
* are not stripped).
*
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
* FIPS 186-4 §B.1.2: interpret the byte string as integer
* in big-endian order. Discard it if it is not in the range
* [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -56,6 +56,62 @@
*/
#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
+/** Whether a key type is an DSA key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_DSA(type) \
+ (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
+
+#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
+/** DSA signature with hashing.
+ *
+ * This is the signature scheme defined by FIPS 186-4,
+ * with a random per-message secret number (*k*).
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding DSA signature algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DSA(hash_alg) \
+ (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
+#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
+/** Deterministic DSA signature with hashing.
+ *
+ * This is the deterministic variant defined by RFC 6979 of
+ * the signature scheme defined by FIPS 186-4.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ * This includes #PSA_ALG_ANY_HASH
+ * when specifying the algorithm in a usage policy.
+ *
+ * \return The corresponding DSA signature algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
+ (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_IS_DSA(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
+ PSA_ALG_DSA_BASE)
+#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
+ (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
+#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
+ (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
+
+
+/* We need to expand the sample definition of this macro from
+ * the API definition. */
+#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
+#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
+ PSA_ALG_IS_DSA(alg)
+
/**@}*/
#ifdef __cplusplus
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 2f60e61..eb03c98 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -176,8 +176,46 @@
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
-/* The maximum size of an ECC key on this implementation, in bits */
+/* The maximum size of an ECC key on this implementation, in bits.
+ * This is a vendor-specific macro. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
+#include "psa/crypto_config.h"
+#endif
+#if defined(PSA_WANT_ECC_SECP_R1_521)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#elif defined(PSA_WANT_ECC_SECP_R1_384)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#elif defined(PSA_WANT_ECC_SECP_R1_256)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(PSA_WANT_ECC_SECP_K1_256)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#elif defined(PSA_WANT_ECC_SECP_R1_224)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#elif defined(PSA_WANT_ECC_SECP_K1_224)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#elif defined(PSA_WANT_ECC_SECP_R1_192)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#elif defined(PSA_WANT_ECC_SECP_K1_192)
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#else
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#endif
+#else /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
/** This macro returns the maximum supported length of the PSK for the
* TLS-1.2 PSK-to-MS key derivation
@@ -696,7 +734,7 @@
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
- * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
+ * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
* DSAPublicKey ::= INTEGER -- public key, Y
*
* - 3 * 4 bytes of SEQUENCE overhead;
@@ -931,8 +969,7 @@
*
* \param key_type A symmetric key type that is compatible with algorithm \p alg.
*
- * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_CIPHER(\p alg) is true).
*
* \return The default IV size for the specified key type and algorithm.
* If the algorithm does not use an IV, return 0.
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index 0588d51..0987de4 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -50,38 +50,70 @@
*/
/** \brief Encoding of a key type.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_TYPE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint16_t psa_key_type_t;
/** The type of PSA elliptic curve family identifiers.
*
+ * Values of this type are generally constructed by macros called
+ * `PSA_ECC_FAMILY_xxx`.
+ *
* The curve identifier is required to create an ECC key using the
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
* macros.
*
* Values defined by this standard will never be in the range 0x80-0xff.
* Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint8_t psa_ecc_family_t;
/** The type of PSA Diffie-Hellman group family identifiers.
*
+ * Values of this type are generally constructed by macros called
+ * `PSA_DH_FAMILY_xxx`.
+ *
* The group identifier is required to create an Diffie-Hellman key using the
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
* macros.
*
* Values defined by this standard will never be in the range 0x80-0xff.
* Vendors who define additional families must use an encoding in this range.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint8_t psa_dh_family_t;
/** \brief Encoding of a cryptographic algorithm.
*
+ * Values of this type are generally constructed by macros called
+ * `PSA_ALG_xxx`.
+ *
* For algorithms that can be applied to multiple key types, this type
* does not encode the key type. For example, for symmetric ciphers
* based on a block cipher, #psa_algorithm_t encodes the block cipher
* mode and the padding mode while the block cipher itself is encoded
* via #psa_key_type_t.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint32_t psa_algorithm_t;
@@ -123,6 +155,14 @@
* #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
* available. Other lifetime values may be supported depending on the
* library configuration.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_LIFETIME_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint32_t psa_key_lifetime_t;
@@ -154,6 +194,11 @@
* \note Key persistence levels are 8-bit values. Key management
* interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
* encode the persistence as the lower 8 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint8_t psa_key_persistence_t;
@@ -190,6 +235,11 @@
* \note Key location indicators are 24-bit values. Key management
* interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
* encode the location as the upper 24 bits of a 32-bit value.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
*/
typedef uint32_t psa_key_location_t;
@@ -201,6 +251,10 @@
* #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
* - 0 is reserved as an invalid key identifier.
* - Key identifiers outside these ranges are reserved for future use.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to how values are allocated must require careful
+ * consideration to allow backward compatibility.
*/
typedef uint32_t psa_key_id_t;
#define PSA_KEY_ID_INIT 0
@@ -211,7 +265,16 @@
* @{
*/
-/** \brief Encoding of permitted usage on a key. */
+/** \brief Encoding of permitted usage on a key.
+ *
+ * Values of this type are generally constructed as bitwise-ors of macros
+ * called `PSA_KEY_USAGE_xxx`.
+ *
+ * \note Values of this type are encoded in the persistent key store.
+ * Any changes to existing values will require bumping the storage
+ * format version and providing a translation when reading the old
+ * format.
+ */
typedef uint32_t psa_key_usage_t;
/**@}*/
@@ -329,7 +392,11 @@
* @{
*/
-/** \brief Encoding of the step of a key derivation. */
+/** \brief Encoding of the step of a key derivation.
+ *
+ * Values of this type are generally constructed by macros called
+ * `PSA_KEY_DERIVATION_INPUT_xxx`.
+ */
typedef uint16_t psa_key_derivation_step_t;
/**@}*/
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 769bc7d..797c8c5 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -18,6 +18,11 @@
* designations of cryptographic algorithms, and error codes returned by
* the library.
*
+ * Note that many of the constants defined in this file are embedded in
+ * the persistent key store, as part of key metadata (including usage
+ * policies). As a consequence, they must not be changed (unless the storage
+ * format version changes).
+ *
* This header file only defines preprocessor macros.
*/
@@ -30,6 +35,18 @@
/* PSA error codes */
+/* Error codes are standardized across PSA domains (framework, crypto, storage,
+ * etc.). Do not change the values in this section or even the expansions
+ * of each macro: it must be possible to `#include` both this header
+ * and some other PSA component's headers in the same C source,
+ * which will lead to duplicate definitions of the `PSA_SUCCESS` and
+ * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
+ * to the same sequence of tokens.
+ *
+ * If you must add a new
+ * value, check with the Arm PSA framework group to pick one that other
+ * domains aren't already using. */
+
/** The action was completed successfully. */
#ifndef PSA_SUCCESS
#define PSA_SUCCESS ((psa_status_t)0)
@@ -308,6 +325,12 @@
* @{
*/
+/* Note that key type values, including ECC family and DH group values, are
+ * embedded in the persistent key store, as part of key metadata. As a
+ * consequence, they must not be changed (unless the storage format version
+ * changes).
+ */
+
/** An invalid key type value.
*
* Zero is not the encoding of any key type.
@@ -458,8 +481,7 @@
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
/** Key for a cipher, AEAD or MAC algorithm based on the
- * ARIA block cipher.
- */
+ * ARIA block cipher. */
#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
@@ -474,16 +496,19 @@
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
/** Key for a cipher, AEAD or MAC algorithm based on the
- * Camellia block cipher.
- */
+ * Camellia block cipher. */
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
* ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
*
- * Implementations must support 12-byte nonces, may support 8-byte nonces,
- * and should reject other sizes.
+ * \note For ChaCha20 and ChaCha20_Poly1305, Mbed TLS only supports
+ * 12-byte nonces.
+ *
+ * \note For ChaCha20, the initial counter value is 0. To encrypt or decrypt
+ * with the initial counter value 1, you can process and discard a
+ * 64-byte block before the real data.
*/
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
@@ -546,6 +571,9 @@
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
0))
+/** Check if the curve of given family is Weierstrass elliptic curve. */
+#define PSA_ECC_FAMILY_IS_WEIERSTRASS(family) ((family & 0xc0) == 0)
+
/** SEC Koblitz curves over prime fields.
*
* This family comprises the following curves:
@@ -705,6 +733,11 @@
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
0u)
+/* Note that algorithm values are embedded in the persistent key store,
+ * as part of key metadata. As a consequence, they must not be changed
+ * (unless the storage format version changes).
+ */
+
/** Vendor-defined algorithm flag.
*
* Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
@@ -1446,7 +1479,7 @@
* with a random per-message secret number (*k*).
*
* The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
* *r* and *s* is encoded as an *N*-octet string, where *N* is the length
* of the base point of the curve in octets. Each value is represented
* in big-endian order (most significant octet first).
@@ -1727,6 +1760,12 @@
* You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
* starting to generate output.
*
+ * \warning HKDF processes the salt as follows: first hash it with hash_alg
+ * if the salt is longer than the block size of the hash algorithm; then
+ * pad with null bytes up to the block size. As a result, it is possible
+ * for distinct salt inputs to result in the same outputs. To ensure
+ * unique outputs, it is recommended to use a fixed length for salt values.
+ *
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
@@ -1752,6 +1791,112 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t)0x08000400)
+/** Macro to build an HKDF-Extract algorithm.
+ *
+ * For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA256)` is
+ * HKDF-Extract using HMAC-SHA-256.
+ *
+ * This key derivation algorithm uses the following inputs:
+ * - PSA_KEY_DERIVATION_INPUT_SALT is the salt.
+ * - PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used in the
+ * "extract" step.
+ * The inputs are mandatory and must be passed in the order above.
+ * Each input may only be passed once.
+ *
+ * \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF
+ * should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided
+ * as a separate algorithm for the sake of protocols that use it as a
+ * building block. It may also be a slight performance optimization
+ * in applications that use HKDF with the same salt and key but many
+ * different info strings.
+ *
+ * \warning HKDF processes the salt as follows: first hash it with hash_alg
+ * if the salt is longer than the block size of the hash algorithm; then
+ * pad with null bytes up to the block size. As a result, it is possible
+ * for distinct salt inputs to result in the same outputs. To ensure
+ * unique outputs, it is recommended to use a fixed length for salt values.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding HKDF-Extract algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_HKDF_EXTRACT(hash_alg) \
+ (PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+/** Whether the specified algorithm is an HKDF-Extract algorithm.
+ *
+ * HKDF-Extract is a family of key derivation algorithms that are based
+ * on a hash function and the HMAC construction.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is an HKDF-Extract algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_HKDF_EXTRACT(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE)
+
+#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t)0x08000500)
+/** Macro to build an HKDF-Expand algorithm.
+ *
+ * For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA256)` is
+ * HKDF-Expand using HMAC-SHA-256.
+ *
+ * This key derivation algorithm uses the following inputs:
+ * - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudorandom key (PRK).
+ * - PSA_KEY_DERIVATION_INPUT_INFO is the info string.
+ *
+ * The inputs are mandatory and must be passed in the order above.
+ * Each input may only be passed once.
+ *
+ * \warning HKDF-Expand is not meant to be used on its own. `PSA_ALG_HKDF`
+ * should be used instead if possible. `PSA_ALG_HKDF_EXPAND` is provided as
+ * a separate algorithm for the sake of protocols that use it as a building
+ * block. It may also be a slight performance optimization in applications
+ * that use HKDF with the same salt and key but many different info strings.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding HKDF-Expand algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_HKDF_EXPAND(hash_alg) \
+ (PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+/** Whether the specified algorithm is an HKDF-Expand algorithm.
+ *
+ * HKDF-Expand is a family of key derivation algorithms that are based
+ * on a hash function and the HMAC construction.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is an HKDF-Expand algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_HKDF_EXPAND(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
+
+/** Whether the specified algorithm is an HKDF or HKDF-Extract or
+ * HKDF-Expand algorithm.
+ *
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is any HKDF type algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_ANY_HKDF(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE || \
+ ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \
+ ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
+
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
/** Macro to build a TLS-1.2 PRF algorithm.
*
@@ -1807,13 +1952,37 @@
* This key derivation algorithm uses the following inputs, which must be
* passed in the order given here:
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
+ * - #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET is the other secret for the
+ * computation of the premaster secret. This input is optional;
+ * if omitted, it defaults to a string of null bytes with the same length
+ * as the secret (PSK) input.
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
*
* For the application to TLS-1.2, the seed (which is
* forwarded to the TLS-1.2 PRF) is the concatenation of the
* ClientHello.Random + ServerHello.Random,
- * and the label is "master secret" or "extended master secret".
+ * the label is "master secret" or "extended master secret" and
+ * the other secret depends on the key exchange specified in the cipher suite:
+ * - for a plain PSK cipher suite (RFC 4279, Section 2), omit
+ * PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
+ * - for a DHE-PSK (RFC 4279, Section 3) or ECDHE-PSK cipher suite
+ * (RFC 5489, Section 2), the other secret should be the output of the
+ * PSA_ALG_FFDH or PSA_ALG_ECDH key agreement performed with the peer.
+ * The recommended way to pass this input is to use a key derivation
+ * algorithm constructed as
+ * PSA_ALG_KEY_AGREEMENT(ka_alg, PSA_ALG_TLS12_PSK_TO_MS(hash_alg))
+ * and to call psa_key_derivation_key_agreement(). Alternatively,
+ * this input may be an output of `psa_raw_key_agreement()` passed with
+ * psa_key_derivation_input_bytes(), or an equivalent input passed with
+ * psa_key_derivation_input_bytes() or psa_key_derivation_input_key().
+ * - for a RSA-PSK cipher suite (RFC 4279, Section 4), the other secret
+ * should be the 48-byte client challenge (the PreMasterSecret of
+ * (RFC 5246, Section 7.4.7.1)) concatenation of the TLS version and
+ * a 46-byte random string chosen by the client. On the server, this is
+ * typically an output of psa_asymmetric_decrypt() using
+ * PSA_ALG_RSA_PKCS1V15_CRYPT, passed to the key derivation operation
+ * with `psa_key_derivation_input_bytes()`.
*
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
@@ -2057,6 +2226,11 @@
* @{
*/
+/* Note that location and persistence level values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
/** The default lifetime for volatile keys.
*
* A volatile key only exists as long as the identifier to it is not destroyed.
@@ -2172,6 +2346,11 @@
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+/* Note that key identifier values are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
/** The null key identifier.
*/
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
@@ -2194,6 +2373,11 @@
* @{
*/
+/* Note that key usage flags are embedded in the
+ * persistent key store, as part of key metadata. As a consequence, they
+ * must not be changed (unless the storage format version changes).
+ */
+
/** Whether the key may be exported.
*
* A public key or the public part of a key pair may always be exported
@@ -2320,6 +2504,9 @@
* @{
*/
+/* Key input steps are not embedded in the persistent storage, so you can
+ * change them if needed: it's only an ABI change. */
+
/** A secret input for key derivation.
*
* This should be a key of type #PSA_KEY_TYPE_DERIVE
@@ -2355,6 +2542,16 @@
*/
#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)
+/** A high-entropy additional secret input for key derivation.
+ *
+ * This is typically the shared secret resulting from a key agreement obtained
+ * via `psa_key_derivation_key_agreement()`. It may alternatively be a key of
+ * type `PSA_KEY_TYPE_DERIVE` passed to `psa_key_derivation_input_key()`, or
+ * a direct input passed to `psa_key_derivation_input_bytes()`.
+ */
+#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET \
+ ((psa_key_derivation_step_t)0x0103)
+
/** A label for key derivation.
*
* This should be a direct input.
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 4182771..b411fc1 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
@@ -1,7 +1,7 @@
-From 7646887f31114085b21cfaf75e54b32ba984d9f5 Mon Sep 17 00:00:00 2001
+From c0e88bba61a814023032be4f1fabe8aff3deb00c Mon Sep 17 00:00:00 2001
From: TTornblom <thomas.tornblom@iar.com>
Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/8] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/5] BUILD: Update IAR support in CMakeLists.txt
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain.
@@ -12,10 +12,10 @@
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 6debe35d..fd1c07ca 100644
+index 0d65b57b8..8d4646d7b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -209,7 +209,10 @@ if(CMAKE_COMPILER_IS_CLANG)
+@@ -224,7 +224,10 @@ if(CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_IAR)
@@ -28,5 +28,5 @@
if(CMAKE_COMPILER_IS_MSVC)
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index 39b5905..59c9eee 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,7 +1,7 @@
-From 12019676c1a5f4a32a07bf94d6751b45529c4c0a Mon Sep 17 00:00:00 2001
+From 1d8011d0dbd174ffcda57f9977bca8fdccf5aea0 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/8] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/5] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
@@ -13,7 +13,7 @@
diff --git a/library/code_share.c b/library/code_share.c
new file mode 100644
-index 00000000..2bf67fb4
+index 000000000..2bf67fb42
--- /dev/null
+++ b/library/code_share.c
@@ -0,0 +1,3 @@
@@ -21,7 +21,7 @@
+ * extensive crypto code sharing was already applied on the mbedtls library.
+ */
diff --git a/library/platform.c b/library/platform.c
-index e742fde7..c309dc0c 100644
+index 6151e6c49..074ecbb72 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -53,8 +53,8 @@ static void platform_free_uninit( void *ptr )
@@ -36,7 +36,7 @@
void * mbedtls_calloc( size_t nmemb, size_t size )
{
diff --git a/library/platform_util.c b/library/platform_util.c
-index 3d5cb5ba..277ec70b 100644
+index 916a7f444..8936a9d7d 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -62,7 +62,7 @@
@@ -49,5 +49,5 @@
void mbedtls_platform_zeroize( void *buf, size_t len )
{
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch b/lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
similarity index 79%
rename from lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
rename to lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
index 7c7c282..5be9fca 100644
--- a/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
+++ b/lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
@@ -1,7 +1,7 @@
-From fbcda7268ab105c4bc598d8169c95bf610b5aa22 Mon Sep 17 00:00:00 2001
+From 281356afac7b6217a65c87dde490d1b24f625d65 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Thu, 30 Jun 2022 14:14:11 +0800
-Subject: [PATCH 8/8] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
+Subject: [PATCH 3/5] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C are needed when
PSA_WANT_ALG_CHACHA20_POLY1305 is defined.
@@ -12,10 +12,10 @@
1 file changed, 2 insertions(+)
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
-index 13e64dd7..88ff70ba 100644
+index 2a6672e17..3cb89009b 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
-@@ -437,6 +437,8 @@ extern "C" {
+@@ -450,6 +450,8 @@ extern "C" {
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
#define MBEDTLS_CHACHAPOLY_C
@@ -25,5 +25,5 @@
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
deleted file mode 100644
index ce89462..0000000
--- a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 80359134a00ca37c48355b30aa9810db9fb54b29 Mon Sep 17 00:00:00 2001
-From: Summer Qin <summer.qin@arm.com>
-Date: Wed, 5 Jan 2022 15:00:49 +0800
-Subject: [PATCH 3/8] Disable export MbedTLSTargets
-
-Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
-MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
-needs to configure some tfm target which for mbedtls to be exported.
-
-Signed-off-by: Summer Qin <summer.qin@arm.com>
----
- CMakeLists.txt | 26 --------------------------
- 1 file changed, 26 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fd1c07ca..3f32a8f3 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -328,32 +328,6 @@ if(ENABLE_TESTING)
- endif()
- endif()
-
--configure_package_config_file(
-- "cmake/MbedTLSConfig.cmake.in"
-- "cmake/MbedTLSConfig.cmake"
-- INSTALL_DESTINATION "cmake")
--
--write_basic_package_version_file(
-- "cmake/MbedTLSConfigVersion.cmake"
-- COMPATIBILITY SameMajorVersion
-- VERSION 3.1.0)
--
--install(
-- FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
-- "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
-- DESTINATION "cmake")
--
--export(
-- EXPORT MbedTLSTargets
-- NAMESPACE MbedTLS::
-- FILE "cmake/MbedTLSTargets.cmake")
--
--install(
-- EXPORT MbedTLSTargets
-- NAMESPACE MbedTLS::
-- DESTINATION "cmake"
-- FILE "MbedTLSTargets.cmake")
--
- if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
- # Do not export the package by default
- cmake_policy(SET CMP0090 NEW)
---
-2.17.1
-
diff --git a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
similarity index 80%
rename from lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
rename to lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
index ae85b9d..a8941fc 100644
--- a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
+++ b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -1,10 +1,12 @@
-From 183db7cb5970816ab6e0b1e4d6d93b734bb84440 Mon Sep 17 00:00:00 2001
-From: Salome Thirot <salome.thirot@arm.com>
-Date: Wed, 7 Jul 2021 10:24:43 +0100
-Subject: [PATCH 4/8] CC3XX: Hardcode entry points for the CC3XX driver
+From 353e4dce10bf7957715320b38dd8f96a9e51d7f9 Mon Sep 17 00:00:00 2001
+From: Antonio de Angelis <Antonio.deAngelis@arm.com>
+Date: Fri, 15 Jul 2022 12:41:34 +0100
+Subject: [PATCH 4/5] Driver wrapper entry points for CC3XX
-Use PSA driver for CC3XX driver to avoid fallback to software
-implementation. This will save 22.23KB in RO size.
+Manually hardcode PSA driver entry points for the CC3XX driver
+into psa_crypto_driver_wrappers.c (and provide missing entry point
+definitions if any). This is a temporary solution until the codegen
+framework is available for automatic integration.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
@@ -14,13 +16,13 @@
---
.../psa/crypto_driver_contexts_composites.h | 9 +
.../psa/crypto_driver_contexts_primitives.h | 9 +
- library/psa_crypto.c | 65 +-
- library/psa_crypto_driver_wrappers.c | 925 ++++++++++++++----
- library/psa_crypto_driver_wrappers.h | 29 +
- 5 files changed, 834 insertions(+), 203 deletions(-)
+ library/psa_crypto.c | 21 +-
+ library/psa_crypto_driver_wrappers.c | 858 ++++++++++++++----
+ library/psa_crypto_driver_wrappers.h | 14 +
+ 5 files changed, 708 insertions(+), 203 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
-index 3f1c8af4..2fdf9561 100644
+index 3f1c8af4b..2fdf9561f 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -41,6 +41,9 @@
@@ -54,7 +56,7 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
-index 2bb01ed4..2bc0bda7 100644
+index 2bb01ed43..2bc0bda70 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -40,6 +40,9 @@
@@ -88,65 +90,13 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 829ed452..48377ffe 100644
+index b0116ddfb..0e33f409c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -3073,6 +3073,25 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
+@@ -5862,11 +5862,24 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
goto exit;
}
-+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ psa_key_attributes_t attributes = {
-+ .core = slot->attr
-+ };
-+
-+ status = psa_driver_wrapper_asymmetric_encrypt( &attributes,
-+ slot->key.data,
-+ slot->key.bytes,
-+ alg,
-+ input,
-+ input_length,
-+ salt,
-+ salt_length,
-+ output,
-+ output_size,
-+ output_length );
-+ goto exit;
-+#endif
-+
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
- #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-@@ -3188,6 +3207,25 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
- goto exit;
- }
-
-+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ psa_key_attributes_t attributes = {
-+ .core = slot->attr
-+ };
-+
-+ status = psa_driver_wrapper_asymmetric_decrypt( &attributes,
-+ slot->key.data,
-+ slot->key.bytes,
-+ alg,
-+ input,
-+ input_length,
-+ salt,
-+ salt_length,
-+ output,
-+ output_size,
-+ output_length );
-+ goto exit;
-+#endif
-+
- if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-@@ -5499,11 +5537,30 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_key_agreement_raw_internal( alg, slot,
- peer_key, peer_key_length,
- output, output_size,
@@ -154,35 +104,29 @@
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
-
-+ status = psa_driver_wrapper_key_agreement( &attributes,
++
++ status = psa_driver_wrapper_key_agreement( alg, &attributes,
+ slot->key.data,
+ slot->key.bytes,
-+ peer_key,
-+ peer_key_length,
-+ output,
-+ output_size,
-+ output_length,
-+ alg );
-+
-+ if( status == PSA_ERROR_NOT_SUPPORTED )
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
+
++ if (status == PSA_ERROR_NOT_SUPPORTED)
+ {
-+ status = psa_key_agreement_raw_internal( alg,
-+ slot,
-+ peer_key,
-+ peer_key_length,
-+ output,
-+ output_size,
-+ output_length);
++ status = psa_key_agreement_raw_internal( alg, slot,
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
+ }
exit:
if( status != PSA_SUCCESS )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 8d864786..22273b8c 100644
+index a5ae6a29e..2097db0cb 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
-@@ -44,6 +44,16 @@
+@@ -45,6 +45,16 @@
#include "test/drivers/test_driver.h"
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -199,7 +143,7 @@
/* Repeat above block for each JSON-declared driver during autogeneration */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-@@ -57,6 +67,10 @@
+@@ -58,6 +68,10 @@
#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -210,7 +154,7 @@
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
-@@ -127,6 +141,21 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -128,6 +142,21 @@ psa_status_t psa_driver_wrapper_sign_message(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -232,7 +176,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_message(
attributes,
-@@ -142,8 +171,19 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -143,8 +172,19 @@ psa_status_t psa_driver_wrapper_sign_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -253,7 +197,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -167,18 +207,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -168,18 +208,9 @@ psa_status_t psa_driver_wrapper_sign_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -274,7 +218,7 @@
}
psa_status_t psa_driver_wrapper_verify_message(
-@@ -201,6 +232,20 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -202,6 +233,20 @@ psa_status_t psa_driver_wrapper_verify_message(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -295,7 +239,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_message(
attributes,
-@@ -215,8 +260,18 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -216,8 +261,18 @@ psa_status_t psa_driver_wrapper_verify_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -315,7 +259,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -239,17 +294,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -240,17 +295,9 @@ psa_status_t psa_driver_wrapper_verify_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -335,7 +279,7 @@
}
psa_status_t psa_driver_wrapper_sign_hash(
-@@ -288,6 +335,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -289,6 +336,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -356,7 +300,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_hash( attributes,
key_buffer,
-@@ -302,7 +363,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -303,7 +364,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -366,7 +310,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
key_buffer,
-@@ -313,6 +375,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -314,6 +376,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
signature,
signature_size,
signature_length ) );
@@ -374,7 +318,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -334,6 +397,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -335,6 +398,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -382,7 +326,7 @@
}
psa_status_t psa_driver_wrapper_verify_hash(
-@@ -372,6 +436,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -373,6 +437,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -402,7 +346,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_hash(
attributes,
-@@ -386,8 +463,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -387,8 +464,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -413,7 +357,7 @@
return( psa_verify_hash_builtin( attributes,
key_buffer,
key_buffer_size,
-@@ -396,6 +473,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -397,6 +474,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
hash_length,
signature,
signature_length ) );
@@ -421,7 +365,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -416,6 +494,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -417,6 +495,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -429,7 +373,7 @@
}
/** Calculate the key buffer size required to store the key material of a key
-@@ -547,6 +626,14 @@ psa_status_t psa_driver_wrapper_generate_key(
+@@ -548,6 +627,14 @@ psa_status_t psa_driver_wrapper_generate_key(
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
/* Cycle through all known transparent accelerators */
@@ -444,7 +388,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
-@@ -758,6 +845,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -759,6 +846,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -463,7 +407,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_export_public_key(
attributes,
-@@ -770,7 +869,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -771,7 +870,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -473,7 +417,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
-@@ -778,6 +878,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -779,6 +879,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
data,
data_size,
data_length ) );
@@ -481,7 +425,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -795,6 +896,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -796,6 +897,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
/* Key is declared with a lifetime not known to us */
return( status );
}
@@ -489,7 +433,7 @@
}
psa_status_t psa_driver_wrapper_get_builtin_key(
-@@ -907,9 +1009,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -908,9 +1010,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -517,7 +461,7 @@
return( mbedtls_psa_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -958,6 +1075,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -959,6 +1076,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -525,7 +469,7 @@
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
-@@ -995,9 +1113,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -996,9 +1114,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -551,7 +495,7 @@
return( mbedtls_psa_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -1040,6 +1171,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1041,6 +1172,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -559,7 +503,7 @@
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
-@@ -1072,8 +1204,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1073,8 +1205,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -584,7 +528,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1113,6 +1259,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1114,6 +1260,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -592,7 +536,7 @@
}
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
-@@ -1145,8 +1292,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1146,8 +1293,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -617,7 +561,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1185,6 +1346,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1186,6 +1347,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -625,7 +569,7 @@
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
-@@ -1194,13 +1356,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1195,13 +1357,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
{
switch( operation->id )
{
@@ -639,7 +583,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1213,6 +1368,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1214,6 +1369,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -657,7 +601,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1232,16 +1398,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1233,16 +1399,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
{
switch( operation->id )
{
@@ -674,7 +618,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1256,6 +1412,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1257,6 +1413,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -696,7 +640,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1276,14 +1447,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1277,14 +1448,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
{
switch( operation->id )
{
@@ -711,7 +655,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1296,6 +1459,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1297,6 +1460,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -730,7 +674,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1313,11 +1488,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1314,11 +1489,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
switch( operation->id )
{
@@ -742,7 +686,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1336,6 +1506,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1337,6 +1507,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -761,7 +705,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1357,15 +1539,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1358,15 +1540,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
@@ -785,7 +729,7 @@
status = mbedtls_psa_hash_compute( alg, input, input_length,
hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
-@@ -1389,6 +1577,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1390,6 +1578,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
@@ -793,7 +737,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
-@@ -1399,8 +1588,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1400,8 +1589,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
return( status );
#endif
@@ -813,7 +757,7 @@
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1421,18 +1620,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
+@@ -1422,18 +1621,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
{
switch( source_operation->id )
{
@@ -846,7 +790,7 @@
#endif
default:
(void) target_operation;
-@@ -1447,16 +1654,23 @@ psa_status_t psa_driver_wrapper_hash_update(
+@@ -1448,16 +1655,23 @@ psa_status_t psa_driver_wrapper_hash_update(
{
switch( operation->id )
{
@@ -875,7 +819,7 @@
#endif
default:
(void) input;
-@@ -1473,16 +1687,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1474,16 +1688,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
{
switch( operation->id )
{
@@ -904,7 +848,7 @@
#endif
default:
(void) hash;
-@@ -1497,14 +1718,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1498,14 +1719,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
{
switch( operation->id )
{
@@ -929,24 +873,18 @@
#endif
default:
return( PSA_ERROR_BAD_STATE );
-@@ -1543,24 +1770,39 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1544,7 +1771,20 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-- /* Fell through, meaning no accelerator supports this operation */
-- return( mbedtls_psa_aead_encrypt(
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
-- ciphertext, ciphertext_size, ciphertext_length ) );
--
-- /* Add cases for opaque driver here */
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length );
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
@@ -954,21 +892,18 @@
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ break;
+#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+
-+ /* Fell through, meaning no accelerator supports this operation */
-+ return( mbedtls_psa_aead_encrypt(
-+ attributes, key_buffer, key_buffer_size,
-+ alg,
-+ nonce, nonce_length,
-+ additional_data, additional_data_length,
-+ plaintext, plaintext_length,
-+ ciphertext, ciphertext_size, ciphertext_length ) );
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+
-+ /* Add cases for opaque driver here */
- default:
- /* Key is declared with a lifetime not known to us */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_encrypt(
+@@ -1554,6 +1794,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+
+@@ -1562,6 +1803,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -976,7 +911,7 @@
}
psa_status_t psa_driver_wrapper_aead_decrypt(
-@@ -1595,7 +1837,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1596,7 +1838,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -998,7 +933,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_decrypt(
-@@ -1605,6 +1860,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1606,6 +1861,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length ) );
@@ -1006,15 +941,48 @@
/* Add cases for opaque driver here */
-@@ -1613,6 +1869,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1614,6 +1870,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
+ return status;
}
+ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+@@ -1622,14 +1879,27 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+ if( operation == NULL || tag_len == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
++ switch( operation->id )
++ {
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ *tag_len = operation->ctx.cc3xx_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+- *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
+- return ( PSA_SUCCESS );
+-#endif
++ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
++ *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
+ #endif
+- *tag_len = operation->ctx.mbedtls_ctx.tag_length;
+- return ( PSA_SUCCESS );
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ *tag_len = operation->ctx.mbedtls_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ }
++
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
-@@ -1643,7 +1900,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1660,7 +1930,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1034,7 +1002,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1651,9 +1919,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1668,9 +1949,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
&operation->ctx.mbedtls_ctx, attributes,
key_buffer, key_buffer_size,
alg );
@@ -1046,7 +1014,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1661,6 +1928,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1678,6 +1958,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1054,7 +1022,7 @@
}
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
-@@ -1692,7 +1960,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1709,7 +1990,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1075,7 +1043,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1701,9 +1981,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1718,9 +2011,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1087,7 +1055,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1711,6 +1990,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1728,6 +2020,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1095,7 +1063,7 @@
}
psa_status_t psa_driver_wrapper_aead_set_nonce(
-@@ -1720,14 +2000,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1737,14 +2030,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
{
switch( operation->id )
{
@@ -1110,7 +1078,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1738,6 +2010,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1755,6 +2040,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1131,7 +1099,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1754,14 +2040,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1771,14 +2070,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
{
switch( operation->id )
{
@@ -1146,7 +1114,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1772,6 +2050,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1789,6 +2080,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1167,7 +1135,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1788,14 +2080,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1805,14 +2110,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
{
switch( operation->id )
{
@@ -1182,7 +1150,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1806,6 +2090,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1823,6 +2120,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1203,7 +1171,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1825,15 +2123,6 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1842,15 +2153,6 @@ psa_status_t psa_driver_wrapper_aead_update(
{
switch( operation->id )
{
@@ -1219,7 +1187,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1845,6 +2134,22 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1862,6 +2164,22 @@ psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1242,7 +1210,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1868,16 +2173,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1885,16 +2203,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
{
switch( operation->id )
{
@@ -1259,7 +1227,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1889,6 +2184,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1906,6 +2214,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1283,7 +1251,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1912,7 +2224,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -1929,7 +2254,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
{
switch( operation->id )
{
@@ -1313,7 +1281,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-@@ -1939,20 +2272,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -1956,20 +2302,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
return( status );
}
@@ -1334,7 +1302,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1970,12 +2289,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -1987,12 +2319,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
{
switch( operation->id )
{
@@ -1347,7 +1315,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1985,6 +2298,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2002,6 +2328,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1365,7 +1333,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2024,8 +2348,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2041,8 +2378,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1384,7 +1352,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
-@@ -2060,6 +2392,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2077,6 +2422,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
(void) status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1392,7 +1360,7 @@
}
psa_status_t psa_driver_wrapper_mac_sign_setup(
-@@ -2092,8 +2425,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2109,8 +2455,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1414,7 +1382,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2132,6 +2476,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2149,6 +2506,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
(void) alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1422,7 +1390,7 @@
}
psa_status_t psa_driver_wrapper_mac_verify_setup(
-@@ -2164,8 +2509,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2181,8 +2539,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1444,7 +1412,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2204,6 +2560,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2221,6 +2590,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
(void) alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1452,7 +1420,7 @@
}
psa_status_t psa_driver_wrapper_mac_update(
-@@ -2213,12 +2570,6 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2230,12 +2600,6 @@ psa_status_t psa_driver_wrapper_mac_update(
{
switch( operation->id )
{
@@ -1465,7 +1433,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2231,6 +2582,14 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2248,6 +2612,14 @@ psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1480,7 +1448,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2247,12 +2606,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2264,12 +2636,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
{
switch( operation->id )
{
@@ -1493,7 +1461,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2265,6 +2618,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2282,6 +2648,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1509,7 +1477,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2281,12 +2643,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2298,12 +2673,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
{
switch( operation->id )
{
@@ -1522,7 +1490,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2299,6 +2655,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2316,6 +2685,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1539,7 +1507,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2312,11 +2678,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2329,11 +2708,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
{
switch( operation->id )
{
@@ -1551,7 +1519,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2326,10 +2687,176 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2343,6 +2717,13 @@ psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1562,21 +1530,22 @@
+#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ default:
-+ return( PSA_ERROR_INVALID_ARGUMENT );
-+ }
-+}
-+
-+/*
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+@@ -2350,7 +2731,58 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ }
+
+ /*
+- * Asymmetric cryptography
+ * Key agreement functions
+ */
+psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *priv_key, size_t priv_key_size,
+ const uint8_t *publ_key, size_t publ_key_size,
-+ uint8_t *output, size_t output_size, size_t *output_length,
-+ psa_algorithm_t alg )
++ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
@@ -1601,7 +1570,7 @@
+ alg );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ (void) status;
+ return ( PSA_ERROR_NOT_SUPPORTED );
+ default:
@@ -1621,26 +1590,13 @@
+
+/*
+ * Asymmetric operations
-+ */
-+psa_status_t psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-+
-+ psa_key_location_t location =
-+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-+
-+ switch( location )
-+ {
-+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+ /* Key is stored in the slot in export representation, so
-+ * cycle through all known transparent accelerators */
-+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ */
+ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+@@ -2368,6 +2800,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_encrypt( attributes,
+ key_buffer,
@@ -1655,45 +1611,13 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ (void) status;
-+ return ( PSA_ERROR_NOT_SUPPORTED );
- default:
-+ /* Key is declared with a lifetime not known to us */
-+ (void) key_buffer;
-+ (void) key_buffer_size;
-+ (void) alg;
-+ (void) input;
-+ (void) input_length;
-+ (void) salt;
-+ (void) salt_length;
-+ (void) output;
-+ (void) output_size;
-+ (void) output_length;
-+
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
-
-+psa_status_t psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-+
-+ psa_key_location_t location =
-+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-+
-+ switch( location )
-+ {
-+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+ /* Key is stored in the slot in export representation, so
-+ * cycle through all known transparent accelerators */
-+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+@@ -2426,6 +2872,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_decrypt( attributes,
+ key_buffer,
@@ -1708,66 +1632,34 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ (void) status;
-+ return( PSA_ERROR_NOT_SUPPORTED );
-+ default:
-+ /* Key is declared with a lifetime not known to us */
-+ (void) key_buffer;
-+ (void) key_buffer_size;
-+ (void) alg;
-+ (void) input;
-+ (void) input_length;
-+ (void) salt;
-+ (void) salt_length;
-+ (void) output;
-+ (void) output_size;
-+ (void) output_length;
-+
-+ return( PSA_ERROR_INVALID_ARGUMENT );
-+ }
-+}
- #endif /* MBEDTLS_PSA_CRYPTO_C */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
-index e09e4ed7..9ebdb366 100644
+index 12c649da3..ac0cd1d89 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
-@@ -329,6 +329,35 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
- psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation );
+@@ -361,6 +361,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ size_t output_size,
+ size_t *output_length );
+/*
+ * Key agreement functions
+ */
+psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
-+ const uint8_t *priv_key, size_t priv_key_size,
-+ const uint8_t *publ_key, size_t peer_key_size,
-+ uint8_t *output, size_t output_size, size_t *output_length,
-+ psa_algorithm_t alg );
-+
-+/*
-+ * Asymmetric operations
-+ */
-+psa_status_t psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length);
-+
-+psa_status_t psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length);
++ const uint8_t *priv_key,
++ size_t priv_key_size,
++ const uint8_t *publ_key,
++ size_t peer_key_size,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
similarity index 99%
rename from lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
rename to lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
index ae3b950..acd7f6d 100644
--- a/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
+++ b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
@@ -1,7 +1,7 @@
-From 9bbe4b0c89e2f92f8e661955b91d06c80cde7b77 Mon Sep 17 00:00:00 2001
+From 37bad45c56543a289be7854a8723d9b29c0b8cb2 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Wed, 21 Jul 2021 12:42:15 +0100
-Subject: [PATCH 7/8] Add LMS implementation
+Subject: [PATCH 5/5] Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.
@@ -21,8 +21,8 @@
tests/suites/test_suite_lmots.data | 29 +
tests/suites/test_suite_lmots.function | 108 ++++
tests/suites/test_suite_lms.data | 32 ++
- tests/suites/test_suite_lms.function | 85 +++
- 15 files changed, 2287 insertions(+), 1 deletion(-)
+ tests/suites/test_suite_lms.function | 84 +++
+ 15 files changed, 2286 insertions(+), 1 deletion(-)
create mode 100644 ChangeLog.d/LMS.txt
create mode 100644 include/mbedtls/lmots.h
create mode 100644 include/mbedtls/lms.h
@@ -35,7 +35,7 @@
diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt
new file mode 100644
-index 00000000..0f09f018
+index 000000000..0f09f0186
--- /dev/null
+++ b/ChangeLog.d/LMS.txt
@@ -0,0 +1,12 @@
@@ -52,10 +52,10 @@
+ required for LMS. This can be used independently, but each key can only be
+ used to sign one message so is impractical for most circumstances.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
-index ce97f6a3..96a89a63 100644
+index 5fe984984..c3017aef3 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
-@@ -291,6 +291,16 @@
+@@ -333,6 +333,16 @@
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
#endif
@@ -73,7 +73,7 @@
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
-index 8b2b9ea5..73d61dbc 100644
+index 8b2b9ea58..73d61dbc6 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -82,6 +82,8 @@
@@ -87,7 +87,7 @@
* Name ID Nr of Errors
diff --git a/include/mbedtls/lmots.h b/include/mbedtls/lmots.h
new file mode 100644
-index 00000000..c98f3bfd
+index 000000000..c98f3bfd7
--- /dev/null
+++ b/include/mbedtls/lmots.h
@@ -0,0 +1,303 @@
@@ -396,7 +396,7 @@
+#endif /* MBEDTLS_LMOTS_H */
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
new file mode 100644
-index 00000000..77559e24
+index 000000000..77559e24b
--- /dev/null
+++ b/include/mbedtls/lms.h
@@ -0,0 +1,271 @@
@@ -672,10 +672,10 @@
+
+#endif /* MBEDTLS_LMS_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
-index 0558ee00..3c886ebd 100644
+index 1c60ec8e4..dd2841459 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
-@@ -2361,6 +2361,34 @@
+@@ -2405,6 +2405,34 @@
*/
#define MBEDTLS_HMAC_DRBG_C
@@ -711,7 +711,7 @@
* \def MBEDTLS_NIST_KW_C
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 07599f5d..aea6c2e7 100644
+index 0884f57ae..f52195be3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -40,6 +40,8 @@ set(src_crypto
@@ -724,7 +724,7 @@
md5.c
memory_buffer_alloc.c
diff --git a/library/Makefile b/library/Makefile
-index 5c23aebf..cca9556c 100644
+index f5ff474ec..dfe76c139 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -105,6 +105,8 @@ OBJS_CRYPTO= \
@@ -738,7 +738,7 @@
memory_buffer_alloc.o \
diff --git a/library/lmots.c b/library/lmots.c
new file mode 100644
-index 00000000..7319d29b
+index 000000000..7319d29be
--- /dev/null
+++ b/library/lmots.c
@@ -0,0 +1,684 @@
@@ -1428,7 +1428,7 @@
+#endif /* MBEDTLS_LMOTS_C */
diff --git a/library/lms.c b/library/lms.c
new file mode 100644
-index 00000000..e1ac7b93
+index 000000000..e1ac7b935
--- /dev/null
+++ b/library/lms.c
@@ -0,0 +1,718 @@
@@ -2151,7 +2151,7 @@
+
+#endif /* MBEDTLS_LMS_C */
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
-index 0a03f02e..d333f659 100755
+index 0a03f02e9..d333f6590 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -47,7 +47,7 @@ my $error_format_file = $data_dir.'/error.fmt';
@@ -2165,7 +2165,7 @@
my @high_level_modules = qw( CIPHER DHM ECP MD
diff --git a/tests/suites/test_suite_lmots.data b/tests/suites/test_suite_lmots.data
new file mode 100644
-index 00000000..ed192bf7
+index 000000000..ed192bf7d
--- /dev/null
+++ b/tests/suites/test_suite_lmots.data
@@ -0,0 +1,29 @@
@@ -2200,7 +2200,7 @@
+lmots_reuse_test:"cfcd1e81193e310c9d931d1b00818d14"
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
new file mode 100644
-index 00000000..6de94d12
+index 000000000..6de94d124
--- /dev/null
+++ b/tests/suites/test_suite_lmots.function
@@ -0,0 +1,108 @@
@@ -2314,7 +2314,7 @@
+/* END_CASE */
diff --git a/tests/suites/test_suite_lms.data b/tests/suites/test_suite_lms.data
new file mode 100644
-index 00000000..b17fddc1
+index 000000000..b17fddc15
--- /dev/null
+++ b/tests/suites/test_suite_lms.data
@@ -0,0 +1,32 @@
@@ -2352,10 +2352,10 @@
+lms_import_export_test:"00000006000000046B0927585C8547228D495361D73B970C287A2254BF8F1B170E55ACC9520A56CE5D2C711B6617718B49247D28CCC6D11D"
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
new file mode 100644
-index 00000000..b19d074f
+index 000000000..c3ebb9214
--- /dev/null
+++ b/tests/suites/test_suite_lms.function
-@@ -0,0 +1,85 @@
+@@ -0,0 +1,84 @@
+/* BEGIN_HEADER */
+#include "mbedtls/lms.h"
+#include "mbedtls/entropy.h"
@@ -2440,7 +2440,6 @@
+ mbedtls_lms_free( &ctx );
+}
+/* END_CASE */
-+
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
deleted file mode 100644
index 271ed97..0000000
--- a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 72d36ceab1854403646db0f1d1d8d39431806bb6 Mon Sep 17 00:00:00 2001
-From: Summer Qin <summer.qin@arm.com>
-Date: Wed, 18 May 2022 18:13:12 +0800
-Subject: [PATCH 5/8] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-
-Signed-off-by: Summer Qin <summer.qin@arm.com>
----
- include/mbedtls/config_psa.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
-index 68dda0f3..13e64dd7 100644
---- a/include/mbedtls/config_psa.h
-+++ b/include/mbedtls/config_psa.h
-@@ -31,9 +31,17 @@
- #define MBEDTLS_CONFIG_PSA_H
-
- #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
-+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-+#else
- #include "psa/crypto_config.h"
-+#endif
- #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
-+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-+#endif
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
---
-2.17.1
-
diff --git a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
deleted file mode 100644
index ef5aafb..0000000
--- a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 5be6ef47c3ad2e8befc1882d362a1ee66918796c Mon Sep 17 00:00:00 2001
-From: Antonio de Angelis <Antonio.deAngelis@arm.com>
-Date: Thu, 5 May 2022 14:11:32 +0100
-Subject: [PATCH 6/8] Fix key_id and owner_id accessor macros
-
-The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
-need to have the MBEDTLS_PRIVATE() specifier as these fields are private
-
-Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
----
- include/psa/crypto_values.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
-index 5a903f86..2d39625d 100644
---- a/include/psa/crypto_values.h
-+++ b/include/psa/crypto_values.h
-@@ -2242,8 +2242,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
- #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
- #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
--#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
--#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
-+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).MBEDTLS_PRIVATE(key_id) )
-+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).MBEDTLS_PRIVATE(owner) )
-
- /** Utility to initialize a key identifier at runtime.
- *
---
-2.17.1
-
diff --git a/lib/ext/psa_arch_tests/0005-fix-raw_key_agreement-small-buffer-error.patch b/lib/ext/psa_arch_tests/0005-fix-raw_key_agreement-small-buffer-error.patch
new file mode 100644
index 0000000..6ecbe02
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0005-fix-raw_key_agreement-small-buffer-error.patch
@@ -0,0 +1,25 @@
+From 090b7471450c1f7594a00b661fd177bc96182877 Mon Sep 17 00:00:00 2001
+From: Beat Heeb <heeb@oberon.ch>
+Date: Mon, 4 Apr 2022 18:35:06 +0200
+Subject: [PATCH] fix raw_key_agreement small buffer error
+
+---
+ api-tests/dev_apis/crypto/test_c043/test_data.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c043/test_data.h b/api-tests/dev_apis/crypto/test_c043/test_data.h
+index e585078..e5bf7d7 100644
+--- a/api-tests/dev_apis/crypto/test_c043/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c043/test_data.h
+@@ -65,7 +65,7 @@ static const test_data check1[] = {
+ 65,
+ {0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+- 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 10, PSA_ERROR_INVALID_ARGUMENT
++ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 10, PSA_ERROR_BUFFER_TOO_SMALL
+ },
+
+ #endif
+--
+2.25.1
+