Crypto: Update to mbed TLS 3.2.1
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I92274fc6496219a2fef35db4cf02a6fe66f3a276
diff --git a/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
new file mode 100644
index 0000000..a8941fc
--- /dev/null
+++ b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -0,0 +1,1665 @@
+From 353e4dce10bf7957715320b38dd8f96a9e51d7f9 Mon Sep 17 00:00:00 2001
+From: Antonio de Angelis <Antonio.deAngelis@arm.com>
+Date: Fri, 15 Jul 2022 12:41:34 +0100
+Subject: [PATCH 4/5] Driver wrapper entry points for CC3XX
+
+Manually hardcode PSA driver entry points for the CC3XX driver
+into psa_crypto_driver_wrappers.c (and provide missing entry point
+definitions if any). This is a temporary solution until the codegen
+framework is available for automatic integration.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+Signed-off-by: Salome Thirot <salome.thirot@arm.com>
+Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
+Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
+Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
+---
+ .../psa/crypto_driver_contexts_composites.h | 9 +
+ .../psa/crypto_driver_contexts_primitives.h | 9 +
+ library/psa_crypto.c | 21 +-
+ library/psa_crypto_driver_wrappers.c | 858 ++++++++++++++----
+ library/psa_crypto_driver_wrappers.h | 14 +
+ 5 files changed, 708 insertions(+), 203 deletions(-)
+
+diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
+index 3f1c8af4b..2fdf9561f 100644
+--- a/include/psa/crypto_driver_contexts_composites.h
++++ b/include/psa/crypto_driver_contexts_composites.h
+@@ -41,6 +41,9 @@
+
+ /* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#include "cc3xx_crypto_primitives_private.h"
++#endif
+
+ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+ #include <libtestdriver1/include/psa/crypto.h>
+@@ -104,6 +107,9 @@ typedef union {
+ mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
+ mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_mac_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_mac_context_t;
+
+ typedef union {
+@@ -112,6 +118,9 @@ typedef union {
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_aead_operation_t cc3xx_driver_ctx;
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ } psa_driver_aead_context_t;
+
+ #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
+diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
+index 2bb01ed43..2bc0bda70 100644
+--- a/include/psa/crypto_driver_contexts_primitives.h
++++ b/include/psa/crypto_driver_contexts_primitives.h
+@@ -40,6 +40,9 @@
+
+ /* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#include "cc3xx_crypto_primitives_private.h"
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
+ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
+ #include <libtestdriver1/include/psa/crypto.h>
+@@ -102,6 +105,9 @@ typedef union {
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_hash_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_hash_context_t;
+
+ typedef union {
+@@ -111,6 +117,9 @@ typedef union {
+ mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
+ mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
+ #endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ cc3xx_cipher_operation_t cc3xx_driver_ctx;
++#endif
+ } psa_driver_cipher_context_t;
+
+ #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
+diff --git a/library/psa_crypto.c b/library/psa_crypto.c
+index b0116ddfb..0e33f409c 100644
+--- a/library/psa_crypto.c
++++ b/library/psa_crypto.c
+@@ -5862,11 +5862,24 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
+ goto exit;
+ }
+
+- status = psa_key_agreement_raw_internal( alg, slot,
+- peer_key, peer_key_length,
+- output, output_size,
+- output_length );
++ psa_key_attributes_t attributes = {
++ .core = slot->attr
++ };
++
++ status = psa_driver_wrapper_key_agreement( alg, &attributes,
++ slot->key.data,
++ slot->key.bytes,
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
+
++ if (status == PSA_ERROR_NOT_SUPPORTED)
++ {
++ status = psa_key_agreement_raw_internal( alg, slot,
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
++ }
+ exit:
+ if( status != PSA_SUCCESS )
+ {
+diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
+index a5ae6a29e..2097db0cb 100644
+--- a/library/psa_crypto_driver_wrappers.c
++++ b/library/psa_crypto_driver_wrappers.c
+@@ -45,6 +45,16 @@
+ #include "test/drivers/test_driver.h"
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#ifndef PSA_CRYPTO_DRIVER_PRESENT
++#define PSA_CRYPTO_DRIVER_PRESENT
++#endif
++#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
++#endif
++#include "cc3xx.h"
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
+ /* Repeat above block for each JSON-declared driver during autogeneration */
+ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
+
+@@ -58,6 +68,10 @@
+ #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++#define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
+ /* Support the 'old' SE interface when asked to */
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
+@@ -128,6 +142,21 @@ psa_status_t psa_driver_wrapper_sign_message(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_sign_message(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_sign_message(
+ attributes,
+@@ -143,8 +172,19 @@ psa_status_t psa_driver_wrapper_sign_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_sign_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_size,
++ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -168,18 +208,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+-
+- return( psa_sign_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_size,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_verify_message(
+@@ -202,6 +233,20 @@ psa_status_t psa_driver_wrapper_verify_message(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_verify_message(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_verify_message(
+ attributes,
+@@ -216,8 +261,18 @@ psa_status_t psa_driver_wrapper_verify_message(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ /* Fell through, meaning no accelerator supports this operation */
++ return( psa_verify_message_builtin( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ signature,
++ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -240,17 +295,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+- break;
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+-
+- return( psa_verify_message_builtin( attributes,
+- key_buffer,
+- key_buffer_size,
+- alg,
+- input,
+- input_length,
+- signature,
+- signature_length ) );
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -289,6 +336,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_sign_hash( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ hash,
++ hash_length,
++ signature,
++ signature_size,
++ signature_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_sign_hash( attributes,
+ key_buffer,
+@@ -303,7 +364,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_sign_hash_builtin( attributes,
+ key_buffer,
+@@ -314,6 +376,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ signature,
+ signature_size,
+ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -335,6 +398,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -373,6 +437,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_verify_hash( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ hash,
++ hash_length,
++ signature,
++ signature_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_verify_hash(
+ attributes,
+@@ -387,8 +464,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ return( psa_verify_hash_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -397,6 +474,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ hash_length,
+ signature,
+ signature_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -417,6 +495,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ /** Calculate the key buffer size required to store the key material of a key
+@@ -548,6 +627,14 @@ psa_status_t psa_driver_wrapper_generate_key(
+ if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
+ {
+ /* Cycle through all known transparent accelerators */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_generate_key(
++ attributes, key_buffer, key_buffer_size,
++ key_buffer_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ break;
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_generate_key(
+ attributes, key_buffer, key_buffer_size,
+@@ -759,6 +846,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_export_public_key(
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ data,
++ data_size,
++ data_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_export_public_key(
+ attributes,
+@@ -771,7 +870,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_export_public_key_internal( attributes,
+ key_buffer,
+@@ -779,6 +879,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ data,
+ data_size,
+ data_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+@@ -796,6 +897,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+ /* Key is declared with a lifetime not known to us */
+ return( status );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_get_builtin_key(
+@@ -908,9 +1010,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_encrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ iv,
++ iv_length,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_encrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -959,6 +1076,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -996,9 +1114,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_decrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length );
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_decrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+@@ -1041,6 +1172,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1073,8 +1205,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_encrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg );
++ /* Declared with fallback == true */
++ if( status == PSA_SUCCESS )
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -1114,6 +1260,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ (void)alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1146,8 +1293,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_cipher_decrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer,
++ key_buffer_size,
++ alg );
++ /* Declared with fallback == true */
++ if( status == PSA_SUCCESS )
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -1186,6 +1347,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ (void)alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1195,13 +1357,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
+- iv,
+- iv_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1214,6 +1369,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+ &operation->ctx.opaque_test_driver_ctx,
+ iv, iv_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_set_iv(
++ &operation->ctx.cc3xx_driver_ctx,
++ iv, iv_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
++ iv,
++ iv_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1233,16 +1399,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
+- input,
+- input_length,
+- output,
+- output_size,
+- output_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1257,6 +1413,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
+ input, input_length,
+ output, output_size, output_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length,
++ output, output_size, output_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
++ input,
++ input_length,
++ output,
++ output_size,
++ output_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1277,14 +1448,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
+- output,
+- output_size,
+- output_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1297,6 +1460,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ output, output_size, output_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_cipher_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ output, output_size, output_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX*/
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
++ output,
++ output_size,
++ output_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1314,11 +1489,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1337,6 +1507,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+ sizeof( operation->ctx.opaque_test_driver_ctx ) );
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ status = cc3xx_cipher_abort(
++ &operation->ctx.cc3xx_driver_ctx );
++ mbedtls_platform_zeroize(
++ &operation->ctx.cc3xx_driver_ctx,
++ sizeof( operation->ctx.cc3xx_driver_ctx ) );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1358,15 +1540,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_compute(
+ alg, input, input_length, hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif
+-
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
++ hash_length);
++ if (status != PSA_ERROR_NOT_SUPPORTED)
++ return status;
++#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
+ /* If software fallback is compiled in, try fallback */
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+@@ -1390,6 +1578,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try setup on accelerators first */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_hash_setup(
+ &operation->ctx.test_driver_ctx, alg );
+@@ -1400,8 +1589,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
+ return( status );
+ #endif
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
++ if( status == PSA_SUCCESS )
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++
++ if( status != PSA_ERROR_NOT_SUPPORTED) {
++ return( status );
++ }
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
+ /* If software fallback is compiled in, try fallback */
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1422,18 +1621,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
+ {
+ switch( source_operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+- return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
+- &target_operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ return( mbedtls_test_transparent_hash_clone(
+ &source_operation->ctx.test_driver_ctx,
+ &target_operation->ctx.test_driver_ctx ) );
++#endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ return( cc3xx_hash_clone(
++ &source_operation->ctx.cc3xx_driver_ctx,
++ &target_operation->ctx.cc3xx_driver_ctx ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
++ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
++ &target_operation->ctx.mbedtls_ctx ) );
+ #endif
+ default:
+ (void) target_operation;
+@@ -1448,16 +1655,23 @@ psa_status_t psa_driver_wrapper_hash_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
+- input, input_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_update(
+ &operation->ctx.test_driver_ctx,
+ input, input_length ) );
++#endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
++ input, input_length ) );
+ #endif
+ default:
+ (void) input;
+@@ -1474,16 +1688,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
+- hash, hash_size, hash_length ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_finish(
+ &operation->ctx.test_driver_ctx,
+ hash, hash_size, hash_length ) );
++#endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ hash, hash_size, hash_length ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
++ hash, hash_size, hash_length ) );
+ #endif
+ default:
+ (void) hash;
+@@ -1498,14 +1719,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_hash_abort(
+ &operation->ctx.test_driver_ctx ) );
++#endif
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_hash_abort(
++ &operation->ctx.cc3xx_driver_ctx ) );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+@@ -1544,7 +1771,20 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_aead_encrypt(
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ plaintext, plaintext_length,
++ ciphertext, ciphertext_size, ciphertext_length );
++
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_encrypt(
+@@ -1554,6 +1794,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+
+@@ -1562,6 +1803,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1596,7 +1838,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_aead_decrypt(
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ ciphertext, ciphertext_length,
++ plaintext, plaintext_size, plaintext_length );
++
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_decrypt(
+@@ -1606,6 +1861,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+
+@@ -1614,6 +1870,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+@@ -1622,14 +1879,27 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+ if( operation == NULL || tag_len == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
++ switch( operation->id )
++ {
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ *tag_len = operation->ctx.cc3xx_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+- *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
+- return ( PSA_SUCCESS );
+-#endif
++ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
++ *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
+ #endif
+- *tag_len = operation->ctx.mbedtls_ctx.tag_length;
+- return ( PSA_SUCCESS );
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ *tag_len = operation->ctx.mbedtls_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ }
++
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1660,7 +1930,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ status = cc3xx_aead_encrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes, key_buffer, key_buffer_size,
++ alg );
++
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1668,9 +1949,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ &operation->ctx.mbedtls_ctx, attributes,
+ key_buffer, key_buffer_size,
+ alg );
+-
+- return( status );
+-
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
+ /* Add cases for opaque driver here */
+
+ default:
+@@ -1678,6 +1958,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1709,7 +1990,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ status = cc3xx_aead_decrypt_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg );
++
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+@@ -1718,9 +2011,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+-
+- return( status );
+-
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ break;
+ /* Add cases for opaque driver here */
+
+ default:
+@@ -1728,6 +2020,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1737,14 +2030,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
+- nonce,
+- nonce_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1755,6 +2040,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_set_nonce(
++ &operation->ctx.cc3xx_driver_ctx,
++ nonce, nonce_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
++ nonce,
++ nonce_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1771,14 +2070,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
+- ad_length,
+- plaintext_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1789,6 +2080,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_set_lengths(
++ &operation->ctx.cc3xx_driver_ctx,
++ ad_length, plaintext_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
++ ad_length,
++ plaintext_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1805,14 +2110,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
+- input,
+- input_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1823,6 +2120,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_update_ad(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
++ input,
++ input_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1842,15 +2153,6 @@ psa_status_t psa_driver_wrapper_aead_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
+- input, input_length,
+- output, output_size,
+- output_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1862,6 +2164,22 @@ psa_status_t psa_driver_wrapper_aead_update(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_update(
++ &operation->ctx.cc3xx_driver_ctx,
++ input, input_length, output, output_size,
++ output_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
++ input, input_length,
++ output, output_size,
++ output_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1885,16 +2203,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+- ciphertext,
+- ciphertext_size,
+- ciphertext_length, tag,
+- tag_size, tag_length ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -1906,6 +2214,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ ciphertext, ciphertext_size,
++ ciphertext_length, tag, tag_size, tag_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
++ ciphertext,
++ ciphertext_size,
++ ciphertext_length, tag,
++ tag_size, tag_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1929,7 +2254,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_TEST)
++ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
++ return( mbedtls_test_transparent_aead_verify(
++ &operation->ctx.transparent_test_driver_ctx,
++ plaintext, plaintext_size,
++ plaintext_length, tag, tag_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_verify(
++ &operation->ctx.cc3xx_driver_ctx,
++ plaintext, plaintext_size,
++ plaintext_length, tag, tag_length ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+@@ -1956,20 +2302,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
+
+ return( status );
+ }
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+-#if defined(PSA_CRYPTO_DRIVER_TEST)
+- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+- return( mbedtls_test_transparent_aead_verify(
+- &operation->ctx.transparent_test_driver_ctx,
+- plaintext, plaintext_size,
+- plaintext_length, tag, tag_length ) );
+-
+- /* Add cases for opaque driver here */
+-
+-#endif /* PSA_CRYPTO_DRIVER_TEST */
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -1987,12 +2319,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
+-
+-#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2002,6 +2328,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
+ /* Add cases for opaque driver here */
+
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return( cc3xx_aead_abort(
++ &operation->ctx.cc3xx_driver_ctx ) );
++
++ /* Add cases for opaque driver here */
++
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ }
+
+@@ -2041,8 +2378,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
++ input, input_length,
++ mac, mac_size, mac_length);
++ /* Declared with fallback == true */
++ if( status != PSA_ERROR_NOT_SUPPORTED )
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+@@ -2077,6 +2422,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
+ (void) status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2109,8 +2455,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_sign_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg);
++ if (status == PSA_SUCCESS)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ if (status != PSA_ERROR_NOT_SUPPORTED)
++ return status;
++#endif
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -2149,6 +2506,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2181,8 +2539,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
+-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_mac_verify_setup(
++ &operation->ctx.cc3xx_driver_ctx,
++ attributes,
++ key_buffer, key_buffer_size,
++ alg);
++ if (status == PSA_SUCCESS)
++ operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
++ if (status != PSA_ERROR_NOT_SUPPORTED)
++ return status;
++#endif
++ break;
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+@@ -2221,6 +2590,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
++ return status;
+ }
+
+ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2230,12 +2600,6 @@ psa_status_t psa_driver_wrapper_mac_update(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
+- input, input_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2248,6 +2612,14 @@ psa_status_t psa_driver_wrapper_mac_update(
+ &operation->ctx.opaque_test_driver_ctx,
+ input, input_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
++#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
++ input, input_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) input;
+@@ -2264,12 +2636,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
+- mac, mac_size, mac_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2282,6 +2648,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_size, mac_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
++ mac, mac_size, mac_length));
++#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
++ mac, mac_size, mac_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+@@ -2298,12 +2673,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
+- mac, mac_length ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2316,6 +2685,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_length ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_verify_finish(
++ &operation->ctx.cc3xx_driver_ctx,
++ mac, mac_length));
++#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
++ mac, mac_length ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+@@ -2329,11 +2708,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ {
+ switch( operation->id )
+ {
+-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+- case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+- return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
+-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+-
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+@@ -2343,6 +2717,13 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ return( mbedtls_test_opaque_mac_abort(
+ &operation->ctx.opaque_test_driver_ctx ) );
+ #endif /* PSA_CRYPTO_DRIVER_TEST */
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
++#endif
++#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+@@ -2350,7 +2731,58 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ }
+
+ /*
+- * Asymmetric cryptography
++ * Key agreement functions
++ */
++psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
++ const psa_key_attributes_t *attributes,
++ const uint8_t *priv_key, size_t priv_key_size,
++ const uint8_t *publ_key, size_t publ_key_size,
++ uint8_t *output, size_t output_size, size_t *output_length )
++{
++ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
++
++ psa_key_location_t location =
++ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
++
++ switch( location )
++ {
++ case PSA_KEY_LOCATION_LOCAL_STORAGE:
++ /* Key is stored in the slot in export representation, so
++ * cycle through all known transparent accelerators */
++#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_key_agreement( attributes,
++ priv_key,
++ priv_key_size,
++ publ_key,
++ publ_key_size,
++ output,
++ output_size,
++ output_length,
++ alg );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ (void) status;
++ return ( PSA_ERROR_NOT_SUPPORTED );
++ default:
++ /* Key is declared with a lifetime not known to us */
++ (void) priv_key;
++ (void) priv_key_size;
++ (void) publ_key;
++ (void) publ_key_size;
++ (void) output;
++ (void) output_size;
++ (void) output_length;
++ (void) alg;
++
++ return( PSA_ERROR_INVALID_ARGUMENT );
++ }
++}
++
++/*
++ * Asymmetric operations
+ */
+ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+@@ -2368,6 +2800,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_asymmetric_encrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ salt,
++ salt_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+@@ -2426,6 +2872,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_asymmetric_decrypt( attributes,
++ key_buffer,
++ key_buffer_size,
++ alg,
++ input,
++ input_length,
++ salt,
++ salt_length,
++ output,
++ output_size,
++ output_length );
++ return( status );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
+index 12c649da3..ac0cd1d89 100644
+--- a/library/psa_crypto_driver_wrappers.h
++++ b/library/psa_crypto_driver_wrappers.h
+@@ -361,6 +361,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ size_t output_size,
+ size_t *output_length );
+
++/*
++ * Key agreement functions
++ */
++psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
++ const psa_key_attributes_t *attributes,
++ const uint8_t *priv_key,
++ size_t priv_key_size,
++ const uint8_t *publ_key,
++ size_t peer_key_size,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length );
++
+ #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
+
+ /* End of automatically generated file. */
+--
+2.25.1
+