external/ms_tpm/0001-Add-MbedTLS-crypto-port.patch

From 3e974d38472520577aead8f861e71ac48d2acd5e Mon Sep 17 00:00:00 2001
From: Balint Dobszay <balint.dobszay@arm.com>
Date: Wed, 25 Sep 2024 17:41:43 +0200
Subject: [PATCH 1/3] Add MbedTLS crypto port

Add a new crypto port that uses MbedTLS. The code is based on the crypto
port code for OpenSSL and WolfSSL found in this repo.

The autotools build system is changed to use MbedTLS by default. This
makes it possible to simply build the TPM and the simulator for the
host system, and run e.g. tpm2_tools commands against it. Make sure that
MbedTLS can be found by pkg-config, i.e. it's either installed to some
system default location, or pkg-config is configured to find the custom
installation. Tested with MbedTLS v3.6.0, the older v2.x that comes with
Ubuntu 22.04 and 24.04 is not compatible.

The build on the host system is done by these commands:
cd TPMCmd
./bootstrap
./configure
make

To start the simulator, run:
./TPMCmd/Simulator/src/tpm2-simulator -m

This creates an NVChip file, which is the non-volatile memory of the
TPM. If something goes wrong and the TPM ends up in a bad state, just
delete this file and restart the simulator.

To run tpm2_tools commands against the sim, in a separate terminal run:
export TPM2TOOLS_TCTI=mssim:host=localhost,port=2321
tpm2_startup -c
tpm2_getrandom --hex 4
...

Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I0abfab17918f0b1917e9ca30d30f7fe781cceca2
---
 TPMCmd/configure.ac                           |   8 +-
 TPMCmd/tpm/include/Mbed/TpmToMbedHash.h       | 158 +++++++
 TPMCmd/tpm/include/Mbed/TpmToMbedMath.h       |  87 ++++
 TPMCmd/tpm/include/Mbed/TpmToMbedSym.h        |  98 +++++
 .../tpm/include/prototypes/TpmToMbedMath_fp.h | 160 +++++++
 .../include/prototypes/TpmToMbedSupport_fp.h  |  44 ++
 .../tpm/include/prototypes/TpmToMbedSym_fp.h  |  51 +++
 TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c     | 407 ++++++++++++++++++
 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c  |  46 ++
 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c      |  94 ++++
 10 files changed, 1149 insertions(+), 4 deletions(-)
 create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
 create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
 create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
 create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
 create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
 create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
 create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
 create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
 create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c

diff --git a/TPMCmd/configure.ac b/TPMCmd/configure.ac
index 58a74b4..d3ebfba 100644
--- a/TPMCmd/configure.ac
+++ b/TPMCmd/configure.ac
@@ -51,16 +51,16 @@ AC_ARG_ENABLE(usedeviceid,
     AS_HELP_STRING([--enable-usedeviceid],
     [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.]))
 
-PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto])
+PKG_CHECK_MODULES([LIBCRYPTO], [mbedcrypto])
 AS_IF([test "x$enable_usedeviceid" = "xyes"], [
     PKG_CHECK_MODULES([LIBUDEV], [libudev])
     [ADDITIONAL_LIBS="-ludev"]
 ])
 AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])])
 
-AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms])
-AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms])
-AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations])
+AC_DEFINE([HASH_LIB], [Mbed], [Crypto lib for hash algorithms])
+AC_DEFINE([SYM_LIB], [Mbed], [Crypto lib for symmetric encryption algorithms])
+AC_DEFINE([MATH_LIB], [Mbed], [Crypto lib for bignum operations])
 
 ADD_COMPILER_FLAG([-std=gnu11])
 ADD_COMPILER_FLAG([-Werror])
diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h b/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
new file mode 100644
index 0000000..2fec472
--- /dev/null
+++ b/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
@@ -0,0 +1,158 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef HASH_LIB_DEFINED
+#define HASH_LIB_DEFINED
+
+#define HASH_LIB_MBED
+
+#define HASH_ALIGNMENT RADIX_BYTES
+
+#if ALG_SM3_256
+#  undef ALG_SM3_256
+#  define ALG_SM3_256 ALG_NO
+#  error "SM3 is not available"
+#endif
+
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
+
+#define tpmHashStateSHA1_t   mbedtls_sha1_context
+#define tpmHashStateSHA256_t mbedtls_sha256_context
+#define tpmHashStateSHA384_t mbedtls_sha512_context
+#define tpmHashStateSHA512_t mbedtls_sha512_context
+
+#ifdef _CRYPT_HASH_C_
+
+typedef BYTE*       PBYTE;
+typedef const BYTE* PCBYTE;
+
+// Initialize the hash context
+#  define HASH_START_METHOD_DEF void(HASH_START_METHOD)(PANY_HASH_STATE state)
+#  define HASH_START(hashState) ((hashState)->def->method.start)(&(hashState)->state);
+
+// Add data to the hash
+#  define HASH_DATA_METHOD_DEF \
+    void(HASH_DATA_METHOD)(PANY_HASH_STATE state, PCBYTE buffer, size_t size)
+#  define HASH_DATA(hashState, dInSize, dIn) \
+    ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize)
+
+// Finalize the hash and get the digest
+#  define HASH_END_METHOD_DEF \
+    void(HASH_END_METHOD)(PANY_HASH_STATE state, BYTE * buffer)
+#  define HASH_END(hashState, buffer) \
+    ((hashState)->def->method.end)(&(hashState)->state, buffer)
+
+// Copy the hash context
+// Note: For import, export, and copy, memcpy() is used since there is no
+// reformatting necessary between the internal and external forms.
+#  define HASH_STATE_COPY_METHOD_DEF \
+    void(HASH_STATE_COPY_METHOD)(    \
+        PANY_HASH_STATE to, PCANY_HASH_STATE from, size_t size)
+#  define HASH_STATE_COPY(hashStateOut, hashStateIn)          \
+    ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \
+                                      &(hashStateIn)->state,  \
+                                      (hashStateIn)->def->contextSize)
+
+// Copy (with reformatting when necessary) an internal hash structure to an
+// external blob
+#  define HASH_STATE_EXPORT_METHOD_DEF \
+    void(HASH_STATE_EXPORT_METHOD)(BYTE * to, PCANY_HASH_STATE from, size_t size)
+#  define HASH_STATE_EXPORT(to, hashStateFrom)         \
+    ((hashStateFrom)->def->method.copyOut)(            \
+        &(((BYTE*)(to))[offsetof(HASH_STATE, state)]), \
+        &(hashStateFrom)->state,                       \
+        (hashStateFrom)->def->contextSize)
+
+// Copy from an external blob to an internal formate (with reformatting when
+// necessary
+#  define HASH_STATE_IMPORT_METHOD_DEF \
+    void(HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, const BYTE* from, size_t size)
+#  define HASH_STATE_IMPORT(hashStateTo, from)                 \
+    ((hashStateTo)->def->method.copyIn)(                       \
+        &(hashStateTo)->state,                                 \
+        &(((const BYTE*)(from))[offsetof(HASH_STATE, state)]), \
+        (hashStateTo)->def->contextSize)
+
+static inline int sha256_start(void *hash_state)
+{
+    return mbedtls_sha256_starts(hash_state, 0);
+}
+
+static inline int sha384_start(void *hash_state)
+{
+    return mbedtls_sha512_starts(hash_state, 1);
+}
+
+static inline int sha512_start(void *hash_state)
+{
+    return mbedtls_sha512_starts(hash_state, 0);
+}
+
+// Function aliases. The code in CryptHash.c uses the internal designation for the
+// functions. These need to be translated to the function names of the library.
+#  define tpmHashStart_SHA1         mbedtls_sha1_starts
+#  define tpmHashData_SHA1          mbedtls_sha1_update
+#  define tpmHashEnd_SHA1           mbedtls_sha1_finish
+#  define tpmHashStateCopy_SHA1     memcpy
+#  define tpmHashStateExport_SHA1   memcpy
+#  define tpmHashStateImport_SHA1   memcpy
+#  define tpmHashStart_SHA256       sha256_start
+#  define tpmHashData_SHA256        mbedtls_sha256_update
+#  define tpmHashEnd_SHA256         mbedtls_sha256_finish
+#  define tpmHashStateCopy_SHA256   memcpy
+#  define tpmHashStateExport_SHA256 memcpy
+#  define tpmHashStateImport_SHA256 memcpy
+#  define tpmHashStart_SHA384       sha384_start
+#  define tpmHashData_SHA384        mbedtls_sha512_update
+#  define tpmHashEnd_SHA384         mbedtls_sha512_finish
+#  define tpmHashStateCopy_SHA384   memcpy
+#  define tpmHashStateExport_SHA384 memcpy
+#  define tpmHashStateImport_SHA384 memcpy
+#  define tpmHashStart_SHA512       sha512_start
+#  define tpmHashData_SHA512        mbedtls_sha512_update
+#  define tpmHashEnd_SHA512         mbedtls_sha512_finish
+#  define tpmHashStateCopy_SHA512   memcpy
+#  define tpmHashStateExport_SHA512 memcpy
+#  define tpmHashStateImport_SHA512 memcpy
+
+#endif  // _CRYPT_HASH_C_
+
+#define LibHashInit()
+#define HashLibSimulationEnd()
+
+#endif  // HASH_LIB_DEFINED
diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h b/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
new file mode 100644
index 0000000..59edef8
--- /dev/null
+++ b/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
@@ -0,0 +1,87 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MATH_LIB_DEFINED
+#define MATH_LIB_DEFINED
+
+#define MATH_LIB_MBED
+
+#include <mbedtls/bignum.h>
+#include <mbedtls/ecp.h>
+#include <mbedtls/psa_util.h>
+
+// Make sure that the library is using the correct size for a crypt word
+#if (defined MBEDTLS_HAVE_INT32 && (RADIX_BITS != 32)) || \
+    (defined MBEDTLS_HAVE_INT64 && (RADIX_BITS != 64))
+#  error MbedTLS library is using different radix
+#endif
+
+#define MBEDTLS_OK 0
+
+#define MPI_INITIALIZED(name, initializer) \
+  mbedtls_mpi _##name; \
+  mbedtls_mpi* name = MpiInitialize(&_##name); \
+  BnToMbed(name, initializer);
+
+#define MPI_DELETE(name) \
+  mbedtls_mpi_free(&_##name);
+
+#define POINT_CREATE(name) \
+  mbedtls_ecp_point name; \
+  mbedtls_ecp_point_init(&name);
+
+#define POINT_DELETE(name) \
+  mbedtls_ecp_point_free(&name);
+
+typedef struct
+{
+    const ECC_CURVE_DATA *C; // the TPM curve values
+    mbedtls_ecp_group     G; // group parameters
+} MBED_CURVE_DATA;
+
+typedef MBED_CURVE_DATA *bigCurve;
+
+#define AccessCurveData(E) ((E)->C)
+
+#define CURVE_INITIALIZED(name, initializer) \
+  MBED_CURVE_DATA _##name; \
+  bigCurve name = BnCurveInitialize(&_##name, initializer)
+
+#define CURVE_FREE(name) BnCurveFree(name)
+
+#define MathLibSimulationEnd()
+
+#endif  // MATH_LIB_DEFINED
diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h b/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
new file mode 100644
index 0000000..db697d0
--- /dev/null
+++ b/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
@@ -0,0 +1,98 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYM_LIB_DEFINED
+#define SYM_LIB_DEFINED
+
+#define SYM_LIB_MBED
+
+#include <mbedtls/aes.h>
+
+#if ALG_TDES
+#  include <mbedtls/des.h>
+#endif
+
+#if ALG_SM4
+#  undef ALG_SM4
+#  define ALG_SM4 ALG_NO
+#  error "SM4 is not available"
+#endif
+
+#if ALG_CAMELLIA
+#  include <mbedtls/camellia.h>
+#endif
+
+#include "TpmToMbedSym_fp.h"
+
+#define SWIZZLE(keySchedule, in, out) \
+  (const BYTE*)(in), (BYTE*)(out), (void*)(keySchedule)
+
+typedef void (*TpmCryptSetSymKeyCall_t)(const BYTE* in, BYTE* out, void* keySchedule);
+
+#define SYM_ALIGNMENT RADIX_BYTES
+
+#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \
+  mbedtls_aes_setkey_enc((tpmKeyScheduleAES*)(schedule), key, keySizeInBits)
+#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \
+  mbedtls_aes_setkey_dec((tpmKeyScheduleAES*)(schedule), key, keySizeInBits)
+
+#define TpmCryptEncryptAES AES_encrypt
+#define TpmCryptDecryptAES AES_decrypt
+#define tpmKeyScheduleAES  mbedtls_aes_context
+
+#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \
+  TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES*)(schedule))
+#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \
+  TDES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES*)(schedule))
+
+#define TpmCryptEncryptTDES(in, out, keySchedule) mbedtls_des3_crypt_ecb((keySchedule), (in), (out))
+#define TpmCryptDecryptTDES(in, out, keySchedule) mbedtls_des3_crypt_ecb((keySchedule), (in), (out))
+#define tpmKeyScheduleTDES  mbedtls_des3_context
+
+#define TpmCryptSetEncryptKeyCAMELLIA(key, keySizeInBits, schedule) \
+  mbedtls_camellia_setkey_enc((tpmKeyScheduleCAMELLIA*)(schedule), (key), (keySizeInBits))
+#define TpmCryptSetDecryptKeyCAMELLIA(key, keySizeInBits, schedule) \
+  mbedtls_camellia_setkey_dec((tpmKeyScheduleCAMELLIA*)(schedule), (key), (keySizeInBits))
+
+#define TpmCryptEncryptCAMELLIA CAMELLIA_encrypt
+#define TpmCryptDecryptCAMELLIA CAMELLIA_decrypt
+#define tpmKeyScheduleCAMELLIA  mbedtls_camellia_context
+
+typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t;
+
+#define SymLibSimulationEnd()
+
+#endif  // SYM_LIB_DEFINED
diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
new file mode 100644
index 0000000..ac03575
--- /dev/null
+++ b/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
@@ -0,0 +1,160 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _TPM_TO_MBED_MATH_FP_H_
+#define _TPM_TO_MBED_MATH_FP_H_
+
+#ifdef MATH_LIB_MBED
+
+void BnFromMbed(bigNum bn, mbedtls_mpi *mbedBn);
+void BnToMbed(mbedtls_mpi *toInit, bigConst initializer);
+mbedtls_mpi *MpiInitialize(mbedtls_mpi *toInit);
+
+#  if LIBRARY_COMPATIBILITY_CHECK
+BOOL MathLibraryCompatibilityCheck(void);
+#  endif
+
+//*** BnModMult()
+// This function does a modular multiply. It first does a multiply and then a divide
+// and returns the remainder of the divide.
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus);
+
+//*** BnMult()
+// Multiplies two numbers
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier);
+
+//*** BnDiv()
+// This function divides two bigNum values. The function returns FALSE if
+// there is an error in the operation.
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnDiv(
+    bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor);
+
+#  if ALG_RSA
+//*** BnGcd()
+// Get the greatest common divisor of two numbers
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnGcd(bigNum   gcd,      // OUT: the common divisor
+                      bigConst number1,  // IN:
+                      bigConst number2   // IN:
+);
+
+//***BnModExp()
+// Do modular exponentiation using bigNum values. The conversion from a bignum_t to
+// a bigNum is trivial as they are based on the same structure
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnModExp(bigNum   result,    // OUT: the result
+                         bigConst number,    // IN: number to exponentiate
+                         bigConst exponent,  // IN:
+                         bigConst modulus    // IN:
+);
+
+//*** BnModInverse()
+// Modular multiplicative inverse
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation
+LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus);
+#  endif  // ALG_RSA
+#  if ALG_ECC
+
+//*** BnCurveInitialize()
+// This function initializes the curve information structure. This
+// structure points to the TPM-defined values for the curve, to the context for the
+// number values in the frame, and to the defined group values.
+//  Return Type: bigCurve *
+//      NULL        the TPM_ECC_CURVE is not valid or there was a problem in
+//                  in initializing the curve data
+//      non-NULL    points to 'E'
+LIB_EXPORT bigCurve BnCurveInitialize(
+    bigCurve      E,       // IN: curve structure to initialize
+    TPM_ECC_CURVE curveId  // IN: curve identifier
+);
+
+//*** BnCurveFree()
+// This function will free the allocated components of the curve and end the
+// frame in which the curve data exists
+LIB_EXPORT void BnCurveFree(bigCurve E);
+
+//*** BnEccModMult()
+// This function does a point multiply of the form R = [d]S
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation; treat as result being point at infinity
+LIB_EXPORT BOOL BnEccModMult(bigPoint   R,  // OUT: computed point
+                             pointConst S,  // IN: point to multiply by 'd' (optional)
+                             bigConst   d,  // IN: scalar for [d]S
+                             bigCurve   E);
+
+//*** BnEccModMult2()
+// This function does a point multiply of the form R = [d]G + [u]Q
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation; treat as result being point at infinity
+LIB_EXPORT BOOL BnEccModMult2(bigPoint   R,  // OUT: computed point
+                              pointConst S,  // IN: optional point
+                              bigConst   d,  // IN: scalar for [d]S or [d]G
+                              pointConst Q,  // IN: second point
+                              bigConst   u,  // IN: second scalar
+                              bigCurve   E   // IN: curve
+);
+
+//** BnEccAdd()
+// This function does addition of two points.
+//  Return Type: BOOL
+//      TRUE(1)         success
+//      FALSE(0)        failure in operation; treat as result being point at infinity
+LIB_EXPORT BOOL BnEccAdd(bigPoint   R,  // OUT: computed point
+                         pointConst S,  // IN: point to multiply by 'd'
+                         pointConst Q,  // IN: second point
+                         bigCurve   E   // IN: curve
+);
+#  endif  // ALG_ECC
+#endif    // MATHLIB_MBED
+
+#endif  // _TPM_TO_MBED_MATH_FP_H_
diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
new file mode 100644
index 0000000..72e666e
--- /dev/null
+++ b/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
@@ -0,0 +1,44 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _TPM_TO_MBED_SUPPORT_FP_H_
+#define _TPM_TO_MBED_SUPPORT_FP_H_
+
+#if defined(HASH_LIB_MBED) || defined(MATH_LIB_MBED) || defined(SYM_LIB_MBED)
+LIB_EXPORT int SupportLibInit(void);
+#endif  // HASH_LIB_MBED || MATH_LIB_MBED || SYM_LIB_MBED
+
+#endif  // _TPM_TO_MBED_SUPPORT_FP_H_
diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
new file mode 100644
index 0000000..7aad912
--- /dev/null
+++ b/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
@@ -0,0 +1,51 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _TPM_TO_MBED_SYM_FP_H_
+#define _TPM_TO_MBED_SYM_FP_H_
+
+#ifdef SYM_LIB_MBED
+
+int TDES_set_encrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule);
+int TDES_set_decrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule);
+int AES_encrypt(const BYTE *in, BYTE *out, void *keySchedule);
+int AES_decrypt(const BYTE *in, BYTE *out, void *keySchedule);
+int CAMELLIA_encrypt(const BYTE *in, BYTE *out, void *keySchedule);
+int CAMELLIA_decrypt(const BYTE *in, BYTE *out, void *keySchedule);
+
+#endif  // SYM_LIB_MBED
+
+#endif  // _TPM_TO_MBED_SYM_FP_H_
diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
new file mode 100644
index 0000000..bad931b
--- /dev/null
+++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
@@ -0,0 +1,407 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "Tpm.h"
+
+#ifdef MATH_LIB_MBED
+#  include "BnConvert_fp.h"
+#  include "TpmToMbedMath_fp.h"
+
+// This function converts a mbedtls_mpi to a TPM bignum. In this implementation
+// it is assumed that MbedTLS uses the same format for a big number as does the
+// TPM -- an array of native-endian words in little-endian order.
+void BnFromMbed(bigNum bn, mbedtls_mpi *mbedBn)
+{
+    uint32_t i;
+
+    if(bn != NULL) {
+        pAssert((unsigned)mbedBn->private_n <= BnGetAllocated(bn));
+
+        for(i = 0; i < mbedBn->private_n; i++)
+            bn->d[i] = mbedBn->private_p[i];
+
+        BnSetTop(bn, mbedBn->private_n);
+    }
+}
+
+// This function converts a TPM bignum to a mbedtls_mpi, and has the same
+// assumptions as made by BnFromMbed()
+void BnToMbed(mbedtls_mpi *toInit, bigConst initializer)
+{
+    uint32_t i;
+
+    if(toInit != NULL && initializer != NULL) {
+        mbedtls_mpi_grow(toInit, initializer->size);
+
+        for(i = 0; i < initializer->size; i++)
+            toInit->private_p[i] = initializer->d[i];
+
+        toInit->private_n = initializer->size;
+        /* TPM bignums are never negative, we can fix the sign to 1 */
+        toInit->private_s = 1;
+    }
+}
+
+mbedtls_mpi *MpiInitialize(mbedtls_mpi *toInit)
+{
+    mbedtls_mpi_init(toInit);
+    return toInit;
+}
+
+#  if LIBRARY_COMPATIBILITY_CHECK
+BOOL MathLibraryCompatibilityCheck(void)
+{
+    BN_VAR(tpmTemp, 64 * 8);
+    crypt_uword_t i;
+    TPM2B_TYPE(TEST, 16);
+    TPM2B_TEST test = {{16,
+                        {0x0F,
+                         0x0E,
+                         0x0D,
+                         0x0C,
+                         0x0B,
+                         0x0A,
+                         0x09,
+                         0x08,
+                         0x07,
+                         0x06,
+                         0x05,
+                         0x04,
+                         0x03,
+                         0x02,
+                         0x01,
+                         0x00}}};
+    // Convert the test TPM2B to a bigNum
+    BnFrom2B(tpmTemp, &test.b);
+    MPI_INITIALIZED(mbedTemp, tpmTemp);
+    // Make sure the values are consistent
+    VERIFY(mbedTemp->private_n * sizeof(mbedtls_mpi_uint)
+           == (int)tpmTemp->size * sizeof(crypt_uword_t));
+    for(i = 0; i < tpmTemp->size; i++)
+        VERIFY(((crypt_uword_t*)mbedTemp->private_p)[i] == tpmTemp->d[i]);
+
+    MPI_DELETE(mbedTemp);
+    return 1;
+Error:
+    return 0;
+}
+#  endif
+
+LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnOp1, op1);
+    MPI_INITIALIZED(bnOp2, op2);
+    MPI_INITIALIZED(bnTemp, NULL);
+    BN_VAR(temp, LARGEST_NUMBER_BITS * 2);
+
+    pAssert(BnGetAllocated(result) >= BnGetSize(modulus));
+
+    OK = (mbedtls_mpi_mul_mpi(bnTemp, bnOp1, bnOp2) == MBEDTLS_OK);
+    if(OK) {
+        BnFromMbed(temp, bnTemp);
+        OK = BnDiv(NULL, result, temp, modulus);
+    }
+
+    MPI_DELETE(bnOp1);
+    MPI_DELETE(bnOp2);
+    MPI_DELETE(bnTemp);
+
+    return OK;
+}
+
+LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnTemp, NULL);
+    MPI_INITIALIZED(bnA, multiplicand);
+    MPI_INITIALIZED(bnB, multiplier);
+
+    pAssert(result->allocated >= (BITS_TO_CRYPT_WORDS(
+                BnSizeInBits(multiplicand) + BnSizeInBits(multiplier))));
+
+    OK = (mbedtls_mpi_mul_mpi(bnTemp, bnA, bnB) == MBEDTLS_OK);
+    if(OK) {
+        BnFromMbed(result, bnTemp);
+    }
+
+    MPI_DELETE(bnTemp);
+    MPI_DELETE(bnA);
+    MPI_DELETE(bnB);
+
+    return OK;
+}
+
+LIB_EXPORT BOOL BnDiv(bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnQ, quotient);
+    MPI_INITIALIZED(bnR, remainder);
+    MPI_INITIALIZED(bnDend, dividend);
+    MPI_INITIALIZED(bnSor, divisor);
+
+    pAssert(!BnEqualZero(divisor));
+    if(BnGetSize(dividend) < BnGetSize(divisor)) {
+        if(quotient)
+            BnSetWord(quotient, 0);
+        if(remainder)
+            BnCopy(remainder, dividend);
+        OK = TRUE;
+    } else {
+        pAssert((quotient == NULL) ||
+                (quotient->allocated >= (unsigned)(dividend->size - divisor->size)));
+        pAssert((remainder == NULL) || (remainder->allocated >= divisor->size));
+        OK = (mbedtls_mpi_div_mpi(bnQ, bnR, bnDend, bnSor) == MBEDTLS_OK);
+        if(OK) {
+            BnFromMbed(quotient, bnQ);
+            BnFromMbed(remainder, bnR);
+        }
+    }
+
+    MPI_DELETE(bnQ);
+    MPI_DELETE(bnR);
+    MPI_DELETE(bnDend);
+    MPI_DELETE(bnSor);
+
+    return OK;
+}
+
+#  if ALG_RSA
+LIB_EXPORT BOOL BnGcd(bigNum gcd,bigConst number1, bigConst number2)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnGcd, gcd);
+    MPI_INITIALIZED(bn1, number1);
+    MPI_INITIALIZED(bn2, number2);
+
+    pAssert(gcd != NULL);
+    OK = (mbedtls_mpi_gcd(bnGcd, bn1, bn2) == MBEDTLS_OK);
+    if(OK) {
+        BnFromMbed(gcd, bnGcd);
+    }
+
+    MPI_DELETE(bnGcd);
+    MPI_DELETE(bn1);
+    MPI_DELETE(bn2);
+
+    return OK;
+}
+
+LIB_EXPORT BOOL BnModExp(bigNum result, bigConst number, bigConst exponent, bigConst modulus)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnResult, result);
+    MPI_INITIALIZED(bnN, number);
+    MPI_INITIALIZED(bnE, exponent);
+    MPI_INITIALIZED(bnM, modulus);
+
+    OK = (mbedtls_mpi_exp_mod(bnResult, bnN, bnE, bnM, NULL) == MBEDTLS_OK);
+    if(OK) {
+        BnFromMbed(result, bnResult);
+    }
+
+    MPI_DELETE(bnResult);
+    MPI_DELETE(bnN);
+    MPI_DELETE(bnE);
+    MPI_DELETE(bnM);
+
+    return OK;
+}
+
+LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus)
+{
+    BOOL OK;
+    MPI_INITIALIZED(bnResult, result);
+    MPI_INITIALIZED(bnN, number);
+    MPI_INITIALIZED(bnM, modulus);
+
+    OK = (mbedtls_mpi_inv_mod(bnResult, bnN, bnM) == MBEDTLS_OK);
+    if(OK) {
+        BnFromMbed(result, bnResult);
+    }
+
+    MPI_DELETE(bnResult);
+    MPI_DELETE(bnN);
+    MPI_DELETE(bnM);
+
+    return OK;
+}
+#  endif  // TPM_ALG_RSA
+
+#  if ALG_ECC
+
+void PointFromMbed(bigPoint pOut, mbedtls_ecp_point* pIn)
+{
+    BnFromMbed(pOut->x, &pIn->private_X);
+    BnFromMbed(pOut->y, &pIn->private_Y);
+    BnFromMbed(pOut->z, &pIn->private_Z);
+}
+
+void PointToMbed(mbedtls_ecp_point* pOut, pointConst pIn)
+{
+    BnToMbed(&pOut->private_X, pIn->x);
+    BnToMbed(&pOut->private_Y, pIn->y);
+    BnToMbed(&pOut->private_Z, pIn->z);
+}
+
+LIB_EXPORT bigCurve BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId)
+{
+    const ECC_CURVE_DATA* C = GetCurveData(curveId);
+
+    if(C == NULL)
+        E = NULL;
+
+    if(E != NULL) {
+        E->C   = C;
+
+        mbedtls_ecp_group_init(&E->G);
+        BnToMbed(&E->G.P, C->prime);
+        BnToMbed(&E->G.A, C->a);
+        BnToMbed(&E->G.B, C->b);
+        BnToMbed(&E->G.N, C->order);
+
+        BnToMbed(&E->G.G.private_X, C->base.x);
+        BnToMbed(&E->G.G.private_Y, C->base.y);
+
+        E->G.pbits = mbedtls_mpi_bitlen(&E->G.P);
+        E->G.nbits = mbedtls_mpi_bitlen(&E->G.N);
+
+        E->G.private_h = 1;
+    }
+
+    return E;
+}
+
+LIB_EXPORT void BnCurveFree(bigCurve E)
+{
+    if(E)
+        mbedtls_ecp_group_free(&E->G);
+}
+
+LIB_EXPORT BOOL BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E)
+{
+    BOOL OK;
+    POINT_CREATE(pR);
+    POINT_CREATE(pS);
+    MPI_INITIALIZED(bnD, d);
+
+    if(S == NULL)
+        S = CurveGetG(AccessCurveData(E));
+
+    PointToMbed(&pS, S);
+
+    OK = (mbedtls_ecp_mul(&E->G, &pR, bnD, &pS, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)
+            == MBEDTLS_OK);
+    if(OK) {
+        PointFromMbed(R, &pR);
+    }
+
+    POINT_DELETE(pS);
+    POINT_DELETE(pR);
+    MPI_DELETE(bnD);
+
+    return !BnEqualZero(R->z);
+}
+
+LIB_EXPORT BOOL BnEccModMult2(bigPoint R, pointConst S, bigConst d, pointConst Q,
+                              bigConst u, bigCurve E)
+{
+    BOOL OK;
+    POINT_CREATE(pR);
+    POINT_CREATE(pS);
+    POINT_CREATE(pQ);
+    MPI_INITIALIZED(bnD, d);
+    MPI_INITIALIZED(bnU, u);
+    MPI_INITIALIZED(bnPrime, CurveGetPrime(AccessCurveData(E)));
+    MPI_INITIALIZED(bnA, CurveGet_a(AccessCurveData(E)));
+
+    PointToMbed(&pQ, Q);
+
+    if(S == NULL)
+        S = CurveGetG(AccessCurveData(E));
+
+    PointToMbed(&pS, S);
+
+    OK = (mbedtls_ecp_muladd(&E->G, &pR, bnD, &pS, bnU, &pQ) == MBEDTLS_OK);
+    if(OK) {
+        PointFromMbed(R, &pR);
+    }
+
+    POINT_DELETE(pS);
+    POINT_DELETE(pQ);
+    POINT_DELETE(pR);
+
+    MPI_DELETE(bnD);
+    MPI_DELETE(bnU);
+    MPI_DELETE(bnPrime);
+    MPI_DELETE(bnA);
+
+    return !BnEqualZero(R->z);
+}
+
+LIB_EXPORT BOOL BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E)
+{
+    BOOL OK;
+    mbedtls_mpi_uint mp;
+    POINT_CREATE(pR);
+    POINT_CREATE(pS);
+    POINT_CREATE(pQ);
+    MPI_INITIALIZED(bnA, CurveGet_a(AccessCurveData(E)));
+    MPI_INITIALIZED(bnMod, CurveGetPrime(AccessCurveData(E)));
+
+    (void)mp;
+    PointToMbed(&pS, S);
+    PointToMbed(&pQ, Q);
+
+    pAssert(1 == 0); // cannot implement with mbedtls
+
+    if(OK) {
+        PointFromMbed(R, &pR);
+    }
+
+    POINT_DELETE(pS);
+    POINT_DELETE(pQ);
+    POINT_DELETE(pR);
+
+    MPI_DELETE(bnA);
+    MPI_DELETE(bnMod);
+
+    return !BnEqualZero(R->z);
+}
+
+#  endif  // TPM_ALG_ECC
+
+#endif  // MATH_LIB_MBED
\ No newline at end of file
diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
new file mode 100644
index 0000000..c1bdcf1
--- /dev/null
+++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
@@ -0,0 +1,46 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "Tpm.h"
+#include <psa/crypto.h>
+
+#if defined(HASH_LIB_MBED) || defined(MATH_LIB_MBED) || defined(SYM_LIB_MBED)
+
+LIB_EXPORT int SupportLibInit(void)
+{
+    return psa_crypto_init() == PSA_SUCCESS;
+}
+
+#endif  // HASH_LIB_MBED || MATH_LIB_MBED || SYM_LIB_MBED
diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
new file mode 100644
index 0000000..9f846f9
--- /dev/null
+++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
@@ -0,0 +1,94 @@
+/* Microsoft Reference Implementation for TPM 2.0
+ *
+ *  The copyright in this software is being made available under the BSD License,
+ *  included below. This software may be subject to other third party and
+ *  contributor rights, including patent rights, and no such rights are granted
+ *  under this license.
+ *
+ *  Copyright (c) Microsoft Corporation
+ *  Copyright (c) 2024, Arm Limited
+ *
+ *  All rights reserved.
+ *
+ *  BSD License
+ *
+ *  Redistribution and use in source and binary forms, with or without modification,
+ *  are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice, this list
+ *  of conditions and the following disclaimer.
+ *
+ *  Redistributions in binary form must reproduce the above copyright notice, this
+ *  list of conditions and the following disclaimer in the documentation and/or
+ *  other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "Tpm.h"
+
+#ifdef SYM_LIB_MBED
+#  include "TpmToMbedSym_fp.h"
+
+#if ALG_TDES
+#include <mbedtls/des.h>
+
+int TDES_set_encrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule)
+{
+    BYTE key2[MBEDTLS_DES_KEY_SIZE * 2] = {};
+    BYTE key3[MBEDTLS_DES_KEY_SIZE * 3] = {};
+
+    if(keySizeInBits == 128) {
+        memcpy(key2, key, MBEDTLS_DES_KEY_SIZE * 2);
+        return mbedtls_des3_set2key_enc(keySchedule, key2);
+    } else {
+        memcpy(key3, key, MBEDTLS_DES_KEY_SIZE * 3);
+        return mbedtls_des3_set3key_enc(keySchedule, key3);
+    }
+}
+
+int TDES_set_decrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule)
+{
+    BYTE key2[MBEDTLS_DES_KEY_SIZE * 2] = {};
+    BYTE key3[MBEDTLS_DES_KEY_SIZE * 3] = {};
+
+    if(keySizeInBits == 128) {
+        memcpy(key2, key, MBEDTLS_DES_KEY_SIZE * 2);
+        return mbedtls_des3_set2key_dec(keySchedule, key2);
+    } else {
+        memcpy(key3, key, MBEDTLS_DES_KEY_SIZE * 3);
+        return mbedtls_des3_set3key_dec(keySchedule, key3);
+    }
+}
+#endif
+
+int AES_encrypt(const BYTE *in, BYTE *out, void *keySchedule)
+{
+    return mbedtls_aes_crypt_ecb(keySchedule, MBEDTLS_AES_ENCRYPT, in, out);
+}
+
+int AES_decrypt(const BYTE *in, BYTE *out, void *keySchedule)
+{
+    return mbedtls_aes_crypt_ecb(keySchedule, MBEDTLS_AES_DECRYPT, in, out);
+}
+
+int CAMELLIA_encrypt(const BYTE *in, BYTE *out, void *keySchedule)
+{
+    return mbedtls_camellia_crypt_ecb(keySchedule, MBEDTLS_CAMELLIA_ENCRYPT, in, out);
+}
+
+int CAMELLIA_decrypt(const BYTE *in, BYTE *out, void *keySchedule)
+{
+    return mbedtls_camellia_crypt_ecb(keySchedule, MBEDTLS_CAMELLIA_DECRYPT, in, out);
+}
+
+#endif  // SYM_LIB_MBED
-- 
2.34.1