CC3XX: Add dedicated init and free functions
The PSA Unified Driver interface framework allows for two driver
entry points dedicated to driver init and de-init procedures. The
existing solution relies on calling the TF-M HAL (i.e. crypto_hw_*)
but in case the driver interface used is the PSA one, we should avoid
calling them and let the PSA subsystem perform the hardware initialisation.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ie8155d5e039f75bba4c3f20dcac7eaabfd84016d
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/CMakeLists.txt b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/CMakeLists.txt
index 6317bb4..5c177a7 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/CMakeLists.txt
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/CMakeLists.txt
@@ -14,6 +14,7 @@
target_sources(${CC312_PSA_DRIVER_API_TARGET}
PRIVATE
# PSA Cryptoprocessor Unified Driver interface entry point sources
+ src/cc3xx_psa_init.c
src/cc3xx_psa_hash.c
src/cc3xx_psa_cipher.c
src/cc3xx_psa_mac.c
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/cc3xx.h b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/cc3xx.h
index db9ee9c..686666c 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/cc3xx.h
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/cc3xx.h
@@ -71,6 +71,7 @@
#define CC3XX_CONFIG_ENABLE_AEAD_AES_CACHED_MODE
#endif /* __DOXYGEN_ONLY__ */
+#include "cc3xx_psa_init.h"
#include "cc3xx_psa_cipher.h"
#include "cc3xx_psa_entropy.h"
#include "cc3xx_psa_hash.h"
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/include/cc3xx_psa_init.h b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/include/cc3xx_psa_init.h
new file mode 100644
index 0000000..7832f4d
--- /dev/null
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/include/cc3xx_psa_init.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef CC3XX_PSA_INIT_H
+#define CC3XX_PSA_INIT_H
+
+/** \file cc3xx_psa_init.h
+ *
+ * This file contains the declaration of the entry points associated to
+ * driver initialisation and de-initialisation procedures.
+ *
+ */
+
+#include "psa/crypto.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+ * \brief Initialises the CC3XX driver
+ *
+ * \retval PSA_SUCCESS on success. Error code from \ref psa_status_t on
+ * failure
+ */
+psa_status_t cc3xx_init(void);
+
+/*!
+ * \brief De-Initialises the CC3XX driver
+ *
+ * \retval PSA_SUCCESS on success. Error code from \ref psa_status_t on
+ * failure
+ */
+psa_status_t cc3xx_free(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* CC3XX_PSA_INIT_H */
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_init.c b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_init.c
new file mode 100644
index 0000000..a028b8d
--- /dev/null
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_init.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/** \file cc3xx_psa_mac.c
+ *
+ * This file contains the implementation of the entry points associated to the
+ * mac capability (single-part and multipart) as described by the PSA
+ * Cryptoprocessor Driver interface specification
+ *
+ */
+
+#include "psa/crypto.h"
+#include "cc_lib.h"
+
+/* To be able to include the PSA style configuration */
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+
+#define mbedtls_printf printf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+
+static CCRndContext_t *CC312_pRndCtx = NULL;
+static CCRndWorkBuff_t *CC312_pRndWorkBuff = NULL;
+static mbedtls_ctr_drbg_context *CC312_pRndState = NULL;
+static mbedtls_entropy_context *CC312_pMbedtlsEntropy = NULL;
+
+/** \defgroup psa_init PSA driver entry points for driver initialisation
+ * and de-initialisation operations
+ *
+ * Entry points driver init and de-init as described by the PSA
+ * Cryptoprocessor Driver interface specification. These functions require
+ * an entropy module and DRBG module from mbed TLS. These contexts are
+ * allocated before calling into the runtime library initialisation. These
+ * are essentially copies of the same functions in the TF-M platform HAL that
+ * deal with crypto_hw initialisation and de-initialisation.
+ *
+ * @{
+ */
+psa_status_t cc3xx_init(void)
+{
+ int ret = 0;
+
+ /* Allocate memory on heap */
+ CC312_pRndCtx = mbedtls_calloc(1, sizeof(CCRndContext_t));
+ CC312_pRndWorkBuff = mbedtls_calloc(1, sizeof(CCRndWorkBuff_t));
+ CC312_pRndState = mbedtls_calloc(1, sizeof(mbedtls_ctr_drbg_context));
+ CC312_pMbedtlsEntropy = mbedtls_calloc(1, sizeof(mbedtls_entropy_context));
+
+ /* Check if memory allocation was successful */
+ if ( !CC312_pRndCtx || !CC312_pRndWorkBuff
+ || !CC312_pRndState || !CC312_pMbedtlsEntropy) {
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ /* Init Rnd context's inner members */
+ CC312_pRndCtx->rndState = CC312_pRndState;
+ CC312_pRndCtx->entropyCtx = CC312_pMbedtlsEntropy;
+
+ /* Initialise CryptoCell library */
+ ret = CC_LibInit(CC312_pRndCtx, CC312_pRndWorkBuff);
+ if (ret != CC_LIB_RET_OK) {
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return PSA_ERROR_HARDWARE_FAILURE;
+ }
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t cc3xx_free(void)
+{
+ int ret = 0;
+
+ ret = CC_LibFini(CC312_pRndCtx);
+ if(ret != CC_LIB_RET_OK) {
+ return PSA_ERROR_HARDWARE_FAILURE;
+ }
+
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return PSA_SUCCESS;
+}
+/** @} */ // end of psa_init
diff --git a/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
index 0a858c7..5257671 100644
--- a/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
+++ b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -1,4 +1,4 @@
-From 2f96bf29956d2b65c1416ba5bfc02233a17ee3dc Mon Sep 17 00:00:00 2001
+From 786620d885004e49e9c306558f088fb2023c4736 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Fri, 15 Jul 2022 12:41:34 +0100
Subject: [PATCH 4/9] Driver wrapper entry points for CC3XX
@@ -17,9 +17,9 @@
.../psa/crypto_driver_contexts_composites.h | 9 +
.../psa/crypto_driver_contexts_primitives.h | 9 +
library/psa_crypto.c | 21 +-
- library/psa_crypto_driver_wrappers.c | 546 ++++++++++++++++--
+ library/psa_crypto_driver_wrappers.c | 556 ++++++++++++++++--
library/psa_crypto_driver_wrappers.h | 14 +
- 5 files changed, 536 insertions(+), 63 deletions(-)
+ 5 files changed, 546 insertions(+), 63 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index 3f1c8af4b..2fdf9561f 100644
@@ -123,7 +123,7 @@
if( status != PSA_SUCCESS )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index a5ae6a29e..af8456f6e 100644
+index a5ae6a29e..a93e155ba 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -45,6 +45,16 @@
@@ -154,7 +154,31 @@
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
-@@ -143,8 +157,30 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -72,6 +86,12 @@ psa_status_t psa_driver_wrapper_init( void )
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ status = cc3xx_init();
++ if (status != PSA_SUCCESS)
++ return ( status );
++#endif
++
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ status = psa_init_all_se_drivers( );
+ if( status != PSA_SUCCESS )
+@@ -94,6 +114,10 @@ psa_status_t psa_driver_wrapper_init( void )
+
+ void psa_driver_wrapper_free( void )
+ {
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ (void)cc3xx_free();
++#endif
++
+ #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* Unregister all secure element drivers, so that we restart from
+ * a pristine state. */
+@@ -143,8 +167,30 @@ psa_status_t psa_driver_wrapper_sign_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -186,7 +210,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -168,18 +204,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -168,18 +214,9 @@ psa_status_t psa_driver_wrapper_sign_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -207,7 +231,7 @@
}
psa_status_t psa_driver_wrapper_verify_message(
-@@ -216,8 +243,28 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -216,8 +253,28 @@ psa_status_t psa_driver_wrapper_verify_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -237,7 +261,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -240,17 +287,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -240,17 +297,9 @@ psa_status_t psa_driver_wrapper_verify_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -257,7 +281,7 @@
}
psa_status_t psa_driver_wrapper_sign_hash(
-@@ -303,6 +342,18 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -303,6 +352,18 @@ psa_status_t psa_driver_wrapper_sign_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -276,7 +300,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
-@@ -373,6 +424,17 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -373,6 +434,17 @@ psa_status_t psa_driver_wrapper_verify_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -294,7 +318,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_hash(
attributes,
-@@ -548,6 +610,12 @@ psa_status_t psa_driver_wrapper_generate_key(
+@@ -548,6 +620,12 @@ psa_status_t psa_driver_wrapper_generate_key(
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
/* Cycle through all known transparent accelerators */
@@ -307,7 +331,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
-@@ -771,6 +839,16 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -771,6 +849,16 @@ psa_status_t psa_driver_wrapper_export_public_key(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -324,7 +348,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
-@@ -908,6 +986,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -908,6 +996,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -345,7 +369,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -996,6 +1088,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -996,6 +1098,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -364,7 +388,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-@@ -1073,6 +1177,16 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1073,6 +1187,16 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -381,7 +405,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1146,6 +1260,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1146,6 +1270,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -398,7 +422,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
-@@ -1214,6 +1338,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1214,6 +1348,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -411,7 +435,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1257,6 +1387,13 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1257,6 +1397,13 @@ psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -425,7 +449,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1297,6 +1434,12 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1297,6 +1444,12 @@ psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -438,7 +462,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1337,6 +1480,15 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1337,6 +1490,15 @@ psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -454,7 +478,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1358,13 +1510,19 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1358,13 +1520,19 @@ psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
@@ -476,7 +500,7 @@
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute( alg, input, input_length,
-@@ -1390,6 +1548,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1390,6 +1558,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
@@ -484,7 +508,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
-@@ -1398,17 +1557,23 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1398,17 +1567,23 @@ psa_status_t psa_driver_wrapper_hash_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -511,7 +535,7 @@
/* Nothing left to try if we fall through here */
(void) status;
(void) operation;
-@@ -1422,19 +1587,29 @@ psa_status_t psa_driver_wrapper_hash_clone(
+@@ -1422,19 +1597,29 @@ psa_status_t psa_driver_wrapper_hash_clone(
{
switch( source_operation->id )
{
@@ -548,7 +572,7 @@
default:
(void) target_operation;
return( PSA_ERROR_BAD_STATE );
-@@ -1448,17 +1623,25 @@ psa_status_t psa_driver_wrapper_hash_update(
+@@ -1448,17 +1633,25 @@ psa_status_t psa_driver_wrapper_hash_update(
{
switch( operation->id )
{
@@ -580,7 +604,7 @@
default:
(void) input;
(void) input_length;
-@@ -1474,17 +1657,25 @@ psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1474,17 +1667,25 @@ psa_status_t psa_driver_wrapper_hash_finish(
{
switch( operation->id )
{
@@ -612,7 +636,7 @@
default:
(void) hash;
(void) hash_size;
-@@ -1498,15 +1689,22 @@ psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1498,15 +1699,22 @@ psa_status_t psa_driver_wrapper_hash_abort(
{
switch( operation->id )
{
@@ -640,7 +664,7 @@
default:
return( PSA_ERROR_BAD_STATE );
}
-@@ -1544,6 +1742,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1544,6 +1752,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -658,7 +682,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1596,6 +1805,17 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1596,6 +1815,17 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -676,7 +700,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1622,14 +1842,30 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+@@ -1622,14 +1852,30 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
if( operation == NULL || tag_len == NULL )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -713,7 +737,7 @@
}
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
-@@ -1660,6 +1896,15 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1660,6 +1906,15 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -729,7 +753,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1709,6 +1954,16 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1709,6 +1964,16 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -746,7 +770,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
-@@ -1755,6 +2010,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1755,6 +2020,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -760,7 +784,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1789,6 +2051,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1789,6 +2061,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -774,7 +798,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1823,6 +2092,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1823,6 +2102,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -788,7 +812,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1862,6 +2138,14 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1862,6 +2148,14 @@ psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -803,7 +827,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1906,6 +2190,14 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1906,6 +2200,14 @@ psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -818,7 +842,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1970,6 +2262,14 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -1970,6 +2272,14 @@ psa_status_t psa_driver_wrapper_aead_verify(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -833,7 +857,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2002,6 +2302,12 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2002,6 +2312,12 @@ psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -846,7 +870,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2041,6 +2347,12 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2041,6 +2357,12 @@ psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -859,7 +883,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2109,6 +2421,15 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2109,6 +2431,15 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -875,7 +899,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2181,6 +2502,15 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2181,6 +2512,15 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -891,7 +915,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
/* Fell through, meaning no accelerator supports this operation */
-@@ -2248,6 +2578,10 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2248,6 +2588,10 @@ psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -902,7 +926,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2282,6 +2616,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2282,6 +2626,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -914,7 +938,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2316,6 +2655,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2316,6 +2665,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -927,7 +951,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2343,6 +2688,10 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2343,6 +2698,10 @@ psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -938,7 +962,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
return( PSA_ERROR_INVALID_ARGUMENT );
-@@ -2350,7 +2699,58 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2350,7 +2709,58 @@ psa_status_t psa_driver_wrapper_mac_abort(
}
/*
@@ -998,7 +1022,7 @@
*/
psa_status_t psa_driver_wrapper_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
-@@ -2368,6 +2768,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+@@ -2368,6 +2778,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -1019,7 +1043,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
key_buffer, key_buffer_size, alg, input, input_length,
-@@ -2426,6 +2840,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+@@ -2426,6 +2850,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
diff --git a/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
index 5cb4d57..9a33263 100644
--- a/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
+++ b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
@@ -1,4 +1,4 @@
-From afc821070e7b7a6c634707f1d847b1445101bdd7 Mon Sep 17 00:00:00 2001
+From 99a390b1a71005db8b6c92956a2c86cc3182a6f3 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Wed, 21 Jul 2021 12:42:15 +0100
Subject: [PATCH 5/9] Add LMS implementation
diff --git a/lib/ext/mbedcrypto/0006-Add-TF-M-builtin-key-driver.patch b/lib/ext/mbedcrypto/0006-Add-TF-M-builtin-key-driver.patch
index 559b7b0..9ca2c61 100644
--- a/lib/ext/mbedcrypto/0006-Add-TF-M-builtin-key-driver.patch
+++ b/lib/ext/mbedcrypto/0006-Add-TF-M-builtin-key-driver.patch
@@ -1,4 +1,4 @@
-From 1b35e0dc18f952e6198a04116d92f6392e3ade2e Mon Sep 17 00:00:00 2001
+From 2065eadd240c6d7fcf1a3e8f61f814496ae09bcc Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Tue, 19 Jul 2022 11:12:30 +0100
Subject: [PATCH 6/9] Add TF-M builtin key driver
@@ -39,7 +39,7 @@
psa_unlock_key_slot( *p_slot );
*p_slot = NULL;
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index af8456f6e..4b1a883a7 100644
+index a93e155ba..72bb6d3d0 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -55,6 +55,18 @@
@@ -72,7 +72,7 @@
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
-@@ -139,6 +155,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -149,6 +165,9 @@ psa_status_t psa_driver_wrapper_sign_message(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -82,7 +82,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -226,6 +245,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -236,6 +255,9 @@ psa_status_t psa_driver_wrapper_verify_message(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -92,7 +92,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -325,6 +347,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -335,6 +357,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -102,7 +102,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -421,6 +446,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -431,6 +456,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -112,7 +112,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -565,7 +593,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
+@@ -575,7 +603,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
return( ( *key_buffer_size != 0 ) ?
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -125,7 +125,7 @@
default:
(void)key_type;
(void)key_bits;
-@@ -605,6 +637,9 @@ psa_status_t psa_driver_wrapper_generate_key(
+@@ -615,6 +647,9 @@ psa_status_t psa_driver_wrapper_generate_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -135,7 +135,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys */
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
-@@ -696,6 +731,9 @@ psa_status_t psa_driver_wrapper_import_key(
+@@ -706,6 +741,9 @@ psa_status_t psa_driver_wrapper_import_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -145,7 +145,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -766,6 +804,9 @@ psa_status_t psa_driver_wrapper_export_key(
+@@ -776,6 +814,9 @@ psa_status_t psa_driver_wrapper_export_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -155,7 +155,7 @@
return( psa_export_key_internal( attributes,
key_buffer,
key_buffer_size,
-@@ -824,6 +865,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -834,6 +875,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -165,7 +165,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -891,6 +935,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
+@@ -901,6 +945,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
attributes,
key_buffer, key_buffer_size, key_buffer_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -179,7 +179,7 @@
default:
(void) slot_number;
(void) key_buffer;
-@@ -967,6 +1018,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -977,6 +1028,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -189,7 +189,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1071,6 +1125,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1081,6 +1135,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -199,7 +199,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1160,6 +1217,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1170,6 +1227,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -209,7 +209,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1243,6 +1303,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1253,6 +1313,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -219,7 +219,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -1726,6 +1789,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1736,6 +1799,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -229,7 +229,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1789,6 +1855,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1799,6 +1865,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -239,7 +239,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1881,6 +1950,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1891,6 +1960,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -249,7 +249,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -1938,6 +2010,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1948,6 +2020,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -259,7 +259,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
-@@ -2335,6 +2410,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2345,6 +2420,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -269,7 +269,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2405,6 +2483,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2415,6 +2493,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -279,7 +279,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2486,6 +2567,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2496,6 +2577,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -289,7 +289,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2716,6 +2800,9 @@ psa_status_t psa_driver_wrapper_key_agreement(
+@@ -2726,6 +2810,9 @@ psa_status_t psa_driver_wrapper_key_agreement(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -299,7 +299,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2765,6 +2852,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+@@ -2775,6 +2862,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
@@ -309,7 +309,7 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -2837,6 +2927,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+@@ -2847,6 +2937,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
diff --git a/lib/ext/mbedcrypto/0007-Build-Remove-encoding-width-suffix-from-Arm-bignum-a.patch b/lib/ext/mbedcrypto/0007-Build-Remove-encoding-width-suffix-from-Arm-bignum-a.patch
index 6b9a0d6..96f9e15 100644
--- a/lib/ext/mbedcrypto/0007-Build-Remove-encoding-width-suffix-from-Arm-bignum-a.patch
+++ b/lib/ext/mbedcrypto/0007-Build-Remove-encoding-width-suffix-from-Arm-bignum-a.patch
@@ -1,4 +1,4 @@
-From 98d7c4bc36ed72190926e3c8c045b5ce7e8c0a6f Mon Sep 17 00:00:00 2001
+From ebcada5c2c30c41247cf317f6ae6df6488fbd739 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A1vid=20H=C3=A1zi?= <david.hazi@arm.com>
Date: Tue, 2 Aug 2022 14:38:32 +0200
Subject: [PATCH 7/9] Build: Remove encoding width suffix from Arm bignum
diff --git a/lib/ext/mbedcrypto/0008-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch b/lib/ext/mbedcrypto/0008-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
index 6dacd1b..f106095 100644
--- a/lib/ext/mbedcrypto/0008-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
+++ b/lib/ext/mbedcrypto/0008-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
@@ -1,4 +1,4 @@
-From b4632fba2ee123e78368792c00dda0fc5ccb245f Mon Sep 17 00:00:00 2001
+From 3d4b0805dc8ae9e3116ce264cd9218e220f0d011 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Tue, 2 Aug 2022 13:05:05 +0200
Subject: [PATCH 8/9] CC3XX: Manually enforce no-software builtin fallback when
@@ -14,10 +14,10 @@
1 file changed, 51 insertions(+), 43 deletions(-)
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 4b1a883a7..39143f1c0 100644
+index 72bb6d3d0..984d43002 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
-@@ -190,6 +190,7 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -200,6 +200,7 @@ psa_status_t psa_driver_wrapper_sign_message(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -25,7 +25,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_message_builtin( attributes,
key_buffer,
-@@ -200,7 +201,7 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -210,7 +211,7 @@ psa_status_t psa_driver_wrapper_sign_message(
signature,
signature_size,
signature_length ) );
@@ -34,7 +34,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -278,6 +279,7 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -288,6 +289,7 @@ psa_status_t psa_driver_wrapper_verify_message(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -42,7 +42,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_verify_message_builtin( attributes,
key_buffer,
-@@ -287,7 +289,7 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -297,7 +299,7 @@ psa_status_t psa_driver_wrapper_verify_message(
input_length,
signature,
signature_length ) );
@@ -51,7 +51,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -380,6 +382,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -390,6 +392,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -59,7 +59,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
key_buffer,
-@@ -390,7 +393,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -400,7 +403,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
signature,
signature_size,
signature_length ) );
@@ -68,7 +68,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -478,7 +481,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -488,7 +491,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -77,7 +77,7 @@
return( psa_verify_hash_builtin( attributes,
key_buffer,
key_buffer_size,
-@@ -487,7 +490,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -497,7 +500,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
hash_length,
signature,
signature_length ) );
@@ -86,7 +86,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -894,6 +897,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -904,6 +907,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -94,7 +94,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
-@@ -901,7 +905,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -911,7 +915,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
data,
data_size,
data_length ) );
@@ -103,7 +103,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -1056,7 +1060,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -1066,7 +1070,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -112,7 +112,7 @@
return( mbedtls_psa_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -1159,7 +1163,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1169,7 +1173,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -121,7 +121,7 @@
return( mbedtls_psa_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -1248,7 +1252,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1258,7 +1262,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -130,7 +130,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1334,7 +1338,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1344,7 +1348,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -139,7 +139,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1382,7 +1386,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1392,7 +1396,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
{
switch( operation->id )
{
@@ -148,7 +148,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
iv,
-@@ -1426,7 +1430,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1436,7 +1440,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
{
switch( operation->id )
{
@@ -157,7 +157,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
input,
-@@ -1477,7 +1481,7 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1487,7 +1491,7 @@ psa_status_t psa_driver_wrapper_cipher_finish(
{
switch( operation->id )
{
@@ -166,7 +166,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
output,
-@@ -1520,7 +1524,7 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1530,7 +1534,7 @@ psa_status_t psa_driver_wrapper_cipher_abort(
switch( operation->id )
{
@@ -175,7 +175,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-@@ -1587,7 +1591,7 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1597,7 +1601,7 @@ psa_status_t psa_driver_wrapper_hash_compute(
#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* If software fallback is compiled in, try fallback */
@@ -184,7 +184,7 @@
status = mbedtls_psa_hash_compute( alg, input, input_length,
hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
-@@ -1628,7 +1632,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1638,7 +1642,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -193,7 +193,7 @@
/* If software fallback is compiled in, try fallback */
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
if( status == PSA_SUCCESS )
-@@ -1667,7 +1671,7 @@ psa_status_t psa_driver_wrapper_hash_clone(
+@@ -1677,7 +1681,7 @@ psa_status_t psa_driver_wrapper_hash_clone(
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -202,7 +202,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
-@@ -1700,7 +1704,7 @@ psa_status_t psa_driver_wrapper_hash_update(
+@@ -1710,7 +1714,7 @@ psa_status_t psa_driver_wrapper_hash_update(
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -211,7 +211,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
-@@ -1734,7 +1738,7 @@ psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1744,7 +1748,7 @@ psa_status_t psa_driver_wrapper_hash_finish(
hash, hash_size, hash_length ) );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -220,7 +220,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
hash, hash_size, hash_length ) );
-@@ -1764,7 +1768,7 @@ psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1774,7 +1778,7 @@ psa_status_t psa_driver_wrapper_hash_abort(
&operation->ctx.cc3xx_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -229,7 +229,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */
-@@ -1820,7 +1824,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1830,7 +1834,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -238,7 +238,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_encrypt(
attributes, key_buffer, key_buffer_size,
-@@ -1829,7 +1833,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1839,7 +1843,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
additional_data, additional_data_length,
plaintext, plaintext_length,
ciphertext, ciphertext_size, ciphertext_length ) );
@@ -247,7 +247,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1886,7 +1890,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1896,7 +1900,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -256,7 +256,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_decrypt(
attributes, key_buffer, key_buffer_size,
-@@ -1895,7 +1899,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1905,7 +1909,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length ) );
@@ -265,7 +265,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1925,7 +1929,7 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+@@ -1935,7 +1939,7 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
return ( PSA_SUCCESS );
#endif /* defined(PSA_CRYPTO_DRIVER_TEST) */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -274,7 +274,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
*tag_len = operation->ctx.mbedtls_ctx.tag_length;
return ( PSA_SUCCESS );
-@@ -1978,7 +1982,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1988,7 +1992,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -283,7 +283,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
status = mbedtls_psa_aead_encrypt_setup(
-@@ -1987,7 +1991,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1997,7 +2001,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
alg );
return( status );
@@ -292,7 +292,7 @@
/* Add cases for opaque driver here */
default:
-@@ -2040,7 +2044,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -2050,7 +2054,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -301,7 +301,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
status = mbedtls_psa_aead_decrypt_setup(
-@@ -2050,7 +2054,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -2060,7 +2064,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
alg );
return( status );
@@ -310,7 +310,7 @@
/* Add cases for opaque driver here */
default:
-@@ -2067,7 +2071,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -2077,7 +2081,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
{
switch( operation->id )
{
@@ -319,7 +319,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
nonce,
-@@ -2108,7 +2112,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -2118,7 +2122,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
{
switch( operation->id )
{
@@ -328,7 +328,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
ad_length,
-@@ -2149,7 +2153,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -2159,7 +2163,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
{
switch( operation->id )
{
@@ -337,7 +337,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
input,
-@@ -2193,7 +2197,7 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -2203,7 +2207,7 @@ psa_status_t psa_driver_wrapper_aead_update(
{
switch( operation->id )
{
@@ -346,7 +346,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
input, input_length,
-@@ -2244,7 +2248,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -2254,7 +2258,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
{
switch( operation->id )
{
@@ -355,7 +355,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
ciphertext,
-@@ -2296,7 +2300,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -2306,7 +2310,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
{
switch( operation->id )
{
@@ -364,7 +364,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-@@ -2362,7 +2366,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2372,7 +2376,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
{
switch( operation->id )
{
@@ -373,7 +373,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
-@@ -2432,7 +2436,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2442,7 +2446,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
return( status );
#endif /* PSA_CRYPTO_DRIVER_CC3XX */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -382,7 +382,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
-@@ -2512,7 +2516,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2522,7 +2526,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
return status;
#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -391,7 +391,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2596,7 +2600,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2606,7 +2610,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
return status;
#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -400,7 +400,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2644,7 +2648,7 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2654,7 +2658,7 @@ psa_status_t psa_driver_wrapper_mac_update(
{
switch( operation->id )
{
@@ -409,7 +409,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
-@@ -2682,7 +2686,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2692,7 +2696,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
{
switch( operation->id )
{
@@ -418,7 +418,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
mac, mac_size, mac_length ) );
-@@ -2721,7 +2725,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2731,7 +2735,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
{
switch( operation->id )
{
@@ -427,7 +427,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
mac, mac_length ) );
-@@ -2758,7 +2762,7 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2768,7 +2772,7 @@ psa_status_t psa_driver_wrapper_mac_abort(
{
switch( operation->id )
{
@@ -436,7 +436,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-@@ -2882,10 +2886,12 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+@@ -2892,10 +2896,12 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -449,7 +449,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
-@@ -2957,10 +2963,12 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+@@ -2967,10 +2973,12 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
diff --git a/lib/ext/mbedcrypto/0009-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch b/lib/ext/mbedcrypto/0009-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
index 1945b71..b312149 100644
--- a/lib/ext/mbedcrypto/0009-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
+++ b/lib/ext/mbedcrypto/0009-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
@@ -1,4 +1,4 @@
-From c5159e0fba198909e4c322c0b15d11b58223d36e Mon Sep 17 00:00:00 2001
+From c45889334c75933c99de4195c8559a4a7aba8892 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Tue, 23 Aug 2022 13:06:07 +0100
Subject: [PATCH 9/9] Initialise driver wrappers as first step in
diff --git a/platform/ext/accelerator/cc312/cc312.c b/platform/ext/accelerator/cc312/cc312.c
index 68e95f1..2681a09 100644
--- a/platform/ext/accelerator/cc312/cc312.c
+++ b/platform/ext/accelerator/cc312/cc312.c
@@ -25,10 +25,10 @@
#define CC312_NULL_CONTEXT "NO SALT!"
-CCRndContext_t* CC312_pRndCtx = NULL;
-CCRndWorkBuff_t* CC312_pRndWorkBuff = NULL;
-mbedtls_ctr_drbg_context* CC312_pRndState = NULL;
-mbedtls_entropy_context* CC312_pMbedtlsEntropy = NULL;
+static CCRndContext_t *CC312_pRndCtx = NULL;
+static CCRndWorkBuff_t *CC312_pRndWorkBuff = NULL;
+static mbedtls_ctr_drbg_context *CC312_pRndState = NULL;
+static mbedtls_entropy_context *CC312_pMbedtlsEntropy = NULL;
CCError_t CC_PalDataBufferAttrGet(const unsigned char *pDataBuffer,
size_t buffSize, uint8_t buffType,
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 1af64cc..9bc9ead 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -100,14 +100,6 @@
}
#else /* PSA_FRAMEWORK_HAS_MM_IOVEC == 1 */
/**
- * \brief Default size of the internal scratch buffer used for IOVec allocations
- * in bytes
- */
-#ifndef TFM_CRYPTO_IOVEC_BUFFER_SIZE
-#error TFM_CRYPTO_IOVEC_BUFFER_SIZE is not defined
-#endif
-
-/**
* \brief Internal scratch used for IOVec allocations
*
*/
@@ -281,14 +273,6 @@
#endif /* TFM_PSA_API */
/**
- * \brief Default value for the size of the static buffer used by Mbed
- * Crypto for its dynamic allocations
- */
-#ifndef TFM_CRYPTO_ENGINE_BUF_SIZE
-#error TFM_CRYPTO_ENGINE_BUF_SIZE is not defined
-#endif
-
-/**
* \brief Static buffer to be used by Mbed Crypto for memory allocations
*
*/
@@ -322,8 +306,12 @@
mbedtls_platform_set_printf(tfm_sp_log_printf);
#endif
- /* Initialise the crypto accelerator if one is enabled */
-#ifdef CRYPTO_HW_ACCELERATOR
+ /* Initialise the crypto accelerator if one is enabled. If the driver API is
+ * the one defined by the PSA Unified Driver interface, the initialisation is
+ * performed directly through psa_crypto_init() while the PSA subsystem is
+ * initialised
+ */
+#if defined(CRYPTO_HW_ACCELERATOR) && defined(CC312_LEGACY_DRIVER_API_ENABLED)
LOG_INFFMT("[INF][Crypto] Initialising HW accelerator... ");
if (crypto_hw_accelerator_init() != 0) {
return PSA_ERROR_HARDWARE_FAILURE;
@@ -331,8 +319,9 @@
LOG_INFFMT("\033[0;32mcomplete.\033[0m\r\n");
#endif /* CRYPTO_HW_ACCELERATOR */
- /* Previous function does not return any value, so just call the
- * initialisation function of the Mbed Crypto layer
+ /* Perform the initialisation of the PSA subsystem in the Mbed Crypto
+ * library. If a driver is built using the PSA Driver interface, the function
+ * below will perform also the same operations as crypto_hw_accelerator_init()
*/
return psa_crypto_init();
}