Crypto: Update to mbed TLS 3.2.1
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I92274fc6496219a2fef35db4cf02a6fe66f3a276
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 4182771..b411fc1 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
@@ -1,7 +1,7 @@
-From 7646887f31114085b21cfaf75e54b32ba984d9f5 Mon Sep 17 00:00:00 2001
+From c0e88bba61a814023032be4f1fabe8aff3deb00c Mon Sep 17 00:00:00 2001
From: TTornblom <thomas.tornblom@iar.com>
Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/8] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/5] BUILD: Update IAR support in CMakeLists.txt
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain.
@@ -12,10 +12,10 @@
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 6debe35d..fd1c07ca 100644
+index 0d65b57b8..8d4646d7b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -209,7 +209,10 @@ if(CMAKE_COMPILER_IS_CLANG)
+@@ -224,7 +224,10 @@ if(CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_IAR)
@@ -28,5 +28,5 @@
if(CMAKE_COMPILER_IS_MSVC)
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index 39b5905..59c9eee 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,7 +1,7 @@
-From 12019676c1a5f4a32a07bf94d6751b45529c4c0a Mon Sep 17 00:00:00 2001
+From 1d8011d0dbd174ffcda57f9977bca8fdccf5aea0 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/8] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/5] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
@@ -13,7 +13,7 @@
diff --git a/library/code_share.c b/library/code_share.c
new file mode 100644
-index 00000000..2bf67fb4
+index 000000000..2bf67fb42
--- /dev/null
+++ b/library/code_share.c
@@ -0,0 +1,3 @@
@@ -21,7 +21,7 @@
+ * extensive crypto code sharing was already applied on the mbedtls library.
+ */
diff --git a/library/platform.c b/library/platform.c
-index e742fde7..c309dc0c 100644
+index 6151e6c49..074ecbb72 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -53,8 +53,8 @@ static void platform_free_uninit( void *ptr )
@@ -36,7 +36,7 @@
void * mbedtls_calloc( size_t nmemb, size_t size )
{
diff --git a/library/platform_util.c b/library/platform_util.c
-index 3d5cb5ba..277ec70b 100644
+index 916a7f444..8936a9d7d 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -62,7 +62,7 @@
@@ -49,5 +49,5 @@
void mbedtls_platform_zeroize( void *buf, size_t len )
{
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch b/lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
similarity index 79%
rename from lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
rename to lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
index 7c7c282..5be9fca 100644
--- a/lib/ext/mbedcrypto/0008-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
+++ b/lib/ext/mbedcrypto/0003-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
@@ -1,7 +1,7 @@
-From fbcda7268ab105c4bc598d8169c95bf610b5aa22 Mon Sep 17 00:00:00 2001
+From 281356afac7b6217a65c87dde490d1b24f625d65 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Thu, 30 Jun 2022 14:14:11 +0800
-Subject: [PATCH 8/8] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
+Subject: [PATCH 3/5] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C are needed when
PSA_WANT_ALG_CHACHA20_POLY1305 is defined.
@@ -12,10 +12,10 @@
1 file changed, 2 insertions(+)
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
-index 13e64dd7..88ff70ba 100644
+index 2a6672e17..3cb89009b 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
-@@ -437,6 +437,8 @@ extern "C" {
+@@ -450,6 +450,8 @@ extern "C" {
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
#define MBEDTLS_CHACHAPOLY_C
@@ -25,5 +25,5 @@
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
deleted file mode 100644
index ce89462..0000000
--- a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 80359134a00ca37c48355b30aa9810db9fb54b29 Mon Sep 17 00:00:00 2001
-From: Summer Qin <summer.qin@arm.com>
-Date: Wed, 5 Jan 2022 15:00:49 +0800
-Subject: [PATCH 3/8] Disable export MbedTLSTargets
-
-Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
-MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
-needs to configure some tfm target which for mbedtls to be exported.
-
-Signed-off-by: Summer Qin <summer.qin@arm.com>
----
- CMakeLists.txt | 26 --------------------------
- 1 file changed, 26 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fd1c07ca..3f32a8f3 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -328,32 +328,6 @@ if(ENABLE_TESTING)
- endif()
- endif()
-
--configure_package_config_file(
-- "cmake/MbedTLSConfig.cmake.in"
-- "cmake/MbedTLSConfig.cmake"
-- INSTALL_DESTINATION "cmake")
--
--write_basic_package_version_file(
-- "cmake/MbedTLSConfigVersion.cmake"
-- COMPATIBILITY SameMajorVersion
-- VERSION 3.1.0)
--
--install(
-- FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
-- "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
-- DESTINATION "cmake")
--
--export(
-- EXPORT MbedTLSTargets
-- NAMESPACE MbedTLS::
-- FILE "cmake/MbedTLSTargets.cmake")
--
--install(
-- EXPORT MbedTLSTargets
-- NAMESPACE MbedTLS::
-- DESTINATION "cmake"
-- FILE "MbedTLSTargets.cmake")
--
- if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
- # Do not export the package by default
- cmake_policy(SET CMP0090 NEW)
---
-2.17.1
-
diff --git a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
similarity index 80%
rename from lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
rename to lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
index ae85b9d..a8941fc 100644
--- a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
+++ b/lib/ext/mbedcrypto/0004-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -1,10 +1,12 @@
-From 183db7cb5970816ab6e0b1e4d6d93b734bb84440 Mon Sep 17 00:00:00 2001
-From: Salome Thirot <salome.thirot@arm.com>
-Date: Wed, 7 Jul 2021 10:24:43 +0100
-Subject: [PATCH 4/8] CC3XX: Hardcode entry points for the CC3XX driver
+From 353e4dce10bf7957715320b38dd8f96a9e51d7f9 Mon Sep 17 00:00:00 2001
+From: Antonio de Angelis <Antonio.deAngelis@arm.com>
+Date: Fri, 15 Jul 2022 12:41:34 +0100
+Subject: [PATCH 4/5] Driver wrapper entry points for CC3XX
-Use PSA driver for CC3XX driver to avoid fallback to software
-implementation. This will save 22.23KB in RO size.
+Manually hardcode PSA driver entry points for the CC3XX driver
+into psa_crypto_driver_wrappers.c (and provide missing entry point
+definitions if any). This is a temporary solution until the codegen
+framework is available for automatic integration.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
@@ -14,13 +16,13 @@
---
.../psa/crypto_driver_contexts_composites.h | 9 +
.../psa/crypto_driver_contexts_primitives.h | 9 +
- library/psa_crypto.c | 65 +-
- library/psa_crypto_driver_wrappers.c | 925 ++++++++++++++----
- library/psa_crypto_driver_wrappers.h | 29 +
- 5 files changed, 834 insertions(+), 203 deletions(-)
+ library/psa_crypto.c | 21 +-
+ library/psa_crypto_driver_wrappers.c | 858 ++++++++++++++----
+ library/psa_crypto_driver_wrappers.h | 14 +
+ 5 files changed, 708 insertions(+), 203 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
-index 3f1c8af4..2fdf9561 100644
+index 3f1c8af4b..2fdf9561f 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -41,6 +41,9 @@
@@ -54,7 +56,7 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
-index 2bb01ed4..2bc0bda7 100644
+index 2bb01ed43..2bc0bda70 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -40,6 +40,9 @@
@@ -88,65 +90,13 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 829ed452..48377ffe 100644
+index b0116ddfb..0e33f409c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
-@@ -3073,6 +3073,25 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
+@@ -5862,11 +5862,24 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
goto exit;
}
-+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ psa_key_attributes_t attributes = {
-+ .core = slot->attr
-+ };
-+
-+ status = psa_driver_wrapper_asymmetric_encrypt( &attributes,
-+ slot->key.data,
-+ slot->key.bytes,
-+ alg,
-+ input,
-+ input_length,
-+ salt,
-+ salt_length,
-+ output,
-+ output_size,
-+ output_length );
-+ goto exit;
-+#endif
-+
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
- #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-@@ -3188,6 +3207,25 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
- goto exit;
- }
-
-+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
-+ psa_key_attributes_t attributes = {
-+ .core = slot->attr
-+ };
-+
-+ status = psa_driver_wrapper_asymmetric_decrypt( &attributes,
-+ slot->key.data,
-+ slot->key.bytes,
-+ alg,
-+ input,
-+ input_length,
-+ salt,
-+ salt_length,
-+ output,
-+ output_size,
-+ output_length );
-+ goto exit;
-+#endif
-+
- if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-@@ -5499,11 +5537,30 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_key_agreement_raw_internal( alg, slot,
- peer_key, peer_key_length,
- output, output_size,
@@ -154,35 +104,29 @@
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
-
-+ status = psa_driver_wrapper_key_agreement( &attributes,
++
++ status = psa_driver_wrapper_key_agreement( alg, &attributes,
+ slot->key.data,
+ slot->key.bytes,
-+ peer_key,
-+ peer_key_length,
-+ output,
-+ output_size,
-+ output_length,
-+ alg );
-+
-+ if( status == PSA_ERROR_NOT_SUPPORTED )
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
+
++ if (status == PSA_ERROR_NOT_SUPPORTED)
+ {
-+ status = psa_key_agreement_raw_internal( alg,
-+ slot,
-+ peer_key,
-+ peer_key_length,
-+ output,
-+ output_size,
-+ output_length);
++ status = psa_key_agreement_raw_internal( alg, slot,
++ peer_key, peer_key_length,
++ output, output_size,
++ output_length );
+ }
exit:
if( status != PSA_SUCCESS )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 8d864786..22273b8c 100644
+index a5ae6a29e..2097db0cb 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
-@@ -44,6 +44,16 @@
+@@ -45,6 +45,16 @@
#include "test/drivers/test_driver.h"
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -199,7 +143,7 @@
/* Repeat above block for each JSON-declared driver during autogeneration */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-@@ -57,6 +67,10 @@
+@@ -58,6 +68,10 @@
#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -210,7 +154,7 @@
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
-@@ -127,6 +141,21 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -128,6 +142,21 @@ psa_status_t psa_driver_wrapper_sign_message(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -232,7 +176,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_message(
attributes,
-@@ -142,8 +171,19 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -143,8 +172,19 @@ psa_status_t psa_driver_wrapper_sign_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -253,7 +197,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -167,18 +207,9 @@ psa_status_t psa_driver_wrapper_sign_message(
+@@ -168,18 +208,9 @@ psa_status_t psa_driver_wrapper_sign_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -274,7 +218,7 @@
}
psa_status_t psa_driver_wrapper_verify_message(
-@@ -201,6 +232,20 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -202,6 +233,20 @@ psa_status_t psa_driver_wrapper_verify_message(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -295,7 +239,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_message(
attributes,
-@@ -215,8 +260,18 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -216,8 +261,18 @@ psa_status_t psa_driver_wrapper_verify_message(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -315,7 +259,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -239,17 +294,9 @@ psa_status_t psa_driver_wrapper_verify_message(
+@@ -240,17 +295,9 @@ psa_status_t psa_driver_wrapper_verify_message(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
@@ -335,7 +279,7 @@
}
psa_status_t psa_driver_wrapper_sign_hash(
-@@ -288,6 +335,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -289,6 +336,20 @@ psa_status_t psa_driver_wrapper_sign_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -356,7 +300,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_sign_hash( attributes,
key_buffer,
-@@ -302,7 +363,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -303,7 +364,8 @@ psa_status_t psa_driver_wrapper_sign_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -366,7 +310,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
key_buffer,
-@@ -313,6 +375,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -314,6 +376,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
signature,
signature_size,
signature_length ) );
@@ -374,7 +318,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -334,6 +397,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
+@@ -335,6 +398,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -382,7 +326,7 @@
}
psa_status_t psa_driver_wrapper_verify_hash(
-@@ -372,6 +436,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -373,6 +437,19 @@ psa_status_t psa_driver_wrapper_verify_hash(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -402,7 +346,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_signature_verify_hash(
attributes,
-@@ -386,8 +463,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -387,8 +464,8 @@ psa_status_t psa_driver_wrapper_verify_hash(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -413,7 +357,7 @@
return( psa_verify_hash_builtin( attributes,
key_buffer,
key_buffer_size,
-@@ -396,6 +473,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -397,6 +474,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
hash_length,
signature,
signature_length ) );
@@ -421,7 +365,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -416,6 +494,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
+@@ -417,6 +495,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -429,7 +373,7 @@
}
/** Calculate the key buffer size required to store the key material of a key
-@@ -547,6 +626,14 @@ psa_status_t psa_driver_wrapper_generate_key(
+@@ -548,6 +627,14 @@ psa_status_t psa_driver_wrapper_generate_key(
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
/* Cycle through all known transparent accelerators */
@@ -444,7 +388,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
-@@ -758,6 +845,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -759,6 +846,18 @@ psa_status_t psa_driver_wrapper_export_public_key(
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -463,7 +407,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_export_public_key(
attributes,
-@@ -770,7 +869,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -771,7 +870,8 @@ psa_status_t psa_driver_wrapper_export_public_key(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -473,7 +417,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
-@@ -778,6 +878,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -779,6 +879,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
data,
data_size,
data_length ) );
@@ -481,7 +425,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-@@ -795,6 +896,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
+@@ -796,6 +897,7 @@ psa_status_t psa_driver_wrapper_export_public_key(
/* Key is declared with a lifetime not known to us */
return( status );
}
@@ -489,7 +433,7 @@
}
psa_status_t psa_driver_wrapper_get_builtin_key(
-@@ -907,9 +1009,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -908,9 +1010,24 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -517,7 +461,7 @@
return( mbedtls_psa_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -958,6 +1075,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
+@@ -959,6 +1076,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -525,7 +469,7 @@
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
-@@ -995,9 +1113,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -996,9 +1114,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -551,7 +495,7 @@
return( mbedtls_psa_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
-@@ -1040,6 +1171,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
+@@ -1041,6 +1172,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -559,7 +503,7 @@
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
-@@ -1072,8 +1204,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1073,8 +1205,22 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -584,7 +528,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1113,6 +1259,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+@@ -1114,6 +1260,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -592,7 +536,7 @@
}
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
-@@ -1145,8 +1292,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1146,8 +1293,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -617,7 +561,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -1185,6 +1346,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+@@ -1186,6 +1347,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -625,7 +569,7 @@
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
-@@ -1194,13 +1356,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1195,13 +1357,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
{
switch( operation->id )
{
@@ -639,7 +583,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1213,6 +1368,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
+@@ -1214,6 +1369,17 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -657,7 +601,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1232,16 +1398,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1233,16 +1399,6 @@ psa_status_t psa_driver_wrapper_cipher_update(
{
switch( operation->id )
{
@@ -674,7 +618,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1256,6 +1412,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
+@@ -1257,6 +1413,21 @@ psa_status_t psa_driver_wrapper_cipher_update(
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -696,7 +640,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1276,14 +1447,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1277,14 +1448,6 @@ psa_status_t psa_driver_wrapper_cipher_finish(
{
switch( operation->id )
{
@@ -711,7 +655,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1296,6 +1459,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
+@@ -1297,6 +1460,18 @@ psa_status_t psa_driver_wrapper_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -730,7 +674,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1313,11 +1488,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1314,11 +1489,6 @@ psa_status_t psa_driver_wrapper_cipher_abort(
switch( operation->id )
{
@@ -742,7 +686,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1336,6 +1506,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
+@@ -1337,6 +1507,18 @@ psa_status_t psa_driver_wrapper_cipher_abort(
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -761,7 +705,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1357,15 +1539,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
+@@ -1358,15 +1540,21 @@ psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
@@ -785,7 +729,7 @@
status = mbedtls_psa_hash_compute( alg, input, input_length,
hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
-@@ -1389,6 +1577,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1390,6 +1578,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
@@ -793,7 +737,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
-@@ -1399,8 +1588,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
+@@ -1400,8 +1589,18 @@ psa_status_t psa_driver_wrapper_hash_setup(
return( status );
#endif
@@ -813,7 +757,7 @@
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1421,18 +1620,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
+@@ -1422,18 +1621,26 @@ psa_status_t psa_driver_wrapper_hash_clone(
{
switch( source_operation->id )
{
@@ -846,7 +790,7 @@
#endif
default:
(void) target_operation;
-@@ -1447,16 +1654,23 @@ psa_status_t psa_driver_wrapper_hash_update(
+@@ -1448,16 +1655,23 @@ psa_status_t psa_driver_wrapper_hash_update(
{
switch( operation->id )
{
@@ -875,7 +819,7 @@
#endif
default:
(void) input;
-@@ -1473,16 +1687,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
+@@ -1474,16 +1688,23 @@ psa_status_t psa_driver_wrapper_hash_finish(
{
switch( operation->id )
{
@@ -904,7 +848,7 @@
#endif
default:
(void) hash;
-@@ -1497,14 +1718,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
+@@ -1498,14 +1719,20 @@ psa_status_t psa_driver_wrapper_hash_abort(
{
switch( operation->id )
{
@@ -929,24 +873,18 @@
#endif
default:
return( PSA_ERROR_BAD_STATE );
-@@ -1543,24 +1770,39 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+@@ -1544,7 +1771,20 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
--
-- /* Fell through, meaning no accelerator supports this operation */
-- return( mbedtls_psa_aead_encrypt(
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
-- ciphertext, ciphertext_size, ciphertext_length ) );
--
-- /* Add cases for opaque driver here */
++ attributes, key_buffer, key_buffer_size,
++ alg,
++ nonce, nonce_length,
++ additional_data, additional_data_length,
++ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length );
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
@@ -954,21 +892,18 @@
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ break;
+#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+
-+ /* Fell through, meaning no accelerator supports this operation */
-+ return( mbedtls_psa_aead_encrypt(
-+ attributes, key_buffer, key_buffer_size,
-+ alg,
-+ nonce, nonce_length,
-+ additional_data, additional_data_length,
-+ plaintext, plaintext_length,
-+ ciphertext, ciphertext_size, ciphertext_length ) );
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+
-+ /* Add cases for opaque driver here */
- default:
- /* Key is declared with a lifetime not known to us */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_encrypt(
+@@ -1554,6 +1794,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length ) );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Add cases for opaque driver here */
+
+@@ -1562,6 +1803,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -976,7 +911,7 @@
}
psa_status_t psa_driver_wrapper_aead_decrypt(
-@@ -1595,7 +1837,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1596,7 +1838,20 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -998,7 +933,7 @@
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_decrypt(
-@@ -1605,6 +1860,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1606,6 +1861,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length ) );
@@ -1006,15 +941,48 @@
/* Add cases for opaque driver here */
-@@ -1613,6 +1869,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
+@@ -1614,6 +1870,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
+ return status;
}
+ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+@@ -1622,14 +1879,27 @@ psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
+ if( operation == NULL || tag_len == NULL )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
++ switch( operation->id )
++ {
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
++#if defined(PSA_CRYPTO_DRIVER_CC3XX)
++ case PSA_CRYPTO_CC3XX_DRIVER_ID:
++ *tag_len = operation->ctx.cc3xx_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+- *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
+- return ( PSA_SUCCESS );
+-#endif
++ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
++ *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
++ return ( PSA_SUCCESS );
+ #endif
+- *tag_len = operation->ctx.mbedtls_ctx.tag_length;
+- return ( PSA_SUCCESS );
++#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
++ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
++ *tag_len = operation->ctx.mbedtls_ctx.tag_length;
++ return ( PSA_SUCCESS );
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++ }
++
++ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
-@@ -1643,7 +1900,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1660,7 +1930,18 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1034,7 +1002,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1651,9 +1919,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1668,9 +1949,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
&operation->ctx.mbedtls_ctx, attributes,
key_buffer, key_buffer_size,
alg );
@@ -1046,7 +1014,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1661,6 +1928,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+@@ -1678,6 +1958,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1054,7 +1022,7 @@
}
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
-@@ -1692,7 +1960,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1709,7 +1990,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1075,7 +1043,7 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-@@ -1701,9 +1981,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1718,9 +2011,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
attributes,
key_buffer, key_buffer_size,
alg );
@@ -1087,7 +1055,7 @@
/* Add cases for opaque driver here */
default:
-@@ -1711,6 +1990,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+@@ -1728,6 +2020,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1095,7 +1063,7 @@
}
psa_status_t psa_driver_wrapper_aead_set_nonce(
-@@ -1720,14 +2000,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1737,14 +2030,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
{
switch( operation->id )
{
@@ -1110,7 +1078,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1738,6 +2010,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
+@@ -1755,6 +2040,20 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1131,7 +1099,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1754,14 +2040,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1771,14 +2070,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
{
switch( operation->id )
{
@@ -1146,7 +1114,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1772,6 +2050,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
+@@ -1789,6 +2080,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1167,7 +1135,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1788,14 +2080,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1805,14 +2110,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
{
switch( operation->id )
{
@@ -1182,7 +1150,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1806,6 +2090,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
+@@ -1823,6 +2120,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1203,7 +1171,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1825,15 +2123,6 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1842,15 +2153,6 @@ psa_status_t psa_driver_wrapper_aead_update(
{
switch( operation->id )
{
@@ -1219,7 +1187,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1845,6 +2134,22 @@ psa_status_t psa_driver_wrapper_aead_update(
+@@ -1862,6 +2164,22 @@ psa_status_t psa_driver_wrapper_aead_update(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1242,7 +1210,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1868,16 +2173,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1885,16 +2203,6 @@ psa_status_t psa_driver_wrapper_aead_finish(
{
switch( operation->id )
{
@@ -1259,7 +1227,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1889,6 +2184,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
+@@ -1906,6 +2214,23 @@ psa_status_t psa_driver_wrapper_aead_finish(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1283,7 +1251,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1912,7 +2224,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -1929,7 +2254,28 @@ psa_status_t psa_driver_wrapper_aead_verify(
{
switch( operation->id )
{
@@ -1313,7 +1281,7 @@
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-@@ -1939,20 +2272,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
+@@ -1956,20 +2302,6 @@ psa_status_t psa_driver_wrapper_aead_verify(
return( status );
}
@@ -1334,7 +1302,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -1970,12 +2289,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -1987,12 +2319,6 @@ psa_status_t psa_driver_wrapper_aead_abort(
{
switch( operation->id )
{
@@ -1347,7 +1315,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -1985,6 +2298,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
+@@ -2002,6 +2328,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
/* Add cases for opaque driver here */
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1365,7 +1333,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
-@@ -2024,8 +2348,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2041,8 +2378,16 @@ psa_status_t psa_driver_wrapper_mac_compute(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1384,7 +1352,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
-@@ -2060,6 +2392,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
+@@ -2077,6 +2422,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
(void) status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1392,7 +1360,7 @@
}
psa_status_t psa_driver_wrapper_mac_sign_setup(
-@@ -2092,8 +2425,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2109,8 +2455,19 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1414,7 +1382,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2132,6 +2476,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
+@@ -2149,6 +2506,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
(void) alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1422,7 +1390,7 @@
}
psa_status_t psa_driver_wrapper_mac_verify_setup(
-@@ -2164,8 +2509,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2181,8 +2539,19 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1444,7 +1412,7 @@
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
attributes,
-@@ -2204,6 +2560,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
+@@ -2221,6 +2590,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
(void) alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -1452,7 +1420,7 @@
}
psa_status_t psa_driver_wrapper_mac_update(
-@@ -2213,12 +2570,6 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2230,12 +2600,6 @@ psa_status_t psa_driver_wrapper_mac_update(
{
switch( operation->id )
{
@@ -1465,7 +1433,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2231,6 +2582,14 @@ psa_status_t psa_driver_wrapper_mac_update(
+@@ -2248,6 +2612,14 @@ psa_status_t psa_driver_wrapper_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1480,7 +1448,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) input;
-@@ -2247,12 +2606,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2264,12 +2636,6 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
{
switch( operation->id )
{
@@ -1493,7 +1461,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2265,6 +2618,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
+@@ -2282,6 +2648,15 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1509,7 +1477,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2281,12 +2643,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2298,12 +2673,6 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
{
switch( operation->id )
{
@@ -1522,7 +1490,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2299,6 +2655,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
+@@ -2316,6 +2685,16 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1539,7 +1507,7 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void) mac;
-@@ -2312,11 +2678,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2329,11 +2708,6 @@ psa_status_t psa_driver_wrapper_mac_abort(
{
switch( operation->id )
{
@@ -1551,7 +1519,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-@@ -2326,10 +2687,176 @@ psa_status_t psa_driver_wrapper_mac_abort(
+@@ -2343,6 +2717,13 @@ psa_status_t psa_driver_wrapper_mac_abort(
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1562,21 +1530,22 @@
+#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ default:
-+ return( PSA_ERROR_INVALID_ARGUMENT );
-+ }
-+}
-+
-+/*
+ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+@@ -2350,7 +2731,58 @@ psa_status_t psa_driver_wrapper_mac_abort(
+ }
+
+ /*
+- * Asymmetric cryptography
+ * Key agreement functions
+ */
+psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *priv_key, size_t priv_key_size,
+ const uint8_t *publ_key, size_t publ_key_size,
-+ uint8_t *output, size_t output_size, size_t *output_length,
-+ psa_algorithm_t alg )
++ uint8_t *output, size_t output_size, size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
@@ -1601,7 +1570,7 @@
+ alg );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
- #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
++#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ (void) status;
+ return ( PSA_ERROR_NOT_SUPPORTED );
+ default:
@@ -1621,26 +1590,13 @@
+
+/*
+ * Asymmetric operations
-+ */
-+psa_status_t psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-+
-+ psa_key_location_t location =
-+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-+
-+ switch( location )
-+ {
-+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+ /* Key is stored in the slot in export representation, so
-+ * cycle through all known transparent accelerators */
-+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ */
+ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+@@ -2368,6 +2800,20 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_encrypt( attributes,
+ key_buffer,
@@ -1655,45 +1611,13 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ (void) status;
-+ return ( PSA_ERROR_NOT_SUPPORTED );
- default:
-+ /* Key is declared with a lifetime not known to us */
-+ (void) key_buffer;
-+ (void) key_buffer_size;
-+ (void) alg;
-+ (void) input;
-+ (void) input_length;
-+ (void) salt;
-+ (void) salt_length;
-+ (void) output;
-+ (void) output_size;
-+ (void) output_length;
-+
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
- }
-
-+psa_status_t psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-+
-+ psa_key_location_t location =
-+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-+
-+ switch( location )
-+ {
-+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
-+ /* Key is stored in the slot in export representation, so
-+ * cycle through all known transparent accelerators */
-+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
+@@ -2426,6 +2872,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+ status = cc3xx_asymmetric_decrypt( attributes,
+ key_buffer,
@@ -1708,66 +1632,34 @@
+ output_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
-+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-+ (void) status;
-+ return( PSA_ERROR_NOT_SUPPORTED );
-+ default:
-+ /* Key is declared with a lifetime not known to us */
-+ (void) key_buffer;
-+ (void) key_buffer_size;
-+ (void) alg;
-+ (void) input;
-+ (void) input_length;
-+ (void) salt;
-+ (void) salt_length;
-+ (void) output;
-+ (void) output_size;
-+ (void) output_length;
-+
-+ return( PSA_ERROR_INVALID_ARGUMENT );
-+ }
-+}
- #endif /* MBEDTLS_PSA_CRYPTO_C */
+ #if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
+ key_buffer, key_buffer_size, alg, input, input_length,
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
-index e09e4ed7..9ebdb366 100644
+index 12c649da3..ac0cd1d89 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
-@@ -329,6 +329,35 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
- psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation );
+@@ -361,6 +361,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+ size_t output_size,
+ size_t *output_length );
+/*
+ * Key agreement functions
+ */
+psa_status_t psa_driver_wrapper_key_agreement(
++ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
-+ const uint8_t *priv_key, size_t priv_key_size,
-+ const uint8_t *publ_key, size_t peer_key_size,
-+ uint8_t *output, size_t output_size, size_t *output_length,
-+ psa_algorithm_t alg );
-+
-+/*
-+ * Asymmetric operations
-+ */
-+psa_status_t psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length);
-+
-+psa_status_t psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t *attributes,
-+ const uint8_t *key_buffer,
-+ size_t key_buffer_size, psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length);
++ const uint8_t *priv_key,
++ size_t priv_key_size,
++ const uint8_t *publ_key,
++ size_t peer_key_size,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
similarity index 99%
rename from lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
rename to lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
index ae3b950..acd7f6d 100644
--- a/lib/ext/mbedcrypto/0007-Add-LMS-implementation.patch
+++ b/lib/ext/mbedcrypto/0005-Add-LMS-implementation.patch
@@ -1,7 +1,7 @@
-From 9bbe4b0c89e2f92f8e661955b91d06c80cde7b77 Mon Sep 17 00:00:00 2001
+From 37bad45c56543a289be7854a8723d9b29c0b8cb2 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Wed, 21 Jul 2021 12:42:15 +0100
-Subject: [PATCH 7/8] Add LMS implementation
+Subject: [PATCH 5/5] Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.
@@ -21,8 +21,8 @@
tests/suites/test_suite_lmots.data | 29 +
tests/suites/test_suite_lmots.function | 108 ++++
tests/suites/test_suite_lms.data | 32 ++
- tests/suites/test_suite_lms.function | 85 +++
- 15 files changed, 2287 insertions(+), 1 deletion(-)
+ tests/suites/test_suite_lms.function | 84 +++
+ 15 files changed, 2286 insertions(+), 1 deletion(-)
create mode 100644 ChangeLog.d/LMS.txt
create mode 100644 include/mbedtls/lmots.h
create mode 100644 include/mbedtls/lms.h
@@ -35,7 +35,7 @@
diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt
new file mode 100644
-index 00000000..0f09f018
+index 000000000..0f09f0186
--- /dev/null
+++ b/ChangeLog.d/LMS.txt
@@ -0,0 +1,12 @@
@@ -52,10 +52,10 @@
+ required for LMS. This can be used independently, but each key can only be
+ used to sign one message so is impractical for most circumstances.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
-index ce97f6a3..96a89a63 100644
+index 5fe984984..c3017aef3 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
-@@ -291,6 +291,16 @@
+@@ -333,6 +333,16 @@
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
#endif
@@ -73,7 +73,7 @@
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
-index 8b2b9ea5..73d61dbc 100644
+index 8b2b9ea58..73d61dbc6 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -82,6 +82,8 @@
@@ -87,7 +87,7 @@
* Name ID Nr of Errors
diff --git a/include/mbedtls/lmots.h b/include/mbedtls/lmots.h
new file mode 100644
-index 00000000..c98f3bfd
+index 000000000..c98f3bfd7
--- /dev/null
+++ b/include/mbedtls/lmots.h
@@ -0,0 +1,303 @@
@@ -396,7 +396,7 @@
+#endif /* MBEDTLS_LMOTS_H */
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
new file mode 100644
-index 00000000..77559e24
+index 000000000..77559e24b
--- /dev/null
+++ b/include/mbedtls/lms.h
@@ -0,0 +1,271 @@
@@ -672,10 +672,10 @@
+
+#endif /* MBEDTLS_LMS_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
-index 0558ee00..3c886ebd 100644
+index 1c60ec8e4..dd2841459 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
-@@ -2361,6 +2361,34 @@
+@@ -2405,6 +2405,34 @@
*/
#define MBEDTLS_HMAC_DRBG_C
@@ -711,7 +711,7 @@
* \def MBEDTLS_NIST_KW_C
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 07599f5d..aea6c2e7 100644
+index 0884f57ae..f52195be3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -40,6 +40,8 @@ set(src_crypto
@@ -724,7 +724,7 @@
md5.c
memory_buffer_alloc.c
diff --git a/library/Makefile b/library/Makefile
-index 5c23aebf..cca9556c 100644
+index f5ff474ec..dfe76c139 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -105,6 +105,8 @@ OBJS_CRYPTO= \
@@ -738,7 +738,7 @@
memory_buffer_alloc.o \
diff --git a/library/lmots.c b/library/lmots.c
new file mode 100644
-index 00000000..7319d29b
+index 000000000..7319d29be
--- /dev/null
+++ b/library/lmots.c
@@ -0,0 +1,684 @@
@@ -1428,7 +1428,7 @@
+#endif /* MBEDTLS_LMOTS_C */
diff --git a/library/lms.c b/library/lms.c
new file mode 100644
-index 00000000..e1ac7b93
+index 000000000..e1ac7b935
--- /dev/null
+++ b/library/lms.c
@@ -0,0 +1,718 @@
@@ -2151,7 +2151,7 @@
+
+#endif /* MBEDTLS_LMS_C */
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
-index 0a03f02e..d333f659 100755
+index 0a03f02e9..d333f6590 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -47,7 +47,7 @@ my $error_format_file = $data_dir.'/error.fmt';
@@ -2165,7 +2165,7 @@
my @high_level_modules = qw( CIPHER DHM ECP MD
diff --git a/tests/suites/test_suite_lmots.data b/tests/suites/test_suite_lmots.data
new file mode 100644
-index 00000000..ed192bf7
+index 000000000..ed192bf7d
--- /dev/null
+++ b/tests/suites/test_suite_lmots.data
@@ -0,0 +1,29 @@
@@ -2200,7 +2200,7 @@
+lmots_reuse_test:"cfcd1e81193e310c9d931d1b00818d14"
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
new file mode 100644
-index 00000000..6de94d12
+index 000000000..6de94d124
--- /dev/null
+++ b/tests/suites/test_suite_lmots.function
@@ -0,0 +1,108 @@
@@ -2314,7 +2314,7 @@
+/* END_CASE */
diff --git a/tests/suites/test_suite_lms.data b/tests/suites/test_suite_lms.data
new file mode 100644
-index 00000000..b17fddc1
+index 000000000..b17fddc15
--- /dev/null
+++ b/tests/suites/test_suite_lms.data
@@ -0,0 +1,32 @@
@@ -2352,10 +2352,10 @@
+lms_import_export_test:"00000006000000046B0927585C8547228D495361D73B970C287A2254BF8F1B170E55ACC9520A56CE5D2C711B6617718B49247D28CCC6D11D"
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
new file mode 100644
-index 00000000..b19d074f
+index 000000000..c3ebb9214
--- /dev/null
+++ b/tests/suites/test_suite_lms.function
-@@ -0,0 +1,85 @@
+@@ -0,0 +1,84 @@
+/* BEGIN_HEADER */
+#include "mbedtls/lms.h"
+#include "mbedtls/entropy.h"
@@ -2440,7 +2440,6 @@
+ mbedtls_lms_free( &ctx );
+}
+/* END_CASE */
-+
--
-2.17.1
+2.25.1
diff --git a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
deleted file mode 100644
index 271ed97..0000000
--- a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 72d36ceab1854403646db0f1d1d8d39431806bb6 Mon Sep 17 00:00:00 2001
-From: Summer Qin <summer.qin@arm.com>
-Date: Wed, 18 May 2022 18:13:12 +0800
-Subject: [PATCH 5/8] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-
-Signed-off-by: Summer Qin <summer.qin@arm.com>
----
- include/mbedtls/config_psa.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
-index 68dda0f3..13e64dd7 100644
---- a/include/mbedtls/config_psa.h
-+++ b/include/mbedtls/config_psa.h
-@@ -31,9 +31,17 @@
- #define MBEDTLS_CONFIG_PSA_H
-
- #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
-+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-+#else
- #include "psa/crypto_config.h"
-+#endif
- #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
-+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-+#endif
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
---
-2.17.1
-
diff --git a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
deleted file mode 100644
index ef5aafb..0000000
--- a/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 5be6ef47c3ad2e8befc1882d362a1ee66918796c Mon Sep 17 00:00:00 2001
-From: Antonio de Angelis <Antonio.deAngelis@arm.com>
-Date: Thu, 5 May 2022 14:11:32 +0100
-Subject: [PATCH 6/8] Fix key_id and owner_id accessor macros
-
-The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
-need to have the MBEDTLS_PRIVATE() specifier as these fields are private
-
-Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
----
- include/psa/crypto_values.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
-index 5a903f86..2d39625d 100644
---- a/include/psa/crypto_values.h
-+++ b/include/psa/crypto_values.h
-@@ -2242,8 +2242,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
- #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
- #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
--#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
--#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
-+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).MBEDTLS_PRIVATE(key_id) )
-+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).MBEDTLS_PRIVATE(owner) )
-
- /** Utility to initialize a key identifier at runtime.
- *
---
-2.17.1
-