diff --git a/applications/serial_lte_modem/overlay-native_tls.conf b/applications/serial_lte_modem/overlay-native_tls.conf
index beb64a8a0701..c8245dd9edd8 100644
--- a/applications/serial_lte_modem/overlay-native_tls.conf
+++ b/applications/serial_lte_modem/overlay-native_tls.conf
@@ -38,6 +38,8 @@ CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_CCM_C=y
CONFIG_MBEDTLS_GCM_C=y
+CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
+CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=y
# Enable ECC
CONFIG_MBEDTLS_ECP_C=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y
@@ -56,10 +58,13 @@ CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y
# Enable RSA
-CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
CONFIG_MBEDTLS_RSA_C=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
CONFIG_MBEDTLS_PKCS1_V15=y
CONFIG_MBEDTLS_MPI_MAX_SIZE=512
+CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
+CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
+CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
# Enable SHA
CONFIG_MBEDTLS_SHA256_C=y
CONFIG_MBEDTLS_SHA512_C=y
diff --git a/doc/nrf/libraries/nrf_security/doc/mbed_tls_header.rst b/doc/nrf/libraries/nrf_security/doc/mbed_tls_header.rst
index afd7250c096d..13f1f59973ab 100644
--- a/doc/nrf/libraries/nrf_security/doc/mbed_tls_header.rst
+++ b/doc/nrf/libraries/nrf_security/doc/mbed_tls_header.rst
@@ -16,8 +16,6 @@ Complete the following steps:
* `CONFIG_GENERATE_MBEDTLS_CFG_FILE=n`.
* `CONFIG_MBEDTLS_CFG_FILE="custom-name-nrf-config.h"`.
- * `CONFIG_MBEDTLS_USER_CONFIG_FILE="empty_file.h"`.
-#. Create an empty file named :file:`empty_file.h`.
#. Edit :file:`custom-name-nrf-config.h` with your custom configuration.
#. If the header files are not already in the include path, add them by editing the application build scripts.
diff --git a/ext/oberon/psa/core/include/mbedtls/aes.h b/ext/oberon/psa/core/include/mbedtls/aes.h
deleted file mode 100644
index 1cd20fe06cb6..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/aes.h
+++ /dev/null
@@ -1,636 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief This file contains AES definitions and functions.
- *
- * The Advanced Encryption Standard (AES) specifies a FIPS-approved
- * cryptographic algorithm that can be used to protect electronic
- * data.
- *
- * The AES algorithm is a symmetric block cipher that can
- * encrypt and decrypt information. For more information, see
- * FIPS Publication 197: Advanced Encryption Standard and
- * ISO/IEC 18033-2:2006: Information technology -- Security
- * techniques -- Encryption algorithms -- Part 2: Asymmetric
- * ciphers.
- *
- * The AES-XTS block mode is standardized by NIST SP 800-38E
- *
- * and described in detail by IEEE P1619
- * .
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-#include
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-/** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
-/** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
-
-/* Error codes in range 0x0021-0x0025 */
-/** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct mbedtls_aes_context
-{
- int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
- size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
- round keys in the buffer. */
- uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
- hold 32 extra Bytes, which can be used for
- one of the following purposes:
- - Alignment if VIA padlock is
- used.
- - Simplifying key expansion in the 256-bit
- case by generating an extra round key.
-
*/
-}
-mbedtls_aes_context;
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct mbedtls_aes_xts_context
-{
- mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
- encryption or decryption. */
- mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
- computation. */
-} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#else /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-/**
- * \brief This function initializes the specified AES context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
-
-/**
- * \brief This function releases and clears the specified AES context.
- *
- * \param ctx The AES context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function initializes the specified AES XTS context.
- *
- * It must be the first API called before using
- * the context.
- *
- * \param ctx The AES XTS context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
-
-/**
- * \brief This function releases and clears the specified AES XTS context.
- *
- * \param ctx The AES XTS context to clear.
- * If this is \c NULL, this function does nothing.
- * Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function sets the encryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed in bits. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function sets the decryption key.
- *
- * \param ctx The AES context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of data passed. Valid options are:
- * - 128 bits
- * - 192 bits
- * - 256 bits
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function prepares an XTS context for encryption and
- * sets the encryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The encryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief This function prepares an XTS context for decryption and
- * sets the decryption key.
- *
- * \param ctx The AES XTS context to which the key should be bound.
- * It must be initialized.
- * \param key The decryption key. This is comprised of the XTS key1
- * concatenated with the XTS key2.
- * This must be a readable buffer of size \p keybits bits.
- * \param keybits The size of \p key passed in bits. Valid options are:
- * - 256 bits (each of key1 and key2 is a 128-bit key)
- * - 512 bits (each of key1 and key2 is a 256-bit key)
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief This function performs an AES single-block encryption or
- * decryption operation.
- *
- * It performs the operation defined in the \p mode parameter
- * (encrypt or decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- * mbedtls_aes_setkey_dec() must be called before the first
- * call to this API with the same context.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param input The buffer holding the input data.
- * It must be readable and at least \c 16 Bytes long.
- * \param output The buffer where the output data will be written.
- * It must be writeable and at least \c 16 Bytes long.
-
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief This function performs an AES-CBC encryption or decryption operation
- * on full blocks.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined in
- * the \p input parameter.
- *
- * It can be called as many times as needed, until all the input
- * data is processed. mbedtls_aes_init(), and either
- * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- * before the first call to this API with the same context.
- *
- * \note This function operates on full blocks, that is, the input size
- * must be a multiple of the AES block size of \c 16 Bytes.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the IV, you should
- * either save it manually or use the cipher module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes. This must be a
- * multiple of the block size (\c 16 Bytes).
- * \param iv Initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- * on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief This function performs an AES-XTS encryption or decryption
- * operation for an entire XTS data unit.
- *
- * AES-XTS encrypts or decrypts blocks based on their location as
- * defined by a data unit number. The data unit number must be
- * provided by \p data_unit.
- *
- * NIST SP 800-38E limits the maximum size of a data unit to 2^20
- * AES blocks. If the data unit is larger than this, this function
- * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
- *
- * \param ctx The AES XTS context to use for AES XTS operations.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of a data unit in Bytes. This can be any
- * length between 16 bytes and 2^24 bytes inclusive
- * (between 1 and 2^20 block cipher blocks).
- * \param data_unit The address of the data unit encoded as an array of 16
- * bytes in little-endian format. For disk encryption, this
- * is typically the index of the block device sector that
- * contains the data.
- * \param input The buffer holding the input data (which is an entire
- * data unit). This function reads \p length Bytes from \p
- * input.
- * \param output The buffer holding the output data (which is an entire
- * data unit). This function writes \p length Bytes to \p
- * output.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- * smaller than an AES block in size (16 Bytes) or if \p
- * length is larger than 2^20 blocks (16 MiB).
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt or decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
- * For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- * regardless of whether you are performing an encryption or decryption
- * operation, that is, regardless of the \p mode parameter. This is
- * because CFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you must either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data in Bytes.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- * operation.
- *
- * It performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer defined
- * in the \p input parameter.
- *
- * Due to the nature of CFB, you must use the same key schedule for
- * both encryption and decryption operations. Therefore, you must
- * use the context initialized with mbedtls_aes_setkey_enc() for
- * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the same function again on the next
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
- * #MBEDTLS_AES_DECRYPT
- * \param length The length of the input data.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/**
- * \brief This function performs an AES-OFB (Output Feedback Mode)
- * encryption or decryption operation.
- *
- * For OFB, you must set up the context with
- * mbedtls_aes_setkey_enc(), regardless of whether you are
- * performing an encryption or decryption operation. This is
- * because OFB mode uses the same key schedule for encryption and
- * decryption.
- *
- * The OFB operation is identical for encryption or decryption,
- * therefore no operation mode needs to be specified.
- *
- * \note Upon exit, the content of iv, the Initialisation Vector, is
- * updated so that you can call the same function again on the next
- * block(s) of data and get the same result as if it was encrypted
- * in one call. This allows a "streaming" usage, by initialising
- * iv_off to 0 before the first call, and preserving its value
- * between calls.
- *
- * For non-streaming use, the iv should be initialised on each call
- * to a unique value, and iv_off set to 0 on each call.
- *
- * If you need to retain the contents of the initialisation vector,
- * you must either save it manually or use the cipher module
- * instead.
- *
- * \warning For the OFB mode, the initialisation vector must be unique
- * every encryption operation. Reuse of an initialisation vector
- * will compromise security.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param iv_off The offset in IV (updated after use).
- * It must point to a valid \c size_t.
- * \param iv The initialization vector (updated after use).
- * It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
-
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief This function performs an AES-CTR encryption or decryption
- * operation.
- *
- * Due to the nature of CTR, you must use the same key schedule
- * for both encryption and decryption operations. Therefore, you
- * must use the context initialized with mbedtls_aes_setkey_enc()
- * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**128
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first 12 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 12 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**96 messages of up to 2**32 blocks each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter. An alternative is to generate random nonces, but this
- * limits the number of messages that can be securely encrypted:
- * for example, with 96-bit random nonces, you should not encrypt
- * more than 2**32 messages with the same key.
- *
- * Note that for both strategies, sizes are measured in blocks and
- * that an AES block is 16 bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The AES context to use for encryption or decryption.
- * It must be initialized and bound to a key.
- * \param length The length of the input data.
- * \param nc_off The offset in the current \p stream_block, for
- * resuming within the current cipher stream. The
- * offset pointer should be 0 at the start of a stream.
- * It must point to a valid \c size_t.
- * \param nonce_counter The 128-bit nonce and counter.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param stream_block The saved stream block for resuming. This is
- * overwritten by the function.
- * It must be a readable-writeable buffer of \c 16 Bytes.
- * \param input The buffer holding the input data.
- * It must be readable and of size \p length Bytes.
- * \param output The buffer holding the output data.
- * It must be writeable and of size \p length Bytes.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief Internal AES block encryption function. This is only
- * exposed to allow overriding it using
- * \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx The AES context to use for encryption.
- * \param input The plaintext block.
- * \param output The output (ciphertext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-/**
- * \brief Internal AES block decryption function. This is only
- * exposed to allow overriding it using see
- * \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx The AES context to use for decryption.
- * \param input The ciphertext block.
- * \param output The output (plaintext) block.
- *
- * \return \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_aes_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/asn1.h b/ext/oberon/psa/core/include/mbedtls/asn1.h
deleted file mode 100644
index 5e3f3878c12f..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/asn1.h
+++ /dev/null
@@ -1,653 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-#include
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are combined with other error codes for
- * higher error granularity.
- * e.g. X.509 and PKCS #7 error codes
- * ASN1 is a standard to specify data structures.
- * \{
- */
-/** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
-/** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
-/** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
-/** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
-/** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
-/** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
-/** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
-
-/** \} name ASN1 Error codes */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN 0x01
-#define MBEDTLS_ASN1_INTEGER 0x02
-#define MBEDTLS_ASN1_BIT_STRING 0x03
-#define MBEDTLS_ASN1_OCTET_STRING 0x04
-#define MBEDTLS_ASN1_NULL 0x05
-#define MBEDTLS_ASN1_OID 0x06
-#define MBEDTLS_ASN1_ENUMERATED 0x0A
-#define MBEDTLS_ASN1_UTF8_STRING 0x0C
-#define MBEDTLS_ASN1_SEQUENCE 0x10
-#define MBEDTLS_ASN1_SET 0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
-#define MBEDTLS_ASN1_T61_STRING 0x14
-#define MBEDTLS_ASN1_IA5_STRING 0x16
-#define MBEDTLS_ASN1_UTC_TIME 0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
-#define MBEDTLS_ASN1_BMP_STRING 0x1E
-#define MBEDTLS_ASN1_PRIMITIVE 0x00
-#define MBEDTLS_ASN1_CONSTRUCTED 0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
-
-/* Slightly smaller way to check if tag is a string tag
- * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
- ( ( tag ) < 32u && ( \
- ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
- ( 1u << MBEDTLS_ASN1_T61_STRING ) | \
- ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
- ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
- ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit 8 7 6 5 1
- * +-------+-----+------------+
- * | Class | P/C | Tag number |
- * +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
-
-/** \} name DER constants */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
- memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for sequences are not documented and
- * may change in future versions. Set this field to \p NULL when
- * initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_sequence *next;
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
-
- /** The next entry in the sequence.
- *
- * The details of memory management for named data sequences are not
- * documented and may change in future versions. Set this field to \p NULL
- * when initializing a structure, and do not modify it except via Mbed TLS
- * library functions.
- */
- struct mbedtls_asn1_named_data *next;
-
- /** Merge next item into the current one?
- *
- * This field exists for the sake of Mbed TLS's X.509 certificate parsing
- * code and may change in future versions of the library.
- */
- unsigned char MBEDTLS_PRIVATE(next_merged);
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief Get the length of an ASN.1 element.
- * Updates the pointer to immediately behind the length.
- *
- * \param p On entry, \c *p points to the first byte of the length,
- * i.e. immediately after the tag.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Get the tag and length of the element.
- * Check for the requested tag.
- * Updates the pointer to immediately behind the tag and length.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * after the length, i.e. the first byte of the content.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On successful completion, \c *len contains the length
- * read from the ASN.1 input.
- * \param tag The expected tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
- * with the requested tag.
- * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- * would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag );
-
-/**
- * \brief Retrieve a boolean ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value (\c 0 or \c 1).
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BOOLEAN.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve an enumerated ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param val On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 ENUMERATED.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- */
-int mbedtls_asn1_get_enum( unsigned char **p,
- const unsigned char *end,
- int *val );
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param bs On success, ::mbedtls_asn1_bitstring information about
- * the parsed value.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid BIT STRING.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs );
-
-/**
- * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
- * value.
- * Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * of the content of the BIT STRING.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param len On success, \c *len is the length of the content in bytes.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
- * a valid BIT STRING with a nonzero number of unused bits.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
- const unsigned char *end,
- size_t *len );
-
-/**
- * \brief Parses and splits an ASN.1 "SEQUENCE OF ".
- * Updates the pointer to immediately behind the full sequence tag.
- *
- * This function allocates memory for the sequence elements. You can free
- * the allocated memory with mbedtls_asn1_sequence_free().
- *
- * \note On error, this function may return a partial list in \p cur.
- * You must set `cur->next = NULL` before calling this function!
- * Otherwise it is impossible to distinguish a previously non-null
- * pointer from a pointer to an object allocated by this function.
- *
- * \note If the sequence is empty, this function does not modify
- * \c *cur. If the sequence is valid and non-empty, this
- * function sets `cur->buf.tag` to \p tag. This allows
- * callers to distinguish between an empty sequence and
- * a one-element sequence.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p is equal to \p end.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param cur A ::mbedtls_asn1_sequence which this function fills.
- * When this function returns, \c *cur is the head of a linked
- * list. Each node in this list is allocated with
- * mbedtls_calloc() apart from \p cur itself, and should
- * therefore be freed with mbedtls_free().
- * The list describes the content of the sequence.
- * The head of the list (i.e. \c *cur itself) describes the
- * first element, `*cur->next` describes the second element, etc.
- * For each element, `buf.tag == tag`, `buf.len` is the length
- * of the content of the content of the element, and `buf.p`
- * points to the first byte of the content (i.e. immediately
- * past the length of the element).
- * Note that list elements may be allocated even on error.
- * \param tag Each element of the sequence must have this tag.
- *
- * \return 0 if successful.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- * extra data after a valid SEQUENCE OF \p tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
- * an ASN.1 SEQUENCE in which an element has a tag that
- * is different from \p tag.
- * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag );
-/**
- * \brief Free a heap-allocated linked list presentation of
- * an ASN.1 sequence, including the first element.
- *
- * There are two common ways to manage the memory used for the representation
- * of a parsed ASN.1 sequence:
- * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
- * Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head`.
- * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
- * for example on the stack. Make sure that `head->next == NULL`.
- * Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
- * When you have finished processing the sequence,
- * call mbedtls_asn1_sequence_free() on `head->cur`,
- * then free `head` itself in the appropriate manner.
- *
- * \param seq The address of the first sequence component. This may
- * be \c NULL, in which case this functions returns
- * immediately.
- */
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
-
-/**
- * \brief Traverse an ASN.1 SEQUENCE container and
- * call a callback for each entry.
- *
- * This function checks that the input is a SEQUENCE of elements that
- * each have a "must" tag, and calls a callback function on the elements
- * that have a "may" tag.
- *
- * For example, to validate that the input is a SEQUENCE of `tag1` and call
- * `cb` on each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of ANY and call `cb` on
- * each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
- * and call `cb` on each element that is an OCTET STRING, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
- * ```
- *
- * The callback is called on the elements with a "may" tag from left to
- * right. If the input is not a valid SEQUENCE of elements with a "must" tag,
- * the callback is called on the elements up to the leftmost point where
- * the input is invalid.
- *
- * \warning This function is still experimental and may change
- * at any time.
- *
- * \param p The address of the pointer to the beginning of
- * the ASN.1 SEQUENCE header. This is updated to
- * point to the end of the ASN.1 SEQUENCE container
- * on a successful invocation.
- * \param end The end of the ASN.1 SEQUENCE container.
- * \param tag_must_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_must_value.
- * \param tag_must_val The required value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_must_mask.
- * Mismatching tags lead to an error.
- * For example, a value of \c 0 for both \p tag_must_mask
- * and \p tag_must_val means that every tag is allowed,
- * while a value of \c 0xFF for \p tag_must_mask means
- * that \p tag_must_val is the only allowed tag.
- * \param tag_may_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_may_value.
- * \param tag_may_val The desired value of each ASN.1 tag found in the
- * SEQUENCE, after masking with \p tag_may_mask.
- * Mismatching tags will be silently ignored.
- * For example, a value of \c 0 for \p tag_may_mask and
- * \p tag_may_val means that any tag will be considered,
- * while a value of \c 0xFF for \p tag_may_mask means
- * that all tags with value different from \p tag_may_val
- * will be ignored.
- * \param cb The callback to trigger for each component
- * in the ASN.1 SEQUENCE that matches \p tag_may_val.
- * The callback function is called with the following
- * parameters:
- * - \p ctx.
- * - The tag of the current element.
- * - A pointer to the start of the current element's
- * content inside the input.
- * - The length of the content of the current element.
- * If the callback returns a non-zero value,
- * the function stops immediately,
- * forwarding the callback's return value.
- * \param ctx The context to be passed to the callback \p cb.
- *
- * \return \c 0 if successful the entire ASN.1 SEQUENCE
- * was traversed without parsing or callback errors.
- * \return #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
- * contains extra data after a valid SEQUENCE
- * of elements with an accepted tag.
- * \return #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
- * with an ASN.1 SEQUENCE in which an element has a tag
- * that is not accepted.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 SEQUENCE.
- * \return A non-zero error code forwarded from the callback
- * \p cb in case the latter returns a non-zero value.
- */
-int mbedtls_asn1_traverse_sequence_of(
- unsigned char **p,
- const unsigned char *end,
- unsigned char tag_must_mask, unsigned char tag_must_val,
- unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)( void *ctx, int tag,
- unsigned char* start, size_t len ),
- void *ctx );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Retrieve an integer ASN.1 tag and its value.
- * Updates the pointer to immediately behind the full tag.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the ASN.1 element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param X On success, the parsed value.
- *
- * \return 0 if successful.
- * \return An ASN.1 error code if the input does not start with
- * a valid ASN.1 INTEGER.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- * not fit in an \c int.
- * \return An MPI error code if the parsed value is too large.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- * \param params The buffer to receive the parameters.
- * This is zeroized if there are no parameters.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- * params.
- * Updates the pointer to immediately behind the full
- * AlgorithmIdentifier.
- *
- * \param p On entry, \c *p points to the start of the ASN.1 element.
- * On successful completion, \c *p points to the first byte
- * beyond the AlgorithmIdentifier element.
- * On error, the value of \c *p is undefined.
- * \param end End of data.
- * \param alg The buffer to receive the OID.
- *
- * \return 0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg );
-
-/**
- * \brief Find a specific named_data entry in a sequence or list based on
- * the OID.
- *
- * \param list The list to seek through
- * \param oid The OID to look for
- * \param len Size of the OID
- *
- * \return NULL if not found, or a pointer to the existing entry.
- */
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
- const char *oid, size_t len );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief Free a mbedtls_asn1_named_data entry
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- * Please use mbedtls_asn1_free_named_data_list()
- * or mbedtls_asn1_free_named_data_list_shallow().
- *
- * \param entry The named data entry to free.
- * This function calls mbedtls_free() on
- * `entry->oid.p` and `entry->val.p`.
- */
-void MBEDTLS_DEPRECATED mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief Free all entries in a mbedtls_asn1_named_data list.
- *
- * \param head Pointer to the head of the list of named data entries to free.
- * This function calls mbedtls_free() on
- * `entry->oid.p` and `entry->val.p` and then on `entry`
- * for each list entry, and sets \c *head to \c NULL.
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-/**
- * \brief Free all shallow entries in a mbedtls_asn1_named_data list,
- * but do not free internal pointer targets.
- *
- * \param name Head of the list of named data entries to free.
- * This function calls mbedtls_free() on each list element.
- */
-void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name );
-
-/** \} name Functions to parse ASN.1 data structures */
-/** \} addtogroup asn1_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/asn1write.h b/ext/oberon/psa/core/include/mbedtls/asn1write.h
deleted file mode 100644
index e6f0479ca45d..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/asn1write.h
+++ /dev/null
@@ -1,366 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f) \
- do \
- { \
- if( ( ret = (f) ) < 0 ) \
- return( ret ); \
- else \
- (g) += ret; \
- } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Write a length field in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param len The length value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
- size_t len );
-/**
- * \brief Write an ASN.1 tag in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The tag to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
- unsigned char tag );
-
-/**
- * \brief Write raw buffer data.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The data buffer to write.
- * \param size The length of the data buffer.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param X The MPI to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
- const mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
-
-/**
- * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID to write.
- * \param oid_len The length of the OID.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
- const char *oid, size_t oid_len );
-
-/**
- * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param oid The OID of the algorithm to write.
- * \param oid_len The length of the algorithm's OID.
- * \param par_len The length of the parameters, which must be already written.
- * If 0, NULL parameters are added
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
- const unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len );
-
-/**
- * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param boolean The boolean value to write, either \c 0 or \c 1.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
- int boolean );
-
-/**
- * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- * It must be non-negative.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
-
-/**
- * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
- * in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param val The integer value to write.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
-
-/**
- * \brief Write a string in ASN.1 format using a specific
- * string encoding tag.
-
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param tag The string encoding tag to write, e.g.
- * #MBEDTLS_ASN1_UTF8_STRING.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
- int tag, const char *text,
- size_t text_len );
-
-/**
- * \brief Write a string in ASN.1 format using the PrintableString
- * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_printable_string( unsigned char **p,
- const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a UTF8 string in ASN.1 format using the UTF8String
- * string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a string in ASN.1 format using the IA5String
- * string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param text The string to write.
- * \param text_len The length of \p text in bytes (which might
- * be strictly larger than the number of characters).
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
-
-/**
- * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
- * value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t bits );
-
-/**
- * \brief This function writes a named bitstring tag
- * (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
- *
- * As stated in RFC 5280 Appendix B, trailing zeroes are
- * omitted when encoding named bitstrings in DER.
- *
- * \note This function works backwards within the data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer which is used for bounds-checking.
- * \param buf The bitstring to write.
- * \param bits The total number of bits in the bitstring.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
- const unsigned char *start,
- const unsigned char *buf,
- size_t bits );
-
-/**
- * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
- * and value in ASN.1 format.
- *
- * \note This function works backwards in data buffer.
- *
- * \param p The reference to the current position pointer.
- * \param start The start of the buffer, for bounds-checking.
- * \param buf The buffer holding the data to write.
- * \param size The length of the data buffer \p buf.
- *
- * \return The number of bytes written to \p p on success.
- * \return A negative error code on failure.
- */
-int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
-
-/**
- * \brief Create or find a specific named_data entry for writing in a
- * sequence or list based on the OID. If not already in there,
- * a new entry is added to the head of the list.
- * Warning: Destructive behaviour for the val data!
- *
- * \param list The pointer to the location of the head of the list to seek
- * through (will be updated in case of a new entry).
- * \param oid The OID to look for.
- * \param oid_len The size of the OID.
- * \param val The associated data to store. If this is \c NULL,
- * no data is copied to the new or existing buffer.
- * \param val_len The minimum length of the data buffer needed.
- * If this is 0, do not allocate a buffer for the associated
- * data.
- * If the OID was already present, enlarge, shrink or free
- * the existing buffer to fit \p val_len.
- *
- * \return A pointer to the new / existing entry on success.
- * \return \c NULL if there was a memory allocation error.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/bignum.h b/ext/oberon/psa/core/include/mbedtls/bignum.h
deleted file mode 100644
index bb1084a9090c..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/bignum.h
+++ /dev/null
@@ -1,1070 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-#if defined(MBEDTLS_FS_IO)
-#include
-#endif
-
-/** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
-/** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
-/** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
-/** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
-/** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
-
-#define MBEDTLS_MPI_CHK(f) \
- do \
- { \
- if( ( ret = (f) ) != 0 ) \
- goto cleanup; \
- } while( 0 )
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS 10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 6
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can temporarily result in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- * LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
- #if defined(_MSC_VER) && defined(_M_AMD64)
- /* Always choose 64-bit when using MSC */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- ( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) || \
- defined(__aarch64__) )
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
- /*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef __uint128_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(MBEDTLS_HAVE_INT64)
- /* Force 64-bit integers with unknown compiler */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
- /* Default to 32-bit compilation */
- #if !defined(MBEDTLS_HAVE_INT32)
- #define MBEDTLS_HAVE_INT32
- #endif /* !MBEDTLS_HAVE_INT32 */
- typedef int32_t mbedtls_mpi_sint;
- typedef uint32_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- typedef uint64_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-/** \typedef mbedtls_mpi_uint
- * \brief The type of machine digits in a bignum, called _limbs_.
- *
- * This is always an unsigned integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-/** \typedef mbedtls_mpi_sint
- * \brief The signed type corresponding to #mbedtls_mpi_uint.
- *
- * This is always an signed integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief MPI structure
- */
-typedef struct mbedtls_mpi
-{
- /** Sign: -1 if the mpi is negative, 1 otherwise.
- *
- * The number 0 must be represented with `s = +1`. Although many library
- * functions treat all-limbs-zero as equivalent to a valid representation
- * of 0 regardless of the sign bit, there are exceptions, so bignum
- * functions and external callers must always set \c s to +1 for the
- * number zero.
- *
- * Note that this implies that calloc() or `... = {0}` does not create
- * a valid MPI representation. You must call mbedtls_mpi_init().
- */
- int MBEDTLS_PRIVATE(s);
-
- /** Total number of limbs in \c p. */
- size_t MBEDTLS_PRIVATE(n);
-
- /** Pointer to limbs.
- *
- * This may be \c NULL if \c n is 0.
- */
- mbedtls_mpi_uint *MBEDTLS_PRIVATE(p);
-}
-mbedtls_mpi;
-
-/**
- * \brief Initialize an MPI context.
- *
- * This makes the MPI ready to be set or freed,
- * but does not define a value for the MPI.
- *
- * \param X The MPI context to initialize. This must not be \c NULL.
- */
-void mbedtls_mpi_init( mbedtls_mpi *X );
-
-/**
- * \brief This function frees the components of an MPI context.
- *
- * \param X The MPI context to be cleared. This may be \c NULL,
- * in which case this function is a no-op. If it is
- * not \c NULL, it must point to an initialized MPI.
- */
-void mbedtls_mpi_free( mbedtls_mpi *X );
-
-/**
- * \brief Enlarge an MPI to the specified number of limbs.
- *
- * \note This function does nothing if the MPI is
- * already large enough.
- *
- * \param X The MPI to grow. It must be initialized.
- * \param nblimbs The target number of limbs.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief This function resizes an MPI downwards, keeping at least the
- * specified number of limbs.
- *
- * If \c X is smaller than \c nblimbs, it is resized up
- * instead.
- *
- * \param X The MPI to shrink. This must point to an initialized MPI.
- * \param nblimbs The minimum number of limbs to keep.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- * (this can only happen when resizing up).
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief Make a copy of an MPI.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param Y The source MPI. This must point to an initialized MPI.
- *
- * \note The limb-buffer in the destination MPI is enlarged
- * if necessary to hold the value in the source MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Swap the contents of two MPIs.
- *
- * \param X The first MPI. It must be initialized.
- * \param Y The second MPI. It must be initialized.
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
-
-/**
- * \brief Perform a safe conditional copy of MPI which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The MPI to conditionally assign to. This must point
- * to an initialized MPI.
- * \param Y The MPI to be assigned from. This must point to an
- * initialized MPI.
- * \param assign The condition deciding whether to perform the
- * assignment or not. Must be either 0 or 1:
- * * \c 1: Perform the assignment `X = Y`.
- * * \c 0: Keep the original value of \p X.
- *
- * \note This function is equivalent to
- * `if( assign ) mbedtls_mpi_copy( X, Y );`
- * except that it avoids leaking any information about whether
- * the assignment was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \warning If \p assign is neither 0 nor 1, the result of this function
- * is indeterminate, and the resulting value in \p X might be
- * neither its original value nor the value in \p Y.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief Perform a safe conditional swap which doesn't
- * reveal whether the condition was true or not.
- *
- * \param X The first MPI. This must be initialized.
- * \param Y The second MPI. This must be initialized.
- * \param swap The condition deciding whether to perform
- * the swap or not. Must be either 0 or 1:
- * * \c 1: Swap the values of \p X and \p Y.
- * * \c 0: Keep the original values of \p X and \p Y.
- *
- * \note This function is equivalent to
- * if( swap ) mbedtls_mpi_swap( X, Y );
- * except that it avoids leaking any information about whether
- * the swap was done or not (the above code may leak
- * information through branch prediction and/or memory access
- * patterns analysis).
- *
- * \warning If \p swap is neither 0 nor 1, the result of this function
- * is indeterminate, and both \p X and \p Y might end up with
- * values different to either of the original ones.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- *
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap );
-
-/**
- * \brief Store integer value in MPI.
- *
- * \param X The MPI to set. This must be initialized.
- * \param z The value to use.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Get a specific bit from an MPI.
- *
- * \param X The MPI to query. This must be initialized.
- * \param pos Zero-based index of the bit to query.
- *
- * \return \c 0 or \c 1 on success, depending on whether bit \c pos
- * of \c X is unset or set.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
-
-/**
- * \brief Modify a specific bit in an MPI.
- *
- * \note This function will grow the target MPI if necessary to set a
- * bit to \c 1 in a not yet existing limb. It will not grow if
- * the bit should be set to \c 0.
- *
- * \param X The MPI to modify. This must be initialized.
- * \param pos Zero-based index of the bit to modify.
- * \param val The desired value of bit \c pos: \c 0 or \c 1.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
-
-/**
- * \brief Return the number of bits of value \c 0 before the
- * least significant bit of value \c 1.
- *
- * \note This is the same as the zero-based index of
- * the least significant bit of value \c 1.
- *
- * \param X The MPI to query.
- *
- * \return The number of bits of value \c 0 before the least significant
- * bit of value \c 1 in \p X.
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
-
-/**
- * \brief Return the number of bits up to and including the most
- * significant bit of value \c 1.
- *
- * * \note This is same as the one-based index of the most
- * significant bit of value \c 1.
- *
- * \param X The MPI to query. This must point to an initialized MPI.
- *
- * \return The number of bits up to and including the most
- * significant bit of value \c 1.
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
-
-/**
- * \brief Return the total size of an MPI value in bytes.
- *
- * \param X The MPI to use. This must point to an initialized MPI.
- *
- * \note The value returned by this function may be less than
- * the number of bytes used to store \p X internally.
- * This happens if and only if there are trailing bytes
- * of value zero.
- *
- * \return The least number of bytes capable of storing
- * the absolute value of \p X.
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
-
-/**
- * \brief Import an MPI from an ASCII string.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the input string.
- * \param s Null-terminated string buffer.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
-
-/**
- * \brief Export an MPI to an ASCII string.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the output string.
- * \param buf The buffer to write the string to. This must be writable
- * buffer of length \p buflen Bytes.
- * \param buflen The available size in Bytes of \p buf.
- * \param olen The address at which to store the length of the string
- * written, including the final \c NULL byte. This must
- * not be \c NULL.
- *
- * \note You can call this function with `buflen == 0` to obtain the
- * minimum required buffer size in `*olen`.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
- * is too small to hold the value of \p X in the desired base.
- * In this case, `*olen` is nonetheless updated to contain the
- * size of \p buf required for a successful call.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Read an MPI from a line in an opened file.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param radix The numeric base of the string representation used
- * in the source line.
- * \param fin The input file handle to use. This must not be \c NULL.
- *
- * \note On success, this function advances the file stream
- * to the end of the current line or to EOF.
- *
- * The function returns \c 0 on an empty line.
- *
- * Leading whitespaces are ignored, as is a
- * '0x' prefix for radix \c 16.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
- * is too small.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
-
-/**
- * \brief Export an MPI into an opened file.
- *
- * \param p A string prefix to emit prior to the MPI data.
- * For example, this might be a label, or "0x" when
- * printing in base \c 16. This may be \c NULL if no prefix
- * is needed.
- * \param X The source MPI. This must point to an initialized MPI.
- * \param radix The numeric base to be used in the emitted string.
- * \param fout The output file handle. This may be \c NULL, in which case
- * the output is written to \c stdout.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
- int radix, FILE *fout );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief Import an MPI from unsigned big endian binary data.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Import X from unsigned binary data, little endian
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param buf The input buffer. This must be a readable buffer of length
- * \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen );
-
-/**
- * \brief Export X into unsigned binary data, big endian.
- * Always fills the whole buffer, which will start with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
- size_t buflen );
-
-/**
- * \brief Export X into unsigned binary data, little endian.
- * Always fills the whole buffer, which will end with zeros
- * if the number is smaller.
- *
- * \param X The source MPI. This must point to an initialized MPI.
- * \param buf The output buffer. This must be a writable buffer of length
- * \p buflen Bytes.
- * \param buflen The size of the output buffer \p buf in Bytes.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- * large enough to hold the value of \p X.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief Perform a left-shift on an MPI: X <<= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Perform a right-shift on an MPI: X >>= count
- *
- * \param X The MPI to shift. This must point to an initialized MPI.
- * \param count The number of bits to shift by.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief Compare the absolute values of two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if `|X|` is greater than `|Y|`.
- * \return \c -1 if `|X|` is lesser than `|Y|`.
- * \return \c 0 if `|X|` is equal to `|Y|`.
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Compare two MPIs.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param Y The right-hand MPI. This must point to an initialized MPI.
- *
- * \return \c 1 if \p X is greater than \p Y.
- * \return \c -1 if \p X is lesser than \p Y.
- * \return \c 0 if \p X is equal to \p Y.
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief Check if an MPI is less than the other in constant time.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI
- * with the same allocated length as Y.
- * \param Y The right-hand MPI. This must point to an initialized MPI
- * with the same allocated length as X.
- * \param ret The result of the comparison:
- * \c 1 if \p X is less than \p Y.
- * \c 0 if \p X is greater than or equal to \p Y.
- *
- * \return 0 on success.
- * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
- * the two input MPIs is not the same.
- */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
- unsigned *ret );
-
-/**
- * \brief Compare an MPI with an integer.
- *
- * \param X The left-hand MPI. This must point to an initialized MPI.
- * \param z The integer value to compare \p X to.
- *
- * \return \c 1 if \p X is greater than \p z.
- * \return \c -1 if \p X is lesser than \p z.
- * \return \c 0 if \p X is equal to \p z.
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief Perform an unsigned addition of MPIs: X = |A| + |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed addition of MPIs: X = A + B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param B The second summand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed subtraction of MPIs: X = A - B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param B The subtrahend. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a signed addition of an MPI and an integer: X = A + b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first summand. This must point to an initialized MPI.
- * \param b The second summand.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a signed subtraction of an MPI and an integer:
- * X = A - b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The minuend. This must point to an initialized MPI.
- * \param b The subtrahend.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a multiplication of two MPIs: X = A * B
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param B The second factor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a multiplication of an MPI with an unsigned integer:
- * X = A * b
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The first factor. This must point to an initialized MPI.
- * \param b The second factor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_uint b );
-
-/**
- * \brief Perform a division with remainder of two MPIs:
- * A = Q * B + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed. This must not alias A or B.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed. This must not alias A or B.
- * \param A The dividend. This must point to an initialized MPI.
- * \param B The divisor. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a division with remainder of an MPI by an integer:
- * A = Q * b + R
- *
- * \param Q The destination MPI for the quotient.
- * This may be \c NULL if the value of the
- * quotient is not needed. This must not alias A.
- * \param R The destination MPI for the remainder value.
- * This may be \c NULL if the value of the
- * remainder is not needed. This must not alias A.
- * \param A The dividend. This must point to an initialized MPi.
- * \param b The divisor.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a modular reduction. R = A mod B
- *
- * \param R The destination MPI for the residue value.
- * This must point to an initialized MPI.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPI.
- * \param B The base of the modular reduction.
- * This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
- * \return Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Perform a modular reduction with respect to an integer.
- * r = A mod b
- *
- * \param r The address at which to store the residue.
- * This must not be \c NULL.
- * \param A The MPI to compute the residue of.
- * This must point to an initialized MPi.
- * \param b The integer base of the modular reduction.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
-
-/**
- * \brief Perform a sliding-window exponentiation: X = A^E mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * This must not alias E or N.
- * \param A The base of the exponentiation.
- * This must point to an initialized MPI.
- * \param E The exponent MPI. This must point to an initialized MPI.
- * \param N The base for the modular reduction. This must point to an
- * initialized MPI.
- * \param prec_RR A helper MPI depending solely on \p N which can be used to
- * speed-up multiple modular exponentiations for the same value
- * of \p N. This may be \c NULL. If it is not \c NULL, it must
- * point to an initialized MPI. If it hasn't been used after
- * the call to mbedtls_mpi_init(), this function will compute
- * the helper value and store it in \p prec_RR for reuse on
- * subsequent calls to this function. Otherwise, the function
- * will assume that \p prec_RR holds the helper value set by a
- * previous call to mbedtls_mpi_exp_mod(), and reuse it.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
- * even, or if \c E is negative.
- * \return Another negative error code on different kinds of failures.
- *
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR );
-
-/**
- * \brief Fill an MPI with a number of random bytes.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param size The number of random bytes to generate.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on failure.
- *
- * \note The bytes obtained from the RNG are interpreted
- * as a big-endian representation of an MPI; this can
- * be relevant in applications like deterministic ECDSA.
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/** Generate a random number uniformly in a range.
- *
- * This function generates a random number between \p min inclusive and
- * \p N exclusive.
- *
- * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
- * when the RNG is a suitably parametrized instance of HMAC_DRBG
- * and \p min is \c 1.
- *
- * \note There are `N - min` possible outputs. The lower bound
- * \p min can be reached, but the upper bound \p N cannot.
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param min The minimum value to return.
- * It must be nonnegative.
- * \param N The upper bound of the range, exclusive.
- * In other words, this is one plus the maximum value to return.
- * \p N must be strictly larger than \p min.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
- * or if they are incompatible.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
- * unable to find a suitable value within a limited number
- * of attempts. This has a negligible probability if \p N
- * is significantly larger than \p min, which is the case
- * for all usual cryptographic applications.
- * \return Another negative error code on failure.
- */
-int mbedtls_mpi_random( mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Compute the greatest common divisor: G = gcd(A, B)
- *
- * \param G The destination MPI. This must point to an initialized MPI.
- * \param A The first operand. This must point to an initialized MPI.
- * \param B The second operand. This must point to an initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
-
-/**
- * \brief Compute the modular inverse: X = A^-1 mod N
- *
- * \param X The destination MPI. This must point to an initialized MPI.
- * \param A The MPI to calculate the modular inverse of. This must point
- * to an initialized MPI.
- * \param N The base of the modular inversion. This must point to an
- * initialized MPI.
- *
- * \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
- * or equal to one.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
- * with respect to \p N.
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *N );
-
-/**
- * \brief Miller-Rabin primality test.
- *
- * \warning If \p X is potentially generated by an adversary, for example
- * when validating cryptographic parameters that you didn't
- * generate yourself and that are supposed to be prime, then
- * \p rounds should be at least the half of the security
- * strength of the cryptographic algorithm. On the other hand,
- * if \p X is chosen uniformly or non-adversarially (as is the
- * case when mbedtls_mpi_gen_prime calls this function), then
- * \p rounds can be much lower.
- *
- * \param X The MPI to check for primality.
- * This must point to an initialized MPI.
- * \param rounds The number of bases to perform the Miller-Rabin primality
- * test for. The probability of returning 0 on a composite is
- * at most 2-2*\p rounds .
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, i.e. \p X is probably prime.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-/**
- * \brief Flags for mbedtls_mpi_gen_prime()
- *
- * Each of these flags is a constraint on the result X returned by
- * mbedtls_mpi_gen_prime().
- */
-typedef enum {
- MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
- MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */
-} mbedtls_mpi_gen_prime_flag_t;
-
-/**
- * \brief Generate a prime number.
- *
- * \param X The destination MPI to store the generated prime in.
- * This must point to an initialized MPi.
- * \param nbits The required size of the destination MPI in bits.
- * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
- * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't use
- * a context parameter.
- *
- * \return \c 0 if successful, in which case \p X holds a
- * probably prime number.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
- * \c 3 and #MBEDTLS_MPI_MAX_BITS.
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/cipher.h b/ext/oberon/psa/core/include/mbedtls/cipher.h
deleted file mode 100644
index 151da1d83ef1..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/cipher.h
+++ /dev/null
@@ -1,1166 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief This file contains an abstraction interface for use with the cipher
- * primitives provided by the library. It provides a common interface to all of
- * the available cipher operations.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
-/** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
-/** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
-/** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
-/** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported cipher types.
- *
- * \warning DES is considered weak cipher and its use
- * constitutes a security risk. Arm recommends considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
- MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
- MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
- MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
- MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
- MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
-} mbedtls_cipher_id_t;
-
-/**
- * \brief Supported {cipher type, cipher mode} pairs.
- *
- * \warning DES is considered weak cipher and its use
- * constitutes a security risk. Arm recommends considering stronger
- * ciphers instead.
- */
-typedef enum {
- MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
- MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
- MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
- MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
- MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
- MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
- MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
- MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */
- MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
- MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
- MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
- MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
- MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
- MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
- MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
- MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
- MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
- MBEDTLS_OPERATION_NONE = -1,
- MBEDTLS_DECRYPT = 0,
- MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
- /** Undefined key length. */
- MBEDTLS_KEY_LENGTH_NONE = 0,
- /** Key length, in bits (including parity), for DES keys. */
- MBEDTLS_KEY_LENGTH_DES = 64,
- /** Key length in bits, including parity, for DES in two-key EDE. */
- MBEDTLS_KEY_LENGTH_DES_EDE = 128,
- /** Key length in bits, including parity, for DES in three-key EDE. */
- MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_IV_LENGTH 16
-
-/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH 16
-
-/** Maximum key length, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in library/ssl_misc.h, which however deliberately ignores the case of XTS
- * since the latter isn't used in SSL/TLS. */
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH 64
-#else
-#define MBEDTLS_MAX_KEY_LENGTH 32
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- *
- * \note The library does not support custom cipher info structures,
- * only built-in structures returned by the functions
- * mbedtls_cipher_info_from_string(),
- * mbedtls_cipher_info_from_type(),
- * mbedtls_cipher_info_from_values(),
- * mbedtls_cipher_info_from_psa().
- */
-typedef struct mbedtls_cipher_info_t
-{
- /** Full cipher identifier. For example,
- * MBEDTLS_CIPHER_AES_256_CBC.
- */
- mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
-
- /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
-
- /** The cipher key length, in bits. This is the
- * default length for variable sized ciphers.
- * Includes parity bits for ciphers like DES.
- */
- unsigned int MBEDTLS_PRIVATE(key_bitlen);
-
- /** Name of the cipher. */
- const char * MBEDTLS_PRIVATE(name);
-
- /** IV or nonce size, in Bytes.
- * For ciphers that accept variable IV sizes,
- * this is the recommended size.
- */
- unsigned int MBEDTLS_PRIVATE(iv_size);
-
- /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
- * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
- * cipher supports variable IV or variable key sizes, respectively.
- */
- int MBEDTLS_PRIVATE(flags);
-
- /** The block size, in Bytes. */
- unsigned int MBEDTLS_PRIVATE(block_size);
-
- /** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
-
-} mbedtls_cipher_info_t;
-
-/**
- * Generic cipher context.
- */
-typedef struct mbedtls_cipher_context_t
-{
- /** Information about the associated cipher. */
- const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
-
- /** Key length to use. */
- int MBEDTLS_PRIVATE(key_bitlen);
-
- /** Operation that the key of the context has been
- * initialized for.
- */
- mbedtls_operation_t MBEDTLS_PRIVATE(operation);
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /** Padding functions to use, if relevant for
- * the specific cipher mode.
- */
- void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
- int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
-#endif
-
- /** Buffer for input that has not been processed yet. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
-
- /** Number of Bytes that have not been processed yet. */
- size_t MBEDTLS_PRIVATE(unprocessed_len);
-
- /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
- * for XTS-mode. */
- unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
-
- /** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t MBEDTLS_PRIVATE(iv_size);
-
- /** The cipher-specific context. */
- void *MBEDTLS_PRIVATE(cipher_ctx);
-
-#if defined(MBEDTLS_CMAC_C)
- /** CMAC-specific context. */
- mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /** Indicates whether the cipher operations should be performed
- * by Mbed TLS' own crypto library or an external implementation
- * of the PSA Crypto API.
- * This is unset if the cipher context was established through
- * mbedtls_cipher_setup(), and set if it was established through
- * mbedtls_cipher_setup_psa().
- */
- unsigned char MBEDTLS_PRIVATE(psa_enabled);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported
- * by the generic cipher module.
- *
- * For any cipher identifier in the returned list, you can
- * obtain the corresponding generic cipher information structure
- * via mbedtls_cipher_info_from_type(), which can then be used
- * to prepare a cipher context via mbedtls_cipher_setup().
- *
- *
- * \return A statically-allocated array of cipher identifiers
- * of type cipher_type_t. The last entry is zero.
- */
-const int *mbedtls_cipher_list( void );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher name.
- *
- * \param cipher_name Name of the cipher to search for. This must not be
- * \c NULL.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_name.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher type.
- *
- * \param cipher_type Type of the cipher to search for.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_type.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
-
-/**
- * \brief This function retrieves the cipher-information
- * structure associated with the given cipher ID,
- * key size and mode.
- *
- * \param cipher_id The ID of the cipher to search for. For example,
- * #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen The length of the key in bits.
- * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return The cipher information structure associated with the
- * given \p cipher_id.
- * \return \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode );
-
-/**
- * \brief Retrieve the identifier for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
- * \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( MBEDTLS_CIPHER_NONE );
- else
- return( info->MBEDTLS_PRIVATE(type) );
-}
-
-/**
- * \brief Retrieve the operation mode for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher mode (\c MBEDTLS_MODE_xxx).
- * \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( MBEDTLS_MODE_NONE );
- else
- return( info->MBEDTLS_PRIVATE(mode) );
-}
-
-/**
- * \brief Retrieve the key size for a cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The key length in bits.
- * For variable-sized ciphers, this is the default length.
- * For DES, this includes the parity bits.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_key_bitlen(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
- else
- return( info->MBEDTLS_PRIVATE(key_bitlen) );
-}
-
-/**
- * \brief Retrieve the human-readable name for a
- * cipher info structure.
- *
- * \param[in] info The cipher info structure to query.
- * This may be \c NULL.
- *
- * \return The cipher name, which is a human readable string,
- * with static storage duration.
- * \return \c NULL if \c info is \p NULL.
- */
-static inline const char *mbedtls_cipher_info_get_name(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( NULL );
- else
- return( info->MBEDTLS_PRIVATE(name) );
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * for the cipher info structure, in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The recommended IV size.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_iv_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( (size_t) info->MBEDTLS_PRIVATE(iv_size) );
-}
-
-/**
- * \brief This function returns the block size of the given
- * cipher info structure in bytes.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return The block size of the cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p info is \c NULL.
- */
-static inline size_t mbedtls_cipher_info_get_block_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( (size_t) info->MBEDTLS_PRIVATE(block_size) );
-}
-
-/**
- * \brief This function returns a non-zero value if the key length for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the key length is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_key_bitlen(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN );
-}
-
-/**
- * \brief This function returns a non-zero value if the IV size for
- * the given cipher is variable.
- *
- * \param info The cipher info structure. This may be \c NULL.
- *
- * \return Non-zero if the IV size is variable, \c 0 otherwise.
- * \return \c 0 if the given pointer is \c NULL.
- */
-static inline int mbedtls_cipher_info_has_variable_iv_size(
- const mbedtls_cipher_info_t *info )
-{
- if( info == NULL )
- return( 0 );
-
- return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN );
-}
-
-/**
- * \brief This function initializes a \p cipher_context as NONE.
- *
- * \param ctx The context to be initialized. This must not be \c NULL.
- */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief This function frees and clears the cipher-specific
- * context of \p ctx. Freeing \p ctx itself remains the
- * responsibility of the caller.
- *
- * \param ctx The context to be freed. If this is \c NULL, the
- * function has no effect, otherwise this must point to an
- * initialized context.
- */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
-
-/**
- * \brief This function prepares a cipher context for
- * use with the given cipher primitive.
- *
- * \note After calling this function, you should call
- * mbedtls_cipher_setkey() and, if the mode uses padding,
- * mbedtls_cipher_set_padding_mode(), then for each
- * message to encrypt or decrypt with this key, either:
- * - mbedtls_cipher_crypt() for one-shot processing with
- * non-AEAD modes;
- * - mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() for one-shot
- * processing with AEAD modes or NIST_KW;
- * - for multi-part processing, see the documentation of
- * mbedtls_cipher_reset().
- *
- * \param ctx The context to prepare. This must be initialized by
- * a call to mbedtls_cipher_init() first.
- * \param cipher_info The cipher to use.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief This function initializes a cipher context for
- * PSA-based use with the given cipher primitive.
- *
- * \deprecated This function is deprecated and will be removed in a
- * future version of the library.
- * Please use psa_aead_xxx() / psa_cipher_xxx() directly
- * instead.
- *
- * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
- *
- * \param ctx The context to initialize. May not be \c NULL.
- * \param cipher_info The cipher to use.
- * \param taglen For AEAD ciphers, the length in bytes of the
- * authentication tag to use. Subsequent uses of
- * mbedtls_cipher_auth_encrypt_ext() or
- * mbedtls_cipher_auth_decrypt_ext() must provide
- * the same tag length.
- * For non-AEAD ciphers, the value must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context fails.
- */
-int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info, size_t taglen );
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief This function returns the block size of the given cipher
- * in bytes.
- *
- * \param ctx The context of the cipher.
- *
- * \return The block size of the underlying cipher.
- * \return \c 1 if the cipher is a stream cipher.
- * \return \c 0 if \p ctx has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
-}
-
-/**
- * \brief This function returns the mode of operation for
- * the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The mode of operation.
- * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_MODE_NONE;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
-}
-
-/**
- * \brief This function returns the size of the IV or nonce
- * of the cipher, in Bytes.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The recommended IV size if no IV has been set.
- * \return \c 0 for ciphers not using an IV or a nonce.
- * \return The actual size if an IV has been set.
- */
-static inline int mbedtls_cipher_get_iv_size(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
- return (int) ctx->MBEDTLS_PRIVATE(iv_size);
-
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
-}
-
-/**
- * \brief This function returns the type of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of the cipher.
- * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_CIPHER_NONE;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
-}
-
-/**
- * \brief This function returns the name of the given cipher
- * as a string.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The name of the cipher.
- * \return NULL if \p ctx has not been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return 0;
-
- return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
-}
-
-/**
- * \brief This function returns the key length of the cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The key length of the cipher in bits.
- * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
- * initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_KEY_LENGTH_NONE;
-
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
-}
-
-/**
- * \brief This function returns the operation of the given cipher.
- *
- * \param ctx The context of the cipher. This must be initialized.
- *
- * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
- const mbedtls_cipher_context_t *ctx )
-{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
- return MBEDTLS_OPERATION_NONE;
-
- return ctx->MBEDTLS_PRIVATE(operation);
-}
-
-/**
- * \brief This function sets the key to use with the given context.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param key The key to use. This must be a readable buffer of at
- * least \p key_bitlen Bits.
- * \param key_bitlen The key length to use, in Bits.
- * \param operation The operation that the key will be used for:
- * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation );
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief This function sets the padding mode, for cipher modes
- * that use padding.
- *
- * The default passing mode is PKCS7 padding.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param mode The padding mode.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- * if the selected padding mode is not supported.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- * does not support padding.
- */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode );
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief This function sets the initialization vector (IV)
- * or nonce.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, this function has no effect.
- *
- * \note For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
- * be 12, and the initial counter value is 0.
- *
- * \note For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
- * must be 12.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a cipher information structure.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
- * must be a readable buffer of at least \p iv_len Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size IV.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len );
-
-/**
- * \brief This function resets the cipher state.
- *
- * \note With non-AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update() one or more times
- * 4. mbedtls_cipher_finish()
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \note With AEAD ciphers, the order of calls for each message
- * is as follows:
- * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
- * 2. mbedtls_cipher_reset()
- * 3. mbedtls_cipher_update_ad()
- * 4. mbedtls_cipher_update() one or more times
- * 5. mbedtls_cipher_finish()
- * 6. mbedtls_cipher_check_tag() (for decryption) or
- * mbedtls_cipher_write_tag() (for encryption).
- * .
- * This sequence can be repeated to encrypt or decrypt multiple
- * messages with the same key.
- *
- * \param ctx The generic cipher context. This must be bound to a key.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function adds additional data for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param ad The additional data to use. This must be a readable
- * buffer of at least \p ad_len Bytes.
- * \param ad_len The length of \p ad in Bytes.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic cipher update function. It encrypts or
- * decrypts using the given cipher context. Writes as
- * many block-sized blocks of data as possible to output.
- * Any data that cannot be written immediately is either
- * added to the next block, or flushed when
- * mbedtls_cipher_finish() is called.
- * Exception: For MBEDTLS_MODE_ECB, expects a single block
- * in size. For example, 16 Bytes for AES.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- * unsupported mode for a cipher.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input,
- size_t ilen, unsigned char *output,
- size_t *olen );
-
-/**
- * \brief The generic cipher finalization function. If data still
- * needs to be flushed from an incomplete block, the data
- * contained in it is padded to the size of
- * the last block, and written to the \p output buffer.
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key.
- * \param output The buffer to write data to. This needs to be a writable
- * buffer of at least \p block_size Bytes.
- * \param olen The length of the data written to the \p output buffer.
- * This may not be \c NULL.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief This function writes a tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized,
- * bound to a key, and have just completed a cipher
- * operation through mbedtls_cipher_finish() the tag for
- * which should be written.
- * \param tag The buffer to write the tag to. This must be a writable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to write.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len );
-
-/**
- * \brief This function checks the tag for AEAD ciphers.
- * Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called after mbedtls_cipher_finish().
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param tag The buffer holding the tag. This must be a readable
- * buffer of at least \p tag_len Bytes.
- * \param tag_len The length of the tag to check.
- *
- * \return \c 0 on success.
- * \return A specific error code on failure.
- */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief The generic all-in-one encryption/decryption function,
- * for all ciphers except AEAD constructs.
- *
- * \param ctx The generic cipher context. This must be initialized.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * This must be a readable buffer of at least \p iv_len
- * Bytes.
- * \param iv_len The IV length for ciphers with variable-size IV.
- * This parameter is discarded by ciphers with fixed-size
- * IV.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The buffer for the output data. This must be able to
- * hold at least `ilen + block_size`. This must not be the
- * same buffer as \p input.
- * \param olen The length of the output data, to be updated with the
- * actual number of Bytes written. This must not be
- * \c NULL.
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- * expecting a full block but not receiving one.
- * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note For AEAD modes, the tag will be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * must not be \c NULL.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen + \p tag_len.
- * For NIST_KW, this must be at least \p ilen + 8
- * (rounded up to a multiple of 8 if KWP is used);
- * \p ilen + 15 is always a safe value.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The desired length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
-
-/**
- * \brief The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note If the data is not authentic, then the output buffer
- * is zeroed out to prevent the unauthentic plaintext being
- * used, making this interface safer.
- *
- * \note For AEAD modes, the tag must be appended to the
- * ciphertext, as recommended by RFC 5116.
- * (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx The generic cipher context. This must be initialized and
- * bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv The nonce to use. This must be a readable buffer of
- * at least \p iv_len Bytes and may be \c NULL if \p
- * iv_len is \c 0.
- * \param iv_len The length of the nonce. For AEAD ciphers, this must
- * satisfy the constraints imposed by the cipher used.
- * For NIST_KW, this must be \c 0.
- * \param ad The additional data to authenticate. This must be a
- * readable buffer of at least \p ad_len Bytes, and may
- * be \c NULL is \p ad_len is \c 0.
- * \param ad_len The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input The buffer holding the input data. This must be a
- * readable buffer of at least \p ilen Bytes, and may be
- * \c NULL if \p ilen is \c 0.
- * \param ilen The length of the input data. For AEAD ciphers this
- * must be at least \p tag_len. For NIST_KW this must be
- * at least \c 8.
- * \param output The buffer for the output data. This must be a
- * writable buffer of at least \p output_len Bytes, and
- * may be \c NULL if \p output_len is \c 0.
- * \param output_len The length of the \p output buffer in Bytes. For AEAD
- * ciphers, this must be at least \p ilen - \p tag_len.
- * For NIST_KW, this must be at least \p ilen - 8.
- * \param olen This will be filled with the actual number of Bytes
- * written to the \p output buffer. This must point to a
- * writable object of type \c size_t.
- * \param tag_len The actual length of the authentication tag. For AEAD
- * ciphers, this must match the constraints imposed by
- * the cipher used, and in particular must not be \c 0.
- * For NIST_KW, this must be \c 0.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- * parameter-verification failure.
- * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/config_psa.h b/ext/oberon/psa/core/include/mbedtls/config_psa.h
index ee2a59cc5c0b..6d465241e61a 100644
--- a/ext/oberon/psa/core/include/mbedtls/config_psa.h
+++ b/ext/oberon/psa/core/include/mbedtls/config_psa.h
@@ -34,820 +34,22 @@
#ifndef MBEDTLS_CONFIG_PSA_H
#define MBEDTLS_CONFIG_PSA_H
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "psa/crypto_driver_config.h"
-#include "oberon_config.h"
-#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
-#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-/****************************************************************/
-/* De facto synonyms */
-/****************************************************************/
-
-#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
-#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
-#endif
+#include "psa/crypto_legacy.h"
-#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
-#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
-#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
-#endif
-
-
-
-/****************************************************************/
-/* Require built-in implementations based on PSA requirements */
-/****************************************************************/
+#include "psa/crypto_adjust_config_synonyms.h"
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
-
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
-
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
-
-#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
-#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
-
-#if defined(PSA_WANT_ALG_HKDF_EXPAND)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
-#endif /* PSA_WANT_ALG_HKDF_EXPAND */
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
-
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECJPAKE_C
-#endif /* PSA_WANT_ALG_JPAKE */
-
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
-
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-
-#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
-#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_GENPRIME
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-
-/* If any of the block modes are requested that don't have an
- * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
- * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
- (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
- (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
- (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
-
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#define MBEDTLS_ARIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_ARIA */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-
-/* If any of the software block ciphers are selected, define
- * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
- * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
-
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
-
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
-
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
-
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_CHACHA20_C
-#define MBEDTLS_POLY1305_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
- */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
-
-/****************************************************************/
-/* Infer PSA requirements from Mbed TLS capabilities */
-/****************************************************************/
-
-#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
-/*
- * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
- * is not defined
- */
-
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
-
-// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
-
-/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
- * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
- * PSA HKDF is enabled, so enable both algorithms together
- * with PSA HKDF. */
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#define PSA_WANT_ALG_HKDF_EXTRACT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#define PSA_WANT_ALG_HKDF_EXPAND 1
-#endif /* MBEDTLS_HKDF_C */
-
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define PSA_WANT_ALG_JPAKE 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
-
-/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
+/* Require built-in implementations based on PSA requirements */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
+/* We need this to have a complete list of requirements
+ * before we deduce what built-ins are required. */
+#include "psa/crypto_adjust_config_key_pair_types.h"
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
-/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+#include "psa/crypto_adjust_auto_enabled.h"
-#ifdef __cplusplus
-}
-#endif
+#include "psa/crypto_driver_config.h"
#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/constant_time.h b/ext/oberon/psa/core/include/mbedtls/constant_time.h
deleted file mode 100644
index fb1f7e98ea6c..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/constant_time.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Constant-time functions
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_H
-#define MBEDTLS_CONSTANT_TIME_H
-
-#include
-
-
-/** Constant-time buffer comparison without branches.
- *
- * This is equivalent to the standard memcmp function, but is likely to be
- * compiled to code using bitwise operation rather than a branch.
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param a Pointer to the first buffer.
- * \param b Pointer to the second buffer.
- * \param n The number of bytes to compare in the buffer.
- *
- * \return Zero if the content of the two buffer is the same,
- * otherwise non-zero.
- */
-int mbedtls_ct_memcmp( const void *a,
- const void *b,
- size_t n );
-
-#endif /* MBEDTLS_CONSTANT_TIME_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/ctr_drbg.h b/ext/oberon/psa/core/include/mbedtls/ctr_drbg.h
deleted file mode 100644
index 2b66b534a21f..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/ctr_drbg.h
+++ /dev/null
@@ -1,579 +0,0 @@
-/**
- * \file ctr_drbg.h
- *
- * \brief This file contains definitions and functions for the
- * CTR_DRBG pseudorandom generator.
- *
- * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
- * in counter mode operation, as defined in NIST SP 800-90A:
- * Recommendation for Random Number Generation Using Deterministic Random
- * Bit Generators.
- *
- * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
- * as the underlying block cipher, with a derivation function.
- *
- * The security strength as defined in NIST SP 800-90A is
- * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
- * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in mbedtls_config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CTR_DRBG_H
-#define MBEDTLS_CTR_DRBG_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/aes.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
-/** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
-/** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
-/** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
-
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
-
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE 16
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 16 bytes (128 bits)
- * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
- */
-#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 32 bytes (256 bits)
- * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
- */
-#endif
-
-#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them using the compiler command
- * line.
- * \{
- */
-
-/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
- *
- * \brief The amount of entropy used per seed by default, in bytes.
- */
-#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-/** This is 48 bytes because the entropy module uses SHA-512
- * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
-
-#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-
-/** This is 32 bytes because the entropy module uses SHA-256
- * (the SHA512 module is disabled or
- * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
- */
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-/** \warning To achieve a 256-bit security strength, you must pass a nonce
- * to mbedtls_ctr_drbg_seed().
- */
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
-#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
-
-#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
-/**< The interval before reseed is performed by default. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
-/**< The maximum number of additional input Bytes. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
-/**< The maximum number of requested Bytes per call. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
-/**< The maximum size of seed or reseed buffer in bytes. */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_CTR_DRBG_PR_OFF 0
-/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON 1
-/**< Prediction resistance is enabled. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
-/** The default length of the nonce read from the entropy source.
- *
- * This is \c 0 because a single read from the entropy source is sufficient
- * to include a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
-#else
-/** The default length of the nonce read from the entropy source.
- *
- * This is half of the default entropy length because a single read from
- * the entropy source does not provide enough material to form a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
-#endif
-
-/**
- * \brief The CTR_DRBG context structure.
- */
-typedef struct mbedtls_ctr_drbg_context
-{
- unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
- * This is the number of requests that have
- * been made since the last (re)seeding,
- * minus one.
- * Before the initial seeding, this field
- * contains the amount of entropy in bytes
- * to use as a nonce for the initial seeding,
- * or -1 if no nonce length has been explicitly
- * set (see mbedtls_ctr_drbg_set_nonce_len()).
- */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
- resistance is enabled, that is
- whether to systematically reseed before
- each random generation. */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
- seed or reseed operation, in bytes. */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
- * This is the maximum number of requests
- * that can be made between reseedings. */
-
- mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
-
- /*
- * Callbacks (Entropy)
- */
- int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
- /*!< The entropy callback function. */
-
- void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
-
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
- * This means that the mutex is initialized during the initial seeding
- * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
- *
- * Note that this invariant may change without notice. Do not rely on it
- * and do not access the mutex directly in application code.
- */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
-#endif
-}
-mbedtls_ctr_drbg_context;
-
-/**
- * \brief This function initializes the CTR_DRBG context,
- * and prepares it for mbedtls_ctr_drbg_seed()
- * or mbedtls_ctr_drbg_free().
- *
- * \note The reseed interval is
- * #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
- * You can override it by calling
- * mbedtls_ctr_drbg_set_reseed_interval().
- *
- * \param ctx The CTR_DRBG context to initialize.
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief This function seeds and sets up the CTR_DRBG
- * entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- * with mbedtls_entropy_init() (which registers the platform's default
- * entropy sources).
- *
- * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
- * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
- *
- * The entropy nonce length is:
- * - \c 0 if the entropy length is at least 3/2 times the entropy length,
- * which guarantees that the security strength is the maximum permitted
- * by the key size and entropy length according to NIST SP 800-90A §10.2.1;
- * - Half the entropy length otherwise.
- * You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
- * With the default entropy length, the entropy nonce length is
- * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
- *
- * You can provide a nonce and personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- * See SP 800-90A §8.6.7 for more details about nonces.
- *
- * The _seed_material_ value passed to the derivation function in
- * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
- * is the concatenation of the following strings:
- * - A string obtained by calling \p f_entropy function for the entropy
- * length.
- */
-#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
-/**
- * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
- * obtained by calling \p f_entropy function for the specified length.
- */
-#else
-/**
- * - A string obtained by calling \p f_entropy function for the entropy nonce
- * length. If the entropy nonce length is \c 0, this function does not
- * make a second call to \p f_entropy.
- */
-#endif
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * after this function returns successfully,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * - The \p custom string.
- *
- * \note To achieve the nominal security strength permitted
- * by CTR_DRBG, the entropy length must be:
- * - at least 16 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 32 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * In addition, if you do not pass a nonce in \p custom,
- * the sum of the entropy length
- * and the entropy nonce length must be:
- * - at least 24 bytes for a 128-bit strength
- * (maximum achievable strength when using AES-128);
- * - at least 48 bytes for a 256-bit strength
- * (maximum achievable strength when using AES-256).
- *
- * \param ctx The CTR_DRBG context to seed.
- * It must have been initialized with
- * mbedtls_ctr_drbg_init().
- * After a successful call to mbedtls_ctr_drbg_seed(),
- * you may not call mbedtls_ctr_drbg_seed() again on
- * the same context unless you call
- * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
- * again first.
- * After a failed call to mbedtls_ctr_drbg_seed(),
- * you must call mbedtls_ctr_drbg_free().
- * \param f_entropy The entropy callback, taking as arguments the
- * \p p_entropy context, the buffer to fill, and the
- * length of the buffer.
- * \p f_entropy is always called with a buffer size
- * less than or equal to the entropy length.
- * \param p_entropy The entropy context to pass to \p f_entropy.
- * \param custom The personalization string.
- * This can be \c NULL, in which case the personalization
- * string is empty regardless of the value of \p len.
- * \param len The length of the personalization string.
- * This must be at most
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
-
-/**
- * \brief This function resets CTR_DRBG context to the state immediately
- * after initial call of mbedtls_ctr_drbg_init().
- *
- * \param ctx The CTR_DRBG context to clear.
- */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief This function turns prediction resistance on or off.
- * The default value is off.
- *
- * \note If enabled, entropy is gathered at the beginning of
- * every call to mbedtls_ctr_drbg_random_with_add()
- * or mbedtls_ctr_drbg_random().
- * Only use this if your entropy source has sufficient
- * throughput.
- *
- * \param ctx The CTR_DRBG context.
- * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
- */
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
- int resistance );
-
-/**
- * \brief This function sets the amount of entropy grabbed on each
- * seed or reseed.
- *
- * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \note The security strength of CTR_DRBG is bounded by the
- * entropy length. Thus:
- * - When using AES-256
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
- * which is the default),
- * \p len must be at least 32 (in bytes)
- * to achieve a 256-bit strength.
- * - When using AES-128
- * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
- * \p len must be at least 16 (in bytes)
- * to achieve a 128-bit strength.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- */
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
-
-/**
- * \brief This function sets the amount of entropy grabbed
- * as a nonce for the initial seeding.
- *
- * Call this function before calling mbedtls_ctr_drbg_seed() to read
- * a nonce from the entropy source during the initial seeding.
- *
- * \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab for the nonce, in bytes.
- * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- * and at most the maximum length accepted by the
- * entropy function that is set in the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
- * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
- * if the initial seeding has already taken place.
- */
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
-
-/**
- * \brief This function sets the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
- * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
- *
- * \param ctx The CTR_DRBG context.
- * \param interval The reseed interval.
- */
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
- int interval );
-
-/**
- * \brief This function reseeds the CTR_DRBG context, that is
- * extracts data from the entropy source.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional Additional data to add to the state. Can be \c NULL.
- * \param len The length of the additional data.
- * This must be less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len );
-
-/**
- * \brief This function updates the state of the CTR_DRBG context.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with. This must not be
- * \c NULL unless \p add_len is \c 0.
- * \param add_len Length of \p additional in bytes. This must be at
- * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
- * \p add_len is more than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return An error from the underlying AES cipher on failure.
- */
-int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
-
-/**
- * \brief This function updates a CTR_DRBG instance with additional
- * data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note This function is not thread-safe. It is not safe
- * to call this function if another thread might be
- * concurrently obtaining random numbers from the same
- * context or updating or reseeding the same context.
- *
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- * \param additional Additional data to update. Can be \c NULL, in which
- * case the additional data is empty regardless of
- * the value of \p add_len.
- * \param add_len The length of the additional data
- * if \p additional is not \c NULL.
- * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
- * and less than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- * where \c entropy_len is the entropy length
- * configured for the context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len );
-
-/**
- * \brief This function uses CTR_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note When Mbed TLS is built with threading support,
- * it is safe to call mbedtls_ctr_drbg_random()
- * from multiple threads. Other operations, including
- * reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng The CTR_DRBG context. This must be a pointer to a
- * #mbedtls_ctr_drbg_context structure.
- * \param output The buffer to fill.
- * \param output_len The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function writes a seed file.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
- * failure.
- */
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-
-/**
- * \brief This function reads and updates a seed file. The seed
- * is added to this instance.
- *
- * \param ctx The CTR_DRBG context.
- * \param path The name of the file.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- * reseed failure.
- * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
- * seed file is too large.
- */
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The CTR_DRBG checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ctr_drbg_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ctr_drbg.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/ecdsa.h b/ext/oberon/psa/core/include/mbedtls/ecdsa.h
deleted file mode 100644
index 967f07b9b51b..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/ecdsa.h
+++ /dev/null
@@ -1,504 +0,0 @@
-/**
- * \file ecdsa.h
- *
- * \brief This file contains ECDSA definitions and functions.
- *
- * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- * Standards for Efficient Cryptography Group (SECG):
- * SEC1 Elliptic Curve Cryptography.
- * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve
- * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ECDSA_H
-#define MBEDTLS_ECDSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-/**
- * \brief Maximum ECDSA signature size for a given curve bit size
- *
- * \param bits Curve size in bits
- * \return Maximum signature size in bytes
- *
- * \note This macro returns a compile-time constant if its argument
- * is one. It may evaluate its argument multiple times.
- */
-/*
- * Ecdsa-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER
- * }
- *
- * For each of r and s, the value (V) may include an extra initial "0" bit.
- */
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
- ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
- /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
- /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
-
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief The ECDSA context structure.
- *
- * \warning Performing multiple operations concurrently on the same
- * ECDSA context is not supported; objects of this type
- * should not be shared between multiple threads.
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for ecdsa_verify()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
-
-/**
- * \brief Internal restart context for ecdsa_sign()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief Internal restart context for ecdsa_sign_det()
- *
- * \note Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
-
-/**
- * \brief General context for resuming ECDSA operations
- */
-typedef struct
-{
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
- shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
-#endif
-} mbedtls_ecdsa_restart_ctx;
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_ecdsa_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function checks whether a given group can be used
- * for ECDSA.
- *
- * \param gid The ECP group ID to check.
- *
- * \return \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
-
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message.
- *
- * \note The deterministic version implemented in
- * mbedtls_ecdsa_sign_det_ext() is usually preferred.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated
- * as defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized.
- * \param buf The content to be signed. This is usually the hash of
- * the original data to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX
- * or \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief This function computes the ECDSA signature of a
- * previously-hashed message, deterministic version.
- *
- * For more information, see RFC-6979: Deterministic
- * Usage of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param grp The context for the elliptic curve to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param r The MPI context in which to store the first part
- * the signature. This must be initialized.
- * \param s The MPI context in which to store the second part
- * the signature. This must be initialized.
- * \param d The private signing key. This must be initialized
- * and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf The hashed content to be signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param md_alg The hash algorithm used to hash the original data.
- * \param f_rng_blind The RNG function used for blinding. This must not be
- * \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief This function verifies the ECDSA signature of a
- * previously-hashed message.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param buf The hashed content that was signed. This must be a readable
- * buffer of length \p blen Bytes. It may be \c NULL if
- * \p blen is zero.
- * \param blen The length of \p buf in Bytes.
- * \param Q The public key to use for verification. This must be
- * initialized and setup.
- * \param r The first integer of the signature.
- * This must be initialized.
- * \param s The second integer of the signature.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure.
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
- const mbedtls_mpi *s);
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, serialized as defined in RFC-4492:
- * Elliptic Curve Cryptography (ECC) Cipher Suites for
- * Transport Layer Security (TLS).
- *
- * \warning It is not thread-safe to use the same context in
- * multiple threads.
- *
- * \note The deterministic version is used if
- * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
- * information, see RFC-6979: Deterministic Usage
- * of the Digital Signature Algorithm (DSA) and Elliptic
- * Curve Digital Signature Algorithm (ECDSA).
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.3, step 5.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is used only for blinding and may be set to \c NULL, but
- * doing so is DEPRECATED.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function computes the ECDSA signature and writes it
- * to a buffer, in a restartable way.
- *
- * \see \c mbedtls_ecdsa_write_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_write_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and private key bound to it, for example
- * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
- * \param hlen The length of the hash \p hash in Bytes.
- * \param sig The buffer to which to write the signature. This must be a
- * writable buffer of length at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param slen The address at which to store the actual length of
- * the signature written. Must not be \c NULL.
- * \param f_rng The RNG function. This must not be \c NULL if
- * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- * it is unused and may be set to \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't use a context.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-/**
- * \brief This function reads and verifies an ECDSA signature.
- *
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography, section
- * 4.1.4, step 3.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen );
-
-/**
- * \brief This function reads and verifies an ECDSA signature,
- * in a restartable way.
- *
- * \see \c mbedtls_ecdsa_read_signature()
- *
- * \note This function is like \c mbedtls_ecdsa_read_signature()
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx The ECDSA context to use. This must be initialized
- * and have a group and public key bound to it.
- * \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
- * \param hlen The size of the hash \p hash.
- * \param sig The signature to read and verify. This must be a readable
- * buffer of length \p slen Bytes.
- * \param slen The size of \p sig in Bytes.
- * \param rs_ctx The restart context to use. This may be \c NULL to disable
- * restarting. If it is not \c NULL, it must point to an
- * initialized restart context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- * signature in \p sig, but its length is less than \p siglen.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-/**
- * \brief This function generates an ECDSA keypair on the given curve.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to store the keypair in.
- * This must be initialized.
- * \param gid The elliptic curve to use. One of the various
- * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief This function sets up an ECDSA context from an EC key pair.
- *
- * \see ecp.h
- *
- * \param ctx The ECDSA context to setup. This must be initialized.
- * \param key The EC key to use. This must be initialized and hold
- * a private-public key pair or a public key. In the former
- * case, the ECDSA context may be used for signature creation
- * and verification after this call. In the latter case, it
- * may be used for signature verification.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
- const mbedtls_ecp_keypair *key );
-
-/**
- * \brief This function initializes an ECDSA context.
- *
- * \param ctx The ECDSA context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
-
-/**
- * \brief This function frees an ECDSA context.
- *
- * \param ctx The ECDSA context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdsa.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/ecp.h b/ext/oberon/psa/core/include/mbedtls/ecp.h
deleted file mode 100644
index a9bf8a1b86e6..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/ecp.h
+++ /dev/null
@@ -1,1319 +0,0 @@
-/**
- * \file ecp.h
- *
- * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
- *
- * The use of ECP in cryptography and TLS is defined in
- * Standards for Efficient Cryptography Group (SECG): SEC1
- * Elliptic Curve Cryptography and
- * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
- * for Transport Layer Security (TLS).
- *
- * RFC-2409: The Internet Key Exchange (IKE) defines ECP
- * group types.
- *
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_ECP_H
-#define MBEDTLS_ECP_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-
-/*
- * ECP error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
-/** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
-/** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
-/** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
-/** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
-
-/* Flags indicating whether to include code that is specific to certain
- * types of curves. These flags are for internal library use only. */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
- defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Domain-parameter identifiers: curve, subgroup, and generator.
- *
- * \note Only curves over prime fields are supported.
- *
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only standardized domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-/* Note: when adding a new curve:
- * - Add it at the end of this enum, otherwise you'll break the ABI by
- * changing the numerical value for existing curves.
- * - Increment MBEDTLS_ECP_DP_MAX below if needed.
- * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
- * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
- * mbedtls_config.h.
- * - List the curve as a dependency of MBEDTLS_ECP_C and
- * MBEDTLS_ECDSA_C if supported in check_config.h.
- * - Add the curve to the appropriate curve type macro
- * MBEDTLS_ECP_yyy_ENABLED above.
- * - Add the necessary definitions to ecp_curves.c.
- * - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c.
- * - Add the curve to applicable presets in ssl_tls.c.
- */
-typedef enum
-{
- MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
- MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
- MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
- MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
-} mbedtls_ecp_group_id;
-
-/**
- * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- */
-#define MBEDTLS_ECP_DP_MAX 14
-
-/*
- * Curve types
- */
-typedef enum
-{
- MBEDTLS_ECP_TYPE_NONE = 0,
- MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
- MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
-} mbedtls_ecp_curve_type;
-
-/**
- * Curve information, for use by other modules.
- *
- * The fields of this structure are part of the public API and can be
- * accessed directly by applications. Future versions of the library may
- * add extra fields or reorder existing fields.
- */
-typedef struct mbedtls_ecp_curve_info
-{
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief The ECP point structure, in Jacobian coordinates.
- *
- * \note All functions expect and return points satisfying
- * the following condition: Z == 0 or
- * Z == 1. Other values of \p Z are
- * used only by internal functions.
- * The point is zero, or "at infinity", if Z == 0.
- * Otherwise, \p X and \p Y are its standard (affine)
- * coordinates.
- */
-typedef struct mbedtls_ecp_point
-{
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
-
-#if !defined(MBEDTLS_ECP_ALT)
-/*
- * default mbed TLS elliptic curve arithmetic implementation
- *
- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
- * alternative implementation for the whole module and it will replace this
- * one.)
- */
-
-/**
- * \brief The ECP group structure.
- *
- * We consider two types of curve equations:
- * - Short Weierstrass:
y^2 = x^3 + A x + B mod P
- * (SEC1 + RFC-4492)
- * - Montgomery:
y^2 = x^3 + A x^2 + x mod P (Curve25519,
- * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
- *
- * For Short Weierstrass, this subgroup is the whole curve, and its
- * cardinality is denoted by \p N. Our code requires that \p N is an
- * odd prime as mbedtls_ecp_mul() requires an odd number, and
- * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
- *
- * For Montgomery curves, we do not store \p A, but (A + 2) / 4,
- * which is the quantity used in the formulas. Additionally, \p nbits is
- * not the size of \p N but the required size for private keys.
- *
- * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
- *
- * \note Alternative implementations of the ECP module must obey the
- * following constraints.
- * * Group IDs must be distinct: if two group structures have
- * the same ID, then they must be identical.
- * * The fields \c id, \c P, \c A, \c B, \c G, \c N,
- * \c pbits and \c nbits must have the same type and semantics
- * as in the built-in implementation.
- * They must be available for reading, but direct modification
- * of these fields does not need to be supported.
- * They do not need to be at the same offset in the structure.
- */
-typedef struct mbedtls_ecp_group
-{
- mbedtls_ecp_group_id id; /*!< An internal group identifier. */
- mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: (A + 2) / 4. */
- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
- For Montgomery curves: unused. */
- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
- mbedtls_mpi N; /*!< The order of \p G. */
- size_t pbits; /*!< The number of bits in \p P.*/
- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
- For Montgomery curves: the number of bits in the
- private keys. */
- /* End of public fields */
-
- unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
- int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
- mod \p P (see above).*/
- int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
- int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
- mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
- size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
-}
-mbedtls_ecp_group;
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h, or define them using the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields diminishing performance
- * returns.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- * w-size: 6 5 4 3 2
- * 521 145 141 135 120 97
- * 384 214 209 198 177 146
- * 256 320 320 303 262 226
- * 224 475 475 453 398 342
- * 192 640 640 633 587 476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade code size for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes
- * of code size if n < 384 and 8n otherwise.
- *
- * Change this value to 0 to reduce code size.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/** \} name SECTION: Module settings */
-
-#else /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-#if !defined(MBEDTLS_ECP_MAX_BITS)
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#if !defined(MBEDTLS_ECP_C)
-/* Dummy definition to help code that has optional ECP support and
- * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
-#define MBEDTLS_ECP_MAX_BITS 1
-/* Note: the curves must be listed in DECREASING size! */
-#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 448
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
-#else
-#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
-#endif
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief Internal restart context for multiplication
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
-
-/**
- * \brief Internal restart context for ecp_muladd()
- *
- * \note Opaque struct
- */
-typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
-
-/**
- * \brief General context for resuming ECC operations
- */
-typedef struct
-{
- unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
- unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
-} mbedtls_ecp_restart_ctx;
-
-/*
- * Operation counts for restartable functions
- */
-#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
-#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
-#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
-
-/**
- * \brief Internal; for restartable functions in other modules.
- * Check and update basic ops budget.
- *
- * \param grp Group structure
- * \param rs_ctx Restart context
- * \param ops Number of basic ops to do
- *
- * \return \c 0 if doing \p ops basic ops is still allowed,
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
- */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops );
-
-/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
- (unsigned) (ops) ) );
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
-
-/* We want to declare restartable versions of existing functions anyway */
-typedef void mbedtls_ecp_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief The ECP key-pair structure.
- *
- * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
- *
- * \note Members are deliberately in the same order as in the
- * ::mbedtls_ecdsa_context structure.
- */
-typedef struct mbedtls_ecp_keypair
-{
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
-}
-mbedtls_ecp_keypair;
-
-/*
- * Point formats, from RFC 4492's enum ECPointFormat
- */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */
-
-/*
- * Some other constants from RFC 4492
- */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Set the maximum number of basic operations done in a row.
- *
- * If more operations are needed to complete a computation,
- * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the
- * function performing the computation. It is then the
- * caller's responsibility to either call again with the same
- * parameters until it returns 0 or an error code; or to free
- * the restart context if the operation is to be aborted.
- *
- * It is strictly required that all input parameters and the
- * restart context be the same on successive calls for the
- * same operation, but output parameters need not be the
- * same; they must not be used until the function finally
- * returns 0.
- *
- * This only applies to functions whose documentation
- * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- * SSL module). For functions that accept a "restart context"
- * argument, passing NULL disables restart and makes the
- * function equivalent to the function with the same name
- * with \c _restartable removed. For functions in the ECDH
- * module, restart is disabled unless the function accepts
- * an "ECDH context" argument and
- * mbedtls_ecdh_enable_restart() was previously called on
- * that context. For function in the SSL module, restart is
- * only enabled for specific sides and key exchanges
- * (currently only for clients and ECDHE-ECDSA).
- *
- * \param max_ops Maximum number of basic operations done in a row.
- * Default: 0 (unlimited).
- * Lower (non-zero) values mean ECC functions will block for
- * a lesser maximum amount of time.
- *
- * \note A "basic operation" is defined as a rough equivalent of a
- * multiplication in GF(p) for the NIST P-256 curve.
- * As an indication, with default settings, a scalar
- * multiplication (full run of \c mbedtls_ecp_mul()) is:
- * - about 3300 basic operations for P-256
- * - about 9400 basic operations for P-384
- *
- * \note Very low values are not always respected: sometimes
- * functions need to block for a minimum number of
- * operations, and will do so even if max_ops is set to a
- * lower value. That minimum depends on the curve size, and
- * can be made lower by decreasing the value of
- * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the
- * lowest effective value for various curves and values of
- * that parameter (w for short):
- * w=6 w=5 w=4 w=3 w=2
- * P-256 208 208 160 136 124
- * P-384 682 416 320 272 248
- * P-521 1364 832 640 544 496
- *
- * \note This setting is currently ignored by Curve25519.
- */
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
-
-/**
- * \brief Check if restart is enabled (max_ops != 0)
- *
- * \return \c 0 if \c max_ops == 0 (restart disabled)
- * \return \c 1 otherwise (restart enabled)
- */
-int mbedtls_ecp_restart_is_enabled( void );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Get the type of a curve
- */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
-
-/**
- * \brief This function retrieves the information defined in
- * mbedtls_ecp_curve_info() for all supported curves.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array. The last entry is 0.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
-
-/**
- * \brief This function retrieves the list of internal group
- * identifiers of all supported curves in the order of
- * preference.
- *
- * \note This function returns information about all curves
- * supported by the library. Some curves may not be
- * supported for all algorithms. Call mbedtls_ecdh_can_do()
- * or mbedtls_ecdsa_can_do() to check if a curve is
- * supported for ECDH or ECDSA.
- *
- * \return A statically allocated array,
- * terminated with MBEDTLS_ECP_DP_NONE.
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
-
-/**
- * \brief This function retrieves curve information from an internal
- * group identifier.
- *
- * \param grp_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief This function retrieves curve information from a TLS
- * NamedCurve value.
- *
- * \param tls_id An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
-
-/**
- * \brief This function retrieves curve information from a
- * human-readable name.
- *
- * \param name The human-readable name.
- *
- * \return The associated curve information on success.
- * \return NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
-
-/**
- * \brief This function initializes a point as zero.
- *
- * \param pt The point to initialize.
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function initializes an ECP group context
- * without loading any domain parameters.
- *
- * \note After this function is called, domain parameters
- * for various ECP groups can be loaded through the
- * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
- * functions.
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
-
-/**
- * \brief This function initializes a key pair as an invalid one.
- *
- * \param key The key pair to initialize.
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
-
-/**
- * \brief This function frees the components of a point.
- *
- * \param pt The point to free.
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function frees the components of an ECP group.
- *
- * \param grp The group to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP group.
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
-
-/**
- * \brief This function frees the components of a key pair.
- *
- * \param key The key pair to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized ECP key pair.
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context.
- *
- * \param ctx The restart context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context.
- *
- * \param ctx The restart context to free. This may be \c NULL, in which
- * case this function returns immediately. If it is not
- * \c NULL, it must point to an initialized restart context.
- */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief This function copies the contents of point \p Q into
- * point \p P.
- *
- * \param P The destination point. This must be initialized.
- * \param Q The source point. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code for other kinds of failure.
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function copies the contents of group \p src into
- * group \p dst.
- *
- * \param dst The destination group. This must be initialized.
- * \param src The source group. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
- const mbedtls_ecp_group *src );
-
-/**
- * \brief This function sets a point to the point at infinity.
- *
- * \param pt The point to set. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function checks if a point is the point at infinity.
- *
- * \param pt The point to test. This must be initialized.
- *
- * \return \c 1 if the point is zero.
- * \return \c 0 if the point is non-zero.
- * \return A negative error code on failure.
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief This function compares two points.
- *
- * \note This assumes that the points are normalized. Otherwise,
- * they may compare as "not equal" even if they are.
- *
- * \param P The first point to compare. This must be initialized.
- * \param Q The second point to compare. This must be initialized.
- *
- * \return \c 0 if the points are equal.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function imports a non-zero point from two ASCII
- * strings.
- *
- * \param P The destination point. This must be initialized.
- * \param radix The numeric base of the input.
- * \param x The first affine coordinate, as a null-terminated string.
- * \param y The second affine coordinate, as a null-terminated string.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
- const char *x, const char *y );
-
-/**
- * \brief This function exports a point into unsigned binary data.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The point to export. This must be initialized.
- * \param format The point format. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * (For groups without these formats, this parameter is
- * ignored. But it still has to be either of the above
- * values.)
- * \param olen The address at which to store the length of
- * the output in Bytes. This must not be \c NULL.
- * \param buf The output buffer. This must be a writable buffer
- * of length \p buflen Bytes.
- * \param buflen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
- * is too small to hold the point.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- * or the export for the given group is not implemented.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function imports a point from unsigned binary data.
- *
- * \note This function does not check that the point actually
- * belongs to the given group, see mbedtls_ecp_check_pubkey()
- * for that.
- *
- * \param grp The group to which the point should belong.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param P The destination context to import the point to.
- * This must be initialized.
- * \param buf The input buffer. This must be a readable buffer
- * of length \p ilen Bytes.
- * \param ilen The length of the input buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
- * given group is not implemented.
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen );
-
-/**
- * \brief This function imports a point from a TLS ECPoint record.
- *
- * \note On function return, \p *buf is updated to point immediately
- * after the ECPoint record.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The destination point.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the buffer.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization
- * failure.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len );
-
-/**
- * \brief This function exports a point as a TLS ECPoint record
- * defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to be exported. This must be initialized.
- * \param format The point format to use. This must be either
- * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * \param olen The address at which to store the length in Bytes
- * of the data written.
- * \param buf The target buffer. This must be a writable buffer of
- * length \p blen Bytes.
- * \param blen The length of the target buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
- * is too small to hold the exported point.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen );
-
-/**
- * \brief This function sets up an ECP group context
- * from a standardized set of domain parameters.
- *
- * \note The index should be a value of the NamedCurve enum,
- * as defined in RFC-4492: Elliptic Curve Cryptography
- * (ECC) Cipher Suites for Transport Layer Security (TLS),
- * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param id The identifier of the domain parameter set to load.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
- * correspond to a known group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
-
-/**
- * \brief This function sets up an ECP group context from a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The group context to setup. This must be initialized.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len );
-
-/**
- * \brief This function extracts an elliptic curve group ID from a
- * TLS ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note The read pointer \p buf is updated to point right after
- * the ECParameters record on exit.
- *
- * \param grp The address at which to store the group id.
- * This must not be \c NULL.
- * \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the input buffer \c *buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- * recognized.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
- const unsigned char **buf,
- size_t len );
-/**
- * \brief This function exports an elliptic curve as a TLS
- * ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \param grp The ECP group to be exported.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param olen The address at which to store the number of Bytes written.
- * This must not be \c NULL.
- * \param buf The buffer to write to. This must be a writable buffer
- * of length \p blen Bytes.
- * \param blen The length of the output buffer \p buf in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
- * buffer is too small to hold the exported group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
- size_t *olen,
- unsigned char *buf, size_t blen );
-
-/**
- * \brief This function performs a scalar multiplication of a point
- * by an integer: \p R = \p m * \p P.
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note To prevent timing attacks, this function
- * executes the exact same sequence of base-field
- * operations for any valid \p m. It avoids any if-branch or
- * array index depending on the value of \p m. It also uses
- * \p f_rng to randomize some intermediate results.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief This function performs multiplication of a point by
- * an integer: \p R = \p m * \p P in a restartable way.
- *
- * \see mbedtls_ecp_mul()
- *
- * \note This function does the same as \c mbedtls_ecp_mul(), but
- * it can return early and restart according to the limit set
- * with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply. This must be initialized.
- * \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- * key, or \p P is not a valid public key.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx );
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q
- *
- * It is not thread-safe to use same group in multiple threads.
- *
- * \note In contrast to mbedtls_ecp_mul(), this function does not
- * guarantee a constant execution flow and timing.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
-
-/**
- * \brief This function performs multiplication and addition of two
- * points by integers: \p R = \p m * \p P + \p n * \p Q in a
- * restartable way.
- *
- * \see \c mbedtls_ecp_muladd()
- *
- * \note This function works the same as \c mbedtls_ecp_muladd(),
- * but it can return early and restart according to the limit
- * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \note This function is only defined for short Weierstrass curves.
- * It may not be included in builds without any short
- * Weierstrass curve.
- *
- * \param grp The ECP group to use.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param R The point in which to store the result of the calculation.
- * This must be initialized.
- * \param m The integer by which to multiply \p P.
- * This must be initialized.
- * \param P The point to multiply by \p m. This must be initialized.
- * \param n The integer by which to multiply \p Q.
- * This must be initialized.
- * \param Q The point to be multiplied by \p n.
- * This must be initialized.
- * \param rs_ctx The restart context (NULL disables restart).
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- * valid private keys, or \p P or \p Q are not valid public
- * keys.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- * designate a short Weierstrass curve.
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx );
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-/**
- * \brief This function checks that a point is a valid public key
- * on this curve.
- *
- * It only checks that the point is non-zero, has
- * valid coordinates and lies on the curve. It does not verify
- * that it is indeed a multiple of \p G. This additional
- * check is computationally more expensive, is not required
- * by standards, and should not be necessary if the group
- * used has a small cofactor. In particular, it is useless for
- * the NIST groups which all have a cofactor of 1.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure, to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the point should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param pt The point to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid public key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
- * a valid public key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt );
-
-/**
- * \brief This function checks that an \p mbedtls_mpi is a
- * valid private key for this curve.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group the private key should belong to.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The integer to check. This must be initialized.
- *
- * \return \c 0 if the point is a valid private key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
- * private key for the given curve.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d );
-
-/**
- * \brief This function generates a private key.
- *
- * \param grp The ECP group to generate a private key for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part). This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates a keypair with a configurable base
- * point.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param G The base point to use. This must be initialized
- * and belong to \p grp. It replaces the default base
- * point \c grp->G used by mbedtls_ecp_gen_keypair().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates an ECP keypair.
- *
- * \note This function uses bare components rather than an
- * ::mbedtls_ecp_keypair structure to ease use with other
- * structures, such as ::mbedtls_ecdh_context or
- * ::mbedtls_ecdsa_context.
- *
- * \param grp The ECP group to generate a key pair for.
- * This must be initialized and have group parameters
- * set, for example through mbedtls_ecp_group_load().
- * \param d The destination MPI (secret part).
- * This must be initialized.
- * \param Q The destination point (public part).
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
- mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function generates an ECP key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key. This must be initialized.
- * \param f_rng The RNG function to use. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- * on failure.
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief This function reads an elliptic curve private key.
- *
- * \param grp_id The ECP group identifier.
- * \param key The destination key.
- * \param buf The buffer containing the binary representation of the
- * key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
- * \param buflen The length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
- * invalid.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function exports an elliptic curve private key.
- *
- * \param key The private key.
- * \param buf The output buffer for containing the binary representation
- * of the key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
- * \param buflen The total length of the buffer in bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
- representation is larger than the available space in \p buf.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
- * \return Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen );
-
-/**
- * \brief This function checks that the keypair objects
- * \p pub and \p prv have the same group and the
- * same public point, and that the private key in
- * \p prv is consistent with the public key.
- *
- * \param pub The keypair structure holding the public key. This
- * must be initialized. If it contains a private key, that
- * part is ignored.
- * \param prv The keypair structure holding the full keypair.
- * This must be initialized.
- * \param f_rng The RNG function. This must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
- * NULL if \p f_rng doesn't need a context.
- *
- * \return \c 0 on success, meaning that the keys are valid and match.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
- * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
- * error code on calculation failure.
- */
-int mbedtls_ecp_check_pub_priv(
- const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief This function exports generic key-pair parameters.
- *
- * \param key The key pair to export from.
- * \param grp Slot for exported ECP group.
- * It must point to an initialized ECP group.
- * \param d Slot for the exported secret value.
- * It must point to an initialized mpi.
- * \param Q Slot for the exported public value.
- * It must point to an initialized ECP point.
- *
- * \return \c 0 on success,
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
- * correspond to a known group.
- * \return Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
- mbedtls_mpi *d, mbedtls_ecp_point *Q);
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The ECP checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_ecp_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecp.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/entropy.h b/ext/oberon/psa/core/include/mbedtls/entropy.h
deleted file mode 100644
index 14e8b31c7451..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/entropy.h
+++ /dev/null
@@ -1,293 +0,0 @@
-/**
- * \file entropy.h
- *
- * \brief Entropy accumulator implementation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ENTROPY_H
-#define MBEDTLS_ENTROPY_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "mbedtls/sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "mbedtls/sha256.h"
-#endif
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-
-/** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
-/** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
-/** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
-/** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
-/** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
-#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
-#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
-#else
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
-#endif
-
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
-
-#define MBEDTLS_ENTROPY_SOURCE_STRONG 1 /**< Entropy source is strong */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK 0 /**< Entropy source is weak */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Entropy poll callback pointer
- *
- * \param data Callback-specific data pointer
- * \param output Data to fill
- * \param len Maximum size to provide
- * \param olen The actual amount of bytes put into the buffer (Can be 0)
- *
- * \return 0 if no critical failures occurred,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
- */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
- size_t *olen);
-
-/**
- * \brief Entropy source state
- */
-typedef struct mbedtls_entropy_source_state
-{
- mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
- void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
- size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
- size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
- int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
-
-/**
- * \brief Entropy context structure
- */
-typedef struct mbedtls_entropy_context
-{
- int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
- * 1 after the first update.
- * -1 after free. */
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
-#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
- mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
-#endif
- int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
- mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int MBEDTLS_PRIVATE(initial_entropy_run);
-#endif
-}
-mbedtls_entropy_context;
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-/**
- * \brief Platform-specific entropy poll callback
- */
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
-#endif
-
-/**
- * \brief Initialize the context
- *
- * \param ctx Entropy context to initialize
- */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Free the data in the context
- *
- * \param ctx Entropy context to free
- */
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Adds an entropy source to poll
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param f_source Entropy function
- * \param p_source Function data
- * \param threshold Minimum required from source before entropy is released
- * ( with mbedtls_entropy_func() ) (in bytes)
- * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
- * MBEDTLS_ENTROPY_SOURCE_WEAK.
- * At least one strong source needs to be added.
- * Weaker sources (such as the cycle counter) can be used as
- * a complement.
- *
- * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
- */
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong );
-
-/**
- * \brief Trigger an extra gather poll for the accumulator
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
-
-/**
- * \brief Retrieve entropy from the accumulator
- * (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data Entropy context
- * \param output Buffer to fill
- * \param len Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
- *
- * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
-
-/**
- * \brief Add data to the accumulator manually
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx Entropy context
- * \param data Data to add
- * \param len Length of data
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief Trigger an update of the seed file in NV by using the
- * current entropy pool.
- *
- * \param ctx Entropy context
- *
- * \return 0 if successful
- */
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief Write a seed file
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
-
-/**
- * \brief Read and update a seed file. Seed is added to this
- * instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
- * read from the seed file. The rest is ignored.
- *
- * \param ctx Entropy context
- * \param path Name of the file
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
- * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * This module self-test also calls the entropy self-test,
- * mbedtls_entropy_source_self_test();
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_self_test( int verbose );
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief Checkup routine
- *
- * Verifies the integrity of the hardware entropy source
- * provided by the function 'mbedtls_hardware_poll()'.
- *
- * Note this is the only hardware entropy source that is known
- * at link time, and other entropy sources configured
- * dynamically at runtime by the function
- * mbedtls_entropy_add_source() will not be tested.
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/error.h b/ext/oberon/psa/core/include/mbedtls/error.h
deleted file mode 100644
index 4a97d652be22..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/error.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/**
- * \file error.h
- *
- * \brief Error to string translation
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_ERROR_H
-#define MBEDTLS_ERROR_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * Error code layout.
- *
- * Currently we try to keep all error codes within the negative space of 16
- * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
- * addition we'd like to give two layers of information on the error if
- * possible.
- *
- * For that purpose the error codes are segmented in the following manner:
- *
- * 16 bit error code bit-segmentation
- *
- * 1 bit - Unused (sign bit)
- * 3 bits - High level module ID
- * 5 bits - Module-dependent error code
- * 7 bits - Low level module errors
- *
- * For historical reasons, low-level error codes are divided in even and odd,
- * even codes were assigned first, and -1 is reserved for other errors.
- *
- * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
- *
- * Module Nr Codes assigned
- * ERROR 2 0x006E 0x0001
- * MPI 7 0x0002-0x0010
- * GCM 3 0x0012-0x0016 0x0013-0x0013
- * THREADING 3 0x001A-0x001E
- * AES 5 0x0020-0x0022 0x0021-0x0025
- * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
- * BASE64 2 0x002A-0x002C
- * OID 1 0x002E-0x002E 0x000B-0x000B
- * PADLOCK 1 0x0030-0x0030
- * DES 2 0x0032-0x0032 0x0033-0x0033
- * CTR_DBRG 4 0x0034-0x003A
- * ENTROPY 3 0x003C-0x0040 0x003D-0x003F
- * NET 13 0x0042-0x0052 0x0043-0x0049
- * ARIA 4 0x0058-0x005E
- * ASN1 7 0x0060-0x006C
- * CMAC 1 0x007A-0x007A
- * PBKDF2 1 0x007C-0x007C
- * HMAC_DRBG 4 0x0003-0x0009
- * CCM 3 0x000D-0x0011
- * MD5 1 0x002F-0x002F
- * RIPEMD160 1 0x0031-0x0031
- * SHA1 1 0x0035-0x0035 0x0073-0x0073
- * SHA256 1 0x0037-0x0037 0x0074-0x0074
- * SHA512 1 0x0039-0x0039 0x0075-0x0075
- * CHACHA20 3 0x0051-0x0055
- * POLY1305 3 0x0057-0x005B
- * CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM 2 0x0070-0x0072
- * LMS 5 0x0011-0x0019
- *
- * High-level module nr (3 bits - 0x0...-0x7...)
- * Name ID Nr of Errors
- * PEM 1 9
- * PKCS#12 1 4 (Started from top)
- * X509 2 20
- * PKCS5 2 4 (Started from top)
- * DHM 3 11
- * PK 3 15 (Started from top)
- * RSA 4 11
- * ECP 4 10 (Started from top)
- * MD 5 5
- * HKDF 5 1 (Started from top)
- * PKCS7 5 12 (Started from 0x5300)
- * SSL 5 2 (Started from 0x5F00)
- * CIPHER 6 8 (Started from 0x6080)
- * SSL 6 22 (Started from top, plus 0x6000)
- * SSL 7 20 (Started from 0x7000, gaps at
- * 0x7380, 0x7900-0x7980, 0x7A80-0x7E80)
- *
- * Module dependent error code (5 bits 0x.00.-0x.F8.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
-/** This is a bug in the library */
-#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
-
-/** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
-/** The requested feature is not supported by the platform */
-#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * Wrapper macro for mbedtls_error_add(). See that function for
- * more details.
- */
-#define MBEDTLS_ERROR_ADD( high, low ) \
- mbedtls_error_add( high, low, __FILE__, __LINE__ )
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Testing hook called before adding/combining two error codes together.
- * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
- */
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
-#endif
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- * This function can be called directly however it is usually
- * called via the #MBEDTLS_ERROR_ADD macro.
- *
- * While a value of zero is not a negative error code, it is still an
- * error code (that denotes success) and can be combined with both a
- * negative error code or another value of zero.
- *
- * \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to
- * call \link mbedtls_test_hook_error_add \endlink.
- *
- * \param high high-level error code. See error.h for more details.
- * \param low low-level error code. See error.h for more details.
- * \param file file where this error code addition occurred.
- * \param line line where this error code addition occurred.
- */
-static inline int mbedtls_error_add( int high, int low,
- const char *file, int line )
-{
-#if defined(MBEDTLS_TEST_HOOKS)
- if( *mbedtls_test_hook_error_add != NULL )
- ( *mbedtls_test_hook_error_add )( high, low, file, line );
-#endif
- (void)file;
- (void)line;
-
- return( high + low );
-}
-
-/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
- *
- * \param errnum error code
- * \param buffer buffer to place representation in
- * \param buflen length of the buffer
- */
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
-
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char * mbedtls_high_level_strerr( int error_code );
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char * mbedtls_low_level_strerr( int error_code );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* error.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/legacy_or_psa.h b/ext/oberon/psa/core/include/mbedtls/legacy_or_psa.h
index f872ddaf1f35..e9bdb77833c6 100644
--- a/ext/oberon/psa/core/include/mbedtls/legacy_or_psa.h
+++ b/ext/oberon/psa/core/include/mbedtls/legacy_or_psa.h
@@ -64,7 +64,7 @@
* The naming scheme for these macros is:
* MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
* where:
- * - feature is expressed the same way as in PSA_WANT macros, for example:
+ * - feature is expressed the same way as in PSA_WANT_xxx macros, for example:
* KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
* - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
* - condition is omitted if it's based on availability, else it's
@@ -110,105 +110,105 @@
/* Hashes using low-level or PSA based on availability */
#if defined(MBEDTLS_MD5_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_RIPEMD160_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_SHA1_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_SHA224_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_SHA256_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_SHA384_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
#endif
#if defined(MBEDTLS_SHA512_C) || \
- ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
#endif
/* Hashes using MD or PSA based on availability */
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5))
#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160))
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1))
#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224))
#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
#endif
-#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
- ( !defined(MBEDTLS_MD_C) && \
- defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
+#if (defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
+ (!defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
#endif
/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5))
#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160))
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1))
#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224))
#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384))
#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512))
#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
#endif
diff --git a/ext/oberon/psa/core/include/mbedtls/mbedtls_config.h b/ext/oberon/psa/core/include/mbedtls/mbedtls_config.h
index d000906697c7..d122b21fb1bf 100644
--- a/ext/oberon/psa/core/include/mbedtls/mbedtls_config.h
+++ b/ext/oberon/psa/core/include/mbedtls/mbedtls_config.h
@@ -61,11 +61,15 @@
* Requires support for asm() in compiler.
*
* Used in:
+ * library/aesni.h
* library/aria.c
* library/bn_mul.h
+ * library/constant_time.c
+ * library/padlock.h
*
* Required by:
- * MBEDTLS_AESNI_C
+ * MBEDTLS_AESCE_C
+ * MBEDTLS_AESNI_C (on some platforms)
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
@@ -177,19 +181,51 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * Enabling #MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
* free() function pointer at runtime.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
* alternate function at compile time.
*
+ * An overview of how the value of mbedtls_calloc is determined:
+ *
+ * - if !MBEDTLS_PLATFORM_MEMORY
+ * - mbedtls_calloc = calloc
+ * - if MBEDTLS_PLATFORM_MEMORY
+ * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
+ * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
+ * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
+ * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
+ * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
+ * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
+ * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC:
+ * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
+ *
+ * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC
+ * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
+ *
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
+ *
+ * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
+ * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
+ * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
+ * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ *
* Requires: MBEDTLS_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators.
@@ -218,10 +254,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -247,6 +283,49 @@
//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+//#define MBEDTLS_PLATFORM_MS_TIME_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
+ * the default implementation in platform_util.c.
+ *
+ * By default, the library uses a system function such as memset_s()
+ * (optional feature of C11), explicit_bzero() (BSD and compatible), or
+ * SecureZeroMemory (Windows). If no such function is detected, the library
+ * falls back to a plain C implementation. Compilers are technically
+ * permitted to optimize this implementation out, meaning that the memory is
+ * not actually wiped. The library tries to prevent that, but the C language
+ * makes it impossible to guarantee that the memory will always be wiped.
+ *
+ * If your platform provides a guaranteed method to wipe memory which
+ * `platform_util.c` does not detect, define this macro to the name of
+ * a function that takes two arguments, a `void *` pointer and a length,
+ * and wipes that many bytes starting at the specified address. For example,
+ * if your platform has explicit_bzero() but `platform_util.c` does not
+ * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
+ * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
/**
* \def MBEDTLS_DEPRECATED_WARNING
@@ -278,7 +357,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -301,7 +380,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -309,7 +388,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -357,14 +436,14 @@
/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -414,11 +493,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -442,11 +521,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -477,7 +556,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -504,7 +583,6 @@
* performance if ROM access is slower than RAM access.
*
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
*/
//#define MBEDTLS_AES_ROM_TABLES
@@ -526,10 +604,40 @@
* depends on the system and memory details.
*
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
*/
//#define MBEDTLS_AES_FEWER_TABLES
+/**
+ * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ *
+ * Use only 128-bit keys in AES operations to save ROM.
+ *
+ * Uncomment this macro to remove support for AES operations that use 192-
+ * or 256-bit keys.
+ *
+ * Uncommenting this macro reduces the size of AES code by ~300 bytes
+ * on v8-M/Thumb2.
+ *
+ * Module: library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ */
+//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+
+/*
+ * Disable plain C implementation for AES.
+ *
+ * When the plain C implementation is enabled, and an implementation using a
+ * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
+ * detection will be used to select between them.
+ *
+ * If only one implementation is present, runtime detection will not be used.
+ * This configuration will crash at runtime if running on a CPU without the
+ * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
+ * and/or MBEDTLS_AESNI_C is enabled & present in the build.
+ */
+//#define MBEDTLS_AES_USE_HARDWARE_ONLY
+
/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
*
@@ -648,10 +756,20 @@
/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
*
* Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
- * By default, CTR_DRBG uses a 256-bit key.
+ * Without this, CTR_DRBG uses a 256-bit key
+ * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
*/
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
@@ -703,14 +821,53 @@
* This is useful in non-threaded environments if you want to avoid blocking
* for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
*
- * Uncomment this macro to enable restartable ECC computations.
+ * This option:
+ * - Adds xxx_restartable() variants of existing operations in the
+ * following modules, with corresponding restart context types:
+ * - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
+ * linear combination (muladd);
+ * - ECDSA: signature generation & verification;
+ * - PK: signature generation & verification;
+ * - X509: certificate chain verification.
+ * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
+ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
+ * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
+ * computations restartable:
+ * - ECDH operations from the key exchange, only for Short Weierstrass
+ * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
+ * - verification of the server's key exchange signature;
+ * - verification of the server's certificate chain;
+ * - generation of the client's signature if client authentication is used,
+ * with an ECC key/certificate.
+ *
+ * \note In the cases above, the usual SSL/TLS functions, such as
+ * mbedtls_ssl_handshake(), can now return
+ * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
+ *
+ * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
+ * restartable operations in PK, X.509 and TLS (see above) are not
+ * using PSA. On the other hand, ECDH computations in TLS are using
+ * PSA, and are not restartable. These are temporary limitations that
+ * should be lifted in the future.
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
+ *
+ * Requires: MBEDTLS_ECP_C
+ *
+ * Uncomment this macro to enable restartable ECC computations.
*/
//#define MBEDTLS_ECP_RESTARTABLE
+/**
+ * Uncomment to enable using new bignum code in the ECC modules.
+ *
+ * \warning This is currently experimental, incomplete and therefore should not
+ * be used in production.
+ */
+//#define MBEDTLS_ECP_WITH_MPI_UINT
+
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
@@ -779,7 +936,7 @@
*
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -877,7 +1034,9 @@
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_RSA_C
+ * MBEDTLS_PKCS1_V15
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
@@ -900,7 +1059,9 @@
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -922,7 +1083,9 @@
*
* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -944,7 +1107,9 @@
*
* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_RSA_C
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -970,10 +1135,14 @@
* Thread v1.0.0 specification; incompatible changes to the specification
* might still happen. For this reason, this is disabled by default.
*
- * Requires: MBEDTLS_ECJPAKE_C
- * SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
+ * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE)
+ * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
+ * \warning If SHA-256 is provided only by a PSA driver, you must call
+ * psa_crypto_init() before the first hanshake (even if
+ * MBEDTLS_USE_PSA_CRYPTO is disabled).
+ *
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
@@ -994,6 +1163,19 @@
*/
#define MBEDTLS_PK_PARSE_EC_EXTENDED
+/**
+ * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
+ *
+ * Enable the support for parsing public keys of type Short Weierstrass
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+ * compressed point format. This parsing is done through ECP module's functions.
+ *
+ * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
+ * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
+ * MBEDTLS_ECP_DP_SECP224K1.
+ */
+//#define MBEDTLS_PK_PARSE_EC_COMPRESSED /* !!OM */
+
/**
* \def MBEDTLS_ERROR_STRERROR_DUMMY
*
@@ -1154,15 +1336,10 @@
*
* Enable support for PKCS#1 v2.1 encoding.
*
- * Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C).
- *
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any PKCS#1 v2.1 operation.
+ * Requires: MBEDTLS_RSA_C
*
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any PKCS#1 v2.1 operation.
*
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/
@@ -1198,19 +1375,7 @@
* \warning This interface is experimental and may change or be removed
* without notice.
*/
-//#define MBEDTLS_PSA_CRYPTO_CLIENT
-
-/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
- *
- * Enable support for the experimental PSA crypto driver interface.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning This interface is experimental. We intend to maintain backward
- * compatibility with application code that relies on drivers,
- * but the driver interfaces may change without notice.
- */
-#define MBEDTLS_PSA_CRYPTO_DRIVERS /* !!OM */
+#define MBEDTLS_PSA_CRYPTO_CLIENT /* !!OM */
/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
*
@@ -1236,8 +1401,8 @@
* );
* ```
* The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \p output_size bytes
- * of random data and set \c *output_length to \p output_size.
+ * The function must fill the \c output buffer with \c output_size bytes
+ * of random data and set \c *output_length to \c output_size.
*
* Requires: MBEDTLS_PSA_CRYPTO_C
*
@@ -1258,12 +1423,60 @@
* NSPE (Non-Secure Process Environment) and an SPE (Secure Process
* Environment).
*
+ * If you enable this option, your build environment must include a header
+ * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
+ * header files, or in another directory on the compiler's include search
+ * path). Alternatively, your platform may customize the header
+ * `psa/crypto_platform.h`, in which case it can skip or replace the
+ * inclusion of `"crypto_spe.h"`.
+ *
* Module: library/psa_crypto.c
* Requires: MBEDTLS_PSA_CRYPTO_C
*
*/
//#define MBEDTLS_PSA_CRYPTO_SPM
+/**
+ * Uncomment to enable p256-m. This is an alternative implementation of
+ * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
+ * Compared to the default implementation:
+ *
+ * - p256-m has a much smaller code size and RAM footprint.
+ * - p256-m is only available via the PSA API. This includes the pk module
+ * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
+ * over the core arithmetic, or deterministic derivation of keys.
+ *
+ * We recommend enabling this option if your application uses the PSA API
+ * and the only elliptic curve support it needs is ECDH and ECDSA over
+ * SECP256R1.
+ *
+ * If you enable this option, you do not need to enable any ECC-related
+ * MBEDTLS_xxx option. You do need to separately request support for the
+ * cryptographic mechanisms through the PSA API:
+ * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
+ * configuration;
+ * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
+ * - #PSA_WANT_ECC_SECP_R1_256;
+ * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
+ * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To benefit from the smaller code size of p256-m, make sure that you
+ * do not enable any ECC-related option not supported by p256-m: this
+ * would cause the built-in ECC implementation to be built as well, in
+ * order to provide the required option.
+ * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
+ * SECP256R1 are disabled as they are not supported by this driver.
+ * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
+ * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
+ * the built-in ECC implementation, see docs/driver-only-builds.md.
+ */
+//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+
/**
* \def MBEDTLS_PSA_INJECT_ENTROPY
*
@@ -1325,7 +1538,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -1390,6 +1603,7 @@
* module to perform private key operations instead of performing the
* operation inside the library.
*
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE
@@ -1505,6 +1719,8 @@
* it has been associated with security issues in the past and is easy to
* misuse/misunderstand.
*
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
@@ -1525,19 +1741,34 @@
*/
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+/**
+ * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
+ *
+ * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
+ *
+ * \warning This extension is currently in development and must NOT be used except
+ * for testing purposes.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Uncomment this macro to enable support for the record_size_limit extension
+ */
+//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
+
/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
*
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
*
* Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
- * (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or
+ * SHA-256 or SHA-512 provided by a PSA driver)
* With MBEDTLS_USE_PSA_CRYPTO:
- * PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
- * PSA_WANT_ALG_SHA_512
+ * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
*
- * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
- * psa_crypto_init() before doing any TLS operations.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used
+ * are only provided by PSA drivers, you must call psa_crypto_init() before
+ * doing any TLS operations.
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
@@ -1548,19 +1779,20 @@
*
* Enable support for TLS 1.3.
*
- * \note The support for TLS 1.3 is not comprehensive yet, in particular
- * pre-shared keys are not supported.
- * See docs/architecture/tls13-support.md for a description of the TLS
+ * \note See docs/architecture/tls13-support.md for a description of the TLS
* 1.3 support that this option enables.
*
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
* Requires: MBEDTLS_PSA_CRYPTO_C
*
- * Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditionally
- * for most operations, if you want it to only use PSA for all crypto
- * operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
- * operations, and functions that are common with TLS 1.2 (record protection,
- * running handshake hash) will still use non-PSA crypto.
+ * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
+ * directly performed by TLS 1.3 code. As a consequence, you must
+ * call psa_crypto_init() before the first TLS 1.3 handshake.
+ *
+ * \note Cryptographic operations performed indirectly via another module
+ * (X.509, PK) or by code shared with TLS 1.2 (record protection,
+ * running handshake hash) only use PSA crypto if
+ * #MBEDTLS_USE_PSA_CRYPTO is enabled.
*
* Uncomment this macro to enable the support for TLS 1.3.
*/
@@ -1605,8 +1837,11 @@
*
* Enable TLS 1.3 ephemeral key exchange mode.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
- * MBEDTLS_PKCS1_V21
+ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
+ * MBEDTLS_X509_CRT_PARSE_C
+ * and at least one of:
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_PKCS1_V21
*
* Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
* If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
@@ -1620,7 +1855,7 @@
*
* Enable TLS 1.3 PSK ephemeral key exchange mode.
*
- * Requires: MBEDTLS_ECDH_C
+ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
*
* Comment to disable support for the PSK ephemeral key exchange mode in
* TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
@@ -1630,78 +1865,25 @@
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
/**
- * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ * \def MBEDTLS_SSL_EARLY_DATA
*
- * Maximum time difference in milliseconds tolerated between the age of a
- * ticket from the server and client point of view.
- * From the client point of view, the age of a ticket is the time difference
- * between the time when the client proposes to the server to use the ticket
- * (time of writing of the Pre-Shared Key Extension including the ticket) and
- * the time the client received the ticket from the server.
- * From the server point of view, the age of a ticket is the time difference
- * between the time when the server receives a proposition from the client
- * to use the ticket and the time when the ticket was created by the server.
- * The server age is expected to be always greater than the client one and
- * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
- * maximum difference tolerated for the server to accept the ticket.
- * This is not used in TLS 1.2.
+ * Enable support for RFC 8446 TLS 1.3 early data.
*
- */
-#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
- *
- * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
- *
- * This must be less than 256.
- */
-#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
-
-/**
- * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
+ * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
+ * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
*
- * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
- * after handshake completion. This is not used in TLS 1.2 and relevant only if
- * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
- *
- */
-#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
-
-/**
-* \def MBEDTLS_SSL_EARLY_DATA
-*
-* Enable support for RFC 8446 TLS 1.3 early data.
-*
-* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
-* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
-* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-*
-* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
-* is not enabled, this option does not have any effect on the build.
-*
-* This feature is experimental, not completed and thus not ready for
-* production.
-*
-*/
-//#define MBEDTLS_SSL_EARLY_DATA
-
-/**
- * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
- *
- * The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
- *
- * It must be positive and smaller than UINT32_MAX.
- *
- * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
- * have any impact on the build.
+ * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
+ * is not enabled, this option does not have any effect on the build.
*
* This feature is experimental, not completed and thus not ready for
* production.
*
+ * \note The maximum amount of early data can be set with
+ * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
+ *
*/
-#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+//#define MBEDTLS_SSL_EARLY_DATA
/**
* \def MBEDTLS_SSL_PROTO_DTLS
@@ -1921,22 +2103,28 @@
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
- * Make the X.509 and TLS library use PSA for cryptographic operations, and
- * enable new APIs for using keys handled by PSA Crypto.
+ * Make the X.509 and TLS libraries use PSA for cryptographic operations as
+ * much as possible, and enable new APIs for using keys handled by PSA Crypto.
*
* \note Development of this option is currently in progress, and parts of Mbed
* TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
* will still continue to work as usual, so enabling this option should not
* break backwards compatibility.
*
- * \note See docs/use-psa-crypto.md for a complete description of what this
- * option currently does, and of parts that are not affected by it so far.
- *
* \warning If you enable this option, you need to call `psa_crypto_init()`
- * before calling any function from the SSL/TLS, X.509 or PK modules.
+ * before calling any function from the SSL/TLS, X.509 or PK modules, except
+ * for the various mbedtls_xxx_init() functions which can be called at any time.
+ *
+ * \note An important and desirable effect of this option is that it allows
+ * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
+ * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
+ * those modules. However, note that even with this option disabled, some code
+ * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
+ * can determine it's safe to do so; currently that's the case for hashes.
+ *
+ * \note See docs/use-psa-crypto.md for a complete description this option.
*
* Requires: MBEDTLS_PSA_CRYPTO_C.
- * Conflicts with: MBEDTLS_ECP_RESTARTABLE
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
@@ -1962,8 +2150,15 @@
* If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
* an alternative header to include instead of include/psa/crypto_config.h.
*
- * This feature is still experimental and is not ready for production since
- * it is not completed.
+ * \warning This option is experimental, in that the set of `PSA_WANT_XXX`
+ * symbols is not completely finalized yet, and the configuration
+ * tooling is not ideally adapted to having two separate configuration
+ * files.
+ * Future minor releases of Mbed TLS may make minor changes to those
+ * symbols, but we will endeavor to provide a transition path.
+ * Nonetheless, this option is considered mature enough to use in
+ * production, as long as you accept that you may need to make
+ * minor changes to psa/crypto_config.h when upgrading Mbed TLS.
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG /* !!OM */
@@ -1995,6 +2190,8 @@
* See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
* `mbedtls_ssl_conf_ca_cb()` for more information.
*
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
* Uncomment to enable trusted certificate callbacks.
*/
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
@@ -2019,29 +2216,71 @@
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
/**
* \def MBEDTLS_AESNI_C
*
- * Enable AES-NI support on x86-64.
+ * Enable AES-NI support on x86-64 or x86-32.
+ *
+ * \note AESNI is only supported with certain compilers and target options:
+ * - Visual Studio 2013: supported.
+ * - GCC, x86-64, target not explicitly supporting AESNI:
+ * requires MBEDTLS_HAVE_ASM.
+ * - GCC, x86-32, target not explicitly supporting AESNI:
+ * not supported.
+ * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
+ * For this assembly-less implementation, you must currently compile
+ * `library/aesni.c` and `library/aes.c` with machine options to enable
+ * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
+ * `clang -maes -mpclmul`.
+ * - Non-x86 targets: this option is silently ignored.
+ * - Other compilers: this option is silently ignored.
+ *
+ * \note
+ * Above, "GCC" includes compatible compilers such as Clang.
+ * The limitations on target support are likely to be relaxed in the future.
*
* Module: library/aesni.c
* Caller: library/aes.c
*
- * Requires: MBEDTLS_HAVE_ASM
+ * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
*
- * This modules adds support for the AES-NI instructions on x86-64
+ * This modules adds support for the AES-NI instructions on x86.
*/
#define MBEDTLS_AESNI_C
+/**
+ * \def MBEDTLS_AESCE_C
+ *
+ * Enable AES cryptographic extension support on 64-bit Arm.
+ *
+ * Module: library/aesce.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * \warning Runtime detection only works on Linux. For non-Linux operating
+ * system, Armv8-A Cryptographic Extensions must be supported by
+ * the CPU when this option is enabled.
+ *
+ * \note Minimum compiler versions for this feature are Clang 4.0,
+ * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2.
+ *
+ * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
+ * armclang <= 6.9
+ *
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ */
+#define MBEDTLS_AESCE_C
+
/**
* \def MBEDTLS_AES_C
*
@@ -2366,6 +2605,8 @@
* The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
*
+ * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
+ *
* \note To achieve a 256-bit security strength with CTR_DRBG,
* you must use AES-256 *and* use sufficient entropy.
* See ctr_drbg.h for more details.
@@ -2405,7 +2646,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/
//#define MBEDTLS_DES_C /* !!OM */
@@ -2484,13 +2725,8 @@
*
* Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any EC J-PAKE operations.
- *
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any EC J-PAKE operations.
*/
#define MBEDTLS_ECJPAKE_C
@@ -2620,11 +2856,12 @@
/**
* \def MBEDTLS_MD_C
*
- * Enable the generic message digest layer.
+ * Enable the generic layer for message digest (hashing) and HMAC.
*
* Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
* MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
- * MBEDTLS_SHA512_C.
+ * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least
+ * one hash.
* Module: library/md.c
* Caller: library/constant_time.c
* library/ecdsa.c
@@ -2680,7 +2917,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -2755,6 +2992,10 @@
* library/x509_csr.c
*
* Requires: MBEDTLS_BASE64_C
+ * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
+ *
+ * \warning When parsing password-protected files, if MD5 is provided only by
+ * a PSA driver, you must call psa_crypto_init() before the first file.
*
* This modules adds support for decoding / parsing PEM files.
*/
@@ -2830,15 +3071,11 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ * Requires: MBEDTLS_CIPHER_C
+ * Auto-enables: MBEDTLS_MD_C
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any PKCS5 operation.
- *
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any PKCS5 operations.
*
* This module adds support for the PKCS#5 functions.
*/
@@ -2847,11 +3084,7 @@
/**
* \def MBEDTLS_PKCS7_C
*
- * This feature is a work in progress and not ready for production. Testing and
- * validation is incomplete, and handling of malformed inputs may not be robust.
- * The API may change.
- *
- * Enable PKCS7 core for using PKCS7 formatted signatures.
+ * Enable PKCS #7 core for using PKCS #7-formatted signatures.
* RFC Link - https://tools.ietf.org/html/rfc2315
*
* Module: library/pkcs7.c
@@ -2860,7 +3093,7 @@
* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
* MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
*
- * This module is required for the PKCS7 parsing modules.
+ * This module is required for the PKCS #7 parsing modules.
*/
//#define MBEDTLS_PKCS7_C
@@ -2876,13 +3109,8 @@
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
* MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any PKCS12 operation.
- *
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any PKCS12 operations.
*
* This module enables PKCS#12 functions.
*/
@@ -2939,8 +3167,8 @@
* Enable dynamic secure element support in the Platform Security Architecture
* cryptography API.
*
- * \deprecated This feature is deprecated. Please switch to the driver
- * interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
+ * \deprecated This feature is deprecated. Please switch to the PSA driver
+ * interface.
*
* Module: library/psa_crypto_se.c
*
@@ -3029,9 +3257,6 @@
*
* Enable the SHA-224 cryptographic hash algorithm.
*
- * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
- * SHA-224 without SHA-256.
- *
* Module: library/sha256.c
* Caller: library/md.c
* library/ssl_cookie.c
@@ -3045,9 +3270,6 @@
*
* Enable the SHA-256 cryptographic hash algorithm.
*
- * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling
- * SHA-256 without SHA-224.
- *
* Module: library/sha256.c
* Caller: library/entropy.c
* library/md.c
@@ -3070,8 +3292,11 @@
* \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
* for a non-Aarch64 build it will be silently ignored.
*
- * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
- * of \c -march=armv8-a+crypto.
+ * \note Minimum compiler versions for this feature are Clang 4.0,
+ * armclang 6.6 or GCC 6.0.
+ *
+ * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
+ * armclang <= 6.9
*
* \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
* same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
@@ -3095,8 +3320,11 @@
* \note This allows builds with a smaller code size than with
* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
*
- * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
- * of \c -march=armv8-a+crypto.
+ * \note Minimum compiler versions for this feature are Clang 4.0,
+ * armclang 6.6 or GCC 6.0.
+ *
+ * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
+ * armclang <= 6.9
*
* \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
* time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
@@ -3115,8 +3343,6 @@
*
* Enable the SHA-384 cryptographic hash algorithm.
*
- * Requires: MBEDTLS_SHA512_C
- *
* Module: library/sha512.c
* Caller: library/md.c
* library/psa_crypto_hash.c
@@ -3143,6 +3369,17 @@
*/
#define MBEDTLS_SHA512_C
+/**
+ * \def MBEDTLS_SHA3_C
+ *
+ * Enable the SHA3 cryptographic hash algorithm.
+ *
+ * Module: library/sha3.c
+ *
+ * This module adds support for SHA3.
+ */
+//#define MBEDTLS_SHA3_C /* !!OM */
+
/**
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
*
@@ -3153,10 +3390,11 @@
* \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
* for a non-Aarch64 build it will be silently ignored.
*
- * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
- * Clang >= 7, and \c CFLAGS must be set to a minimum of
- * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
- * fastest code.
+ * \note Minimum compiler versions for this feature are Clang 7.0,
+ * armclang 6.9 or GCC 8.0.
+ *
+ * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
+ * armclang 6.9
*
* \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
* same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
@@ -3180,10 +3418,11 @@
* \note This allows builds with a smaller code size than with
* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
*
- * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
- * Clang >= 7, and \c CFLAGS must be set to a minimum of
- * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
- * fastest code.
+ * \note Minimum compiler versions for this feature are Clang 7.0,
+ * armclang 6.9 or GCC 8.0.
+ *
+ * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
+ * armclang 6.9
*
* \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
* time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
@@ -3280,7 +3519,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3294,7 +3533,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3440,7 +3679,7 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
@@ -3522,6 +3761,53 @@
*/
//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+/**
+ * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_platform.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the platform on
+ * which the library code will run.
+ *
+ * \note The required content of this header can vary from one version of
+ * Mbed TLS to the next. Integrators who provide an alternative file
+ * should review the changes in the original file whenever they
+ * upgrade Mbed TLS.
+ *
+ * This macro is expanded after an \#include directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an \#include line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_struct.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the environment
+ * in which the library code will run. The typical use for this feature
+ * is to provide alternative type definitions on the client side in
+ * client-server integrations of PSA crypto, where operation structures
+ * contain handles instead of cryptographic data.
+ *
+ * \note The required content of this header can vary from one version of
+ * Mbed TLS to the next. Integrators who provide an alternative file
+ * should review the changes in the original file whenever they
+ * upgrade Mbed TLS.
+ *
+ * This macro is expanded after an \#include directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an \#include line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
+
/** \} name SECTION: General configuration options */
/**
@@ -3544,7 +3830,7 @@
* comment in the specific module. */
/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
/* CTR_DRBG options */
@@ -3574,8 +3860,29 @@
/* Platform options */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+
+/** \def MBEDTLS_PLATFORM_STD_CALLOC
+ *
+ * Default allocator to use, can be undefined.
+ * It must initialize the allocated buffer memory to zeroes.
+ * The size of the buffer is the product of the two parameters.
+ * The calloc function returns either a null pointer or a pointer to the allocated space.
+ * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
+ * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
+ */
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
+
+/** \def MBEDTLS_PLATFORM_STD_FREE
+ *
+ * Default free to use, can be undefined.
+ * NULL is a valid parameter, and the function must do nothing.
+ * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
+ */
+//#define MBEDTLS_PLATFORM_STD_FREE free
//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
@@ -3589,10 +3896,10 @@
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
+//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
@@ -3604,6 +3911,8 @@
//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/
+//#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */
/** \def MBEDTLS_CHECK_RETURN
*
@@ -3652,6 +3961,9 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/* RSA OPTIONS */
+//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
@@ -3746,7 +4058,7 @@
*/
//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
/**
@@ -3763,56 +4075,64 @@
*/
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+/**
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum time difference in milliseconds tolerated between the age of a
+ * ticket from the server and client point of view.
+ * From the client point of view, the age of a ticket is the time difference
+ * between the time when the client proposes to the server to use the ticket
+ * (time of writing of the Pre-Shared Key Extension including the ticket) and
+ * the time the client received the ticket from the server.
+ * From the server point of view, the age of a ticket is the time difference
+ * between the time when the server receives a proposition from the client
+ * to use the ticket and the time when the ticket was created by the server.
+ * The server age is expected to be always greater than the client one and
+ * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
+ * maximum difference tolerated for the server to accept the ticket.
+ * This is not used in TLS 1.2.
*
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
*/
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
*
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
+ * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
+ *
+ * This must be less than 256.
*/
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ *
+ * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
+ * after handshake completion. This is not used in TLS 1.2 and relevant only if
+ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
+ *
*/
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
/** \} name SECTION: Module configuration options */
diff --git a/ext/oberon/psa/core/include/mbedtls/md.h b/ext/oberon/psa/core/include/mbedtls/md.h
deleted file mode 100644
index fbf938dd1c22..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/md.h
+++ /dev/null
@@ -1,477 +0,0 @@
- /**
- * \file md.h
- *
- * \brief This file contains the generic message-digest wrapper.
- *
- * \author Adriaan de Jong
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-#include "mbedtls/private_access.h"
-
-#include
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform_util.h"
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
-/** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Supported message digests.
- *
- * \warning MD5 and SHA-1 are considered weak message digests and
- * their use constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef enum {
- MBEDTLS_MD_NONE=0, /**< None. */
- MBEDTLS_MD_MD5, /**< The MD5 message digest. */
- MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
- MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
- MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
- MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
- MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
- MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
-} mbedtls_md_type_t;
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#else
-#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
-#else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
-#endif
-
-/**
- * Opaque struct.
- *
- * Constructed using either #mbedtls_md_info_from_string or
- * #mbedtls_md_info_from_type.
- *
- * Fields can be accessed with #mbedtls_md_get_size,
- * #mbedtls_md_get_type and #mbedtls_md_get_name.
- */
-/* Defined internally in library/md_wrap.h. */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * The generic message-digest context.
- */
-typedef struct mbedtls_md_context_t
-{
- /** Information about the associated message digest. */
- const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
-
- /** The digest-specific context. */
- void *MBEDTLS_PRIVATE(md_ctx);
-
- /** The HMAC part of the context. */
- void *MBEDTLS_PRIVATE(hmac_ctx);
-} mbedtls_md_context_t;
-
-/**
- * \brief This function returns the list of digests supported by the
- * generic digest module.
- *
- * \note The list starts with the strongest available hashes.
- *
- * \return A statically allocated array of digests. Each element
- * in the returned list is an integer belonging to the
- * message-digest enumeration #mbedtls_md_type_t.
- * The last entry is 0.
- */
-const int *mbedtls_md_list( void );
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest name.
- *
- * \param md_name The name of the digest to search for.
- *
- * \return The message-digest information associated with \p md_name.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
-
-/**
- * \brief This function returns the message-digest information
- * associated with the given digest type.
- *
- * \param md_type The type of digest to search for.
- *
- * \return The message-digest information associated with \p md_type.
- * \return NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
-
-/**
- * \brief This function returns the message-digest information
- * from the given context.
- *
- * \param ctx The context from which to extract the information.
- * This must be initialized (or \c NULL).
- *
- * \return The message-digest information associated with \p ctx.
- * \return \c NULL if \p ctx is \c NULL.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
- const mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function initializes a message-digest context without
- * binding it to a particular message-digest algorithm.
- *
- * This function should always be called first. It prepares the
- * context for mbedtls_md_setup() for binding it to a
- * message-digest algorithm.
- */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function clears the internal structure of \p ctx and
- * frees any embedded internal structure, but does not free
- * \p ctx itself.
- *
- * If you have called mbedtls_md_setup() on \p ctx, you must
- * call mbedtls_md_free() when you are no longer using the
- * context.
- * Calling this function if you have previously
- * called mbedtls_md_init() and nothing else is optional.
- * You must not call this function if you have not called
- * mbedtls_md_init().
- */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
-
-/**
- * \brief This function selects the message digest algorithm to use,
- * and allocates internal structures.
- *
- * It should be called after mbedtls_md_init() or
- * mbedtls_md_free(). Makes it necessary to call
- * mbedtls_md_free() later.
- *
- * \param ctx The context to set up.
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
- * or non-zero: HMAC is used with this context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
-
-/**
- * \brief This function clones the state of a message-digest
- * context.
- *
- * \note You must call mbedtls_md_setup() on \c dst before calling
- * this function.
- *
- * \note The two contexts must have the same type,
- * for example, both are SHA-256.
- *
- * \warning This function clones the message-digest state, not the
- * HMAC state.
- *
- * \param dst The destination context.
- * \param src The context to be cloned.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src );
-
-/**
- * \brief This function extracts the message-digest size from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The size of the message-digest output in Bytes.
- */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function extracts the message-digest type from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The type of the message digest.
- */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function extracts the message-digest name from the
- * message-digest information structure.
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- *
- * \return The name of the message digest.
- */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief This function starts a message-digest computation.
- *
- * You must call this function after setting up the context
- * with mbedtls_md_setup(), and before passing data with
- * mbedtls_md_update().
- *
- * \param ctx The generic message-digest context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * message-digest computation.
- *
- * You must call mbedtls_md_starts() before calling this
- * function. You may call this function multiple times.
- * Afterwards, call mbedtls_md_finish().
- *
- * \param ctx The generic message-digest context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief This function finishes the digest operation,
- * and writes the result to the output buffer.
- *
- * Call this function after a call to mbedtls_md_starts(),
- * followed by any number of calls to mbedtls_md_update().
- * Afterwards, you may either clear the context with
- * mbedtls_md_free(), or call mbedtls_md_starts() to reuse
- * the context for another digest operation with the same
- * algorithm.
- *
- * \param ctx The generic message-digest context.
- * \param output The buffer for the generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
-
-/**
- * \brief This function calculates the message-digest of a buffer,
- * with respect to a configurable message-digest algorithm
- * in a single call.
- *
- * The result is calculated as
- * Output = message_digest(input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief This function calculates the message-digest checksum
- * result of the contents of the provided file.
- *
- * The result is calculated as
- * Output = message_digest(file contents).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param path The input file name.
- * \param output The generic message-digest checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
- * the file pointed by \p path.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief This function sets the HMAC key and prepares to
- * authenticate a new message.
- *
- * Call this function after mbedtls_md_setup(), to use
- * the MD context for an HMAC calculation, then call
- * mbedtls_md_hmac_update() to provide the input data, and
- * mbedtls_md_hmac_finish() to get the HMAC value.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC key in Bytes.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen );
-
-/**
- * \brief This function feeds an input buffer into an ongoing HMAC
- * computation.
- *
- * Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- * before calling this function.
- * You may call this function multiple times to pass the
- * input piecewise.
- * Afterwards, call mbedtls_md_hmac_finish().
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the HMAC operation, and writes
- * the result to the output buffer.
- *
- * Call this function after mbedtls_md_hmac_starts() and
- * mbedtls_md_hmac_update() to get the HMAC value. Afterwards
- * you may either call mbedtls_md_free() to clear the context,
- * or call mbedtls_md_hmac_reset() to reuse the context with
- * the same HMAC key.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- * \param output The generic HMAC checksum result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief This function prepares to authenticate a new message with
- * the same key as the previous HMAC operation.
- *
- * You may call this function after mbedtls_md_hmac_finish().
- * Afterwards call mbedtls_md_hmac_update() to pass the new
- * input.
- *
- * \param ctx The message digest context containing an embedded HMAC
- * context.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
-
-/**
- * \brief This function calculates the full generic HMAC
- * on the input buffer with the provided key.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The HMAC result is calculated as
- * output = generic HMAC(hmac key, input buffer).
- *
- * \param md_info The information structure of the message-digest algorithm
- * to use.
- * \param key The HMAC secret key.
- * \param keylen The length of the HMAC secret key in Bytes.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The generic HMAC result.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- * failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
-
-/* Internal use */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/memory_buffer_alloc.h b/ext/oberon/psa/core/include/mbedtls/memory_buffer_alloc.h
deleted file mode 100644
index 0b07974f849e..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/memory_buffer_alloc.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * \file memory_buffer_alloc.h
- *
- * \brief Buffer-based memory allocator
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-
-#include "mbedtls/build_info.h"
-
-#include
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_MEMORY_VERIFY_NONE 0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Initialize use of stack-based memory allocator.
- * The stack-based allocator does memory management inside the
- * presented buffer and does not call calloc() and free().
- * It sets the global mbedtls_calloc() and mbedtls_free() pointers
- * to its own functions.
- * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
- * MBEDTLS_THREADING_C is defined)
- *
- * \note This code is not optimized and provides a straight-forward
- * implementation of a stack-based memory allocator.
- *
- * \param buf buffer to use as heap
- * \param len size of the buffer
- */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
-
-/**
- * \brief Free the mutex for thread-safety and clear remaining memory
- */
-void mbedtls_memory_buffer_alloc_free( void );
-
-/**
- * \brief Determine when the allocator should automatically verify the state
- * of the entire chain of headers / meta-data.
- * (Default: MBEDTLS_MEMORY_VERIFY_NONE)
- *
- * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
- * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
- */
-void mbedtls_memory_buffer_set_verify( int verify );
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-/**
- * \brief Print out the status of the allocated memory (primarily for use
- * after a program should have de-allocated all memory)
- * Prints out a list of 'still allocated' blocks and their stack
- * trace if MBEDTLS_MEMORY_BACKTRACE is defined.
- */
-void mbedtls_memory_buffer_alloc_status( void );
-
-/**
- * \brief Get the number of alloc/free so far.
- *
- * \param alloc_count Number of allocations.
- * \param free_count Number of frees.
- */
-void mbedtls_memory_buffer_alloc_count_get( size_t *alloc_count, size_t *free_count );
-
-/**
- * \brief Get the peak heap usage so far
- *
- * \param max_used Peak number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param max_blocks Peak number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
-
-/**
- * \brief Reset peak statistics
- */
-void mbedtls_memory_buffer_alloc_max_reset( void );
-
-/**
- * \brief Get the current heap usage
- *
- * \param cur_used Current number of bytes in use or committed. This
- * includes bytes in allocated blocks too small to split
- * into smaller blocks but larger than the requested size.
- * \param cur_blocks Current number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-/**
- * \brief Verifies that all headers in the memory buffer are correct
- * and contain sane values. Helps debug buffer-overflow errors.
- *
- * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
- * Prints out full header information if MBEDTLS_MEMORY_DEBUG
- * is defined. (Includes stack trace information for each block if
- * MBEDTLS_MEMORY_BACKTRACE is defined as well).
- *
- * \return 0 if verified, 1 otherwise
- */
-int mbedtls_memory_buffer_alloc_verify( void );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* memory_buffer_alloc.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/oid.h b/ext/oberon/psa/core/include/mbedtls/oid.h
deleted file mode 100644
index e5c4b92493f2..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/oid.h
+++ /dev/null
@@ -1,650 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#include
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#include "mbedtls/md.h"
-
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
-/** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
-
-/* This is for the benefit of X.509, but defined here in order to avoid
- * having a "backwards" include of x.509.h here */
-/*
- * X.509 extension types (internal, arbitrary values for bitsets)
- */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
-#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-
-#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
-#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
-
-/*
- * Certificate policies
- */
-#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
-#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
-#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/**
- * Wi-SUN Alliance Field Area Network
- * { iso(1) identified-organization(3) dod(6) internet(1)
- * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
- */
-#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
-
-#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */
-#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
-
-#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-
-#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-
-#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-
-#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
-
-/*
- * Encryption algorithms
- */
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
-
-/*
- * Key Wrapping algorithms
- */
-/*
- * RFC 5649
- */
-#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#7 OIDs
- */
-#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */
-#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */
-#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */
-#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */
-#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */
-#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/* id-ecDH OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132)
- * schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- * ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct mbedtls_oid_descriptor_t
-{
- const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
- size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
- const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
-#endif
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief Translate an ASN.1 OID into its numeric representation
- * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf buffer to put representation in
- * \param size size of the buffer
- * \param oid OID to translate
- *
- * \return Length of the string written (excluding final NULL) or
- * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-
-/**
- * \brief Translate an X.509 extension OID into local values
- *
- * \param oid OID to use
- * \param ext_type place to store the extension type
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-
-/**
- * \brief Translate an X.509 attribute type OID into the short name
- * (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid OID to use
- * \param short_name place to store the string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
-
-/**
- * \brief Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid OID to use
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg Public key type to look for
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief Translate NamedCurve OID into an EC group identifier
- *
- * \param oid OID to use
- * \param grp_id place to store group id
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
-
-/**
- * \brief Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id EC group identifier
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen );
-#endif /* MBEDTLS_ECP_C */
-
-/**
- * \brief Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param pk_alg place to store public key algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief Translate SignatureAlgorithm OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg message digest algorithm
- * \param pk_alg public key algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen );
-
-/**
- * \brief Translate hmac algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_hmac place to store message hmac algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
-
-/**
- * \brief Translate hash algorithm OID into md_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
-
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Translate Extended Key Usage OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
-#endif
-
-/**
- * \brief Translate certificate policies OID into description
- *
- * \param oid OID to use
- * \param desc place to store string pointer
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief Translate md_type into hash algorithm OID
- *
- * \param md_alg message digest algorithm
- * \param oid place to store ASN.1 OID string pointer
- * \param olen length of the OID
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief Translate encryption algorithm OID into cipher_type
- *
- * \param oid OID to use
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief Translate PKCS#12 PBE algorithm OID into md_type and
- * cipher_type
- *
- * \param oid OID to use
- * \param md_alg place to store message digest algorithm
- * \param cipher_alg place to store cipher algorithm
- *
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_PKCS12_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/pk.h b/ext/oberon/psa/core/include/mbedtls/pk.h
deleted file mode 100644
index db0bfacab3e3..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/pk.h
+++ /dev/null
@@ -1,999 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif
-
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
-/** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
-/** Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
-/** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
-/** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
-/** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
-/** Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
-/** Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
-/** The output buffer is too small. */
-#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Public key types
- */
-typedef enum {
- MBEDTLS_PK_NONE=0,
- MBEDTLS_PK_RSA,
- MBEDTLS_PK_ECKEY,
- MBEDTLS_PK_ECKEY_DH,
- MBEDTLS_PK_ECDSA,
- MBEDTLS_PK_RSA_ALT,
- MBEDTLS_PK_RSASSA_PSS,
- MBEDTLS_PK_OPAQUE,
-} mbedtls_pk_type_t;
-
-/**
- * \brief Options for RSASSA-PSS signature verification.
- * See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct mbedtls_pk_rsassa_pss_options
-{
- mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
- int MBEDTLS_PRIVATE(expected_salt_len);
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief Maximum size of a signature made by mbedtls_pk_sign().
- */
-/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
- * size among the supported signature types. Do it by starting at 0,
- * then incrementally increasing to be large enough for each supported
- * signature mechanism.
- *
- * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
- * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
- * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
- */
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
- MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For RSA, the signature can be as large as the bignum module allows.
- * For RSA_ALT, the signature size is not necessarily tied to what the
- * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && \
- MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For ECDSA, the ecdsa module exports a constant for the maximum
- * signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
- * through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
-
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* The Mbed TLS representation is different for ECDSA signatures:
- * PSA uses the raw concatenation of r and s,
- * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
- * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
- * types, lengths (represented by up to 2 bytes), and potential leading
- * zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
-#endif
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
-
-/**
- * \brief Types for interfacing with the debug module
- */
-typedef enum
-{
- MBEDTLS_PK_DEBUG_NONE = 0,
- MBEDTLS_PK_DEBUG_MPI,
- MBEDTLS_PK_DEBUG_ECP,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief Item to send to the debug module
- */
-typedef struct mbedtls_pk_debug_item
-{
- mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
- const char *MBEDTLS_PRIVATE(name);
- void *MBEDTLS_PRIVATE(value);
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief Public key information and operations
- *
- * \note The library does not support custom pk info structures,
- * only built-in structures returned by
- * mbedtls_cipher_info_from_type().
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-/**
- * \brief Public key container
- */
-typedef struct mbedtls_pk_context
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Context for resuming operations
- */
-typedef struct
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
-} mbedtls_pk_restart_ctx;
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_pk_restart_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Return information associated with the given PK type
- *
- * \param pk_type PK type to search for.
- *
- * \return The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
-
-/**
- * \brief Initialize a #mbedtls_pk_context (as NONE).
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
-
-/**
- * \brief Free the components of a #mbedtls_pk_context.
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- *
- * \note For contexts that have been set up with
- * mbedtls_pk_setup_opaque(), this does not free the underlying
- * PSA key and you still need to call psa_destroy_key()
- * independently if you want to destroy that key.
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief Initialize a restart context
- *
- * \param ctx The context to initialize.
- * This must not be \c NULL.
- */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
-
-/**
- * \brief Free the components of a restart context
- *
- * \param ctx The context to clear. It must have been initialized.
- * If this is \c NULL, this function does nothing.
- */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief Initialize a PK context with the information given
- * and allocates the type-specific PK subcontext.
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param info Information to use
- *
- * \return 0 on success,
- * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note For contexts holding an RSA-alt key, use
- * \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Initialize a PK context to wrap a PSA key.
- *
- * \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key instead of
- * storing and manipulating the key material directly.
- *
- * \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC or RSA key
- * pair (see notes below).
- *
- * \note The wrapped key must remain valid as long as the
- * wrapping PK context is in use, that is at least between
- * the point this function is called and the point
- * mbedtls_pk_free() is called on this context. The wrapped
- * key might then be independently used or destroyed.
- *
- * \note This function is currently only available for ECC or RSA
- * key pairs (that is, keys containing private key material).
- * Support for other key types may be added later.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key identifier).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- * ECC key pair.
- * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const mbedtls_svc_key_id_t key );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief Initialize an RSA-alt context
- *
- * \param ctx Context to initialize. It must not have been set
- * up yet (type #MBEDTLS_PK_NONE).
- * \param key RSA key pointer
- * \param decrypt_func Decryption function
- * \param sign_func Signing function
- * \param key_len_func Function returning key length in bytes
- *
- * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- * context wasn't already initialized as RSA_ALT.
- *
- * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief Get the size in bits of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the length in bytes of the underlying key
- *
- * \param ctx The context to query. It must have been initialized.
- *
- * \return Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
-{
- return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
-}
-
-/**
- * \brief Tell if a context can do the operation given by type
- *
- * \param ctx The context to query. It must have been initialized.
- * \param type The desired type.
- *
- * \return 1 if the context can do operations on the given type.
- * \return 0 if the context cannot do the operations on the given
- * type. This is always the case for a context that has
- * been initialized but not set up, or that has been
- * cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Tell if context can do the operation given by PSA algorithm
- *
- * \param ctx The context to query. It must have been initialized.
- * \param alg PSA algorithm to check against, the following are allowed:
- * PSA_ALG_RSA_PKCS1V15_SIGN(hash),
- * PSA_ALG_RSA_PSS(hash),
- * PSA_ALG_RSA_PKCS1V15_CRYPT,
- * PSA_ALG_ECDSA(hash),
- * PSA_ALG_ECDH, where hash is a specific hash.
- * \param usage PSA usage flag to check against, must be composed of:
- * PSA_KEY_USAGE_SIGN_HASH
- * PSA_KEY_USAGE_DECRYPT
- * PSA_KEY_USAGE_DERIVE.
- * Context key must match all passed usage flags.
- *
- * \warning Since the set of allowed algorithms and usage flags may be
- * expanded in the future, the return value \c 0 should not
- * be taken in account for non-allowed algorithms and usage
- * flags.
- *
- * \return 1 if the context can do operations on the given type.
- * \return 0 if the context cannot do the operations on the given
- * type, for non-allowed algorithms and usage flags, or
- * for a context that has been initialized but not set up
- * or that has been cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
- psa_key_usage_t usage );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief Verify signature (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used.
- * This can be #MBEDTLS_MD_NONE if the signature algorithm
- * does not rely on a hash algorithm (non-deterministic
- * ECDSA, RSA PKCS#1 v1.5).
- * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
- * \p hash is the DigestInfo structure used by RFC 8017
- * §9.2 steps 3–6. If \p md_alg is a valid hash
- * algorithm then \p hash is the digest itself, and this
- * function calculates the DigestInfo encoding internally.
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
- * or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- * to verify RSASSA_PSS signatures.
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Restartable version of \c mbedtls_pk_verify()
- *
- * \note Performs the same job as \c mbedtls_pk_verify(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_verify().
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_verify(), or
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief Verify signature, with options.
- * (Includes verification of the padding depending on type.)
- *
- * \param type Signature type (inc. possible padding type) to verify
- * \param options Pointer to type-specific options, or NULL
- * \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Signature to verify
- * \param sig_len Signature length
- *
- * \return 0 on success (signature is valid),
- * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- * used for this type of signatures,
- * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
- * or a specific error code.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- * to a mbedtls_pk_rsassa_pss_options structure,
- * otherwise it must be NULL.
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief Make signature, including padding if relevant.
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 on success, or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * There is no interface in the PK module to make RSASSA-PSS
- * signatures yet.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-/**
- * \brief Make signature given a signature type.
- *
- * \param pk_type Signature type.
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes)
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return 0 on success, or a specific error code.
- *
- * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
- * see #PSA_ALG_RSA_PSS for a description of PSS options used.
- *
- * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- *
- */
-int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
- mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/**
- * \brief Restartable version of \c mbedtls_pk_sign()
- *
- * \note Performs the same job as \c mbedtls_pk_sign(), but can
- * return early and restart according to the limit set with
- * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- * operations. For RSA, same as \c mbedtls_pk_sign().
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
- * \param hash Hash of the message to sign
- * \param hash_len Hash length
- * \param sig Place to write the signature.
- * It must have enough room for the signature.
- * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- * You may use a smaller buffer if it is large enough
- * given the key type.
- * \param sig_size The size of the \p sig buffer in bytes.
- * \param sig_len On successful return,
- * the number of bytes written to \p sig.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- * \param rs_ctx Restart context (NULL to disable restart)
- *
- * \return See \c mbedtls_pk_sign().
- * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- * operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief Decrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up
- * with a private key.
- * \param input Input to decrypt
- * \param ilen Input size
- * \param output Decrypted output
- * \param olen Decrypted message length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Encrypt message (including padding if relevant).
- *
- * \param ctx The PK context to use. It must have been set up.
- * \param input Message to encrypt
- * \param ilen Message size
- * \param output Encrypted output
- * \param olen Encrypted output length
- * \param osize Size of the output buffer
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \note \p f_rng is used for padding generation.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return 0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief Check if a public-private pair of keys matches.
- *
- * \param pub Context holding a public key.
- * \param prv Context holding a private (and public) key.
- * \param f_rng RNG function, must not be \c NULL.
- * \param p_rng RNG parameter
- *
- * \return \c 0 on success (keys were checked and match each other).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
- * be checked - in that case they may or may not match.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
- * \return Another non-zero value if the keys do not match.
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
- const mbedtls_pk_context *prv,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-
-/**
- * \brief Export debug information
- *
- * \param ctx The PK context to use. It must have been initialized.
- * \param items Place to write debug items
- *
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
-
-/**
- * \brief Access the type name
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type name on success, or "invalid PK"
- */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
-
-/**
- * \brief Get the key type
- *
- * \param ctx The PK context to use. It must have been initialized.
- *
- * \return Type on success.
- * \return #MBEDTLS_PK_NONE for a context that has not been set up.
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal RSA context held by the PK context, or NULL.
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
- switch( mbedtls_pk_get_type( &pk ) )
- {
- case MBEDTLS_PK_RSA:
- return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
- default:
- return( NULL );
- }
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
- * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal EC context held by the PK context, or NULL.
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
- switch( mbedtls_pk_get_type( &pk ) )
- {
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
- default:
- return( NULL );
- }
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief Parse a private key in PEM or DER format
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- * \param pwd Optional password for decryption.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a string of \p pwdlen bytes if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param pwdlen Size of the password in bytes.
- * Ignored if \p pwd is \c NULL.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/** \ingroup pk_module */
-/**
- * \brief Parse a public key in PEM or DER format
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param key Input buffer to parse.
- * The buffer must contain the input exactly, with no
- * extra trailing material. For PEM, the buffer must
- * contain a null-terminated string.
- * \param keylen Size of \b key in bytes.
- * For PEM data, this includes the terminating null byte,
- * so \p keylen must be equal to `strlen(key) + 1`.
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a private key
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the private key from
- * \param password Optional password to decrypt the file.
- * Pass \c NULL if expecting a non-encrypted key.
- * Pass a null-terminated string if expecting an encrypted
- * key; a non-encrypted key will also be accepted.
- * The empty password is not supported.
- * \param f_rng RNG function, must not be \c NULL. Used for blinding.
- * \param p_rng RNG parameter
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/** \ingroup pk_module */
-/**
- * \brief Load and parse a public key
- *
- * \param ctx The PK context to fill. It must have been initialized
- * but not set up.
- * \param path filename to read the public key from
- *
- * \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- * you need a specific key type, check the result with
- * mbedtls_pk_can_do().
- *
- * \note The key is also checked for correctness.
- *
- * \return 0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a public key to a SubjectPublicKeyInfo DER structure
- * Note: data is written at the end of the buffer! Use the
- * return value to determine where you should start
- * using the buffer
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf buffer to write to
- * \param size size of the buffer
- *
- * \return length of data written if successful, or a specific
- * error code
- */
-int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief Write a public key to a PEM string
- *
- * \param ctx PK context which must contain a valid public or private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx PK context which must contain a valid private key.
- * \param buf Buffer to write to. The output includes a
- * terminating null byte.
- * \param size Size of the buffer in bytes.
- *
- * \return 0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- * you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p the position in the ASN.1 data
- * \param end end of the buffer
- * \param pk The PK context to fill. It must have been initialized
- * but not set up.
- *
- * \return 0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief Write a subjectPublicKey to ASN.1 data
- * Note: function works backwards in data buffer
- *
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param key PK context which must contain a valid public or private key.
- *
- * \return the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key );
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Turn an EC or RSA key into an opaque one.
- *
- * \warning This is a temporary utility function for tests. It might
- * change or be removed at any time without notice.
- *
- * \param pk Input: the EC or RSA key to import to a PSA key.
- * Output: a PK context wrapping that PSA key.
- * \param key Output: a PSA key identifier.
- * It's the caller's responsibility to call
- * psa_destroy_key() on that key identifier after calling
- * mbedtls_pk_free() on the PK context.
- * \param alg The algorithm to allow for use with that key.
- * \param usage The usage to allow for use with that key.
- * \param alg2 The secondary algorithm to allow for use with that key.
- *
- * \return \c 0 if successful.
- * \return An Mbed TLS error code otherwise.
- */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- mbedtls_svc_key_id_t *key,
- psa_algorithm_t alg,
- psa_key_usage_t usage,
- psa_algorithm_t alg2 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/platform.h b/ext/oberon/psa/core/include/mbedtls/platform.h
deleted file mode 100644
index 62e12d267c9e..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/platform.h
+++ /dev/null
@@ -1,473 +0,0 @@
-/**
- * \file platform.h
- *
- * \brief This file contains the definitions and functions of the
- * Mbed TLS platform abstraction layer.
- *
- * The platform abstraction layer removes the need for the library
- * to directly link to standard C library functions or operating
- * system services, making the library easier to port and embed.
- * Application developers and users of the library can provide their own
- * implementations of these functions, or implementations specific to
- * their platform, which can be statically linked to the library or
- * dynamically configured at runtime.
- *
- * When all compilation options related to platform abstraction are
- * disabled, this header just defines `mbedtls_xxx` function names
- * as aliases to the standard `xxx` function.
- *
- * Most modules in the library and example programs are expected to
- * include this header.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_H
-#define MBEDTLS_PLATFORM_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
-
-/* The older Microsoft Windows common runtime provides non-conforming
- * implementations of some standard library functions, including snprintf
- * and vsnprintf. This affects MSVC and MinGW builds.
- */
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include
-#include
-#if defined(MBEDTLS_HAVE_TIME)
-#include
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */
-#else
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_SETBUF)
-#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< The default \c setbuf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-
-/** \} name SECTION: Module settings */
-
-/*
- * The function pointers for calloc and free.
- */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
- defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
-/* For size_t */
-#include
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
-
-/**
- * \brief This function dynamically sets the memory-management
- * functions used by the library, during runtime.
- *
- * \param calloc_func The \c calloc function implementation.
- * \param free_func The \c free function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
-#else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free free
-#define mbedtls_calloc calloc
-#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
-
-/*
- * The function pointers for fprintf
- */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-/* We need FILE * */
-#include
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
-
-/**
- * \brief This function dynamically configures the fprintf
- * function that is called when the
- * mbedtls_fprintf() function is invoked by the library.
- *
- * \param fprintf_func The \c fprintf function implementation.
- *
- * \return \c 0.
- */
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
- ... ) );
-#else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-/*
- * The function pointers for printf
- */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
-
-/**
- * \brief This function dynamically configures the snprintf
- * function that is called when the mbedtls_snprintf()
- * function is invoked by the library.
- *
- * \param printf_func The \c printf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-/*
- * The function pointers for snprintf
- *
- * The snprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
-
-/**
- * \brief This function allows configuring a custom
- * \c snprintf function pointer.
- *
- * \param snprintf_func The \c snprintf function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format, ... ) );
-#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-/*
- * The function pointers for vsnprintf
- *
- * The vsnprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- * (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- * the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include
-/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
-
-/**
- * \brief Set your own snprintf function pointer
- *
- * \param vsnprintf_func The \c vsnprintf function implementation
- *
- * \return \c 0
- */
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format, va_list arg ) );
-#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-
-/*
- * The function pointers for setbuf
- */
-#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
-#include
-/**
- * \brief Function pointer to call for `setbuf()` functionality
- * (changing the internal buffering on stdio calls).
- *
- * \note The library calls this function to disable
- * buffering when reading or writing sensitive data,
- * to avoid having extra copies of sensitive data
- * remaining in stdio buffers after the file is
- * closed. If this is not a concern, for example if
- * your platform's stdio doesn't have any buffering,
- * you can set mbedtls_setbuf to a function that
- * does nothing.
- *
- * The library always calls this function with
- * `buf` equal to `NULL`.
- */
-extern void (*mbedtls_setbuf)( FILE *stream, char *buf );
-
-/**
- * \brief Dynamically configure the function that is called
- * when the mbedtls_setbuf() function is called by the
- * library.
- *
- * \param setbuf_func The \c setbuf function implementation
- *
- * \return \c 0
- */
-int mbedtls_platform_set_setbuf( void (*setbuf_func)(
- FILE *stream, char *buf ) );
-#elif defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
-/**
- * \brief Macro defining the function for the library to
- * call for `setbuf` functionality (changing the
- * internal buffering on stdio calls).
- *
- * \note See extra comments on the mbedtls_setbuf() function
- * pointer above.
- *
- * \return \c 0 on success, negative on error.
- */
-#define mbedtls_setbuf MBEDTLS_PLATFORM_SETBUF_MACRO
-#else
-#define mbedtls_setbuf setbuf
-#endif /* MBEDTLS_PLATFORM_SETBUF_ALT / MBEDTLS_PLATFORM_SETBUF_MACRO */
-
-/*
- * The function pointers for exit
- */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
-
-/**
- * \brief This function dynamically configures the exit
- * function that is called when the mbedtls_exit()
- * function is invoked by the library.
- *
- * \param exit_func The \c exit function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
-#else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-/*
- * The default exit values
- */
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#else
-#define MBEDTLS_EXIT_SUCCESS 0
-#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-#else
-#define MBEDTLS_EXIT_FAILURE 1
-#endif
-
-/*
- * The function pointers for reading from and writing a seed file to
- * Non-Volatile storage (NV) in a platform-independent way
- *
- * Only enabled when the NV seed entropy source is enabled
- */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
-
-/**
- * \brief This function allows configuring custom seed file writing and
- * reading functions.
- *
- * \param nv_seed_read_func The seed reading function implementation.
- * \param nv_seed_write_func The seed writing function implementation.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
- );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
- defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-
-/**
- * \brief The platform context structure.
- *
- * \note This structure may be used to assist platform-specific
- * setup or teardown operations.
- */
-typedef struct mbedtls_platform_context
-{
- char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
-
-#else
-#include "platform_alt.h"
-#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-/**
- * \brief This function performs any platform-specific initialization
- * operations.
- *
- * \note This function should be called before any other library functions.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- * \return \c 0 on success.
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
-/**
- * \brief This function performs any platform teardown operations.
- *
- * \note This function should be called after every other Mbed TLS module
- * has been correctly freed using the appropriate free function.
- *
- * Its implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * \note The usage and necessity of this function is dependent on the platform.
- *
- * \param ctx The platform context.
- *
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/platform_time.h b/ext/oberon/psa/core/include/mbedtls/platform_time.h
deleted file mode 100644
index 8bef553789c1..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/platform_time.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * \file platform_time.h
- *
- * \brief mbed TLS Platform time abstraction
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_TIME_H
-#define MBEDTLS_PLATFORM_TIME_H
-
-#include "mbedtls/build_info.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
-
-/**
- * \brief Set your own time function pointer
- *
- * \param time_func the time function implementation
- *
- * \return 0
- */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform_time.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/platform_util.h b/ext/oberon/psa/core/include/mbedtls/platform_util.h
deleted file mode 100644
index ecd36dab582c..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/platform_util.h
+++ /dev/null
@@ -1,207 +0,0 @@
-/**
- * \file platform_util.h
- *
- * \brief Common and shared functions used by multiple modules in the Mbed TLS
- * library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_UTIL_H
-#define MBEDTLS_PLATFORM_UTIL_H
-
-#include "mbedtls/build_info.h"
-
-#include
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
-
-/* Internal helper macros for deprecating API constants. */
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
-MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/* Implementation of the check-return facility.
- * See the user documentation in mbedtls_config.h.
- *
- * Do not use this macro directly to annotate function: instead,
- * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
- * depending on how important it is to check the return value.
- */
-#if !defined(MBEDTLS_CHECK_RETURN)
-#if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-#elif defined(_MSC_VER) && _MSC_VER >= 1700
-#include
-#define MBEDTLS_CHECK_RETURN _Check_return_
-#else
-#define MBEDTLS_CHECK_RETURN
-#endif
-#endif
-
-/** Critical-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked in all applications.
- * Omitting the check is very likely to indicate a bug in the application
- * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
- * is implemented for the compiler in use.
- *
- * \note The use of this macro is a work in progress.
- * This macro may be added to more functions in the future.
- * Such an extension is not considered an API break, provided that
- * there are near-unavoidable circumstances under which the function
- * can fail. For example, signature/MAC/AEAD verification functions,
- * and functions that require a random generator, are considered
- * return-check-critical.
- */
-#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
-
-/** Ordinary-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be generally be checked in portable
- * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
- * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
- *
- * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
- * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
- *
- * \note The use of this macro is a work in progress.
- * This macro will be added to more functions in the future.
- * Eventually this should appear before most functions returning
- * an error code (as \c int in the \c mbedtls_xxx API or
- * as ::psa_status_t in the \c psa_xxx API).
- */
-#if defined(MBEDTLS_CHECK_RETURN_WARNING)
-#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
-#else
-#define MBEDTLS_CHECK_RETURN_TYPICAL
-#endif
-
-/** Benign-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that it is rarely useful to check its return value.
- *
- * This macro has an empty expansion. It exists for documentation purposes:
- * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefulness, whereas the lack of
- * an annotation indicates that the function has not been analyzed and its
- * return-check usefulness is unknown.
- */
-#define MBEDTLS_CHECK_RETURN_OPTIONAL
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * Call this macro with one argument, a function call, to suppress a warning
- * from #MBEDTLS_CHECK_RETURN due to that function call.
- */
-#if !defined(MBEDTLS_IGNORE_RETURN)
-/* GCC doesn't silence the warning with just (void)(result).
- * (void)!(result) is known to work up at least up to GCC 10, as well
- * as with Clang and MSVC.
- *
- * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
- * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
- */
-#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
-#endif
-
-/**
- * \brief Securely zeroize a buffer
- *
- * The function is meant to wipe the data contained in a buffer so
- * that it can no longer be recovered even if the program memory
- * is later compromised. Call this function on sensitive data
- * stored on the stack before returning from a function, and on
- * sensitive data stored on the heap before freeing the heap
- * object.
- *
- * It is extremely difficult to guarantee that calls to
- * mbedtls_platform_zeroize() are not removed by aggressive
- * compiler optimizations in a portable way. For this reason, Mbed
- * TLS provides the configuration option
- * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
- * mbedtls_platform_zeroize() to use a suitable implementation for
- * their platform and needs
- *
- * \param buf Buffer to be zeroized
- * \param len Length of the buffer in bytes
- *
- */
-void mbedtls_platform_zeroize( void *buf, size_t len );
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief Platform-specific implementation of gmtime_r()
- *
- * The function is a thread-safe abstraction that behaves
- * similarly to the gmtime_r() function from Unix/POSIX.
- *
- * Mbed TLS will try to identify the underlying platform and
- * make use of an appropriate underlying implementation (e.g.
- * gmtime_r() for POSIX and gmtime_s() for Windows). If this is
- * not possible, then gmtime() will be used. In this case, calls
- * from the library to gmtime() will be guarded by the mutex
- * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
- * enabled. It is recommended that calls from outside the library
- * are also guarded by this mutex.
- *
- * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
- * unconditionally use the alternative implementation for
- * mbedtls_platform_gmtime_r() supplied by the user at compile time.
- *
- * \param tt Pointer to an object containing time (in seconds) since the
- * epoch to be converted
- * \param tm_buf Pointer to an object where the results will be stored
- *
- * \return Pointer to an object of type struct tm on success, otherwise
- * NULL
- */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf );
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PLATFORM_UTIL_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/psa_util.h b/ext/oberon/psa/core/include/mbedtls/psa_util.h
index 5312210de857..e398c1e34a7c 100644
--- a/ext/oberon/psa/core/include/mbedtls/psa_util.h
+++ b/ext/oberon/psa/core/include/mbedtls/psa_util.h
@@ -2,9 +2,6 @@
* \file psa_util.h
*
* \brief Utility functions for the use of the PSA Crypto library.
- *
- * \warning This function is not part of the public API and may
- * change at any time.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -35,255 +32,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa/crypto.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/error.h"
-
-#include
-
-/* Translations for symmetric crypto. */
-
-static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
- mbedtls_cipher_type_t cipher )
-{
- switch( cipher )
- {
- case MBEDTLS_CIPHER_AES_128_CCM:
- case MBEDTLS_CIPHER_AES_192_CCM:
- case MBEDTLS_CIPHER_AES_256_CCM:
- case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_AES_128_GCM:
- case MBEDTLS_CIPHER_AES_192_GCM:
- case MBEDTLS_CIPHER_AES_256_GCM:
- case MBEDTLS_CIPHER_AES_128_CBC:
- case MBEDTLS_CIPHER_AES_192_CBC:
- case MBEDTLS_CIPHER_AES_256_CBC:
- case MBEDTLS_CIPHER_AES_128_ECB:
- case MBEDTLS_CIPHER_AES_192_ECB:
- case MBEDTLS_CIPHER_AES_256_ECB:
- return( PSA_KEY_TYPE_AES );
-
- /* ARIA not yet supported in PSA. */
- /* case MBEDTLS_CIPHER_ARIA_128_CCM:
- case MBEDTLS_CIPHER_ARIA_192_CCM:
- case MBEDTLS_CIPHER_ARIA_256_CCM:
- case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
- case MBEDTLS_CIPHER_ARIA_128_GCM:
- case MBEDTLS_CIPHER_ARIA_192_GCM:
- case MBEDTLS_CIPHER_ARIA_256_GCM:
- case MBEDTLS_CIPHER_ARIA_128_CBC:
- case MBEDTLS_CIPHER_ARIA_192_CBC:
- case MBEDTLS_CIPHER_ARIA_256_CBC:
- return( PSA_KEY_TYPE_ARIA ); */
-
- default:
- return( 0 );
- }
-}
-
-static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
- mbedtls_cipher_mode_t mode, size_t taglen )
-{
- switch( mode )
- {
- case MBEDTLS_MODE_ECB:
- return( PSA_ALG_ECB_NO_PADDING );
- case MBEDTLS_MODE_GCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
- case MBEDTLS_MODE_CCM:
- return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
- case MBEDTLS_MODE_CCM_STAR_NO_TAG:
- return PSA_ALG_CCM_STAR_NO_TAG;
- case MBEDTLS_MODE_CBC:
- if( taglen == 0 )
- return( PSA_ALG_CBC_NO_PADDING );
- else
- return( 0 );
- default:
- return( 0 );
- }
-}
-
-static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
- mbedtls_operation_t op )
-{
- switch( op )
- {
- case MBEDTLS_ENCRYPT:
- return( PSA_KEY_USAGE_ENCRYPT );
- case MBEDTLS_DECRYPT:
- return( PSA_KEY_USAGE_DECRYPT );
- default:
- return( 0 );
- }
-}
-
-/* Translations for hashing. */
-
-/* Note: this function should not be used from inside the library, use
- * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
- * It is kept only for compatibility in case applications were using it. */
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
-{
- switch( md_alg )
- {
-#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
- case MBEDTLS_MD_MD5:
- return( PSA_ALG_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
- case MBEDTLS_MD_SHA1:
- return( PSA_ALG_SHA_1 );
-#endif
-#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
- case MBEDTLS_MD_SHA224:
- return( PSA_ALG_SHA_224 );
-#endif
-#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
- case MBEDTLS_MD_SHA256:
- return( PSA_ALG_SHA_256 );
-#endif
-#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
- case MBEDTLS_MD_SHA384:
- return( PSA_ALG_SHA_384 );
-#endif
-#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
- case MBEDTLS_MD_SHA512:
- return( PSA_ALG_SHA_512 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
- case MBEDTLS_MD_RIPEMD160:
- return( PSA_ALG_RIPEMD160 );
-#endif
- case MBEDTLS_MD_NONE:
- return( 0 );
- default:
- return( 0 );
- }
-}
-
-/* Translations for ECC. */
-
-static inline int mbedtls_psa_get_ecc_oid_from_id(
- psa_ecc_family_t curve, size_t bits,
- char const **oid, size_t *oid_len )
-{
- switch( curve )
- {
- case PSA_ECC_FAMILY_SECP_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
- case 192:
- *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
- case 224:
- *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- case 384:
- *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- case 521:
- *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
- }
- break;
- case PSA_ECC_FAMILY_SECP_K1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
- case 192:
- *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
- case 224:
- *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
- }
- break;
- case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- case 256:
- *oid = MBEDTLS_OID_EC_GRP_BP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- case 384:
- *oid = MBEDTLS_OID_EC_GRP_BP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- case 512:
- *oid = MBEDTLS_OID_EC_GRP_BP512R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
- return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
- }
- break;
- }
- (void) oid;
- (void) oid_len;
- return( -1 );
-}
-
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )
-
-/* This function transforms an ECC group identifier from
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- * into a PSA ECC group identifier. */
-#if defined(MBEDTLS_ECP_C)
-static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
- uint16_t tls_ecc_grp_reg_id, size_t *bits )
-{
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
- if( curve_info == NULL )
- return( 0 );
- return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
-}
-#endif /* MBEDTLS_ECP_C */
-
/* Expose whatever RNG the PSA subsystem uses to applications using the
* mbedtls_xxx API. The declarations and definitions here need to be
* consistent with the implementation in library/psa_crypto_random_impl.h.
@@ -296,7 +44,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
* This type name is not part of the Mbed TLS stable API. It may be renamed
* or moved without warning.
*/
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
+typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
@@ -335,9 +83,9 @@ typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_s
* `MBEDTLS_ERR_CTR_DRBG_xxx` or
* `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
*/
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
/** The random generator state for the PSA subsystem.
*
@@ -375,5 +123,4 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#endif /* MBEDTLS_PSA_CRYPTO_C */
-
#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/ext/oberon/psa/core/include/mbedtls/rsa.h b/ext/oberon/psa/core/include/mbedtls/rsa.h
deleted file mode 100644
index 2bfaf8f7117a..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/rsa.h
+++ /dev/null
@@ -1,1128 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief This file provides an API for the RSA public-key cryptosystem.
- *
- * The RSA public-key cryptosystem is defined in Public-Key
- * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption
- * and Public-Key Cryptography Standards (PKCS) #1 v2.1:
- * RSA Cryptography Specifications.
- *
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
-/** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
-/** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
-/** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
-/** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
-/** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
-/** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
-/** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
-
-/*
- * RSA constants
- */
-
-#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
-
-#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */
-
-#define MBEDTLS_RSA_SALT_LEN_ANY -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implementations in the PK layers.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The RSA context structure.
- */
-typedef struct mbedtls_rsa_context
-{
- int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
- * Do not set this field in application
- * code. Its meaning might change without
- * notice. */
- size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
- mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1). */
- mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P). */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P. */
- mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q. */
-
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
-
- int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
- as specified in md.h for use in the MGF
- mask generating function used in the
- EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
- /* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
-
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-/**
- * \brief This function initializes an RSA context.
- *
- * \note This function initializes the padding and the hash
- * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
- * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
- * information about those parameters.
- *
- * \param ctx The RSA context to initialize. This must not be \c NULL.
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function sets padding for an already initialized RSA
- * context.
- *
- * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- * encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \note The \p hash_id parameter is ignored when using
- * #MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note The choice of padding mode is strictly enforced for private
- * key operations, since there might be security concerns in
- * mixing padding modes. For public key operations it is
- * a default value, which can be overridden by calling specific
- * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
- * functions.
- *
- * \note The hash selected in \p hash_id is always used for OEAP
- * encryption. For PSS signatures, it is always used for
- * making signatures, but can be overridden for verifying them.
- * If set to #MBEDTLS_MD_NONE, it is always overridden.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
- * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
- * function but may be not suitable for some operations.
- * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
- * \p padding or \p hash_id is invalid.
- */
-int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- mbedtls_md_type_t hash_id );
-
-/**
- * \brief This function imports a set of core parameters into an
- * RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param E The public exponent. This may be \c NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E );
-
-/**
- * \brief This function imports core RSA parameters, in raw big-endian
- * binary format, into an RSA context.
- *
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus. This may be \c NULL.
- * \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
- * \param P The first prime factor of \p N. This may be \c NULL.
- * \param P_len The Byte length of \p P; it is ignored if \p P == NULL.
- * \param Q The second prime factor of \p N. This may be \c NULL.
- * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
- * \param D The private exponent. This may be \c NULL.
- * \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
- * \param E The public exponent. This may be \c NULL.
- * \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len );
-
-/**
- * \brief This function completes an RSA context from
- * a set of imported core parameters.
- *
- * To setup an RSA public key, precisely \p N and \p E
- * must have been imported.
- *
- * To setup an RSA private key, sufficient information must
- * be present for the other parameters to be derivable.
- *
- * The default implementation supports the following:
- * - Derive \p P, \p Q from \p N, \p D, \p E.
- * - Derive \p N, \p D from \p P, \p Q, \p E.
- * Alternative implementations need not support these.
- *
- * If this function runs successfully, it guarantees that
- * the RSA context can be used for RSA operations without
- * the risk of failure or crash.
- *
- * \warning This function need not perform consistency checks
- * for the imported parameters. In particular, parameters that
- * are not needed by the implementation might be silently
- * discarded and left unchecked. To check the consistency
- * of the key material, see mbedtls_rsa_check_privkey().
- *
- * \param ctx The initialized RSA context holding imported parameters.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
- * failed.
- *
- */
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function exports the core parameters of an RSA key.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- *
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \param ctx The initialized RSA context.
- * \param N The MPI to hold the RSA modulus.
- * This may be \c NULL if this field need not be exported.
- * \param P The MPI to hold the first prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param Q The MPI to hold the second prime factor of \p N.
- * This may be \c NULL if this field need not be exported.
- * \param D The MPI to hold the private exponent.
- * This may be \c NULL if this field need not be exported.
- * \param E The MPI to hold the public exponent.
- * This may be \c NULL if this field need not be exported.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- *
- */
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E );
-
-/**
- * \brief This function exports core parameters of an RSA key
- * in raw big-endian binary format.
- *
- * If this function runs successfully, the non-NULL buffers
- * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- * written, with additional unused space filled leading by
- * zero Bytes.
- *
- * Possible reasons for returning
- * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
- * - An alternative RSA implementation is in use, which
- * stores the key externally, and either cannot or should
- * not export it into RAM.
- * - A SW or HW implementation might not support a certain
- * deduction. For example, \p P, \p Q from \p N, \p D,
- * and \p E if the former are not part of the
- * implementation.
- * If the function fails due to an unsupported operation,
- * the RSA context stays intact and remains usable.
- *
- * \note The length parameters are ignored if the corresponding
- * buffer pointers are NULL.
- *
- * \param ctx The initialized RSA context.
- * \param N The Byte array to store the RSA modulus,
- * or \c NULL if this field need not be exported.
- * \param N_len The size of the buffer for the modulus.
- * \param P The Byte array to hold the first prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param P_len The size of the buffer for the first prime factor.
- * \param Q The Byte array to hold the second prime factor of \p N,
- * or \c NULL if this field need not be exported.
- * \param Q_len The size of the buffer for the second prime factor.
- * \param D The Byte array to hold the private exponent,
- * or \c NULL if this field need not be exported.
- * \param D_len The size of the buffer for the private exponent.
- * \param E The Byte array to hold the public exponent,
- * or \c NULL if this field need not be exported.
- * \param E_len The size of the buffer for the public exponent.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- * requested parameters cannot be done due to missing
- * functionality or because of security policies.
- * \return A non-zero return code on any other failure.
- */
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len );
-
-/**
- * \brief This function exports CRT parameters of a private RSA key.
- *
- * \note Alternative RSA implementations not using CRT-parameters
- * internally can implement this function based on
- * mbedtls_rsa_deduce_opt().
- *
- * \param ctx The initialized RSA context.
- * \param DP The MPI to hold \c D modulo `P-1`,
- * or \c NULL if it need not be exported.
- * \param DQ The MPI to hold \c D modulo `Q-1`,
- * or \c NULL if it need not be exported.
- * \param QP The MPI to hold modular inverse of \c Q modulo \c P,
- * or \c NULL if it need not be exported.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- *
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-/**
- * \brief This function retrieves the length of RSA modulus in Bytes.
- *
- * \param ctx The initialized RSA context.
- *
- * \return The length of the RSA modulus in Bytes.
- *
- */
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function generates an RSA keypair.
- *
- * \note mbedtls_rsa_init() must be called before this function,
- * to set up the RSA context.
- *
- * \param ctx The initialized RSA context used to hold the key.
- * \param f_rng The RNG function to be used for key generation.
- * This is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng.
- * This may be \c NULL if \p f_rng doesn't need a context.
- * \param nbits The size of the public key in bits.
- * \param exponent The public exponent to use. For example, \c 65537.
- * This must be odd and greater than \c 1.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
-
-/**
- * \brief This function checks if a context contains at least an RSA
- * public key.
- *
- * If the function runs successfully, it is guaranteed that
- * enough information is present to perform an RSA public key
- * operation using mbedtls_rsa_public().
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function checks if a context contains an RSA private key
- * and perform basic consistency checks.
- *
- * \note The consistency checks performed by this function not only
- * ensure that mbedtls_rsa_private() can be called successfully
- * on the given context, but that the various parameters are
- * mutually consistent with high probability, in the sense that
- * mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- *
- * \warning This function should catch accidental misconfigurations
- * like swapping of parameters, but it cannot establish full
- * trust in neither the quality nor the consistency of the key
- * material that was used to setup the given RSA context:
- * - Consistency: Imported parameters that are irrelevant
- * for the implementation might be silently dropped. If dropped,
- * the current function does not have access to them,
- * and therefore cannot check them. See mbedtls_rsa_complete().
- * If you want to check the consistency of the entire
- * content of a PKCS1-encoded RSA private key, for example, you
- * should use mbedtls_rsa_validate_params() before setting
- * up the RSA context.
- * Additionally, if the implementation performs empirical checks,
- * these checks substantiate but do not guarantee consistency.
- * - Quality: This function is not expected to perform
- * extended quality assessments like checking that the prime
- * factors are safe. Additionally, it is the responsibility of the
- * user to ensure the trustworthiness of the source of his RSA
- * parameters, which goes beyond what is effectively checkable
- * by the library.
- *
- * \param ctx The initialized RSA context to check.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief This function checks a public-private RSA key pair.
- *
- * It checks each of the contexts, and makes sure they match.
- *
- * \param pub The initialized RSA context holding the public key.
- * \param prv The initialized RSA context holding the private key.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv );
-
-/**
- * \brief This function performs an RSA public key operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \note This function does not handle message padding.
- *
- * \note Make sure to set \p input[0] = 0 or ensure that
- * input is smaller than \p N.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an RSA private key operation.
- *
- * \note Blinding is used if and only if a PRNG is provided.
- *
- * \note If blinding is used, both the base of exponentiation
- * and the exponent are blinded, providing protection
- * against some side-channel attacks.
- *
- * \warning It is deprecated and a security risk to not provide
- * a PRNG here and thereby prevent the use of blinding.
- * Future versions of the library may enforce the presence
- * of a PRNG.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function, used for blinding. It is mandatory.
- * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context.
- * \param input The input buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function adds the message padding, then performs an RSA
- * operation.
- *
- * It is the generic wrapper for performing a PKCS#1 encryption
- * operation.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG to use. It is used for padding generation
- * and it is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. May be
- * \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 encryption operation
- * (RSAES-PKCS1-v1_5-ENCRYPT).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. It is mandatory and used for
- * padding generation.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param ilen The length of the plaintext in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP encryption
- * operation (RSAES-OAEP-ENCRYPT).
- *
- * \note The output buffer must be as large as the size
- * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. This is needed for padding
- * generation and is mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng doesn't need a context argument.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param ilen The length of the plaintext buffer \p input in Bytes.
- * \param input The input data to encrypt. This must be a readable
- * buffer of size \p ilen Bytes. It may be \c NULL if
- * `ilen == 0`.
- * \param output The output buffer. This must be a writable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
-
-/**
- * \brief This function performs an RSA operation, then removes the
- * message padding.
- *
- * It is the generic wrapper for performing a PKCS#1 decryption
- * operation.
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N (for example,
- * 128 Bytes if RSA-1024 is used) to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 decryption
- * operation (RSAES-PKCS1-v1_5-DECRYPT).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for example,
- * 128 Bytes if RSA-1024 is used, to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 OAEP decryption
- * operation (RSAES-OAEP-DECRYPT).
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for
- * example, 128 Bytes if RSA-1024 is used, to be able to
- * hold an arbitrary decrypted message. If it is not
- * large enough to hold the decryption of the particular
- * ciphertext provided, the function returns
- * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context.
- * \param label The buffer holding the custom label to use.
- * This must be a readable buffer of length \p label_len
- * Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len The length of the label in Bytes.
- * \param olen The address at which to store the length of
- * the plaintext. This must not be \c NULL.
- * \param input The ciphertext buffer. This must be a readable buffer
- * of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- * \param output The buffer used to hold the plaintext. This must
- * be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
-
-/**
- * \brief This function performs a private RSA operation to sign
- * a message digest using PKCS#1.
- *
- * It is the generic wrapper for performing a PKCS#1
- * signature.
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_sign() for details on
- * \p md_alg and \p hash_id.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. This is mandatory and
- * must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 signature
- * operation (RSASSA-PKCS1-v1_5-SIGN).
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and is
- * mandatory; see mbedtls_rsa_private() for more.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function enforces that the provided salt length complies
- * with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
- * step 3. The constraint is that the hash length plus the salt
- * length plus 2 bytes must be at most the key length. If this
- * constraint is not met, this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param saltlen The length of the salt that should be used.
- * If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
- * the largest possible salt length up to the hash length,
- * which is the largest permitted by some standards including
- * FIPS 186-4 §5.5.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS signature
- * operation (RSASSA-PSS-SIGN).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- *
- * \note This function always uses the maximum possible salt size,
- * up to the length of the payload hash. This choice of salt
- * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
- * v2.2) §9.1.1 step 3. Furthermore this function enforces a
- * minimum salt size which is the hash size minus 2 bytes. If
- * this minimum size is too large given the key size (the salt
- * size, plus the hash size, plus 2 bytes must be no more than
- * the key size in bytes), this function returns
- * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng doesn't need a context argument.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer to hold the signature. This must be a writable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus. A buffer length of
- * #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return \c 0 if the signing operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
-
-/**
- * \brief This function performs a public RSA operation and checks
- * the message digest.
- *
- * This is the generic wrapper for performing a PKCS#1
- * verification.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- * \p hash_id.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v1.5 verification
- * operation (RSASSA-PKCS1-v1_5-VERIFY).
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \c hash_id set in \p ctx by calling
- * mbedtls_rsa_set_padding() selects the hash used for the
- * encoding operation and for the mask generation function
- * (MGF1). For more details on the encoding operation and the
- * mask generation function, consult RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications. If the \c hash_id set in \p ctx by
- * mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
- * parameter is used.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
-
-/**
- * \brief This function performs a PKCS#1 v2.1 PSS verification
- * operation (RSASSA-PSS-VERIFY).
- *
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
- * ignored.
- *
- * \param ctx The initialized RSA public key context to use.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest or raw data in Bytes.
- * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
- * output length of the corresponding hash algorithm.
- * \param hash The buffer holding the message digest or raw data.
- * This must be a readable buffer of at least \p hashlen Bytes.
- * \param mgf1_hash_id The message digest algorithm used for the
- * verification operation and the mask generation
- * function (MGF1). For more details on the encoding
- * operation and the mask generation function, consult
- * RFC-3447: Public-Key Cryptography Standards
- * (PKCS) #1 v2.1: RSA Cryptography
- * Specifications.
- * \param expected_salt_len The length of the salt used in padding. Use
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig The buffer holding the signature. This must be a readable
- * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
- *
- * \return \c 0 if the verify operation was successful.
- * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig );
-
-/**
- * \brief This function copies the components of an RSA context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The source context. This must be initialized.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
-
-/**
- * \brief This function frees the components of an RSA key.
- *
- * \param ctx The RSA context to free. May be \c NULL, in which case
- * this function is a no-op. If it is not \c NULL, it must
- * point to an initialized RSA context.
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The RSA checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_rsa_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/sha256.h b/ext/oberon/psa/core/include/mbedtls/sha256.h
deleted file mode 100644
index 0cbbac11f2e2..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/sha256.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief This file contains SHA-224 and SHA-256 definitions and functions.
- *
- * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-256 context structure.
- *
- * The structure is used both for SHA-256 and for SHA-224
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha256_starts().
- */
-typedef struct mbedtls_sha256_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
- int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
- 0: Use SHA-256, or 1: Use SHA-224. */
-}
-mbedtls_sha256_context;
-
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-/**
- * \brief This function initializes a SHA-256 context.
- *
- * \param ctx The SHA-256 context to initialize. This must not be \c NULL.
- */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
-
-/**
- * \brief This function clears a SHA-256 context.
- *
- * \param ctx The SHA-256 context to clear. This may be \c NULL, in which
- * case this function returns immediately. If it is not \c NULL,
- * it must point to an initialized SHA-256 context.
- */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
-
-/**
- * \brief This function clones the state of a SHA-256 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src );
-
-/**
- * \brief This function starts a SHA-224 or SHA-256 checksum
- * calculation.
- *
- * \param ctx The context to use. This must be initialized.
- * \param is224 This determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-256 checksum calculation.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-256 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-256 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char *output );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-256 computation. This function is for
- * internal use only.
- *
- * \param ctx The SHA-256 context. This must be initialized.
- * \param data The buffer holding one block of data. This must
- * be a readable buffer of length \c 64 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief This function calculates the SHA-224 or SHA-256
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-256 result is calculated as
- * output = SHA-256(input buffer).
- *
- * \param input The buffer holding the data. This must be a readable
- * buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-224 or SHA-256 checksum result.
- * This must be a writable buffer of length \c 32 bytes
- * for SHA-256, \c 28 bytes for SHA-224.
- * \param is224 Determines which function to use. This must be
- * either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224 );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief The SHA-224 and SHA-256 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha256_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/sha512.h b/ext/oberon/psa/core/include/mbedtls/sha512.h
deleted file mode 100644
index 48901cc39d74..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/sha512.h
+++ /dev/null
@@ -1,205 +0,0 @@
-/**
- * \file sha512.h
- * \brief This file contains SHA-384 and SHA-512 definitions and functions.
- *
- * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_SHA512_H
-#define MBEDTLS_SHA512_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-#include
-
-/** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The SHA-512 context structure.
- *
- * The structure is used both for SHA-384 and for SHA-512
- * checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha512_starts().
- */
-typedef struct mbedtls_sha512_context
-{
- uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
-#if defined(MBEDTLS_SHA384_C)
- int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
-
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-/**
- * \brief This function initializes a SHA-512 context.
- *
- * \param ctx The SHA-512 context to initialize. This must
- * not be \c NULL.
- */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
-
-/**
- * \brief This function clears a SHA-512 context.
- *
- * \param ctx The SHA-512 context to clear. This may be \c NULL,
- * in which case this function does nothing. If it
- * is not \c NULL, it must point to an initialized
- * SHA-512 context.
- */
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
-
-/**
- * \brief This function clones the state of a SHA-512 context.
- *
- * \param dst The destination context. This must be initialized.
- * \param src The context to clone. This must be initialized.
- */
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src );
-
-/**
- * \brief This function starts a SHA-384 or SHA-512 checksum
- * calculation.
- *
- * \param ctx The SHA-512 context to use. This must be initialized.
- * \param is384 Determines which function to use. This must be
- * either \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA384_C is not defined,
- * \p is384 must be \c 0, or the function will return
- * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
-
-/**
- * \brief This function feeds an input buffer into an ongoing
- * SHA-512 checksum calculation.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param input The buffer holding the input data. This must
- * be a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief This function finishes the SHA-512 operation, and writes
- * the result to the output buffer.
- *
- * \param ctx The SHA-512 context. This must be initialized
- * and have a hash operation started.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char *output );
-
-/**
- * \brief This function processes a single data block within
- * the ongoing SHA-512 computation.
- * This function is for internal use only.
- *
- * \param ctx The SHA-512 context. This must be initialized.
- * \param data The buffer holding one block of data. This
- * must be a readable buffer of length \c 128 Bytes.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
-
-/**
- * \brief This function calculates the SHA-512 or SHA-384
- * checksum of a buffer.
- *
- * The function allocates the context, performs the
- * calculation, and frees the context.
- *
- * The SHA-512 result is calculated as
- * output = SHA-512(input buffer).
- *
- * \param input The buffer holding the input data. This must be
- * a readable buffer of length \p ilen Bytes.
- * \param ilen The length of the input data in Bytes.
- * \param output The SHA-384 or SHA-512 checksum result.
- * This must be a writable buffer of length \c 64 bytes
- * for SHA-512, \c 48 bytes for SHA-384.
- * \param is384 Determines which function to use. This must be either
- * \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note When \c MBEDTLS_SHA384_C is not defined, \p is384 must
- * be \c 0, or the function will return
- * #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
-int mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384 );
-
-#if defined(MBEDTLS_SELF_TEST)
-
- /**
- * \brief The SHA-384 or SHA-512 checkup routine.
- *
- * \return \c 0 on success.
- * \return \c 1 on failure.
- */
-int mbedtls_sha512_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha512.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/threading.h b/ext/oberon/psa/core/include/mbedtls/threading.h
deleted file mode 100644
index fbc737478364..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/threading.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- * \file threading.h
- *
- * \brief Threading abstraction layer
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_THREADING_H
-#define MBEDTLS_THREADING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
-/** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include
-typedef struct mbedtls_threading_mutex_t
-{
- pthread_mutex_t MBEDTLS_PRIVATE(mutex);
- /* is_valid is 0 after a failed init or a free, and nonzero after a
- * successful init. This field is not considered part of the public
- * API of Mbed TLS and may change without notice. */
- char MBEDTLS_PRIVATE(is_valid);
-} mbedtls_threading_mutex_t;
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief Set your alternate threading implementation function
- * pointers and initialize global mutexes. If used, this
- * function must be called once in the main thread before any
- * other mbed TLS function is called, and
- * mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
- *
- * \note mutex_init() and mutex_free() don't return a status code.
- * If mutex_init() fails, it should leave its argument (the
- * mutex) in a state such that mutex_lock() will fail when
- * called with this argument.
- *
- * \param mutex_init the init function implementation
- * \param mutex_free the free function implementation
- * \param mutex_lock the lock function implementation
- * \param mutex_unlock the unlock function implementation
- */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
- void (*mutex_free)( mbedtls_threading_mutex_t * ),
- int (*mutex_lock)( mbedtls_threading_mutex_t * ),
- int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
-
-/**
- * \brief Free global mutexes.
- */
-void mbedtls_threading_free_alt( void );
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_THREADING_C)
-/*
- * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
- *
- * All these functions are expected to work or the result will be undefined.
- */
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
-
-/*
- * Global mutexes
- */
-#if defined(MBEDTLS_FS_IO)
-extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-/* This mutex may or may not be used in the default definition of
- * mbedtls_platform_gmtime_r(), but in order to determine that,
- * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
- * With the current approach, this declaration is orphaned, lacking
- * an accompanying definition, in case mbedtls_platform_gmtime_r()
- * doesn't need it, but that's not a problem. */
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#endif /* MBEDTLS_THREADING_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* threading.h */
diff --git a/ext/oberon/psa/core/include/mbedtls/timing.h b/ext/oberon/psa/core/include/mbedtls/timing.h
deleted file mode 100644
index 652548d971eb..000000000000
--- a/ext/oberon/psa/core/include/mbedtls/timing.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * \file timing.h
- *
- * \brief Portable interface to timeouts and to the CPU cycle counter
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_TIMING_H
-#define MBEDTLS_TIMING_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#include
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
-/**
- * \brief timer structure
- */
-struct mbedtls_timing_hr_time
-{
- unsigned char MBEDTLS_PRIVATE(opaque)[32];
-};
-
-/**
- * \brief Context for mbedtls_timing_set/get_delay()
- */
-typedef struct mbedtls_timing_delay_context
-{
- struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
- uint32_t MBEDTLS_PRIVATE(int_ms);
- uint32_t MBEDTLS_PRIVATE(fin_ms);
-} mbedtls_timing_delay_context;
-
-#else /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-/* Internal use */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
-
-/**
- * \brief Set a pair of delays to watch
- * (See \c mbedtls_timing_get_delay().)
- *
- * \param data Pointer to timing data.
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- * \param int_ms First (intermediate) delay in milliseconds.
- * The effect if int_ms > fin_ms is unspecified.
- * \param fin_ms Second (final) delay in milliseconds.
- * Pass 0 to cancel the current delay.
- *
- * \note To set a single delay, either use \c mbedtls_timing_set_timer
- * directly or use this function with int_ms == fin_ms.
- */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
-
-/**
- * \brief Get the status of delays
- * (Memory helper: number of delays passed.)
- *
- * \param data Pointer to timing data
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return -1 if cancelled (fin_ms = 0),
- * 0 if none of the delays are passed,
- * 1 if only the intermediate delay is passed,
- * 2 if the final delay is passed.
- */
-int mbedtls_timing_get_delay( void *data );
-
-/**
- * \brief Get the final timing delay
- *
- * \param data Pointer to timing data
- * Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return Final timing delay in milliseconds.
- */
-uint32_t mbedtls_timing_get_final_delay(
- const mbedtls_timing_delay_context *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/ext/oberon/psa/core/include/psa/crypto.h b/ext/oberon/psa/core/include/psa/crypto.h
index 03181ed33e66..f06fff3644f7 100644
--- a/ext/oberon/psa/core/include/psa/crypto.h
+++ b/ext/oberon/psa/core/include/psa/crypto.h
@@ -22,7 +22,11 @@
#ifndef PSA_CRYPTO_H
#define PSA_CRYPTO_H
+#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
+#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
+#else
#include "crypto_platform.h"
+#endif
#include
@@ -59,7 +63,7 @@ extern "C" {
/**
* The minor version of this implementation of the PSA Crypto API
*/
-#define PSA_CRYPTO_API_VERSION_MINOR 0
+#define PSA_CRYPTO_API_VERSION_MINOR 1
/**@}*/
@@ -88,16 +92,16 @@ extern "C" {
* initialization may have security implications, for example due to improper
* seeding of the random number generator.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
psa_status_t psa_crypto_init(void);
@@ -137,8 +141,8 @@ static psa_key_attributes_t psa_key_attributes_init(void);
* \param[out] attributes The attribute structure to write to.
* \param key The persistent identifier for the key.
*/
-static void psa_set_key_id( psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t key );
+static void psa_set_key_id(psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t key);
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/** Set the owner identifier of a key.
@@ -155,8 +159,8 @@ static void psa_set_key_id( psa_key_attributes_t *attributes,
* \param[out] attributes The attribute structure to write to.
* \param owner The key owner identifier.
*/
-static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
- mbedtls_key_owner_id_t owner );
+static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
+ mbedtls_key_owner_id_t owner);
#endif
/** Set the location of a persistent key.
@@ -368,14 +372,14 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
* On failure, equivalent to a
* freshly-initialized structure.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -486,7 +490,7 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
* identifier defined in \p attributes.
* \c 0 on failure.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_HANDLE
* \p source_key is invalid.
* \retval #PSA_ERROR_ALREADY_EXISTS
@@ -502,14 +506,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
* The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
* the source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -631,14 +635,14 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
* the key data is not correctly formatted, or
* the size in \p attributes is nonzero and does not match the size
* of the key data.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -718,22 +722,22 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
* \param[out] data_length On success, the number of bytes
* that make up the key data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_EXPORT flag.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
* #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -793,22 +797,22 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
* \param[out] data_length On success, the number of bytes
* that make up the key data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is neither a public key nor a key pair.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
* #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -846,13 +850,13 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
* Success.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a hash algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \p hash_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -884,10 +888,10 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
* \p alg is not supported or is not a hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p input_length or \p hash_length do not match the hash size for \p alg
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -977,10 +981,10 @@ static psa_hash_operation_t psa_hash_operation_init(void);
* \p alg is not a supported hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1003,10 +1007,10 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1049,10 +1053,10 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
* The size of the \p hash buffer is too small. You can determine a
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
* where \c alg is the hash algorithm that is calculated.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1090,10 +1094,10 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1120,10 +1124,10 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
*
* \param[in,out] operation Initialized hash operation.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1146,11 +1150,11 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
* \param[in,out] target_operation The operation object to set up.
* It must be initialized but not active.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The \p source_operation state is not valid (it must be active), or
* the \p target_operation state is not valid (it must be inactive), or
@@ -1190,18 +1194,18 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \p mac_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
@@ -1233,16 +1237,16 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected value.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
@@ -1338,16 +1342,16 @@ static psa_mac_operation_t psa_mac_operation_init(void);
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
@@ -1400,16 +1404,16 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE
* The key could not be retrieved from storage.
* \retval #PSA_ERROR_BAD_STATE
@@ -1437,11 +1441,11 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1485,11 +1489,11 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p mac buffer is too small. You can determine a
* sufficient buffer size by calling PSA_MAC_LENGTH().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active mac sign
* operation), or the library has not been previously initialized
@@ -1528,11 +1532,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active mac verify
* operation), or the library has not been previously initialized
@@ -1560,10 +1564,10 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
*
* \param[in,out] operation Initialized MAC operation.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1599,18 +1603,18 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1646,18 +1650,18 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -1753,17 +1757,17 @@ static psa_cipher_operation_t psa_cipher_operation_init(void);
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1816,17 +1820,17 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
@@ -1859,11 +1863,11 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with no IV set),
* or the library has not been previously initialized
@@ -1900,11 +1904,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active cipher
* encrypt operation, with no IV set), or the library has not been
@@ -1941,11 +1945,11 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with an IV set
* if required for the algorithm), or the library has not been
@@ -1993,11 +1997,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
* padding, and the ciphertext does not contain valid padding.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with an IV set
* if required for the algorithm), or the library has not been
@@ -2026,10 +2030,10 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
*
* \param[in,out] operation Initialized cipher operation.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2082,23 +2086,23 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \p ciphertext_size is too small.
* #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
* \p plaintext_length) or
* #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
* determine the required buffer size.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2153,25 +2157,25 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The ciphertext is not authentic.
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \p plaintext_size is too small.
* #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
* \p ciphertext_length) or
* #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
* to determine the required buffer size.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2280,16 +2284,16 @@ static psa_aead_operation_t psa_aead_operation_init(void);
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2344,17 +2348,17 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or the
* library has not been previously initialized by psa_crypto_init().
@@ -2388,11 +2392,11 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active aead encrypt
* operation, with no nonce set), or the library has not been
@@ -2428,11 +2432,11 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with no nonce
* set), or the library has not been previously initialized
@@ -2473,10 +2477,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, and
* psa_aead_update_ad() and psa_aead_update() must not have been
@@ -2520,11 +2524,11 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, have a nonce
* set, have lengths set if required by the algorithm, and
@@ -2605,11 +2609,11 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
* specified with psa_aead_set_lengths(), or
* the total input length overflows the plaintext length that
* was previously specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, have a nonce
* set, and have lengths set if required by the algorithm), or the
@@ -2691,11 +2695,11 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
* the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active encryption
* operation with a nonce set), or the library has not been previously
@@ -2774,11 +2778,11 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
* the total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active decryption
* operation with a nonce set), or the library has not been previously
@@ -2809,10 +2813,10 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
*
* \param[in,out] operation Initialized AEAD operation.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -2858,8 +2862,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* \param[out] signature_length On success, the number of bytes that make up
* the returned signature value.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
* or it does not permit the requested algorithm.
@@ -2869,28 +2873,28 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length );
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
/** \brief Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
@@ -2914,34 +2918,34 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
* \param[out] signature Buffer containing the signature to verify.
* \param[in] signature_length Size of the \p signature buffer in bytes.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
* or it does not permit the requested algorithm.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculation was performed successfully, but the passed signature
* is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length );
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length);
/**
* \brief Sign a hash or short message with a private key.
@@ -2967,23 +2971,23 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p signature buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3023,18 +3027,18 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
*
* \retval #PSA_SUCCESS
* The signature is valid.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculation was performed successfully, but the passed
* signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3076,23 +3080,23 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3136,24 +3140,24 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INVALID_PADDING
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_INVALID_PADDING \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3263,11 +3267,11 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
* \c alg is not a key derivation algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
@@ -3287,10 +3291,10 @@ psa_status_t psa_key_derivation_setup(
* \param[in] operation The operation to query.
* \param[out] capacity On success, the capacity of the operation.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or
* the library has not been previously initialized by psa_crypto_init().
@@ -3311,14 +3315,14 @@ psa_status_t psa_key_derivation_get_capacity(
* It must be less or equal to the operation's
* current capacity.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p capacity is larger than the operation's current capacity.
* In this case, the operation object remains valid and its capacity
* remains unchanged.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active), or the
* library has not been previously initialized by psa_crypto_init().
@@ -3336,7 +3340,7 @@ psa_status_t psa_key_derivation_set_capacity(
* The value of the maximum possible capacity depends on the key derivation
* algorithm.
*/
-#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
+#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t) (-1))
/** Provide an input for key derivation or key agreement.
*
@@ -3367,11 +3371,11 @@ psa_status_t psa_key_derivation_set_capacity(
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the operation's algorithm, or
* \c step does not allow direct inputs.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid for this input \p step, or
* the library has not been previously initialized by psa_crypto_init().
@@ -3410,11 +3414,11 @@ psa_status_t psa_key_derivation_input_bytes(
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the operation's algorithm, or
* \c step does not allow numeric inputs.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid for this input \p step, or
* the library has not been previously initialized by psa_crypto_init().
@@ -3468,7 +3472,7 @@ psa_status_t psa_key_derivation_input_integer(
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* The key allows neither #PSA_KEY_USAGE_DERIVE nor
* #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
@@ -3477,11 +3481,11 @@ psa_status_t psa_key_derivation_input_integer(
* \c step is not compatible with the operation's algorithm, or
* \c step does not allow key inputs of the given type
* or does not allow key inputs at all.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid for this input \p step, or
* the library has not been previously initialized by psa_crypto_init().
@@ -3536,8 +3540,8 @@ psa_status_t psa_key_derivation_input_key(
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
* or \p peer_key is not valid for \c alg or not compatible with
@@ -3545,11 +3549,11 @@ psa_status_t psa_key_derivation_input_key(
* from a key agreement.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid for this key agreement \p step,
* or the library has not been previously initialized by psa_crypto_init().
@@ -3580,7 +3584,7 @@ psa_status_t psa_key_derivation_key_agreement(
* \param[out] output Buffer where the output will be written.
* \param output_length Number of bytes to output.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* One of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
@@ -3591,11 +3595,11 @@ psa_status_t psa_key_derivation_key_agreement(
* The operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps), or the library has not been previously
@@ -3738,14 +3742,14 @@ psa_status_t psa_key_derivation_output_bytes(
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
* key; or one of the inputs was a key whose policy didn't allow
* #PSA_KEY_USAGE_DERIVE.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps), or the library has not been previously
@@ -3786,7 +3790,7 @@ psa_status_t psa_key_derivation_output_key(
* \param output_length Length of the expected output; this is also the
* number of bytes that will be read.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The output was read successfully, but it differs from the expected
* output.
@@ -3799,11 +3803,11 @@ psa_status_t psa_key_derivation_output_key(
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps), or the library has not been previously
@@ -3845,7 +3849,7 @@ psa_status_t psa_key_derivation_verify_bytes(
* computed by a previous call to
* psa_key_derivation_output_key().
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The output was read successfully, but if differs from the expected
* output.
@@ -3863,11 +3867,11 @@ psa_status_t psa_key_derivation_verify_bytes(
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller expected output.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps), or the library has not been previously
@@ -3877,7 +3881,7 @@ psa_status_t psa_key_derivation_verify_bytes(
*/
psa_status_t psa_key_derivation_verify_key(
psa_key_derivation_operation_t *operation,
- psa_key_id_t expected);
+ mbedtls_svc_key_id_t expected);
/** Abort a key derivation operation.
*
@@ -3893,10 +3897,10 @@ psa_status_t psa_key_derivation_verify_key(
*
* \param[in,out] operation The operation to abort.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3934,8 +3938,8 @@ psa_status_t psa_key_derivation_abort(
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a key agreement algorithm, or
* \p private_key is not compatible with \p alg,
@@ -3945,11 +3949,11 @@ psa_status_t psa_key_derivation_abort(
* \p output_size is too small
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not a supported key agreement algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -3981,13 +3985,13 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
* \param[out] output Output buffer for the generated data.
* \param output_size Number of bytes to generate and output.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -4024,17 +4028,17 @@ psa_status_t psa_generate_random(uint8_t *output,
* \retval #PSA_ERROR_ALREADY_EXISTS
* This is an attempt to create a persistent key, and there is
* already a persistent key with the given identifier.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -4045,6 +4049,631 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
/**@}*/
+/** \defgroup interruptible_hash Interruptible sign/verify hash
+ * @{
+ */
+
+/** The type of the state data structure for interruptible hash
+ * signing operations.
+ *
+ * Before calling any function on a sign hash operation object, the
+ * application must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_sign_hash_interruptible_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_sign_hash_interruptible_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer
+ * #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+ * \code
+ * psa_sign_hash_interruptible_operation_t operation =
+ * PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function
+ * psa_sign_hash_interruptible_operation_init() to the structure, for
+ * example:
+ * \code
+ * psa_sign_hash_interruptible_operation_t operation;
+ * operation = psa_sign_hash_interruptible_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_t;
+
+/** The type of the state data structure for interruptible hash
+ * verification operations.
+ *
+ * Before calling any function on a sign hash operation object, the
+ * application must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_verify_hash_interruptible_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_verify_hash_interruptible_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer
+ * #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+ * \code
+ * psa_verify_hash_interruptible_operation_t operation =
+ * PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function
+ * psa_verify_hash_interruptible_operation_init() to the structure, for
+ * example:
+ * \code
+ * psa_verify_hash_interruptible_operation_t operation;
+ * operation = psa_verify_hash_interruptible_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_t;
+
+/**
+ * \brief Set the maximum number of ops allowed to be
+ * executed by an interruptible function in a
+ * single call.
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note The time taken to execute a single op is
+ * implementation specific and depends on
+ * software, hardware, the algorithm, key type and
+ * curve chosen. Even within a single operation,
+ * successive ops can take differing amounts of
+ * time. The only guarantee is that lower values
+ * for \p max_ops means functions will block for a
+ * lesser maximum amount of time. The functions
+ * \c psa_sign_interruptible_get_num_ops() and
+ * \c psa_verify_interruptible_get_num_ops() are
+ * provided to help with tuning this value.
+ *
+ * \note This value defaults to
+ * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which
+ * means the whole operation will be done in one
+ * go, regardless of the number of ops required.
+ *
+ * \note If more ops are needed to complete a
+ * computation, #PSA_OPERATION_INCOMPLETE will be
+ * returned by the function performing the
+ * computation. It is then the caller's
+ * responsibility to either call again with the
+ * same operation context until it returns 0 or an
+ * error code; or to call the relevant abort
+ * function if the answer is no longer required.
+ *
+ * \note The interpretation of \p max_ops is also
+ * implementation defined. On a hard real time
+ * system, this can indicate a hard deadline, as a
+ * real-time system needs a guarantee of not
+ * spending more than X time, however care must be
+ * taken in such an implementation to avoid the
+ * situation whereby calls just return, not being
+ * able to do any actual work within the allotted
+ * time. On a non-real-time system, the
+ * implementation can be more relaxed, but again
+ * whether this number should be interpreted as as
+ * hard or soft limit or even whether a less than
+ * or equals as regards to ops executed in a
+ * single call is implementation defined.
+ *
+ * \note For keys in local storage when no accelerator
+ * driver applies, please see also the
+ * documentation for \c mbedtls_ecp_set_max_ops(),
+ * which is the internal implementation in these
+ * cases.
+ *
+ * \warning With implementations that interpret this number
+ * as a hard limit, setting this number too small
+ * may result in an infinite loop, whereby each
+ * call results in immediate return with no ops
+ * done (as there is not enough time to execute
+ * any), and thus no result will ever be achieved.
+ *
+ * \note This only applies to functions whose
+ * documentation mentions they may return
+ * #PSA_OPERATION_INCOMPLETE.
+ *
+ * \param max_ops The maximum number of ops to be executed in a
+ * single call. This can be a number from 0 to
+ * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0
+ * is the least amount of work done per call.
+ */
+void psa_interruptible_set_max_ops(uint32_t max_ops);
+
+/**
+ * \brief Get the maximum number of ops allowed to be
+ * executed by an interruptible function in a
+ * single call. This will return the last
+ * value set by
+ * \c psa_interruptible_set_max_ops() or
+ * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if
+ * that function has never been called.
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \return Maximum number of ops allowed to be
+ * executed by an interruptible function in a
+ * single call.
+ */
+uint32_t psa_interruptible_get_max_ops(void);
+
+/**
+ * \brief Get the number of ops that a hash signing
+ * operation has taken so far. If the operation
+ * has completed, then this will represent the
+ * number of ops required for the entire
+ * operation. After initialization or calling
+ * \c psa_sign_hash_interruptible_abort() on
+ * the operation, a value of 0 will be returned.
+ *
+ * \note This interface is guaranteed re-entrant and
+ * thus may be called from driver code.
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * This is a helper provided to help you tune the
+ * value passed to \c
+ * psa_interruptible_set_max_ops().
+ *
+ * \param operation The \c psa_sign_hash_interruptible_operation_t
+ * to use. This must be initialized first.
+ *
+ * \return Number of ops that the operation has taken so
+ * far.
+ */
+uint32_t psa_sign_hash_get_num_ops(
+ const psa_sign_hash_interruptible_operation_t *operation);
+
+/**
+ * \brief Get the number of ops that a hash verification
+ * operation has taken so far. If the operation
+ * has completed, then this will represent the
+ * number of ops required for the entire
+ * operation. After initialization or calling \c
+ * psa_verify_hash_interruptible_abort() on the
+ * operation, a value of 0 will be returned.
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * This is a helper provided to help you tune the
+ * value passed to \c
+ * psa_interruptible_set_max_ops().
+ *
+ * \param operation The \c
+ * psa_verify_hash_interruptible_operation_t to
+ * use. This must be initialized first.
+ *
+ * \return Number of ops that the operation has taken so
+ * far.
+ */
+uint32_t psa_verify_hash_get_num_ops(
+ const psa_verify_hash_interruptible_operation_t *operation);
+
+/**
+ * \brief Start signing a hash or short message with a
+ * private key, in an interruptible manner.
+ *
+ * \see \c psa_sign_hash_complete()
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note This function combined with \c
+ * psa_sign_hash_complete() is equivalent to
+ * \c psa_sign_hash() but
+ * \c psa_sign_hash_complete() can return early and
+ * resume according to the limit set with \c
+ * psa_interruptible_set_max_ops() to reduce the
+ * maximum time spent in a function call.
+ *
+ * \note Users should call \c psa_sign_hash_complete()
+ * repeatedly on the same context after a
+ * successful call to this function until \c
+ * psa_sign_hash_complete() either returns 0 or an
+ * error. \c psa_sign_hash_complete() will return
+ * #PSA_OPERATION_INCOMPLETE if there is more work
+ * to do. Alternatively users can call
+ * \c psa_sign_hash_abort() at any point if they no
+ * longer want the result.
+ *
+ * \note If this function returns an error status, the
+ * operation enters an error state and must be
+ * aborted by calling \c psa_sign_hash_abort().
+ *
+ * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t
+ * to use. This must be initialized first.
+ *
+ * \param key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. The key must
+ * allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+ * \param alg A signature algorithm (\c PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash or message to sign.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation started successfully - call \c psa_sign_hash_complete()
+ * with the same context to complete the operation
+ *
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does
+ * not permit the requested algorithm.
+ * \retval #PSA_ERROR_BAD_STATE
+ * An operation has previously been started on this context, and is
+ * still in progress.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_sign_hash_start(
+ psa_sign_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length);
+
+/**
+ * \brief Continue and eventually complete the action of
+ * signing a hash or short message with a private
+ * key, in an interruptible manner.
+ *
+ * \see \c psa_sign_hash_start()
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note This function combined with \c
+ * psa_sign_hash_start() is equivalent to
+ * \c psa_sign_hash() but this function can return
+ * early and resume according to the limit set with
+ * \c psa_interruptible_set_max_ops() to reduce the
+ * maximum time spent in a function call.
+ *
+ * \note Users should call this function on the same
+ * operation object repeatedly until it either
+ * returns 0 or an error. This function will return
+ * #PSA_OPERATION_INCOMPLETE if there is more work
+ * to do. Alternatively users can call
+ * \c psa_sign_hash_abort() at any point if they no
+ * longer want the result.
+ *
+ * \note When this function returns successfully, the
+ * operation becomes inactive. If this function
+ * returns an error status, the operation enters an
+ * error state and must be aborted by calling
+ * \c psa_sign_hash_abort().
+ *
+ * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t
+ * to use. This must be initialized first, and have
+ * had \c psa_sign_hash_start() called with it
+ * first.
+ *
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param signature_size Size of the \p signature buffer in bytes. This
+ * must be appropriate for the selected
+ * algorithm and key:
+ * - The required signature size is
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c
+ * key_bits, \c alg) where \c key_type and \c
+ * key_bits are the type and bit-size
+ * respectively of key.
+ * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+ * maximum signature size of any supported
+ * signature algorithm.
+ * \param[out] signature_length On success, the number of bytes that make up
+ * the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * Operation completed successfully
+ *
+ * \retval #PSA_OPERATION_INCOMPLETE
+ * Operation was interrupted due to the setting of \c
+ * psa_interruptible_set_max_ops(). There is still work to be done.
+ * Call this function again with the same operation object.
+ *
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \c alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \c key.
+ *
+ * \retval #PSA_ERROR_BAD_STATE
+ * An operation was not previously started on this context via
+ * \c psa_sign_hash_start().
+ *
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has either not been previously initialized by
+ * psa_crypto_init() or you did not previously call
+ * psa_sign_hash_start() with this operation object. It is
+ * implementation-dependent whether a failure to initialize results in
+ * this error code.
+ */
+psa_status_t psa_sign_hash_complete(
+ psa_sign_hash_interruptible_operation_t *operation,
+ uint8_t *signature, size_t signature_size,
+ size_t *signature_length);
+
+/**
+ * \brief Abort a sign hash operation.
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note This function is the only function that clears
+ * the number of ops completed as part of the
+ * operation. Please ensure you copy this value via
+ * \c psa_sign_hash_get_num_ops() if required
+ * before calling.
+ *
+ * \note Aborting an operation frees all associated
+ * resources except for the \p operation structure
+ * itself. Once aborted, the operation object can
+ * be reused for another operation by calling \c
+ * psa_sign_hash_start() again.
+ *
+ * \note You may call this function any time after the
+ * operation object has been initialized. In
+ * particular, calling \c psa_sign_hash_abort()
+ * after the operation has already been terminated
+ * by a call to \c psa_sign_hash_abort() or
+ * psa_sign_hash_complete() is safe.
+ *
+ * \param[in,out] operation Initialized sign hash operation.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation was aborted successfully.
+ *
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_sign_hash_abort(
+ psa_sign_hash_interruptible_operation_t *operation);
+
+/**
+ * \brief Start reading and verifying a hash or short
+ * message, in an interruptible manner.
+ *
+ * \see \c psa_verify_hash_complete()
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note This function combined with \c
+ * psa_verify_hash_complete() is equivalent to
+ * \c psa_verify_hash() but \c
+ * psa_verify_hash_complete() can return early and
+ * resume according to the limit set with \c
+ * psa_interruptible_set_max_ops() to reduce the
+ * maximum time spent in a function.
+ *
+ * \note Users should call \c psa_verify_hash_complete()
+ * repeatedly on the same operation object after a
+ * successful call to this function until \c
+ * psa_verify_hash_complete() either returns 0 or
+ * an error. \c psa_verify_hash_complete() will
+ * return #PSA_OPERATION_INCOMPLETE if there is
+ * more work to do. Alternatively users can call
+ * \c psa_verify_hash_abort() at any point if they
+ * no longer want the result.
+ *
+ * \note If this function returns an error status, the
+ * operation enters an error state and must be
+ * aborted by calling \c psa_verify_hash_abort().
+ *
+ * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t
+ * to use. This must be initialized first.
+ *
+ * \param key Identifier of the key to use for the operation.
+ * The key must allow the usage
+ * #PSA_KEY_USAGE_VERIFY_HASH.
+ * \param alg A signature algorithm (\c PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash whose signature is to be verified.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation started successfully - please call \c
+ * psa_verify_hash_complete() with the same context to complete the
+ * operation.
+ *
+ * \retval #PSA_ERROR_BAD_STATE
+ * Another operation has already been started on this context, and is
+ * still in progress.
+ *
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does
+ * not permit the requested algorithm.
+ *
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_hash_start(
+ psa_verify_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length);
+
+/**
+ * \brief Continue and eventually complete the action of
+ * reading and verifying a hash or short message
+ * signed with a private key, in an interruptible
+ * manner.
+ *
+ * \see \c psa_verify_hash_start()
+ *
+ * \warning This is a beta API, and thus subject to change
+ * at any point. It is not bound by the usual
+ * interface stability promises.
+ *
+ * \note This function combined with \c
+ * psa_verify_hash_start() is equivalent to
+ * \c psa_verify_hash() but this function can
+ * return early and resume according to the limit
+ * set with \c psa_interruptible_set_max_ops() to
+ * reduce the maximum time spent in a function
+ * call.
+ *
+ * \note Users should call this function on the same
+ * operation object repeatedly until it either
+ * returns 0 or an error. This function will return
+ * #PSA_OPERATION_INCOMPLETE if there is more work
+ * to do. Alternatively users can call
+ * \c psa_verify_hash_abort() at any point if they
+ * no longer want the result.
+ *
+ * \note When this function returns successfully, the
+ * operation becomes inactive. If this function
+ * returns an error status, the operation enters an
+ * error state and must be aborted by calling
+ * \c psa_verify_hash_abort().
+ *
+ * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t
+ * to use. This must be initialized first, and have
+ * had \c psa_verify_hash_start() called with it
+ * first.
+ *
+ * \retval #PSA_SUCCESS
+ * Operation completed successfully, and the passed signature is valid.
+ *
+ * \retval #PSA_OPERATION_INCOMPLETE
+ * Operation was interrupted due to the setting of \c
+ * psa_interruptible_set_max_ops(). There is still work to be done.
+ * Call this function again with the same operation object.
+ *
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_BAD_STATE
+ * An operation was not previously started on this context via
+ * \c psa_verify_hash_start().
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has either not been previously initialized by
+ * psa_crypto_init() or you did not previously call
+ * psa_verify_hash_start() on this object. It is
+ * implementation-dependent whether a failure to initialize results in
+ * this error code.
+ */
+psa_status_t psa_verify_hash_complete(
+ psa_verify_hash_interruptible_operation_t *operation);
+
+/**
+ * \brief Abort a verify hash operation.
+ *
+ * \warning This is a beta API, and thus subject to change at
+ * any point. It is not bound by the usual interface
+ * stability promises.
+ *
+ * \note This function is the only function that clears the
+ * number of ops completed as part of the operation.
+ * Please ensure you copy this value via
+ * \c psa_verify_hash_get_num_ops() if required
+ * before calling.
+ *
+ * \note Aborting an operation frees all associated
+ * resources except for the operation structure
+ * itself. Once aborted, the operation object can be
+ * reused for another operation by calling \c
+ * psa_verify_hash_start() again.
+ *
+ * \note You may call this function any time after the
+ * operation object has been initialized.
+ * In particular, calling \c psa_verify_hash_abort()
+ * after the operation has already been terminated by
+ * a call to \c psa_verify_hash_abort() or
+ * psa_verify_hash_complete() is safe.
+ *
+ * \param[in,out] operation Initialized verify hash operation.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation was aborted successfully.
+ *
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_hash_abort(
+ psa_verify_hash_interruptible_operation_t *operation);
+
+
+/**@}*/
+
#ifdef __cplusplus
}
#endif
@@ -4055,7 +4684,11 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
/* The file "crypto_struct.h" contains definitions for
* implementation-specific structs that are declared above. */
+#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE)
+#include MBEDTLS_PSA_CRYPTO_STRUCT_FILE
+#else
#include "crypto_struct.h"
+#endif
/* The file "crypto_extra.h" contains vendor-specific definitions. This
* can include vendor-defined algorithms, extra functions, etc. */
diff --git a/ext/oberon/psa/core/include/psa/crypto_adjust_auto_enabled.h b/ext/oberon/psa/core/include/psa/crypto_adjust_auto_enabled.h
new file mode 100644
index 000000000000..5e18298c65c4
--- /dev/null
+++ b/ext/oberon/psa/core/include/psa/crypto_adjust_auto_enabled.h
@@ -0,0 +1,33 @@
+/**
+ * \file psa/crypto_adjust_auto_enabled.h
+ * \brief Adjust PSA configuration: enable always-on features
+ *
+ * Always enable certain features which require a negligible amount of code
+ * to implement, to avoid some edge cases in the configuration combinatorics.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+
+#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h
new file mode 100644
index 000000000000..68a812e1bb14
--- /dev/null
+++ b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h
@@ -0,0 +1,75 @@
+/**
+ * \file psa/crypto_adjust_config_key_pair_types.h
+ * \brief Adjust PSA configuration for key pair types.
+ *
+ * See docs/proposed/psa-conditional-inclusion-c.md.
+ * - Support non-basic operations in a keypair type implicitly enables basic
+ * support for that keypair type.
+ * - Support for a keypair type implicitly enables the corresponding public
+ * key type.
+ * - Basic support for a keypair type implicilty enables import/export support
+ * for that keypair type. Warning: this is implementation-specific (mainly
+ * for the benefit of testing) and may change in the future!
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+
+/*****************************************************************
+ * ANYTHING -> BASIC
+ ****************************************************************/
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif
+
+/*****************************************************************
+ * BASIC -> corresponding PUBLIC
+ ****************************************************************/
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_adjust_config_synonyms.h b/ext/oberon/psa/core/include/psa/crypto_adjust_config_synonyms.h
new file mode 100644
index 000000000000..5142ef0aef74
--- /dev/null
+++ b/ext/oberon/psa/core/include/psa/crypto_adjust_config_synonyms.h
@@ -0,0 +1,57 @@
+/**
+ * \file psa/crypto_adjust_config_synonyms.h
+ * \brief Adjust PSA configuration: enable quasi-synonyms
+ *
+ * When two features require almost the same code, we automatically enable
+ * both when either one is requested, to reduce the combinatorics of
+ * possible configurations.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+
+/****************************************************************/
+/* De facto synonyms */
+/****************************************************************/
+
+#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#endif
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
+#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
+#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_compat.h b/ext/oberon/psa/core/include/psa/crypto_compat.h
index 89c13f1c1059..70fa14e872f7 100644
--- a/ext/oberon/psa/core/include/psa/crypto_compat.h
+++ b/ext/oberon/psa/core/include/psa/crypto_compat.h
@@ -5,7 +5,7 @@
*
* This header declares alternative names for macro and functions.
* New application code should not use these names.
- * These names may be removed in a future version of Mbed Crypto.
+ * These names may be removed in a future version of Mbed TLS.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
@@ -50,9 +50,9 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
*
* \return Non-zero if the handle is null, zero otherwise.
*/
-static inline int psa_key_handle_is_null( psa_key_handle_t handle )
+static inline int psa_key_handle_is_null(psa_key_handle_t handle)
{
- return( mbedtls_svc_key_id_is_null( handle ) );
+ return mbedtls_svc_key_id_is_null(handle);
}
/** Open a handle to an existing persistent key.
@@ -105,18 +105,18 @@ static inline int psa_key_handle_is_null( psa_key_handle_t handle )
* permission to access it. Note that this specification does not
* define any way to create such a key, but it may be possible
* through implementation-specific means.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
- psa_key_handle_t *handle );
+psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
+ psa_key_handle_t *handle);
/** Close a key handle.
*
@@ -149,8 +149,8 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
* \p handle was a valid handle or \c 0. It is now closed.
* \retval #PSA_ERROR_INVALID_HANDLE
* \p handle is not a valid handle nor \c 0.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
diff --git a/ext/oberon/psa/core/include/psa/crypto_config.h b/ext/oberon/psa/core/include/psa/crypto_config.h
index 13088e8aa989..cd78393d248e 100644
--- a/ext/oberon/psa/core/include/psa/crypto_config.h
+++ b/ext/oberon/psa/core/include/psa/crypto_config.h
@@ -61,6 +61,8 @@
#define PSA_WANT_ALG_PBKDF2_HMAC 1
#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
#define PSA_WANT_ALG_PURE_EDDSA 1
+#define PSA_WANT_ALG_ED25519PH 1
+#define PSA_WANT_ALG_ED448PH 1
#define PSA_WANT_ALG_RSA_OAEP 1
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
@@ -70,29 +72,51 @@
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#define PSA_WANT_ALG_SHAKE256_512 1
#define PSA_WANT_ALG_SPAKE2P 1
#define PSA_WANT_ALG_SRP_6 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_SP800_108_COUNTER_HMAC 1
+#define PSA_WANT_ALG_SP800_108_COUNTER_CMAC 1
#define PSA_WANT_ECC_MONTGOMERY_255 1
+#define PSA_WANT_ECC_MONTGOMERY_448 1
#define PSA_WANT_ECC_TWISTED_EDWARDS_255 1
+#define PSA_WANT_ECC_TWISTED_EDWARDS_448 1
#define PSA_WANT_ECC_SECP_R1_224 1
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_ECC_SECP_R1_384 1
+#define PSA_WANT_ECC_SECP_R1_521 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
+//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
+//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+
// Additional AES key size option
#define PSA_WANT_AES_KEY_SIZE_128 1
#define PSA_WANT_AES_KEY_SIZE_192 1
diff --git a/ext/oberon/psa/core/include/mbedtls/private_access.h b/ext/oberon/psa/core/include/psa/crypto_driver_config.h
similarity index 58%
rename from ext/oberon/psa/core/include/mbedtls/private_access.h
rename to ext/oberon/psa/core/include/psa/crypto_driver_config.h
index 85461f6d2acb..88f9ba659c85 100644
--- a/ext/oberon/psa/core/include/mbedtls/private_access.h
+++ b/ext/oberon/psa/core/include/psa/crypto_driver_config.h
@@ -1,10 +1,5 @@
- /**
- * \file private_access.h
- *
- * \brief Macro wrapper for struct's members.
- */
/*
- * Copyright The Mbed TLS Contributors
+ * Copyright Oberon microsystems AG, Switzerland
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -20,13 +15,20 @@
* limitations under the License.
*/
-#ifndef MBEDTLS_PRIVATE_ACCESS_H
-#define MBEDTLS_PRIVATE_ACCESS_H
+#ifndef PSA_CRYPTO_DRIVER_CONFIG_H
+#define PSA_CRYPTO_DRIVER_CONFIG_H
+
-#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_PRIVATE(member) private_##member
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
#else
-#define MBEDTLS_PRIVATE(member) member
+#include "psa/crypto_config.h"
+#endif
+
+#if defined(PSA_USE_DEMO_ENTROPY_DRIVER) || \
+ defined(PSA_USE_DEMO_HARDWARE_DRIVER) || \
+ defined(PSA_USE_DEMO_OPAQUE_DRIVER)
+#include "demo_driver_config.h"
#endif
-#endif /* MBEDTLS_PRIVATE_ACCESS_H */
+#endif /* PSA_CRYPTO_DRIVER_CONFIG_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_extra.h b/ext/oberon/psa/core/include/psa/crypto_extra.h
index c7e3a07c2337..1ce52f976475 100644
--- a/ext/oberon/psa/core/include/psa/crypto_extra.h
+++ b/ext/oberon/psa/core/include/psa/crypto_extra.h
@@ -29,8 +29,6 @@
#define PSA_CRYPTO_EXTRA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/platform_util.h"
-
#include "crypto_types.h"
#include "crypto_compat.h"
@@ -85,7 +83,7 @@ static inline void psa_set_key_enrollment_algorithm(
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -108,13 +106,13 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
* indicates the slot number that contains it.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not permitted to query the slot number.
- * Mbed Crypto currently does not return this error.
+ * Mbed TLS currently does not return this error.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is not located in a secure element.
*/
psa_status_t psa_get_key_slot_number(
const psa_key_attributes_t *attributes,
- psa_key_slot_number_t *slot_number );
+ psa_key_slot_number_t *slot_number);
/** Choose the slot number where a key is stored.
*
@@ -141,7 +139,7 @@ psa_status_t psa_get_key_slot_number(
*/
static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes,
- psa_key_slot_number_t slot_number )
+ psa_key_slot_number_t slot_number)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
@@ -154,9 +152,10 @@ static inline void psa_set_key_slot_number(
* \param[out] attributes The attribute structure to write to.
*/
static inline void psa_clear_key_slot_number(
- psa_key_attributes_t *attributes )
+ psa_key_attributes_t *attributes)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &=
+ ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@@ -188,12 +187,12 @@ static inline void psa_clear_key_slot_number(
* or the specified slot number is not valid.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not authorized to register the specified key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
@@ -214,16 +213,15 @@ psa_status_t mbedtls_psa_register_se_key(
*
* This is an Mbed TLS extension.
*/
-void mbedtls_psa_crypto_free( void );
+void mbedtls_psa_crypto_free(void);
/** \brief Statistics about
* resource consumption related to the PSA keystore.
*
* \note The content of this structure is not part of the stable API and ABI
- * of Mbed Crypto and may change arbitrarily from version to version.
+ * of Mbed TLS and may change arbitrarily from version to version.
*/
-typedef struct mbedtls_psa_stats_s
-{
+typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
@@ -250,11 +248,11 @@ typedef struct mbedtls_psa_stats_s
/** \brief Get statistics about
* resource consumption related to the PSA keystore.
*
- * \note When Mbed Crypto is built as part of a service, with isolation
+ * \note When Mbed TLS is built as part of a service, with isolation
* between the application and the keystore, the service may or
* may not expose this function.
*/
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
+void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats);
/**
* \brief Inject an initial entropy seed for the random generator into
@@ -339,7 +337,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
*/
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t) 0x4002)
/** DSA key pair (private and public key).
*
@@ -357,13 +355,13 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* Add 1 to the resulting integer and use this as the private key *x*.
*
*/
-#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
+#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t) 0x7002)
/** Whether a key type is a DSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_DSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
-#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
+#define PSA_ALG_DSA_BASE ((psa_algorithm_t) 0x06000400)
/** DSA signature with hashing.
*
* This is the signature scheme defined by FIPS 186-4,
@@ -380,7 +378,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
*/
#define PSA_ALG_DSA(hash_alg) \
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
+#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t) 0x06000500)
#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
/** Deterministic DSA signature with hashing.
*
@@ -429,6 +427,10 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
*/
#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
+/** PAKE operation stages. */
+#define PSA_PAKE_OPERATION_STAGE_SETUP 0
+#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1
+#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2
/**
* \brief Set domain parameters for a key.
@@ -491,10 +493,10 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* according to \p type as described above.
* \param data_length Size of the \p data buffer in bytes.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
@@ -521,8 +523,8 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
* \param[out] data_length On success, the number of bytes
* that make up the key domain parameters data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
*/
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
@@ -570,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters(
/** \defgroup psa_tls_helpers TLS helper functions
* @{
*/
-
-#if defined(MBEDTLS_ECP_C)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#include
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
@@ -587,55 +588,8 @@ psa_status_t psa_get_key_domain_parameters(
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
-static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
- size_t *bits )
-{
- switch( grpid )
- {
- case MBEDTLS_ECP_DP_SECP192R1:
- *bits = 192;
- return( PSA_ECC_FAMILY_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP224R1:
- *bits = 224;
- return( PSA_ECC_FAMILY_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP256R1:
- *bits = 256;
- return( PSA_ECC_FAMILY_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP384R1:
- *bits = 384;
- return( PSA_ECC_FAMILY_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP521R1:
- *bits = 521;
- return( PSA_ECC_FAMILY_SECP_R1 );
- case MBEDTLS_ECP_DP_BP256R1:
- *bits = 256;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_BP384R1:
- *bits = 384;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_BP512R1:
- *bits = 512;
- return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_CURVE25519:
- *bits = 255;
- return( PSA_ECC_FAMILY_MONTGOMERY );
- case MBEDTLS_ECP_DP_SECP192K1:
- *bits = 192;
- return( PSA_ECC_FAMILY_SECP_K1 );
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return( PSA_ECC_FAMILY_SECP_K1 );
- case MBEDTLS_ECP_DP_SECP256K1:
- *bits = 256;
- return( PSA_ECC_FAMILY_SECP_K1 );
- case MBEDTLS_ECP_DP_CURVE448:
- *bits = 448;
- return( PSA_ECC_FAMILY_MONTGOMERY );
- default:
- *bits = 0;
- return( 0 );
- }
-}
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits);
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
@@ -656,10 +610,10 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id gr
* \return #MBEDTLS_ECP_DP_NONE if \p bits is not
* correct for \p curve.
*/
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy );
-#endif /* MBEDTLS_ECP_C */
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+ size_t bits,
+ int bits_is_sloppy);
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
/**@}*/
@@ -709,7 +663,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
*/
psa_status_t mbedtls_psa_external_get_random(
mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length );
+ uint8_t *output, size_t output_size, size_t *output_length);
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
/**@}*/
@@ -729,14 +683,14 @@ psa_status_t mbedtls_psa_external_get_random(
* This value is part of the library's ABI since changing it would invalidate
* the values of built-in key identifiers in applications.
*/
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
/** The maximum value for a key identifier that is built into the
* implementation.
*
* See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
*/
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)
/** A slot number identifying a key in a driver.
*
@@ -754,10 +708,10 @@ typedef uint64_t psa_drv_slot_number_t;
* \retval 0
* The key identifier is not a builtin key identifier.
*/
-static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
+static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
{
- return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
- ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
+ return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
+ (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
}
/** Platform function to obtain the location and slot number of a built-in key.
@@ -807,7 +761,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t key_id,
psa_key_lifetime_t *lifetime,
- psa_drv_slot_number_t *slot_number );
+ psa_drv_slot_number_t *slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/** @} */
@@ -816,7 +770,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* @{
*/
-#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
+#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t) 0x0a000000)
/** Whether the specified algorithm is a password-authenticated key exchange.
*
@@ -945,7 +899,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* of RFC 8236 for two examples.
*
*/
-#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
+#define PSA_ALG_JPAKE ((psa_algorithm_t) 0x0a000100)
/** The SPAKE2+ algorithm.
*
@@ -968,26 +922,18 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* For more information on how to set a specific curve or field, refer to the
* documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
*
- * After initializing a SPAKE2+ operation, call the following functions in
- * this order:
+ * After initializing a SPAKE2+ operation, call
*
- * For the client side:
* \code
* psa_pake_setup(operation, cipher_suite);
- * psa_pake_set_role(operation, PSA_PAKE_ROLE_CLIENT);
+ * psa_pake_set_role(operation, ...);
* psa_pake_set_user(operation, ...);
* psa_pake_set_peer(operation, ...);
* psa_pake_set_password_key(operation, ...);
* \endcode
*
- * For the server side:
- * \code
- * psa_pake_setup(operation, cipher_suite);
- * psa_pake_set_role(operation, PSA_PAKE_ROLE_SERVER);
- * psa_pake_set_peer(operation, ...);
- * psa_pake_set_user(operation, ...);
- * psa_pake_set_password_key(operation, ...);
- * \endcode
+ * The role set by \c psa_pake_set_role() must be either
+ * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER.
*
* The password provided to the client side consists of the concatenation
* of the two password hash values w0 and w1.
@@ -1032,7 +978,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* At this point there is a cryptographic guarantee that only the authenticated
* party who used the same password is able to compute the key.
*/
-#define PSA_ALG_SPAKE2P ((psa_algorithm_t)0x0a000200)
+#define PSA_ALG_SPAKE2P ((psa_algorithm_t) 0x0a000200)
/** The Secure Remote Passwort key exchange (SRP) algorithm.
*
@@ -1059,8 +1005,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
*
* \code
* psa_pake_setup(operation, cipher_suite);
+ * psa_pake_set_role(operation, ...); // PSA_PAKE_ROLE_CLIENT or PSA_PAKE_ROLE_SERVER
* psa_pake_set_user(operation, ...);
- * psa_pake_set_peer(operation, ...);
* psa_pake_set_password_key(operation, ...);
* \endcode
*
@@ -1113,7 +1059,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* At this point there is a cryptographic guarantee that only the authenticated
* party who used the same password is able to compute the key.
*/
-#define PSA_ALG_SRP_6 ((psa_algorithm_t)0x0a000300)
+#define PSA_ALG_SRP_6 ((psa_algorithm_t) 0x0a000300)
/** @} */
@@ -1123,40 +1069,17 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
* the official PSA Crypto API yet.
*
* \note The content of this section is not part of the stable API and ABI
- * of Mbed Crypto and may change arbitrarily from version to version.
+ * of Mbed TLS and may change arbitrarily from version to version.
* Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and
* #PSA_ALG_JPAKE.
* @{
*/
-/** Encoding of the type of the PAKE's primitive.
- *
- * Values defined by this standard will never be in the range 0x80-0xff.
- * Vendors who define additional types must use an encoding in this range.
- *
- * For more information see the documentation of individual
- * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
- */
-typedef uint8_t psa_pake_primitive_type_t;
-
-/** \brief Encoding of the family of the primitive associated with the PAKE.
- *
- * For more information see the documentation of individual
- * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
- */
-typedef uint8_t psa_pake_family_t;
-
-/** \brief Encoding of the primitive associated with the PAKE.
- *
- * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
- */
-typedef uint32_t psa_pake_primitive_t;
-
/** A value to indicate no role in a PAKE algorithm.
* This value can be used in a call to psa_pake_set_role() for symmetric PAKE
* algorithms which do not assign roles.
*/
-#define PSA_PAKE_ROLE_NONE ((psa_pake_role_t)0x00)
+#define PSA_PAKE_ROLE_NONE ((psa_pake_role_t) 0x00)
/** The first peer in a balanced PAKE.
*
@@ -1165,7 +1088,7 @@ typedef uint32_t psa_pake_primitive_t;
* need this, both #PSA_PAKE_ROLE_FIRST and #PSA_PAKE_ROLE_SECOND are
* accepted.
*/
-#define PSA_PAKE_ROLE_FIRST ((psa_pake_role_t)0x01)
+#define PSA_PAKE_ROLE_FIRST ((psa_pake_role_t) 0x01)
/** The second peer in a balanced PAKE.
*
@@ -1174,19 +1097,19 @@ typedef uint32_t psa_pake_primitive_t;
* need this, either #PSA_PAKE_ROLE_FIRST or #PSA_PAKE_ROLE_SECOND are
* accepted.
*/
-#define PSA_PAKE_ROLE_SECOND ((psa_pake_role_t)0x02)
+#define PSA_PAKE_ROLE_SECOND ((psa_pake_role_t) 0x02)
/** The client in an augmented PAKE.
*
* Augmented PAKE algorithms need to differentiate between client and server.
*/
-#define PSA_PAKE_ROLE_CLIENT ((psa_pake_role_t)0x11)
+#define PSA_PAKE_ROLE_CLIENT ((psa_pake_role_t) 0x11)
/** The server in an augmented PAKE.
*
* Augmented PAKE algorithms need to differentiate between client and server.
*/
-#define PSA_PAKE_ROLE_SERVER ((psa_pake_role_t)0x12)
+#define PSA_PAKE_ROLE_SERVER ((psa_pake_role_t) 0x12)
/** The PAKE primitive type indicating the use of elliptic curves.
*
@@ -1206,7 +1129,7 @@ typedef uint32_t psa_pake_primitive_t;
* curve would be. For more information, consult the documentation of
* psa_export_key().
*/
-#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
+#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t) 0x01)
/** The PAKE primitive type indicating the use of Diffie-Hellman groups.
*
@@ -1226,7 +1149,7 @@ typedef uint32_t psa_pake_primitive_t;
* group would be. For more information, consult the documentation of
* psa_export_key().
*/
-#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
+#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t) 0x02)
/** Construct a PAKE primitive from type, family and bit-size.
*
@@ -1234,12 +1157,12 @@ typedef uint32_t psa_pake_primitive_t;
* (value of type ::psa_pake_primitive_type_t).
* \param pake_family The family of the primitive
* (the type and interpretation of this parameter depends
- * on \p type, for more information consult the
+ * on \p pake_type, for more information consult the
* documentation of individual ::psa_pake_primitive_type_t
* constants).
* \param pake_bits The bit-size of the primitive
* (Value of type \c size_t. The interpretation
- * of this parameter depends on \p family, for more
+ * of this parameter depends on \p pake_family, for more
* information consult the documentation of individual
* ::psa_pake_primitive_type_t constants).
*
@@ -1250,7 +1173,7 @@ typedef uint32_t psa_pake_primitive_t;
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
((psa_pake_primitive_t) (((pake_type) << 24 | \
- (pake_family) << 16) | (pake_bits)))
+ (pake_family) << 16) | (pake_bits)))
/** The key share being sent to or received from the peer.
*
@@ -1264,7 +1187,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
-#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
+#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t) 0x01)
/** A Schnorr NIZKP public key.
*
@@ -1281,7 +1204,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
-#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
+#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t) 0x02)
/** A Schnorr NIZKP proof.
*
@@ -1302,7 +1225,7 @@ typedef uint32_t psa_pake_primitive_t;
* For information regarding how the group is determined, consult the
* documentation #PSA_PAKE_PRIMITIVE.
*/
-#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
+#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t) 0x03)
/** The key confirmation value.
*
@@ -1333,7 +1256,7 @@ typedef uint32_t psa_pake_primitive_t;
* \return The PAKE algorithm stored in the cipher suite structure.
*/
static psa_algorithm_t psa_pake_cs_get_algorithm(
- const psa_pake_cipher_suite_t *cipher_suite );
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the PAKE algorithm for the cipher suite.
*
@@ -1347,8 +1270,8 @@ static psa_algorithm_t psa_pake_cs_get_algorithm(
* If this is 0, the PAKE algorithm in
* \p cipher_suite becomes unspecified.
*/
-static void psa_pake_cs_set_algorithm( psa_pake_cipher_suite_t *cipher_suite,
- psa_algorithm_t algorithm );
+static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t algorithm);
/** Retrieve the primitive from a PAKE cipher suite.
*
@@ -1357,7 +1280,7 @@ static void psa_pake_cs_set_algorithm( psa_pake_cipher_suite_t *cipher_suite,
* \return The primitive stored in the cipher suite structure.
*/
static psa_pake_primitive_t psa_pake_cs_get_primitive(
- const psa_pake_cipher_suite_t *cipher_suite );
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the primitive for a PAKE cipher suite.
*
@@ -1368,8 +1291,8 @@ static psa_pake_primitive_t psa_pake_cs_get_primitive(
* primitive type in \p cipher_suite becomes
* unspecified.
*/
-static void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite,
- psa_pake_primitive_t primitive );
+static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite,
+ psa_pake_primitive_t primitive);
/** Retrieve the PAKE family from a PAKE cipher suite.
*
@@ -1378,7 +1301,7 @@ static void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite,
* \return The PAKE family stored in the cipher suite structure.
*/
static psa_pake_family_t psa_pake_cs_get_family(
- const psa_pake_cipher_suite_t *cipher_suite );
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Retrieve the PAKE primitive bit-size from a PAKE cipher suite.
*
@@ -1387,7 +1310,7 @@ static psa_pake_family_t psa_pake_cs_get_family(
* \return The PAKE primitive bit-size stored in the cipher suite structure.
*/
static uint16_t psa_pake_cs_get_bits(
- const psa_pake_cipher_suite_t *cipher_suite );
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Retrieve the hash algorithm from a PAKE cipher suite.
*
@@ -1398,7 +1321,7 @@ static uint16_t psa_pake_cs_get_bits(
* the hash algorithm is not set.
*/
static psa_algorithm_t psa_pake_cs_get_hash(
- const psa_pake_cipher_suite_t *cipher_suite );
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Declare the hash algorithm for a PAKE cipher suite.
*
@@ -1416,8 +1339,8 @@ static psa_algorithm_t psa_pake_cs_get_hash(
* If this is 0, the hash algorithm in
* \p cipher_suite becomes unspecified.
*/
-static void psa_pake_cs_set_hash( psa_pake_cipher_suite_t *cipher_suite,
- psa_algorithm_t hash );
+static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t hash);
/** The type of the state data structure for PAKE operations.
*
@@ -1451,7 +1374,7 @@ typedef struct psa_pake_operation_s psa_pake_operation_t;
/** Return an initial value for a PAKE operation object.
*/
-static psa_pake_operation_t psa_pake_operation_init( void );
+static psa_pake_operation_t psa_pake_operation_init(void);
/** Set the session information for a password-authenticated key exchange.
*
@@ -1515,16 +1438,16 @@ static psa_pake_operation_t psa_pake_operation_init( void );
* compatible with the PAKE algorithm, or the hash algorithm in
* \p cipher_suite is not supported or not compatible with the PAKE
* algorithm and primitive.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid, or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_setup( psa_pake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite );
+psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite);
/** Set the password for a password-authenticated key exchange from key ID.
*
@@ -1560,19 +1483,19 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED
* The key type or key size of \p password is not supported with the
* \p operation's cipher suite.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must have been set up.), or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
- mbedtls_svc_key_id_t password );
+psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
+ mbedtls_svc_key_id_t password);
/** Set the user ID for a password-authenticated key exchange.
*
@@ -1602,18 +1525,18 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
* suite.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The value of \p user_id is not supported by the implementation.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid, or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_set_user( psa_pake_operation_t *operation,
- const uint8_t *user_id,
- size_t user_id_len );
+psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
+ const uint8_t *user_id,
+ size_t user_id_len);
/** Set the peer ID for a password-authenticated key exchange.
*
@@ -1639,13 +1562,13 @@ psa_status_t psa_pake_set_user( psa_pake_operation_t *operation,
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p user_id is not valid for the \p operation's algorithm and cipher
+ * \p peer_id is not valid for the \p operation's algorithm and cipher
* suite.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The algorithm doesn't associate a second identity with the session.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* Calling psa_pake_set_peer() is invalid with the \p operation's
* algorithm, the operation state is not valid, or the library has not
@@ -1653,9 +1576,9 @@ psa_status_t psa_pake_set_user( psa_pake_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation,
- const uint8_t *peer_id,
- size_t peer_id_len );
+psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
+ const uint8_t *peer_id,
+ size_t peer_id_len);
/** Set the application role for a password-authenticated key exchange.
*
@@ -1687,16 +1610,16 @@ psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation,
* The \p role is not a valid PAKE role in the \p operation’s algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The \p role for this algorithm is not supported or is not valid.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid, or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
- psa_pake_role_t role );
+psa_status_t psa_pake_set_role(psa_pake_operation_t *operation,
+ psa_pake_role_t role);
/** Get output for a step of a password-authenticated key exchange.
*
@@ -1721,8 +1644,8 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
* \c PSA_PAKE_STEP_XXX constants for more
* information.
* \param output_size Size of the \p output buffer in bytes. This must
- * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p
- * primitive, \p step) where \p alg and
+ * be at least #PSA_PAKE_OUTPUT_SIZE(\c alg, \c
+ * primitive, \p output_step) where \c alg and
* \p primitive are the PAKE algorithm and primitive
* in the operation's cipher suite, and \p step is
* the output step.
@@ -1738,13 +1661,13 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
* \p step is not compatible with the operation's algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p step is not supported with the operation's algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, and fully set
* up, and this call must conform to the algorithm's requirements
@@ -1753,11 +1676,11 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_output( psa_pake_operation_t *operation,
- psa_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length );
+psa_status_t psa_pake_output(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
/** Provide input for a step of a password-authenticated key exchange.
*
@@ -1787,19 +1710,19 @@ psa_status_t psa_pake_output( psa_pake_operation_t *operation,
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p is not compatible with the \p operation’s algorithm, or the
- * \p input is not valid for the \p operation's algorithm, cipher suite
- * or \p step.
+ * \p input_length is not compatible with the \p operation’s algorithm,
+ * or the \p input is not valid for the \p operation's algorithm,
+ * cipher suite or \p step.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p step p is not supported with the \p operation's algorithm, or the
* \p input is not supported for the \p operation's algorithm, cipher
* suite or \p step.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, and fully set
* up, and this call must conform to the algorithm's requirements
@@ -1808,10 +1731,10 @@ psa_status_t psa_pake_output( psa_pake_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_input( psa_pake_operation_t *operation,
- psa_pake_step_t step,
- const uint8_t *input,
- size_t input_length );
+psa_status_t psa_pake_input(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ const uint8_t *input,
+ size_t input_length);
/** Get implicitly confirmed shared secret from a PAKE.
*
@@ -1838,7 +1761,7 @@ psa_status_t psa_pake_input( psa_pake_operation_t *operation,
*
* When this function returns successfully, \p operation becomes inactive.
* If this function returns an error status, both \p operation
- * and \p key_derivation operations enter an error state and must be aborted by
+ * and \c key_derivation operations enter an error state and must be aborted by
* calling psa_pake_abort() and psa_key_derivation_abort() respectively.
*
* \param[in,out] operation Active PAKE operation.
@@ -1854,12 +1777,12 @@ psa_status_t psa_pake_input( psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED
* Input from a PAKE is not supported by the algorithm in the \p output
* key derivation operation.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The PAKE operation state is not valid (it must be active, but beyond
* that validity is specific to the algorithm), or
@@ -1871,8 +1794,8 @@ psa_status_t psa_pake_input( psa_pake_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation,
- psa_key_derivation_operation_t *output );
+psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
+ psa_key_derivation_operation_t *output);
/** Abort a PAKE operation.
*
@@ -1891,14 +1814,14 @@ psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation,
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
+psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
/**@}*/
@@ -1923,15 +1846,15 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
* return 0.
*/
#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \
- ( alg == PSA_ALG_JPAKE && \
- primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
- PSA_ECC_FAMILY_SECP_R1, 256) ? \
- ( \
- output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
- output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
- 32 \
- ) : \
- 0 )
+ (alg == PSA_ALG_JPAKE && \
+ primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
+ PSA_ECC_FAMILY_SECP_R1, 256) ? \
+ ( \
+ output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
+ output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
+ 32 \
+ ) : \
+ 0)
/** A sufficient input buffer size for psa_pake_input().
*
@@ -1953,22 +1876,25 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
* the parameters are incompatible, return 0.
*/
#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \
- ( alg == PSA_ALG_JPAKE && \
- primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
- PSA_ECC_FAMILY_SECP_R1, 256) ? \
- ( \
- input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
- input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
- 32 \
- ) : \
- 0 )
+ (alg == PSA_ALG_JPAKE && \
+ primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
+ PSA_ECC_FAMILY_SECP_R1, 256) ? \
+ ( \
+ input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
+ input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
+ 32 \
+ ) : \
+ 0)
/** Output buffer size for psa_pake_output() for any of the supported PAKE
* algorithm and primitive suites and output step.
*
* This macro must expand to a compile-time constant integer.
*
- * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_OUTPUT_SIZE()
+ *
+ * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p output_step).
*/
#define PSA_PAKE_OUTPUT_MAX_SIZE 65
@@ -1977,52 +1903,40 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
*
* This macro must expand to a compile-time constant integer.
*
- * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_INPUT_SIZE()
+ *
+ * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p output_step).
*/
#define PSA_PAKE_INPUT_MAX_SIZE 65
-struct psa_pake_cipher_suite_s
-{
- psa_algorithm_t algorithm;
- psa_pake_primitive_type_t type;
- psa_pake_family_t family;
- uint16_t bits;
- psa_algorithm_t hash;
-};
-
-#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE}
-static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
-{
- const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT;
- return(v);
-}
-
static inline psa_algorithm_t psa_pake_cs_get_algorithm(
- const psa_pake_cipher_suite_t *cipher_suite )
+ const psa_pake_cipher_suite_t *cipher_suite)
{
- return( cipher_suite->algorithm );
+ return cipher_suite->algorithm;
}
static inline void psa_pake_cs_set_algorithm(
psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t algorithm)
{
- if( !PSA_ALG_IS_PAKE( algorithm ) )
+ if (!PSA_ALG_IS_PAKE(algorithm)) {
cipher_suite->algorithm = 0;
- else
+ } else {
cipher_suite->algorithm = algorithm;
+ }
}
static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
- const psa_pake_cipher_suite_t *cipher_suite )
+ const psa_pake_cipher_suite_t *cipher_suite)
{
- return( PSA_PAKE_PRIMITIVE( cipher_suite->type, cipher_suite->family,
- cipher_suite->bits ) );
+ return PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
+ cipher_suite->bits);
}
static inline void psa_pake_cs_set_primitive(
- psa_pake_cipher_suite_t *cipher_suite,
- psa_pake_primitive_t primitive )
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_pake_primitive_t primitive)
{
cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
@@ -2030,32 +1944,34 @@ static inline void psa_pake_cs_set_primitive(
}
static inline psa_pake_family_t psa_pake_cs_get_family(
- const psa_pake_cipher_suite_t *cipher_suite )
+ const psa_pake_cipher_suite_t *cipher_suite)
{
- return( cipher_suite->family );
+ return cipher_suite->family;
}
static inline uint16_t psa_pake_cs_get_bits(
- const psa_pake_cipher_suite_t *cipher_suite )
+ const psa_pake_cipher_suite_t *cipher_suite)
{
- return( cipher_suite->bits );
+ return cipher_suite->bits;
}
static inline psa_algorithm_t psa_pake_cs_get_hash(
- const psa_pake_cipher_suite_t *cipher_suite )
+ const psa_pake_cipher_suite_t *cipher_suite)
{
- return( cipher_suite->hash );
+ return cipher_suite->hash;
}
-static inline void psa_pake_cs_set_hash( psa_pake_cipher_suite_t *cipher_suite,
- psa_algorithm_t hash )
+static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t hash)
{
- if( !PSA_ALG_IS_HASH( hash ) )
+ if (!PSA_ALG_IS_HASH(hash)) {
cipher_suite->hash = 0;
- else
+ } else {
cipher_suite->hash = hash;
+ }
}
+
#ifdef __cplusplus
}
#endif
diff --git a/ext/oberon/psa/core/include/psa/crypto_legacy.h b/ext/oberon/psa/core/include/psa/crypto_legacy.h
new file mode 100644
index 000000000000..4a39b3dbf688
--- /dev/null
+++ b/ext/oberon/psa/core/include/psa/crypto_legacy.h
@@ -0,0 +1,100 @@
+/**
+ * \file psa/crypto_legacy.h
+ *
+ * \brief Add temporary suppport for deprecated symbols before they are
+ * removed from the library.
+ *
+ * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR
+ * symbols are deprecated.
+ * New symols add a suffix to that base name in order to clearly state what is
+ * the expected use for the key (use, import, export, generate, derive).
+ * Here we define some backward compatibility support for uses stil using
+ * the legacy symbols.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_PSA_CRYPTO_LEGACY_H
+#define MBEDTLS_PSA_CRYPTO_LEGACY_H
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) //no-check-names
+#if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#endif
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) //no-check-names
+#if !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#endif
+//#if !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) /* !!OM */
+//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+//#endif
+#endif
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) //no-check-names
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+#endif
+#endif
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) //no-check-names
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+#endif
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+#endif
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_LEGACY_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_platform.h b/ext/oberon/psa/core/include/psa/crypto_platform.h
index 573b33c8561a..ee41c897f675 100644
--- a/ext/oberon/psa/core/include/psa/crypto_platform.h
+++ b/ext/oberon/psa/core/include/psa/crypto_platform.h
@@ -34,13 +34,14 @@
#define PSA_CRYPTO_PLATFORM_H
#include "mbedtls/private_access.h"
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
-
-/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
- * feature symbols. */
-#include "mbedtls/config_psa.h"
+/*
+ * Include the build-time configuration information file. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * PSA cryptography repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
/* PSA requires several types which C99 provides in stdint.h. */
#include
@@ -65,10 +66,10 @@ typedef int32_t mbedtls_key_owner_id_t;
*
* \return Non-zero if the two key owner identifiers are equal, zero otherwise.
*/
-static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
- mbedtls_key_owner_id_t id2 )
+static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1,
+ mbedtls_key_owner_id_t id2)
{
- return( id1 == id2 );
+ return id1 == id2;
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/ext/oberon/psa/core/include/psa/crypto_se_driver.h b/ext/oberon/psa/core/include/psa/crypto_se_driver.h
index 225fb1763552..f39e2294cd2c 100644
--- a/ext/oberon/psa/core/include/psa/crypto_se_driver.h
+++ b/ext/oberon/psa/core/include/psa/crypto_se_driver.h
@@ -138,7 +138,7 @@ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto with secure element support enabled defines this type in
+/* Mbed TLS with secure element support enabled defines this type in
* crypto_types.h because it is also visible to applications through an
* implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
@@ -323,7 +323,7 @@ typedef psa_status_t (*psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_contex
typedef struct {
/**The size in bytes of the hardware-specific secure element MAC context
* structure
- */
+ */
size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation
*/
@@ -385,8 +385,8 @@ typedef struct {
* \param[in] direction Indicates whether the operation is an encrypt
* or decrypt
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
*/
typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context,
void *op_context,
@@ -407,7 +407,7 @@ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_cont
* \param[in] p_iv A buffer containing the initialization vector
* \param[in] iv_length The size (in bytes) of the `p_iv` buffer
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
const uint8_t *p_iv,
@@ -429,7 +429,7 @@ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
* \param[out] p_output_length After completion, will contain the number
* of bytes placed in the `p_output` buffer
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
const uint8_t *p_input,
@@ -450,7 +450,7 @@ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
* \param[out] p_output_length After completion, will contain the number of
* bytes placed in the `p_output` buffer
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,
uint8_t *p_output,
@@ -485,8 +485,8 @@ typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);
* \param[in] output_size The allocated size in bytes of the `p_output`
* buffer
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
*/
typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key_slot,
@@ -554,7 +554,7 @@ typedef struct {
* \param[out] p_signature_length On success, the number of bytes
* that make up the returned signature value
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key_slot,
@@ -618,7 +618,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv
* \param[out] p_output_length On success, the number of bytes that make up
* the returned output
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key_slot,
@@ -658,7 +658,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *dr
* \param[out] p_output_length On success, the number of bytes
* that make up the returned output
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key_slot,
@@ -815,8 +815,7 @@ typedef struct {
/** An enumeration indicating how a key is created.
*/
-typedef enum
-{
+typedef enum {
PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */
@@ -838,7 +837,7 @@ typedef enum
* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
* is no key with the specified slot number.
*
- * This is an Mbed Crypto extension.
+ * This is an Mbed TLS extension.
*/
PSA_KEY_CREATION_REGISTER,
#endif
@@ -905,8 +904,8 @@ typedef enum
* Success.
* The core will record \c *key_slot as the key slot where the key
* is stored and will update the persistent data in storage.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
*/
typedef psa_status_t (*psa_drv_se_allocate_key_t)(
psa_drv_se_context_t *drv_context,
@@ -1044,13 +1043,13 @@ typedef psa_status_t (*psa_drv_se_destroy_key_t)(
* \param[out] p_data_length On success, the number of bytes
* that make up the key data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key,
@@ -1197,7 +1196,7 @@ typedef struct {
* \param[in] source_key The key to be used as the source material for
* the key derivation
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context,
void *op_context,
@@ -1217,7 +1216,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *
* \param[in] p_collateral A buffer containing the collateral data
* \param[in] collateral_size The size in bytes of the collateral
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context,
uint32_t collateral_id,
@@ -1232,10 +1231,10 @@ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context,
* \param[in] dest_key The slot where the generated key material
* should be placed
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,
- psa_key_slot_number_t dest_key);
+ psa_key_slot_number_t dest_key);
/** \brief A function that performs the final step of a secure element key
* agreement and place the generated key material in a buffer
@@ -1246,7 +1245,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,
* \param[out] p_output_length Upon success, contains the number of bytes of
* key material placed in `p_output`
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
*/
typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,
uint8_t *p_output,
diff --git a/ext/oberon/psa/core/include/psa/crypto_sizes.h b/ext/oberon/psa/core/include/psa/crypto_sizes.h
index 2b1e8e072eae..a287c283663f 100644
--- a/ext/oberon/psa/core/include/psa/crypto_sizes.h
+++ b/ext/oberon/psa/core/include/psa/crypto_sizes.h
@@ -44,12 +44,19 @@
#ifndef PSA_CRYPTO_SIZES_H
#define PSA_CRYPTO_SIZES_H
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information file. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * PSA cryptography repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
-#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
-#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
+#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
+#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
+ (c) : (b) : (a) <= (c) ? (c) : (a))
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
(((length) + (block_size) - 1) / (block_size) * (block_size))
@@ -68,20 +75,21 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHAKE256_512 ? 64u : /*!!OM*/ \
+ 0u)
/** The input block size of a hash algorithm, in bytes.
*
@@ -100,20 +108,20 @@
*/
#define PSA_HASH_BLOCK_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
+ 0u)
/** \def PSA_HASH_MAX_SIZE
*
@@ -122,15 +130,41 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a hash in bytes.
*/
-/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
+/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
-#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
+ * see the note on MBEDTLS_MD_MAX_SIZE for details. */
+#if defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
+#elif defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
+#elif defined(PSA_WANT_ALG_SHA_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
+#elif defined(PSA_WANT_ALG_SHA_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
+#elif defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
+#elif defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
+#elif defined(PSA_WANT_ALG_SHA_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#elif defined(PSA_WANT_ALG_SHA_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#else /* SHA-1 or smaller */
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HASH_MAX_SIZE 64u
+#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HASH_MAX_SIZE 48u
+#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HASH_MAX_SIZE 32u
+#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HASH_MAX_SIZE 28u
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20u
#endif
/** \def PSA_MAC_MAX_SIZE
@@ -171,13 +205,13 @@
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- ((void) (key_bits), 0))
+ ((void) (key_bits), 0u))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
* See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
-#define PSA_AEAD_TAG_MAX_SIZE 16
+#define PSA_AEAD_TAG_MAX_SIZE 16u
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -192,43 +226,77 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+#if defined(PSA_WANT_RSA_KEY_SIZE_8192) /*!!OM*/
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 8192u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_6144)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 6144u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_4096)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_3072)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 3072u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_2048)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 2048u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_1536)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 1536u
+#elif defined(PSA_WANT_RSA_KEY_SIZE_1024)
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 1024u
+#else
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 1u
+#endif
+
+/* The minimum size of an RSA key on this implementation, in bits.
+ * This is a vendor-specific macro.
+ *
+ * Limits RSA key generation to a minimum due to avoid accidental misuse.
+ * This value cannot be less than 128 bits.
+ */
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
+#else
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024u
+#endif
+
+/* The maximum size of an DH key on this implementation, in bits.
+ *
+ * Note that an implementation may set different size limits for different
+ * operations, and does not need to accept all key sizes up to the limit. */
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#ifndef PSA_VENDOR_ECC_MAX_CURVE_BITS
#if defined(PSA_WANT_ECC_SECP_R1_521) /*!!OM*/
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
#elif defined(PSA_WANT_ECC_TWISTED_EDWARDS_448)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
#elif defined(PSA_WANT_ECC_SECP_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_SECP_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_SECP_K1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
#elif defined(PSA_WANT_ECC_TWISTED_EDWARDS_255)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
#elif defined(PSA_WANT_ECC_SECP_R1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_K1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_R1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#elif defined(PSA_WANT_ECC_SECP_K1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#else
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
#endif
#endif
@@ -247,19 +315,23 @@
* Therefore, no implementation should define a value smaller than 64
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
*/
-#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
* which is expected to work with P-256 curve only. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
+#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
/* The size of a serialized K.X coordinate to be used in
* psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
* curve. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
+
+/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
+ * This is a vendor-specific macro. This can be configured if necessary */
+#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
/** The maximum size of a block cipher. */
-#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
+#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
@@ -286,7 +358,7 @@
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- ((void)(key_type), (void)(key_bits), 0))
+ ((void) (key_type), (void) (key_bits), 0u))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -317,7 +389,7 @@
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -369,9 +441,9 @@
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
- (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ 0u)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -392,7 +464,7 @@
*
*/
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
- (ciphertext_length)
+ (ciphertext_length)
/** The default nonce size for an AEAD algorithm, in bytes.
*
@@ -421,12 +493,12 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
- 0 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
+ 0u : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
- 0)
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
+ 0u)
/** The maximum default nonce size among all supported pairs of key types and
* AEAD algorithms, in bytes.
@@ -439,7 +511,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 13
+#define PSA_AEAD_NONCE_MAX_SIZE 13u
/** A sufficient output buffer size for psa_aead_update().
*
@@ -473,10 +545,10 @@
* implementation to delay the output until it has a full block. */
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
- (input_length) : \
- 0)
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
+ (input_length) : \
+ 0u)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -514,9 +586,9 @@
*/
#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ 0u)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
@@ -548,9 +620,9 @@
*/
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
- PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ 0u)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
@@ -561,8 +633,8 @@
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
- 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
- 11 /*PKCS#1v1.5*/)
+ 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
+ 11u /*PKCS#1v1.5*/)
/**
* \brief ECDSA signature size for a given curve bit size
@@ -573,7 +645,7 @@
* \note This macro returns a compile-time constant if its argument is one.
*/
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
- (PSA_BITS_TO_BYTES(curve_bits) * 2)
+ (PSA_BITS_TO_BYTES(curve_bits) * 2u)
/** Sufficient signature buffer size for psa_sign_hash().
*
@@ -601,9 +673,9 @@
* return value is unspecified.
*/
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
- (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
- ((void)alg, 0))
+ ((void) alg, 0u))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
@@ -615,10 +687,18 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a signature in bytes.
*/
-#define PSA_SIGNATURE_MAX_SIZE \
- (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
- PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
+#define PSA_SIGNATURE_MAX_SIZE 1
+
+#if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
+ (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE)
+#undef PSA_SIGNATURE_MAX_SIZE
+#define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
+#endif
+#if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE)
+#undef PSA_SIGNATURE_MAX_SIZE
+#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
/** Sufficient output buffer size for psa_asymmetric_encrypt().
*
@@ -647,8 +727,8 @@
*/
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
- ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
- 0)
+ ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
* supported asymmetric encryption.
@@ -687,7 +767,7 @@
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
* supported asymmetric decryption.
@@ -710,7 +790,7 @@
* - 0 to 1 bytes of leading 0 due to the sign bit.
*/
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
- ((bits) / 8 + 5)
+ ((bits) / 8u + 5u)
/* Maximum size of the export encoding of an RSA public key.
* Assumes that the public exponent is less than 2^32.
@@ -724,7 +804,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
/* Maximum size of the export encoding of an RSA key pair.
* Assumes that the public exponent is less than 2^32 and that the size
@@ -749,7 +829,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
+ (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
/* Maximum size of the export encoding of a DSA public key.
*
@@ -768,7 +848,7 @@
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
/* Maximum size of the export encoding of a DSA key pair.
*
@@ -787,7 +867,7 @@
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
/* Maximum size of the export encoding of an ECC public key.
*
@@ -800,7 +880,7 @@
* - 1 byte + 2 * point size.
*/
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
+ (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
/* Maximum size of the export encoding of an ECC key pair.
*
@@ -809,6 +889,18 @@
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits))
+/* Maximum size of the export encoding of an DH key pair.
+ *
+ * An DH key pair is represented by the secret value.
+ */
+#define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
+/* Maximum size of the export encoding of an DH public key.
+ */
+#define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
/** Sufficient output buffer size for psa_export_key() or
* psa_export_public_key().
*
@@ -850,13 +942,16 @@
*/
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : /*!!OM-PCI-27*/ \
+ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ 0u)
/** Sufficient output buffer size for psa_export_public_key().
*
@@ -905,8 +1000,11 @@
*/
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : \
+ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ 0u)
/** Sufficient buffer size for exporting any asymmetric key pair.
*
@@ -916,11 +1014,29 @@
*
* See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
+ (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE)
+#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** Sufficient buffer size for exporting any asymmetric public key.
*
@@ -931,11 +1047,29 @@
*
* See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
+ (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** Sufficient output buffer size for psa_raw_key_agreement().
*
@@ -960,11 +1094,9 @@
* If the parameters are not valid,
* the return value is unspecified.
*/
-/* FFDH is not yet supported in PSA. */
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
- (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
- PSA_BITS_TO_BYTES(key_bits) : \
- 0)
+ ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
+ PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
/** Maximum size of the output from psa_raw_key_agreement().
*
@@ -973,8 +1105,18 @@
*
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
- (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1
+
+#if defined(PSA_WANT_ALG_ECDH) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
+#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+#endif
+#if defined(PSA_WANT_ALG_FFDH) && \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
+#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+#endif
/** The default IV size for a cipher algorithm, in bytes.
*
@@ -1002,22 +1144,22 @@
*/
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
- ((alg) == PSA_ALG_CTR || \
- (alg) == PSA_ALG_CFB || \
- (alg) == PSA_ALG_OFB || \
- (alg) == PSA_ALG_XTS || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ ((alg) == PSA_ALG_CTR || \
+ (alg) == PSA_ALG_CFB || \
+ (alg) == PSA_ALG_OFB || \
+ (alg) == PSA_ALG_XTS || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
- (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
- 0)
+ (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
+ (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
+ 0u)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
* See also #PSA_CIPHER_IV_LENGTH().
*/
-#define PSA_CIPHER_IV_MAX_SIZE 16
+#define PSA_CIPHER_IV_MAX_SIZE 16u
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
*
@@ -1042,15 +1184,15 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (alg == PSA_ALG_CBC_PKCS7 ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- (input_length) + 1) + \
- PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
- 0))
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1u) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0u))
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1063,9 +1205,9 @@
* \param input_length Size of the input in bytes.
*
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
- (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
- (input_length) + 1) + \
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1u) + \
PSA_CIPHER_IV_MAX_SIZE)
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
@@ -1087,11 +1229,11 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) && \
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
- (input_length) : \
- 0)
+ (input_length) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1124,16 +1266,16 @@
* algorithm. If the key type or cipher algorithm is not
* recognized, or the parameters are incompatible, return 0.
*/
-#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- (((alg) == PSA_ALG_CBC_PKCS7 || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_ECB_NO_PADDING) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- input_length) : \
- (input_length)) : 0) : \
- 0)
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : 0u) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_update(), for any of the
* supported key types and cipher algorithms.
@@ -1169,8 +1311,8 @@
(PSA_ALG_IS_CIPHER(alg) ? \
(alg == PSA_ALG_CBC_PKCS7 ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0) : \
- 0)
+ 0u) : \
+ 0u)
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
* supported key types and cipher algorithms.
diff --git a/ext/oberon/psa/core/include/psa/crypto_struct.h b/ext/oberon/psa/core/include/psa/crypto_struct.h
index 33f3c38f56c0..3c442fe7e8e4 100644
--- a/ext/oberon/psa/core/include/psa/crypto_struct.h
+++ b/ext/oberon/psa/core/include/psa/crypto_struct.h
@@ -35,8 +35,8 @@
* GCC and Clang initialize the whole structure to 0 (at the time of writing),
* but MSVC and CompCert don't.
*
- * In Mbed Crypto, multipart operation structures live independently from
- * the key. This allows Mbed Crypto to free the key objects when destroying
+ * In Mbed TLS, multipart operation structures live independently from
+ * the key. This allows Mbed TLS to free the key objects when destroying
* a key slot. If a multipart operation needs to remember the key after
* the setup function returns, the operation structure needs to contain a
* copy of the key.
@@ -78,8 +78,7 @@ extern "C" {
* algorithms. */
#include "psa/crypto_driver_contexts_primitives.h"
-struct psa_hash_operation_s
-{
+struct psa_hash_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -91,14 +90,13 @@ struct psa_hash_operation_s
};
#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
-static inline struct psa_hash_operation_s psa_hash_operation_init( void )
+static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
- return( v );
+ return v;
}
-struct psa_cipher_operation_s
-{
+struct psa_cipher_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -116,18 +114,17 @@ struct psa_cipher_operation_s
};
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
-static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
+static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
- return( v );
+ return v;
}
/* Include the context definition for the compiled-in drivers for the composite
* algorithms. */
#include "psa/crypto_driver_contexts_composites.h"
-struct psa_mac_operation_s
-{
+struct psa_mac_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -141,14 +138,13 @@ struct psa_mac_operation_s
};
#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
-static inline struct psa_mac_operation_s psa_mac_operation_init( void )
+static inline struct psa_mac_operation_s psa_mac_operation_init(void)
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
- return( v );
+ return v;
}
-struct psa_aead_operation_s
-{
+struct psa_aead_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
@@ -173,19 +169,18 @@ struct psa_aead_operation_s
psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
-static inline struct psa_aead_operation_s psa_aead_operation_init( void )
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
+static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
- return( v );
+ return v;
}
-/* Include the context definition for the compiled-in drivers for the kdf
- * algorithms. */
+/* Include the context definition for the compiled-in drivers for the key
+ * derivation algorithms. */
#include "psa/crypto_driver_contexts_key_derivation.h"
-struct psa_key_derivation_s /*!!OM*/
-{
+struct psa_key_derivation_s { /*!!OM*/
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -196,11 +191,14 @@ struct psa_key_derivation_s /*!!OM*/
psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
+ unsigned int MBEDTLS_PRIVATE(no_output) : 1;
+ unsigned int MBEDTLS_PRIVATE(no_verify) : 1;
unsigned int MBEDTLS_PRIVATE(cost_set) : 1;
unsigned int MBEDTLS_PRIVATE(salt_set) : 1;
unsigned int MBEDTLS_PRIVATE(secret_set) : 1;
unsigned int MBEDTLS_PRIVATE(seed_set) : 1;
unsigned int MBEDTLS_PRIVATE(label_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(context_set) : 1;
unsigned int MBEDTLS_PRIVATE(passw_set) : 1;
unsigned int MBEDTLS_PRIVATE(info_set) : 1;
unsigned int MBEDTLS_PRIVATE(no_input) : 1;
@@ -209,46 +207,15 @@ struct psa_key_derivation_s /*!!OM*/
psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
- void )
+ void)
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
- return( v );
-}
-
-struct psa_pake_operation_s /*!!OM*/
-{
- /** Unique ID indicating which driver got assigned to do the
- * operation. Since driver contexts are driver-specific, swapping
- * drivers halfway through the operation is not supported.
- * ID values are auto-generated in psa_crypto_driver_wrappers.h
- * ID value zero means the context is not valid or not assigned to
- * any driver (i.e. none of the driver contexts are active). */
- unsigned int MBEDTLS_PRIVATE(id);
-
- psa_algorithm_t MBEDTLS_PRIVATE(alg);
- unsigned int MBEDTLS_PRIVATE(passw_set) : 1;
- unsigned int MBEDTLS_PRIVATE(user_set) : 1;
- unsigned int MBEDTLS_PRIVATE(peer_set) : 1;
- unsigned int MBEDTLS_PRIVATE(role_set) : 1;
- unsigned int MBEDTLS_PRIVATE(is_second) : 1;
- unsigned int MBEDTLS_PRIVATE(started) : 1;
- unsigned int MBEDTLS_PRIVATE(done) : 1;
- unsigned int MBEDTLS_PRIVATE(sequence);
-
- psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
-};
-
-#define PSA_PAKE_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
-static inline struct psa_pake_operation_s psa_pake_operation_init(void)
-{
- const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
- return(v);
+ return v;
}
-struct psa_key_policy_s
-{
+struct psa_key_policy_s {
psa_key_usage_t MBEDTLS_PRIVATE(usage);
psa_algorithm_t MBEDTLS_PRIVATE(alg);
psa_algorithm_t MBEDTLS_PRIVATE(alg2);
@@ -256,10 +223,10 @@ struct psa_key_policy_s
typedef struct psa_key_policy_s psa_key_policy_t;
#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
-static inline struct psa_key_policy_s psa_key_policy_init( void )
+static inline struct psa_key_policy_s psa_key_policy_init(void)
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
- return( v );
+ return v;
}
/* The type used internally for key sizes.
@@ -267,7 +234,7 @@ static inline struct psa_key_policy_s psa_key_policy_init( void )
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( ( psa_key_bits_t ) -1 )
+#define PSA_KEY_BITS_TOO_LARGE ((psa_key_bits_t) -1)
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
@@ -285,21 +252,20 @@ typedef uint16_t psa_key_bits_t;
typedef uint16_t psa_key_attributes_flag_t;
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
- ( (psa_key_attributes_flag_t) 0x0001 )
+ ((psa_key_attributes_flag_t) 0x0001)
/* A mask of key attribute flags used externally only.
* Only meant for internal checks inside the library. */
#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
- 0 )
+ 0)
/* A mask of key attribute flags used both internally and externally.
* Currently there aren't any. */
#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
- 0 )
+ 0)
-typedef struct
-{
+typedef struct {
psa_key_type_t MBEDTLS_PRIVATE(type);
psa_key_bits_t MBEDTLS_PRIVATE(bits);
psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
@@ -313,8 +279,7 @@ typedef struct
MBEDTLS_SVC_KEY_ID_INIT, \
PSA_KEY_POLICY_INIT, 0 }
-struct psa_key_attributes_s
-{
+struct psa_key_attributes_s {
psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
@@ -339,48 +304,46 @@ struct psa_key_attributes_s
#endif /* PSA_USE_KEY_DOMAIN_PARAMETERS */
#endif
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
+static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
- return( v );
+ return v;
}
-static inline void psa_set_key_id( psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t key )
+static inline void psa_set_key_id(psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t key)
{
psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
- PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
+ PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
}
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id);
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
- mbedtls_key_owner_id_t owner )
+static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
+ mbedtls_key_owner_id_t owner)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
}
#endif
-static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
- psa_key_lifetime_t lifetime )
+static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+ psa_key_lifetime_t lifetime)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else
@@ -390,93 +353,211 @@ static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
}
-static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
+static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
{
- if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
*usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+ }
- if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
*usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
- psa_extend_key_usage_flags( &usage_flags );
+ psa_extend_key_usage_flags(&usage_flags);
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
}
-static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
- psa_algorithm_t alg )
+static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+ psa_algorithm_t alg)
{
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
}
/* This function is declared in crypto_extra.h, which comes after this
* header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
- size_t data_length );
+ size_t data_length);
-static inline void psa_set_key_type( psa_key_attributes_t *attributes,
- psa_key_type_t type )
+static inline void psa_set_key_type(psa_key_attributes_t *attributes,
+ psa_key_type_t type)
{
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS) /* !!OM */
- if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
- {
+ if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL){
#endif
/* Common case: quick path */
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS) /* !!OM */
- }
- else
- {
+ } else {
/* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
* report errors. */
- (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
+ (void) psa_set_key_domain_parameters(attributes, type, NULL, 0);
}
#endif
}
static inline psa_key_type_t psa_get_key_type(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type);
}
-static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
- size_t bits )
+static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
+ size_t bits)
{
- if( bits > PSA_MAX_KEY_BITS )
+ if (bits > PSA_MAX_KEY_BITS) {
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
- else
+ } else {
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
+ }
}
static inline size_t psa_get_key_bits(
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
+{
+ return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits);
+}
+
+struct psa_pake_cipher_suite_s {
+ psa_algorithm_t algorithm;
+ psa_pake_primitive_type_t type;
+ psa_pake_family_t family;
+ uint16_t bits;
+ psa_algorithm_t hash;
+};
+
+#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE}
+static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
{
- return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
+ const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT;
+ return v;
+}
+
+struct psa_crypto_driver_pake_inputs_s {
+ uint8_t *MBEDTLS_PRIVATE(password);
+ size_t MBEDTLS_PRIVATE(password_len);
+ psa_pake_role_t MBEDTLS_PRIVATE(role);
+ uint8_t *MBEDTLS_PRIVATE(user);
+ size_t MBEDTLS_PRIVATE(user_len);
+ uint8_t *MBEDTLS_PRIVATE(peer);
+ size_t MBEDTLS_PRIVATE(peer_len);
+ psa_key_attributes_t MBEDTLS_PRIVATE(attributes);
+ psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite);
+};
+
+struct psa_pake_operation_s { /*!!OM*/
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(passw_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(user_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(peer_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(role_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(is_second) : 1;
+ unsigned int MBEDTLS_PRIVATE(started) : 1;
+ unsigned int MBEDTLS_PRIVATE(done) : 1;
+ unsigned int MBEDTLS_PRIVATE(sequence);
+
+ psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs);
+ psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
+};
+
+/* This only zeroes out the first byte in the union, the rest is unspecified. */
+#define PSA_PAKE_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { }, { } }
+static inline struct psa_pake_operation_s psa_pake_operation_init(void)
+{
+ const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
+ return v;
+}
+
+/**
+ * \brief The context for PSA interruptible hash signing.
+ */
+struct psa_sign_hash_interruptible_operation_s {
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
+
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+
+ uint32_t MBEDTLS_PRIVATE(num_ops);
+};
+
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0, 0, 0 }
+
+static inline struct psa_sign_hash_interruptible_operation_s
+psa_sign_hash_interruptible_operation_init(void)
+{
+ const struct psa_sign_hash_interruptible_operation_s v =
+ PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+
+ return v;
+}
+
+/**
+ * \brief The context for PSA interruptible hash verification.
+ */
+struct psa_verify_hash_interruptible_operation_s {
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_crypto_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int MBEDTLS_PRIVATE(id);
+
+ psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx);
+
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+
+ uint32_t MBEDTLS_PRIVATE(num_ops);
+};
+
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0, 0, 0 }
+
+static inline struct psa_verify_hash_interruptible_operation_s
+psa_verify_hash_interruptible_operation_init(void)
+{
+ const struct psa_verify_hash_interruptible_operation_s v =
+ PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+
+ return v;
}
#ifdef __cplusplus
diff --git a/ext/oberon/psa/core/include/psa/crypto_types.h b/ext/oberon/psa/core/include/psa/crypto_types.h
index f3bcb27d3e26..250322752046 100644
--- a/ext/oberon/psa/core/include/psa/crypto_types.h
+++ b/ext/oberon/psa/core/include/psa/crypto_types.h
@@ -32,16 +32,17 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
+
+/* Make sure the Mbed TLS configuration is visible. */
+#include "mbedtls/build_info.h"
+/* Define the MBEDTLS_PRIVATE macro. */
#include "mbedtls/private_access.h"
+#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
+#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
+#else
#include "crypto_platform.h"
-
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif
#include
@@ -291,18 +292,17 @@ typedef uint32_t psa_key_id_t;
* Any changes to existing values will require bumping the storage
* format version and providing a translation when reading the old
* format.
-*/
+ */
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
typedef psa_key_id_t mbedtls_svc_key_id_t;
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-/* Implementation-specific: The Mbed Cryptography library can be built as
+/* Implementation-specific: The Mbed TLS library can be built as
* part of a multi-client service that exposes the PSA Cryptography API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
-typedef struct
-{
+typedef struct {
psa_key_id_t MBEDTLS_PRIVATE(key_id);
mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
} mbedtls_svc_key_id_t;
@@ -439,7 +439,7 @@ typedef struct psa_key_attributes_s psa_key_attributes_t;
#ifndef __DOXYGEN_ONLY__
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto defines this type in crypto_types.h because it is also
+/* Mbed TLS defines this type in crypto_types.h because it is also
* visible to applications through an implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
* via crypto_se_driver.h. */
@@ -470,6 +470,29 @@ typedef uint16_t psa_key_derivation_step_t;
*/
typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t;
+/** Encoding of the type of the PAKE's primitive.
+*
+* Values defined by this standard will never be in the range 0x80-0xff.
+* Vendors who define additional types must use an encoding in this range.
+*
+* For more information see the documentation of individual
+* \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+*/
+typedef uint8_t psa_pake_primitive_type_t;
+
+/** \brief Encoding of the family of the primitive associated with the PAKE.
+*
+* For more information see the documentation of individual
+* \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+*/
+typedef uint8_t psa_pake_family_t;
+
+/** \brief Encoding of the primitive associated with the PAKE.
+*
+* For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+*/
+typedef uint32_t psa_pake_primitive_t;
+
/** \brief Encoding of the application role of PAKE
*
* Encodes the application's role in the algorithm being executed. For more
@@ -486,5 +509,8 @@ typedef uint8_t psa_pake_role_t;
*/
typedef uint8_t psa_pake_step_t;
+/** The type of input values for PAKE operations. */
+typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t;
+
#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/ext/oberon/psa/core/include/psa/crypto_values.h b/ext/oberon/psa/core/include/psa/crypto_values.h
index b8c484c69538..be3b894fbce7 100644
--- a/ext/oberon/psa/core/include/psa/crypto_values.h
+++ b/ext/oberon/psa/core/include/psa/crypto_values.h
@@ -62,6 +62,13 @@
* value, check with the Arm PSA framework group to pick one that other
* domains aren't already using. */
+/* Tell uncrustify not to touch the constant definitions, otherwise
+ * it might change the spacing to something that is not PSA-compliant
+ * (e.g. adding a space after casts).
+ *
+ * *INDENT-OFF*
+ */
+
/** The action was completed successfully. */
#define PSA_SUCCESS ((psa_status_t)0)
@@ -332,6 +339,15 @@
*/
#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
+/** The function that returns this status is defined as interruptible and
+ * still has work to do, thus the user should call the function again with the
+ * same operation context until it either returns #PSA_SUCCESS or any other
+ * error. This is not an error per se, more a notification of status.
+ */
+#define PSA_OPERATION_INCOMPLETE ((psa_status_t)-248)
+
+/* *INDENT-ON* */
+
/**@}*/
/** \defgroup crypto_types Key and algorithm types
@@ -348,7 +364,7 @@
*
* Zero is not the encoding of any key type.
*/
-#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
+#define PSA_KEY_TYPE_NONE ((psa_key_type_t) 0x0000)
/** Vendor-defined key type flag.
*
@@ -357,15 +373,15 @@
* must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
* respect the bitwise structure used by standard encodings whenever practical.
*/
-#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
+#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t) 0x8000)
-#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
-#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
-#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
-#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
-#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
+#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t) 0x7000)
+#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t) 0x1000)
+#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t) 0x2000)
+#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t) 0x4000)
+#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t) 0x7000)
-#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
+#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t) 0x3000)
/** Whether a key type is vendor-defined.
*
@@ -423,7 +439,7 @@
*
* A "key" of this type cannot be used for any cryptographic operation.
* Applications may use this type to store arbitrary data in the keystore. */
-#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
+#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t) 0x1001)
/** HMAC key.
*
@@ -433,7 +449,7 @@
* HMAC keys should generally have the same size as the underlying hash.
* This size can be calculated with #PSA_HASH_LENGTH(\c alg) where
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
-#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
+#define PSA_KEY_TYPE_HMAC ((psa_key_type_t) 0x1100)
/** A secret for key derivation.
*
@@ -446,7 +462,7 @@
* The key policy determines which key derivation algorithm the key
* can be used for.
*/
-#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
+#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t) 0x1200)
/** A low-entropy secret for password hashing or key derivation.
*
@@ -469,7 +485,7 @@
* The key policy determines which key derivation algorithm the key can be
* used for, among the permissible subset defined above.
*/
-#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203)
+#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t) 0x1203)
/** A secret value that can be used to verify a password hash.
*
@@ -477,25 +493,25 @@
* can be used for, among the same permissible subset as for
* #PSA_KEY_TYPE_PASSWORD.
*/
-#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205)
+#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t) 0x1205)
/** A secret value that can be used in when computing a password hash.
*
* The key policy determines which key derivation algorithm the key
* can be used for, among the subset of algorithms that can use pepper.
*/
-#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206)
+#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t) 0x1206)
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
-#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
+#define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400)
/** Key for a cipher, AEAD or MAC algorithm based on the
* ARIA block cipher. */
-#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
+#define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406)
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
*
@@ -506,11 +522,11 @@
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
* is weak and deprecated and should only be used in legacy protocols.
*/
-#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
+#define PSA_KEY_TYPE_DES ((psa_key_type_t) 0x2301)
/** Key for a cipher, AEAD or MAC algorithm based on the
* Camellia block cipher. */
-#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
+#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t) 0x2403)
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
@@ -523,25 +539,25 @@
* with the initial counter value 1, you can process and discard a
* 64-byte block before the real data.
*/
-#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
+#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t) 0x2004)
/** RSA public key.
*
* The size of an RSA key is the bit size of the modulus.
*/
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
+#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t) 0x4001)
/** RSA key pair (private and public key).
*
* The size of an RSA key is the bit size of the modulus.
*/
-#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
-#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
-#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100)
+#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t) 0x00ff)
/** Elliptic curve key pair.
*
* The size of an elliptic curve key is the bit size associated with the curve,
@@ -581,8 +597,8 @@
/** Extract the curve from an elliptic curve key type. */
#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
- ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
- 0))
+ ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
+ 0))
/** Check if the curve of given family is Weierstrass elliptic curve. */
#define PSA_ECC_FAMILY_IS_WEIERSTRASS(family) ((family & 0xc0) == 0)
@@ -676,9 +692,9 @@
*/
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
-#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
-#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4200)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t) 0x7200)
+#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t) 0x00ff)
/** Diffie-Hellman key pair.
*
* \param group A value of type ::psa_dh_family_t that identifies the
@@ -710,8 +726,8 @@
/** Extract the group from a Diffie-Hellman key type. */
#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
- ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
- 0))
+ ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
+ 0))
/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
*
@@ -752,7 +768,7 @@
#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
- 0u)
+ 0u)
/* Note that algorithm values are embedded in the persistent key store,
* as part of key metadata. As a consequence, they must not be changed
@@ -766,17 +782,17 @@
* the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure
* used by standard encodings whenever practical.
*/
-#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
+#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
-#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
-#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000)
-#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000)
-#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
-#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000)
-#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000)
-#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000)
-#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000)
-#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000)
+#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t) 0x7f000000)
+#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t) 0x02000000)
+#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t) 0x03000000)
+#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t) 0x04000000)
+#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t) 0x05000000)
+#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t) 0x06000000)
+#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t) 0x07000000)
+#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t) 0x08000000)
+#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t) 0x09000000)
/** Whether an algorithm is vendor-defined.
*
@@ -895,42 +911,44 @@
(alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
/** An invalid algorithm identifier value. */
+/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
#define PSA_ALG_NONE ((psa_algorithm_t)0)
+/* *INDENT-ON* */
-#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
+#define PSA_ALG_HASH_MASK ((psa_algorithm_t) 0x000000ff)
/** MD5 */
-#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
+#define PSA_ALG_MD5 ((psa_algorithm_t) 0x02000003)
/** PSA_ALG_RIPEMD160 */
-#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004)
+#define PSA_ALG_RIPEMD160 ((psa_algorithm_t) 0x02000004)
/** SHA1 */
-#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005)
+#define PSA_ALG_SHA_1 ((psa_algorithm_t) 0x02000005)
/** SHA2-224 */
-#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008)
+#define PSA_ALG_SHA_224 ((psa_algorithm_t) 0x02000008)
/** SHA2-256 */
-#define PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009)
+#define PSA_ALG_SHA_256 ((psa_algorithm_t) 0x02000009)
/** SHA2-384 */
-#define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a)
+#define PSA_ALG_SHA_384 ((psa_algorithm_t) 0x0200000a)
/** SHA2-512 */
-#define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b)
+#define PSA_ALG_SHA_512 ((psa_algorithm_t) 0x0200000b)
/** SHA2-512/224 */
-#define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c)
+#define PSA_ALG_SHA_512_224 ((psa_algorithm_t) 0x0200000c)
/** SHA2-512/256 */
-#define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d)
+#define PSA_ALG_SHA_512_256 ((psa_algorithm_t) 0x0200000d)
/** SHA3-224 */
-#define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010)
+#define PSA_ALG_SHA3_224 ((psa_algorithm_t) 0x02000010)
/** SHA3-256 */
-#define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011)
+#define PSA_ALG_SHA3_256 ((psa_algorithm_t) 0x02000011)
/** SHA3-384 */
-#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
+#define PSA_ALG_SHA3_384 ((psa_algorithm_t) 0x02000012)
/** SHA3-512 */
-#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
+#define PSA_ALG_SHA3_512 ((psa_algorithm_t) 0x02000013)
/** The first 512 bits (64 bytes) of the SHAKE256 output.
*
* This is the prehashing for Ed448ph (see #PSA_ALG_ED448PH). For other
* scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
* has the same output size and a (theoretically) higher security strength.
*/
-#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
+#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t) 0x02000015)
/** In a hash-and-sign algorithm policy, allow any hash algorithm.
*
@@ -965,10 +983,10 @@
* This value may not be used to build an algorithm specification to
* perform an operation. It is only valid to build policies.
*/
-#define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff)
+#define PSA_ALG_ANY_HASH ((psa_algorithm_t) 0x020000ff)
-#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
-#define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x03800000)
+#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t) 0x00c00000)
+#define PSA_ALG_HMAC_BASE ((psa_algorithm_t) 0x03800000)
/** Macro to build an HMAC algorithm.
*
* For example, #PSA_ALG_HMAC(#PSA_ALG_SHA_256) is HMAC-SHA-256.
@@ -1007,7 +1025,7 @@
* reach up to 63; the largest MAC is 64 bytes so its trivial truncation
* to full length is correctly encoded as 0 and any non-trivial truncation
* is correctly encoded as a value between 1 and 63. */
-#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
+#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t) 0x003f0000)
#define PSA_MAC_TRUNCATION_OFFSET 16
/* In the encoding of a MAC algorithm, the bit corresponding to
@@ -1016,7 +1034,7 @@
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a (potentially truncated) MAC length greater or
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
-#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
/** Macro to build a truncated MAC algorithm.
*
@@ -1111,18 +1129,18 @@
* too large for the specified MAC algorithm.
*/
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
- ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
- PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
+ (PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
+ PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)
-#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
+#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t) 0x03c00000)
/** The CBC-MAC construction over a block cipher
*
* \warning CBC-MAC is insecure in many cases.
* A more secure mode, such as #PSA_ALG_CMAC, is recommended.
*/
-#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100)
+#define PSA_ALG_CBC_MAC ((psa_algorithm_t) 0x03c00100)
/** The CMAC construction over a block cipher */
-#define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200)
+#define PSA_ALG_CMAC ((psa_algorithm_t) 0x03c00200)
/** Whether the specified algorithm is a MAC algorithm based on a block cipher.
*
@@ -1136,8 +1154,8 @@
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
PSA_ALG_CIPHER_MAC_BASE)
-#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
-#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t) 0x00800000)
+#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
/** Whether the specified algorithm is a stream cipher.
*
@@ -1153,14 +1171,14 @@
*/
#define PSA_ALG_IS_STREAM_CIPHER(alg) \
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
- (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
+ (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
/** The stream cipher mode of a stream cipher algorithm.
*
* The underlying stream cipher is determined by the key type.
* - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
*/
-#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
+#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t) 0x04800100)
/** The CTR stream cipher mode.
*
@@ -1169,19 +1187,19 @@
* For example, to use AES-128-CTR, use this algorithm with
* a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).
*/
-#define PSA_ALG_CTR ((psa_algorithm_t)0x04c01000)
+#define PSA_ALG_CTR ((psa_algorithm_t) 0x04c01000)
/** The CFB stream cipher mode.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_CFB ((psa_algorithm_t)0x04c01100)
+#define PSA_ALG_CFB ((psa_algorithm_t) 0x04c01100)
/** The OFB stream cipher mode.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_OFB ((psa_algorithm_t)0x04c01200)
+#define PSA_ALG_OFB ((psa_algorithm_t) 0x04c01200)
/** The XTS cipher mode.
*
@@ -1189,7 +1207,7 @@
* least one full block of input, but beyond this minimum the input
* does not need to be a whole number of blocks.
*/
-#define PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00)
+#define PSA_ALG_XTS ((psa_algorithm_t) 0x0440ff00)
/** The Electronic Code Book (ECB) mode of a block cipher, with no padding.
*
@@ -1209,7 +1227,7 @@
* multi-part cipher operation with this algorithm, psa_cipher_generate_iv()
* and psa_cipher_set_iv() must not be called.
*/
-#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400)
+#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t) 0x04404400)
/** The CBC block cipher chaining mode, with no padding.
*
@@ -1218,7 +1236,7 @@
* This symmetric cipher mode can only be used with messages whose lengths
* are whole number of blocks for the chosen block cipher.
*/
-#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000)
+#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t) 0x04404000)
/** The CBC block cipher chaining mode with PKCS#7 padding.
*
@@ -1226,9 +1244,9 @@
*
* This is the padding method defined by PKCS#7 (RFC 2315) §10.3.
*/
-#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100)
+#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t) 0x04404100)
-#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
+#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
/** Whether the specified algorithm is an AEAD mode on a block cipher.
*
@@ -1247,7 +1265,7 @@
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
+#define PSA_ALG_CCM ((psa_algorithm_t) 0x05500100)
/** The CCM* cipher mode without authentication.
*
@@ -1258,13 +1276,13 @@
*
* Currently only 13-byte long IV's are supported.
*/
-#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t)0x04c01300)
+#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t) 0x04c01300)
/** The GCM authenticated encryption algorithm.
*
* The underlying block cipher is determined by the key type.
*/
-#define PSA_ALG_GCM ((psa_algorithm_t)0x05500200)
+#define PSA_ALG_GCM ((psa_algorithm_t) 0x05500200)
/** The Chacha20-Poly1305 AEAD algorithm.
*
@@ -1275,13 +1293,13 @@
*
* Implementations must support 16-byte tags and should reject other sizes.
*/
-#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500)
+#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t) 0x05100500)
/* In the encoding of an AEAD algorithm, the bits corresponding to
* PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
* The constants for default lengths follow this encoding.
*/
-#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
+#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t) 0x003f0000)
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
/* In the encoding of an AEAD algorithm, the bit corresponding to
@@ -1290,7 +1308,7 @@
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a tag length greater than or equal to the one
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
-#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
+#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
/** Macro to build a shortened AEAD algorithm.
*
@@ -1314,7 +1332,7 @@
(((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
- PSA_ALG_AEAD_TAG_LENGTH_MASK))
+ PSA_ALG_AEAD_TAG_LENGTH_MASK))
/** Retrieve the tag length of a specified AEAD algorithm
*
@@ -1328,7 +1346,7 @@
*/
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
- PSA_AEAD_TAG_LENGTH_OFFSET )
+ PSA_AEAD_TAG_LENGTH_OFFSET)
/** Calculate the corresponding AEAD algorithm with the default tag length.
*
@@ -1374,10 +1392,10 @@
* or too large for the specified AEAD algorithm.
*/
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
- PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
+ PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)
-#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
+#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t) 0x06000200)
/** RSA PKCS#1 v1.5 signature with hashing.
*
* This is the signature scheme defined by RFC 8017
@@ -1405,8 +1423,8 @@
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
-#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
-#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
+#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t) 0x06000300)
+#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t) 0x06001300)
/** RSA PSS signature with hashing.
*
* This is the signature scheme defined by RFC 8017
@@ -1495,7 +1513,7 @@
(PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
-#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
+#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t) 0x06000600)
/** ECDSA signature with hashing.
*
* This is the ECDSA signature scheme defined by ANSI X9.62,
@@ -1528,7 +1546,7 @@
* the curve size.
*/
#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
-#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x06000700)
+#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t) 0x06000700)
/** Deterministic ECDSA signature with hashing.
*
* This is the deterministic ECDSA signature scheme defined by RFC 6979.
@@ -1553,7 +1571,7 @@
*/
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00000100)
+#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t) 0x00000100)
#define PSA_ALG_IS_ECDSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
PSA_ALG_ECDSA_BASE)
@@ -1592,9 +1610,9 @@
* RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
* string for Ed448).
*/
-#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
+#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t) 0x06000800)
-#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
+#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t) 0x06000900)
#define PSA_ALG_IS_HASH_EDDSA(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
@@ -1686,7 +1704,7 @@
* supported algorithm identifier.
*/
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
- (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+ (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
/** Whether the specified algorithm is a hash-and-sign algorithm.
*
@@ -1743,9 +1761,9 @@
/** RSA PKCS#1 v1.5 encryption.
*/
-#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200)
+#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200)
-#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x07000300)
+#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t) 0x07000300)
/** RSA OAEP encryption.
*
* This is the encryption scheme defined by RFC 8017
@@ -1769,10 +1787,10 @@
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
0)
-#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100)
+#define PSA_ALG_HKDF_BASE ((psa_algorithm_t) 0x08000100)
/** Macro to build an HKDF algorithm.
*
- * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
+ * For example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
* - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
@@ -1814,10 +1832,10 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t)0x08000400)
+#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t) 0x08000400)
/** Macro to build an HKDF-Extract algorithm.
*
- * For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA256)` is
+ * For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256)` is
* HKDF-Extract using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
@@ -1863,10 +1881,10 @@
#define PSA_ALG_IS_HKDF_EXTRACT(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE)
-#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t)0x08000500)
+#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t) 0x08000500)
/** Macro to build an HKDF-Expand algorithm.
*
- * For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA256)` is
+ * For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256)` is
* HKDF-Expand using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
@@ -1920,7 +1938,7 @@
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
-#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
+#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t) 0x08000200)
/** Macro to build a TLS-1.2 PRF algorithm.
*
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
@@ -1937,7 +1955,7 @@
* concatenation of ServerHello.Random + ClientHello.Random,
* and the label is "key expansion".
*
- * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the
* TLS 1.2 PRF using HMAC-SHA-256.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
@@ -1963,7 +1981,7 @@
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x08000300)
+#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t) 0x08000300)
/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
*
* In a pure-PSK handshake in TLS 1.2, the master secret is derived
@@ -2007,7 +2025,7 @@
* PSA_ALG_RSA_PKCS1V15_CRYPT, passed to the key derivation operation
* with `psa_key_derivation_input_bytes()`.
*
- * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
@@ -2045,7 +2063,7 @@
* The output has to be read as a single chunk of 32 bytes, defined as
* PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE.
*/
-#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t)0x08000609)
+#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t) 0x08000609)
/* This flag indicates whether the key derivation algorithm is suitable for
* use on low-entropy secrets such as password - these algorithms are also
@@ -2054,15 +2072,15 @@
*
* Those algorithms cannot be combined with a key agreement algorithm.
*/
-#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00800000)
+#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t) 0x00800000)
-#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08800100)
+#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t) 0x08800100)
/** Macro to build a PBKDF2-HMAC password hashing / key stretching algorithm.
*
* PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2).
* This macro specifies the PBKDF2 algorithm constructed using a PRF based on
* HMAC with the specified hash.
- * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` specifies PBKDF2
+ * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256)` specifies PBKDF2
* using the PRF HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs, which must be
@@ -2096,6 +2114,8 @@
*/
#define PSA_ALG_IS_PBKDF2_HMAC(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE)
+#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK))
/** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm.
*
@@ -2106,10 +2126,103 @@
* This key derivation algorithm uses the same inputs as
* #PSA_ALG_PBKDF2_HMAC() with the same constraints.
*/
-#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200)
+#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t) 0x08800200)
-#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff)
-#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000)
+#define PSA_ALG_IS_PBKDF2(kdf_alg) \
+ (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \
+ ((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128))
+
+
+#define PSA_ALG_SP800_108_COUNTER_HMAC_BASE ((psa_algorithm_t) 0x08000700)
+ /** Macro to build a NIST SP 800-108 conformant, counter-mode KDF algorithm based on HMAC.
+ *
+ * For example, PSA_ALG_SP800_108_COUNTER_HMAC(PSA_ALG_SHA_256) is counter-mode KDF using HMAC-SHA-256.
+ *
+ * This is an HMAC-based, counter mode key derivation function, using the construction recommended
+ * specified by SP800-108, §4.1.
+ *
+ * This key derivation algorithm uses the following inputs:
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret input keying material, K_in.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ * It is optional; if omitted, the label is a zero-length string. If provided, it must not contain any null bytes.
+ * - #PSA_KEY_DERIVATION_INPUT_CONTEXT is the context.
+ * It is optional; if omitted, the context is a zero-length string.
+ * Each input can only be passed once. Inputs must be passed in the order above.
+ *
+ * This algorithm uses the output length as part of the derivation process. In the derivation this value is L,
+ * the required output size in bits. After setup, the initial capacity of the key derivation operation is
+ * 2^29 - 1 bytes (0x1fffffff). The capacity can be set to a lower value by calling psa_key_derivation_set_capacity().
+ * When the first output is requested, the value of L is calculated as L = 8 * cap, where cap is the value of
+ * psa_key_derivation_get_capacity().
+ * Subsequent calls to psa_key_derivation_set_capacity() are not permitted for this algorithm.
+ *
+ * The derivation is constructed as described in SP800-108 §4.1, with the iteration counter i and
+ * output length L encoded as big-endian, 32-bit values. The resulting output stream
+ * K_1 || K_2 || K_3 || ... is computed as:
+ *
+ * K_i = HMAC( K_in, [i]4 || label || 0x00 || context || [L]4 ), for i = 1, 2, 3, ...
+ * Where [x]n is the big-endian, n-byte encoding of the integer x.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding counter-mode KDF algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_SP800_108_COUNTER_HMAC(hash_alg) \
+ (PSA_ALG_SP800_108_COUNTER_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+ /** Whether the specified algorithm is a key derivation algorithm constructed
+ * using #PSA_ALG_SP800_108_COUNTER_HMAC(\p hash_alg).
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a key derivation algorithm constructed using #PSA_ALG_SP800_108_COUNTER_HMAC(),
+ * 0 otherwise. This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SP800_108_COUNTER_HMAC_BASE)
+
+ /** Macro to build a NIST SP 800-108 conformant, counter-mode KDF algorithm based on CMAC.
+ *
+ * This is a CMAC-based, counter mode key derivation function, using the construction recommended
+ * specified by SP800-108, §4.1.
+ *
+ * This key derivation algorithm uses the following inputs:
+ * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret input keying material, K_in.
+ * This must be a block-cipher key that is compatible with the CMAC algorithm,
+ * and must be input using psa_key_derivation_input_key(). See also #PSA_ALG_CMAC.
+ * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
+ * It is optional; if omitted, the label is a zero-length string. If provided, it must not contain any null bytes.
+ * - #PSA_KEY_DERIVATION_INPUT_CONTEXT is the context.
+ * It is optional; if omitted, the context is a zero-length string.
+ * Each input can only be passed once. Inputs must be passed in the order above.
+ *
+ * This algorithm uses the output length as part of the derivation process. In the derivation this value is L,
+ * the required output size in bits. After setup, the initial capacity of the key derivation operation is
+ * 2^29 - 1 bytes (0x1fffffff). The capacity can be set to a lower value by calling psa_key_derivation_set_capacity().
+ * When the first output is requested, the value of L is calculated as L = 8 * cap, where cap is the value of
+ * psa_key_derivation_get_capacity().
+ * Subsequent calls to psa_key_derivation_set_capacity() are not permitted for this algorithm.
+ *
+ * The derivation is constructed as described in SP800-108 §4.1, , with the following details:
+ * - The iteration counter i and output length L are encoded as big-endian, 32-bit values.
+ * - The mitigation to make the CMAC-based construction robust is implemented.
+ *
+ * The resulting output stream K_1 || K_2 || K_3 || ... is computed as:
+ *
+ * K_0 = CMAC( K_in, label || 0x00 || context || [L]4 )
+ * K_i = CMAC( K_in, [i]4 || label || 0x00 || context || [L]4 || K_0), for i = 1, 2, 3, ...
+ * Where [x]n is the big-endian, n-byte encoding of the integer x.
+ *
+ * \return The corresponding counter-mode KDF algorithm.
+ */
+#define PSA_ALG_SP800_108_COUNTER_CMAC ((psa_algorithm_t) 0x08000800)
+
+#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
+#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
/** Macro to build a combined algorithm that chains a key agreement with
* a key derivation.
@@ -2162,7 +2275,7 @@
* It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
* in bits.
*/
-#define PSA_ALG_FFDH ((psa_algorithm_t)0x09010000)
+#define PSA_ALG_FFDH ((psa_algorithm_t) 0x09010000)
/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
*
@@ -2204,7 +2317,7 @@
* in big-endian byte order.
* The bit size is `m` for the field `F_{2^m}`.
*/
-#define PSA_ALG_ECDH ((psa_algorithm_t)0x09020000)
+#define PSA_ALG_ECDH ((psa_algorithm_t) 0x09020000)
/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
* algorithm.
@@ -2255,7 +2368,7 @@
* \return \c 0 if alg is not a composite algorithm that uses a hash.
*/
#define PSA_ALG_GET_HASH(alg) \
- (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff))
+ (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t) 0) : 0x02000000 | ((alg) & 0x000000ff))
/**@}*/
@@ -2279,7 +2392,7 @@
* it must release all the resources associated with the key and erase the
* key material if the calling application terminates.
*/
-#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
+#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)
/** The default lifetime for persistent keys.
*
@@ -2293,31 +2406,31 @@
* application. Integrations of Mbed TLS may support other persistent lifetimes.
* See ::psa_key_lifetime_t for more information.
*/
-#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)
/** The persistence level of volatile keys.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
+#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)
/** The default persistence level for persistent keys.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
+#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)
/** A persistence level indicating that a key is never destroyed.
*
* See ::psa_key_persistence_t for more information.
*/
-#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
+#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)
#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
- ((psa_key_persistence_t)((lifetime) & 0x000000ff))
+ ((psa_key_persistence_t) ((lifetime) & 0x000000ff))
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
- ((psa_key_location_t)((lifetime) >> 8))
+ ((psa_key_location_t) ((lifetime) >> 8))
/** Whether a key lifetime indicates that the key is volatile.
*
@@ -2379,9 +2492,9 @@
*
* See ::psa_key_location_t for more information.
*/
-#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
+#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)
-#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
/* Note that key identifier values are embedded in the
* persistent key store, as part of key metadata. As a consequence, they
@@ -2390,26 +2503,28 @@
/** The null key identifier.
*/
+/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
+/* *INDENT-ON* */
/** The minimum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
+#define PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)
/** The maximum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
+#define PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)
/** The minimum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
+#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)
/** The maximum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
+#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
+#define MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) (id)
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) (0)
/** Utility to initialize a key identifier at runtime.
*
@@ -2417,11 +2532,11 @@
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
- unsigned int unused, psa_key_id_t key_id )
+ unsigned int unused, psa_key_id_t key_id)
{
- (void)unused;
+ (void) unused;
- return( key_id );
+ return key_id;
}
/** Compare two key identifiers.
@@ -2431,10 +2546,10 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
- mbedtls_svc_key_id_t id2 )
+static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
+ mbedtls_svc_key_id_t id2)
{
- return( id1 == id2 );
+ return id1 == id2;
}
/** Check whether a key identifier is null.
@@ -2443,16 +2558,16 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*
* \return Non-zero if the key identifier is null, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
+static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
- return( key == 0 );
+ return key == 0;
}
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).MBEDTLS_PRIVATE(key_id) )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).MBEDTLS_PRIVATE(owner) )
+#define MBEDTLS_SVC_KEY_ID_INIT ((mbedtls_svc_key_id_t){ 0, 0 })
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) ((id).MBEDTLS_PRIVATE(key_id))
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) ((id).MBEDTLS_PRIVATE(owner))
/** Utility to initialize a key identifier at runtime.
*
@@ -2460,10 +2575,10 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
- mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
+ mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
{
- return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
- .MBEDTLS_PRIVATE(owner) = owner_id } );
+ return (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
+ .MBEDTLS_PRIVATE(owner) = owner_id };
}
/** Compare two key identifiers.
@@ -2473,11 +2588,11 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
- mbedtls_svc_key_id_t id2 )
+static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
+ mbedtls_svc_key_id_t id2)
{
- return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
- mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
+ return (id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id)) &&
+ mbedtls_key_owner_id_equal(id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner));
}
/** Check whether a key identifier is null.
@@ -2486,9 +2601,9 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*
* \return Non-zero if the key identifier is null, zero otherwise.
*/
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
+static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
{
- return( key.MBEDTLS_PRIVATE(key_id) == 0 );
+ return key.MBEDTLS_PRIVATE(key_id) == 0;
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@@ -2515,7 +2630,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* The key may however be exportable in a wrapped form, i.e. in a form
* where it is encrypted by another key.
*/
-#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
+#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t) 0x00000001)
/** Whether the key may be copied.
*
@@ -2531,7 +2646,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
* is sufficient to permit the copy.
*/
-#define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
+#define PSA_KEY_USAGE_COPY ((psa_key_usage_t) 0x00000002)
/** Whether the key may be used to encrypt a message.
*
@@ -2542,7 +2657,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
+#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t) 0x00000100)
/** Whether the key may be used to decrypt a message.
*
@@ -2553,7 +2668,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
+#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t) 0x00000200)
/** Whether the key may be used to sign a message.
*
@@ -2563,7 +2678,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
+#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t) 0x00000400)
/** Whether the key may be used to verify a message.
*
@@ -2573,7 +2688,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
+#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t) 0x00000800)
/** Whether the key may be used to sign a message.
*
@@ -2583,7 +2698,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the private key.
*/
-#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000)
+#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t) 0x00001000)
/** Whether the key may be used to verify a message signature.
*
@@ -2593,7 +2708,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*
* For a key pair, this concerns the public key.
*/
-#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
+#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t) 0x00002000)
/** Whether the key may be used to derive other keys or produce a password
* hash.
@@ -2607,7 +2722,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* permits calling psa_key_derivation_output_bytes() or
* psa_key_derivation_output_key() at the end of the operation.
*/
-#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
+#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t) 0x00004000)
/** Whether the key may be used to verify the result of a key derivation,
* including password hashing.
@@ -2622,7 +2737,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* permits calling psa_key_derivation_verify_bytes() or
* psa_key_derivation_verify_key() at the end of the operation.
*/
-#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000)
+#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t) 0x00008000)
/**@}*/
@@ -2648,7 +2763,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* psa_key_derivation_verify_key(), but not
* psa_key_derivation_output_key().
*/
-#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
+#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t) 0x0101)
/** A low-entropy secret input for password hashing / key stretching.
*
@@ -2666,7 +2781,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* psa_key_derivation_verify_key(), but not
* psa_key_derivation_output_key().
*/
-#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)
+#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t) 0x0102)
/** A high-entropy additional secret input for key derivation.
*
@@ -2676,14 +2791,14 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* a direct input passed to `psa_key_derivation_input_bytes()`.
*/
#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET \
- ((psa_key_derivation_step_t)0x0103)
+ ((psa_key_derivation_step_t) 0x0103)
/** A label for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
+#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t) 0x0201)
/** A salt for key derivation.
*
@@ -2691,27 +2806,34 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA or
* #PSA_KEY_TYPE_PEPPER.
*/
-#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
+#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t) 0x0202)
/** An information string for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
+#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t) 0x0203)
/** A seed for key derivation.
*
* This should be a direct input.
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
*/
-#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
+#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t) 0x0204)
/** A cost parameter for password hashing / key stretching.
*
* This must be a direct input, passed to psa_key_derivation_input_integer().
*/
-#define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t)0x0205)
+#define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t) 0x0205)
+
+/** A context for key derivation.
+ *
+ * This should be a direct input.
+ * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
+ */
+#define PSA_KEY_DERIVATION_INPUT_CONTEXT ((psa_key_derivation_step_t) 0x0206)
/**@}*/
@@ -2738,4 +2860,18 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
/**@}*/
+/**@}*/
+
+/** \defgroup interruptible Interruptible operations
+ * @{
+ */
+
+/** Maximum value for use with \c psa_interruptible_set_max_ops() to determine
+ * the maximum number of ops allowed to be executed by an interruptible
+ * function in a single call.
+ */
+#define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED UINT32_MAX
+
+/**@}*/
+
#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/ext/oberon/psa/core/library/alignment.h b/ext/oberon/psa/core/library/alignment.h
new file mode 100644
index 000000000000..ab15986e5176
--- /dev/null
+++ b/ext/oberon/psa/core/library/alignment.h
@@ -0,0 +1,521 @@
+/**
+ * \file alignment.h
+ *
+ * \brief Utility code for dealing with unaligned memory accesses
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_LIBRARY_ALIGNMENT_H
+#define MBEDTLS_LIBRARY_ALIGNMENT_H
+
+#include
+#include
+#include
+
+/*
+ * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory
+ * accesses are known to be efficient.
+ *
+ * All functions defined here will behave correctly regardless, but might be less
+ * efficient when this is not defined.
+ */
+#if defined(__ARM_FEATURE_UNALIGNED) \
+ || defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
+/*
+ * __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9
+ * (and later versions) for Arm v7 and later; all x86 platforms should have
+ * efficient unaligned access.
+ */
+#define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS
+#endif
+
+/**
+ * Read the unsigned 16 bits integer from the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 2 bytes of data
+ * \return Data at the given address
+ */
+inline uint16_t mbedtls_get_unaligned_uint16(const void *p)
+{
+ uint16_t r;
+ memcpy(&r, p, sizeof(r));
+ return r;
+}
+
+/**
+ * Write the unsigned 16 bits integer to the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 2 bytes of data
+ * \param x data to write
+ */
+inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x)
+{
+ memcpy(p, &x, sizeof(x));
+}
+
+/**
+ * Read the unsigned 32 bits integer from the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 4 bytes of data
+ * \return Data at the given address
+ */
+inline uint32_t mbedtls_get_unaligned_uint32(const void *p)
+{
+ uint32_t r;
+ memcpy(&r, p, sizeof(r));
+ return r;
+}
+
+/**
+ * Write the unsigned 32 bits integer to the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 4 bytes of data
+ * \param x data to write
+ */
+inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x)
+{
+ memcpy(p, &x, sizeof(x));
+}
+
+/**
+ * Read the unsigned 64 bits integer from the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 8 bytes of data
+ * \return Data at the given address
+ */
+inline uint64_t mbedtls_get_unaligned_uint64(const void *p)
+{
+ uint64_t r;
+ memcpy(&r, p, sizeof(r));
+ return r;
+}
+
+/**
+ * Write the unsigned 64 bits integer to the given address, which need not
+ * be aligned.
+ *
+ * \param p pointer to 8 bytes of data
+ * \param x data to write
+ */
+inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x)
+{
+ memcpy(p, &x, sizeof(x));
+}
+
+/** Byte Reading Macros
+ *
+ * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
+ * byte from x, where byte 0 is the least significant byte.
+ */
+#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff))
+#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff))
+#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff))
+#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff))
+#define MBEDTLS_BYTE_4(x) ((uint8_t) (((x) >> 32) & 0xff))
+#define MBEDTLS_BYTE_5(x) ((uint8_t) (((x) >> 40) & 0xff))
+#define MBEDTLS_BYTE_6(x) ((uint8_t) (((x) >> 48) & 0xff))
+#define MBEDTLS_BYTE_7(x) ((uint8_t) (((x) >> 56) & 0xff))
+
+/*
+ * Detect GCC built-in byteswap routines
+ */
+#if defined(__GNUC__) && defined(__GNUC_PREREQ)
+#if __GNUC_PREREQ(4, 8)
+#define MBEDTLS_BSWAP16 __builtin_bswap16
+#endif /* __GNUC_PREREQ(4,8) */
+#if __GNUC_PREREQ(4, 3)
+#define MBEDTLS_BSWAP32 __builtin_bswap32
+#define MBEDTLS_BSWAP64 __builtin_bswap64
+#endif /* __GNUC_PREREQ(4,3) */
+#endif /* defined(__GNUC__) && defined(__GNUC_PREREQ) */
+
+/*
+ * Detect Clang built-in byteswap routines
+ */
+#if defined(__clang__) && defined(__has_builtin)
+#if __has_builtin(__builtin_bswap16) && !defined(MBEDTLS_BSWAP16)
+#define MBEDTLS_BSWAP16 __builtin_bswap16
+#endif /* __has_builtin(__builtin_bswap16) */
+#if __has_builtin(__builtin_bswap32) && !defined(MBEDTLS_BSWAP32)
+#define MBEDTLS_BSWAP32 __builtin_bswap32
+#endif /* __has_builtin(__builtin_bswap32) */
+#if __has_builtin(__builtin_bswap64) && !defined(MBEDTLS_BSWAP64)
+#define MBEDTLS_BSWAP64 __builtin_bswap64
+#endif /* __has_builtin(__builtin_bswap64) */
+#endif /* defined(__clang__) && defined(__has_builtin) */
+
+/*
+ * Detect MSVC built-in byteswap routines
+ */
+#if defined(_MSC_VER)
+#if !defined(MBEDTLS_BSWAP16)
+#define MBEDTLS_BSWAP16 _byteswap_ushort
+#endif
+#if !defined(MBEDTLS_BSWAP32)
+#define MBEDTLS_BSWAP32 _byteswap_ulong
+#endif
+#if !defined(MBEDTLS_BSWAP64)
+#define MBEDTLS_BSWAP64 _byteswap_uint64
+#endif
+#endif /* defined(_MSC_VER) */
+
+/* Detect armcc built-in byteswap routine */
+#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 410000) && !defined(MBEDTLS_BSWAP32)
+#if defined(__ARM_ACLE) /* ARM Compiler 6 - earlier versions don't need a header */
+#include
+#endif
+#define MBEDTLS_BSWAP32 __rev
+#endif
+
+/*
+ * Where compiler built-ins are not present, fall back to C code that the
+ * compiler may be able to detect and transform into the relevant bswap or
+ * similar instruction.
+ */
+#if !defined(MBEDTLS_BSWAP16)
+static inline uint16_t mbedtls_bswap16(uint16_t x)
+{
+ return
+ (x & 0x00ff) << 8 |
+ (x & 0xff00) >> 8;
+}
+#define MBEDTLS_BSWAP16 mbedtls_bswap16
+#endif /* !defined(MBEDTLS_BSWAP16) */
+
+#if !defined(MBEDTLS_BSWAP32)
+static inline uint32_t mbedtls_bswap32(uint32_t x)
+{
+ return
+ (x & 0x000000ff) << 24 |
+ (x & 0x0000ff00) << 8 |
+ (x & 0x00ff0000) >> 8 |
+ (x & 0xff000000) >> 24;
+}
+#define MBEDTLS_BSWAP32 mbedtls_bswap32
+#endif /* !defined(MBEDTLS_BSWAP32) */
+
+#if !defined(MBEDTLS_BSWAP64)
+static inline uint64_t mbedtls_bswap64(uint64_t x)
+{
+ return
+ (x & 0x00000000000000ffULL) << 56 |
+ (x & 0x000000000000ff00ULL) << 40 |
+ (x & 0x0000000000ff0000ULL) << 24 |
+ (x & 0x00000000ff000000ULL) << 8 |
+ (x & 0x000000ff00000000ULL) >> 8 |
+ (x & 0x0000ff0000000000ULL) >> 24 |
+ (x & 0x00ff000000000000ULL) >> 40 |
+ (x & 0xff00000000000000ULL) >> 56;
+}
+#define MBEDTLS_BSWAP64 mbedtls_bswap64
+#endif /* !defined(MBEDTLS_BSWAP64) */
+
+#if !defined(__BYTE_ORDER__)
+static const uint16_t mbedtls_byte_order_detector = { 0x100 };
+#define MBEDTLS_IS_BIG_ENDIAN (*((unsigned char *) (&mbedtls_byte_order_detector)) == 0x01)
+#else
+#define MBEDTLS_IS_BIG_ENDIAN ((__BYTE_ORDER__) == (__ORDER_BIG_ENDIAN__))
+#endif /* !defined(__BYTE_ORDER__) */
+
+/**
+ * Get the unsigned 32 bits integer corresponding to four bytes in
+ * big-endian order (MSB first).
+ *
+ * \param data Base address of the memory to get the four bytes from.
+ * \param offset Offset from \p data of the first and most significant
+ * byte of the four bytes to build the 32 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT32_BE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? mbedtls_get_unaligned_uint32((data) + (offset)) \
+ : MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \
+ )
+
+/**
+ * Put in memory a 32 bits unsigned integer in big-endian order.
+ *
+ * \param n 32 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 32
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the most significant
+ * byte of the 32 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT32_BE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \
+ } \
+ }
+
+/**
+ * Get the unsigned 32 bits integer corresponding to four bytes in
+ * little-endian order (LSB first).
+ *
+ * \param data Base address of the memory to get the four bytes from.
+ * \param offset Offset from \p data of the first and least significant
+ * byte of the four bytes to build the 32 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT32_LE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \
+ : mbedtls_get_unaligned_uint32((data) + (offset)) \
+ )
+
+
+/**
+ * Put in memory a 32 bits unsigned integer in little-endian order.
+ *
+ * \param n 32 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 32
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the least significant
+ * byte of the 32 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT32_LE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint32((data) + (offset), ((uint32_t) (n))); \
+ } \
+ }
+
+/**
+ * Get the unsigned 16 bits integer corresponding to two bytes in
+ * little-endian order (LSB first).
+ *
+ * \param data Base address of the memory to get the two bytes from.
+ * \param offset Offset from \p data of the first and least significant
+ * byte of the two bytes to build the 16 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT16_LE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \
+ : mbedtls_get_unaligned_uint16((data) + (offset)) \
+ )
+
+/**
+ * Put in memory a 16 bits unsigned integer in little-endian order.
+ *
+ * \param n 16 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 16
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the least significant
+ * byte of the 16 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT16_LE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \
+ } \
+ }
+
+/**
+ * Get the unsigned 16 bits integer corresponding to two bytes in
+ * big-endian order (MSB first).
+ *
+ * \param data Base address of the memory to get the two bytes from.
+ * \param offset Offset from \p data of the first and most significant
+ * byte of the two bytes to build the 16 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT16_BE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? mbedtls_get_unaligned_uint16((data) + (offset)) \
+ : MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \
+ )
+
+/**
+ * Put in memory a 16 bits unsigned integer in big-endian order.
+ *
+ * \param n 16 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 16
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the most significant
+ * byte of the 16 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT16_BE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \
+ } \
+ }
+
+/**
+ * Get the unsigned 24 bits integer corresponding to three bytes in
+ * big-endian order (MSB first).
+ *
+ * \param data Base address of the memory to get the three bytes from.
+ * \param offset Offset from \p data of the first and most significant
+ * byte of the three bytes to build the 24 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT24_BE(data, offset) \
+ ( \
+ ((uint32_t) (data)[(offset)] << 16) \
+ | ((uint32_t) (data)[(offset) + 1] << 8) \
+ | ((uint32_t) (data)[(offset) + 2]) \
+ )
+
+/**
+ * Put in memory a 24 bits unsigned integer in big-endian order.
+ *
+ * \param n 24 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 24
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the most significant
+ * byte of the 24 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT24_BE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_2(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_0(n); \
+ }
+
+/**
+ * Get the unsigned 24 bits integer corresponding to three bytes in
+ * little-endian order (LSB first).
+ *
+ * \param data Base address of the memory to get the three bytes from.
+ * \param offset Offset from \p data of the first and least significant
+ * byte of the three bytes to build the 24 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT24_LE(data, offset) \
+ ( \
+ ((uint32_t) (data)[(offset)]) \
+ | ((uint32_t) (data)[(offset) + 1] << 8) \
+ | ((uint32_t) (data)[(offset) + 2] << 16) \
+ )
+
+/**
+ * Put in memory a 24 bits unsigned integer in little-endian order.
+ *
+ * \param n 24 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 24
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the least significant
+ * byte of the 24 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT24_LE(n, data, offset) \
+ { \
+ (data)[(offset)] = MBEDTLS_BYTE_0(n); \
+ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \
+ (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \
+ }
+
+/**
+ * Get the unsigned 64 bits integer corresponding to eight bytes in
+ * big-endian order (MSB first).
+ *
+ * \param data Base address of the memory to get the eight bytes from.
+ * \param offset Offset from \p data of the first and most significant
+ * byte of the eight bytes to build the 64 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT64_BE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? mbedtls_get_unaligned_uint64((data) + (offset)) \
+ : MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \
+ )
+
+/**
+ * Put in memory a 64 bits unsigned integer in big-endian order.
+ *
+ * \param n 64 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 64
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the most significant
+ * byte of the 64 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT64_BE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \
+ } \
+ }
+
+/**
+ * Get the unsigned 64 bits integer corresponding to eight bytes in
+ * little-endian order (LSB first).
+ *
+ * \param data Base address of the memory to get the eight bytes from.
+ * \param offset Offset from \p data of the first and least significant
+ * byte of the eight bytes to build the 64 bits unsigned
+ * integer from.
+ */
+#define MBEDTLS_GET_UINT64_LE(data, offset) \
+ ((MBEDTLS_IS_BIG_ENDIAN) \
+ ? MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \
+ : mbedtls_get_unaligned_uint64((data) + (offset)) \
+ )
+
+/**
+ * Put in memory a 64 bits unsigned integer in little-endian order.
+ *
+ * \param n 64 bits unsigned integer to put in memory.
+ * \param data Base address of the memory where to put the 64
+ * bits unsigned integer in.
+ * \param offset Offset from \p data where to put the least significant
+ * byte of the 64 bits unsigned integer \p n.
+ */
+#define MBEDTLS_PUT_UINT64_LE(n, data, offset) \
+ { \
+ if (MBEDTLS_IS_BIG_ENDIAN) \
+ { \
+ mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \
+ } \
+ else \
+ { \
+ mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \
+ } \
+ }
+
+#endif /* MBEDTLS_LIBRARY_ALIGNMENT_H */
diff --git a/ext/oberon/psa/core/library/bignum_mod.h b/ext/oberon/psa/core/library/bignum_mod.h
new file mode 100644
index 000000000000..39e8fd218bea
--- /dev/null
+++ b/ext/oberon/psa/core/library/bignum_mod.h
@@ -0,0 +1,464 @@
+/**
+ * Modular bignum functions
+ *
+ * This module implements operations on integers modulo some fixed modulus.
+ *
+ * The functions in this module obey the following conventions unless
+ * explicitly indicated otherwise:
+ *
+ * - **Modulus parameters**: the modulus is passed as a pointer to a structure
+ * of type #mbedtls_mpi_mod_modulus. The structure must be set up with an
+ * array of limbs storing the bignum value of the modulus. The modulus must
+ * be odd and is assumed to have no leading zeroes. The modulus is usually
+ * named \c N and is usually input-only. Functions which take a parameter
+ * of type \c const #mbedtls_mpi_mod_modulus* must not modify its value.
+ * - **Bignum parameters**: Bignums are passed as pointers to an array of
+ * limbs or to a #mbedtls_mpi_mod_residue structure. A limb has the type
+ * #mbedtls_mpi_uint. Residues must be initialized before use, and must be
+ * associated with the modulus \c N. Unless otherwise specified:
+ * - Bignum parameters called \c A, \c B, ... are inputs and are not
+ * modified by the function. Functions which take a parameter of
+ * type \c const #mbedtls_mpi_mod_residue* must not modify its value.
+ * - Bignum parameters called \c X, \c Y, ... are outputs or input-output.
+ * The initial bignum value of output-only parameters is ignored, but
+ * they must be set up and associated with the modulus \c N. Some
+ * functions (typically constant-flow) require that the limbs in an
+ * output residue are initialized.
+ * - Bignum parameters called \c p are inputs used to set up a modulus or
+ * residue. These must be pointers to an array of limbs.
+ * - \c T is a temporary storage area. The initial content of such a
+ * parameter is ignored and the final content is unspecified.
+ * - Some functions use different names, such as \c r for the residue.
+ * - **Bignum sizes**: bignum sizes are always expressed in limbs. Both
+ * #mbedtls_mpi_mod_modulus and #mbedtls_mpi_mod_residue have a \c limbs
+ * member storing its size. All bignum parameters must have the same
+ * number of limbs as the modulus. All bignum sizes must be at least 1 and
+ * must be significantly less than #SIZE_MAX. The behavior if a size is 0 is
+ * undefined.
+ * - **Bignum representation**: the representation of inputs and outputs is
+ * specified by the \c int_rep field of the modulus.
+ * - **Parameter ordering**: for bignum parameters, outputs come before inputs.
+ * The modulus is passed after residues. Temporaries come last.
+ * - **Aliasing**: in general, output bignums may be aliased to one or more
+ * inputs. Modulus values may not be aliased to any other parameter. Outputs
+ * may not be aliased to one another. Temporaries may not be aliased to any
+ * other parameter.
+ * - **Overlap**: apart from aliasing of residue pointers (where two residue
+ * arguments are equal pointers), overlap is not supported and may result
+ * in undefined behavior.
+ * - **Error handling**: functions generally check compatibility of input
+ * sizes. Most functions will not check that input values are in canonical
+ * form (i.e. that \c A < \c N), this is only checked during setup of a
+ * residue structure.
+ * - **Modular representatives**: all functions expect inputs to be in the
+ * range [0, \c N - 1] and guarantee outputs in the range [0, \c N - 1].
+ * Residues are set up with an associated modulus, and operations are only
+ * guaranteed to work if the modulus is associated with all residue
+ * parameters. If a residue is passed with a modulus other than the one it
+ * is associated with, then it may be out of range. If an input is out of
+ * range, outputs are fully unspecified, though bignum values out of range
+ * should not cause buffer overflows (beware that this is not extensively
+ * tested).
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_BIGNUM_MOD_H
+#define MBEDTLS_BIGNUM_MOD_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+/** How residues associated with a modulus are represented.
+ *
+ * This also determines which fields of the modulus structure are valid and
+ * what their contents are (see #mbedtls_mpi_mod_modulus).
+ */
+typedef enum {
+ /** Representation not chosen (makes the modulus structure invalid). */
+ MBEDTLS_MPI_MOD_REP_INVALID = 0,
+ /* Skip 1 as it is slightly easier to accidentally pass to functions. */
+ /** Montgomery representation. */
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2,
+ /* Optimised reduction available. This indicates a coordinate modulus (P)
+ * and one or more of the following have been configured:
+ * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
+ * - A Kobliz Curve.
+ * - A Fast Reduction Curve CURVE25519 or CURVE448. */
+ MBEDTLS_MPI_MOD_REP_OPT_RED,
+} mbedtls_mpi_mod_rep_selector;
+
+/* Make mbedtls_mpi_mod_rep_selector and mbedtls_mpi_mod_ext_rep disjoint to
+ * make it easier to catch when they are accidentally swapped. */
+typedef enum {
+ MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0,
+ MBEDTLS_MPI_MOD_EXT_REP_LE = 8,
+ MBEDTLS_MPI_MOD_EXT_REP_BE
+} mbedtls_mpi_mod_ext_rep;
+
+typedef struct {
+ mbedtls_mpi_uint *p;
+ size_t limbs;
+} mbedtls_mpi_mod_residue;
+
+typedef struct {
+ mbedtls_mpi_uint const *rr; /* The residue for 2^{2*n*biL} mod N */
+ mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
+} mbedtls_mpi_mont_struct;
+
+typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs);
+
+typedef struct {
+ mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */
+} mbedtls_mpi_opt_red_struct;
+
+typedef struct {
+ const mbedtls_mpi_uint *p;
+ size_t limbs; // number of limbs
+ size_t bits; // bitlen of p
+ mbedtls_mpi_mod_rep_selector int_rep; // selector to signal the active member of the union
+ union rep {
+ /* if int_rep == #MBEDTLS_MPI_MOD_REP_MONTGOMERY */
+ mbedtls_mpi_mont_struct mont;
+ /* if int_rep == #MBEDTLS_MPI_MOD_REP_OPT_RED */
+ mbedtls_mpi_opt_red_struct ored;
+ } rep;
+} mbedtls_mpi_mod_modulus;
+
+/** Setup a residue structure.
+ *
+ * The residue will be set up with the buffer \p p and modulus \p N.
+ *
+ * The memory pointed to by \p p will be used by the resulting residue structure.
+ * The value at the pointed-to memory will be the initial value of \p r and must
+ * hold a value that is less than the modulus. This value will be used as-is
+ * and interpreted according to the value of the `N->int_rep` field.
+ *
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N.
+ *
+ * \param[out] r The address of the residue to setup.
+ * \param[in] N The address of the modulus related to \p r.
+ * \param[in] p The address of the limb array containing the value of \p r.
+ * The memory pointed to by \p p will be used by \p r and must
+ * not be modified in any way until after
+ * mbedtls_mpi_mod_residue_release() is called. The data
+ * pointed to by \p p must be less than the modulus (the value
+ * pointed to by `N->p`) and already in the representation
+ * indicated by `N->int_rep`.
+ * \param p_limbs The number of limbs of \p p. Must be the same as the number
+ * of limbs in the modulus \p N.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the
+ * limbs in \p N or if \p p is not less than \p N.
+ */
+int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
+ const mbedtls_mpi_mod_modulus *N,
+ mbedtls_mpi_uint *p,
+ size_t p_limbs);
+
+/** Unbind elements of a residue structure.
+ *
+ * This function removes the reference to the limb array that was passed to
+ * mbedtls_mpi_mod_residue_setup() to make it safe to free or use again.
+ *
+ * This function invalidates \p r and it must not be used until after
+ * mbedtls_mpi_mod_residue_setup() is called on it again.
+ *
+ * \param[out] r The address of residue to release.
+ */
+void mbedtls_mpi_mod_residue_release(mbedtls_mpi_mod_residue *r);
+
+/** Initialize a modulus structure.
+ *
+ * \param[out] N The address of the modulus structure to initialize.
+ */
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
+
+/** Setup a modulus structure.
+ *
+ * \param[out] N The address of the modulus structure to populate.
+ * \param[in] p The address of the limb array storing the value of \p N.
+ * The memory pointed to by \p p will be used by \p N and must
+ * not be modified in any way until after
+ * mbedtls_mpi_mod_modulus_free() is called.
+ * \param p_limbs The number of limbs of \p p.
+ *
+ * \return \c 0 if successful.
+ */
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs);
+
+/** Setup an optimised-reduction compatible modulus structure.
+ *
+ * \param[out] N The address of the modulus structure to populate.
+ * \param[in] p The address of the limb array storing the value of \p N.
+ * The memory pointed to by \p p will be used by \p N and must
+ * not be modified in any way until after
+ * mbedtls_mpi_mod_modulus_free() is called.
+ * \param p_limbs The number of limbs of \p p.
+ * \param modp A pointer to the optimised reduction function to use. \p p.
+ *
+ * \return \c 0 if successful.
+ */
+int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs,
+ mbedtls_mpi_modp_fn modp);
+
+/** Free elements of a modulus structure.
+ *
+ * This function frees any memory allocated by mbedtls_mpi_mod_modulus_setup().
+ *
+ * \warning This function does not free the limb array passed to
+ * mbedtls_mpi_mod_modulus_setup() only removes the reference to it,
+ * making it safe to free or to use it again.
+ *
+ * \param[in,out] N The address of the modulus structure to free.
+ */
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N);
+
+/** \brief Multiply two residues, returning the residue modulo the specified
+ * modulus.
+ *
+ * \note Currently handles the case when `N->int_rep` is
+ * MBEDTLS_MPI_MOD_REP_MONTGOMERY.
+ *
+ * The size of the operation is determined by \p N. \p A, \p B and \p X must
+ * all be associated with the modulus \p N and must all have the same number
+ * of limbs as \p N.
+ *
+ * \p X may be aliased to \p A or \p B, or even both, but may not overlap
+ * either otherwise. They may not alias \p N (since they must be in canonical
+ * form, they cannot == \p N).
+ *
+ * \param[out] X The address of the result MPI. Must have the same
+ * number of limbs as \p N.
+ * On successful completion, \p X contains the result of
+ * the multiplication `A * B * R^-1` mod N where
+ * `R = 2^(biL * N->limbs)`.
+ * \param[in] A The address of the first MPI.
+ * \param[in] B The address of the second MPI.
+ * \param[in] N The address of the modulus. Used to perform a modulo
+ * operation on the result of the multiplication.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if all the parameters do not
+ * have the same number of limbs or \p N is invalid.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ */
+int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
+ const mbedtls_mpi_mod_residue *A,
+ const mbedtls_mpi_mod_residue *B,
+ const mbedtls_mpi_mod_modulus *N);
+
+/**
+ * \brief Perform a fixed-size modular subtraction.
+ *
+ * Calculate `A - B modulo N`.
+ *
+ * \p A, \p B and \p X must all have the same number of limbs as \p N.
+ *
+ * \p X may be aliased to \p A or \p B, or even both, but may not overlap
+ * either otherwise.
+ *
+ * \note This function does not check that \p A or \p B are in canonical
+ * form (that is, are < \p N) - that will have been done by
+ * mbedtls_mpi_mod_residue_setup().
+ *
+ * \param[out] X The address of the result MPI. Must be initialized.
+ * Must have the same number of limbs as the modulus \p N.
+ * \param[in] A The address of the first MPI.
+ * \param[in] B The address of the second MPI.
+ * \param[in] N The address of the modulus. Used to perform a modulo
+ * operation on the result of the subtraction.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the given MPIs do not
+ * have the correct number of limbs.
+ */
+int mbedtls_mpi_mod_sub(mbedtls_mpi_mod_residue *X,
+ const mbedtls_mpi_mod_residue *A,
+ const mbedtls_mpi_mod_residue *B,
+ const mbedtls_mpi_mod_modulus *N);
+
+/**
+ * \brief Perform modular inversion of an MPI with respect to a modulus \p N.
+ *
+ * \p A and \p X must be associated with the modulus \p N and will therefore
+ * have the same number of limbs as \p N.
+ *
+ * \p X may be aliased to \p A.
+ *
+ * \warning Currently only supports prime moduli, but does not check for them.
+ *
+ * \param[out] X The modular inverse of \p A with respect to \p N.
+ * \param[in] A The number to calculate the modular inverse of.
+ * Must not be 0.
+ * \param[in] N The modulus to use.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p A and \p N do not
+ * have the same number of limbs.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p A is zero.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if couldn't allocate enough
+ * memory (needed for conversion to and from Mongtomery form
+ * when not in Montgomery form already, and for temporary use
+ * by the inversion calculation itself).
+ */
+
+int mbedtls_mpi_mod_inv(mbedtls_mpi_mod_residue *X,
+ const mbedtls_mpi_mod_residue *A,
+ const mbedtls_mpi_mod_modulus *N);
+/**
+ * \brief Perform a fixed-size modular addition.
+ *
+ * Calculate `A + B modulo N`.
+ *
+ * \p A, \p B and \p X must all be associated with the modulus \p N and must
+ * all have the same number of limbs as \p N.
+ *
+ * \p X may be aliased to \p A or \p B, or even both, but may not overlap
+ * either otherwise.
+ *
+ * \note This function does not check that \p A or \p B are in canonical
+ * form (that is, are < \p N) - that will have been done by
+ * mbedtls_mpi_mod_residue_setup().
+ *
+ * \param[out] X The address of the result residue. Must be initialized.
+ * Must have the same number of limbs as the modulus \p N.
+ * \param[in] A The address of the first input residue.
+ * \param[in] B The address of the second input residue.
+ * \param[in] N The address of the modulus. Used to perform a modulo
+ * operation on the result of the addition.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the given MPIs do not
+ * have the correct number of limbs.
+ */
+int mbedtls_mpi_mod_add(mbedtls_mpi_mod_residue *X,
+ const mbedtls_mpi_mod_residue *A,
+ const mbedtls_mpi_mod_residue *B,
+ const mbedtls_mpi_mod_modulus *N);
+
+/** Generate a random number uniformly in a range.
+ *
+ * This function generates a random number between \p min inclusive and
+ * \p N exclusive.
+ *
+ * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+ * when the RNG is a suitably parametrized instance of HMAC_DRBG
+ * and \p min is \c 1.
+ *
+ * \note There are `N - min` possible outputs. The lower bound
+ * \p min can be reached, but the upper bound \p N cannot.
+ *
+ * \param X The destination residue.
+ * \param min The minimum value to return. It must be strictly smaller
+ * than \b N.
+ * \param N The modulus.
+ * This is the upper bound of the output range, exclusive.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+ * unable to find a suitable value within a limited number
+ * of attempts. This has a negligible probability if \p N
+ * is significantly larger than \p min, which is the case
+ * for all usual cryptographic applications.
+ */
+int mbedtls_mpi_mod_random(mbedtls_mpi_mod_residue *X,
+ mbedtls_mpi_uint min,
+ const mbedtls_mpi_mod_modulus *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
+
+/** Read a residue from a byte buffer.
+ *
+ * The residue will be automatically converted to the internal representation
+ * based on the value of the `N->int_rep` field.
+ *
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N or a modulus
+ * equivalent to \p N (in the sense that all their fields or memory pointed by
+ * their fields hold the same value).
+ *
+ * \param[out] r The address of the residue. It must have exactly the same
+ * number of limbs as the modulus \p N.
+ * \param[in] N The address of the modulus.
+ * \param[in] buf The input buffer to import from.
+ * \param buflen The length in bytes of \p buf.
+ * \param ext_rep The endianness of the number in the input buffer.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't
+ * large enough to hold the value in \p buf.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep
+ * is invalid or the value in the buffer is not less than \p N.
+ */
+int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
+ const mbedtls_mpi_mod_modulus *N,
+ const unsigned char *buf,
+ size_t buflen,
+ mbedtls_mpi_mod_ext_rep ext_rep);
+
+/** Write a residue into a byte buffer.
+ *
+ * The modulus \p N must be the modulus associated with \p r (see
+ * mbedtls_mpi_mod_residue_setup() and mbedtls_mpi_mod_read()).
+ *
+ * The residue will be automatically converted from the internal representation
+ * based on the value of `N->int_rep` field.
+ *
+ * \warning If the buffer is smaller than `N->bits`, the number of
+ * leading zeroes is leaked through timing. If \p r is
+ * secret, the caller must ensure that \p buflen is at least
+ * (`N->bits`+7)/8.
+ *
+ * \param[in] r The address of the residue. It must have the same number of
+ * limbs as the modulus \p N. (\p r is an input parameter, but
+ * its value will be modified during execution and restored
+ * before the function returns.)
+ * \param[in] N The address of the modulus associated with \p r.
+ * \param[out] buf The output buffer to export to.
+ * \param buflen The length in bytes of \p buf.
+ * \param ext_rep The endianness in which the number should be written into
+ * the output buffer.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+ * large enough to hold the value of \p r (without leading
+ * zeroes).
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep is invalid.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if couldn't allocate enough
+ * memory for conversion. Can occur only for moduli with
+ * MBEDTLS_MPI_MOD_REP_MONTGOMERY.
+ */
+int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
+ const mbedtls_mpi_mod_modulus *N,
+ unsigned char *buf,
+ size_t buflen,
+ mbedtls_mpi_mod_ext_rep ext_rep);
+
+#endif /* MBEDTLS_BIGNUM_MOD_H */
diff --git a/ext/oberon/psa/core/library/check_crypto_config.h b/ext/oberon/psa/core/library/check_crypto_config.h
index b81669e48eaa..bec3df07fc02 100644
--- a/ext/oberon/psa/core/library/check_crypto_config.h
+++ b/ext/oberon/psa/core/library/check_crypto_config.h
@@ -29,104 +29,104 @@
#define MBEDTLS_CHECK_CRYPTO_CONFIG_H
#if defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CBC_NO_PADDING defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CBC_PKCS7 defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CCM) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CCM defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CCM_STAR_NO_TAG defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CMAC) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CMAC defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CTR) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_CTR defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_ECB_NO_PADDING defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_GCM) && \
- !( defined(PSA_WANT_KEY_TYPE_AES) )
+ !(defined(PSA_WANT_KEY_TYPE_AES))
#error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_STREAM_CIPHER) && \
- !( defined(PSA_WANT_KEY_TYPE_CHACHA20) )
+ !(defined(PSA_WANT_KEY_TYPE_CHACHA20))
#error "PSA_WANT_ALG_STREAM_CIPHER defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
- !( ( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) && \
- defined(PSA_WANT_ALG_HMAC) )
+ !((defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) && \
+ defined(PSA_WANT_ALG_HMAC))
#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_ECDSA) && \
- !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_PURE_EDDSA) && \
- !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) && \
- !( defined(PSA_WANT_ECC_TWISTED_EDWARDS_255) || \
- defined(PSA_WANT_ECC_TWISTED_EDWARDS_448) )
+ !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) && \
+ !(defined(PSA_WANT_ECC_TWISTED_EDWARDS_255) || \
+ defined(PSA_WANT_ECC_TWISTED_EDWARDS_448))
#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_ECDH) && \
- !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
#error "PSA_WANT_ALG_ECDH defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_OAEP) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_RSA_PSS) && \
- !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+ !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
#endif
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
!defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR defined, but not all prerequisites"
+#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_CMAC) && \
@@ -165,37 +165,47 @@
#endif
#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \
- !( defined(PSA_WANT_ALG_CMAC) && \
- defined(PSA_WANT_AES_KEY_SIZE_128))
+ !(defined(PSA_WANT_ALG_CMAC) && \
+ defined(PSA_WANT_AES_KEY_SIZE_128))
#error "PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 defined, but not all prerequisites"
#endif
+#if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) && \
+ !defined(PSA_WANT_ALG_HMAC)
+#error "PSA_WANT_ALG_SP800_108_COUNTER_HMAC defined, but not all prerequisites"
+#endif
+
+#if defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC) && \
+ !defined(PSA_WANT_ALG_CMAC)
+#error "PSA_WANT_ALG_SP800_108_COUNTER_CMAC defined, but not all prerequisites"
+#endif
+
#if defined(PSA_WANT_KEY_TYPE_AES) && \
- !( defined(PSA_WANT_AES_KEY_SIZE_128) || \
- defined(PSA_WANT_AES_KEY_SIZE_192) || \
- defined(PSA_WANT_AES_KEY_SIZE_256) )
+ !(defined(PSA_WANT_AES_KEY_SIZE_128) || \
+ defined(PSA_WANT_AES_KEY_SIZE_192) || \
+ defined(PSA_WANT_AES_KEY_SIZE_256))
#error "PSA_WANT_KEY_TYPE_AES defined, but no AES key size"
#endif
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) && \
- !( defined(PSA_WANT_RSA_KEY_SIZE_1024) || \
- defined(PSA_WANT_RSA_KEY_SIZE_1536) || \
- defined(PSA_WANT_RSA_KEY_SIZE_2048) || \
- defined(PSA_WANT_RSA_KEY_SIZE_3072) || \
- defined(PSA_WANT_RSA_KEY_SIZE_4096) || \
- defined(PSA_WANT_RSA_KEY_SIZE_6144) || \
- defined(PSA_WANT_RSA_KEY_SIZE_8192) )
-#error "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR defined, but no RSA key size"
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
+ !(defined(PSA_WANT_RSA_KEY_SIZE_1024) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_1536) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_2048) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_3072) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_4096) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_6144) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_8192))
+#error "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC defined, but no RSA key size"
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
- !( defined(PSA_WANT_RSA_KEY_SIZE_1024) || \
- defined(PSA_WANT_RSA_KEY_SIZE_1536) || \
- defined(PSA_WANT_RSA_KEY_SIZE_2048) || \
- defined(PSA_WANT_RSA_KEY_SIZE_3072) || \
- defined(PSA_WANT_RSA_KEY_SIZE_4096) || \
- defined(PSA_WANT_RSA_KEY_SIZE_6144) || \
- defined(PSA_WANT_RSA_KEY_SIZE_8192) )
+ !(defined(PSA_WANT_RSA_KEY_SIZE_1024) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_1536) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_2048) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_3072) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_4096) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_6144) || \
+ defined(PSA_WANT_RSA_KEY_SIZE_8192))
#error "PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY defined, but no RSA key size"
#endif
diff --git a/ext/oberon/psa/core/library/common.h b/ext/oberon/psa/core/library/common.h
index 25d5294e1ad9..3c472c685daf 100644
--- a/ext/oberon/psa/core/library/common.h
+++ b/ext/oberon/psa/core/library/common.h
@@ -24,9 +24,16 @@
#define MBEDTLS_LIBRARY_COMMON_H
#include "mbedtls/build_info.h"
+#include "alignment.h"
+#include
#include
#include
+#include
+
+#if defined(__ARM_NEON)
+#include
+#endif /* __ARM_NEON */
/** Helper to define a function as static except when building invasive tests.
*
@@ -50,18 +57,56 @@
#endif
#if defined(MBEDTLS_TEST_HOOKS)
-extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const char * file );
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST ) \
- do { \
- if( ( ! ( TEST ) ) && ( ( *mbedtls_test_hook_test_fail ) != NULL ) ) \
- { \
- ( *mbedtls_test_hook_test_fail )( #TEST, __LINE__, __FILE__ ); \
- } \
- } while( 0 )
+extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file);
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \
+ do { \
+ if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \
+ { \
+ (*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \
+ } \
+ } while (0)
#else
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST )
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
#endif /* defined(MBEDTLS_TEST_HOOKS) */
+/** \def ARRAY_LENGTH
+ * Return the number of elements of a static or stack array.
+ *
+ * \param array A value of array (not pointer) type.
+ *
+ * \return The number of elements of the array.
+ */
+/* A correct implementation of ARRAY_LENGTH, but which silently gives
+ * a nonsensical result if called with a pointer rather than an array. */
+#define ARRAY_LENGTH_UNSAFE(array) \
+ (sizeof(array) / sizeof(*(array)))
+
+#if defined(__GNUC__)
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
+ * an array but not if it's a pointer. */
+#define IS_ARRAY_NOT_POINTER(arg) \
+ (!__builtin_types_compatible_p(__typeof__(arg), \
+ __typeof__(&(arg)[0])))
+/* A compile-time constant with the value 0. If `const_expr` is not a
+ * compile-time constant with a nonzero value, cause a compile-time error. */
+#define STATIC_ASSERT_EXPR(const_expr) \
+ (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
+
+/* Return the scalar value `value` (possibly promoted). This is a compile-time
+ * constant if `value` is. `condition` must be a compile-time constant.
+ * If `condition` is false, arrange to cause a compile-time error. */
+#define STATIC_ASSERT_THEN_RETURN(condition, value) \
+ (STATIC_ASSERT_EXPR(condition) ? 0 : (value))
+
+#define ARRAY_LENGTH(array) \
+ (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
+ ARRAY_LENGTH_UNSAFE(array)))
+
+#else
+/* If we aren't sure the compiler supports our non-standard tricks,
+ * fall back to the unsafe implementation. */
+#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
+#endif
/** Allow library to access its structs' private members.
*
* Although structs defined in header files are publicly available,
@@ -69,6 +114,20 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+/**
+ * \brief Securely zeroize a buffer then free it.
+ *
+ * Similar to making consecutive calls to
+ * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has
+ * code size savings, and potential for optimisation in the future.
+ *
+ * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0.
+ *
+ * \param buf Buffer to be zeroized then freed.
+ * \param len Length of the buffer in bytes
+ */
+void mbedtls_zeroize_and_free(void *buf, size_t len);
+
/** Return an offset into a buffer.
*
* This is just the addition of an offset to a pointer, except that this
@@ -85,9 +144,9 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
* buffer is at least \p n + 1.
*/
static inline unsigned char *mbedtls_buffer_offset(
- unsigned char *p, size_t n )
+ unsigned char *p, size_t n)
{
- return( p == NULL ? NULL : p + n );
+ return p == NULL ? NULL : p + n;
}
/** Return an offset into a read-only buffer.
@@ -102,339 +161,177 @@ static inline unsigned char *mbedtls_buffer_offset(
* buffer is at least \p n + 1.
*/
static inline const unsigned char *mbedtls_buffer_offset_const(
- const unsigned char *p, size_t n )
+ const unsigned char *p, size_t n)
{
- return( p == NULL ? NULL : p + n );
+ return p == NULL ? NULL : p + n;
}
-/** Byte Reading Macros
- *
- * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
- * byte from x, where byte 0 is the least significant byte.
- */
-#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) )
-#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) )
-#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
-#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
-#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
-#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
-#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
-#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
-
/**
- * Get the unsigned 32 bits integer corresponding to four bytes in
- * big-endian order (MSB first).
+ * Perform a fast block XOR operation, such that
+ * r[i] = a[i] ^ b[i] where 0 <= i < n
*
- * \param data Base address of the memory to get the four bytes from.
- * \param offset Offset from \p data of the first and most significant
- * byte of the four bytes to build the 32 bits unsigned
- * integer from.
+ * \param r Pointer to result (buffer of at least \p n bytes). \p r
+ * may be equal to either \p a or \p b, but behaviour when
+ * it overlaps in other ways is undefined.
+ * \param a Pointer to input (buffer of at least \p n bytes)
+ * \param b Pointer to input (buffer of at least \p n bytes)
+ * \param n Number of bytes to process.
*/
-#ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE( data , offset ) \
- ( \
- ( (uint32_t) ( data )[( offset ) ] << 24 ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 3] ) \
- )
+inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n)
+{
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(__ARM_NEON)
+ for (; (i + 16) <= n; i += 16) {
+ uint8x16_t v1 = vld1q_u8(a + i);
+ uint8x16_t v2 = vld1q_u8(b + i);
+ uint8x16_t x = veorq_u8(v1, v2);
+ vst1q_u8(r + i, x);
+ }
+#elif defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__)
+ /* This codepath probably only makes sense on architectures with 64-bit registers */
+ for (; (i + 8) <= n; i += 8) {
+ uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
+ mbedtls_put_unaligned_uint64(r + i, x);
+ }
+#else
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
+ mbedtls_put_unaligned_uint32(r + i, x);
+ }
#endif
-
-/**
- * Put in memory a 32 bits unsigned integer in big-endian order.
- *
- * \param n 32 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 32
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the most significant
- * byte of the 32 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \
-}
#endif
+ for (; i < n; i++) {
+ r[i] = a[i] ^ b[i];
+ }
+}
/**
- * Get the unsigned 32 bits integer corresponding to four bytes in
- * little-endian order (LSB first).
+ * Perform a fast block XOR operation, such that
+ * r[i] = a[i] ^ b[i] where 0 <= i < n
*
- * \param data Base address of the memory to get the four bytes from.
- * \param offset Offset from \p data of the first and least significant
- * byte of the four bytes to build the 32 bits unsigned
- * integer from.
- */
-#ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE( data, offset ) \
- ( \
- ( (uint32_t) ( data )[( offset ) ] ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
- | ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \
- )
-#endif
-
-/**
- * Put in memory a 32 bits unsigned integer in little-endian order.
+ * In some situations, this can perform better than mbedtls_xor (e.g., it's about 5%
+ * better in AES-CBC).
*
- * \param n 32 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 32
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the least significant
- * byte of the 32 bits unsigned integer \p n.
+ * \param r Pointer to result (buffer of at least \p n bytes). \p r
+ * may be equal to either \p a or \p b, but behaviour when
+ * it overlaps in other ways is undefined.
+ * \param a Pointer to input (buffer of at least \p n bytes)
+ * \param b Pointer to input (buffer of at least \p n bytes)
+ * \param n Number of bytes to process.
*/
-#ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
-}
+static inline void mbedtls_xor_no_simd(unsigned char *r,
+ const unsigned char *a,
+ const unsigned char *b,
+ size_t n)
+{
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__)
+ /* This codepath probably only makes sense on architectures with 64-bit registers */
+ for (; (i + 8) <= n; i += 8) {
+ uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
+ mbedtls_put_unaligned_uint64(r + i, x);
+ }
+#else
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
+ mbedtls_put_unaligned_uint32(r + i, x);
+ }
#endif
-
-/**
- * Get the unsigned 16 bits integer corresponding to two bytes in
- * little-endian order (LSB first).
- *
- * \param data Base address of the memory to get the two bytes from.
- * \param offset Offset from \p data of the first and least significant
- * byte of the two bytes to build the 16 bits unsigned
- * integer from.
- */
-#ifndef MBEDTLS_GET_UINT16_LE
-#define MBEDTLS_GET_UINT16_LE( data, offset ) \
- ( \
- ( (uint16_t) ( data )[( offset ) ] ) \
- | ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \
- )
#endif
-
-/**
- * Put in memory a 16 bits unsigned integer in little-endian order.
- *
- * \param n 16 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 16
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the least significant
- * byte of the 16 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT16_LE
-#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
+ for (; i < n; i++) {
+ r[i] = a[i] ^ b[i];
+ }
}
-#endif
-/**
- * Get the unsigned 16 bits integer corresponding to two bytes in
- * big-endian order (MSB first).
- *
- * \param data Base address of the memory to get the two bytes from.
- * \param offset Offset from \p data of the first and most significant
- * byte of the two bytes to build the 16 bits unsigned
- * integer from.
+/* Fix MSVC C99 compatible issue
+ * MSVC support __func__ from visual studio 2015( 1900 )
+ * Use MSVC predefine macro to avoid name check fail.
*/
-#ifndef MBEDTLS_GET_UINT16_BE
-#define MBEDTLS_GET_UINT16_BE( data, offset ) \
- ( \
- ( (uint16_t) ( data )[( offset ) ] << 8 ) \
- | ( (uint16_t) ( data )[( offset ) + 1] ) \
- )
+#if (defined(_MSC_VER) && (_MSC_VER <= 1900))
+#define /*no-check-names*/ __func__ __FUNCTION__
#endif
-/**
- * Put in memory a 16 bits unsigned integer in big-endian order.
- *
- * \param n 16 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 16
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the most significant
- * byte of the 16 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT16_BE
-#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \
-}
+/* Define `asm` for compilers which don't define it. */
+/* *INDENT-OFF* */
+#ifndef asm
+#if defined(__IAR_SYSTEMS_ICC__)
+#define asm __asm
+#else
+#define asm __asm__
#endif
-
-/**
- * Get the unsigned 24 bits integer corresponding to three bytes in
- * big-endian order (MSB first).
- *
- * \param data Base address of the memory to get the three bytes from.
- * \param offset Offset from \p data of the first and most significant
- * byte of the three bytes to build the 24 bits unsigned
- * integer from.
- */
-#ifndef MBEDTLS_GET_UINT24_BE
-#define MBEDTLS_GET_UINT24_BE( data , offset ) \
- ( \
- ( (uint32_t) ( data )[( offset ) ] << 16 ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] ) \
- )
#endif
+/* *INDENT-ON* */
-/**
- * Put in memory a 24 bits unsigned integer in big-endian order.
+/*
+ * Define the constraint used for read-only pointer operands to aarch64 asm.
*
- * \param n 24 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 24
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the most significant
- * byte of the 24 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT24_BE
-#define MBEDTLS_PUT_UINT24_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_0( n ); \
-}
-#endif
-
-/**
- * Get the unsigned 24 bits integer corresponding to three bytes in
- * little-endian order (LSB first).
+ * This is normally the usual "r", but for aarch64_32 (aka ILP32,
+ * as found in watchos), "p" is required to avoid warnings from clang.
*
- * \param data Base address of the memory to get the three bytes from.
- * \param offset Offset from \p data of the first and least significant
- * byte of the three bytes to build the 24 bits unsigned
- * integer from.
- */
-#ifndef MBEDTLS_GET_UINT24_LE
-#define MBEDTLS_GET_UINT24_LE( data, offset ) \
- ( \
- ( (uint32_t) ( data )[( offset ) ] ) \
- | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \
- )
-#endif
-
-/**
- * Put in memory a 24 bits unsigned integer in little-endian order.
+ * Note that clang does not recognise '+p' or '=p', and armclang
+ * does not recognise 'p' at all. Therefore, to update a pointer from
+ * aarch64 assembly, it is necessary to use something like:
*
- * \param n 24 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 24
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the least significant
- * byte of the 24 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT24_LE
-#define MBEDTLS_PUT_UINT24_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
-}
-#endif
-
-/**
- * Get the unsigned 64 bits integer corresponding to eight bytes in
- * big-endian order (MSB first).
+ * uintptr_t uptr = (uintptr_t) ptr;
+ * asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
+ * ptr = (void*) uptr;
*
- * \param data Base address of the memory to get the eight bytes from.
- * \param offset Offset from \p data of the first and most significant
- * byte of the eight bytes to build the 64 bits unsigned
- * integer from.
+ * Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
*/
-#ifndef MBEDTLS_GET_UINT64_BE
-#define MBEDTLS_GET_UINT64_BE( data, offset ) \
- ( \
- ( (uint64_t) ( data )[( offset ) ] << 56 ) \
- | ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \
- | ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \
- | ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \
- | ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \
- | ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \
- | ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \
- | ( (uint64_t) ( data )[( offset ) + 7] ) \
- )
+#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
+#if UINTPTR_MAX == 0xfffffffful
+/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
+#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
+#elif UINTPTR_MAX == 0xfffffffffffffffful
+/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
+#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
+#else
+#error "Unrecognised pointer size for aarch64"
+#endif
#endif
-/**
- * Put in memory a 64 bits unsigned integer in big-endian order.
- *
- * \param n 64 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 64
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the most significant
- * byte of the 64 bits unsigned integer \p n.
+/* Always provide a static assert macro, so it can be used unconditionally.
+ * It will expand to nothing on some systems.
+ * Can be used outside functions (but don't add a trailing ';' in that case:
+ * the semicolon is included here to avoid triggering -Wextra-semi when
+ * MBEDTLS_STATIC_ASSERT() expands to nothing).
+ * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
+ * defines static_assert even with -std=c99, but then complains about it.
*/
-#ifndef MBEDTLS_PUT_UINT64_BE
-#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \
- ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \
-}
+#if defined(static_assert) && !defined(__FreeBSD__)
+#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg);
+#else
+#define MBEDTLS_STATIC_ASSERT(expr, msg)
#endif
-/**
- * Get the unsigned 64 bits integer corresponding to eight bytes in
- * little-endian order (LSB first).
- *
- * \param data Base address of the memory to get the eight bytes from.
- * \param offset Offset from \p data of the first and least significant
- * byte of the eight bytes to build the 64 bits unsigned
- * integer from.
- */
-#ifndef MBEDTLS_GET_UINT64_LE
-#define MBEDTLS_GET_UINT64_LE( data, offset ) \
- ( \
- ( (uint64_t) ( data )[( offset ) + 7] << 56 ) \
- | ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \
- | ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \
- | ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \
- | ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \
- | ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \
- | ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \
- | ( (uint64_t) ( data )[( offset ) ] ) \
- )
+/* Define compiler branch hints */
+#if defined(__has_builtin)
+#if __has_builtin(__builtin_expect)
+#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1)
+#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0)
+#endif
+#endif
+#if !defined(MBEDTLS_LIKELY)
+#define MBEDTLS_LIKELY(x) x
+#define MBEDTLS_UNLIKELY(x) x
#endif
-/**
- * Put in memory a 64 bits unsigned integer in little-endian order.
- *
- * \param n 64 bits unsigned integer to put in memory.
- * \param data Base address of the memory where to put the 64
- * bits unsigned integer in.
- * \param offset Offset from \p data where to put the least significant
- * byte of the 64 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT64_LE
-#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \
-{ \
- ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \
- ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \
- ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \
- ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \
- ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \
- ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \
- ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \
- ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \
-}
+#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/* Defined if the compiler really is gcc and not clang, etc */
+#define MBEDTLS_COMPILER_IS_GCC
#endif
-/* Fix MSVC C99 compatible issue
- * MSVC support __func__ from visual studio 2015( 1900 )
- * Use MSVC predefine macro to avoid name check fail.
+/* For gcc -Os, override with -O2 for a given function.
+ *
+ * This will not affect behaviour for other optimisation settings, e.g. -O0.
*/
-#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
-#define /*no-check-names*/ __func__ __FUNCTION__
+#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__OPTIMIZE_SIZE__)
+#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE __attribute__((optimize("-O2")))
+#else
+#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/ext/oberon/psa/core/library/constant_time.c b/ext/oberon/psa/core/library/constant_time.c
new file mode 100644
index 000000000000..8b41aed19a99
--- /dev/null
+++ b/ext/oberon/psa/core/library/constant_time.c
@@ -0,0 +1,273 @@
+/**
+ * Constant-time functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * The following functions are implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+
+#include
+#include
+
+#include "common.h"
+#include "constant_time_internal.h"
+#include "mbedtls/constant_time.h"
+#include "mbedtls/error.h"
+#include "mbedtls/platform_util.h"
+
+#include
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#include "psa/crypto.h"
+/* Define a local translating function to save code size by not using too many
+ * arguments in each translating place. */
+static int local_err_translation(psa_status_t status)
+{
+ return psa_status_to_mbedtls(status, psa_to_ssl_errors,
+ ARRAY_LENGTH(psa_to_ssl_errors),
+ psa_generic_status_to_mbedtls);
+}
+#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
+#endif
+
+#if !defined(MBEDTLS_CT_ASM)
+/*
+ * Define an object with the value zero, such that the compiler cannot prove that it
+ * has the value zero (because it is volatile, it "may be modified in ways unknown to
+ * the implementation").
+ */
+volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
+#endif
+
+/*
+ * Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to
+ * perform fast unaligned access to volatile data.
+ *
+ * This is needed because mbedtls_get_unaligned_uintXX etc don't support volatile
+ * memory accesses.
+ *
+ * Some of these definitions could be moved into alignment.h but for now they are
+ * only used here.
+ */
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \
+ ((defined(MBEDTLS_CT_ARM_ASM) && (UINTPTR_MAX == 0xfffffffful)) || \
+ defined(MBEDTLS_CT_AARCH64_ASM))
+/* We check pointer sizes to avoid issues with them not matching register size requirements */
+#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS
+
+static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p)
+{
+ /* This is UB, even where it's safe:
+ * return *((volatile uint32_t*)p);
+ * so instead the same thing is expressed in assembly below.
+ */
+ uint32_t r;
+#if defined(MBEDTLS_CT_ARM_ASM)
+ asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
+#elif defined(MBEDTLS_CT_AARCH64_ASM)
+ asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT(p) :);
+#else
+#error "No assembly defined for mbedtls_get_unaligned_volatile_uint32"
+#endif
+ return r;
+}
+#endif /* defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) &&
+ (defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM)) */
+
+int mbedtls_ct_memcmp(const void *a,
+ const void *b,
+ size_t n)
+{
+ size_t i = 0;
+ /*
+ * `A` and `B` are cast to volatile to ensure that the compiler
+ * generates code that always fully reads both buffers.
+ * Otherwise it could generate a test to exit early if `diff` has all
+ * bits set early in the loop.
+ */
+ volatile const unsigned char *A = (volatile const unsigned char *) a;
+ volatile const unsigned char *B = (volatile const unsigned char *) b;
+ uint32_t diff = 0;
+
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS)
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_volatile_uint32(A + i);
+ uint32_t y = mbedtls_get_unaligned_volatile_uint32(B + i);
+ diff |= x ^ y;
+ }
+#endif
+
+ for (; i < n; i++) {
+ /* Read volatile data in order before computing diff.
+ * This avoids IAR compiler warning:
+ * 'the order of volatile accesses is undefined ..' */
+ unsigned char x = A[i], y = B[i];
+ diff |= x ^ y;
+ }
+
+
+#if (INT_MAX < INT32_MAX)
+ /* We don't support int smaller than 32-bits, but if someone tried to build
+ * with this configuration, there is a risk that, for differing data, the
+ * only bits set in diff are in the top 16-bits, and would be lost by a
+ * simple cast from uint32 to int.
+ * This would have significant security implications, so protect against it. */
+#error "mbedtls_ct_memcmp() requires minimum 32-bit ints"
+#else
+ /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting
+ * a value that is in the range 0..INT_MAX - a value larger than this would
+ * result in implementation defined behaviour.
+ *
+ * This ensures that the value returned by the function is non-zero iff
+ * diff is non-zero.
+ */
+ return (int) ((diff & 0xffff) | (diff >> 16));
+#endif
+}
+
+#if defined(MBEDTLS_NIST_KW_C)
+
+int mbedtls_ct_memcmp_partial(const void *a,
+ const void *b,
+ size_t n,
+ size_t skip_head,
+ size_t skip_tail)
+{
+ unsigned int diff = 0;
+
+ volatile const unsigned char *A = (volatile const unsigned char *) a;
+ volatile const unsigned char *B = (volatile const unsigned char *) b;
+
+ size_t valid_end = n - skip_tail;
+
+ for (size_t i = 0; i < n; i++) {
+ unsigned char x = A[i], y = B[i];
+ unsigned int d = x ^ y;
+ mbedtls_ct_condition_t valid = mbedtls_ct_bool_and(mbedtls_ct_uint_ge(i, skip_head),
+ mbedtls_ct_uint_lt(i, valid_end));
+ diff |= mbedtls_ct_uint_if_else_0(valid, d);
+ }
+
+ /* Since we go byte-by-byte, the only bits set will be in the bottom 8 bits, so the
+ * cast from uint to int is safe. */
+ return (int) diff;
+}
+
+#endif
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+
+void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset)
+{
+ volatile unsigned char *buf = start;
+ for (size_t i = 0; i < total; i++) {
+ mbedtls_ct_condition_t no_op = mbedtls_ct_uint_gt(total - offset, i);
+ /* The first `total - offset` passes are a no-op. The last
+ * `offset` passes shift the data one byte to the left and
+ * zero out the last byte. */
+ for (size_t n = 0; n < total - 1; n++) {
+ unsigned char current = buf[n];
+ unsigned char next = buf[n+1];
+ buf[n] = mbedtls_ct_uint_if(no_op, current, next);
+ }
+ buf[total-1] = mbedtls_ct_uint_if_else_0(no_op, buf[total-1]);
+ }
+}
+
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
+
+void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
+ unsigned char *dest,
+ const unsigned char *src1,
+ const unsigned char *src2,
+ size_t len)
+{
+#if defined(MBEDTLS_CT_SIZE_64)
+ const uint64_t mask = (uint64_t) condition;
+ const uint64_t not_mask = (uint64_t) ~mbedtls_ct_compiler_opaque(condition);
+#else
+ const uint32_t mask = (uint32_t) condition;
+ const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition);
+#endif
+
+ /* If src2 is NULL, setup src2 so that we read from the destination address.
+ *
+ * This means that if src2 == NULL && condition is false, the result will be a
+ * no-op because we read from dest and write the same data back into dest.
+ */
+ if (src2 == NULL) {
+ src2 = dest;
+ }
+
+ /* dest[i] = c1 == c2 ? src[i] : dest[i] */
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(MBEDTLS_CT_SIZE_64)
+ for (; (i + 8) <= len; i += 8) {
+ uint64_t a = mbedtls_get_unaligned_uint64(src1 + i) & mask;
+ uint64_t b = mbedtls_get_unaligned_uint64(src2 + i) & not_mask;
+ mbedtls_put_unaligned_uint64(dest + i, a | b);
+ }
+#else
+ for (; (i + 4) <= len; i += 4) {
+ uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask;
+ uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask;
+ mbedtls_put_unaligned_uint32(dest + i, a | b);
+ }
+#endif /* defined(MBEDTLS_CT_SIZE_64) */
+#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */
+ for (; i < len; i++) {
+ dest[i] = (src1[i] & mask) | (src2[i] & not_mask);
+ }
+}
+
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+ const unsigned char *src,
+ size_t offset,
+ size_t offset_min,
+ size_t offset_max,
+ size_t len)
+{
+ size_t offsetval;
+
+ for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
+ mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offsetval, offset), dest, src + offsetval, NULL,
+ len);
+ }
+}
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+
+void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len)
+{
+ uint32_t mask = (uint32_t) ~condition;
+ uint8_t *p = (uint8_t *) buf;
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+ for (; (i + 4) <= len; i += 4) {
+ mbedtls_put_unaligned_uint32((void *) (p + i),
+ mbedtls_get_unaligned_uint32((void *) (p + i)) & mask);
+ }
+#endif
+ for (; i < len; i++) {
+ p[i] = p[i] & mask;
+ }
+}
+
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
diff --git a/ext/oberon/psa/core/library/constant_time_impl.h b/ext/oberon/psa/core/library/constant_time_impl.h
new file mode 100644
index 000000000000..7759ac384005
--- /dev/null
+++ b/ext/oberon/psa/core/library/constant_time_impl.h
@@ -0,0 +1,566 @@
+/**
+ * Constant-time functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONSTANT_TIME_IMPL_H
+#define MBEDTLS_CONSTANT_TIME_IMPL_H
+
+#include
+
+#include "common.h"
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+/*
+ * To improve readability of constant_time_internal.h, the static inline
+ * definitions are here, and constant_time_internal.h has only the declarations.
+ *
+ * This results in duplicate declarations of the form:
+ * static inline void f(); // from constant_time_internal.h
+ * static inline void f() { ... } // from constant_time_impl.h
+ * when constant_time_internal.h is included.
+ *
+ * This appears to behave as if the declaration-without-definition was not present
+ * (except for warnings if gcc -Wredundant-decls or similar is used).
+ *
+ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled
+ * at the bottom of this file.
+ */
+#ifdef __GNUC__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
+/* Disable asm under Memsan because it confuses Memsan and generates false errors.
+ *
+ * We also disable under Valgrind by default, because it's more useful
+ * for Valgrind to test the plain C implementation. MBEDTLS_TEST_CONSTANT_FLOW_ASM //no-check-names
+ * may be set to permit building asm under Valgrind.
+ */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) || \
+ (defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) && !defined(MBEDTLS_TEST_CONSTANT_FLOW_ASM)) //no-check-names
+#define MBEDTLS_CT_NO_ASM
+#elif defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#define MBEDTLS_CT_NO_ASM
+#endif
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \
+ __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM)
+#define MBEDTLS_CT_ASM
+#if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_CT_ARM_ASM
+#elif defined(__aarch64__)
+#define MBEDTLS_CT_AARCH64_ASM
+#elif defined(__amd64__) || defined(__x86_64__)
+#define MBEDTLS_CT_X86_64_ASM
+#elif defined(__i386__)
+#define MBEDTLS_CT_X86_ASM
+#endif
+#endif
+
+#define MBEDTLS_CT_SIZE (sizeof(mbedtls_ct_uint_t) * 8)
+
+
+/* ============================================================================
+ * Core const-time primitives
+ */
+
+/* Ensure that the compiler cannot know the value of x (i.e., cannot optimise
+ * based on its value) after this function is called.
+ *
+ * If we are not using assembly, this will be fairly inefficient, so its use
+ * should be minimised.
+ */
+
+#if !defined(MBEDTLS_CT_ASM)
+extern volatile mbedtls_ct_uint_t mbedtls_ct_zero;
+#endif
+
+/**
+ * \brief Ensure that a value cannot be known at compile time.
+ *
+ * \param x The value to hide from the compiler.
+ * \return The same value that was passed in, such that the compiler
+ * cannot prove its value (even for calls of the form
+ * x = mbedtls_ct_compiler_opaque(1), x will be unknown).
+ *
+ * \note This is mainly used in constructing mbedtls_ct_condition_t
+ * values and performing operations over them, to ensure that
+ * there is no way for the compiler to ever know anything about
+ * the value of an mbedtls_ct_condition_t.
+ */
+static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x)
+{
+#if defined(MBEDTLS_CT_ASM)
+ asm volatile ("" : [x] "+r" (x) :);
+ return x;
+#else
+ return x ^ mbedtls_ct_zero;
+#endif
+}
+
+/*
+ * Selecting unified syntax is needed for gcc, and harmless on clang.
+ *
+ * This is needed because on Thumb 1, condition flags are always set, so
+ * e.g. "negs" is supported but "neg" is not (on Thumb 2, both exist).
+ *
+ * Under Thumb 1 unified syntax, only the "negs" form is accepted, and
+ * under divided syntax, only the "neg" form is accepted. clang only
+ * supports unified syntax.
+ *
+ * On Thumb 2 and Arm, both compilers are happy with the "s" suffix,
+ * although we don't actually care about setting the flags.
+ *
+ * For gcc, restore divided syntax afterwards - otherwise old versions of gcc
+ * seem to apply unified syntax globally, which breaks other asm code.
+ */
+#if !defined(__clang__)
+#define RESTORE_ASM_SYNTAX ".syntax divided \n\t"
+#else
+#define RESTORE_ASM_SYNTAX
+#endif
+
+/* Convert a number into a condition in constant time. */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
+{
+ /*
+ * Define mask-generation code that, as far as possible, will not use branches or conditional instructions.
+ *
+ * For some platforms / type sizes, we define assembly to assure this.
+ *
+ * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into
+ * conditional instructions or branches by trunk clang, gcc, or MSVC v19.
+ */
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ mbedtls_ct_uint_t s;
+ asm volatile ("neg %x[s], %x[x] \n\t"
+ "orr %x[x], %x[s], %x[x] \n\t"
+ "asr %x[x], %x[x], 63 \n\t"
+ :
+ [s] "=&r" (s),
+ [x] "+&r" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile (".syntax unified \n\t"
+ "negs %[s], %[x] \n\t"
+ "orrs %[x], %[x], %[s] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s] "=&l" (s),
+ [x] "+&l" (x)
+ :
+ :
+ "cc" /* clobbers flag bits */
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[x], %[s] \n\t"
+ "sar $63, %[s] \n\t"
+ :
+ [s] "=&a" (s)
+ :
+ [x] "D" (x)
+ :
+ );
+ return (mbedtls_ct_condition_t) s;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[s], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&c" (s),
+ [x] "+&a" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
+ const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
+#if defined(_MSC_VER)
+ /* MSVC has a warning about unary minus on unsigned, but this is
+ * well-defined and precisely what we want to do here */
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+ // y is negative (i.e., top bit set) iff x is non-zero
+ mbedtls_ct_int_t y = (-xo) | -(xo >> 1);
+
+ // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero)
+ y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1));
+
+ // -y has all bits set (if x is non-zero), or all bits clear (if x is zero)
+ return (mbedtls_ct_condition_t) (-y);
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+#endif
+}
+
+static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_uint_t if1,
+ mbedtls_ct_uint_t if0)
+{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t"
+ "mvn %x[condition], %x[condition] \n\t"
+ "and %x[condition], %x[condition], %x[if0] \n\t"
+ "orr %x[condition], %x[if1], %x[condition]"
+ :
+ [condition] "+&r" (condition),
+ [if1] "+&r" (if1)
+ :
+ [if0] "r" (if0)
+ :
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile (".syntax unified \n\t"
+ "ands %[if1], %[if1], %[condition] \n\t"
+ "mvns %[condition], %[condition] \n\t"
+ "ands %[condition], %[condition], %[if0] \n\t"
+ "orrs %[condition], %[if1], %[condition] \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [condition] "+&l" (condition),
+ [if1] "+&l" (if1)
+ :
+ [if0] "l" (if0)
+ :
+ "cc"
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[condition], %[if0] \n\t"
+ "or %[if1], %[if0] \n\t"
+ :
+ [condition] "+&D" (condition),
+ [if1] "+&S" (if1),
+ [if0] "+&a" (if0)
+ :
+ :
+ );
+ return if0;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[if0], %[condition] \n\t"
+ "or %[condition], %[if1] \n\t"
+ :
+ [condition] "+&c" (condition),
+ [if1] "+&a" (if1)
+ :
+ [if0] "b" (if0)
+ :
+ );
+ return if1;
+#else
+ mbedtls_ct_condition_t not_cond =
+ (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition));
+ return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0));
+#endif
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s1;
+ asm volatile ("eor %x[s1], %x[y], %x[x] \n\t"
+ "sub %x[x], %x[x], %x[y] \n\t"
+ "bic %x[x], %x[x], %x[s1] \n\t"
+ "and %x[s1], %x[s1], %x[y] \n\t"
+ "orr %x[s1], %x[x], %x[s1] \n\t"
+ "asr %x[x], %x[s1], 63"
+ :
+ [s1] "=&r" (s1),
+ [x] "+&r" (x)
+ :
+ [y] "r" (y)
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s1;
+ asm volatile (
+ ".syntax unified \n\t"
+#if defined(__thumb__) && !defined(__thumb2__)
+ "movs %[s1], %[x] \n\t"
+ "eors %[s1], %[s1], %[y] \n\t"
+#else
+ "eors %[s1], %[x], %[y] \n\t"
+#endif
+ "subs %[x], %[x], %[y] \n\t"
+ "bics %[x], %[x], %[s1] \n\t"
+ "ands %[y], %[s1], %[y] \n\t"
+ "orrs %[x], %[x], %[y] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s1] "=&l" (s1),
+ [x] "+&l" (x),
+ [y] "+&l" (y)
+ :
+ :
+ "cc"
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $63, %[x] \n\t"
+ :
+ [s] "=&a" (s),
+ [x] "+&D" (x),
+ [y] "+&S" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&b" (s),
+ [x] "+&a" (x),
+ [y] "+&c" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
+ /* Ensure that the compiler cannot optimise the following operations over x and y,
+ * even if it knows the value of x and y.
+ */
+ const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
+ const mbedtls_ct_uint_t yo = mbedtls_ct_compiler_opaque(y);
+ /*
+ * Check if the most significant bits (MSB) of the operands are different.
+ * cond is true iff the MSBs differ.
+ */
+ mbedtls_ct_condition_t cond = mbedtls_ct_bool((xo ^ yo) >> (MBEDTLS_CT_SIZE - 1));
+
+ /*
+ * If the MSB are the same then the difference x-y will be negative (and
+ * have its MSB set to 1 during conversion to unsigned) if and only if x> (MBEDTLS_CT_SIZE - 1);
+
+ // Convert to a condition (i.e., all bits set iff non-zero)
+ return mbedtls_ct_bool(ret);
+#endif
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+{
+ /* diff = 0 if x == y, non-zero otherwise */
+ const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y);
+
+ /* all ones if x != y, 0 otherwise */
+ return mbedtls_ct_bool(diff);
+}
+
+static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low,
+ unsigned char high,
+ unsigned char c,
+ unsigned char t)
+{
+ const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c);
+ const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t);
+
+ /* low_mask is: 0 if low <= c, 0x...ff if low > c */
+ unsigned low_mask = ((unsigned) co - low) >> 8;
+ /* high_mask is: 0 if c <= high, 0x...ff if c > high */
+ unsigned high_mask = ((unsigned) high - co) >> 8;
+
+ return (unsigned char) (~(low_mask | high_mask)) & to;
+}
+
+/* ============================================================================
+ * Everything below here is trivial wrapper functions
+ */
+
+static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition,
+ size_t if1,
+ size_t if0)
+{
+ return (size_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0);
+}
+
+static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition,
+ unsigned if1,
+ unsigned if0)
+{
+ return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1,
+ mbedtls_ct_condition_t if0)
+{
+ return (mbedtls_ct_condition_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1,
+ (mbedtls_ct_uint_t) if0);
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1,
+ mbedtls_mpi_uint if0)
+{
+ return (mbedtls_mpi_uint) mbedtls_ct_if(condition,
+ (mbedtls_ct_uint_t) if1,
+ (mbedtls_ct_uint_t) if0);
+}
+
+#endif
+
+static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1)
+{
+ return (size_t) (condition & if1);
+}
+
+static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1)
+{
+ return (unsigned) (condition & if1);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1)
+{
+ return (mbedtls_ct_condition_t) (condition & if1);
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1)
+{
+ return (mbedtls_mpi_uint) (condition & if1);
+}
+
+#endif /* MBEDTLS_BIGNUM_C */
+
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0)
+{
+ /* Coverting int -> uint -> int here is safe, because we require if1 and if0 to be
+ * in the range -32767..0, and we require 32-bit int and uint types.
+ *
+ * This means that (0 <= -if0 < INT_MAX), so negating if0 is safe, and similarly for
+ * converting back to int.
+ */
+ return -((int) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) (-if1),
+ (mbedtls_ct_uint_t) (-if0)));
+}
+
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1)
+{
+ return -((int) (condition & (-if1)));
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_ne(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return mbedtls_ct_uint_lt(y, x);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_lt(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_gt(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x ^ y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x & y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x | y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x)
+{
+ return (mbedtls_ct_condition_t) (~x);
+}
+
+#ifdef __GNUC__
+/* Restore warnings for -Wredundant-decls on gcc */
+ #pragma GCC diagnostic pop
+#endif
+
+#endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */
diff --git a/ext/oberon/psa/core/library/constant_time_internal.h b/ext/oberon/psa/core/library/constant_time_internal.h
new file mode 100644
index 000000000000..cc26edcd1e4b
--- /dev/null
+++ b/ext/oberon/psa/core/library/constant_time_internal.h
@@ -0,0 +1,591 @@
+/**
+ * Constant-time functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H
+#define MBEDTLS_CONSTANT_TIME_INTERNAL_H
+
+#include
+#include
+
+#include "common.h"
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+/* The constant-time interface provides various operations that are likely
+ * to result in constant-time code that does not branch or use conditional
+ * instructions for secret data (for secret pointers, this also applies to
+ * the data pointed to).
+ *
+ * It has three main parts:
+ *
+ * - boolean operations
+ * These are all named mbedtls_ct__.
+ * They operate over and return mbedtls_ct_condition_t.
+ * All arguments are considered secret.
+ * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z)
+ * example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z)
+ *
+ * - conditional data selection
+ * These are all named mbedtls_ct__if and mbedtls_ct__if_else_0
+ * All arguments are considered secret.
+ * example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c)
+ * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if_else_0(x, b)
+ *
+ * - block memory operations
+ * Only some arguments are considered secret, as documented for each
+ * function.
+ * example: if (x) memcpy(...) => mbedtls_ct_memcpy_if(x, ...)
+ *
+ * mbedtls_ct_condition_t must be treated as opaque and only created and
+ * manipulated via the functions in this header. The compiler should never
+ * be able to prove anything about its value at compile-time.
+ *
+ * mbedtls_ct_uint_t is an unsigned integer type over which constant time
+ * operations may be performed via the functions in this header. It is as big
+ * as the larger of size_t and mbedtls_mpi_uint, i.e. it is safe to cast
+ * to/from "unsigned int", "size_t", and "mbedtls_mpi_uint" (and any other
+ * not-larger integer types).
+ *
+ * For Arm (32-bit, 64-bit and Thumb), x86 and x86-64, assembly implementations
+ * are used to ensure that the generated code is constant time. For other
+ * architectures, it uses a plain C fallback designed to yield constant-time code
+ * (this has been observed to be constant-time on latest gcc, clang and MSVC
+ * as of May 2023).
+ *
+ * For readability, the static inline definitions are separated out into
+ * constant_time_impl.h.
+ */
+
+#if (SIZE_MAX > 0xffffffffffffffffULL)
+/* Pointer size > 64-bit */
+typedef size_t mbedtls_ct_condition_t;
+typedef size_t mbedtls_ct_uint_t;
+typedef ptrdiff_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(SIZE_MAX))
+#elif (SIZE_MAX > 0xffffffff) || defined(MBEDTLS_HAVE_INT64)
+/* 32-bit < pointer size <= 64-bit, or 64-bit MPI */
+typedef uint64_t mbedtls_ct_condition_t;
+typedef uint64_t mbedtls_ct_uint_t;
+typedef int64_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_64
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT64_MAX))
+#else
+/* Pointer size <= 32-bit, and no 64-bit MPIs */
+typedef uint32_t mbedtls_ct_condition_t;
+typedef uint32_t mbedtls_ct_uint_t;
+typedef int32_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_32
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT32_MAX))
+#endif
+#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(0))
+
+/* ============================================================================
+ * Boolean operations
+ */
+
+/** Convert a number into a mbedtls_ct_condition_t.
+ *
+ * \param x Number to convert.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x != 0, or MBEDTLS_CT_FALSE if \p x == 0
+ *
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x);
+
+/** Boolean "not equal" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x != \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
+
+/** Boolean "equals" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x == \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean "less than" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x < \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
+
+/** Boolean "greater than" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x > \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean "greater or equal" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x >= \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x >= \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean "less than or equal" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x <= \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x <= \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean not-equals operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x != \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \note This is more efficient than mbedtls_ct_uint_ne if both arguments are
+ * mbedtls_ct_condition_t.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x != \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "and" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x && \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x && \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "or" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x || \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x || \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "not" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * ! \p x
+ *
+ * \param x The value to invert
+ *
+ * \return MBEDTLS_CT_FALSE if \p x, otherwise MBEDTLS_CT_TRUE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x);
+
+
+/* ============================================================================
+ * Data selection operations
+ */
+
+/** Choose between two size_t values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition,
+ size_t if1,
+ size_t if0);
+
+/** Choose between two unsigned values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition,
+ unsigned if1,
+ unsigned if0);
+
+/** Choose between two mbedtls_ct_condition_t values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1,
+ mbedtls_ct_condition_t if0);
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+/** Choose between two mbedtls_mpi_uint values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \
+ mbedtls_mpi_uint if1, \
+ mbedtls_mpi_uint if0);
+
+#endif
+
+/** Choose between an unsigned value and 0.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_uint_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1);
+
+/** Choose between an mbedtls_ct_condition_t and 0.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_bool_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1);
+
+/** Choose between a size_t value and 0.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_size_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1);
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+/** Choose between an mbedtls_mpi_uint value and 0.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_mpi_uint_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1);
+
+#endif
+
+/** Constant-flow char selection
+ *
+ * \param low Secret. Bottom of range
+ * \param high Secret. Top of range
+ * \param c Secret. Value to compare to range
+ * \param t Secret. Value to return, if in range
+ *
+ * \return \p t if \p low <= \p c <= \p high, 0 otherwise.
+ */
+static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low,
+ unsigned char high,
+ unsigned char c,
+ unsigned char t);
+
+/** Choose between two error values. The values must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0);
+
+/** Choose between an error value and 0. The error value must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_error_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1);
+
+/* ============================================================================
+ * Block memory operations
+ */
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+
+/** Conditionally set a block of memory to zero.
+ *
+ * Regardless of the condition, every byte will be read once and written to
+ * once.
+ *
+ * \param condition Secret. Condition to test.
+ * \param buf Secret. Pointer to the start of the buffer.
+ * \param len Number of bytes to set to zero.
+ *
+ * \warning Unlike mbedtls_platform_zeroize, this does not have the same guarantees
+ * about not being optimised away if the memory is never read again.
+ */
+void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len);
+
+/** Shift some data towards the left inside a buffer.
+ *
+ * Functionally equivalent to:
+ *
+ * memmove(start, start + offset, total - offset);
+ * memset(start + (total - offset), 0, offset);
+ *
+ * Timing independence comes at the expense of performance.
+ *
+ * \param start Secret. Pointer to the start of the buffer.
+ * \param total Total size of the buffer.
+ * \param offset Secret. Offset from which to copy \p total - \p offset bytes.
+ */
+void mbedtls_ct_memmove_left(void *start,
+ size_t total,
+ size_t offset);
+
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
+
+/** Conditional memcpy.
+ *
+ * Functionally equivalent to:
+ *
+ * if (condition) {
+ * memcpy(dest, src1, len);
+ * } else {
+ * if (src2 != NULL)
+ * memcpy(dest, src2, len);
+ * }
+ *
+ * It will always read len bytes from src1.
+ * If src2 != NULL, it will always read len bytes from src2.
+ * If src2 == NULL, it will instead read len bytes from dest (as if src2 == dest).
+ *
+ * \param condition The condition
+ * \param dest Secret. Destination pointer.
+ * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE).
+ * This may be equal to \p dest, but may not overlap in other ways.
+ * \param src2 Secret (contents only - may branch to determine if this parameter is NULL).
+ * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). May be NULL.
+ * This may be equal to \p dest, but may not overlap it in other ways. It may overlap with \p src1.
+ * \param len Number of bytes to copy.
+ */
+void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
+ unsigned char *dest,
+ const unsigned char *src1,
+ const unsigned char *src2,
+ size_t len
+ );
+
+/** Copy data from a secret position.
+ *
+ * Functionally equivalent to:
+ *
+ * memcpy(dst, src + offset, len)
+ *
+ * This function copies \p len bytes from \p src + \p offset to
+ * \p dst, with a code flow and memory access pattern that does not depend on
+ * \p offset, but only on \p offset_min, \p offset_max and \p len.
+ *
+ * \note This function reads from \p dest, but the value that
+ * is read does not influence the result and this
+ * function's behavior is well-defined regardless of the
+ * contents of the buffers. This may result in false
+ * positives from static or dynamic analyzers, especially
+ * if \p dest is not initialized.
+ *
+ * \param dest Secret. The destination buffer. This must point to a writable
+ * buffer of at least \p len bytes.
+ * \param src Secret. The base of the source buffer. This must point to a
+ * readable buffer of at least \p offset_max + \p len
+ * bytes. Shouldn't overlap with \p dest
+ * \param offset Secret. The offset in the source buffer from which to copy.
+ * This must be no less than \p offset_min and no greater
+ * than \p offset_max.
+ * \param offset_min The minimal value of \p offset.
+ * \param offset_max The maximal value of \p offset.
+ * \param len The number of bytes to copy.
+ */
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+ const unsigned char *src,
+ size_t offset,
+ size_t offset_min,
+ size_t offset_max,
+ size_t len);
+
+/* Documented in include/mbedtls/constant_time.h. a and b are secret.
+
+ int mbedtls_ct_memcmp(const void *a,
+ const void *b,
+ size_t n);
+ */
+
+#if defined(MBEDTLS_NIST_KW_C)
+
+/** Constant-time buffer comparison without branches.
+ *
+ * Similar to mbedtls_ct_memcmp, except that the result only depends on part of
+ * the input data - differences in the head or tail are ignored. Functionally equivalent to:
+ *
+ * memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail)
+ *
+ * Time taken depends on \p n, but not on \p skip_head or \p skip_tail .
+ *
+ * Behaviour is undefined if ( \p skip_head + \p skip_tail) > \p n.
+ *
+ * \param a Secret. Pointer to the first buffer, containing at least \p n bytes. May not be NULL.
+ * \param b Secret. Pointer to the second buffer, containing at least \p n bytes. May not be NULL.
+ * \param n The number of bytes to examine (total size of the buffers).
+ * \param skip_head Secret. The number of bytes to treat as non-significant at the start of the buffer.
+ * These bytes will still be read.
+ * \param skip_tail Secret. The number of bytes to treat as non-significant at the end of the buffer.
+ * These bytes will still be read.
+ *
+ * \return Zero if the contents of the two buffers are the same, otherwise non-zero.
+ */
+int mbedtls_ct_memcmp_partial(const void *a,
+ const void *b,
+ size_t n,
+ size_t skip_head,
+ size_t skip_tail);
+
+#endif
+
+/* Include the implementation of static inline functions above. */
+#include "constant_time_impl.h"
+
+#endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */
diff --git a/ext/oberon/psa/core/library/entropy_poll.h b/ext/oberon/psa/core/library/entropy_poll.h
index aef1a0977d41..be4943cce47d 100644
--- a/ext/oberon/psa/core/library/entropy_poll.h
+++ b/ext/oberon/psa/core/library/entropy_poll.h
@@ -42,21 +42,21 @@ extern "C" {
/**
* \brief Platform-specific entropy poll callback
*/
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_platform_entropy_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.
*/
-int mbedtls_hardware_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_hardware_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
@@ -65,8 +65,8 @@ int mbedtls_hardware_poll( void *data,
*
* \note This must accept NULL as its first argument.
*/
-int mbedtls_nv_seed_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_nv_seed_poll(void *data,
+ unsigned char *output, size_t len, size_t *olen);
#endif
#ifdef __cplusplus
diff --git a/ext/oberon/psa/core/library/md_psa.h b/ext/oberon/psa/core/library/md_psa.h
new file mode 100644
index 000000000000..8e00bb1492c2
--- /dev/null
+++ b/ext/oberon/psa/core/library/md_psa.h
@@ -0,0 +1,75 @@
+/**
+ * Translation between MD and PSA identifiers (algorithms, errors).
+ *
+ * Note: this internal module will go away when everything becomes based on
+ * PSA Crypto; it is a helper for the transition period.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_MD_PSA_H
+#define MBEDTLS_MD_PSA_H
+
+#include "common.h"
+
+#include "mbedtls/md.h"
+#include "psa/crypto.h"
+
+/**
+ * \brief This function returns the PSA algorithm identifier
+ * associated with the given digest type.
+ *
+ * \param md_type The type of digest to search for. Must not be NONE.
+ *
+ * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will
+ * not return \c PSA_ALG_NONE, but an invalid algorithm.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The PSA algorithm identifier associated with \p md_type,
+ * regardless of whether it is supported or not.
+ */
+static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+ return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
+}
+
+/**
+ * \brief This function returns the given digest type
+ * associated with the PSA algorithm identifier.
+ *
+ * \param psa_alg The PSA algorithm identifier to search for.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The MD type associated with \p psa_alg,
+ * regardless of whether it is supported or not.
+ */
+static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+ return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
+}
+
+/** Convert PSA status to MD error code.
+ *
+ * \param status PSA status.
+ *
+ * \return The corresponding MD error code,
+ */
+int mbedtls_md_error_from_psa(psa_status_t status);
+
+#endif /* MBEDTLS_MD_PSA_H */
diff --git a/ext/oberon/psa/core/library/platform.c b/ext/oberon/psa/core/library/platform.c
index 6151e6c49245..b15b7b29adc3 100644
--- a/ext/oberon/psa/core/library/platform.c
+++ b/ext/oberon/psa/core/library/platform.c
@@ -30,22 +30,22 @@
* configuration via mbedtls_platform_set_calloc_free(). So, omit everything
* related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */
#if defined(MBEDTLS_PLATFORM_MEMORY) && \
- !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
- defined(MBEDTLS_PLATFORM_FREE_MACRO) )
+ !(defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+ defined(MBEDTLS_PLATFORM_FREE_MACRO))
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-static void *platform_calloc_uninit( size_t n, size_t size )
+static void *platform_calloc_uninit(size_t n, size_t size)
{
((void) n);
((void) size);
- return( NULL );
+ return NULL;
}
#define MBEDTLS_PLATFORM_STD_CALLOC platform_calloc_uninit
#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-static void platform_free_uninit( void *ptr )
+static void platform_free_uninit(void *ptr)
{
((void) ptr);
}
@@ -53,25 +53,25 @@ static void platform_free_uninit( void *ptr )
#define MBEDTLS_PLATFORM_STD_FREE platform_free_uninit
#endif /* !MBEDTLS_PLATFORM_STD_FREE */
-static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
-static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE;
+static void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC;
+static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE;
-void * mbedtls_calloc( size_t nmemb, size_t size )
+void *mbedtls_calloc(size_t nmemb, size_t size)
{
- return (*mbedtls_calloc_func)( nmemb, size );
+ return (*mbedtls_calloc_func)(nmemb, size);
}
-void mbedtls_free( void * ptr )
+void mbedtls_free(void *ptr)
{
- (*mbedtls_free_func)( ptr );
+ (*mbedtls_free_func)(ptr);
}
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) )
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+ void (*free_func)(void *))
{
mbedtls_calloc_func = calloc_func;
mbedtls_free_func = free_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_MEMORY &&
!( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
@@ -79,16 +79,16 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#include
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
va_list argp;
- va_start( argp, fmt );
- ret = mbedtls_vsnprintf( s, n, fmt, argp );
- va_end( argp );
+ va_start(argp, fmt);
+ ret = mbedtls_vsnprintf(s, n, fmt, argp);
+ va_end(argp);
- return( ret );
+ return ret;
}
#endif
@@ -97,53 +97,53 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_snprintf_uninit( char * s, size_t n,
- const char * format, ... )
+static int platform_snprintf_uninit(char *s, size_t n,
+ const char *format, ...)
{
((void) s);
((void) n);
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_SNPRINTF platform_snprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
-int (*mbedtls_snprintf)( char * s, size_t n,
- const char * format,
- ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
+int (*mbedtls_snprintf)(char *s, size_t n,
+ const char *format,
+ ...) = MBEDTLS_PLATFORM_STD_SNPRINTF;
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format,
- ... ) )
+int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
+ const char *format,
+ ...))
{
mbedtls_snprintf = snprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
#include
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
+int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Avoid calling the invalid parameter handler by checking ourselves */
- if( s == NULL || n == 0 || fmt == NULL )
- return( -1 );
+ if (s == NULL || n == 0 || fmt == NULL) {
+ return -1;
+ }
#if defined(_TRUNCATE)
- ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
+ ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg);
#else
- ret = vsnprintf( s, n, fmt, arg );
- if( ret < 0 || (size_t) ret == n )
- {
+ ret = vsnprintf(s, n, fmt, arg);
+ if (ret < 0 || (size_t) ret == n) {
s[n-1] = '\0';
ret = -1;
}
#endif
- return( ret );
+ return ret;
}
#endif
@@ -152,29 +152,29 @@ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_lis
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_vsnprintf_uninit( char * s, size_t n,
- const char * format, va_list arg )
+static int platform_vsnprintf_uninit(char *s, size_t n,
+ const char *format, va_list arg)
{
((void) s);
((void) n);
((void) format);
((void) arg);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
-int (*mbedtls_vsnprintf)( char * s, size_t n,
- const char * format,
- va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
+int (*mbedtls_vsnprintf)(char *s, size_t n,
+ const char *format,
+ va_list arg) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format,
- va_list arg ) )
+int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
+ const char *format,
+ va_list arg))
{
mbedtls_vsnprintf = vsnprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
@@ -183,21 +183,21 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_printf_uninit( const char *format, ... )
+static int platform_printf_uninit(const char *format, ...)
{
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_PRINTF platform_printf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
-int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
+int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF;
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...))
{
mbedtls_printf = printf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
@@ -206,23 +206,23 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
+static int platform_fprintf_uninit(FILE *stream, const char *format, ...)
{
((void) stream);
((void) format);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_FPRINTF platform_fprintf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
-int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
- MBEDTLS_PLATFORM_STD_FPRINTF;
+int (*mbedtls_fprintf)(FILE *, const char *, ...) =
+ MBEDTLS_PLATFORM_STD_FPRINTF;
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...))
{
mbedtls_fprintf = fprintf_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
@@ -231,20 +231,20 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ...
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static void platform_setbuf_uninit( FILE *stream, char *buf )
+static void platform_setbuf_uninit(FILE *stream, char *buf)
{
- ((void) stream);
- ((void) buf);
+ ((void) stream);
+ ((void) buf);
}
#define MBEDTLS_PLATFORM_STD_SETBUF platform_setbuf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_SETBUF */
-void (*mbedtls_setbuf)( FILE *stream, char *buf ) = MBEDTLS_PLATFORM_STD_SETBUF;
+void (*mbedtls_setbuf)(FILE *stream, char *buf) = MBEDTLS_PLATFORM_STD_SETBUF;
-int mbedtls_platform_set_setbuf( void (*setbuf_func)( FILE *stream, char *buf ) )
+int mbedtls_platform_set_setbuf(void (*setbuf_func)(FILE *stream, char *buf))
{
- mbedtls_setbuf = setbuf_func;
- return( 0 );
+ mbedtls_setbuf = setbuf_func;
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
@@ -253,7 +253,7 @@ int mbedtls_platform_set_setbuf( void (*setbuf_func)( FILE *stream, char *buf )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static void platform_exit_uninit( int status )
+static void platform_exit_uninit(int status)
{
((void) status);
}
@@ -261,12 +261,12 @@ static void platform_exit_uninit( int status )
#define MBEDTLS_PLATFORM_STD_EXIT platform_exit_uninit
#endif /* !MBEDTLS_PLATFORM_STD_EXIT */
-void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
+void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT;
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
+int mbedtls_platform_set_exit(void (*exit_func)(int status))
{
mbedtls_exit = exit_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
@@ -277,21 +277,21 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
+static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer)
{
((void) timer);
- return( 0 );
+ return 0;
}
#define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit
#endif /* !MBEDTLS_PLATFORM_STD_TIME */
-mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
+mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME;
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer))
{
mbedtls_time = time_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
@@ -302,47 +302,47 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time
/* Default implementations for the platform independent seed functions use
* standard libc file functions to read from and write to a pre-defined filename
*/
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len)
{
FILE *file;
size_t n;
- if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
- return( -1 );
+ if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) {
+ return -1;
+ }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( file, NULL );
+ mbedtls_setbuf(file, NULL);
- if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
- {
- fclose( file );
- mbedtls_platform_zeroize( buf, buf_len );
- return( -1 );
+ if ((n = fread(buf, 1, buf_len, file)) != buf_len) {
+ fclose(file);
+ mbedtls_platform_zeroize(buf, buf_len);
+ return -1;
}
- fclose( file );
- return( (int)n );
+ fclose(file);
+ return (int) n;
}
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len)
{
FILE *file;
size_t n;
- if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
+ if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) {
return -1;
+ }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( file, NULL );
+ mbedtls_setbuf(file, NULL);
- if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
- {
- fclose( file );
+ if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) {
+ fclose(file);
return -1;
}
- fclose( file );
- return( (int)n );
+ fclose(file);
+ return (int) n;
}
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
@@ -351,11 +351,11 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len)
{
((void) buf);
((void) buf_len);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit
@@ -365,28 +365,28 @@ static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
/*
* Make dummy function to prevent NULL pointer dereferences
*/
-static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len)
{
((void) buf);
((void) buf_len);
- return( -1 );
+ return -1;
}
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit
#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
-int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
- MBEDTLS_PLATFORM_STD_NV_SEED_READ;
-int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
- MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
+int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_READ;
+int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
+ int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
+ int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len))
{
mbedtls_nv_seed_read = nv_seed_read_func;
mbedtls_nv_seed_write = nv_seed_write_func;
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_ENTROPY_NV_SEED */
@@ -395,19 +395,19 @@ int mbedtls_platform_set_nv_seed(
/*
* Placeholder platform setup that does nothing by default
*/
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+int mbedtls_platform_setup(mbedtls_platform_context *ctx)
{
- (void)ctx;
+ (void) ctx;
- return( 0 );
+ return 0;
}
/*
* Placeholder platform teardown that does nothing by default
*/
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx)
{
- (void)ctx;
+ (void) ctx;
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
diff --git a/ext/oberon/psa/core/library/platform_util.c b/ext/oberon/psa/core/library/platform_util.c
index 4723e30207ab..09216edfbca8 100644
--- a/ext/oberon/psa/core/library/platform_util.c
+++ b/ext/oberon/psa/core/library/platform_util.c
@@ -20,12 +20,18 @@
/*
* Ensure gmtime_r is available even with -std=c99; must be defined before
- * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms
+ * except OpenBSD, where it stops us accessing explicit_bzero.
*/
-#if !defined(_POSIX_C_SOURCE)
+#if !defined(_POSIX_C_SOURCE) && !defined(__OpenBSD__)
#define _POSIX_C_SOURCE 200112L
#endif
+#if !defined(_GNU_SOURCE)
+/* Clang requires this to get support for explicit_bzero */
+#define _GNU_SOURCE
+#endif
+
#include "common.h"
#include "mbedtls/platform_util.h"
@@ -33,11 +39,40 @@
#include "mbedtls/threading.h"
#include
+
+#ifndef __STDC_WANT_LIB_EXT1__
+#define __STDC_WANT_LIB_EXT1__ 1 /* Ask for the C11 gmtime_s() and memset_s() if available */
+#endif
#include
+#if defined(_WIN32)
+#include
+#endif
+
+// Detect platforms known to support explicit_bzero()
+#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25)
+#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1
+#elif (defined(__FreeBSD__) && (__FreeBSD_version >= 1100037)) || defined(__OpenBSD__)
+#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1
+#endif
+
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+
+#undef HAVE_MEMORY_SANITIZER
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#include
+#define HAVE_MEMORY_SANITIZER
+#endif
+#endif
+
/*
- * This implementation should never be optimized out by the compiler
+ * Where possible, we try to detect the presence of a platform-provided
+ * secure memset, such as explicit_bzero(), that is safe against being optimized
+ * out, and use that.
+ *
+ * For other platforms, we provide an implementation that aims not to be
+ * optimized out by the compiler.
*
* This implementation for mbedtls_platform_zeroize() was inspired from Colin
* Percival's blog article at:
@@ -52,29 +87,79 @@
* (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
* details), optimizations of the following form are still possible:
*
- * if( memset_func != memset )
- * memset_func( buf, 0, len );
+ * if (memset_func != memset)
+ * memset_func(buf, 0, len);
*
* Note that it is extremely difficult to guarantee that
- * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
+ * the memset() call will not be optimized out by aggressive compilers
* in a portable way. For this reason, Mbed TLS also provides the configuration
* option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
* mbedtls_platform_zeroize() to use a suitable implementation for their
* platform and needs.
*/
-static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
+#if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !(defined(__STDC_LIB_EXT1__) && \
+ !defined(__IAR_SYSTEMS_ICC__)) \
+ && !defined(_WIN32)
+static void *(*const volatile memset_func)(void *, int, size_t) = memset;
+#endif
-void mbedtls_platform_zeroize( void *buf, size_t len )
+void mbedtls_platform_zeroize(void *buf, size_t len)
{
- MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
+ MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
- if( len > 0 )
- memset_func( buf, 0, len );
+ if (len > 0) {
+#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO)
+ explicit_bzero(buf, len);
+#if defined(HAVE_MEMORY_SANITIZER)
+ /* You'd think that Msan would recognize explicit_bzero() as
+ * equivalent to bzero(), but it actually doesn't on several
+ * platforms, including Linux (Ubuntu 20.04).
+ * https://github.com/google/sanitizers/issues/1507
+ * https://github.com/openssh/openssh-portable/commit/74433a19bb6f4cef607680fa4d1d7d81ca3826aa
+ */
+ __msan_unpoison(buf, len);
+#endif
+#elif defined(__STDC_LIB_EXT1__) && !defined(__IAR_SYSTEMS_ICC__)
+ memset_s(buf, len, 0, len);
+#elif defined(_WIN32)
+ SecureZeroMemory(buf, len);
+#else
+ memset_func(buf, 0, len);
+#endif
+
+#if defined(__GNUC__)
+ /* For clang and recent gcc, pretend that we have some assembly that reads the
+ * zero'd memory as an additional protection against being optimised away. */
+#if defined(__clang__) || (__GNUC__ >= 10)
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wvla"
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
+ asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic pop
+#endif
+#endif
+#endif
+ }
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+void mbedtls_zeroize_and_free(void *buf, size_t len)
+{
+ if (buf != NULL) {
+ mbedtls_platform_zeroize(buf, len);
+ }
+
+ mbedtls_free(buf);
+}
+
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-#define __STDC_WANT_LIB_EXT1__ 1 /* Ask for the C11 gmtime_s() if it's available */
#include
#if !defined(_WIN32) && (defined(unix) || \
defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
@@ -83,9 +168,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__)) */
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
- _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
+#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
+ (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L))
/*
* This is a convenience shorthand macro to avoid checking the long
* preprocessor conditions above. Ideally, we could expose this macro in
@@ -93,52 +178,120 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
* threading.h. However, this macro is not part of the Mbed TLS public API, so
* we keep it private by only defining it in this file
*/
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) || \
- ( defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) )
+#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)) || \
+ (defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR))
#define PLATFORM_UTIL_USE_GMTIME
#endif
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
- ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
_POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf )
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+ struct tm *tm_buf)
{
#if defined(_WIN32) && !defined(PLATFORM_UTIL_USE_GMTIME)
#if defined(__STDC_LIB_EXT1__)
- return( ( gmtime_s( tt, tm_buf ) == 0 ) ? NULL : tm_buf );
+ return (gmtime_s(tt, tm_buf) == 0) ? NULL : tm_buf;
#else
/* MSVC and mingw64 argument order and return value are inconsistent with the C11 standard */
- return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
+ return (gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL;
#endif
#elif !defined(PLATFORM_UTIL_USE_GMTIME)
- return( gmtime_r( tt, tm_buf ) );
+ return gmtime_r(tt, tm_buf);
#else
struct tm *lt;
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
- return( NULL );
+ if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) {
+ return NULL;
+ }
#endif /* MBEDTLS_THREADING_C */
- lt = gmtime( tt );
+ lt = gmtime(tt);
- if( lt != NULL )
- {
- memcpy( tm_buf, lt, sizeof( struct tm ) );
+ if (lt != NULL) {
+ memcpy(tm_buf, lt, sizeof(struct tm));
}
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
- return( NULL );
+ if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) {
+ return NULL;
+ }
#endif /* MBEDTLS_THREADING_C */
- return( ( lt == NULL ) ? NULL : tm_buf );
+ return (lt == NULL) ? NULL : tm_buf;
#endif /* _WIN32 && !EFIX64 && !EFI32 */
}
#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
#if defined(MBEDTLS_TEST_HOOKS)
-void (*mbedtls_test_hook_test_fail)( const char *, int, const char *);
+void (*mbedtls_test_hook_test_fail)(const char *, int, const char *);
#endif /* MBEDTLS_TEST_HOOKS */
+
+/*
+ * Provide external definitions of some inline functions so that the compiler
+ * has the option to not inline them
+ */
+extern inline void mbedtls_xor(unsigned char *r,
+ const unsigned char *a,
+ const unsigned char *b,
+ size_t n);
+
+extern inline uint16_t mbedtls_get_unaligned_uint16(const void *p);
+
+extern inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x);
+
+extern inline uint32_t mbedtls_get_unaligned_uint32(const void *p);
+
+extern inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x);
+
+extern inline uint64_t mbedtls_get_unaligned_uint64(const void *p);
+
+extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x);
+
+#if defined(MBEDTLS_HAVE_TIME) && !defined(MBEDTLS_PLATFORM_MS_TIME_ALT)
+
+#include
+#if !defined(_WIN32) && \
+ (defined(unix) || defined(__unix) || defined(__unix__) || \
+ (defined(__APPLE__) && defined(__MACH__)))
+#include
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
+#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L)
+mbedtls_ms_time_t mbedtls_ms_time(void)
+{
+ int ret;
+ struct timespec tv;
+ mbedtls_ms_time_t current_ms;
+
+#if defined(__linux__)
+ ret = clock_gettime(CLOCK_BOOTTIME, &tv);
+#else
+ ret = clock_gettime(CLOCK_MONOTONIC, &tv);
+#endif
+ if (ret) {
+ return time(NULL) * 1000;
+ }
+
+ current_ms = tv.tv_sec;
+
+ return current_ms*1000 + tv.tv_nsec / 1000000;
+}
+#elif defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
+ defined(__MINGW32__) || defined(_WIN64)
+#include
+mbedtls_ms_time_t mbedtls_ms_time(void)
+{
+ FILETIME ct;
+ mbedtls_ms_time_t current_ms;
+
+ GetSystemTimeAsFileTime(&ct);
+ current_ms = ((mbedtls_ms_time_t) ct.dwLowDateTime +
+ ((mbedtls_ms_time_t) (ct.dwHighDateTime) << 32LL))/10000;
+ return current_ms;
+}
+#else
+#error "No mbedtls_ms_time available"
+#endif
+#endif /* MBEDTLS_HAVE_TIME && !MBEDTLS_PLATFORM_MS_TIME_ALT */
diff --git a/ext/oberon/psa/core/library/psa_crypto.c b/ext/oberon/psa/core/library/psa_crypto.c
index c7ae7de37d89..4b74ae5e59fd 100644
--- a/ext/oberon/psa/core/library/psa_crypto.c
+++ b/ext/oberon/psa/core/library/psa_crypto.c
@@ -23,6 +23,7 @@
*/
#include "common.h"
+#include "psa_crypto_core_common.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -31,10 +32,10 @@
#endif
#include "psa/crypto.h"
+#include "psa/crypto_values.h"
#include "psa_crypto_core.h"
-//#include "psa_crypto_invasive.h"
#include "psa_crypto_driver_wrappers.h"
-
+#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_slot_management.h"
/* Include internal declarations that are useful for implementing persistently
* stored keys. */
@@ -42,25 +43,24 @@
#include "psa_crypto_random_impl.h"
-#include
#include
#include
#include "mbedtls/platform.h"
+#include "mbedtls/constant_time.h"
+#include "mbedtls/cipher.h" // mbedtls_operation_t
+
#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
-#include "tfm_crypto_defs.h"
#include "tfm_builtin_key_loader.h"
#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
-
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
-static int key_type_is_raw_bytes( psa_key_type_t type )
+static int key_type_is_raw_bytes(psa_key_type_t type)
{
- return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
+ return PSA_KEY_TYPE_IS_UNSTRUCTURED(type);
}
/* Values for psa_global_data_t::rng_state */
@@ -68,9 +68,9 @@ static int key_type_is_raw_bytes( psa_key_type_t type )
#define RNG_INITIALIZED 1
#define RNG_SEEDED 2
-typedef struct
-{
- unsigned initialized : 1;
+typedef struct {
+ uint8_t initialized;
+ uint8_t drivers_initialized;
psa_driver_random_context_t rng;
} psa_global_data_t;
@@ -79,24 +79,67 @@ static psa_global_data_t global_data;
#ifdef MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
void* const mbedtls_psa_random_state = NULL; /* !!OM - used by some tests */
#else
-mbedtls_psa_drbg_context_t* const mbedtls_psa_random_state = NULL; /* !!OM - used by some tests */
+mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state = NULL; /* !!OM - used by some tests */
#endif
#define GUARD_MODULE_INITIALIZED \
- if( global_data.initialized == 0 ) \
- return( PSA_ERROR_BAD_STATE );
+ if (global_data.initialized == 0) \
+ return PSA_ERROR_BAD_STATE;
+
+int psa_can_do_hash(psa_algorithm_t hash_alg)
+{
+ (void) hash_alg;
+ return global_data.drivers_initialized;
+}
+
+/**
+ * \brief For output buffers which contain "tags"
+ * (outputs that may be checked for validity like
+ * hashes, MACs and signatures), fill the unused
+ * part of the output buffer (the whole buffer on
+ * error, the trailing part on success) with
+ * something that isn't a valid tag (barring an
+ * attack on the tag and deliberately-crafted
+ * input), in case the caller doesn't check the
+ * return status properly.
+ *
+ * \param output_buffer Pointer to buffer to wipe. May not be NULL
+ * unless \p output_buffer_size is zero.
+ * \param status Status of function called to generate
+ * output_buffer originally
+ * \param output_buffer_size Size of output buffer. If zero, \p output_buffer
+ * could be NULL.
+ * \param output_buffer_length Length of data written to output_buffer, must be
+ * less than \p output_buffer_size
+ */
+static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status,
+ size_t output_buffer_size, size_t output_buffer_length)
+{
+ size_t offset = 0;
+
+ if (output_buffer_size == 0) {
+ /* If output_buffer_size is 0 then we have nothing to do. We must not
+ call memset because output_buffer may be NULL in this case */
+ return;
+ }
+
+ if (status == PSA_SUCCESS) {
+ offset = output_buffer_length;
+ }
+
+ memset(output_buffer + offset, '!', output_buffer_size - offset);
+}
/****************************************************************/
/* Key management */
/****************************************************************/
-psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
- size_t bits )
+psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
+ size_t bits)
{
/* Check that the bit size is acceptable for the key type */
- switch( type )
- {
+ switch (type) {
case PSA_KEY_TYPE_RAW_DATA:
case PSA_KEY_TYPE_HMAC:
case PSA_KEY_TYPE_DERIVE:
@@ -106,41 +149,47 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
break;
#if defined(PSA_WANT_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_ARIA)
case PSA_KEY_TYPE_ARIA:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
case PSA_KEY_TYPE_CAMELLIA:
- if( bits != 128 && bits != 192 && bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 128 && bits != 192 && bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_DES)
case PSA_KEY_TYPE_DES:
- if( bits != 64 && bits != 128 && bits != 192 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 64 && bits != 128 && bits != 192) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
case PSA_KEY_TYPE_CHACHA20:
- if( bits != 256 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (bits != 256) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif
default:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (bits % 8 != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- if( bits % 8 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Check whether a given key type is valid for use with a given MAC algorithm
@@ -159,89 +208,92 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
*/
MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
- psa_key_type_t key_type )
+ psa_key_type_t key_type)
{
- if( PSA_ALG_IS_HMAC( algorithm ) )
- {
- if( key_type == PSA_KEY_TYPE_HMAC )
- return( PSA_SUCCESS );
+ if (PSA_ALG_IS_HMAC(algorithm)) {
+ if (key_type == PSA_KEY_TYPE_HMAC) {
+ return PSA_SUCCESS;
+ }
}
- if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
- {
+ if (PSA_ALG_IS_BLOCK_CIPHER_MAC(algorithm)) {
/* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
* key. */
- if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
- PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
- {
+ if ((key_type & PSA_KEY_TYPE_CATEGORY_MASK) ==
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC) {
/* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
* the block length (larger than 1) for block ciphers. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
- return( PSA_SUCCESS );
+ if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1) {
+ return PSA_SUCCESS;
+ }
}
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- size_t buffer_length )
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+ size_t buffer_length)
{
- if( slot->key.data != NULL )
- return( PSA_ERROR_ALREADY_EXISTS );
+ if (slot->key.data != NULL) {
+ return PSA_ERROR_ALREADY_EXISTS;
+ }
- slot->key.data = mbedtls_calloc( 1, buffer_length );
- if( slot->key.data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ slot->key.data = mbedtls_calloc(1, buffer_length);
+ if (slot->key.data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
slot->key.bytes = buffer_length;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
- const uint8_t *data,
- size_t data_length )
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length)
{
- psa_status_t status = psa_allocate_buffer_to_slot( slot,
- data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = psa_allocate_buffer_to_slot(slot,
+ data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- memcpy( slot->key.data, data, data_length );
- return( PSA_SUCCESS );
+ memcpy(slot->key.data, data, data_length);
+ return PSA_SUCCESS;
}
psa_status_t psa_import_key_into_slot(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits )
+ size_t *key_buffer_length, size_t *bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
/* zero-length keys are never supported. */
- if( data_length == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (data_length == 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- if( key_type_is_raw_bytes( type ) )
- {
- *bits = PSA_BYTES_TO_BITS( data_length );
+ if (key_type_is_raw_bytes(type)) {
+ *bits = PSA_BYTES_TO_BITS(data_length);
- status = psa_validate_unstructured_key_bit_size( attributes->core.type,
- *bits );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_unstructured_key_bit_size(attributes->core.type,
+ *bits);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Copy the key material. */
- memcpy( key_buffer, data, data_length );
+ memcpy(key_buffer, data, data_length);
*key_buffer_length = data_length;
- (void)key_buffer_size;
+ (void) key_buffer_size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
/** Calculate the intersection of two algorithm usage policies.
@@ -251,63 +303,61 @@ psa_status_t psa_import_key_into_slot(
static psa_algorithm_t psa_key_policy_algorithm_intersection(
psa_key_type_t key_type,
psa_algorithm_t alg1,
- psa_algorithm_t alg2 )
+ psa_algorithm_t alg2)
{
/* Common case: both sides actually specify the same policy. */
- if( alg1 == alg2 )
- return( alg1 );
+ if (alg1 == alg2) {
+ return alg1;
+ }
/* If the policies are from the same hash-and-sign family, check
* if one is a wildcard. If so the other has the specific algorithm. */
- if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
- PSA_ALG_IS_SIGN_HASH( alg2 ) &&
- ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
- {
- if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
- return( alg2 );
- if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
- return( alg1 );
+ if (PSA_ALG_IS_SIGN_HASH(alg1) &&
+ PSA_ALG_IS_SIGN_HASH(alg2) &&
+ (alg1 & ~PSA_ALG_HASH_MASK) == (alg2 & ~PSA_ALG_HASH_MASK)) {
+ if (PSA_ALG_SIGN_GET_HASH(alg1) == PSA_ALG_ANY_HASH) {
+ return alg2;
+ }
+ if (PSA_ALG_SIGN_GET_HASH(alg2) == PSA_ALG_ANY_HASH) {
+ return alg1;
+ }
}
/* If the policies are from the same AEAD family, check whether
* one of them is a minimum-tag-length wildcard. Calculate the most
* restrictive tag length. */
- if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
- {
- size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
- size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
+ if (PSA_ALG_IS_AEAD(alg1) && PSA_ALG_IS_AEAD(alg2) &&
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg1, 0) ==
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg2, 0))) {
+ size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg1);
+ size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg2);
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
- if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
- alg1, restricted_len ) );
+ if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ ((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+ alg1, restricted_len);
}
/* If only one is a wildcard, return specific algorithm if compatible. */
- if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( alg1_len <= alg2_len ) )
- {
- return( alg2 );
+ if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ (alg1_len <= alg2_len)) {
+ return alg2;
}
- if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( alg2_len <= alg1_len ) )
- {
- return( alg1 );
+ if (((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ (alg2_len <= alg1_len)) {
+ return alg1;
}
}
/* If the policies are from the same MAC family, check whether one
* of them is a minimum-MAC-length policy. Calculate the most
* restrictive tag length. */
- if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
- ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
- PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
- {
+ if (PSA_ALG_IS_MAC(alg1) && PSA_ALG_IS_MAC(alg2) &&
+ (PSA_ALG_FULL_LENGTH_MAC(alg1) ==
+ PSA_ALG_FULL_LENGTH_MAC(alg2))) {
/* Validate the combination of key type and algorithm. Since the base
* algorithm of alg1 and alg2 are the same, we only need this once. */
- if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
- return( 0 );
+ if (PSA_SUCCESS != psa_mac_key_can_do(alg1, key_type)) {
+ return 0;
+ }
/* Get the (exact or at-least) output lengths for both sides of the
* requested intersection. None of the currently supported algorithms
@@ -317,79 +367,76 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection(
* Note that for at-least-this-length wildcard algorithms, the output
* length is set to the shortest allowed length, which allows us to
* calculate the most restrictive tag length for the intersection. */
- size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
- size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
+ size_t alg1_len = PSA_MAC_LENGTH(key_type, 0, alg1);
+ size_t alg2_len = PSA_MAC_LENGTH(key_type, 0, alg2);
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
- if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
- ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
+ if (((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+ ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg1, restricted_len);
}
/* If only one is an at-least-this-length policy, the intersection would
* be the other (fixed-length) policy as long as said fixed length is
* equal to or larger than the shortest allowed length. */
- if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
+ if ((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return (alg1_len <= alg2_len) ? alg2 : 0;
}
- if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
+ if ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return (alg2_len <= alg1_len) ? alg1 : 0;
}
/* If none of them are wildcards, check whether they define the same tag
* length. This is still possible here when one is default-length and
* the other specific-length. Ensure to always return the
* specific-length version for the intersection. */
- if( alg1_len == alg2_len )
- return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
+ if (alg1_len == alg2_len) {
+ return PSA_ALG_TRUNCATED_MAC(alg1, alg1_len);
+ }
}
/* If the policies are incompatible, allow nothing. */
- return( 0 );
+ return 0;
}
-static int psa_key_algorithm_permits( psa_key_type_t key_type,
- psa_algorithm_t policy_alg,
- psa_algorithm_t requested_alg )
+static int psa_key_algorithm_permits(psa_key_type_t key_type,
+ psa_algorithm_t policy_alg,
+ psa_algorithm_t requested_alg)
{
/* Common case: the policy only allows requested_alg. */
- if( requested_alg == policy_alg )
- return( 1 );
+ if (requested_alg == policy_alg) {
+ return 1;
+ }
/* If policy_alg is a hash-and-sign with a wildcard for the hash,
* and requested_alg is the same hash-and-sign family with any hash,
* then requested_alg is compliant with policy_alg. */
- if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
- PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
- {
- return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
- ( requested_alg & ~PSA_ALG_HASH_MASK ) );
+ if (PSA_ALG_IS_SIGN_HASH(requested_alg) &&
+ PSA_ALG_SIGN_GET_HASH(policy_alg) == PSA_ALG_ANY_HASH) {
+ return (policy_alg & ~PSA_ALG_HASH_MASK) ==
+ (requested_alg & ~PSA_ALG_HASH_MASK);
}
/* If policy_alg is a wildcard AEAD algorithm of the same base as
* the requested algorithm, check the requested tag length to be
* equal-length or longer than the wildcard-specified length. */
- if( PSA_ALG_IS_AEAD( policy_alg ) &&
- PSA_ALG_IS_AEAD( requested_alg ) &&
- ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
- PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
- ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
- {
- return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
- PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
+ if (PSA_ALG_IS_AEAD(policy_alg) &&
+ PSA_ALG_IS_AEAD(requested_alg) &&
+ (PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, 0) ==
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(requested_alg, 0)) &&
+ ((policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+ return PSA_ALG_AEAD_GET_TAG_LENGTH(policy_alg) <=
+ PSA_ALG_AEAD_GET_TAG_LENGTH(requested_alg);
}
/* If policy_alg is a MAC algorithm of the same base as the requested
* algorithm, check whether their MAC lengths are compatible. */
- if( PSA_ALG_IS_MAC( policy_alg ) &&
- PSA_ALG_IS_MAC( requested_alg ) &&
- ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
- PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
- {
+ if (PSA_ALG_IS_MAC(policy_alg) &&
+ PSA_ALG_IS_MAC(requested_alg) &&
+ (PSA_ALG_FULL_LENGTH_MAC(policy_alg) ==
+ PSA_ALG_FULL_LENGTH_MAC(requested_alg))) {
/* Validate the combination of key type and algorithm. Since the policy
* and requested algorithms are the same, we only need this once. */
- if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
- return( 0 );
+ if (PSA_SUCCESS != psa_mac_key_can_do(policy_alg, key_type)) {
+ return 0;
+ }
/* Get both the requested output length for the algorithm which is to be
* verified, and the default output length for the base algorithm.
@@ -397,44 +444,42 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type,
* length dependent on actual key size, so setting it to a bogus value
* of 0 is currently OK. */
size_t requested_output_length = PSA_MAC_LENGTH(
- key_type, 0, requested_alg );
+ key_type, 0, requested_alg);
size_t default_output_length = PSA_MAC_LENGTH(
- key_type, 0,
- PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
+ key_type, 0,
+ PSA_ALG_FULL_LENGTH_MAC(requested_alg));
/* If the policy is default-length, only allow an algorithm with
* a declared exact-length matching the default. */
- if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
- return( requested_output_length == default_output_length );
+ if (PSA_MAC_TRUNCATED_LENGTH(policy_alg) == 0) {
+ return requested_output_length == default_output_length;
+ }
/* If the requested algorithm is default-length, allow it if the policy
* length exactly matches the default length. */
- if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
- PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
- {
- return( 1 );
+ if (PSA_MAC_TRUNCATED_LENGTH(requested_alg) == 0 &&
+ PSA_MAC_TRUNCATED_LENGTH(policy_alg) == default_output_length) {
+ return 1;
}
/* If policy_alg is an at-least-this-length wildcard MAC algorithm,
* check for the requested MAC length to be equal to or longer than the
* minimum allowed length. */
- if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
- {
- return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
- requested_output_length );
+ if ((policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+ return PSA_MAC_TRUNCATED_LENGTH(policy_alg) <=
+ requested_output_length;
}
}
/* If policy_alg is a generic key agreement operation, then using it for
* a key derivation with that key agreement should also be allowed. This
* behaviour is expected to be defined in a future specification version. */
- if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
- PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
- {
- return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
- policy_alg );
+ if (PSA_ALG_IS_RAW_KEY_AGREEMENT(policy_alg) &&
+ PSA_ALG_IS_KEY_AGREEMENT(requested_alg)) {
+ return PSA_ALG_KEY_AGREEMENT_GET_BASE(requested_alg) ==
+ policy_alg;
}
/* If it isn't explicitly permitted, it's forbidden. */
- return( 0 );
+ return 0;
}
/** Test whether a policy permits an algorithm.
@@ -452,23 +497,26 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type,
* \retval PSA_ERROR_NOT_PERMITTED When \p alg is a specific algorithm, but
* the \p policy does not allow it.
*/
-static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
- psa_key_type_t key_type,
- psa_algorithm_t alg )
+static psa_status_t psa_key_policy_permits(const psa_key_policy_t *policy,
+ psa_key_type_t key_type,
+ psa_algorithm_t alg)
{
/* '0' is not a valid algorithm */
- if( alg == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (alg == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* A requested algorithm cannot be a wildcard. */
- if( PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_ALG_IS_WILDCARD(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
- psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
- return( PSA_SUCCESS );
- else
- return( PSA_ERROR_NOT_PERMITTED );
+ if (psa_key_algorithm_permits(key_type, policy->alg, alg) ||
+ psa_key_algorithm_permits(key_type, policy->alg2, alg)) {
+ return PSA_SUCCESS;
+ } else {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
}
/** Restrict a key policy based on a constraint.
@@ -492,68 +540,84 @@ static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
static psa_status_t psa_restrict_key_policy(
psa_key_type_t key_type,
psa_key_policy_t *policy,
- const psa_key_policy_t *constraint )
+ const psa_key_policy_t *constraint)
{
psa_algorithm_t intersection_alg =
- psa_key_policy_algorithm_intersection( key_type, policy->alg,
- constraint->alg );
+ psa_key_policy_algorithm_intersection(key_type, policy->alg,
+ constraint->alg);
psa_algorithm_t intersection_alg2 =
- psa_key_policy_algorithm_intersection( key_type, policy->alg2,
- constraint->alg2 );
- if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ psa_key_policy_algorithm_intersection(key_type, policy->alg2,
+ constraint->alg2);
+ if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
policy->usage &= constraint->usage;
policy->alg = intersection_alg;
policy->alg2 = intersection_alg2;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_get_and_lock_key_slot_with_policy(
+/** Get the description of a key given its identifier and policy constraints
+ * and lock it.
+ *
+ * The key must have allow all the usage flags set in \p usage. If \p alg is
+ * nonzero, the key must allow operations with this algorithm. If \p alg is
+ * zero, the algorithm is not checked.
+ *
+ * In case of a persistent key, the function loads the description of the key
+ * into a key slot if not already done.
+ *
+ * On success, the returned key slot is locked. It is the responsibility of
+ * the caller to unlock the key slot when it does not access it anymore.
+ */
+static psa_status_t psa_get_and_lock_key_slot_with_policy(
mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
+ psa_key_slot_t *slot = NULL;
- status = psa_get_and_lock_key_slot( key, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot(key, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
slot = *p_slot;
/* Enforce that usage policy for the key slot contains all the flags
* required by the usage parameter. There is one exception: public
* keys can always be exported, so we treat public key objects as
* if they had the export flag. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
usage &= ~PSA_KEY_USAGE_EXPORT;
+ }
- if( ( slot->attr.policy.usage & usage ) != usage )
- {
+ if ((slot->attr.policy.usage & usage) != usage) {
status = PSA_ERROR_NOT_PERMITTED;
goto error;
}
/* Enforce that the usage policy permits the requested algorithm. */
- if( alg != 0 )
- {
- status = psa_key_policy_permits( &slot->attr.policy,
- slot->attr.type,
- alg );
- if( status != PSA_SUCCESS )
+ if (alg != 0) {
+ status = psa_key_policy_permits(&slot->attr.policy,
+ slot->attr.type,
+ alg);
+ if (status != PSA_SUCCESS) {
goto error;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
error:
*p_slot = NULL;
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
/** Get a key slot containing a transparent key and lock it.
@@ -573,58 +637,55 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
- psa_algorithm_t alg )
+ psa_algorithm_t alg)
{
- psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot,
- usage, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_status_t status = psa_get_and_lock_key_slot_with_policy(key, p_slot,
+ usage, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime )
+ if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)
#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
&& PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION
-#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
- )
- {
- psa_unlock_key_slot( *p_slot );
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+ ) {
+ psa_unlock_key_slot(*p_slot);
*p_slot = NULL;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
- /* Data pointer will always be either a valid pointer or NULL in an
- * initialized slot, so we can just free it. */
- if( slot->key.data != NULL )
- mbedtls_platform_zeroize( slot->key.data, slot->key.bytes);
+ if (slot->key.data != NULL) {
+ mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
+ }
- mbedtls_free( slot->key.data );
slot->key.data = NULL;
slot->key.bytes = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
-{
- psa_status_t status = psa_remove_key_data_from_memory( slot );
-
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report an unexpected lock counter. Assert with
- * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
- * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
- * function is called as part of the execution of a test suite, the
- * execution of the test suite is stopped in error if the assertion fails.
- */
- if( slot->lock_count != 1 )
- {
- MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count == 1 );
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
+{
+ psa_status_t status = psa_remove_key_data_from_memory(slot);
+
+ /*
+ * As the return error code may not be handled in case of multiple errors,
+ * do our best to report an unexpected lock counter. Assert with
+ * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
+ * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
+ * function is called as part of the execution of a test suite, the
+ * execution of the test suite is stopped in error if the assertion fails.
+ */
+ if (slot->lock_count != 1) {
+ MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1);
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -636,18 +697,19 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
* zeroize because the metadata is not particularly sensitive. */
- memset( slot, 0, sizeof( *slot ) );
- return( status );
+ memset(slot, 0, sizeof(*slot));
+ return status;
}
-psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
{
psa_key_slot_t *slot;
psa_status_t status; /* status of the last operation */
psa_status_t overall_status = PSA_SUCCESS;
- if( mbedtls_svc_key_id_is_null( key ) )
- return( PSA_SUCCESS );
+ if (mbedtls_svc_key_id_is_null(key)) {
+ return PSA_SUCCESS;
+ }
/*
* Get the description of the key in a key slot. In case of a persistent
@@ -656,9 +718,10 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
* the key is operated by an SE or not and this information is needed by
* the current implementation.
*/
- status = psa_get_and_lock_key_slot( key, &slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot(key, &slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/*
* If the key slot containing the key description is under access by the
@@ -667,14 +730,12 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
* implemented), the key should be destroyed when all accesses have
* stopped.
*/
- if( slot->lock_count > 1 )
- {
- psa_unlock_key_slot( slot );
- return( PSA_ERROR_GENERIC_ERROR );
+ if (slot->lock_count > 1) {
+ psa_unlock_key_slot(slot);
+ return PSA_ERROR_GENERIC_ERROR;
}
- if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
/* Refuse the destruction of a read-only key (which may or may not work
* if we attempt it, depending on whether the key is merely read-only
* by policy or actually physically read-only).
@@ -685,11 +746,11 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
- status = psa_destroy_persistent_key( slot->attr.id );
- if( overall_status == PSA_SUCCESS )
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
+ status = psa_destroy_persistent_key(slot->attr.id);
+ if (overall_status == PSA_SUCCESS) {
overall_status = status;
+ }
/* TODO: other slots may have a copy of the same key. We should
* invalidate them.
@@ -699,94 +760,97 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
exit:
- status = psa_wipe_key_slot( slot );
+ status = psa_wipe_key_slot(slot);
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
overall_status = status;
- return( overall_status );
+ }
+ return overall_status;
}
/** Retrieve all the publicly-accessible attributes of a key.
*/
-psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
- psa_key_attributes_t *attributes )
+psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
+ psa_key_attributes_t *attributes)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- psa_reset_key_attributes( attributes );
+ psa_reset_key_attributes(attributes);
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
attributes->core = slot->attr;
- attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
- MBEDTLS_PSA_KA_MASK_DUAL_USE );
+ attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE);
- if( status != PSA_SUCCESS )
- psa_reset_key_attributes( attributes );
+ if (status != PSA_SUCCESS) {
+ psa_reset_key_attributes(attributes);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-static psa_status_t psa_export_key_buffer_internal( const uint8_t *key_buffer,
- size_t key_buffer_size,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
- if( key_buffer_size > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, key_buffer, key_buffer_size );
- memset( data + key_buffer_size, 0,
- data_size - key_buffer_size );
+ if (key_buffer_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(data, key_buffer, key_buffer_size);
+ memset(data + key_buffer_size, 0,
+ data_size - key_buffer_size);
*data_length = key_buffer_size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_export_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
- if( key_type_is_raw_bytes( type ) ||
- PSA_KEY_TYPE_IS_RSA( type ) ||
- PSA_KEY_TYPE_IS_ECC( type ) )
- {
- return( psa_export_key_buffer_internal(
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
- }
- else
- {
+ if (key_type_is_raw_bytes(type) ||
+ PSA_KEY_TYPE_IS_RSA(type) ||
+ PSA_KEY_TYPE_IS_ECC(type)) {
+ return psa_export_key_buffer_internal(
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+ } else {
/* This shouldn't happen in the reference implementation, but
it is valid for a special-purpose implementation to omit
support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
-psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
- if( data_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
/* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting
@@ -798,21 +862,22 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
* which don't require any flag, but
* psa_get_and_lock_key_slot_with_policy() takes care of this.
*/
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_EXPORT, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_EXPORT, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
- status = psa_driver_wrapper_export_key( &attributes,
- slot->key.data, slot->key.bytes,
- data, data_size, data_length );
+ status = psa_driver_wrapper_export_key(&attributes,
+ slot->key.data, slot->key.bytes,
+ data, data_size, data_length);
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
psa_status_t psa_export_public_key_internal(
@@ -821,40 +886,51 @@ psa_status_t psa_export_public_key_internal(
size_t key_buffer_size,
uint8_t *data,
size_t data_size,
- size_t *data_length )
+ size_t *data_length)
{
psa_key_type_t type = attributes->core.type;
- if( PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) )
- {
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
- {
- /* Exporting public -> public */
- return( psa_export_key_buffer_internal(
- key_buffer, key_buffer_size,
- data, data_size, data_length ) );
- }
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
+ (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) ||
+ PSA_KEY_TYPE_IS_DH(type))) {
+ /* Exporting public -> public */
+ return psa_export_key_buffer_internal(
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+ } else if (PSA_KEY_TYPE_IS_RSA(type)) {
+ /* We don't know how to convert a private RSA key to public. */
+ return PSA_ERROR_NOT_SUPPORTED;
+ } else if (PSA_KEY_TYPE_IS_ECC(type)) {
+ /* We don't know how to convert a private ECC key to public */
+ return PSA_ERROR_NOT_SUPPORTED;
+ } else if (PSA_KEY_TYPE_IS_DH(type)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ } else {
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) data;
+ (void) data_size;
+ (void) data_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
- /* This shouldn't happen in the reference implementation, but
- it is valid for a special-purpose implementation to omit
- support for exporting certain key types. */
- return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length )
+psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
- if( data_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (data_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
/* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting
@@ -863,37 +939,38 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
*data_length = 0;
/* Exporting a public key doesn't require a usage flag. */
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
+ if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
&attributes, slot->key.data, slot->key.bytes,
- data, data_size, data_length );
+ data, data_size, data_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-#if defined(static_assert)
-static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
- "One or more key attribute flag is listed as both external-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
- "One or more key attribute flag is listed as both internal-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
- "One or more key attribute flag is listed as both internal-only and external-only" );
-#endif
+MBEDTLS_STATIC_ASSERT(
+ (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both external-only and dual-use")
+MBEDTLS_STATIC_ASSERT(
+ (PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both internal-only and dual-use")
+MBEDTLS_STATIC_ASSERT(
+ (PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
+ "One or more key attribute flag is listed as both internal-only and external-only")
/** Validate that a key policy is internally well-formed.
*
@@ -901,21 +978,22 @@ static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY )
* consistency of the policy with respect to other attributes of the key
* such as the key type.
*/
-static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
+static psa_status_t psa_validate_key_policy(const psa_key_policy_t *policy)
{
- if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
- PSA_KEY_USAGE_COPY |
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE |
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_VERIFY_DERIVATION |
- PSA_KEY_USAGE_DERIVE ) ) != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_COPY |
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_VERIFY_DERIVATION |
+ PSA_KEY_USAGE_DERIVE)) != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Validate the internal consistency of key attributes.
@@ -933,48 +1011,52 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
*/
static psa_status_t psa_validate_key_attributes(
const psa_key_attributes_t *attributes,
- psa_se_drv_table_entry_t **p_drv )
+ psa_se_drv_table_entry_t **p_drv)
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
- mbedtls_svc_key_id_t key = psa_get_key_id( attributes );
-
- status = psa_validate_key_location( lifetime, p_drv );
- if( status != PSA_SUCCESS )
- return( status );
+ psa_key_lifetime_t lifetime = psa_get_key_lifetime(attributes);
+ mbedtls_svc_key_id_t key = psa_get_key_id(attributes);
- status = psa_validate_key_persistence( lifetime );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_key_location(lifetime, p_drv);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
- if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ status = psa_validate_key_persistence(lifetime);
+ if (status != PSA_SUCCESS) {
+ return status;
}
- else
- {
- if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key) != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else {
+ if (!psa_is_valid_key_id(psa_get_key_id(attributes), 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
- status = psa_validate_key_policy( &attributes->core.policy );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_key_policy(&attributes->core.policy);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Refuse to create overly large keys.
* Note that this doesn't trigger on import if the attributes don't
* explicitly specify a size (so psa_get_key_bits returns 0), so
* psa_import_key() needs its own checks. */
- if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (psa_get_key_bits(attributes) > PSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Reject invalid flags. These should not be reachable through the API. */
- if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
- MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+ MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Prepare a key slot to receive key material.
@@ -1010,7 +1092,7 @@ static psa_status_t psa_start_key_creation(
psa_key_creation_method_t method,
const psa_key_attributes_t *attributes,
psa_key_slot_t **p_slot,
- psa_se_drv_table_entry_t **p_drv )
+ psa_se_drv_table_entry_t **p_drv)
{
psa_status_t status;
psa_key_id_t volatile_key_id;
@@ -1019,13 +1101,15 @@ static psa_status_t psa_start_key_creation(
(void) method;
*p_drv = NULL;
- status = psa_validate_key_attributes( attributes, p_drv );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_validate_key_attributes(attributes, p_drv);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
slot = *p_slot;
/* We're storing the declared bit-size of the key. It's up to each
@@ -1037,8 +1121,7 @@ static psa_status_t psa_start_key_creation(
* definition. */
slot->attr = attributes->core;
- if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
slot->attr.id = volatile_key_id;
#else
@@ -1053,7 +1136,7 @@ static psa_status_t psa_start_key_creation(
* may have set. */
slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Finalize the creation of a key once its key material has been set.
@@ -1076,12 +1159,12 @@ static psa_status_t psa_start_key_creation(
*
* \retval #PSA_SUCCESS
* The key was successfully created.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
*
* \return If this function fails, the key slot is an invalid state.
* You must call psa_fail_key_creation() to wipe and free the slot.
@@ -1096,25 +1179,24 @@ static psa_status_t psa_finish_key_creation(
(void) driver;
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
- {
+ if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
/* Key material is saved in export representation in the slot, so
* just pass the slot buffer for storage. */
- status = psa_save_persistent_key( &slot->attr,
- slot->key.data,
- slot->key.bytes );
+ status = psa_save_persistent_key(&slot->attr,
+ slot->key.data,
+ slot->key.bytes);
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
- if( status == PSA_SUCCESS )
- {
+ if (status == PSA_SUCCESS) {
*key = slot->attr.id;
- status = psa_unlock_key_slot( slot );
- if( status != PSA_SUCCESS )
+ status = psa_unlock_key_slot(slot);
+ if (status != PSA_SUCCESS) {
*key = MBEDTLS_SVC_KEY_ID_INIT;
+ }
}
- return( status );
+ return status;
}
/** Abort the creation of a key.
@@ -1129,15 +1211,16 @@ static psa_status_t psa_finish_key_creation(
* \param[in] driver The secure element driver for the key,
* or NULL for a transparent key.
*/
-static void psa_fail_key_creation( psa_key_slot_t *slot,
- psa_se_drv_table_entry_t *driver )
+static void psa_fail_key_creation(psa_key_slot_t *slot,
+ psa_se_drv_table_entry_t *driver)
{
(void) driver;
- if( slot == NULL )
+ if (slot == NULL) {
return;
+ }
- psa_wipe_key_slot( slot );
+ psa_wipe_key_slot(slot);
}
/** Validate optional attributes during key creation.
@@ -1151,34 +1234,33 @@ static void psa_fail_key_creation( psa_key_slot_t *slot,
*/
static psa_status_t psa_validate_optional_attributes(
const psa_key_slot_t *slot,
- const psa_key_attributes_t *attributes )
+ const psa_key_attributes_t *attributes)
{
- if( attributes->core.type != 0 )
- {
- if( attributes->core.type != slot->attr.type )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.type != 0) {
+ if (attributes->core.type != slot->attr.type) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS) /* !!OM */
- if( attributes->domain_parameters_size != 0 )
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->domain_parameters_size != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
#endif /* PSA_USE_KEY_DOMAIN_PARAMETERS */
- if( attributes->core.bits != 0 )
- {
- if( attributes->core.bits != slot->attr.bits )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (attributes->core.bits != 0) {
+ if (attributes->core.bits != slot->attr.bits) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -1191,75 +1273,79 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
/* Reject zero-length symmetric keys (including raw data key objects).
* This also rejects any key which might be encoded as an empty string,
* which is never valid. */
- if( data_length == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (data_length == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Ensure that the bytes-to-bits conversion cannot overflow. */
- if( data_length > SIZE_MAX / 8 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (data_length > SIZE_MAX / 8) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
- &slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
+ &slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* In the case of a transparent key or an opaque key stored in local
* storage ( thus not in the case of importing a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
- if( slot->key.data == NULL )
- {
- if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
- {
+ if (slot->key.data == NULL) {
+ if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
- attributes, data, data_length, &storage_size );
- if( status != PSA_SUCCESS )
+ attributes, data, data_length, &storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_allocate_buffer_to_slot( slot, storage_size );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(slot, storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
bits = slot->attr.bits;
- status = psa_driver_wrapper_import_key( attributes,
- data, data_length,
- slot->key.data,
- slot->key.bytes,
- &slot->key.bytes, &bits );
- if( status != PSA_SUCCESS )
+ status = psa_driver_wrapper_import_key(attributes,
+ data, data_length,
+ slot->key.data,
+ slot->key.bytes,
+ &slot->key.bytes, &bits);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( slot->attr.bits == 0 )
+ if (slot->attr.bits == 0) {
slot->attr.bits = (psa_key_bits_t) bits;
- else if( bits != slot->attr.bits )
- {
+ } else if (bits != slot->attr.bits) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type.*/
- if( bits > PSA_MAX_KEY_BITS )
- {
+ if (bits > PSA_MAX_KEY_BITS) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
- status = psa_validate_optional_attributes( slot, attributes );
- if( status != PSA_SUCCESS )
+ status = psa_validate_optional_attributes(slot, attributes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_finish_key_creation( slot, driver, key );
+ status = psa_finish_key_creation(slot, driver, key);
exit:
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
- const psa_key_attributes_t *specified_attributes,
- mbedtls_svc_key_id_t *target_key )
+psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
+ const psa_key_attributes_t *specified_attributes,
+ mbedtls_svc_key_id_t *target_key)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1272,14 +1358,16 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
*target_key = MBEDTLS_SVC_KEY_ID_INIT;
status = psa_get_and_lock_key_slot_with_policy(
- source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 );
- if( status != PSA_SUCCESS )
+ source_key, &source_slot, PSA_KEY_USAGE_COPY, 0);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_validate_optional_attributes( source_slot,
- specified_attributes );
- if( status != PSA_SUCCESS )
+ status = psa_validate_optional_attributes(source_slot,
+ specified_attributes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* The target key type and number of bits have been validated by
* psa_validate_optional_attributes() to be either equal to zero or
@@ -1290,19 +1378,20 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
actual_attributes.core.type = source_slot->attr.type;
- status = psa_restrict_key_policy( source_slot->attr.type,
- &actual_attributes.core.policy,
- &source_slot->attr.policy );
- if( status != PSA_SUCCESS )
+ status = psa_restrict_key_policy(source_slot->attr.type,
+ &actual_attributes.core.policy,
+ &source_slot->attr.policy);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
- &target_slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_COPY, &actual_attributes,
+ &target_slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
- if( PSA_KEY_LIFETIME_GET_LOCATION( target_slot->attr.lifetime ) !=
- PSA_KEY_LIFETIME_GET_LOCATION( source_slot->attr.lifetime ) )
- {
+ }
+ if (PSA_KEY_LIFETIME_GET_LOCATION(target_slot->attr.lifetime) !=
+ PSA_KEY_LIFETIME_GET_LOCATION(source_slot->attr.lifetime)) {
/*
* If the source and target keys are stored in different locations,
* the source key would need to be exported as plaintext and re-imported
@@ -1319,42 +1408,44 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
* - For opaque keys this translates to an invocation of the drivers'
* copy_key entry point through the dispatch layer.
* */
- if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
- {
- status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes,
- &storage_size );
- if( status != PSA_SUCCESS )
+ if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
+ status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes,
+ &storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_allocate_buffer_to_slot( target_slot, storage_size );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(target_slot, storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_driver_wrapper_copy_key( &actual_attributes,
- source_slot->key.data,
- source_slot->key.bytes,
- target_slot->key.data,
- target_slot->key.bytes,
- &target_slot->key.bytes );
- if( status != PSA_SUCCESS )
+ status = psa_driver_wrapper_copy_key(&actual_attributes,
+ source_slot->key.data,
+ source_slot->key.bytes,
+ target_slot->key.data,
+ target_slot->key.bytes,
+ &target_slot->key.bytes);
+ if (status != PSA_SUCCESS) {
goto exit;
- }
- else
- {
- status = psa_copy_key_material_into_slot( target_slot,
+ }
+ } else {
+ status = psa_copy_key_material_into_slot(target_slot,
source_slot->key.data,
- source_slot->key.bytes );
- if( status != PSA_SUCCESS )
+ source_slot->key.bytes);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_finish_key_creation( target_slot, driver, target_key );
+ status = psa_finish_key_creation(target_slot, driver, target_key);
exit:
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( target_slot, driver );
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(target_slot, driver);
+ }
- unlock_status = psa_unlock_key_slot( source_slot );
+ unlock_status = psa_unlock_key_slot(source_slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -1363,178 +1454,185 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
/* Message digests */
/****************************************************************/
-psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
+psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
/* Aborting a non-active operation is allowed */
- if( operation->id == 0 )
- return( PSA_SUCCESS );
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_hash_abort( operation );
+ psa_status_t status = psa_driver_wrapper_hash_abort(operation);
operation->id = 0;
- return( status );
+ return status;
}
-psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
- psa_algorithm_t alg )
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( !PSA_ALG_IS_HASH( alg ) )
- {
+ if (!PSA_ALG_IS_HASH(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
* directly zeroes the int-sized dummy member of the context union. */
- memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+ memset(&operation->ctx, 0, sizeof(operation->ctx));
- status = psa_driver_wrapper_hash_setup( operation, alg );
+ status = psa_driver_wrapper_hash_setup(operation, alg);
exit:
- if( status != PSA_SUCCESS )
- psa_hash_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(operation);
+ }
return status;
}
-psa_status_t psa_hash_update( psa_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length )
+psa_status_t psa_hash_update(psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
- if( input_length == 0 )
- return( PSA_SUCCESS );
+ if (input_length == 0) {
+ return PSA_SUCCESS;
+ }
- status = psa_driver_wrapper_hash_update( operation, input, input_length );
+ status = psa_driver_wrapper_hash_update(operation, input, input_length);
exit:
- if( status != PSA_SUCCESS )
- psa_hash_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length )
+psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
{
*hash_length = 0;
- if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->id == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
psa_status_t status = psa_driver_wrapper_hash_finish(
- operation, hash, hash_size, hash_length );
- psa_hash_abort( operation );
- return( status );
+ operation, hash, hash_size, hash_length);
+ psa_hash_abort(operation);
+ return status;
}
-psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
- const uint8_t *hash,
- size_t hash_length )
+psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
+ const uint8_t *hash,
+ size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
- operation,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length );
+ operation,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( actual_hash_length != hash_length )
- {
+ if (actual_hash_length != hash_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
+ }
exit:
- mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
- if( status != PSA_SUCCESS )
+ mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+ if (status != PSA_SUCCESS) {
psa_hash_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_hash_compute( psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size,
- size_t *hash_length )
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size,
+ size_t *hash_length)
{
*hash_length = 0;
- if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( psa_driver_wrapper_hash_compute( alg, input, input_length,
- hash, hash_size, hash_length ) );
+ return psa_driver_wrapper_hash_compute(alg, input, input_length,
+ hash, hash_size, hash_length);
}
-psa_status_t psa_hash_compare( psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- const uint8_t *hash, size_t hash_length )
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *hash, size_t hash_length)
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
- if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
+ if (!PSA_ALG_IS_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
psa_status_t status = psa_driver_wrapper_hash_compute(
- alg, input, input_length,
- actual_hash, sizeof(actual_hash),
- &actual_hash_length );
- if( status != PSA_SUCCESS )
+ alg, input, input_length,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length);
+ if (status != PSA_SUCCESS) {
goto exit;
- if( actual_hash_length != hash_length )
- {
+ }
+ if (actual_hash_length != hash_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
+ }
exit:
- mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
- return( status );
+ mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+ return status;
}
-psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation )
+psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation)
{
- if( source_operation->id == 0 ||
- target_operation->id != 0 )
- {
- return( PSA_ERROR_BAD_STATE );
+ if (source_operation->id == 0 ||
+ target_operation->id != 0) {
+ return PSA_ERROR_BAD_STATE;
}
- psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
- target_operation );
- if( status != PSA_SUCCESS )
- psa_hash_abort( target_operation );
+ psa_status_t status = psa_driver_wrapper_hash_clone(source_operation,
+ target_operation);
+ if (status != PSA_SUCCESS) {
+ psa_hash_abort(target_operation);
+ }
- return( status );
+ return status;
}
@@ -1542,59 +1640,59 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
/* MAC */
/****************************************************************/
-psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
/* Aborting a non-active operation is allowed */
- if( operation->id == 0 )
- return( PSA_SUCCESS );
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_mac_abort( operation );
+ psa_status_t status = psa_driver_wrapper_mac_abort(operation);
operation->mac_size = 0;
operation->is_sign = 0;
operation->id = 0;
- return( status );
+ return status;
}
static psa_status_t psa_mac_finalize_alg_and_key_validation(
psa_algorithm_t alg,
const psa_key_attributes_t *attributes,
- uint8_t *mac_size )
+ uint8_t *mac_size)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type( attributes );
- size_t key_bits = psa_get_key_bits( attributes );
+ psa_key_type_t key_type = psa_get_key_type(attributes);
+ size_t key_bits = psa_get_key_bits(attributes);
- if( ! PSA_ALG_IS_MAC( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_MAC(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Validate the combination of key type and algorithm */
- status = psa_mac_key_can_do( alg, key_type );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_mac_key_can_do(alg, key_type);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Get the output length for the algorithm and key combination */
- *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
+ *mac_size = PSA_MAC_LENGTH(key_type, key_bits, alg);
- if( *mac_size < 4 )
- {
+ if (*mac_size < 4) {
/* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist,
* so we make this our minimum, even though 32 bits is still
* too small for security. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
- PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
- {
+ if (*mac_size > PSA_MAC_LENGTH(key_type, key_bits,
+ PSA_ALG_FULL_LENGTH_MAC(alg))) {
/* It's impossible to "truncate" to a larger length than the full length
* of the algorithm. */
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- if( *mac_size > PSA_MAC_MAX_SIZE )
- {
+ if (*mac_size > PSA_MAC_MAX_SIZE) {
/* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
* that is disabled in the compile-time configuration. The result can
* therefore be larger than PSA_MAC_MAX_SIZE, which does take the
@@ -1604,144 +1702,143 @@ static psa_status_t psa_mac_finalize_alg_and_key_validation(
* PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
* is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
* systematically generated tests. */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- int is_sign )
+static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ int is_sign)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
status = psa_get_and_lock_key_slot_with_policy(
- key,
- &slot,
- is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
- alg );
- if( status != PSA_SUCCESS )
+ key,
+ &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
- status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
- &operation->mac_size );
- if( status != PSA_SUCCESS )
+ status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+ &operation->mac_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
operation->is_sign = is_sign;
/* Dispatch the MAC setup call with validated input */
- if( is_sign )
- {
- status = psa_driver_wrapper_mac_sign_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- }
- else
- {
- status = psa_driver_wrapper_mac_verify_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
+ if (is_sign) {
+ status = psa_driver_wrapper_mac_sign_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ } else {
+ status = psa_driver_wrapper_mac_verify_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
}
exit:
- if( status != PSA_SUCCESS )
- psa_mac_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_mac_abort(operation);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, key, alg, 1 ) );
+ return psa_mac_setup(operation, key, alg, 1);
}
-psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_mac_setup( operation, key, alg, 0 ) );
+ return psa_mac_setup(operation, key, alg, 0);
}
-psa_status_t psa_mac_update( psa_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length )
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
{
- if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->id == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
- if( input_length == 0 )
- return( PSA_SUCCESS );
+ if (input_length == 0) {
+ return PSA_SUCCESS;
+ }
- psa_status_t status = psa_driver_wrapper_mac_update( operation,
- input, input_length );
- if( status != PSA_SUCCESS )
- psa_mac_abort( operation );
+ psa_status_t status = psa_driver_wrapper_mac_update(operation,
+ input, input_length);
+ if (status != PSA_SUCCESS) {
+ psa_mac_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length )
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( ! operation->is_sign )
- {
+ if (!operation->is_sign) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
* once all the error checks are done. */
- if( operation->mac_size == 0 )
- {
+ if (operation->mac_size == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( mac_size < operation->mac_size )
- {
+ if (mac_size < operation->mac_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_driver_wrapper_mac_sign_finish( operation,
- mac, operation->mac_size,
- mac_length );
+ status = psa_driver_wrapper_mac_sign_finish(operation,
+ mac, operation->mac_size,
+ mac_length);
exit:
/* In case of success, set the potential excess room in the output buffer
@@ -1750,98 +1847,94 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
*mac_length = mac_size;
operation->mac_size = 0;
}
- if( mac_size > operation->mac_size )
- memset( &mac[operation->mac_size], '!',
- mac_size - operation->mac_size );
+ psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length);
- abort_status = psa_mac_abort( operation );
+ abort_status = psa_mac_abort(operation);
- return( status == PSA_SUCCESS ? abort_status : status );
+ return status == PSA_SUCCESS ? abort_status : status;
}
-psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length )
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->is_sign )
- {
+ if (operation->is_sign) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->mac_size != mac_length )
- {
+ if (operation->mac_size != mac_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- status = psa_driver_wrapper_mac_verify_finish( operation,
- mac, mac_length );
+ status = psa_driver_wrapper_mac_verify_finish(operation,
+ mac, mac_length);
exit:
- abort_status = psa_mac_abort( operation );
+ abort_status = psa_mac_abort(operation);
- return( status == PSA_SUCCESS ? abort_status : status );
+ return status == PSA_SUCCESS ? abort_status : status;
}
-static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length,
- int is_sign )
+static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length,
+ int is_sign)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
+ psa_key_attributes_t attributes;
status = psa_get_and_lock_key_slot_with_policy(
- key,
- &slot,
- is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
- alg );
- if( status != PSA_SUCCESS )
+ key,
+ &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
- status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
- &operation_mac_size );
- if( status != PSA_SUCCESS )
+ status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+ &operation_mac_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( mac_size < operation_mac_size )
- {
+ if (mac_size < operation_mac_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
status = psa_driver_wrapper_mac_compute(
- &attributes,
- slot->key.data, slot->key.bytes,
- alg,
- input, input_length,
- mac, operation_mac_size, mac_length );
+ &attributes,
+ slot->key.data, slot->key.bytes,
+ alg,
+ input, input_length,
+ mac, operation_mac_size, mac_length);
exit:
/* In case of success, set the potential excess room in the output buffer
@@ -1850,220 +1943,209 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
*mac_length = mac_size;
operation_mac_size = 0;
}
- if( mac_size > operation_mac_size )
- memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
- unlock_status = psa_unlock_key_slot( slot );
+ psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
+ unlock_status = psa_unlock_key_slot(slot);
-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- return( psa_mac_compute_internal( key, alg,
- input, input_length,
- mac, mac_size, mac_length, 1 ) );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
+psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
- const uint8_t *mac,
- size_t mac_length)
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ return psa_mac_compute_internal(key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1);
+}
+
+psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ size_t mac_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
size_t actual_mac_length;
- status = psa_mac_compute_internal( key, alg,
- input, input_length,
- actual_mac, sizeof( actual_mac ),
- &actual_mac_length, 0 );
- if( status != PSA_SUCCESS )
+ status = psa_mac_compute_internal(key, alg,
+ input, input_length,
+ actual_mac, sizeof(actual_mac),
+ &actual_mac_length, 0);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( mac_length != actual_mac_length )
- {
+ if (mac_length != actual_mac_length) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
- {
+ if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
exit:
- mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+ mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
- return ( status );
+ return status;
}
/****************************************************************/
/* Asymmetric cryptography */
/****************************************************************/
-static psa_status_t psa_sign_verify_check_alg( int input_is_message,
- psa_algorithm_t alg )
+static psa_status_t psa_sign_verify_check_alg(int input_is_message,
+ psa_algorithm_t alg)
{
- if( input_is_message )
- {
- if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (input_is_message) {
+ if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
- if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
+ if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ }
+ } else {
+ if (!PSA_ALG_IS_SIGN_HASH(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- }
- else
- {
- if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
- int input_is_message,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length )
+static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
*signature_length = 0;
- status = psa_sign_verify_check_alg( input_is_message, alg );
- if( status != PSA_SUCCESS )
+ status = psa_sign_verify_check_alg(input_is_message, alg);
+ if (status != PSA_SUCCESS) {
return status;
+ }
/* Immediately reject a zero-length signature buffer. This guarantees
* that signature must be a valid pointer. (On the other hand, the input
* buffer can in principle be empty since it doesn't actually have
* to be a hash.) */
- if( signature_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (signature_size == 0) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot,
- input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
- PSA_KEY_USAGE_SIGN_HASH,
- alg );
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
+ PSA_KEY_USAGE_SIGN_HASH,
+ alg);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
- {
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- if( input_is_message )
- {
+ if (input_is_message) {
status = psa_driver_wrapper_sign_message(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_size, signature_length );
- }
- else
- {
+ signature, signature_size, signature_length);
+ } else {
+
status = psa_driver_wrapper_sign_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_size, signature_length );
+ signature, signature_size, signature_length);
}
exit:
- /* Fill the unused part of the output buffer (the whole buffer on error,
- * the trailing part on success) with something that isn't a valid signature
- * (barring an attack on the signature and deliberately-crafted input),
- * in case the caller doesn't check the return status properly. */
- if( status == PSA_SUCCESS )
- memset( signature + *signature_length, '!',
- signature_size - *signature_length );
- else
- memset( signature, '!', signature_size );
- /* If signature_size is 0 then we have nothing to do. We must not call
- * memset because signature may be NULL in this case. */
+ psa_wipe_tag_output_buffer(signature, status, signature_size,
+ *signature_length);
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
- int input_is_message,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length )
+static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
- status = psa_sign_verify_check_alg( input_is_message, alg );
- if( status != PSA_SUCCESS )
+ status = psa_sign_verify_check_alg(input_is_message, alg);
+ if (status != PSA_SUCCESS) {
return status;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot,
- input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_VERIFY_HASH,
- alg );
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_VERIFY_HASH,
+ alg);
- if( status != PSA_SUCCESS )
- return( status );
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- if( input_is_message )
- {
+ if (input_is_message) {
status = psa_driver_wrapper_verify_message(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_length );
- }
- else
- {
+ signature, signature_length);
+ } else {
status = psa_driver_wrapper_verify_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- signature, signature_length );
+ signature, signature_length);
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -2076,43 +2158,43 @@ psa_status_t psa_sign_message_builtin(
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length )
+ size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
status = psa_driver_wrapper_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ),
- input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg),
+ input, input_length,
+ hash, sizeof(hash), &hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
return psa_driver_wrapper_sign_hash(
- attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length );
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length);
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length )
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
return psa_sign_internal(
key, 1, alg, input, input_length,
- signature, signature_size, signature_length );
+ signature, signature_size, signature_length);
}
psa_status_t psa_verify_message_builtin(
@@ -2123,119 +2205,83 @@ psa_status_t psa_verify_message_builtin(
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length )
+ size_t signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
status = psa_driver_wrapper_hash_compute(
- PSA_ALG_SIGN_GET_HASH( alg ),
- input, input_length,
- hash, sizeof( hash ), &hash_length );
+ PSA_ALG_SIGN_GET_HASH(alg),
+ input, input_length,
+ hash, sizeof(hash), &hash_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
return status;
+ }
return psa_driver_wrapper_verify_hash(
- attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length );
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length);
}
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * input,
- size_t input_length,
- const uint8_t * signature,
- size_t signature_length )
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
return psa_verify_internal(
key, 1, alg, input, input_length,
- signature, signature_length );
+ signature, signature_length);
}
-psa_status_t psa_sign_hash_builtin(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
-{
- (void)attributes;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_size;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
return psa_sign_internal(
key, 0, alg, hash, hash_length,
- signature, signature_size, signature_length );
-}
-
-psa_status_t psa_verify_hash_builtin(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
-{
- (void)attributes;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
+ signature, signature_size, signature_length);
}
-psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
{
return psa_verify_internal(
key, 0, alg, hash, hash_length,
- signature, signature_length );
+ signature, signature_length);
}
-psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@@ -2245,47 +2291,49 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
*output_length = 0;
- if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
- if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ||
- PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
- {
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) ||
+ PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
status = psa_driver_wrapper_asymmetric_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
- output, output_size, output_length );
+ output, output_size, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
(void) input;
(void) input_length;
@@ -2295,412 +2343,447 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
*output_length = 0;
- if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
- {
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
status = psa_driver_wrapper_asymmetric_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length, salt, salt_length,
- output, output_size, output_length );
+ output, output_size, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
+
+ return (status == PSA_SUCCESS) ? unlock_status : status;
+}
+
+/****************************************************************/
+/* Asymmetric interruptible cryptography */
+/****************************************************************/
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+psa_status_t psa_sign_hash_start(
+ psa_sign_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length)
+{
+ (void)operation;
+ (void)key;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
+psa_status_t psa_sign_hash_abort(
+ psa_sign_hash_interruptible_operation_t *operation)
+{
+ (void)operation;
+ return PSA_SUCCESS;
+}
+
+psa_status_t psa_verify_hash_start(
+ psa_verify_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length)
+{
+ (void)operation;
+ (void)key;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+psa_status_t psa_verify_hash_abort(
+ psa_verify_hash_interruptible_operation_t *operation)
+{
+ (void)operation;
+ return PSA_SUCCESS;
+}
/****************************************************************/
/* Symmetric cryptography */
/****************************************************************/
-static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- mbedtls_operation_t cipher_operation )
+static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ mbedtls_operation_t cipher_operation)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_DECRYPT );
+ psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_DECRYPT);
+ psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Initialize the operation struct members, except for id. The id member
* is used to indicate to psa_cipher_abort that there are resources to free,
* so we only set it (in the driver wrapper) after resources have been
* allocated/initialized. */
operation->iv_set = 0;
- if( alg == PSA_ALG_ECB_NO_PADDING )
+ if (alg == PSA_ALG_ECB_NO_PADDING) {
operation->iv_required = 0;
- else
+ } else {
operation->iv_required = 1;
- operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
+ }
+ operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
/* Try doing the operation through a driver before using software fallback. */
- if( cipher_operation == MBEDTLS_ENCRYPT )
- status = psa_driver_wrapper_cipher_encrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- else
- status = psa_driver_wrapper_cipher_decrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
+ if (cipher_operation == MBEDTLS_ENCRYPT) {
+ status = psa_driver_wrapper_cipher_encrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ } else {
+ status = psa_driver_wrapper_cipher_decrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ }
exit:
- if( status != PSA_SUCCESS )
- psa_cipher_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_cipher_abort(operation);
+ }
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) );
+ return psa_cipher_setup(operation, key, alg, MBEDTLS_ENCRYPT);
}
-psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) );
+ return psa_cipher_setup(operation, key, alg, MBEDTLS_DECRYPT);
}
-psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length )
+psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
- size_t default_iv_length;
+ size_t default_iv_length = 0;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_set || ! operation->iv_required )
- {
+ if (operation->iv_set || !operation->iv_required) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
default_iv_length = operation->default_iv_length;
- if( iv_size < default_iv_length )
- {
+ if (iv_size < default_iv_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
- status = psa_generate_random( local_iv, default_iv_length );
- if( status != PSA_SUCCESS )
+ status = psa_generate_random(local_iv, default_iv_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_driver_wrapper_cipher_set_iv( operation,
- local_iv, default_iv_length );
+ status = psa_driver_wrapper_cipher_set_iv(operation,
+ local_iv, default_iv_length);
exit:
- if( status == PSA_SUCCESS )
- {
- memcpy( iv, local_iv, default_iv_length );
+ if (status == PSA_SUCCESS) {
+ memcpy(iv, local_iv, default_iv_length);
*iv_length = default_iv_length;
operation->iv_set = 1;
- }
- else
- {
+ } else {
*iv_length = 0;
- psa_cipher_abort( operation );
+ psa_cipher_abort(operation);
}
- return( status );
+ return status;
}
-psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length )
+psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_set || ! operation->iv_required )
- {
+ if (operation->iv_set || !operation->iv_required) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_driver_wrapper_cipher_set_iv( operation,
- iv,
- iv_length );
+ status = psa_driver_wrapper_cipher_set_iv(operation,
+ iv,
+ iv_length);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->iv_set = 1;
- else
- psa_cipher_abort( operation );
- return( status );
+ } else {
+ psa_cipher_abort(operation);
+ }
+ return status;
}
-psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_required && ! operation->iv_set )
- {
+ if (operation->iv_required && !operation->iv_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_cipher_update( operation,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = psa_driver_wrapper_cipher_update(operation,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length);
exit:
- if( status != PSA_SUCCESS )
- psa_cipher_abort( operation );
+ if (status != PSA_SUCCESS) {
+ psa_cipher_abort(operation);
+ }
- return( status );
+ return status;
}
-psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->iv_required && ! operation->iv_set )
- {
+ if (operation->iv_required && !operation->iv_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_cipher_finish( operation,
- output,
- output_size,
- output_length );
+ status = psa_driver_wrapper_cipher_finish(operation,
+ output,
+ output_size,
+ output_length);
exit:
- if( status == PSA_SUCCESS )
- return( psa_cipher_abort( operation ) );
- else
- {
+ if (status == PSA_SUCCESS) {
+ return psa_cipher_abort(operation);
+ } else {
*output_length = 0;
- (void) psa_cipher_abort( operation );
+ (void) psa_cipher_abort(operation);
- return( status );
+ return status;
}
}
-psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
+psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
/* The object has (apparently) been initialized but it is not (yet)
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- psa_driver_wrapper_cipher_abort( operation );
+ psa_driver_wrapper_cipher_abort(operation);
operation->id = 0;
operation->iv_set = 0;
operation->iv_required = 0;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
+ psa_key_attributes_t attributes;
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_ENCRYPT,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_ENCRYPT,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
- if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
- {
+ default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
+ if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
- if( default_iv_length > 0 )
- {
- if( output_size < default_iv_length )
- {
+ if (default_iv_length > 0) {
+ if (output_size < default_iv_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_generate_random( local_iv, default_iv_length );
- if( status != PSA_SUCCESS )
+ status = psa_generate_random(local_iv, default_iv_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
- mbedtls_buffer_offset( output, default_iv_length ),
- output_size - default_iv_length, output_length );
+ psa_crypto_buffer_offset(output, default_iv_length),
+ output_size - default_iv_length, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ unlock_status = psa_unlock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
status = unlock_status;
+ }
- if( status == PSA_SUCCESS )
- {
- if( default_iv_length > 0 )
- memcpy( output, local_iv, default_iv_length );
+ if (status == PSA_SUCCESS) {
+ if (default_iv_length > 0) {
+ memcpy(output, local_iv, default_iv_length);
+ }
*output_length += default_iv_length;
- }
- else
+ } else {
*output_length = 0;
+ }
- return( status );
+ return status;
}
-psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ psa_key_attributes_t attributes;
- if( ! PSA_ALG_IS_CIPHER( alg ) )
- {
+ if (!PSA_ALG_IS_CIPHER(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_DECRYPT,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+ PSA_KEY_USAGE_DECRYPT,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
- {
+ if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
+ input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
- }
- else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
- {
+ } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -2708,17 +2791,19 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
- output, output_size, output_length );
+ output, output_size, output_length);
exit:
- unlock_status = psa_unlock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ unlock_status = psa_unlock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
status = unlock_status;
+ }
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
*output_length = 0;
+ }
- return( status );
+ return status;
}
@@ -2727,94 +2812,100 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
/****************************************************************/
/* Helper function to get the base algorithm from its variants. */
-static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
+static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
{
- return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
+ return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
}
/* Helper function to perform common nonce length checks. */
-static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
- size_t nonce_length )
+static psa_status_t psa_aead_check_nonce_length(psa_algorithm_t alg,
+ size_t nonce_length)
{
- psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
+ psa_algorithm_t base_alg = psa_aead_get_base_algorithm(alg);
- switch(base_alg)
- {
+ switch (base_alg) {
#if defined(PSA_WANT_ALG_GCM)
case PSA_ALG_GCM:
/* Not checking max nonce size here as GCM spec allows almost
- * arbitrarily large nonces. Please note that we do not generally
- * recommend the usage of nonces of greater length than
- * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
- * size, which can then lead to collisions if you encrypt a very
- * large number of messages.*/
- if( nonce_length != 0 )
- return( PSA_SUCCESS );
+ * arbitrarily large nonces. Please note that we do not generally
+ * recommend the usage of nonces of greater length than
+ * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+ * size, which can then lead to collisions if you encrypt a very
+ * large number of messages.*/
+ if (nonce_length != 0) {
+ return PSA_SUCCESS;
+ }
break;
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM)
case PSA_ALG_CCM:
- if( nonce_length >= 7 && nonce_length <= 13 )
- return( PSA_SUCCESS );
+ if (nonce_length >= 7 && nonce_length <= 13) {
+ return PSA_SUCCESS;
+ }
break;
#endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
case PSA_ALG_CHACHA20_POLY1305:
- if( nonce_length == 12 )
- return( PSA_SUCCESS );
- else if( nonce_length == 8 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (nonce_length == 12) {
+ return PSA_SUCCESS;
+ } else if (nonce_length == 8) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
break;
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
(void) nonce_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
-static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
+static psa_status_t psa_aead_check_algorithm(psa_algorithm_t alg)
{
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *nonce,
- size_t nonce_length,
- const uint8_t *additional_data,
- size_t additional_data_length,
- const uint8_t *plaintext,
- size_t plaintext_length,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length )
+psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
*ciphertext_length = 0;
- status = psa_aead_check_algorithm( alg );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_aead_check_algorithm(alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
psa_key_attributes_t attributes = {
- .core = slot->attr
+ .core = slot->attr
};
- status = psa_aead_check_nonce_length( alg, nonce_length );
- if( status != PSA_SUCCESS )
+ status = psa_aead_check_nonce_length(alg, nonce_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = psa_driver_wrapper_aead_encrypt(
&attributes, slot->key.data, slot->key.bytes,
@@ -2822,50 +2913,55 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length );
+ ciphertext, ciphertext_size, ciphertext_length);
- if( status != PSA_SUCCESS && ciphertext_size != 0 )
- memset( ciphertext, 0, ciphertext_size );
+ if (status != PSA_SUCCESS && ciphertext_size != 0) {
+ memset(ciphertext, 0, ciphertext_size);
+ }
exit:
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
-psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *nonce,
- size_t nonce_length,
- const uint8_t *additional_data,
- size_t additional_data_length,
- const uint8_t *ciphertext,
- size_t ciphertext_length,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length )
+psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
*plaintext_length = 0;
- status = psa_aead_check_algorithm( alg );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_aead_check_algorithm(alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
status = psa_get_and_lock_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
- if( status != PSA_SUCCESS )
- return( status );
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- status = psa_aead_check_nonce_length( alg, nonce_length );
- if( status != PSA_SUCCESS )
+ status = psa_aead_check_nonce_length(alg, nonce_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = psa_driver_wrapper_aead_decrypt(
&attributes, slot->key.data, slot->key.bytes,
@@ -2873,166 +2969,172 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length );
+ plaintext, plaintext_size, plaintext_length);
- if( status != PSA_SUCCESS && plaintext_size != 0 )
- memset( plaintext, 0, plaintext_size );
+ if (status != PSA_SUCCESS && plaintext_size != 0) {
+ memset(plaintext, 0, plaintext_size);
+ }
exit:
- psa_unlock_key_slot( slot );
+ psa_unlock_key_slot(slot);
- return( status );
+ return status;
}
-static psa_status_t psa_validate_tag_length( psa_algorithm_t alg ) {
- const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg );
+static psa_status_t psa_validate_tag_length(psa_algorithm_t alg)
+{
+ const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
- switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
- {
+ switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
#if defined(PSA_WANT_ALG_CCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/
- if( tag_len < 4 || tag_len > 16 || tag_len % 2 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (tag_len < 4 || tag_len > 16 || tag_len % 2) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_GCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */
- if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (tag_len != 4 && tag_len != 8 && (tag_len < 12 || tag_len > 16)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
/* We only support the default tag length. */
- if( tag_len != 16 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (tag_len != 16) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
break;
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
(void) tag_len;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* Set the key for a multipart authenticated operation. */
-static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
- int is_encrypt,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
+ int is_encrypt,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
+ psa_key_attributes_t attributes;
- status = psa_aead_check_algorithm( alg );
- if( status != PSA_SUCCESS )
+ status = psa_aead_check_algorithm(alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( operation->id != 0 )
- {
+ if (operation->id != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->nonce_set || operation->lengths_set ||
- operation->ad_started || operation->body_started )
- {
+ if (operation->nonce_set || operation->lengths_set ||
+ operation->ad_started || operation->body_started) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( is_encrypt )
+ if (is_encrypt) {
key_usage = PSA_KEY_USAGE_ENCRYPT;
- else
+ } else {
key_usage = PSA_KEY_USAGE_DECRYPT;
+ }
- status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage,
- alg );
- if( status != PSA_SUCCESS )
+ status = psa_get_and_lock_key_slot_with_policy(key, &slot, key_usage,
+ alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
- if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS )
+ if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
goto exit;
+ }
- if( is_encrypt )
- status = psa_driver_wrapper_aead_encrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- else
- status = psa_driver_wrapper_aead_decrypt_setup( operation,
- &attributes,
- slot->key.data,
- slot->key.bytes,
- alg );
- if( status != PSA_SUCCESS )
+ if (is_encrypt) {
+ status = psa_driver_wrapper_aead_encrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ } else {
+ status = psa_driver_wrapper_aead_decrypt_setup(operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg);
+ }
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- operation->key_type = psa_get_key_type( &attributes );
+ operation->key_type = psa_get_key_type(&attributes);
exit:
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- if( status == PSA_SUCCESS )
- {
+ if (status == PSA_SUCCESS) {
status = unlock_status;
- operation->alg = psa_aead_get_base_algorithm( alg );
+ operation->alg = psa_aead_get_base_algorithm(alg);
operation->is_encrypt = is_encrypt;
+ } else {
+ psa_aead_abort(operation);
}
- else
- psa_aead_abort( operation );
- return( status );
+ return status;
}
/* Set the key for a multipart authenticated encryption operation. */
-psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_aead_setup( operation, 1, key, alg ) );
+ return psa_aead_setup(operation, 1, key, alg);
}
/* Set the key for a multipart authenticated decryption operation. */
-psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg )
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg)
{
- return( psa_aead_setup( operation, 0, key, alg ) );
+ return psa_aead_setup(operation, 0, key, alg);
}
/* Generate a random nonce / IV for multipart AEAD operation */
-psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
- uint8_t *nonce,
- size_t nonce_size,
- size_t *nonce_length )
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
- size_t required_nonce_size;
+ size_t required_nonce_size = 0;
*nonce_length = 0;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->nonce_set || !operation->is_encrypt )
- {
+ if (operation->nonce_set || !operation->is_encrypt) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
@@ -3046,102 +3148,95 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
* However this restriction that L has to be the smallest integer is not
* applied in practice, and it is not implementable here since the
* plaintext length may or may not be known at this time. */
- required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type,
- operation->alg );
- if( nonce_size < required_nonce_size )
- {
+ required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
+ operation->alg);
+ if (nonce_size < required_nonce_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_generate_random( local_nonce, required_nonce_size );
- if( status != PSA_SUCCESS )
+ status = psa_generate_random(local_nonce, required_nonce_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
+ status = psa_aead_set_nonce(operation, local_nonce, required_nonce_size);
exit:
- if( status == PSA_SUCCESS )
- {
- memcpy( nonce, local_nonce, required_nonce_size );
+ if (status == PSA_SUCCESS) {
+ memcpy(nonce, local_nonce, required_nonce_size);
*nonce_length = required_nonce_size;
+ } else {
+ psa_aead_abort(operation);
}
- else
- psa_aead_abort( operation );
- return( status );
+ return status;
}
/* Set the nonce for a multipart authenticated encryption or decryption
operation.*/
-psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length )
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->nonce_set )
- {
+ if (operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_aead_check_nonce_length( operation->alg, nonce_length );
- if( status != PSA_SUCCESS )
- {
+ status = psa_aead_check_nonce_length(operation->alg, nonce_length);
+ if (status != PSA_SUCCESS) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
- status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
- nonce_length );
+ status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
+ nonce_length);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->nonce_set = 1;
- else
- psa_aead_abort( operation );
+ } else {
+ psa_aead_abort(operation);
+ }
- return( status );
+ return status;
}
/* Declare the lengths of the message and additional data for multipart AEAD. */
-psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length )
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->lengths_set || operation->ad_started ||
- operation->body_started )
- {
+ if (operation->lengths_set || operation->ad_started ||
+ operation->body_started) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- switch(operation->alg)
- {
+ switch (operation->alg) {
#if defined(PSA_WANT_ALG_GCM)
case PSA_ALG_GCM:
/* Lengths can only be too large for GCM if size_t is bigger than 32
- * bits. Without the guard this code will generate warnings on 32bit
- * builds. */
+ * bits. Without the guard this code will generate warnings on 32bit
+ * builds. */
#if SIZE_MAX > UINT32_MAX
- if( (( uint64_t ) ad_length ) >> 61 != 0 ||
- (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
- {
+ if (((uint64_t) ad_length) >> 61 != 0 ||
+ ((uint64_t) plaintext_length) > 0xFFFFFFFE0ull) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3150,8 +3245,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM)
case PSA_ALG_CCM:
- if( ad_length > 0xFF00 )
- {
+ if (ad_length > 0xFF00) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3166,45 +3260,40 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
break;
}
- status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
- plaintext_length );
+ status = psa_driver_wrapper_aead_set_lengths(operation, ad_length,
+ plaintext_length);
exit:
- if( status == PSA_SUCCESS )
- {
+ if (status == PSA_SUCCESS) {
operation->ad_remaining = ad_length;
operation->body_remaining = plaintext_length;
operation->lengths_set = 1;
+ } else {
+ psa_aead_abort(operation);
}
- else
- psa_aead_abort( operation );
- return( status );
+ return status;
}
/* Pass additional data to an active multipart AEAD operation. */
-psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length )
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( !operation->nonce_set || operation->body_started )
- {
+ if (!operation->nonce_set || operation->body_started) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->lengths_set )
- {
- if( operation->ad_remaining < input_length )
- {
+ if (operation->lengths_set) {
+ if (operation->ad_remaining < input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3212,63 +3301,58 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
operation->ad_remaining -= input_length;
}
#if defined(PSA_WANT_ALG_CCM)
- else if( operation->alg == PSA_ALG_CCM )
- {
+ else if (operation->alg == PSA_ALG_CCM) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
#endif /* PSA_WANT_ALG_CCM */
- status = psa_driver_wrapper_aead_update_ad( operation, input,
- input_length );
+ status = psa_driver_wrapper_aead_update_ad(operation, input,
+ input_length);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->ad_started = 1;
- else
- psa_aead_abort( operation );
+ } else {
+ psa_aead_abort(operation);
+ }
- return( status );
+ return status;
}
/* Encrypt or decrypt a message fragment in an active multipart AEAD
operation.*/
-psa_status_t psa_aead_update( psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*output_length = 0;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( !operation->nonce_set )
- {
+ if (!operation->nonce_set) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- if( operation->lengths_set )
- {
+ if (operation->lengths_set) {
/* Additional data length was supplied, but not all the additional
data was supplied.*/
- if( operation->ad_remaining != 0 )
- {
+ if (operation->ad_remaining != 0) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Too much data provided. */
- if( operation->body_remaining < input_length )
- {
+ if (operation->body_remaining < input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -3276,138 +3360,135 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
operation->body_remaining -= input_length;
}
#if defined(PSA_WANT_ALG_CCM)
- else if( operation->alg == PSA_ALG_CCM )
- {
+ else if (operation->alg == PSA_ALG_CCM) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
#endif /* PSA_WANT_ALG_CCM */
- status = psa_driver_wrapper_aead_update( operation, input, input_length,
- output, output_size,
- output_length );
+ status = psa_driver_wrapper_aead_update(operation, input, input_length,
+ output, output_size,
+ output_length);
exit:
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
operation->body_started = 1;
- else
- psa_aead_abort( operation );
+ } else {
+ psa_aead_abort(operation);
+ }
- return( status );
+ return status;
}
-static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation )
+static psa_status_t psa_aead_final_checks(const psa_aead_operation_t *operation)
{
- if( operation->id == 0 || !operation->nonce_set )
- return( PSA_ERROR_BAD_STATE );
+ if (operation->id == 0 || !operation->nonce_set) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if( operation->lengths_set && ( operation->ad_remaining != 0 ||
- operation->body_remaining != 0 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (operation->lengths_set && (operation->ad_remaining != 0 ||
+ operation->body_remaining != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/* Finish encrypting a message in a multipart AEAD operation. */
-psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length )
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*ciphertext_length = 0;
*tag_length = tag_size;
- status = psa_aead_final_checks( operation );
- if( status != PSA_SUCCESS )
+ status = psa_aead_final_checks(operation);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( !operation->is_encrypt )
- {
+ if (!operation->is_encrypt) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_aead_finish( operation, ciphertext,
- ciphertext_size,
- ciphertext_length,
- tag, tag_size, tag_length );
+ status = psa_driver_wrapper_aead_finish(operation, ciphertext,
+ ciphertext_size,
+ ciphertext_length,
+ tag, tag_size, tag_length);
exit:
+
+
/* In case the operation fails and the user fails to check for failure or
* the zero tag size, make sure the tag is set to something implausible.
* Even if the operation succeeds, make sure we clear the rest of the
* buffer to prevent potential leakage of anything previously placed in
* the same buffer.*/
- if( tag != NULL )
- {
- if( status != PSA_SUCCESS )
- memset( tag, '!', tag_size );
- else if( *tag_length < tag_size )
- memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
- }
+ psa_wipe_tag_output_buffer(tag, status, tag_size, *tag_length);
- psa_aead_abort( operation );
+ psa_aead_abort(operation);
- return( status );
+ return status;
}
/* Finish authenticating and decrypting a message in a multipart AEAD
operation.*/
-psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length )
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*plaintext_length = 0;
- status = psa_aead_final_checks( operation );
- if( status != PSA_SUCCESS )
+ status = psa_aead_final_checks(operation);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- if( operation->is_encrypt )
- {
+ if (operation->is_encrypt) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
- status = psa_driver_wrapper_aead_verify( operation, plaintext,
- plaintext_size,
- plaintext_length,
- tag, tag_length );
+ status = psa_driver_wrapper_aead_verify(operation, plaintext,
+ plaintext_size,
+ plaintext_length,
+ tag, tag_length);
exit:
- psa_aead_abort( operation );
+ psa_aead_abort(operation);
- return( status );
+ return status;
}
/* Abort an AEAD operation. */
-psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->id == 0 )
- {
+ if (operation->id == 0) {
/* The object has (apparently) been initialized but it is not (yet)
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
- status = psa_driver_wrapper_aead_abort( operation );
+ status = psa_driver_wrapper_aead_abort(operation);
- memset( operation, 0, sizeof( *operation ) );
+ memset(operation, 0, sizeof(*operation));
- return( status );
+ return status;
}
/****************************************************************/
@@ -3419,38 +3500,39 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
#define HKDF_STATE_KEYED 2 /* got key */
#define HKDF_STATE_OUTPUT 3 /* output started */
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
+psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
psa_status_t status = PSA_SUCCESS;
if (operation->alg != 0) {
status = psa_driver_wrapper_key_derivation_abort(operation);
}
- mbedtls_platform_zeroize( operation, sizeof( *operation ) );
- return( status );
+ mbedtls_platform_zeroize(operation, sizeof(*operation));
+ return status;
}
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
- size_t *capacity)
+ size_t *capacity)
{
- if( operation->alg == 0 )
- {
+ if (operation->alg == 0) {
/* This is a blank key derivation operation. */
- return( PSA_ERROR_BAD_STATE );
+ return PSA_ERROR_BAD_STATE;
}
*capacity = operation->capacity;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
- size_t capacity )
+psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
+ size_t capacity)
{
- if( operation->alg == 0 )
- return( PSA_ERROR_BAD_STATE );
- if( capacity > operation->capacity )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (operation->alg == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
+ if (capacity > operation->capacity) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
operation->capacity = capacity;
- return( PSA_SUCCESS );
+ return psa_driver_wrapper_key_derivation_set_capacity(operation, capacity);
}
#define PSA_KEY_DERIVATION_OUTPUT -1 // used as step below
@@ -3484,7 +3566,7 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_HKDF */
@@ -3505,7 +3587,7 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
@@ -3526,7 +3608,7 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
@@ -3556,7 +3638,7 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_TLS12_PRF || PSA_WANT_ALG_TLS12_PSK_TO_MS */
@@ -3587,7 +3669,7 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_PBKDF2_HMAC || PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
@@ -3604,11 +3686,42 @@ static psa_status_t psa_key_derivation_check_state(
operation->no_input = 1;
break;
default:
- return(PSA_ERROR_INVALID_ARGUMENT);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+#if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) || defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC)
+#if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) && defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC)
+ if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg) || alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
+#elif defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC)
+ if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg)) {
+#elif defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC)
+ if (alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
+#endif
+ switch (step) {
+ case PSA_KEY_DERIVATION_INPUT_SECRET:
+ if (operation->secret_set) return PSA_ERROR_BAD_STATE;
+ operation->secret_set = 1;
+ break;
+ case PSA_KEY_DERIVATION_INPUT_LABEL:
+ if (!operation->secret_set || operation->label_set || operation->context_set) return PSA_ERROR_BAD_STATE;
+ operation->label_set = 1;
+ break;
+ case PSA_KEY_DERIVATION_INPUT_CONTEXT:
+ if (!operation->secret_set || operation->context_set) return PSA_ERROR_BAD_STATE;
+ operation->context_set = 1;
+ break;
+ case PSA_KEY_DERIVATION_OUTPUT:
+ if (!operation->secret_set) return PSA_ERROR_BAD_STATE;
+ operation->no_input = 1;
+ break;
+ default:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else
+#endif /* PSA_WANT_ALG_SP800_108_COUNTER_HMAC || PSA_WANT_ALG_SP800_108_COUNTER_CMAC */
+
{
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -3616,19 +3729,18 @@ static psa_status_t psa_key_derivation_check_state(
return PSA_SUCCESS;
}
-psa_status_t psa_key_derivation_output_bytes(
+psa_status_t psa_key_derivation_output_bytes_internal(
psa_key_derivation_operation_t *operation,
uint8_t *output,
- size_t output_length )
+ size_t output_length)
{
psa_status_t status;
- status = psa_key_derivation_check_state(operation, PSA_KEY_DERIVATION_OUTPUT);
- if (status != PSA_SUCCESS) goto exit;
-
if (output_length <= operation->capacity && operation->capacity > 0) {
status = psa_driver_wrapper_key_derivation_output_bytes(operation, output, output_length);
operation->capacity -= output_length;
+ if (status == PSA_SUCCESS) return PSA_SUCCESS;
+ psa_key_derivation_abort(operation);
} else {
// Not enough capacity:
// We have to return PSA_ERROR_INSUFFICIENT_DATA and enter a special
@@ -3640,75 +3752,85 @@ psa_status_t psa_key_derivation_output_bytes(
status = PSA_ERROR_INSUFFICIENT_DATA;
}
-exit:
- if( status != PSA_SUCCESS )
- {
- /* Preserve the algorithm upon errors, but clear all sensitive state.
- * This allows us to differentiate between exhausted operations and
- * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
- * operations. */
- if (status != PSA_ERROR_INSUFFICIENT_DATA) {
- psa_key_derivation_abort(operation);
- }
- memset( output, '!', output_length );
+ memset(output, '!', output_length);
+ return status;
+}
+
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output,
+ size_t output_length)
+{
+ psa_status_t status;
+
+ status = psa_key_derivation_check_state(operation, PSA_KEY_DERIVATION_OUTPUT);
+ if (status != PSA_SUCCESS) return status;
+
+ if (operation->no_output) {
+ return PSA_ERROR_NOT_PERMITTED;
}
- return( status );
+
+ return psa_key_derivation_output_bytes_internal(operation, output, output_length);
}
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
- psa_key_derivation_operation_t *operation )
+ psa_key_derivation_operation_t *operation)
{
uint8_t *data = NULL;
- size_t bytes = PSA_BITS_TO_BYTES( bits );
+ size_t bytes = PSA_BITS_TO_BYTES(bits);
size_t storage_size = bytes;
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_ecc_family_t curve = 0;
int calculate_key = 0;
- if (PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type))
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
+ }
if (key_type_is_raw_bytes(slot->attr.type)) {
if (bits % 8 != 0) return PSA_ERROR_INVALID_ARGUMENT;
-#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
} else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(slot->attr.type)) {
curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type);
if (PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) {
/* Weierstrass elliptic curve */
calculate_key = 1;
}
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
} else {
+ (void)curve;
return PSA_ERROR_NOT_SUPPORTED;
}
- data = mbedtls_calloc( 1, bytes );
- if( data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
+ data = mbedtls_calloc(1, bytes);
+ if (data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
- .core = slot->attr
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
};
- if( psa_key_lifetime_is_external( attributes.core.lifetime ) )
- {
- status = psa_driver_wrapper_get_key_buffer_size( &attributes,
- &storage_size );
- if( status != PSA_SUCCESS )
+ if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
+ status = psa_driver_wrapper_get_key_buffer_size(&attributes,
+ &storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_allocate_buffer_to_slot( slot, storage_size );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(slot, storage_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
do {
- status = psa_key_derivation_output_bytes(operation, data, bytes);
+ status = psa_key_derivation_output_bytes_internal(operation, data, bytes);
if (status != PSA_SUCCESS) goto exit;
-#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
if (calculate_key) {
uint32_t c;
size_t i;
@@ -3720,7 +3842,11 @@ static psa_status_t psa_generate_derived_key_internal(
case 256:
case 384: break;
case 521: data[0] &= 0x01; break; // truncate to 521 bits
- default: return PSA_ERROR_INVALID_ARGUMENT;
+ default:
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
}
// increment data (to be compatible with PSA API spec)
@@ -3731,7 +3857,7 @@ static psa_status_t psa_generate_derived_key_internal(
c >>= 8;
} while (i > 0);
}
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
status = psa_driver_wrapper_import_key(
&attributes,
@@ -3740,17 +3866,18 @@ static psa_status_t psa_generate_derived_key_internal(
&bits);
} while (status == PSA_ERROR_INVALID_ARGUMENT && calculate_key);
- if( bits != slot->attr.bits )
+ if (bits != slot->attr.bits) {
status = PSA_ERROR_INVALID_ARGUMENT;
+ }
exit:
- mbedtls_free( data );
- return( status );
+ mbedtls_zeroize_and_free(data, bytes);
+ return status;
}
-psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -3760,29 +3887,101 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
- if( psa_get_key_bits( attributes ) == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (psa_get_key_bits(attributes) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( operation->alg == PSA_ALG_NONE )
- return( PSA_ERROR_BAD_STATE );
+ status = psa_key_derivation_check_state(operation, PSA_KEY_DERIVATION_OUTPUT);
+ if (status != PSA_SUCCESS) return status;
- if( ! operation->can_output_key )
- return( PSA_ERROR_NOT_PERMITTED );
+ if (operation->no_output || !operation->can_output_key) {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
- &slot, &driver );
- if( status == PSA_SUCCESS )
- {
- status = psa_generate_derived_key_internal( slot,
- attributes->core.bits,
- operation );
+ status = psa_start_key_creation(PSA_KEY_CREATION_DERIVE, attributes,
+ &slot, &driver);
+ if (status == PSA_SUCCESS) {
+ status = psa_generate_derived_key_internal(slot,
+ attributes->core.bits,
+ operation);
+ }
+ if (status == PSA_SUCCESS) {
+ status = psa_finish_key_creation(slot, driver, key);
+ }
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
+
+ return status;
+}
+
+psa_status_t psa_key_derivation_verify_bytes(
+ psa_key_derivation_operation_t *operation,
+ const uint8_t *expected_output,
+ size_t output_length)
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t buffer[256];
+ size_t length;
+ int diff = 0;
+
+ status = psa_key_derivation_check_state(operation, PSA_KEY_DERIVATION_OUTPUT);
+ if (status != PSA_SUCCESS) goto exit;
+
+ if (operation->no_verify) {
+ status = PSA_ERROR_NOT_PERMITTED;
+ goto exit;
+ }
+
+ length = sizeof buffer;
+ while (output_length) {
+ if (output_length < length) length = output_length;
+ status = psa_key_derivation_output_bytes_internal(operation, buffer, length);
+ if (status != PSA_SUCCESS) return status;
+ diff |= mbedtls_ct_memcmp(buffer, expected_output, length);
+ expected_output += length;
+ output_length -= length;
+ }
+ if (diff) return PSA_ERROR_INVALID_SIGNATURE;
+ return PSA_SUCCESS;
+
+exit:
+ psa_key_derivation_abort(operation);
+ return status;
+}
+
+psa_status_t psa_key_derivation_verify_key(
+ psa_key_derivation_operation_t *operation,
+ mbedtls_svc_key_id_t expected)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot = NULL;
+
+ status = psa_get_and_lock_transparent_key_slot_with_policy(
+ expected, &slot, PSA_KEY_USAGE_VERIFY_DERIVATION, operation->alg);
+ if (status != PSA_SUCCESS) goto exit;
+
+ if (slot->attr.type != PSA_KEY_TYPE_PASSWORD_HASH) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if (operation->no_verify) {
+ status = PSA_ERROR_NOT_PERMITTED;
+ goto exit;
}
- if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver, key );
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
- return( status );
+ status = psa_key_derivation_verify_bytes(
+ operation, slot->key.data, slot->key.bytes);
+
+ unlock_status = psa_unlock_key_slot(slot);
+ return (status == PSA_SUCCESS) ? unlock_status : status;
+
+exit:
+ psa_unlock_key_slot(slot);
+ psa_key_derivation_abort(operation);
+ return status;
}
@@ -3795,10 +3994,13 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
psa_status_t status;
psa_algorithm_t kdf_alg = alg;
- if (operation->alg != 0) return PSA_ERROR_BAD_STATE;
- if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) return PSA_ERROR_INVALID_ARGUMENT;
+ if (operation->alg != 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
- if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+ if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
} else if (!PSA_ALG_IS_KEY_DERIVATION(alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -3821,6 +4023,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
operation->capacity = PSA_HASH_LENGTH(kdf_alg);
} else if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
operation->capacity = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE;
+ } else if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(kdf_alg) || kdf_alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
+ operation->capacity = 0x1fffffff;
} else {
operation->capacity = PSA_KEY_DERIVATION_UNLIMITED_CAPACITY;
}
@@ -3839,36 +4043,42 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
*/
static int psa_key_derivation_check_input_type(
psa_key_derivation_step_t step,
- psa_key_type_t key_type )
+ psa_key_type_t key_type)
{
- switch( step )
- {
+ switch (step) {
case PSA_KEY_DERIVATION_INPUT_PASSWORD:
- if( key_type == PSA_KEY_TYPE_PASSWORD )
- return( PSA_SUCCESS );
+ if (key_type == PSA_KEY_TYPE_PASSWORD) {
+ return PSA_SUCCESS;
+ }
// fall through
case PSA_KEY_DERIVATION_INPUT_SECRET:
case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
- if( key_type == PSA_KEY_TYPE_DERIVE )
- return( PSA_SUCCESS );
- if( key_type == PSA_KEY_TYPE_NONE )
- return( PSA_SUCCESS );
+ if (key_type == PSA_KEY_TYPE_DERIVE) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_NONE) {
+ return PSA_SUCCESS;
+ }
break;
case PSA_KEY_DERIVATION_INPUT_SALT:
- if( key_type == PSA_KEY_TYPE_PEPPER )
- return( PSA_SUCCESS );
+ if (key_type == PSA_KEY_TYPE_PEPPER) {
+ return PSA_SUCCESS;
+ }
// fall through
case PSA_KEY_DERIVATION_INPUT_LABEL:
case PSA_KEY_DERIVATION_INPUT_INFO:
case PSA_KEY_DERIVATION_INPUT_SEED:
case PSA_KEY_DERIVATION_INPUT_COST:
- if( key_type == PSA_KEY_TYPE_RAW_DATA )
- return( PSA_SUCCESS );
- if( key_type == PSA_KEY_TYPE_NONE )
- return( PSA_SUCCESS );
+ case PSA_KEY_DERIVATION_INPUT_CONTEXT:
+ if (key_type == PSA_KEY_TYPE_RAW_DATA) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_NONE) {
+ return PSA_SUCCESS;
+ }
break;
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ return PSA_ERROR_INVALID_ARGUMENT;
}
static psa_status_t psa_key_derivation_input_internal(
@@ -3876,15 +4086,16 @@ static psa_status_t psa_key_derivation_input_internal(
psa_key_derivation_step_t step,
psa_key_type_t key_type,
const uint8_t *data,
- size_t data_length )
+ size_t data_length)
{
psa_status_t status;
status = psa_key_derivation_check_state(operation, step);
if (status != PSA_SUCCESS) goto exit;
- status = psa_key_derivation_check_input_type( step, key_type );
- if( status != PSA_SUCCESS )
+ status = psa_key_derivation_check_input_type(step, key_type);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = psa_driver_wrapper_key_derivation_input_bytes(operation, step, data, data_length);
if (status != PSA_SUCCESS) goto exit;
@@ -3893,72 +4104,101 @@ static psa_status_t psa_key_derivation_input_internal(
exit:
psa_key_derivation_abort(operation);
- return( status );
-}
-
-psa_status_t psa_key_derivation_input_bytes(
- psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- const uint8_t *data,
- size_t data_length )
-{
- return( psa_key_derivation_input_internal( operation, step,
- PSA_KEY_TYPE_NONE,
- data, data_length ) );
+ return status;
+}
+
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
+{
+ return psa_key_derivation_input_internal(operation, step,
+ PSA_KEY_TYPE_NONE,
+ data, data_length);
+}
+
+psa_status_t psa_key_derivation_input_integer(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ uint64_t value)
+{
+ psa_status_t status;
+ status = psa_key_derivation_check_state(operation, step);
+ if (status != PSA_SUCCESS) goto exit;
+
+ status = psa_key_derivation_check_input_type(step, PSA_KEY_TYPE_NONE);
+ if (status != PSA_SUCCESS) goto exit;
+
+ if (PSA_ALG_IS_PBKDF2(operation->alg)) {
+ if (value == 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ if (value > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ }
+
+ status = psa_driver_wrapper_key_derivation_input_integer(operation, step, value);
+ if (status != PSA_SUCCESS) goto exit;
+
+ return PSA_SUCCESS;
+
+exit:
+ psa_key_derivation_abort(operation);
+ return status;
}
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
+ psa_key_slot_t *slot = NULL;
status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( operation );
- return( status );
+ key, &slot, 0, operation->alg);
+ if (status != PSA_SUCCESS) goto exit;
+
+ /* check usage, PSA_KEY_USAGE_DERIVE or PSA_KEY_USAGE_VERIFY_DERIVATION */
+ if ((slot->attr.policy.usage & PSA_KEY_USAGE_DERIVE) != 0) {
+ if ((slot->attr.policy.usage & PSA_KEY_USAGE_VERIFY_DERIVATION) == 0) {
+ operation->no_verify = 1;
+ }
+ } else {
+ operation->no_output = 1;
+ if ((slot->attr.policy.usage & PSA_KEY_USAGE_VERIFY_DERIVATION) == 0) {
+ status = PSA_ERROR_NOT_PERMITTED;
+ goto exit;
+ }
}
- /* Passing a key object as a SECRET input unlocks the permission
- * to output to a key object. */
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET || step == PSA_KEY_DERIVATION_INPUT_PASSWORD )
+ /* Passing a key object as a SECRET or PASSWORD input unlocks the
+ * permission to output to a key object. */
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET ||
+ step == PSA_KEY_DERIVATION_INPUT_PASSWORD) {
operation->can_output_key = 1;
+ }
- status = psa_key_derivation_input_internal( operation,
- step, slot->attr.type,
- slot->key.data,
- slot->key.bytes );
-
- unlock_status = psa_unlock_key_slot( slot );
-
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_key_derivation_input_integer(
- psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- uint64_t value)
-{
- psa_status_t status;
- status = psa_key_derivation_check_state(operation, step);
- if (status != PSA_SUCCESS) goto exit;
-
- status = psa_key_derivation_check_input_type(step, PSA_KEY_TYPE_NONE);
- if (status != PSA_SUCCESS) goto exit;
+ status = psa_key_derivation_input_internal(operation,
+ step, slot->attr.type,
+ slot->key.data,
+ slot->key.bytes);
- status = psa_driver_wrapper_key_derivation_input_integer(operation, step, value);
- if (status != PSA_SUCCESS) goto exit;
+exit:
+ unlock_status = psa_unlock_key_slot(slot);
- return PSA_SUCCESS;
+ if (status == PSA_SUCCESS) {
+ status = unlock_status;
+ } else {
+ psa_key_derivation_abort(operation);
+ }
-exit:
- psa_key_derivation_abort(operation);
- return( status );
+ return status;
}
@@ -3971,16 +4211,16 @@ psa_status_t psa_key_derivation_input_integer(
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- psa_key_slot_t *private_key,
- const uint8_t *peer_key,
- size_t peer_key_length )
+static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_slot_t *private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
psa_status_t status;
uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
size_t shared_secret_length = 0;
- psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
/* Step 1: run the secret agreement algorithm to generate the shared
* secret. */
@@ -3993,78 +4233,82 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
ka_alg,
peer_key, peer_key_length,
shared_secret, sizeof(shared_secret), &shared_secret_length);
- if( status != PSA_SUCCESS )
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Step 2: set up the key derivation to generate key material from
* the shared secret. A shared secret is permitted wherever a key
* of type DERIVE is permitted. */
- status = psa_key_derivation_input_internal( operation, step,
- PSA_KEY_TYPE_DERIVE,
- shared_secret,
- shared_secret_length );
+ status = psa_key_derivation_input_internal(operation, step,
+ PSA_KEY_TYPE_DERIVE,
+ shared_secret,
+ shared_secret_length);
exit:
- mbedtls_platform_zeroize( shared_secret, shared_secret_length );
- return( status );
+ mbedtls_platform_zeroize(shared_secret, shared_secret_length);
+ return status;
}
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
- psa_key_derivation_step_t step,
- mbedtls_svc_key_id_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length )
+psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_get_and_lock_transparent_key_slot_with_policy(
- private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_key_agreement_internal( operation, step,
- slot,
- peer_key, peer_key_length );
- if( status != PSA_SUCCESS )
- psa_key_derivation_abort( operation );
- else
- {
+ private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_key_agreement_internal(operation, step,
+ slot,
+ peer_key, peer_key_length);
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(operation);
+ } else {
/* If a private key has been added as SECRET, we allow the derived
* key material to be used as a key in PSA Crypto. */
- if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
operation->can_output_key = 1;
+ }
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
-psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
- mbedtls_svc_key_id_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ psa_key_attributes_t attributes;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- {
+ if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_get_and_lock_transparent_key_slot_with_policy(
- private_key, &slot, PSA_KEY_USAGE_DERIVE, alg );
- if( status != PSA_SUCCESS )
+ private_key, &slot, PSA_KEY_USAGE_DERIVE, alg);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4075,8 +4319,7 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
output, output_size, output_length);
exit:
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* If an error happens and is not handled properly, the output
* may be used as a key to protect sensitive data. Arrange for such
* a key to be random, which is likely to result in decryption or
@@ -4084,13 +4327,13 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
* some constant data such as zeros, which would result in the data
* being protected with a reproducible, easily knowable key.
*/
- psa_generate_random( output, output_size );
+ psa_generate_random(output, output_size);
*output_length = output_size;
}
- unlock_status = psa_unlock_key_slot( slot );
+ unlock_status = psa_unlock_key_slot(slot);
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+ return (status == PSA_SUCCESS) ? unlock_status : status;
}
@@ -4101,8 +4344,6 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite)
{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
if (operation->alg) {
return PSA_ERROR_BAD_STATE;
}
@@ -4110,18 +4351,15 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
if (!PSA_ALG_IS_PAKE(cipher_suite->algorithm) ||
!PSA_ALG_IS_HASH(cipher_suite->hash) ||
(cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
- cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH)) {
+ cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- status = psa_driver_wrapper_pake_setup(operation, cipher_suite);
-
- if (status == PSA_SUCCESS) {
- operation->alg = cipher_suite->algorithm;
- operation->sequence = 0;
- }
+ operation->alg = cipher_suite->algorithm;
+ operation->sequence = 0;
+ operation->inputs.cipher_suite = *cipher_suite;
- return status;
+ return PSA_SUCCESS;
}
psa_status_t psa_pake_set_role(psa_pake_operation_t *operation,
@@ -4130,18 +4368,33 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->alg == 0 || operation->role_set || operation->started) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
- status = psa_driver_wrapper_pake_set_role(operation, role);
+ switch (operation->alg) {
+#ifdef PSA_WANT_ALG_JPAKE
+ case PSA_ALG_JPAKE:
+ if (role > PSA_PAKE_ROLE_SECOND) return PSA_ERROR_INVALID_ARGUMENT;
+ break;
+#endif
+#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6)
+ case PSA_ALG_SPAKE2P:
+ case PSA_ALG_SRP_6:
+ if (role == PSA_PAKE_ROLE_SERVER) operation->is_second = 1;
+ else if (role != PSA_PAKE_ROLE_CLIENT) return PSA_ERROR_INVALID_ARGUMENT;
+ break;
+#endif
+ default:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if (role == PSA_PAKE_ROLE_SERVER) operation->is_second = 1;
+ operation->inputs.role = role;
operation->role_set = 1;
+ return PSA_SUCCESS;
- if (status != PSA_SUCCESS) {
- psa_pake_abort(operation);
- }
-
+exit:
+ psa_pake_abort(operation);
return status;
}
@@ -4152,30 +4405,48 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->alg == 0 || operation->user_set || operation->started) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
-
#ifdef PSA_WANT_ALG_SPAKE2P
if (operation->alg == PSA_ALG_SPAKE2P) {
- if (!operation->role_set || (operation->is_second && !operation->peer_set)) {
- return PSA_ERROR_BAD_STATE;
+ if (user_id == NULL && user_id_len != 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
}
- if (user_id == NULL && user_id_len != 0) return PSA_ERROR_INVALID_ARGUMENT;
} else
#endif
{
- if (user_id == NULL || user_id_len == 0) return PSA_ERROR_INVALID_ARGUMENT;
+ if (user_id == NULL || user_id_len == 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
}
- status = psa_driver_wrapper_pake_set_user(operation, user_id, user_id_len);
+#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6)
+ if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) {
+ if (!operation->role_set) {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
+ }
+#endif
+ if(user_id_len != 0) {
+ operation->inputs.user = mbedtls_calloc(1, user_id_len);
+ if (operation->inputs.user == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto exit;
+ }
+ memcpy(operation->inputs.user, user_id, user_id_len);
+ }
+ operation->inputs.user_len = user_id_len;
operation->user_set = 1;
+ return PSA_SUCCESS;
- if (status != PSA_SUCCESS) {
- psa_pake_abort(operation);
- }
-
+exit:
+ psa_pake_abort(operation);
return status;
}
@@ -4186,67 +4457,96 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->alg == 0 || operation->peer_set || operation->started) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
#ifdef PSA_WANT_ALG_SPAKE2P
if (operation->alg == PSA_ALG_SPAKE2P) {
- if (!operation->role_set || (!operation->is_second && !operation->user_set)) {
- return PSA_ERROR_BAD_STATE;
+ if (peer_id == NULL && peer_id_len != 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
}
- if (peer_id == NULL && peer_id_len != 0) return PSA_ERROR_INVALID_ARGUMENT;
} else
#endif
{
- if (peer_id == NULL || peer_id_len == 0) return PSA_ERROR_INVALID_ARGUMENT;
+ if (peer_id == NULL || peer_id_len == 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
}
- status = psa_driver_wrapper_pake_set_peer(operation, peer_id, peer_id_len);
+#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6)
+ if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) {
+ if (!operation->role_set) {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
+ }
+#endif
- operation->peer_set = 1;
+ if(peer_id_len != 0) {
+ operation->inputs.peer = mbedtls_calloc(1, peer_id_len);
+ if (operation->inputs.peer == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto exit;
+ }
+ memcpy(operation->inputs.peer, peer_id, peer_id_len);
+ }
- if (status != PSA_SUCCESS) {
- psa_pake_abort(operation);
- }
+ operation->inputs.peer_len = peer_id_len;
+ operation->peer_set = 1;
+ return PSA_SUCCESS;
+exit:
+ psa_pake_abort(operation);
return status;
}
psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
- mbedtls_svc_key_id_t password)
+ mbedtls_svc_key_id_t password)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t attributes;
psa_key_type_t type;
if (operation->alg == 0 || operation->passw_set || operation->started) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
#ifdef PSA_WANT_ALG_SPAKE2P
if (operation->alg == PSA_ALG_SPAKE2P &&
(!operation->role_set || !operation->user_set || !operation->peer_set)) {
- return PSA_ERROR_BAD_STATE;
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
#endif
- status = psa_get_key_attributes(password, &attributes);
- if (status != PSA_SUCCESS) return status;
-
- type = psa_get_key_type( &attributes );
- if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) return PSA_ERROR_INVALID_ARGUMENT;
-
status = psa_get_and_lock_key_slot_with_policy(
password, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
- if (status != PSA_SUCCESS)
- goto exit;
+ if (status != PSA_SUCCESS) goto exit;
- status = psa_driver_wrapper_pake_set_password_key(
- operation,
- &attributes, slot->key.data, slot->key.bytes);
+ attributes = (psa_key_attributes_t) {
+ .core = slot->attr
+ };
+
+ type = psa_get_key_type( &attributes );
+ if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ operation->inputs.password = mbedtls_calloc(1, slot->key.bytes);
+ if (operation->inputs.password == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto exit;
+ }
+ memcpy(operation->inputs.password, slot->key.data, slot->key.bytes);
+ operation->inputs.password_len = slot->key.bytes;
+ operation->inputs.attributes = attributes;
operation->passw_set = 1;
exit:
@@ -4274,13 +4574,13 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
*/
static psa_status_t psa_check_jpake_sequence(psa_pake_operation_t *operation,
- psa_pake_step_t step,
- unsigned int first)
+ psa_pake_step_t step,
+ unsigned int first)
{
if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { // ???
return PSA_ERROR_INVALID_ARGUMENT;
}
-
+
switch (operation->sequence / 3) {
case 0:
case 1:
@@ -4392,6 +4692,30 @@ static psa_status_t psa_check_srp_sequence(psa_pake_operation_t *operation,
}
#endif
+psa_status_t psa_pake_start_input_output(psa_pake_operation_t *operation)
+{
+ psa_status_t status;
+ psa_crypto_driver_pake_inputs_t *inputs = &operation->inputs;
+
+ status = psa_driver_wrapper_pake_setup(
+ operation,
+ &inputs->cipher_suite,
+ &inputs->attributes,
+ inputs->password, inputs->password_len,
+ inputs->user, inputs->user_len,
+ inputs->peer, inputs->peer_len,
+ inputs->role);
+ mbedtls_zeroize_and_free(inputs->password, inputs->password_len);
+ mbedtls_free(inputs->user);
+ mbedtls_free(inputs->peer);
+ if (status != PSA_SUCCESS) {
+ psa_pake_abort(operation);
+ return status;
+ }
+ operation->started = 1;
+ return PSA_SUCCESS;
+}
+
psa_status_t psa_pake_output(psa_pake_operation_t *operation,
psa_pake_step_t step,
uint8_t *output,
@@ -4432,7 +4756,10 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED;
}
- if (operation->sequence == 0) operation->started = 1;
+ if (operation->started == 0) {
+ status = psa_pake_start_input_output(operation);
+ if (status) return status;
+ }
operation->sequence++;
status = psa_driver_wrapper_pake_output(
@@ -4490,13 +4817,11 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED;
}
-#ifdef PSA_WANT_ALG_JPAKE
- if (operation->alg == PSA_ALG_JPAKE && (operation->sequence == 0 || operation->sequence == 12)) {
- operation->is_second = 1;
+ if (operation->started == 0) {
+ status = psa_pake_start_input_output(operation);
+ if (status) return status;
}
-#endif
- if (operation->sequence == 0) operation->started = 1;
#ifdef PSA_WANT_ALG_SPAKE2P
if (step != PSA_PAKE_STEP_CONTEXT) {
#endif
@@ -4556,16 +4881,15 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->alg == 0 )
- {
- return( PSA_SUCCESS );
+ if (operation->alg == 0) {
+ return PSA_SUCCESS;
}
- status = psa_driver_wrapper_pake_abort( operation );
+ status = psa_driver_wrapper_pake_abort(operation);
- memset( operation, 0, sizeof( *operation ) );
+ memset(operation, 0, sizeof(*operation));
- return( status );
+ return status;
}
@@ -4595,9 +4919,9 @@ psa_status_t psa_generate_random(uint8_t *output,
* classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
* as a constant function pointer to `mbedtls_xxx_drbg_random`.
*/
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size )
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size)
{
/* This function takes a pointer to the RNG state because that's what
* classic mbedtls functions using an RNG expect. The PSA RNG manages
@@ -4605,28 +4929,31 @@ int mbedtls_psa_get_random( void *p_rng,
* So we just ignore the state parameter, and in practice we'll pass
* NULL. */
(void) p_rng;
- psa_status_t status = psa_generate_random( output, output_size );
- if( status == PSA_SUCCESS )
- return( 0 );
- else
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ psa_status_t status = psa_generate_random(output, output_size);
+ if (status == PSA_SUCCESS) {
+ return 0;
+ } else {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
}
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include "entropy_poll.h"
-psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
- size_t seed_size )
+psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
+ size_t seed_size)
{
- if( global_data.initialized )
- return( PSA_ERROR_NOT_PERMITTED );
+ if (global_data.initialized) {
+ return PSA_ERROR_NOT_PERMITTED;
+ }
- if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
- ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
- ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (((seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM) ||
+ (seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE)) ||
+ (seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
+ return mbedtls_psa_storage_inject_entropy(seed, seed_size);
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
@@ -4644,76 +4971,75 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
* the two is not supported.
*/
static psa_status_t psa_validate_key_type_and_size_for_key_generation(
- psa_key_type_t type, size_t bits )
+ psa_key_type_t type, size_t bits)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( key_type_is_raw_bytes( type ) )
- {
- status = psa_validate_unstructured_key_bit_size( type, bits );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
- if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- {
- if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (key_type_is_raw_bytes(type)) {
+ status = psa_validate_unstructured_key_bit_size(type, bits);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ } else
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+ if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Accept only byte-aligned keys, for the same reasons as
* in psa_import_rsa_key(). */
- if( bits % 8 != 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- else
-#endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) */
+ if (bits % 8 != 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ } else
+#endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) */
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
- if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
- {
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+ if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
/* To avoid empty block, return successfully here. */
- return( PSA_SUCCESS );
- }
- else
-#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
+ return PSA_SUCCESS;
+ } else
+#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) */
{
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_generate_key_internal(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->core.type;
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS)
- if( ( attributes->domain_parameters == NULL ) &&
- ( attributes->domain_parameters_size != 0 ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ((attributes->domain_parameters == NULL) &&
+ (attributes->domain_parameters_size != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
#endif
- if( key_type_is_raw_bytes( type ) )
- {
- status = psa_generate_random( key_buffer, key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
- {
- (void)key_buffer_length;
- return( PSA_ERROR_NOT_SUPPORTED );
+ if (key_type_is_raw_bytes(type)) {
+ status = psa_generate_random(key_buffer, key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ } else {
+ (void) key_buffer_length;
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *key )
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -4724,62 +5050,67 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
/* Reject any attempt to create a zero-length key so that we don't
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
- if( psa_get_key_bits( attributes ) == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (psa_get_key_bits(attributes) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Reject any attempt to create a public key. */
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
- &slot, &driver );
- if( status != PSA_SUCCESS )
+ status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes,
+ &slot, &driver);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* In the case of a transparent key or an opaque key stored in local
* storage ( thus not in the case of generating a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
- if( slot->key.data == NULL )
- {
- if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
- PSA_KEY_LOCATION_LOCAL_STORAGE )
- {
+ if (slot->key.data == NULL) {
+ if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
+ PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
- attributes->core.type, attributes->core.bits );
- if( status != PSA_SUCCESS )
+ attributes->core.type, attributes->core.bits);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- attributes->core.type,
- attributes->core.bits );
- }
- else
- {
+ attributes->core.type,
+ attributes->core.bits);
+ } else {
status = psa_driver_wrapper_get_key_buffer_size(
- attributes, &key_buffer_size );
- if( status != PSA_SUCCESS )
+ attributes, &key_buffer_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
+ status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
}
- status = psa_driver_wrapper_generate_key( attributes,
- slot->key.data, slot->key.bytes, &slot->key.bytes );
+ status = psa_driver_wrapper_generate_key(attributes,
+ slot->key.data, slot->key.bytes, &slot->key.bytes);
- if( status != PSA_SUCCESS )
- psa_remove_key_data_from_memory( slot );
+ if (status != PSA_SUCCESS) {
+ psa_remove_key_data_from_memory(slot);
+ }
exit:
- if( status == PSA_SUCCESS )
- status = psa_finish_key_creation( slot, driver, key );
- if( status != PSA_SUCCESS )
- psa_fail_key_creation( slot, driver );
+ if (status == PSA_SUCCESS) {
+ status = psa_finish_key_creation(slot, driver, key);
+ }
+ if (status != PSA_SUCCESS) {
+ psa_fail_key_creation(slot, driver);
+ }
- return( status );
+ return status;
}
/****************************************************************/
@@ -4787,25 +5118,25 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
/****************************************************************/
psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
- void (*entropy_init)(mbedtls_entropy_context *ctx),
- void (*entropy_free)(mbedtls_entropy_context *ctx))
+ void (* entropy_init)(mbedtls_entropy_context *ctx),
+ void (* entropy_free)(mbedtls_entropy_context *ctx))
{
(void)entropy_init;
(void)entropy_free;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-void mbedtls_psa_crypto_free( void )
+void mbedtls_psa_crypto_free(void)
{
- psa_wipe_all_key_slots( );
+ psa_wipe_all_key_slots();
psa_driver_wrapper_free_random(&global_data.rng);
/* Wipe all remaining data, including configuration.
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
- mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+ mbedtls_platform_zeroize(&global_data, sizeof(global_data));
/* Terminate drivers */
- psa_driver_wrapper_free( );
+ psa_driver_wrapper_free();
}
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
@@ -4816,57 +5147,59 @@ void mbedtls_psa_crypto_free( void )
* fails.
*/
static psa_status_t psa_crypto_recover_transaction(
- const psa_crypto_transaction_t *transaction )
+ const psa_crypto_transaction_t *transaction)
{
- switch( transaction->unknown.type )
- {
+ switch (transaction->unknown.type) {
case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
- /* TODO - fall through to the failure case until this
- * is implemented.
- * https://github.com/ARMmbed/mbed-crypto/issues/218
- */
+ /* TODO - fall through to the failure case until this
+ * is implemented.
+ * https://github.com/ARMmbed/mbed-crypto/issues/218
+ */
default:
/* We found an unsupported transaction in the storage.
* We don't know what state the storage is in. Give up. */
- return( PSA_ERROR_DATA_INVALID );
+ return PSA_ERROR_DATA_INVALID;
}
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-psa_status_t psa_crypto_init( void )
+psa_status_t psa_crypto_init(void)
{
psa_status_t status;
/* Double initialization is explicitly allowed. */
- if( global_data.initialized != 0 )
- return( PSA_SUCCESS );
+ if (global_data.initialized != 0) {
+ return PSA_SUCCESS;
+ }
- /* Initialize and seed the random generator. */
- status = psa_driver_wrapper_init_random(&global_data.rng);
- if( status != PSA_SUCCESS )
+ /* Init drivers */
+ status = psa_driver_wrapper_init();
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
+ global_data.drivers_initialized = 1;
- status = psa_initialize_key_slots( );
- if( status != PSA_SUCCESS )
+ /* Initialize and seed the random generator. */
+ status = psa_driver_wrapper_init_random(&global_data.rng);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- /* Init drivers */
- status = psa_driver_wrapper_init( );
- if( status != PSA_SUCCESS )
+ status = psa_initialize_key_slots();
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
- status = psa_crypto_load_transaction( );
- if( status == PSA_SUCCESS )
- {
- status = psa_crypto_recover_transaction( &psa_crypto_transaction );
- if( status != PSA_SUCCESS )
+ status = psa_crypto_load_transaction();
+ if (status == PSA_SUCCESS) {
+ status = psa_crypto_recover_transaction(&psa_crypto_transaction);
+ if (status != PSA_SUCCESS) {
goto exit;
- status = psa_crypto_stop_transaction( );
- }
- else if( status == PSA_ERROR_DOES_NOT_EXIST )
- {
+ }
+ status = psa_crypto_stop_transaction();
+ } else if (status == PSA_ERROR_DOES_NOT_EXIST) {
/* There's no transaction to complete. It's all good. */
status = PSA_SUCCESS;
}
@@ -4876,9 +5209,10 @@ psa_status_t psa_crypto_init( void )
global_data.initialized = 1;
exit:
- if( status != PSA_SUCCESS )
- mbedtls_psa_crypto_free( );
- return( status );
+ if (status != PSA_SUCCESS) {
+ mbedtls_psa_crypto_free();
+ }
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/ext/oberon/psa/core/library/psa_crypto_client.c b/ext/oberon/psa/core/library/psa_crypto_client.c
index 81a3302ba504..4bbc8beed645 100644
--- a/ext/oberon/psa/core/library/psa_crypto_client.c
+++ b/ext/oberon/psa/core/library/psa_crypto_client.c
@@ -30,35 +30,34 @@
#include
#include "mbedtls/platform.h"
-void psa_reset_key_attributes( psa_key_attributes_t *attributes )
+void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS) /* !!OM */
- mbedtls_free( attributes->domain_parameters );
+ mbedtls_free(attributes->domain_parameters);
#endif
- memset( attributes, 0, sizeof( *attributes ) );
+ memset(attributes, 0, sizeof(*attributes));
}
#if defined(PSA_USE_KEY_DOMAIN_PARAMETERS) /* !!OM */
-psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length )
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length)
{
uint8_t *copy = NULL;
- if( data_length != 0 )
- {
- copy = mbedtls_calloc( 1, data_length );
- if( copy == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( copy, data, data_length );
+ if (data_length != 0) {
+ copy = mbedtls_calloc(1, data_length);
+ if (copy == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(copy, data, data_length);
}
/* After this point, this function is guaranteed to succeed, so it
* can start modifying `*attributes`. */
- if( attributes->domain_parameters != NULL )
- {
- mbedtls_free( attributes->domain_parameters );
+ if (attributes->domain_parameters != NULL) {
+ mbedtls_free(attributes->domain_parameters);
attributes->domain_parameters = NULL;
attributes->domain_parameters_size = 0;
}
@@ -66,20 +65,22 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
attributes->domain_parameters = copy;
attributes->domain_parameters_size = data_length;
attributes->core.type = type;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
- uint8_t *data, size_t data_size, size_t *data_length )
+ uint8_t *data, size_t data_size, size_t *data_length)
{
- if( attributes->domain_parameters_size > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ if (attributes->domain_parameters_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
*data_length = attributes->domain_parameters_size;
- if( attributes->domain_parameters_size != 0 )
- memcpy( data, attributes->domain_parameters,
- attributes->domain_parameters_size );
- return( PSA_SUCCESS );
+ if (attributes->domain_parameters_size != 0) {
+ memcpy(data, attributes->domain_parameters,
+ attributes->domain_parameters_size);
+ }
+ return PSA_SUCCESS;
}
#endif /* PSA_USE_KEY_DOMAIN_PARAMETERS */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/ext/oberon/psa/core/library/psa_crypto_core.h b/ext/oberon/psa/core/library/psa_crypto_core.h
index 614cad1f4936..722f33319048 100644
--- a/ext/oberon/psa/core/library/psa_crypto_core.h
+++ b/ext/oberon/psa/core/library/psa_crypto_core.h
@@ -26,31 +26,22 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
-/** Constant-time buffer comparison
+/**
+ * Tell if PSA is ready for this hash.
+ *
+ * \note For now, only checks the state of the driver subsystem,
+ * not the algorithm. Might do more in the future.
*
- * \param[in] a Left-hand buffer for comparison.
- * \param[in] b Right-hand buffer for comparison.
- * \param n Amount of bytes to compare.
+ * \param hash_alg The hash algorithm (ignored for now).
*
- * \return 0 if the buffer contents are equal, non-zero otherwise
+ * \return 1 if the driver subsytem is ready, 0 otherwise.
*/
-static inline int mbedtls_psa_safer_memcmp(
- const uint8_t *a, const uint8_t *b, size_t n )
-{
- size_t i;
- unsigned char diff = 0;
-
- for( i = 0; i < n; i++ )
- diff |= a[i] ^ b[i];
-
- return( diff );
-}
+int psa_can_do_hash(psa_algorithm_t hash_alg);
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
-typedef struct
-{
+typedef struct {
psa_core_key_attributes_t attr;
/*
@@ -80,8 +71,7 @@ typedef struct
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
- struct key_data
- {
+ struct key_data {
uint8_t *data;
size_t bytes;
} key;
@@ -90,7 +80,7 @@ typedef struct
/* A mask of key attribute flags used only internally.
* Currently there aren't any. */
#define PSA_KA_MASK_INTERNAL_ONLY ( \
- 0 )
+ 0)
/** Test whether a key slot is occupied.
*
@@ -101,9 +91,9 @@ typedef struct
*
* \return 1 if the slot is occupied, 0 otherwise.
*/
-static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
{
- return( slot->attr.type != 0 );
+ return slot->attr.type != 0;
}
/** Test whether a key slot is locked.
@@ -114,9 +104,9 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
*
* \return 1 if the slot is locked, 0 otherwise.
*/
-static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot)
{
- return( slot->lock_count > 0 );
+ return slot->lock_count > 0;
}
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
@@ -127,10 +117,10 @@ static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
* \return The key attribute flags in the given slot,
* bitwise-anded with \p mask.
*/
-static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
- uint16_t mask )
+static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
+ uint16_t mask)
{
- return( slot->attr.flags & mask );
+ return slot->attr.flags & mask;
}
/** Set flags in psa_key_slot_t::attr::core::flags.
@@ -139,12 +129,12 @@ static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
* \param mask The mask of bits to modify.
* \param value The new value of the selected bits.
*/
-static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
- uint16_t mask,
- uint16_t value )
+static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
+ uint16_t mask,
+ uint16_t value)
{
- slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
- ( mask & value ) );
+ slot->attr.flags = ((~mask & slot->attr.flags) |
+ (mask & value));
}
/** Turn on flags in psa_key_slot_t::attr::core::flags.
@@ -152,8 +142,8 @@ static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to set.
*/
-static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
- uint16_t mask )
+static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
+ uint16_t mask)
{
slot->attr.flags |= mask;
}
@@ -163,8 +153,8 @@ static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to clear.
*/
-static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
- uint16_t mask )
+static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
+ uint16_t mask)
{
slot->attr.flags &= ~mask;
}
@@ -177,30 +167,12 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
* secure element, otherwise the behaviour is undefined.
*/
static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
- const psa_key_slot_t *slot )
+ const psa_key_slot_t *slot)
{
- return( *( (psa_key_slot_number_t *)( slot->key.data ) ) );
+ return *((psa_key_slot_number_t *) (slot->key.data));
}
#endif
-/** Get the description of a key given its identifier and policy constraints
- * and lock it.
- *
- * The key must have allow all the usage flags set in \p usage. If \p alg is
- * nonzero, the key must allow operations with this algorithm. If \p alg is
- * zero, the algorithm is not checked.
- *
- * In case of a persistent key, the function loads the description of the key
- * into a key slot if not already done.
- *
- * On success, the returned key slot is locked. It is the responsibility of
- * the caller to unlock the key slot when it does not access it anymore.
- */
-psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key,
- psa_key_slot_t **p_slot,
- psa_key_usage_t usage,
- psa_algorithm_t alg );
-
/** Completely wipe a slot in memory, including its policy.
*
* Persistent storage is not affected.
@@ -210,9 +182,9 @@ psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key,
* \retval #PSA_SUCCESS
* Success. This includes the case of a key slot that was
* already fully wiped.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);
/** Try to allocate a buffer to an empty key slot.
*
@@ -226,11 +198,11 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
* \retval #PSA_ERROR_ALREADY_EXISTS
* Trying to allocate a buffer to a non-empty key slot.
*/
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- size_t buffer_length );
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+ size_t buffer_length);
/** Wipe key data from a slot. Preserves metadata such as the policy. */
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot);
/** Copy key data (in export format) into an empty key slot.
*
@@ -249,20 +221,20 @@ psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
* \retval #PSA_ERROR_ALREADY_EXISTS
* There was other key material already present in the slot.
*/
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
- const uint8_t *data,
- size_t data_length );
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+ const uint8_t *data,
+ size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
-psa_status_t mbedtls_to_psa_error( int ret );
+psa_status_t mbedtls_to_psa_error(int ret);
/** Import a key in binary format.
*
@@ -286,15 +258,15 @@ psa_status_t mbedtls_to_psa_error( int ret );
* \retval #PSA_SUCCESS The key was imported successfully.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key data is not correctly formatted.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t psa_import_key_into_slot(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
/** Export a key in binary format
*
@@ -311,17 +283,17 @@ psa_status_t psa_import_key_into_slot(
* \p data
*
* \retval #PSA_SUCCESS The key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
psa_status_t psa_export_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/** Export a public key or the public part of a key pair in binary format.
*
@@ -339,17 +311,17 @@ psa_status_t psa_export_key_internal(
* \p data
*
* \retval #PSA_SUCCESS The public key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
psa_status_t psa_export_public_key_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
/**
* \brief Generate a key.
@@ -365,16 +337,16 @@ psa_status_t psa_export_public_key_internal(
*
* \retval #PSA_SUCCESS
* The key was generated successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED
* Key size in bits or type not supported.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
*/
-psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length );
+psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length);
/** Sign a message with a private key. For hash-and-sign algorithms,
* this includes the hashing step.
@@ -400,24 +372,24 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p signature buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
*/
psa_status_t psa_sign_message_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *input, size_t input_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/** Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
@@ -446,15 +418,15 @@ psa_status_t psa_sign_message_builtin(
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculation was performed successfully, but the passed
* signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
psa_status_t psa_verify_message_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *input, size_t input_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
/** Sign an already-calculated hash with a private key.
*
@@ -476,24 +448,24 @@ psa_status_t psa_verify_message_builtin(
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p signature buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
*/
psa_status_t psa_sign_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public key.
@@ -520,15 +492,15 @@ psa_status_t psa_sign_hash_builtin(
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculation was performed successfully, but the passed
* signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
*/
psa_status_t psa_verify_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
/**
* \brief Validate the key bit size for unstructured keys.
@@ -547,8 +519,8 @@ psa_status_t psa_verify_hash_builtin(
* The type and/or the size in bits of the key or the combination of
* the two is not supported.
*/
-psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
- size_t bits );
+psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
+ size_t bits);
/** Perform a key agreement and return the raw shared secret, using
built-in raw key agreement functions.
@@ -578,8 +550,8 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
* up the returned shared secret.
* \retval #PSA_SUCCESS
* Success. Shared secret successfully calculated.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a key agreement algorithm, or
* \p private_key is not compatible with \p alg,
@@ -589,12 +561,12 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
* \p shared_secret_size is too small
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not a supported key agreement algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE \emptydescription
*/
psa_status_t psa_key_agreement_raw_builtin(
const psa_key_attributes_t *attributes,
@@ -605,6 +577,6 @@ psa_status_t psa_key_agreement_raw_builtin(
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
- size_t *shared_secret_length );
+ size_t *shared_secret_length);
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/ext/oberon/psa/core/library/psa_crypto_core_common.h b/ext/oberon/psa/core/library/psa_crypto_core_common.h
new file mode 100644
index 000000000000..dd72ab162902
--- /dev/null
+++ b/ext/oberon/psa/core/library/psa_crypto_core_common.h
@@ -0,0 +1,64 @@
+/**
+ * \file psa_crypto_core_common.h
+ *
+ * \brief Utility macros for internal use in the PSA cryptography core.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_CORE_COMMON_H
+#define PSA_CRYPTO_CORE_COMMON_H
+
+/** Return an offset into a buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline unsigned char *psa_crypto_buffer_offset(
+ unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+/** Return an offset into a read-only buffer.
+ *
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline const unsigned char *psa_crypto_buffer_offset_const(
+ const unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+#endif /* PSA_CRYPTO_CORE_COMMON_H */
diff --git a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h
index 89b19ca542b6..c8346d6643bf 100644
--- a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h
+++ b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h
@@ -27,8 +27,8 @@
/*
* Initialization and termination functions
*/
-psa_status_t psa_driver_wrapper_init( void );
-void psa_driver_wrapper_free( void );
+psa_status_t psa_driver_wrapper_init(void);
+void psa_driver_wrapper_free(void);
/*
* Signature functions
@@ -42,7 +42,7 @@ psa_status_t psa_driver_wrapper_sign_message(
size_t input_length,
uint8_t *signature,
size_t signature_size,
- size_t *signature_length );
+ size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_message(
const psa_key_attributes_t *attributes,
@@ -52,19 +52,56 @@ psa_status_t psa_driver_wrapper_verify_message(
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
- size_t signature_length );
+ size_t signature_length);
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length );
+ uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length );
+ const uint8_t *signature, size_t signature_length);
+
+/*
+ * Interruptible Signature functions
+ */
+
+uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
+ psa_sign_hash_interruptible_operation_t *operation);
+
+uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
+ psa_verify_hash_interruptible_operation_t *operation);
+
+psa_status_t psa_driver_wrapper_sign_hash_start(
+ psa_sign_hash_interruptible_operation_t *operation,
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length);
+
+psa_status_t psa_driver_wrapper_sign_hash_complete(
+ psa_sign_hash_interruptible_operation_t *operation,
+ uint8_t *signature, size_t signature_size,
+ size_t *signature_length);
+
+psa_status_t psa_driver_wrapper_sign_hash_abort(
+ psa_sign_hash_interruptible_operation_t *operation);
+
+psa_status_t psa_driver_wrapper_verify_hash_start(
+ psa_verify_hash_interruptible_operation_t *operation,
+ const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
+ size_t key_buffer_size, psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length);
+
+psa_status_t psa_driver_wrapper_verify_hash_complete(
+ psa_verify_hash_interruptible_operation_t *operation);
+
+psa_status_t psa_driver_wrapper_verify_hash_abort(
+ psa_verify_hash_interruptible_operation_t *operation);
/*
* Key handling functions
@@ -74,42 +111,42 @@ psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits );
+ size_t *key_buffer_length, size_t *bits);
psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length );
+ uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
- size_t *key_buffer_size );
+ size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
- size_t *key_buffer_size );
+ size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t psa_driver_wrapper_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key, size_t source_key_length,
uint8_t *target_key_buffer, size_t target_key_buffer_size,
- size_t *target_key_buffer_length );
+ size_t *target_key_buffer_length);
/*
* Cipher functions
*/
@@ -124,7 +161,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_decrypt(
const psa_key_attributes_t *attributes,
@@ -135,24 +172,24 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
- size_t iv_length );
+ size_t iv_length);
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
@@ -160,16 +197,16 @@ psa_status_t psa_driver_wrapper_cipher_update(
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_abort(
- psa_cipher_operation_t *operation );
+ psa_cipher_operation_t *operation);
/*
* Hashing functions
@@ -184,25 +221,25 @@ psa_status_t psa_driver_wrapper_hash_compute(
psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation );
+ psa_hash_operation_t *target_operation);
psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
- size_t *hash_length );
+ size_t *hash_length);
psa_status_t psa_driver_wrapper_hash_abort(
- psa_hash_operation_t *operation );
+ psa_hash_operation_t *operation);
/*
* AEAD functions
@@ -215,7 +252,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
@@ -224,34 +261,34 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_aead_set_nonce(
psa_aead_operation_t *operation,
const uint8_t *nonce,
- size_t nonce_length );
+ size_t nonce_length);
psa_status_t psa_driver_wrapper_aead_set_lengths(
psa_aead_operation_t *operation,
size_t ad_length,
- size_t plaintext_length );
+ size_t plaintext_length);
psa_status_t psa_driver_wrapper_aead_update_ad(
psa_aead_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t psa_driver_wrapper_aead_update(
psa_aead_operation_t *operation,
@@ -259,7 +296,7 @@ psa_status_t psa_driver_wrapper_aead_update(
size_t input_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_aead_finish(
psa_aead_operation_t *operation,
@@ -268,7 +305,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
- size_t *tag_length );
+ size_t *tag_length);
psa_status_t psa_driver_wrapper_aead_verify(
psa_aead_operation_t *operation,
@@ -276,10 +313,10 @@ psa_status_t psa_driver_wrapper_aead_verify(
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
- size_t tag_length );
+ size_t tag_length);
psa_status_t psa_driver_wrapper_aead_abort(
- psa_aead_operation_t *operation );
+ psa_aead_operation_t *operation);
/*
* MAC functions
@@ -293,40 +330,40 @@ psa_status_t psa_driver_wrapper_mac_compute(
size_t input_length,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_sign_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_verify_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
- psa_algorithm_t alg );
+ psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
- size_t input_length );
+ size_t input_length);
psa_status_t psa_driver_wrapper_mac_sign_finish(
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
- size_t *mac_length );
+ size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
- size_t mac_length );
+ size_t mac_length);
psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation );
+ psa_mac_operation_t *operation);
/*
* Asymmetric cryptography
@@ -342,7 +379,7 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
size_t salt_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
psa_status_t psa_driver_wrapper_asymmetric_decrypt(
const psa_key_attributes_t *attributes,
@@ -355,7 +392,21 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
size_t salt_length,
uint8_t *output,
size_t output_size,
- size_t *output_length );
+ size_t *output_length);
+
+/*
+ * Raw Key Agreement
+ */
+psa_status_t psa_driver_wrapper_key_agreement(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length);
/*
* KDF functions
@@ -386,52 +437,34 @@ psa_status_t psa_driver_wrapper_key_derivation_abort(
psa_key_derivation_operation_t *operation);
/*
- * Raw Key Agreement
- */
-psa_status_t psa_driver_wrapper_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *peer_key, size_t peer_key_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-/*
- * PAKE functions
+ * PAKE functions.
*/
psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite);
-
-psa_status_t psa_driver_wrapper_pake_set_password_key(
- psa_pake_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite,
const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length);
-
-psa_status_t psa_driver_wrapper_pake_set_user(
- psa_pake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len);
-
-psa_status_t psa_driver_wrapper_pake_set_peer(
- psa_pake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len);
-
-psa_status_t psa_driver_wrapper_pake_set_role(
- psa_pake_operation_t *operation,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
psa_pake_role_t role);
psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation,
psa_pake_step_t step,
- uint8_t *output, size_t output_size, size_t *output_length);
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
psa_status_t psa_driver_wrapper_pake_input(
psa_pake_operation_t *operation,
psa_pake_step_t step,
- const uint8_t *input, size_t input_length);
+ const uint8_t *input,
+ size_t input_length);
psa_status_t psa_driver_wrapper_pake_get_implicit_key(
psa_pake_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
+ uint8_t *output, size_t output_size,
+ size_t *output_length);
psa_status_t psa_driver_wrapper_pake_abort(
psa_pake_operation_t *operation);
diff --git a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers_no_static.h b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers_no_static.h
new file mode 100644
index 000000000000..4985403cd2ca
--- /dev/null
+++ b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers_no_static.h
@@ -0,0 +1,43 @@
+/*
+ * Function signatures for functionality that can be provided by
+ * cryptographic accelerators.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
+#define PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
+
+#include "psa/crypto.h"
+#include "psa/crypto_driver_common.h"
+
+psa_status_t psa_driver_wrapper_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ uint8_t *data, size_t data_size, size_t *data_length);
+
+psa_status_t psa_driver_wrapper_get_key_buffer_size(
+ const psa_key_attributes_t *attributes,
+ size_t *key_buffer_size);
+
+psa_status_t psa_driver_wrapper_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+
+#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H */
+
+/* End of automatically generated file. */
diff --git a/ext/oberon/psa/core/library/psa_crypto_invasive.h b/ext/oberon/psa/core/library/psa_crypto_invasive.h
index 1dd957933bb0..a900dd8ff748 100644
--- a/ext/oberon/psa/core/library/psa_crypto_invasive.h
+++ b/ext/oberon/psa/core/library/psa_crypto_invasive.h
@@ -69,14 +69,14 @@
* The library has already been initialized.
*/
psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
- void (* entropy_init )( mbedtls_entropy_context *ctx ),
- void (* entropy_free )( mbedtls_entropy_context *ctx ) );
+ void (* entropy_init)(mbedtls_entropy_context *ctx),
+ void (* entropy_free)(mbedtls_entropy_context *ctx));
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
- psa_key_type_t key_type );
+ psa_key_type_t key_type);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
#endif /* PSA_CRYPTO_INVASIVE_H */
diff --git a/ext/oberon/psa/core/library/psa_crypto_its.h b/ext/oberon/psa/core/library/psa_crypto_its.h
index 3a3f49a72551..3ceee49bea94 100644
--- a/ext/oberon/psa/core/library/psa_crypto_its.h
+++ b/ext/oberon/psa/core/library/psa_crypto_its.h
@@ -45,8 +45,7 @@ typedef uint64_t psa_storage_uid_t;
/**
* \brief A container for metadata associated with a specific uid
*/
-struct psa_storage_info_t
-{
+struct psa_storage_info_t {
uint32_t size; /**< The size of the data associated with a uid **/
psa_storage_create_flags_t flags; /**< The flags set when the uid was created **/
};
@@ -54,11 +53,6 @@ struct psa_storage_info_t
/** Flag indicating that \ref psa_storage_create and \ref psa_storage_set_extended are supported */
#define PSA_STORAGE_SUPPORT_SET_EXTENDED (1 << 0)
-/** \brief PSA storage specific error codes
- */
-#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
-#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
-
#define PSA_ITS_API_VERSION_MAJOR 1 /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
#define PSA_ITS_API_VERSION_MINOR 1 /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
@@ -73,7 +67,7 @@ struct psa_storage_info_t
* \return A status indicating the success/failure of the operation
*
* \retval #PSA_SUCCESS The operation completed successfully
- * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE
* \retval #PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
@@ -109,7 +103,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid,
uint32_t data_offset,
uint32_t data_length,
void *p_data,
- size_t *p_data_length );
+ size_t *p_data_length);
/**
* \brief Retrieve the metadata about the provided uid
@@ -137,7 +131,7 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid,
*
* \retval #PSA_SUCCESS The operation completed successfully
* \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage
- * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
*/
psa_status_t psa_its_remove(psa_storage_uid_t uid);
diff --git a/ext/oberon/psa/core/library/psa_crypto_random_impl.h b/ext/oberon/psa/core/library/psa_crypto_random_impl.h
index a64b4392eac7..c4021ceb1eac 100644
--- a/ext/oberon/psa/core/library/psa_crypto_random_impl.h
+++ b/ext/oberon/psa/core/library/psa_crypto_random_impl.h
@@ -3,12 +3,12 @@
* \brief PSA crypto random generator implementation abstraction.
*
* The definitions here need to be consistent with the declarations
- * in include/mbedtls/psa_util.h. This file contains some redundant
+ * in include/psa_util_internal.h. This file contains some redundant
* declarations to increase the chance that a compiler will detect
* inconsistencies if one file is changed without updating the other,
* but not all potential inconsistencies can be enforced, so make sure
* to check the public declarations and contracts in
- * include/mbedtls/psa_util.h if you modify this file.
+ * include/psa_util_internal.h if you modify this file.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -30,7 +30,7 @@
#ifndef PSA_CRYPTO_RANDOM_IMPL_H
#define PSA_CRYPTO_RANDOM_IMPL_H
-#include
+#include "psa_util_internal.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
@@ -41,9 +41,9 @@
typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
/* Trivial wrapper around psa_generate_random(). */
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
/* The PSA RNG API doesn't need any externally maintained state. */
#define MBEDTLS_PSA_RANDOM_STATE NULL
@@ -62,7 +62,7 @@ int mbedtls_psa_get_random( void *p_rng,
#elif defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_MD_CAN_SHA512) && defined(MBEDTLS_MD_CAN_SHA256)
#include
#if SIZE_MAX > 0xffffffff
/* Looks like a 64-bit system, so prefer SHA-512. */
@@ -71,9 +71,9 @@ int mbedtls_psa_get_random( void *p_rng,
/* Looks like a 32-bit system, so prefer SHA-256. */
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
#endif
-#elif defined(MBEDTLS_SHA512_C)
+#elif defined(MBEDTLS_MD_CAN_SHA512)
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512
-#elif defined(MBEDTLS_SHA256_C)
+#elif defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
#else
#error "No hash algorithm available for HMAC_DBRG."
@@ -89,12 +89,12 @@ int mbedtls_psa_get_random( void *p_rng,
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
-static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_init(mbedtls_psa_drbg_context_t *p_rng)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_init( p_rng );
+ mbedtls_ctr_drbg_init(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_init( p_rng );
+ mbedtls_hmac_drbg_init(p_rng);
#endif
}
@@ -102,12 +102,12 @@ static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
*
* \param p_rng Pointer to the Mbed TLS DRBG state.
*/
-static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_free( p_rng );
+ mbedtls_ctr_drbg_free(p_rng);
#elif defined(MBEDTLS_HMAC_DRBG_C)
- mbedtls_hmac_drbg_free( p_rng );
+ mbedtls_hmac_drbg_free(p_rng);
#endif
}
@@ -116,15 +116,14 @@ static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
* The random generator context is composed of an entropy context and
* a DRBG context.
*/
-typedef struct
-{
- void (* entropy_init )( mbedtls_entropy_context *ctx );
- void (* entropy_free )( mbedtls_entropy_context *ctx );
+typedef struct {
+ void (* entropy_init)(mbedtls_entropy_context *ctx);
+ void (* entropy_free)(mbedtls_entropy_context *ctx);
mbedtls_entropy_context entropy;
mbedtls_psa_drbg_context_t drbg;
} mbedtls_psa_random_context_t;
-/* Defined in include/mbedtls/psa_util.h so that it's visible to
+/* Defined in include/psa_util_internal.h so that it's visible to
* application code. The declaration here is redundant, but included
* as a safety net to make it more likely that a future change that
* accidentally causes the implementation to diverge from the interface
@@ -155,7 +154,7 @@ typedef struct
/* psa_crypto.c sets this variable to a pointer to the DRBG state in the
* global PSA crypto state. */
/* The type `mbedtls_psa_drbg_context_t` is defined in
- * include/mbedtls/psa_util.h so that `mbedtls_psa_random_state` can be
+ * include/psa_util_internal.h so that `mbedtls_psa_random_state` can be
* declared there and be visible to application code. */
extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
@@ -182,21 +181,21 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
*/
static inline int mbedtls_psa_drbg_seed(
mbedtls_entropy_context *entropy,
- const unsigned char *custom, size_t len )
+ const unsigned char *custom, size_t len)
{
#if defined(MBEDTLS_CTR_DRBG_C)
- return( mbedtls_ctr_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
- mbedtls_entropy_func,
- entropy,
- custom, len ) );
+ return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+ mbedtls_entropy_func,
+ entropy,
+ custom, len);
#elif defined(MBEDTLS_HMAC_DRBG_C)
const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE );
- return( mbedtls_hmac_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
- md_info,
- mbedtls_entropy_func,
- entropy,
- custom, len ) );
+ mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
+ return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+ md_info,
+ mbedtls_entropy_func,
+ entropy,
+ custom, len);
#endif
}
diff --git a/ext/oberon/psa/core/library/psa_crypto_se.h b/ext/oberon/psa/core/library/psa_crypto_se.h
index 693c3ead513a..a1e5e0922561 100644
--- a/ext/oberon/psa/core/library/psa_crypto_se.h
+++ b/ext/oberon/psa/core/library/psa_crypto_se.h
@@ -47,7 +47,7 @@
* actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
* which doesn't have a driver.
*/
-#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
+#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ((psa_key_id_t) 0xfffffe00)
/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4
@@ -58,13 +58,13 @@
* state. This function is only intended to be called at the end
* of mbedtls_psa_crypto_free().
*/
-void psa_unregister_all_se_drivers( void );
+void psa_unregister_all_se_drivers(void);
/** Initialize all secure element drivers.
*
* Called from psa_crypto_init().
*/
-psa_status_t psa_init_all_se_drivers( void );
+psa_status_t psa_init_all_se_drivers(void);
/** A structure that describes a registered secure element driver.
*
@@ -89,9 +89,9 @@ typedef struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t;
* \retval 0
* \p lifetime does not correspond to a registered driver.
*/
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
- const psa_drv_se_t **p_methods,
- psa_drv_se_context_t **p_drv_context);
+int psa_get_se_driver(psa_key_lifetime_t lifetime,
+ const psa_drv_se_t **p_methods,
+ psa_drv_se_context_t **p_drv_context);
/** Return the secure element driver table entry for a lifetime value.
*
@@ -101,7 +101,7 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime,
* \p NULL if \p lifetime does not correspond to a registered driver.
*/
psa_se_drv_table_entry_t *psa_get_se_driver_entry(
- psa_key_lifetime_t lifetime );
+ psa_key_lifetime_t lifetime);
/** Return the method table for a secure element driver.
*
@@ -111,7 +111,7 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry(
* \c NULL if \p driver is \c NULL.
*/
const psa_drv_se_t *psa_get_se_driver_methods(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Return the context of a secure element driver.
*
@@ -121,7 +121,7 @@ const psa_drv_se_t *psa_get_se_driver_methods(
* \c NULL if \p driver is \c NULL.
*/
psa_drv_se_context_t *psa_get_se_driver_context(
- psa_se_drv_table_entry_t *driver );
+ psa_se_drv_table_entry_t *driver);
/** Find a free slot for a key that is to be created.
*
@@ -137,15 +137,15 @@ psa_status_t psa_find_se_slot_for_key(
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t *slot_number );
+ psa_key_slot_number_t *slot_number);
/** Destroy a key in a secure element.
*
* This function calls the relevant driver method to destroy a key
* and updates the driver's persistent data.
*/
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
- psa_key_slot_number_t slot_number );
+psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
+ psa_key_slot_number_t slot_number);
/** Load the persistent data of a secure element driver.
*
@@ -160,7 +160,7 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
* \return #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_load_se_persistent_data(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Save the persistent data of a secure element driver.
*
@@ -176,7 +176,7 @@ psa_status_t psa_load_se_persistent_data(
* \return #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_save_se_persistent_data(
- const psa_se_drv_table_entry_t *driver );
+ const psa_se_drv_table_entry_t *driver);
/** Destroy the persistent data of a secure element driver.
*
@@ -185,14 +185,13 @@ psa_status_t psa_save_se_persistent_data(
* \param[in] location The location identifier for the driver whose
* persistent data is to be erased.
*/
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
+psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location);
/** The storage representation of a key whose data is in a secure element.
*/
-typedef struct
-{
- uint8_t slot_number[sizeof( psa_key_slot_number_t )];
+typedef struct {
+ uint8_t slot_number[sizeof(psa_key_slot_number_t)];
} psa_se_key_data_storage_t;
#endif /* PSA_CRYPTO_SE_H */
diff --git a/ext/oberon/psa/core/library/psa_crypto_slot_management.c b/ext/oberon/psa/core/library/psa_crypto_slot_management.c
index 9dceaac6d459..92646c07c8eb 100644
--- a/ext/oberon/psa/core/library/psa_crypto_slot_management.c
+++ b/ext/oberon/psa/core/library/psa_crypto_slot_management.c
@@ -25,7 +25,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
+#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -36,30 +36,29 @@
#include
#include "mbedtls/platform.h"
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
-
-typedef struct
-{
+typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
- unsigned key_slots_initialized : 1;
+ uint8_t key_slots_initialized;
} psa_global_data_t;
static psa_global_data_t global_data;
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok)
{
- psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
- if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
- ( key_id <= PSA_KEY_ID_USER_MAX ) )
- return( 1 );
+ if ((PSA_KEY_ID_USER_MIN <= key_id) &&
+ (key_id <= PSA_KEY_ID_USER_MAX)) {
+ return 1;
+ }
- if( vendor_ok &&
- ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
- ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
- return( 1 );
+ if (vendor_ok &&
+ (PSA_KEY_ID_VENDOR_MIN <= key_id) &&
+ (key_id <= PSA_KEY_ID_VENDOR_MAX)) {
+ return 1;
+ }
- return( 0 );
+ return 0;
}
/** Get the description in memory of a key given its identifier and lock it.
@@ -94,16 +93,15 @@ int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
* There is no key with key identifier \p key in the key slots.
*/
static psa_status_t psa_get_and_lock_key_slot_in_memory(
- mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot )
+ mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+ psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
size_t slot_idx;
psa_key_slot_t *slot = NULL;
- if( psa_key_id_is_volatile( key_id ) )
- {
- slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
+ if (psa_key_id_is_volatile(key_id)) {
+ slot = &global_data.key_slots[key_id - PSA_KEY_ID_VOLATILE_MIN];
/*
* Check if both the PSA key identifier key_id and the owner
@@ -113,83 +111,79 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory(
* is equal to zero. This is an invalid value for a PSA key identifier
* and thus cannot be equal to the valid PSA key identifier key_id.
*/
- status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ?
+ status = mbedtls_svc_key_id_equal(key, slot->attr.id) ?
PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
- }
- else
- {
- if ( !psa_is_valid_key_id( key, 1 ) )
- return( PSA_ERROR_INVALID_HANDLE );
+ } else {
+ if (!psa_is_valid_key_id(key, 1)) {
+ return PSA_ERROR_INVALID_HANDLE;
+ }
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- slot = &global_data.key_slots[ slot_idx ];
- if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ slot = &global_data.key_slots[slot_idx];
+ if (mbedtls_svc_key_id_equal(key, slot->attr.id)) {
break;
+ }
}
- status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ?
+ status = (slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT) ?
PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
}
- if( status == PSA_SUCCESS )
- {
- status = psa_lock_key_slot( slot );
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
+ status = psa_lock_key_slot(slot);
+ if (status == PSA_SUCCESS) {
*p_slot = slot;
+ }
}
- return( status );
+ return status;
}
-psa_status_t psa_initialize_key_slots( void )
+psa_status_t psa_initialize_key_slots(void)
{
/* Nothing to do: program startup and psa_wipe_all_key_slots() both
* guarantee that the key slots are initialized to all-zero, which
* means that all the key slots are in a valid, empty state. */
global_data.key_slots_initialized = 1;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-void psa_wipe_all_key_slots( void )
+void psa_wipe_all_key_slots(void)
{
size_t slot_idx;
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
slot->lock_count = 1;
- (void) psa_wipe_key_slot( slot );
+ (void) psa_wipe_key_slot(slot);
}
global_data.key_slots_initialized = 0;
}
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
- psa_key_slot_t **p_slot )
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+ psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t slot_idx;
psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot;
- if( ! global_data.key_slots_initialized )
- {
+ if (!global_data.key_slots_initialized) {
status = PSA_ERROR_BAD_STATE;
goto error;
}
selected_slot = unlocked_persistent_key_slot = NULL;
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
- if( ! psa_is_key_slot_occupied( slot ) )
- {
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+ if (!psa_is_key_slot_occupied(slot)) {
selected_slot = slot;
break;
}
- if( ( unlocked_persistent_key_slot == NULL ) &&
- ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
- ( ! psa_is_key_slot_locked( slot ) ) )
+ if ((unlocked_persistent_key_slot == NULL) &&
+ (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+ (!psa_is_key_slot_locked(slot))) {
unlocked_persistent_key_slot = slot;
+ }
}
/*
@@ -199,25 +193,24 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
* persistent key we are evicting now, we will reload its description from
* storage.
*/
- if( ( selected_slot == NULL ) &&
- ( unlocked_persistent_key_slot != NULL ) )
- {
+ if ((selected_slot == NULL) &&
+ (unlocked_persistent_key_slot != NULL)) {
selected_slot = unlocked_persistent_key_slot;
selected_slot->lock_count = 1;
- psa_wipe_key_slot( selected_slot );
+ psa_wipe_key_slot(selected_slot);
}
- if( selected_slot != NULL )
- {
- status = psa_lock_key_slot( selected_slot );
- if( status != PSA_SUCCESS )
- goto error;
+ if (selected_slot != NULL) {
+ status = psa_lock_key_slot(selected_slot);
+ if (status != PSA_SUCCESS) {
+ goto error;
+ }
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
- ( (psa_key_id_t)( selected_slot - global_data.key_slots ) );
+ ((psa_key_id_t) (selected_slot - global_data.key_slots));
*p_slot = selected_slot;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -225,53 +218,52 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
*p_slot = NULL;
*volatile_key_id = 0;
- return( status );
+ return status;
}
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
{
psa_status_t status = PSA_SUCCESS;
uint8_t *key_data = NULL;
size_t key_data_length = 0;
- status = psa_load_persistent_key( &slot->attr,
- &key_data, &key_data_length );
- if( status != PSA_SUCCESS )
+ status = psa_load_persistent_key(&slot->attr,
+ &key_data, &key_data_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Special handling is required for loading keys associated with a
* dynamically registered SE interface. */
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
- {
+ if (psa_get_se_driver(slot->attr.lifetime, &drv, &drv_context)) {
psa_se_key_data_storage_t *data;
- if( key_data_length != sizeof( *data ) )
- {
+ if (key_data_length != sizeof(*data)) {
status = PSA_ERROR_DATA_INVALID;
goto exit;
}
data = (psa_se_key_data_storage_t *) key_data;
status = psa_copy_key_material_into_slot(
- slot, data->slot_number, sizeof( data->slot_number ) );
+ slot, data->slot_number, sizeof(data->slot_number));
goto exit;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
+ status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
exit:
- psa_free_persistent_key_data( key_data, key_data_length );
- return( status );
+ psa_free_persistent_key_data(key_data, key_data_length);
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -280,91 +272,98 @@ static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
size_t key_buffer_size = 0;
size_t key_buffer_length = 0;
- if( ! psa_key_id_is_builtin(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
- {
- return( PSA_ERROR_DOES_NOT_EXIST );
+ if (!psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id))) {
+ return PSA_ERROR_DOES_NOT_EXIST;
}
/* Check the platform function to see whether this key actually exists */
status = mbedtls_psa_platform_get_builtin_key(
- slot->attr.id, &lifetime, &slot_number );
- if( status != PSA_SUCCESS )
- return( status );
+ slot->attr.id, &lifetime, &slot_number);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Set required key attributes to ensure get_builtin_key can retrieve the
* full attributes. */
- psa_set_key_id( &attributes, slot->attr.id );
- psa_set_key_lifetime( &attributes, lifetime );
+ psa_set_key_id(&attributes, slot->attr.id);
+ psa_set_key_lifetime(&attributes, lifetime);
/* Get the full key attributes from the driver in order to be able to
* calculate the required buffer size. */
status = psa_driver_wrapper_get_builtin_key(
- slot_number, &attributes,
- NULL, 0, NULL );
- if( status != PSA_ERROR_BUFFER_TOO_SMALL )
- {
+ slot_number, &attributes,
+ NULL, 0, NULL);
+ if (status != PSA_ERROR_BUFFER_TOO_SMALL) {
/* Builtin keys cannot be defined by the attributes alone */
- if( status == PSA_SUCCESS )
+ if (status == PSA_SUCCESS) {
status = PSA_ERROR_CORRUPTION_DETECTED;
- return( status );
+ }
+ return status;
}
/* If the key should exist according to the platform, then ask the driver
* what its expected size is. */
- status = psa_driver_wrapper_get_key_buffer_size( &attributes,
- &key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_driver_wrapper_get_key_buffer_size(&attributes,
+ &key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* Allocate a buffer of the required size and load the builtin key directly
* into the (now properly sized) slot buffer. */
- status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
status = psa_driver_wrapper_get_builtin_key(
- slot_number, &attributes,
- slot->key.data, slot->key.bytes, &key_buffer_length );
- if( status != PSA_SUCCESS )
+ slot_number, &attributes,
+ slot->key.data, slot->key.bytes, &key_buffer_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
/* Copy actual key length and core attributes into the slot on success */
slot->key.bytes = key_buffer_length;
slot->attr = attributes.core;
exit:
- if( status != PSA_SUCCESS )
- psa_remove_key_data_from_memory( slot );
- return( status );
+ if (status != PSA_SUCCESS) {
+ psa_remove_key_data_from_memory(slot);
+ }
+ return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
- psa_key_slot_t **p_slot )
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+ psa_key_slot_t **p_slot)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*p_slot = NULL;
- if( ! global_data.key_slots_initialized )
- return( PSA_ERROR_BAD_STATE );
+ if (!global_data.key_slots_initialized) {
+ return PSA_ERROR_BAD_STATE;
+ }
/*
* On success, the pointer to the slot is passed directly to the caller
* thus no need to unlock the key slot here.
*/
- status = psa_get_and_lock_key_slot_in_memory( key, p_slot );
- if( status != PSA_ERROR_DOES_NOT_EXIST )
- return( status );
+ status = psa_get_and_lock_key_slot_in_memory(key, p_slot);
+ if (status != PSA_ERROR_DOES_NOT_EXIST) {
+ return status;
+ }
/* Loading keys from storage requires support for such a mechanism */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_key_id_t volatile_key_id;
- status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
(*p_slot)->attr.id = key;
(*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
@@ -372,206 +371,199 @@ psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
status = PSA_ERROR_DOES_NOT_EXIST;
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Load keys in the 'builtin' range through their own interface */
- status = psa_load_builtin_key_into_slot( *p_slot );
+ status = psa_load_builtin_key_into_slot(*p_slot);
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( status == PSA_ERROR_DOES_NOT_EXIST )
- status = psa_load_persistent_key_into_slot( *p_slot );
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
+ status = psa_load_persistent_key_into_slot(*p_slot);
+ }
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
- if( status != PSA_SUCCESS )
- {
- psa_wipe_key_slot( *p_slot );
- if( status == PSA_ERROR_DOES_NOT_EXIST )
+ if (status != PSA_SUCCESS) {
+ psa_wipe_key_slot(*p_slot);
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
status = PSA_ERROR_INVALID_HANDLE;
- }
- else
+ }
+ } else {
/* Add implicit usage flags. */
- psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+ psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage);
+ }
- return( status );
+ return status;
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
- return( PSA_ERROR_INVALID_HANDLE );
+ return PSA_ERROR_INVALID_HANDLE;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot)
{
- if( slot == NULL )
- return( PSA_SUCCESS );
+ if (slot == NULL) {
+ return PSA_SUCCESS;
+ }
- if( slot->lock_count > 0 )
- {
+ if (slot->lock_count > 0) {
slot->lock_count--;
- return( PSA_SUCCESS );
- }
-
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report if the lock counter is equal to zero. Assert with
- * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater
- * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and
- * the function is called as part of the execution of a test suite, the
- * execution of the test suite is stopped in error if the assertion fails.
- */
- MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count > 0 );
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_SUCCESS;
+ }
+
+ /*
+ * As the return error code may not be handled in case of multiple errors,
+ * do our best to report if the lock counter is equal to zero. Assert with
+ * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater
+ * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and
+ * the function is called as part of the execution of a test suite, the
+ * execution of the test suite is stopped in error if the assertion fails.
+ */
+ MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count > 0);
+ return PSA_ERROR_CORRUPTION_DETECTED;
}
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
- psa_se_drv_table_entry_t **p_drv )
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+ psa_se_drv_table_entry_t **p_drv)
{
- if ( psa_key_lifetime_is_external( lifetime ) )
- {
+ if (psa_key_lifetime_is_external(lifetime)) {
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Check whether a driver is registered against this lifetime */
- psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
- if( driver != NULL )
- {
- if (p_drv != NULL)
+ psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
+ if (driver != NULL) {
+ if (p_drv != NULL) {
*p_drv = driver;
- return( PSA_SUCCESS );
+ }
+ return PSA_SUCCESS;
}
#else /* MBEDTLS_PSA_CRYPTO_SE_C */
(void) p_drv;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Key location for external keys gets checked by the wrapper */
- return( PSA_SUCCESS );
-#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
- /* No support for external lifetimes at all, or dynamic interface
- * did not find driver for requested lifetime. */
- return( PSA_ERROR_INVALID_ARGUMENT );
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
- }
- else
+ return PSA_SUCCESS;
+ } else {
/* Local/internal keys are always valid */
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
+ }
}
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime)
{
- if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
/* Volatile keys are always supported */
- return( PSA_SUCCESS );
- }
- else
- {
+ return PSA_SUCCESS;
+ } else {
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- else
- return( PSA_SUCCESS );
+ if (PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ } else {
+ return PSA_SUCCESS;
+ }
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
}
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
+psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_status_t status;
psa_key_slot_t *slot;
- status = psa_get_and_lock_key_slot( key, &slot );
- if( status != PSA_SUCCESS )
- {
+ status = psa_get_and_lock_key_slot(key, &slot);
+ if (status != PSA_SUCCESS) {
*handle = PSA_KEY_HANDLE_INIT;
- if( status == PSA_ERROR_INVALID_HANDLE )
+ if (status == PSA_ERROR_INVALID_HANDLE) {
status = PSA_ERROR_DOES_NOT_EXIST;
+ }
- return( status );
+ return status;
}
*handle = key;
- return( psa_unlock_key_slot( slot ) );
+ return psa_unlock_key_slot(slot);
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
(void) key;
*handle = PSA_KEY_HANDLE_INIT;
- return( PSA_ERROR_NOT_SUPPORTED );
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
-psa_status_t psa_close_key( psa_key_handle_t handle )
+psa_status_t psa_close_key(psa_key_handle_t handle)
{
psa_status_t status;
psa_key_slot_t *slot;
- if( psa_key_handle_is_null( handle ) )
- return( PSA_SUCCESS );
+ if (psa_key_handle_is_null(handle)) {
+ return PSA_SUCCESS;
+ }
- status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
- if( status != PSA_SUCCESS )
- {
- if( status == PSA_ERROR_DOES_NOT_EXIST )
+ status = psa_get_and_lock_key_slot_in_memory(handle, &slot);
+ if (status != PSA_SUCCESS) {
+ if (status == PSA_ERROR_DOES_NOT_EXIST) {
status = PSA_ERROR_INVALID_HANDLE;
+ }
- return( status );
+ return status;
+ }
+ if (slot->lock_count <= 1) {
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unlock_key_slot(slot);
}
- if( slot->lock_count <= 1 )
- return( psa_wipe_key_slot( slot ) );
- else
- return( psa_unlock_key_slot( slot ) );
}
-psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
{
psa_status_t status;
psa_key_slot_t *slot;
- status = psa_get_and_lock_key_slot_in_memory( key, &slot );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_get_and_lock_key_slot_in_memory(key, &slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
- ( slot->lock_count <= 1 ) )
- return( psa_wipe_key_slot( slot ) );
- else
- return( psa_unlock_key_slot( slot ) );
+ if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+ (slot->lock_count <= 1)) {
+ return psa_wipe_key_slot(slot);
+ } else {
+ return psa_unlock_key_slot(slot);
+ }
}
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
+void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
{
size_t slot_idx;
- memset( stats, 0, sizeof( *stats ) );
+ memset(stats, 0, sizeof(*stats));
- for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
- {
- const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
- if( psa_is_key_slot_locked( slot ) )
- {
+ for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+ const psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+ if (psa_is_key_slot_locked(slot)) {
++stats->locked_slots;
}
- if( ! psa_is_key_slot_occupied( slot ) )
- {
+ if (!psa_is_key_slot_occupied(slot)) {
++stats->empty_slots;
continue;
}
- if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
++stats->volatile_slots;
- else
- {
- psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+ } else {
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
++stats->persistent_slots;
- if( id > stats->max_open_internal_key_id )
+ if (id > stats->max_open_internal_key_id) {
stats->max_open_internal_key_id = id;
+ }
}
- if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE )
- {
- psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+ if (PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE) {
+ psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
++stats->external_slots;
- if( id > stats->max_open_external_key_id )
+ if (id > stats->max_open_external_key_id) {
stats->max_open_external_key_id = id;
+ }
}
}
}
diff --git a/ext/oberon/psa/core/library/psa_crypto_slot_management.h b/ext/oberon/psa/core/library/psa_crypto_slot_management.h
index d539bdd86613..c8366abeb834 100644
--- a/ext/oberon/psa/core/library/psa_crypto_slot_management.h
+++ b/ext/oberon/psa/core/library/psa_crypto_slot_management.h
@@ -35,8 +35,8 @@
/** The minimum value for a volatile key identifier.
*/
-#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \
- MBEDTLS_PSA_KEY_SLOT_COUNT + 1 )
+#define PSA_KEY_ID_VOLATILE_MIN (PSA_KEY_ID_VENDOR_MAX - \
+ MBEDTLS_PSA_KEY_SLOT_COUNT + 1)
/** The maximum value for a volatile key identifier.
*/
@@ -51,10 +51,10 @@
* \retval 0
* The key identifier is not a volatile key identifier.
*/
-static inline int psa_key_id_is_volatile( psa_key_id_t key_id )
+static inline int psa_key_id_is_volatile(psa_key_id_t key_id)
{
- return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) &&
- ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) );
+ return (key_id >= PSA_KEY_ID_VOLATILE_MIN) &&
+ (key_id <= PSA_KEY_ID_VOLATILE_MAX);
}
/** Get the description of a key given its identifier and lock it.
@@ -88,24 +88,24 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id )
* due to a lack of empty key slot, or available memory.
* \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no key with key identifier \p key.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
- psa_key_slot_t **p_slot );
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+ psa_key_slot_t **p_slot);
/** Initialize the key slot structures.
*
* \retval #PSA_SUCCESS
* Currently this function always succeeds.
*/
-psa_status_t psa_initialize_key_slots( void );
+psa_status_t psa_initialize_key_slots(void);
/** Delete all data from key slots in memory.
*
* This does not affect persistent storage. */
-void psa_wipe_all_key_slots( void );
+void psa_wipe_all_key_slots(void);
/** Find a free key slot.
*
@@ -118,12 +118,12 @@ void psa_wipe_all_key_slots( void );
* associated to the returned slot.
* \param[out] p_slot On success, a pointer to the slot.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE \emptydescription
*/
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
- psa_key_slot_t **p_slot );
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+ psa_key_slot_t **p_slot);
/** Lock a key slot.
*
@@ -137,14 +137,15 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
* The lock counter already reached its maximum value and was not
* increased.
*/
-static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot )
+static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot)
{
- if( slot->lock_count >= SIZE_MAX )
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ if (slot->lock_count >= SIZE_MAX) {
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
slot->lock_count++;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/** Unlock a key slot.
@@ -163,7 +164,7 @@ static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot )
* The lock counter was equal to 0.
*
*/
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot);
/** Test whether a lifetime designates a key in an external cryptoprocessor.
*
@@ -177,10 +178,10 @@ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot );
* The lifetime designates a key that is volatile or in internal
* storage.
*/
-static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
+static inline int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime)
{
- return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
- != PSA_KEY_LOCATION_LOCAL_STORAGE );
+ return PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
+ != PSA_KEY_LOCATION_LOCAL_STORAGE;
}
/** Validate a key's location.
@@ -194,21 +195,21 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
* storage, returns a pointer to the driver table
* associated with the key's storage location.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
*/
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
- psa_se_drv_table_entry_t **p_drv );
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+ psa_se_drv_table_entry_t **p_drv);
/** Validate the persistence of a key.
*
* \param[in] lifetime The key lifetime attribute.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED The key is persistent but persistent keys
* are not supported.
*/
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime);
/** Validate a key identifier.
*
@@ -219,6 +220,6 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
*
* \retval <> 0 if the key identifier is valid, 0 otherwise.
*/
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok);
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/ext/oberon/psa/core/library/psa_crypto_storage.c b/ext/oberon/psa/core/library/psa_crypto_storage.c
index 3186a36855d4..574d4b05ed84 100644
--- a/ext/oberon/psa/core/library/psa_crypto_storage.c
+++ b/ext/oberon/psa/core/library/psa_crypto_storage.c
@@ -49,22 +49,22 @@
* other than storing a key. Currently, the only such file is the random seed
* file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
* 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
+static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
- uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
- return( ( (uint64_t) unsigned_owner_id << 32 ) |
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
+ uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key);
+ return ((uint64_t) unsigned_owner_id << 32) |
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
#else
/* Use the key id directly as a file name.
* psa_is_key_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
- return( key );
+ return key;
#endif
}
@@ -79,42 +79,45 @@ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
* \param[out] data Buffer where the data is to be written.
* \param data_size Size of the \c data buffer in bytes.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
*/
static psa_status_t psa_crypto_storage_load(
- const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
+ const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
size_t data_length = 0;
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
- if( data_size != data_length )
- return( PSA_ERROR_DATA_INVALID );
+ status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length);
+ if (data_size != data_length) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- return( status );
+ return status;
}
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
{
psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( 0 );
- return( 1 );
+ if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+ return 0;
+ }
+ return 1;
}
/**
@@ -128,71 +131,71 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
* \param data_length The number of bytes
* that make up the data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
-static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
- const uint8_t *data,
- size_t data_length )
+static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
+ const uint8_t *data,
+ size_t data_length)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- if( psa_is_key_present_in_storage( key ) == 1 )
- return( PSA_ERROR_ALREADY_EXISTS );
+ if (psa_is_key_present_in_storage(key) == 1) {
+ return PSA_ERROR_ALREADY_EXISTS;
+ }
- status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
- if( status != PSA_SUCCESS )
- {
- return( PSA_ERROR_DATA_INVALID );
+ status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
+ if (status != PSA_SUCCESS) {
+ return PSA_ERROR_DATA_INVALID;
}
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- {
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
goto exit;
}
- if( data_identifier_info.size != data_length )
- {
+ if (data_identifier_info.size != data_length) {
status = PSA_ERROR_DATA_INVALID;
goto exit;
}
exit:
- if( status != PSA_SUCCESS )
- {
+ if (status != PSA_SUCCESS) {
/* Remove the file in case we managed to create it but something
* went wrong. It's ok if the file doesn't exist. If the file exists
* but the removal fails, we're already reporting an error so there's
* nothing else we can do. */
- (void) psa_its_remove( data_identifier );
+ (void) psa_its_remove(data_identifier);
}
- return( status );
+ return status;
}
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)
{
psa_status_t ret;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret == PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_SUCCESS );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+ return PSA_SUCCESS;
+ }
- if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
- return( PSA_ERROR_DATA_INVALID );
+ if (psa_its_remove(data_identifier) != PSA_SUCCESS) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- ret = psa_its_get_info( data_identifier, &data_identifier_info );
- if( ret != PSA_ERROR_DOES_NOT_EXIST )
- return( PSA_ERROR_DATA_INVALID );
+ ret = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (ret != PSA_ERROR_DOES_NOT_EXIST) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/**
@@ -202,196 +205,202 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
* is to be obtained.
* \param[out] data_length The number of bytes that make up the data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
static psa_status_t psa_crypto_storage_get_data_length(
const mbedtls_svc_key_id_t key,
- size_t *data_length )
+ size_t *data_length)
{
psa_status_t status;
- psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+ psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
struct psa_storage_info_t data_identifier_info;
- status = psa_its_get_info( data_identifier, &data_identifier_info );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_its_get_info(data_identifier, &data_identifier_info);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
*data_length = (size_t) data_identifier_info.size;
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
/**
* Persistent key storage magic header.
*/
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
-#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
- uint8_t lifetime[sizeof( psa_key_lifetime_t )];
+ uint8_t lifetime[sizeof(psa_key_lifetime_t)];
uint8_t type[2];
uint8_t bits[2];
- uint8_t policy[sizeof( psa_key_policy_t )];
+ uint8_t policy[sizeof(psa_key_policy_t)];
uint8_t data_len[4];
uint8_t key_data[];
} psa_persistent_key_storage_format;
-void psa_format_key_data_for_storage( const uint8_t *data,
- const size_t data_length,
- const psa_core_key_attributes_t *attr,
- uint8_t *storage_data )
+void psa_format_key_data_for_storage(const uint8_t *data,
+ const size_t data_length,
+ const psa_core_key_attributes_t *attr,
+ uint8_t *storage_data)
{
psa_persistent_key_storage_format *storage_format =
(psa_persistent_key_storage_format *) storage_data;
- memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
- MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
- MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
- MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
- MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
- MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
- MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
- memcpy( storage_format->key_data, data, data_length );
+ memcpy(storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER,
+ PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH);
+ MBEDTLS_PUT_UINT32_LE(0, storage_format->version, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->lifetime, storage_format->lifetime, 0);
+ MBEDTLS_PUT_UINT16_LE((uint16_t) attr->type, storage_format->type, 0);
+ MBEDTLS_PUT_UINT16_LE((uint16_t) attr->bits, storage_format->bits, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0);
+ MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t));
+ MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t));
+ MBEDTLS_PUT_UINT32_LE(data_length, storage_format->data_len, 0);
+ memcpy(storage_format->key_data, data, data_length);
}
-static psa_status_t check_magic_header( const uint8_t *data )
+static psa_status_t check_magic_header(const uint8_t *data)
{
- if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
- PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
- return( PSA_ERROR_DATA_INVALID );
- return( PSA_SUCCESS );
+ if (memcmp(data, PSA_KEY_STORAGE_MAGIC_HEADER,
+ PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH) != 0) {
+ return PSA_ERROR_DATA_INVALID;
+ }
+ return PSA_SUCCESS;
}
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
- size_t storage_data_length,
- uint8_t **key_data,
- size_t *key_data_length,
- psa_core_key_attributes_t *attr )
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_core_key_attributes_t *attr)
{
psa_status_t status;
const psa_persistent_key_storage_format *storage_format =
- (const psa_persistent_key_storage_format *)storage_data;
+ (const psa_persistent_key_storage_format *) storage_data;
uint32_t version;
- if( storage_data_length < sizeof(*storage_format) )
- return( PSA_ERROR_DATA_INVALID );
+ if (storage_data_length < sizeof(*storage_format)) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- status = check_magic_header( storage_data );
- if( status != PSA_SUCCESS )
- return( status );
+ status = check_magic_header(storage_data);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
- if( version != 0 )
- return( PSA_ERROR_DATA_INVALID );
+ version = MBEDTLS_GET_UINT32_LE(storage_format->version, 0);
+ if (version != 0) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
- if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
- *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
- return( PSA_ERROR_DATA_INVALID );
+ *key_data_length = MBEDTLS_GET_UINT32_LE(storage_format->data_len, 0);
+ if (*key_data_length > (storage_data_length - sizeof(*storage_format)) ||
+ *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+ return PSA_ERROR_DATA_INVALID;
+ }
- if( *key_data_length == 0 )
- {
+ if (*key_data_length == 0) {
*key_data = NULL;
- }
- else
- {
- *key_data = mbedtls_calloc( 1, *key_data_length );
- if( *key_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( *key_data, storage_format->key_data, *key_data_length );
+ } else {
+ *key_data = mbedtls_calloc(1, *key_data_length);
+ if (*key_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(*key_data, storage_format->key_data, *key_data_length);
}
- attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
- attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
- attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
- attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
- attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
- attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
+ attr->lifetime = MBEDTLS_GET_UINT32_LE(storage_format->lifetime, 0);
+ attr->type = MBEDTLS_GET_UINT16_LE(storage_format->type, 0);
+ attr->bits = MBEDTLS_GET_UINT16_LE(storage_format->bits, 0);
+ attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0);
+ attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t));
+ attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t));
- return( PSA_SUCCESS );
+ return PSA_SUCCESS;
}
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
- const uint8_t *data,
- const size_t data_length )
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+ const uint8_t *data,
+ const size_t data_length)
{
size_t storage_data_length;
uint8_t *storage_data;
psa_status_t status;
/* All keys saved to persistent storage always have a key context */
- if( data == NULL || data_length == 0 )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if (data == NULL || data_length == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
- return( PSA_ERROR_INSUFFICIENT_STORAGE );
- storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
+ if (data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
+ storage_data_length = data_length + sizeof(psa_persistent_key_storage_format);
- storage_data = mbedtls_calloc( 1, storage_data_length );
- if( storage_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ storage_data = mbedtls_calloc(1, storage_data_length);
+ if (storage_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- psa_format_key_data_for_storage( data, data_length, attr, storage_data );
+ psa_format_key_data_for_storage(data, data_length, attr, storage_data);
- status = psa_crypto_storage_store( attr->id,
- storage_data, storage_data_length );
+ status = psa_crypto_storage_store(attr->id,
+ storage_data, storage_data_length);
- mbedtls_platform_zeroize( storage_data, storage_data_length );
- mbedtls_free( storage_data );
+ mbedtls_zeroize_and_free(storage_data, storage_data_length);
- return( status );
+ return status;
}
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
{
- if( key_data != NULL )
- {
- mbedtls_platform_zeroize( key_data, key_data_length );
- }
- mbedtls_free( key_data );
+ mbedtls_zeroize_and_free(key_data, key_data_length);
}
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
- uint8_t **data,
- size_t *data_length )
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+ uint8_t **data,
+ size_t *data_length)
{
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
mbedtls_svc_key_id_t key = attr->id;
- status = psa_crypto_storage_get_data_length( key, &storage_data_length );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_crypto_storage_get_data_length(key, &storage_data_length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- loaded_data = mbedtls_calloc( 1, storage_data_length );
+ loaded_data = mbedtls_calloc(1, storage_data_length);
- if( loaded_data == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
+ if (loaded_data == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
- status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
- if( status != PSA_SUCCESS )
+ status = psa_crypto_storage_load(key, loaded_data, storage_data_length);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
- data, data_length, attr );
+ status = psa_parse_key_data_from_storage(loaded_data, storage_data_length,
+ data, data_length, attr);
/* All keys saved to persistent storage always have a key context */
- if( status == PSA_SUCCESS &&
- ( *data == NULL || *data_length == 0 ) )
+ if (status == PSA_SUCCESS &&
+ (*data == NULL || *data_length == 0)) {
status = PSA_ERROR_STORAGE_FAILURE;
+ }
exit:
- mbedtls_platform_zeroize( loaded_data, storage_data_length );
- mbedtls_free( loaded_data );
- return( status );
+ mbedtls_zeroize_and_free(loaded_data, storage_data_length);
+ return status;
}
@@ -404,47 +413,48 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
psa_crypto_transaction_t psa_crypto_transaction;
-psa_status_t psa_crypto_save_transaction( void )
+psa_status_t psa_crypto_save_transaction(void)
{
struct psa_storage_info_t p_info;
psa_status_t status;
- status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
- if( status == PSA_SUCCESS )
- {
+ status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info);
+ if (status == PSA_SUCCESS) {
/* This shouldn't happen: we're trying to start a transaction while
* there is still a transaction that hasn't been replayed. */
- return( PSA_ERROR_CORRUPTION_DETECTED );
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ } else if (status != PSA_ERROR_DOES_NOT_EXIST) {
+ return status;
}
- else if( status != PSA_ERROR_DOES_NOT_EXIST )
- return( status );
- return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
- sizeof( psa_crypto_transaction ),
- &psa_crypto_transaction,
- 0 ) );
+ return psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID,
+ sizeof(psa_crypto_transaction),
+ &psa_crypto_transaction,
+ 0);
}
-psa_status_t psa_crypto_load_transaction( void )
+psa_status_t psa_crypto_load_transaction(void)
{
psa_status_t status;
size_t length;
- status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
- sizeof( psa_crypto_transaction ),
- &psa_crypto_transaction, &length );
- if( status != PSA_SUCCESS )
- return( status );
- if( length != sizeof( psa_crypto_transaction ) )
- return( PSA_ERROR_DATA_INVALID );
- return( PSA_SUCCESS );
+ status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
+ sizeof(psa_crypto_transaction),
+ &psa_crypto_transaction, &length);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ if (length != sizeof(psa_crypto_transaction)) {
+ return PSA_ERROR_DATA_INVALID;
+ }
+ return PSA_SUCCESS;
}
-psa_status_t psa_crypto_stop_transaction( void )
+psa_status_t psa_crypto_stop_transaction(void)
{
- psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
+ psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID);
/* Whether or not updating the storage succeeded, the transaction is
* finished now. It's too late to go back, so zero out the in-memory
* data. */
- memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
- return( status );
+ memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction));
+ return status;
}
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
@@ -456,24 +466,21 @@ psa_status_t psa_crypto_stop_transaction( void )
/****************************************************************/
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
- size_t seed_size )
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+ size_t seed_size)
{
psa_status_t status;
struct psa_storage_info_t p_info;
- status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+ status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info);
- if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
- {
- status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
- }
- else if( PSA_SUCCESS == status )
- {
+ if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */
+ status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0);
+ } else if (PSA_SUCCESS == status) {
/* You should not be here. Seed needs to be injected only once */
status = PSA_ERROR_NOT_PERMITTED;
}
- return( status );
+ return status;
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/ext/oberon/psa/core/library/psa_crypto_storage.h b/ext/oberon/psa/core/library/psa_crypto_storage.h
index 970e1083a703..37ca46e283b7 100644
--- a/ext/oberon/psa/core/library/psa_crypto_storage.h
+++ b/ext/oberon/psa/core/library/psa_crypto_storage.h
@@ -35,11 +35,11 @@ extern "C" {
/* Limit the maximum key size in storage. This should have no effect
* since the key size is limited in memory. */
-#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) )
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
-#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
+#error "PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000"
#endif
/** The maximum permitted persistent slot number.
@@ -72,7 +72,7 @@ extern "C" {
* \retval 1
* Persistent data present for slot number
*/
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key);
/**
* \brief Format key data and metadata and save to a location for given key
@@ -96,18 +96,18 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
* \param[in] data Buffer containing the key data.
* \param data_length The number of bytes that make up the key data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
- const uint8_t *data,
- const size_t data_length );
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+ const uint8_t *data,
+ const size_t data_length);
/**
* \brief Parses key data and metadata and load persistent key for given
@@ -129,15 +129,15 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
* \param[out] data Pointer to an allocated key data buffer on return.
* \param[out] data_length The number of bytes that make up the key data.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
*/
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
- uint8_t **data,
- size_t *data_length );
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+ uint8_t **data,
+ size_t *data_length);
/**
* \brief Remove persistent data for the given key slot number.
@@ -148,9 +148,9 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
* \retval #PSA_SUCCESS
* The key was successfully removed,
* or the key did not exist.
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key);
/**
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
@@ -162,7 +162,7 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
* \param key_data_length Size of the key data buffer.
*
*/
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length);
/**
* \brief Formats key data and metadata for persistent storage
@@ -173,10 +173,10 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
* \param[out] storage_data Output buffer for the formatted data.
*
*/
-void psa_format_key_data_for_storage( const uint8_t *data,
- const size_t data_length,
- const psa_core_key_attributes_t *attr,
- uint8_t *storage_data );
+void psa_format_key_data_for_storage(const uint8_t *data,
+ const size_t data_length,
+ const psa_core_key_attributes_t *attr,
+ uint8_t *storage_data);
/**
* \brief Parses persistent storage data into key data and metadata
@@ -190,19 +190,19 @@ void psa_format_key_data_for_storage( const uint8_t *data,
* \param[out] attr On success, the attribute structure is filled
* with the loaded key metadata.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
- size_t storage_data_length,
- uint8_t **key_data,
- size_t *key_data_length,
- psa_core_key_attributes_t *attr );
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+ size_t storage_data_length,
+ uint8_t **key_data,
+ size_t *key_data_length,
+ psa_core_key_attributes_t *attr);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
-#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
+#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
@@ -220,7 +220,7 @@ typedef uint16_t psa_crypto_transaction_type_t;
* This has the value 0, so zero-initialization sets a transaction's type to
* this value.
*/
-#define PSA_CRYPTO_TRANSACTION_NONE ( (psa_crypto_transaction_type_t) 0x0000 )
+#define PSA_CRYPTO_TRANSACTION_NONE ((psa_crypto_transaction_type_t) 0x0000)
/** A key creation transaction.
*
@@ -228,7 +228,7 @@ typedef uint16_t psa_crypto_transaction_type_t;
* Keys in RAM or in internal storage are created atomically in storage
* (simple file creation), so they do not need a transaction mechanism.
*/
-#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ( (psa_crypto_transaction_type_t) 0x0001 )
+#define PSA_CRYPTO_TRANSACTION_CREATE_KEY ((psa_crypto_transaction_type_t) 0x0001)
/** A key destruction transaction.
*
@@ -236,7 +236,7 @@ typedef uint16_t psa_crypto_transaction_type_t;
* Keys in RAM or in internal storage are destroyed atomically in storage
* (simple file deletion), so they do not need a transaction mechanism.
*/
-#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ( (psa_crypto_transaction_type_t) 0x0002 )
+#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY ((psa_crypto_transaction_type_t) 0x0002)
/** Transaction data.
*
@@ -274,8 +274,7 @@ typedef uint16_t psa_crypto_transaction_type_t;
* in psa_crypto.c. If you add a new type of transaction, be
* sure to add code for it in psa_crypto_recover_transaction().
*/
-typedef union
-{
+typedef union {
/* Each element of this union must have the following properties
* to facilitate serialization and deserialization:
*
@@ -284,8 +283,7 @@ typedef union
* - Elements of the struct are arranged such a way that there is
* no padding.
*/
- struct psa_crypto_transaction_unknown_s
- {
+ struct psa_crypto_transaction_unknown_s {
psa_crypto_transaction_type_t type;
uint16_t unused1;
uint32_t unused2;
@@ -294,8 +292,7 @@ typedef union
} unknown;
/* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
* #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
- struct psa_crypto_transaction_key_s
- {
+ struct psa_crypto_transaction_key_s {
psa_crypto_transaction_type_t type;
uint16_t unused1;
psa_key_lifetime_t lifetime;
@@ -315,7 +312,7 @@ extern psa_crypto_transaction_t psa_crypto_transaction;
* \param type The type of transaction to start.
*/
static inline void psa_crypto_prepare_transaction(
- psa_crypto_transaction_type_t type )
+ psa_crypto_transaction_type_t type)
{
psa_crypto_transaction.unknown.type = type;
}
@@ -325,12 +322,12 @@ static inline void psa_crypto_prepare_transaction(
* You may call this function multiple times during a transaction to
* atomically update the transaction state.
*
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
*/
-psa_status_t psa_crypto_save_transaction( void );
+psa_status_t psa_crypto_save_transaction(void);
/** Load the transaction data from storage, if any.
*
@@ -342,11 +339,11 @@ psa_status_t psa_crypto_save_transaction( void );
* #psa_crypto_transaction.
* \retval #PSA_ERROR_DOES_NOT_EXIST
* There is no ongoing transaction.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
*/
-psa_status_t psa_crypto_load_transaction( void );
+psa_status_t psa_crypto_load_transaction(void);
/** Indicate that the current transaction is finished.
*
@@ -366,13 +363,13 @@ psa_status_t psa_crypto_load_transaction( void );
* It was impossible to determine whether there was transaction data
* in storage, or the transaction data could not be erased.
*/
-psa_status_t psa_crypto_stop_transaction( void );
+psa_status_t psa_crypto_stop_transaction(void);
/** The ITS file identifier for the transaction data.
*
* 0xffffffNN = special file; 0x74 = 't' for transaction.
*/
-#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
+#define PSA_CRYPTO_ITS_TRANSACTION_UID ((psa_key_id_t) 0xffffff74)
#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
@@ -383,13 +380,13 @@ psa_status_t psa_crypto_stop_transaction( void );
*
* \retval #PSA_SUCCESS
* Success
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED
* The entropy seed file already exists.
*/
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
- size_t seed_size );
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+ size_t seed_size);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#ifdef __cplusplus
diff --git a/ext/oberon/psa/core/library/psa_its_file.c b/ext/oberon/psa/core/library/psa_its_file.c
index a35ac2494df7..97486165e26e 100644
--- a/ext/oberon/psa/core/library/psa_its_file.c
+++ b/ext/oberon/psa/core/library/psa_its_file.c
@@ -42,10 +42,10 @@
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
- ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
- 16 + /*UID (64-bit number in hex)*/ \
- sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
- 1 /*terminating null byte*/ )
+ (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
+ sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \
+ 1 /*terminating null byte*/)
#define PSA_ITS_STORAGE_TEMP \
PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
@@ -59,133 +59,143 @@
* use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
* Returns 0 on success, nonzero on failure. */
#if defined(_WIN32)
-#define rename_replace_existing( oldpath, newpath ) \
- ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
+#define rename_replace_existing(oldpath, newpath) \
+ (!MoveFileExA(oldpath, newpath, MOVEFILE_REPLACE_EXISTING))
#else
-#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
+#define rename_replace_existing(oldpath, newpath) rename(oldpath, newpath)
#endif
-typedef struct
-{
+typedef struct {
uint8_t magic[PSA_ITS_MAGIC_LENGTH];
- uint8_t size[sizeof( uint32_t )];
- uint8_t flags[sizeof( psa_storage_create_flags_t )];
+ uint8_t size[sizeof(uint32_t)];
+ uint8_t flags[sizeof(psa_storage_create_flags_t)];
} psa_its_file_header_t;
-static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename)
{
/* Break up the UID into two 32-bit pieces so as not to rely on
* long long support in snprintf. */
- mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
- "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
- PSA_ITS_STORAGE_PREFIX,
- (unsigned) ( uid >> 32 ),
- (unsigned) ( uid & 0xffffffff ),
- PSA_ITS_STORAGE_SUFFIX );
+ mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+ "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+ PSA_ITS_STORAGE_PREFIX,
+ (unsigned) (uid >> 32),
+ (unsigned) (uid & 0xffffffff),
+ PSA_ITS_STORAGE_SUFFIX);
}
-static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info,
- FILE **p_stream )
+static psa_status_t psa_its_read_file(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info,
+ FILE **p_stream)
{
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
psa_its_file_header_t header;
size_t n;
*p_stream = NULL;
- psa_its_fill_filename( uid, filename );
- *p_stream = fopen( filename, "rb" );
- if( *p_stream == NULL )
- return( PSA_ERROR_DOES_NOT_EXIST );
+ psa_its_fill_filename(uid, filename);
+ *p_stream = fopen(filename, "rb");
+ if (*p_stream == NULL) {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( *p_stream, NULL );
-
- n = fread( &header, 1, sizeof( header ), *p_stream );
- if( n != sizeof( header ) )
- return( PSA_ERROR_DATA_CORRUPT );
- if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
- PSA_ITS_MAGIC_LENGTH ) != 0 )
- return( PSA_ERROR_DATA_CORRUPT );
-
- p_info->size = ( header.size[0] |
- header.size[1] << 8 |
- header.size[2] << 16 |
- header.size[3] << 24 );
- p_info->flags = ( header.flags[0] |
- header.flags[1] << 8 |
- header.flags[2] << 16 |
- header.flags[3] << 24 );
- return( PSA_SUCCESS );
+ mbedtls_setbuf(*p_stream, NULL);
+
+ n = fread(&header, 1, sizeof(header), *p_stream);
+ if (n != sizeof(header)) {
+ return PSA_ERROR_DATA_CORRUPT;
+ }
+ if (memcmp(header.magic, PSA_ITS_MAGIC_STRING,
+ PSA_ITS_MAGIC_LENGTH) != 0) {
+ return PSA_ERROR_DATA_CORRUPT;
+ }
+
+ p_info->size = (header.size[0] |
+ header.size[1] << 8 |
+ header.size[2] << 16 |
+ header.size[3] << 24);
+ p_info->flags = (header.flags[0] |
+ header.flags[1] << 8 |
+ header.flags[2] << 16 |
+ header.flags[3] << 24);
+ return PSA_SUCCESS;
}
-psa_status_t psa_its_get_info( psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info )
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
FILE *stream = NULL;
- status = psa_its_read_file( uid, p_info, &stream );
- if( stream != NULL )
- fclose( stream );
- return( status );
+ status = psa_its_read_file(uid, p_info, &stream);
+ if (stream != NULL) {
+ fclose(stream);
+ }
+ return status;
}
-psa_status_t psa_its_get( psa_storage_uid_t uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data,
- size_t *p_data_length )
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_length,
+ void *p_data,
+ size_t *p_data_length)
{
psa_status_t status;
FILE *stream = NULL;
size_t n;
struct psa_storage_info_t info;
- status = psa_its_read_file( uid, &info, &stream );
- if( status != PSA_SUCCESS )
+ status = psa_its_read_file(uid, &info, &stream);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
status = PSA_ERROR_INVALID_ARGUMENT;
- if( data_offset + data_length < data_offset )
+ if (data_offset + data_length < data_offset) {
goto exit;
+ }
#if SIZE_MAX < 0xffffffff
- if( data_offset + data_length > SIZE_MAX )
+ if (data_offset + data_length > SIZE_MAX) {
goto exit;
+ }
#endif
- if( data_offset + data_length > info.size )
+ if (data_offset + data_length > info.size) {
goto exit;
+ }
status = PSA_ERROR_STORAGE_FAILURE;
#if LONG_MAX < 0xffffffff
- while( data_offset > LONG_MAX )
- {
- if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
+ while (data_offset > LONG_MAX) {
+ if (fseek(stream, LONG_MAX, SEEK_CUR) != 0) {
goto exit;
+ }
data_offset -= LONG_MAX;
}
#endif
- if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
+ if (fseek(stream, data_offset, SEEK_CUR) != 0) {
goto exit;
- n = fread( p_data, 1, data_length, stream );
- if( n != data_length )
+ }
+ n = fread(p_data, 1, data_length, stream);
+ if (n != data_length) {
goto exit;
+ }
status = PSA_SUCCESS;
- if( p_data_length != NULL )
+ if (p_data_length != NULL) {
*p_data_length = n;
+ }
exit:
- if( stream != NULL )
- fclose( stream );
- return( status );
+ if (stream != NULL) {
+ fclose(stream);
+ }
+ return status;
}
-psa_status_t psa_its_set( psa_storage_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_storage_create_flags_t create_flags )
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+ uint32_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
- if( uid == 0 )
- {
- return( PSA_ERROR_INVALID_HANDLE );
+ if (uid == 0) {
+ return PSA_ERROR_INVALID_HANDLE;
}
psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
@@ -194,64 +204,68 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
psa_its_file_header_t header;
size_t n;
- memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
- MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
- MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
+ memcpy(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH);
+ MBEDTLS_PUT_UINT32_LE(data_length, header.size, 0);
+ MBEDTLS_PUT_UINT32_LE(create_flags, header.flags, 0);
- psa_its_fill_filename( uid, filename );
- stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
+ psa_its_fill_filename(uid, filename);
+ stream = fopen(PSA_ITS_STORAGE_TEMP, "wb");
- if( stream == NULL )
+ if (stream == NULL) {
goto exit;
+ }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( stream, NULL );
+ mbedtls_setbuf(stream, NULL);
status = PSA_ERROR_INSUFFICIENT_STORAGE;
- n = fwrite( &header, 1, sizeof( header ), stream );
- if( n != sizeof( header ) )
+ n = fwrite(&header, 1, sizeof(header), stream);
+ if (n != sizeof(header)) {
goto exit;
- if( data_length != 0 )
- {
- n = fwrite( p_data, 1, data_length, stream );
- if( n != data_length )
+ }
+ if (data_length != 0) {
+ n = fwrite(p_data, 1, data_length, stream);
+ if (n != data_length) {
goto exit;
+ }
}
status = PSA_SUCCESS;
exit:
- if( stream != NULL )
- {
- int ret = fclose( stream );
- if( status == PSA_SUCCESS && ret != 0 )
+ if (stream != NULL) {
+ int ret = fclose(stream);
+ if (status == PSA_SUCCESS && ret != 0) {
status = PSA_ERROR_INSUFFICIENT_STORAGE;
+ }
}
- if( status == PSA_SUCCESS )
- {
- if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
+ if (status == PSA_SUCCESS) {
+ if (rename_replace_existing(PSA_ITS_STORAGE_TEMP, filename) != 0) {
status = PSA_ERROR_STORAGE_FAILURE;
+ }
}
/* The temporary file may still exist, but only in failure cases where
* we're already reporting an error. So there's nothing we can do on
* failure. If the function succeeded, and in some error cases, the
* temporary file doesn't exist and so remove() is expected to fail.
* Thus we just ignore the return status of remove(). */
- (void) remove( PSA_ITS_STORAGE_TEMP );
- return( status );
+ (void) remove(PSA_ITS_STORAGE_TEMP);
+ return status;
}
-psa_status_t psa_its_remove( psa_storage_uid_t uid )
+psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
FILE *stream;
- psa_its_fill_filename( uid, filename );
- stream = fopen( filename, "rb" );
- if( stream == NULL )
- return( PSA_ERROR_DOES_NOT_EXIST );
- fclose( stream );
- if( remove( filename ) != 0 )
- return( PSA_ERROR_STORAGE_FAILURE );
- return( PSA_SUCCESS );
+ psa_its_fill_filename(uid, filename);
+ stream = fopen(filename, "rb");
+ if (stream == NULL) {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
+ fclose(stream);
+ if (remove(filename) != 0) {
+ return PSA_ERROR_STORAGE_FAILURE;
+ }
+ return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/ext/oberon/psa/core/library/psa_util_internal.h b/ext/oberon/psa/core/library/psa_util_internal.h
new file mode 100644
index 000000000000..4a36dbf88ea0
--- /dev/null
+++ b/ext/oberon/psa/core/library/psa_util_internal.h
@@ -0,0 +1,108 @@
+/**
+ * \file psa_util_internal.h
+ *
+ * \brief Internal utility functions for use of PSA Crypto.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
+#define MBEDTLS_PSA_UTIL_INTERNAL_H
+
+/* Include the public header so that users only need one include. */
+#include "mbedtls/psa_util.h"
+
+#include "psa/crypto.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+/*************************************************************************
+ * FFDH
+ ************************************************************************/
+
+#define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
+ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
+
+/*************************************************************************
+ * ECC
+ ************************************************************************/
+
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+
+#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+
+/*************************************************************************
+ * Error translation
+ ************************************************************************/
+
+typedef struct {
+ /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
+ int16_t psa_status;
+ /* Error codes used by Mbed TLS are in one of the ranges
+ * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
+ * code optionally added), fitting in 16 bits. */
+ int16_t mbedtls_error;
+} mbedtls_error_pair_t;
+
+#if defined(MBEDTLS_MD_LIGHT)
+extern const mbedtls_error_pair_t psa_to_md_errors[4];
+#endif
+
+#if defined(MBEDTLS_LMS_C)
+extern const mbedtls_error_pair_t psa_to_lms_errors[3];
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
+#endif
+
+/* Generic fallback function for error translation,
+ * when the received state was not module-specific. */
+int psa_generic_status_to_mbedtls(psa_status_t status);
+
+/* This function iterates over provided local error translations,
+ * and if no match was found - calls the fallback error translation function. */
+int psa_status_to_mbedtls(psa_status_t status,
+ const mbedtls_error_pair_t *local_translations,
+ size_t local_errors_num,
+ int (*fallback_f)(psa_status_t));
+
+/* The second out of three-stage error handling functions of the pk module,
+ * acts as a fallback after RSA / ECDSA error translation, and if no match
+ * is found, it itself calls psa_generic_status_to_mbedtls. */
+int psa_pk_status_to_mbedtls(psa_status_t status);
+
+/* Utility macro to shorten the defines of error translator in modules. */
+#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
+ psa_status_to_mbedtls(status, error_list, \
+ sizeof(error_list)/sizeof(error_list[0]), \
+ fallback_f)
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
diff --git a/ext/oberon/psa/drivers/oberon_aead.c b/ext/oberon/psa/drivers/oberon_aead.c
index b9b05c60beb5..fd563e2c3442 100644
--- a/ext/oberon/psa/drivers/oberon_aead.c
+++ b/ext/oberon/psa/drivers/oberon_aead.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the PSA Crypto Driver API.
#include
diff --git a/ext/oberon/psa/drivers/oberon_aead.h b/ext/oberon/psa/drivers/oberon_aead.h
index ef82e403c97b..212df40383b9 100644
--- a/ext/oberon/psa/drivers/oberon_aead.h
+++ b/ext/oberon/psa/drivers/oberon_aead.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_AEAD_H
#define OBERON_AEAD_H
diff --git a/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.c b/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.c
index b368027250d2..734f35be8a22 100644
--- a/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.c
+++ b/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include "psa/crypto.h"
#include "oberon_asymmetric_encrypt.h"
@@ -87,4 +89,3 @@ psa_status_t oberon_asymmetric_decrypt(
return PSA_ERROR_NOT_SUPPORTED;
}
}
-
diff --git a/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.h b/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.h
index 50359ad0ecba..df91c717c1e6 100644
--- a/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.h
+++ b/ext/oberon/psa/drivers/oberon_asymmetric_encrypt.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_ASYMMETRIC_ENCRYPT_H
#define OBERON_ASYMMETRIC_ENCRYPT_H
diff --git a/ext/oberon/psa/drivers/oberon_asymmetric_signature.c b/ext/oberon/psa/drivers/oberon_asymmetric_signature.c
index 6f4d2ad9e104..47a9ef1dfbe3 100644
--- a/ext/oberon/psa/drivers/oberon_asymmetric_signature.c
+++ b/ext/oberon/psa/drivers/oberon_asymmetric_signature.c
@@ -1,20 +1,18 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include "psa/crypto.h"
#include "oberon_asymmetric_signature.h"
-#ifdef PSA_NEED_OBERON_ECDSA_SIGN
#include "oberon_ecdsa.h"
-#endif
-#ifdef PSA_NEED_OBERON_RSA_ANY_SIGN
#include "oberon_rsa.h"
-#endif
psa_status_t oberon_sign_hash(
@@ -102,7 +100,7 @@ psa_status_t oberon_verify_hash(
{
psa_key_type_t type = psa_get_key_type(attributes);
-#ifdef PSA_NEED_OBERON_ECDSA_SIGN
+#ifdef PSA_NEED_OBERON_ECDSA_VERIFY
if (PSA_KEY_TYPE_IS_ECC(type)) {
return oberon_ecdsa_verify_hash(
attributes, key, key_length,
@@ -110,9 +108,9 @@ psa_status_t oberon_verify_hash(
hash, hash_length,
signature, signature_length);
} else
-#endif /* PSA_NEED_OBERON_ECDSA_SIGN */
+#endif /* PSA_NEED_OBERON_ECDSA_VERIFY */
-#ifdef PSA_NEED_OBERON_RSA_ANY_SIGN
+#ifdef PSA_NEED_OBERON_RSA_ANY_VERIFY
if (PSA_KEY_TYPE_IS_RSA(type)) {
return oberon_rsa_verify_hash(
attributes, key, key_length,
@@ -120,7 +118,7 @@ psa_status_t oberon_verify_hash(
hash, hash_length,
signature, signature_length);
} else
-#endif /* PSA_NEED_OBERON_RSA_ANY_SIGN */
+#endif /* PSA_NEED_OBERON_RSA_ANY_VERIFY */
{
(void)key;
@@ -144,7 +142,7 @@ psa_status_t oberon_verify_message(
{
psa_key_type_t type = psa_get_key_type(attributes);
-#ifdef PSA_NEED_OBERON_ECDSA_SIGN
+#ifdef PSA_NEED_OBERON_ECDSA_VERIFY
if (PSA_KEY_TYPE_IS_ECC(type)) {
return oberon_ecdsa_verify_message(
attributes, key, key_length,
@@ -152,7 +150,7 @@ psa_status_t oberon_verify_message(
input, input_length,
signature, signature_length);
} else
-#endif /* PSA_NEED_OBERON_ECDSA_SIGN */
+#endif /* PSA_NEED_OBERON_ECDSA_VERIFY */
{
(void)key;
diff --git a/ext/oberon/psa/drivers/oberon_asymmetric_signature.h b/ext/oberon/psa/drivers/oberon_asymmetric_signature.h
index 0f762c0749c4..8857d5d40ab1 100644
--- a/ext/oberon/psa/drivers/oberon_asymmetric_signature.h
+++ b/ext/oberon/psa/drivers/oberon_asymmetric_signature.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_ASYMMETRIC_SIGNATURE_H
#define OBERON_ASYMMETRIC_SIGNATURE_H
diff --git a/ext/oberon/psa/drivers/oberon_cipher.c b/ext/oberon/psa/drivers/oberon_cipher.c
index 72df0cb265d4..aa7366836a2b 100644
--- a/ext/oberon/psa/drivers/oberon_cipher.c
+++ b/ext/oberon/psa/drivers/oberon_cipher.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
diff --git a/ext/oberon/psa/drivers/oberon_cipher.h b/ext/oberon/psa/drivers/oberon_cipher.h
index 2d0af1c84303..70245248e8f0 100644
--- a/ext/oberon/psa/drivers/oberon_cipher.h
+++ b/ext/oberon/psa/drivers/oberon_cipher.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_CIPHER_H
#define OBERON_CIPHER_H
diff --git a/ext/oberon/psa/drivers/oberon_ctr_drbg.c b/ext/oberon/psa/drivers/oberon_ctr_drbg.c
index d9d9d7581778..b0b706b4e49d 100644
--- a/ext/oberon/psa/drivers/oberon_ctr_drbg.c
+++ b/ext/oberon/psa/drivers/oberon_ctr_drbg.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
diff --git a/ext/oberon/psa/drivers/oberon_ctr_drbg.h b/ext/oberon/psa/drivers/oberon_ctr_drbg.h
index e4397366f0b5..3d1c587004f8 100644
--- a/ext/oberon/psa/drivers/oberon_ctr_drbg.h
+++ b/ext/oberon/psa/drivers/oberon_ctr_drbg.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_CTR_DRBG_H
#define OBERON_CTR_DRBG_H
diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.c b/ext/oberon/psa/drivers/oberon_ec_keys.c
index c2413d5551b2..847f758bd832 100644
--- a/ext/oberon/psa/drivers/oberon_ec_keys.c
+++ b/ext/oberon/psa/drivers/oberon_ec_keys.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -12,21 +14,54 @@
#include "oberon_ec_keys.h"
#include "oberon_helpers.h"
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224)
#include "ocrypto_ecdh_p224.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256)
#include "ocrypto_ecdh_p256.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384)
#include "ocrypto_ecdh_p384.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521)
+#include "ocrypto_ecdh_p521.h"
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255)
#include "ocrypto_curve25519.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448)
+#include "ocrypto_curve448.h"
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255)
#include "ocrypto_ed25519.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255 */
+#endif
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448)
+#include "ocrypto_ed448.h"
+#endif
psa_status_t oberon_export_ec_public_key(
@@ -46,49 +81,78 @@ psa_status_t oberon_export_ec_public_key(
}
switch (type) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
if (data_size < key_length * 2 + 1) return PSA_ERROR_BUFFER_TOO_SMALL;
*data_length = key_length * 2 + 1;
data[0] = 0x04;
switch (bits) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224
case 224:
res = ocrypto_ecdh_p224_public_key(&data[1], key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256
case 256:
res = ocrypto_ecdh_p256_public_key(&data[1], key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384
case 384:
res = ocrypto_ecdh_p384_public_key(&data[1], key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521
+ case 521:
+ res = ocrypto_ecdh_p521_public_key(&data[1], key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 */
default:
return PSA_ERROR_NOT_SUPPORTED;
}
if (res) return PSA_ERROR_INVALID_ARGUMENT;
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):
- if (bits != 255) return PSA_ERROR_NOT_SUPPORTED;
if (data_size < key_length) return PSA_ERROR_BUFFER_TOO_SMALL;
*data_length = key_length;
- ocrypto_curve25519_scalarmult_base(data, key);
+ switch (bits) {
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255
+ case 255:
+ ocrypto_curve25519_scalarmult_base(data, key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448
+ case 448:
+ ocrypto_curve448_scalarmult_base(data, key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 */
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
- if (bits != 255) return PSA_ERROR_NOT_SUPPORTED;
if (data_size < key_length) return PSA_ERROR_BUFFER_TOO_SMALL;
*data_length = key_length;
- ocrypto_ed25519_public_key(data, key);
+ switch (bits) {
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255
+ case 255:
+ ocrypto_ed25519_public_key(data, key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448
+ case 448:
+ ocrypto_ed448_public_key(data, key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 */
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS */
default:
(void)res;
return PSA_ERROR_NOT_SUPPORTED;
@@ -97,6 +161,32 @@ psa_status_t oberon_export_ec_public_key(
return PSA_SUCCESS;
}
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY)
+static void oberon_set_forced_bits(uint8_t *key, size_t bits)
+{
+ switch (bits) {
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255)
+ case 255:
+ key[0] = (uint8_t)(key[0] & 0xF8);
+ key[31] = (uint8_t)((key[31] & 0x7F) | 0x40);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 */
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448)
+ case 448:
+ key[0] = (uint8_t)(key[0] & 0xFC);
+ key[55] = (uint8_t)(key[55] | 0x80);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 */
+ }
+}
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY */
+
psa_status_t oberon_import_ec_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
@@ -108,96 +198,173 @@ psa_status_t oberon_import_ec_key(
psa_key_type_t type = psa_get_key_type(attributes);
switch (type) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
if (bits == 0) {
bits = PSA_BYTES_TO_BITS(data_length);
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_P521
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
if (bits == 528) bits = 521;
-#endif
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 */
}
switch (bits) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224
case 224:
if (data_length != 28) return PSA_ERROR_INVALID_ARGUMENT;
if (!oberon_ct_compare_zero(data, 28)) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p224_secret_key_check(data);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256
case 256:
if (data_length != 32) return PSA_ERROR_INVALID_ARGUMENT;
if (!oberon_ct_compare_zero(data, 32)) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p256_secret_key_check(data);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384
case 384:
if (data_length != 48) return PSA_ERROR_INVALID_ARGUMENT;
if (!oberon_ct_compare_zero(data, 48)) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p384_secret_key_check(data);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
+ case 521:
+ if (data_length != 66) return PSA_ERROR_INVALID_ARGUMENT;
+ if (!oberon_ct_compare_zero(data, 66)) return PSA_ERROR_INVALID_ARGUMENT;
+ res = ocrypto_ecdh_p521_secret_key_check(data);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 */
default:
return PSA_ERROR_NOT_SUPPORTED;
}
if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range
break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP */
+
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP
case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):
if (bits == 0) {
if ((data_length & 1) == 0) return PSA_ERROR_INVALID_ARGUMENT;
bits = PSA_BYTES_TO_BITS(data_length >> 1);
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_P521
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
if (bits == 528) bits = 521;
-#endif
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 */
}
switch (bits) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224
case 224:
if (data_length != 57 || data[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p224_public_key_check(&data[1]);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256
case 256:
if (data_length != 65 || data[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p256_public_key_check(&data[1]);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384
case 384:
if (data_length != 97 || data[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
res = ocrypto_ecdh_p384_public_key_check(&data[1]);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
+ case 521:
+ if (data_length != 133 || data[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
+ res = ocrypto_ecdh_p521_public_key_check(&data[1]);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 */
default:
return PSA_ERROR_NOT_SUPPORTED;
}
if (res) return PSA_ERROR_INVALID_ARGUMENT; // point not on curve
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP */
-#if defined(PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY) || defined(PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS)
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP */
+
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY)
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY
case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY */
+ if (bits == 0) {
+ switch (data_length) {
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255)
+ case 32: bits = 255; break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 */
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448)
+ case 56: bits = 448; break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
+ }
+ }
+ if (data_length != PSA_BITS_TO_BYTES(bits)) return PSA_ERROR_INVALID_ARGUMENT;
+ switch (bits) {
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255)
+ case 255: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 */
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448)
+ case 448: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
+ }
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY */
+
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS)
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS
case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS */
if (bits == 0) {
- if (data_length == 32) bits = 255;
- else return PSA_ERROR_NOT_SUPPORTED;
+ switch (data_length) {
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255)
+ case 32: bits = 255; break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 */
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448)
+ case 57: bits = 448; break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
+ }
}
- if (data_length != PSA_BITS_TO_BYTES(bits)) return PSA_ERROR_INVALID_ARGUMENT;
+ if (data_length != PSA_BITS_TO_BYTES(bits + 1)) return PSA_ERROR_INVALID_ARGUMENT;
switch (bits) {
- case 255:
- break;
- default:
- return PSA_ERROR_NOT_SUPPORTED;
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255)
+ case 255: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 */
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) || \
+ defined(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448)
+ case 448: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
}
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY || PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS ||
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS */
+
default:
(void)res;
return PSA_ERROR_NOT_SUPPORTED;
@@ -206,11 +373,11 @@ psa_status_t oberon_import_ec_key(
if (*key_bits != 0 && *key_bits != bits) return PSA_ERROR_INVALID_ARGUMENT;
if (key_size < data_length) return PSA_ERROR_BUFFER_TOO_SMALL;
memcpy(key, data, data_length);
+#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY)
if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)) {
- // enforce constant bits
- key[0] = (uint8_t)(key[0] & 0xF8);
- key[31] = (uint8_t)((key[31] & 0x7F) | 0x40);
+ oberon_set_forced_bits(key, bits);
}
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY */
*key_length = data_length;
*key_bits = bits;
return PSA_SUCCESS;
@@ -226,48 +393,79 @@ psa_status_t oberon_generate_ec_key(
psa_key_type_t type = psa_get_key_type(attributes);
size_t length = PSA_BITS_TO_BYTES(bits);
- if (key_size < length) return PSA_ERROR_BUFFER_TOO_SMALL;
- *key_length = length;
-
switch (type) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
+ if (key_size < length) return PSA_ERROR_BUFFER_TOO_SMALL;
do {
- status = psa_generate_random(key, length);
- if (status) return status;
- if (!oberon_ct_compare_zero(key, length)) continue;
+ do {
+ status = psa_generate_random(key, length);
+ if (status) return status;
+ } while (oberon_ct_compare_zero(key, length) == 0);
switch (bits) {
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224
case 224:
res = ocrypto_ecdh_p224_secret_key_check(key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256
case 256:
res = ocrypto_ecdh_p256_secret_key_check(key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384
case 384:
res = ocrypto_ecdh_p384_secret_key_check(key);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521
+ case 521:
+ res = ocrypto_ecdh_p521_secret_key_check(key);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 */
default:
return PSA_ERROR_NOT_SUPPORTED;
}
} while (res);
break;
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_SECP */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP */
+
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):
- if (bits != 255) return PSA_ERROR_NOT_SUPPORTED;
- return psa_generate_random(key, length);
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255 */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+ if (key_size < length) return PSA_ERROR_BUFFER_TOO_SMALL;
+ switch (bits) {
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255
+ case 255: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448
+ case 448: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
+ }
+ status = psa_generate_random(key, length);
+ if (status) return status;
+ oberon_set_forced_bits(key, bits);
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY */
+
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
- if (bits != 255) return PSA_ERROR_NOT_SUPPORTED;
- return psa_generate_random(key, length);
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255 */
+ length = PSA_BITS_TO_BYTES(bits + 1); // ED needs an extra bit
+ if (key_size < length) return PSA_ERROR_BUFFER_TOO_SMALL;
+ switch (bits) {
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255
+ case 255: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 */
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448
+ case 448: break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 */
+ default: return PSA_ERROR_NOT_SUPPORTED;
+ }
+ status = psa_generate_random(key, length);
+ if (status) return status;
+ break;
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS */
+
default:
(void)key;
(void)res;
@@ -275,5 +473,6 @@ psa_status_t oberon_generate_ec_key(
return PSA_ERROR_NOT_SUPPORTED;
}
+ *key_length = length;
return PSA_SUCCESS;
}
diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.h b/ext/oberon/psa/drivers/oberon_ec_keys.h
index 50c72da70c12..65fb2c23bdc0 100644
--- a/ext/oberon/psa/drivers/oberon_ec_keys.h
+++ b/ext/oberon/psa/drivers/oberon_ec_keys.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_EC_KEYS_H
#define OBERON_EC_KEYS_H
diff --git a/ext/oberon/psa/drivers/oberon_ecdh.c b/ext/oberon/psa/drivers/oberon_ecdh.c
index c77bbbba0818..249efc7af7a4 100644
--- a/ext/oberon/psa/drivers/oberon_ecdh.c
+++ b/ext/oberon/psa/drivers/oberon_ecdh.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include "psa/crypto.h"
#include "oberon_ecdh.h"
@@ -18,9 +20,15 @@
#ifdef PSA_NEED_OBERON_ECDH_SECP_R1_384
#include "ocrypto_ecdh_p384.h"
#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_ECDH_SECP_R1_521
+#include "ocrypto_ecdh_p521.h"
+#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_521 */
#ifdef PSA_NEED_OBERON_ECDH_MONTGOMERY_255
#include "ocrypto_curve25519.h"
#endif /* PSA_NEED_OBERON_ECDH_MONTGOMERY_255 */
+#ifdef PSA_NEED_OBERON_ECDH_MONTGOMERY_448
+#include "ocrypto_curve448.h"
+#endif /* PSA_NEED_OBERON_ECDH_MONTGOMERY_448 */
psa_status_t oberon_ecdh(
@@ -38,7 +46,8 @@ psa_status_t oberon_ecdh(
*output_length = key_length;
switch (psa_get_key_type(attributes)) {
-#if defined(PSA_NEED_OBERON_ECDH_SECP_R1_224) || defined(PSA_NEED_OBERON_ECDH_SECP_R1_256) || defined(PSA_NEED_OBERON_ECDH_SECP_R1_384)
+#if defined(PSA_NEED_OBERON_ECDH_SECP_R1_224) || defined(PSA_NEED_OBERON_ECDH_SECP_R1_256) || \
+ defined(PSA_NEED_OBERON_ECDH_SECP_R1_384) || defined(PSA_NEED_OBERON_ECDH_SECP_R1_521)
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
if (peer_key_length != key_length * 2 + 1) return PSA_ERROR_INVALID_ARGUMENT;
if (peer_key[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
@@ -58,19 +67,37 @@ psa_status_t oberon_ecdh(
res = ocrypto_ecdh_p384_common_secret(output, key, &peer_key[1]);
break;
#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_ECDH_SECP_R1_521
+ case 521:
+ res = ocrypto_ecdh_p521_common_secret(output, key, &peer_key[1]);
+ break;
+#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_521 */
default:
return PSA_ERROR_NOT_SUPPORTED;
}
if (res) return PSA_ERROR_INVALID_ARGUMENT;
break;
-#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_224 || PSA_NEED_OBERON_ECDH_SECP_R1_256 || PSA_NEED_OBERON_ECDH_SECP_R1_384 */
-#ifdef PSA_NEED_OBERON_ECDH_MONTGOMERY_255
+#endif /* PSA_NEED_OBERON_ECDH_SECP_R1_224 || PSA_NEED_OBERON_ECDH_SECP_R1_256 ||
+ PSA_NEED_OBERON_ECDH_SECP_R1_384 || PSA_NEED_OBERON_ECDH_SECP_R1_521 */
+#if defined(PSA_NEED_OBERON_ECDH_MONTGOMERY_255) || defined(PSA_NEED_OBERON_ECDH_MONTGOMERY_448)
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):
- if (bits != 255) return PSA_ERROR_NOT_SUPPORTED;
if (peer_key_length != key_length) return PSA_ERROR_INVALID_ARGUMENT;
- ocrypto_curve25519_scalarmult(output, key, peer_key);
+ switch (bits) {
+#ifdef PSA_NEED_OBERON_ECDH_MONTGOMERY_255
+ case 255:
+ ocrypto_curve25519_scalarmult(output, key, peer_key);
break;
#endif /* PSA_NEED_OBERON_ECDH_MONTGOMERY_255 */
+#ifdef PSA_NEED_OBERON_ECDH_MONTGOMERY_448
+ case 448:
+ ocrypto_curve448_scalarmult(output, key, peer_key);
+ break;
+#endif /* PSA_NEED_OBERON_ECDH_MONTGOMERY_448 */
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ break;
+#endif /* PSA_NEED_OBERON_ECDH_MONTGOMERY_255 || PSA_NEED_OBERON_ECDH_MONTGOMERY_448 */
default:
(void)key;
(void)key_length;
diff --git a/ext/oberon/psa/drivers/oberon_ecdh.h b/ext/oberon/psa/drivers/oberon_ecdh.h
index ada5bd64b1d6..0cf19f2a9bd1 100644
--- a/ext/oberon/psa/drivers/oberon_ecdh.h
+++ b/ext/oberon/psa/drivers/oberon_ecdh.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_ECDH_H
#define OBERON_ECDH_H
diff --git a/ext/oberon/psa/drivers/oberon_ecdsa.c b/ext/oberon/psa/drivers/oberon_ecdsa.c
index d233a5628ae1..55dc36a035cc 100644
--- a/ext/oberon/psa/drivers/oberon_ecdsa.c
+++ b/ext/oberon/psa/drivers/oberon_ecdsa.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -21,9 +23,21 @@
#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_384
#include "ocrypto_ecdsa_p384.h"
#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_521
+#include "ocrypto_ecdsa_p521.h"
+#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_521 */
#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
#include "ocrypto_ed25519.h"
#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 */
+#ifdef PSA_NEED_OBERON_ED25519PH
+#include "ocrypto_ed25519ph.h"
+#endif /* PSA_NEED_OBERON_ED25519PH */
+#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
+#include "ocrypto_ed448.h"
+#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 */
+#ifdef PSA_NEED_OBERON_ED448PH
+#include "ocrypto_ed448ph.h"
+#endif /* PSA_NEED_OBERON_ED448PH */
#ifdef PSA_NEED_OBERON_ECDSA_SIGN
@@ -51,6 +65,11 @@ static int ecdsa_sign_hash(
res = ocrypto_ecdsa_p384_sign_hash(signature, hash, key, ek);
break;
#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_521
+ case PSA_BITS_TO_BYTES(521):
+ res = ocrypto_ecdsa_p521_sign_hash(signature, hash, key, ek);
+ break;
+#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_521 */
default:
(void)key;
(void)hash;
@@ -174,53 +193,86 @@ psa_status_t oberon_ecdsa_sign_hash(
int res;
psa_status_t status;
uint8_t ek[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+#if defined(PSA_NEED_OBERON_ECDSA_RANDOMIZED) || defined(PSA_NEED_OBERON_ECDSA_DETERMINISTIC)
uint8_t ext_hash[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
size_t bits = psa_get_key_bits(attributes);
+#endif
- if (psa_get_key_type(attributes) != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
- if (hash_length == 0 || key_length != PSA_BITS_TO_BYTES(bits)) return PSA_ERROR_INVALID_ARGUMENT;
- if (signature_size < key_length * 2) return PSA_ERROR_BUFFER_TOO_SMALL;
- *signature_length = key_length * 2;
-
- if (hash_length < key_length) {
- if (key_length > sizeof ext_hash) return PSA_ERROR_INSUFFICIENT_MEMORY;
- // add most significant zero bits
- memset(ext_hash, 0, key_length - hash_length);
- memcpy(ext_hash + key_length - hash_length, hash, hash_length);
- hash = ext_hash;
- }
+ switch (psa_get_key_type(attributes)) {
+#if defined(PSA_NEED_OBERON_ECDSA_RANDOMIZED) || defined(PSA_NEED_OBERON_ECDSA_DETERMINISTIC)
+ case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
+ if (hash_length == 0 || key_length != PSA_BITS_TO_BYTES(bits)) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_size < key_length * 2) return PSA_ERROR_BUFFER_TOO_SMALL;
+ *signature_length = key_length * 2;
+
+ if (hash_length < key_length) {
+ if (key_length > sizeof ext_hash) return PSA_ERROR_INSUFFICIENT_MEMORY;
+ // add most significant zero bits
+ memset(ext_hash, 0, key_length - hash_length);
+ memcpy(ext_hash + key_length - hash_length, hash, hash_length);
+ hash = ext_hash;
+ }
#ifdef PSA_NEED_OBERON_ECDSA_RANDOMIZED
- if (PSA_ALG_IS_RANDOMIZED_ECDSA(alg)) {
- do {
- status = psa_generate_random(ek, key_length); // ephemeral key
- if (status != PSA_SUCCESS) return status;
- res = ecdsa_sign_hash(key, key_length, hash, ek, signature);
- if (res > 0) return PSA_ERROR_NOT_SUPPORTED;
- } while (res != 0);
- } else
+ if (PSA_ALG_IS_RANDOMIZED_ECDSA(alg)) {
+ do {
+ status = psa_generate_random(ek, key_length); // ephemeral key
+ if (status != PSA_SUCCESS) return status;
+ res = ecdsa_sign_hash(key, key_length, hash, ek, signature);
+ if (res > 0) return PSA_ERROR_NOT_SUPPORTED;
+ } while (res != 0);
+ } else
#endif /* PSA_NEED_OBERON_ECDSA_RANDOMIZED */
-
#ifdef PSA_NEED_OBERON_ECDSA_DETERMINISTIC
- if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- return deterministic_ecdsa_sign_hash(hash_alg, hash, key, key_length, ek, signature);
- } else
+ if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+ return deterministic_ecdsa_sign_hash(hash_alg, hash, key, key_length, ek, signature);
+ } else
#endif /* PSA_NEED_OBERON_ECDSA_DETERMINISTIC */
+ {
+ return PSA_ERROR_INVALID_ARGUMENT; // PSA_ERROR_NOT_SUPPORTED;
+ }
+ return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_ECDSA_RANDOMIZED || PSA_NEED_OBERON_ECDSA_DETERMINISTIC */
- {
+#if defined(PSA_NEED_OBERON_ED25519PH) || defined(PSA_NEED_OBERON_ED448PH)
+ case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
+ switch (psa_get_key_bits(attributes)) {
+#ifdef PSA_NEED_OBERON_ED25519PH
+ case 255:
+ if (hash_length != ocrypto_ed25519ph_HASH_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (key_length != ocrypto_ed25519ph_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_size < ocrypto_ed25519ph_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ *signature_length = ocrypto_ed25519ph_BYTES;
+ ocrypto_ed25519ph_public_key(ek, key); // calculate public key
+ ocrypto_ed25519ph_sign(signature, hash, key, ek);
+ break;
+#endif /* PSA_NEED_OBERON_ED25519PH */
+#ifdef PSA_NEED_OBERON_ED448PH
+ case 448:
+ if (hash_length != ocrypto_ed448ph_HASH_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (key_length != ocrypto_ed448ph_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_size < ocrypto_ed448ph_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ *signature_length = ocrypto_ed448ph_BYTES;
+ ocrypto_ed448ph_public_key(ek, key); // calculate public key
+ ocrypto_ed448ph_sign(signature, hash, key, ek);
+ break;
+#endif /* PSA_NEED_OBERON_ED448PH */
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_ED25519PH || PSA_NEED_OBERON_ED448PH */
+
+ default:
(void)key;
(void)alg;
(void)signature;
(void)ek;
(void)status;
(void)res;
- return PSA_ERROR_INVALID_ARGUMENT; // PSA_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
-
- return PSA_SUCCESS;
}
psa_status_t oberon_ecdsa_sign_message(
@@ -231,24 +283,40 @@ psa_status_t oberon_ecdsa_sign_message(
uint8_t *signature, size_t signature_size, size_t *signature_length)
{
#if defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448)
- uint8_t pub_key[56];
+ uint8_t pub_key[57];
#elif defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255)
uint8_t pub_key[32];
#endif
psa_key_type_t type = psa_get_key_type(attributes);
switch (type) {
-#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+#if defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) || defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448)
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
// EDDSA is only available in sign_message
- if (psa_get_key_bits(attributes) != 255) return PSA_ERROR_NOT_SUPPORTED;
- if (key_length != 32) return PSA_ERROR_INVALID_ARGUMENT;
- if (signature_size < 64) return PSA_ERROR_BUFFER_TOO_SMALL;
- *signature_length = 64;
- ocrypto_ed25519_public_key(pub_key, key); // calculate public key
- ocrypto_ed25519_sign(signature, input, input_length, key, pub_key);
+ switch (psa_get_key_bits(attributes)) {
+#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+ case 255:
+ if (key_length != ocrypto_ed25519_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_size < ocrypto_ed25519_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ *signature_length = ocrypto_ed25519_BYTES;
+ ocrypto_ed25519_public_key(pub_key, key); // calculate public key
+ ocrypto_ed25519_sign(signature, input, input_length, key, pub_key);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
+ case 448:
+ if (key_length != ocrypto_ed448_SECRET_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_size < ocrypto_ed448_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ *signature_length = ocrypto_ed448_BYTES;
+ ocrypto_ed448_public_key(pub_key, key); // calculate public key
+ ocrypto_ed448_sign(signature, input, input_length, key, pub_key);
+ break;
+#endif
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
return PSA_SUCCESS;
-#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 */
+#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 || PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 */
default:
(void)key;
(void)key_length;
@@ -270,68 +338,128 @@ psa_status_t oberon_ecdsa_verify_hash(
const uint8_t *signature, size_t signature_length)
{
int res;
- uint8_t ext_hash[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
uint8_t key_buf[2 * PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+#if defined(PSA_NEED_OBERON_ECDSA_RANDOMIZED) || defined(PSA_NEED_OBERON_ECDSA_DETERMINISTIC)
+ uint8_t ext_hash[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
const uint8_t *pub_key;
- psa_key_type_t type = psa_get_key_type(attributes);
size_t bits = psa_get_key_bits(attributes);
size_t length = PSA_BITS_TO_BYTES(bits);
+#endif
+ psa_key_type_t type = psa_get_key_type(attributes);
- if (hash_length == 0) return PSA_ERROR_INVALID_ARGUMENT;
- if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- if (key_length != length) return PSA_ERROR_INVALID_ARGUMENT;
- pub_key = key_buf;
- } else if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
- if (key_length != length * 2 + 1 || key[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
- pub_key = &key[1];
- } else {
- return PSA_ERROR_NOT_SUPPORTED;
- }
+ switch (type) {
+#if defined(PSA_NEED_OBERON_ECDSA_RANDOMIZED) || defined(PSA_NEED_OBERON_ECDSA_DETERMINISTIC)
+ case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):
+ case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):
+ if (hash_length == 0) return PSA_ERROR_INVALID_ARGUMENT;
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ if (key_length != length) return PSA_ERROR_INVALID_ARGUMENT;
+ pub_key = key_buf;
+ } else {
+ if (key_length != length * 2 + 1 || key[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
+ pub_key = &key[1];
+ }
- if (hash_length < length) {
- if (length > sizeof ext_hash) return PSA_ERROR_INSUFFICIENT_MEMORY;
- memset(ext_hash, 0, length - hash_length);
- memcpy(ext_hash + length - hash_length, hash, hash_length);
- hash = ext_hash;
- }
+ if (hash_length < length) {
+ if (length > sizeof ext_hash) return PSA_ERROR_INSUFFICIENT_MEMORY;
+ memset(ext_hash, 0, length - hash_length);
+ memcpy(ext_hash + length - hash_length, hash, hash_length);
+ hash = ext_hash;
+ }
- if (PSA_ALG_IS_ECDSA(alg)) {
- if (signature_length != 2 * length) return PSA_ERROR_INVALID_SIGNATURE;
- switch (length) {
+ if (PSA_ALG_IS_ECDSA(alg)) {
+ if (signature_length != 2 * length) return PSA_ERROR_INVALID_SIGNATURE;
+ switch (length) {
#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_224
- case 28:
- if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- ocrypto_ecdsa_p224_public_key(key_buf, key);
- }
- res = ocrypto_ecdsa_p224_verify_hash(signature, hash, pub_key);
- break;
+ case PSA_BITS_TO_BYTES(224):
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ ocrypto_ecdsa_p224_public_key(key_buf, key);
+ }
+ res = ocrypto_ecdsa_p224_verify_hash(signature, hash, pub_key);
+ break;
#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_224 */
#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_256
- case 32:
- if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- ocrypto_ecdsa_p256_public_key(key_buf, key);
- }
- res = ocrypto_ecdsa_p256_verify_hash(signature, hash, pub_key);
- break;
+ case PSA_BITS_TO_BYTES(256):
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ ocrypto_ecdsa_p256_public_key(key_buf, key);
+ }
+ res = ocrypto_ecdsa_p256_verify_hash(signature, hash, pub_key);
+ break;
#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_256 */
#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_384
- case 48:
- if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- ocrypto_ecdsa_p384_public_key(key_buf, key);
+ case PSA_BITS_TO_BYTES(384):
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ ocrypto_ecdsa_p384_public_key(key_buf, key);
+ }
+ res = ocrypto_ecdsa_p384_verify_hash(signature, hash, pub_key);
+ break;
+#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_384 */
+#ifdef PSA_NEED_OBERON_ECDSA_SECP_R1_521
+ case PSA_BITS_TO_BYTES(521):
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ ocrypto_ecdsa_p521_public_key(key_buf, key);
+ }
+ res = ocrypto_ecdsa_p521_verify_hash(signature, hash, pub_key);
+ break;
+#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_521 */
+ default:
+ (void)signature;
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ } else {
+ return PSA_ERROR_INVALID_ARGUMENT; // PSA_ERROR_NOT_SUPPORTED;
+ }
+ if (res != 0) return PSA_ERROR_INVALID_SIGNATURE;
+ return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_ECDSA_RANDOMIZED || PSA_NEED_OBERON_ECDSA_DETERMINISTIC */
+
+#if defined(PSA_NEED_OBERON_ED25519PH) || defined(PSA_NEED_OBERON_ED448PH)
+ case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
+ case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):
+ switch (psa_get_key_bits(attributes)) {
+#ifdef PSA_NEED_OBERON_ED25519PH
+ case 255:
+ if (key_length != ocrypto_ed25519ph_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (hash_length != ocrypto_ed25519ph_HASH_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_length != ocrypto_ed25519ph_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
+ ocrypto_ed25519ph_public_key(key_buf, key);
+ key = key_buf;
}
- res = ocrypto_ecdsa_p384_verify_hash(signature, hash, pub_key);
+ res = ocrypto_ed25519ph_verify(signature, hash, key);
break;
-#endif /* PSA_NEED_OBERON_ECDSA_SECP_R1_384 */
+#endif /* PSA_NEED_OBERON_ED25519PH */
+#ifdef PSA_NEED_OBERON_ED448PH
+ case 448:
+ if (key_length != ocrypto_ed448ph_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (hash_length != ocrypto_ed448ph_HASH_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_length != ocrypto_ed448ph_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
+ ocrypto_ed448ph_public_key(key_buf, key);
+ key = key_buf;
+ }
+ res = ocrypto_ed448ph_verify(signature, hash, key);
+ break;
+#endif /* PSA_NEED_OBERON_ED448PH */
default:
- (void)signature;
return PSA_ERROR_NOT_SUPPORTED;
}
- } else {
- return PSA_ERROR_INVALID_ARGUMENT; // PSA_ERROR_NOT_SUPPORTED;
- }
- if (res != 0) return PSA_ERROR_INVALID_SIGNATURE;
+ if (res) return PSA_ERROR_INVALID_SIGNATURE;
+ return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_ED25519PH || PSA_NEED_OBERON_ED448PH */
- return PSA_SUCCESS;
+ default:
+ (void)key;
+ (void)key_length;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+ (void)res;
+ (void)key_buf;
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
}
psa_status_t oberon_ecdsa_verify_message(
@@ -343,28 +471,46 @@ psa_status_t oberon_ecdsa_verify_message(
{
int res;
#if defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448)
- uint8_t pub_key[56];
+ uint8_t pub_key[57];
#elif defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255)
uint8_t pub_key[32];
#endif
psa_key_type_t type = psa_get_key_type(attributes);
switch (type) {
-#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+#if defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) || defined(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448)
case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):
case PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):
// EDDSA is only available in verify_message
- if (psa_get_key_bits(attributes) != 255) return PSA_ERROR_NOT_SUPPORTED;
- if (key_length != 32) return PSA_ERROR_INVALID_ARGUMENT;
- if (signature_length != 64) return PSA_ERROR_INVALID_SIGNATURE;
- if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
- ocrypto_ed25519_public_key(pub_key, key);
- key = pub_key;
+ switch (psa_get_key_bits(attributes)) {
+#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+ case 255:
+ if (key_length != ocrypto_ed25519_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_length != ocrypto_ed25519_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
+ ocrypto_ed25519_public_key(pub_key, key);
+ key = pub_key;
+ }
+ res = ocrypto_ed25519_verify(signature, input, input_length, key);
+ break;
+#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 */
+#ifdef PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
+ case 448:
+ if (key_length != ocrypto_ed448_PUBLIC_KEY_BYTES) return PSA_ERROR_INVALID_ARGUMENT;
+ if (signature_length != ocrypto_ed448_BYTES) return PSA_ERROR_INVALID_SIGNATURE;
+ if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) {
+ ocrypto_ed448_public_key(pub_key, key);
+ key = pub_key;
+ }
+ res = ocrypto_ed448_verify(signature, input, input_length, key);
+ break;
+#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 */
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
}
- res = ocrypto_ed25519_verify(signature, input, input_length, key);
if (res) return PSA_ERROR_INVALID_SIGNATURE;
return PSA_SUCCESS;
-#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 */
+#endif /* PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 || PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 */
default:
(void)key;
(void)key_length;
diff --git a/ext/oberon/psa/drivers/oberon_ecdsa.h b/ext/oberon/psa/drivers/oberon_ecdsa.h
index 3f8849554178..59884baab957 100644
--- a/ext/oberon/psa/drivers/oberon_ecdsa.h
+++ b/ext/oberon/psa/drivers/oberon_ecdsa.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_ECDSA_H
#define OBERON_ECDSA_H
diff --git a/ext/oberon/psa/drivers/oberon_hash.c b/ext/oberon/psa/drivers/oberon_hash.c
index cbb660c35bd0..e5b1eb9a1abe 100644
--- a/ext/oberon/psa/drivers/oberon_hash.c
+++ b/ext/oberon/psa/drivers/oberon_hash.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -26,6 +28,12 @@
#ifdef PSA_NEED_OBERON_SHA_512
#include "ocrypto_sha512.h"
#endif
+#ifdef PSA_NEED_OBERON_SHA3
+#include "ocrypto_sha3.h"
+#endif
+#ifdef PSA_NEED_OBERON_SHAKE
+#include "ocrypto_shake.h"
+#endif
psa_status_t oberon_hash_setup(
@@ -62,6 +70,21 @@ psa_status_t oberon_hash_setup(
case PSA_ALG_SHA_512:
ocrypto_sha512_init((ocrypto_sha512_ctx*)operation->ctx);
break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3
+ _Static_assert(sizeof operation->ctx >= sizeof(ocrypto_sha3_ctx), "oberon_hash_operation_t.ctx too small");
+ case PSA_ALG_SHA3_224:
+ case PSA_ALG_SHA3_256:
+ case PSA_ALG_SHA3_384:
+ case PSA_ALG_SHA3_512:
+ ocrypto_sha3_init((ocrypto_sha3_ctx*)operation->ctx);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHAKE
+ _Static_assert(sizeof operation->ctx >= sizeof(ocrypto_shake_ctx), "oberon_hash_operation_t.ctx too small");
+ case PSA_ALG_SHAKE256_512:
+ ocrypto_shake_init((ocrypto_shake_ctx*)operation->ctx);
+ break;
#endif
default:
return PSA_ERROR_NOT_SUPPORTED;
@@ -108,6 +131,31 @@ psa_status_t oberon_hash_update(
case PSA_ALG_SHA_512:
ocrypto_sha512_update((ocrypto_sha512_ctx*)operation->ctx, input, input_length);
break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_224
+ case PSA_ALG_SHA3_224:
+ ocrypto_sha3_224_update((ocrypto_sha3_ctx*)operation->ctx, input, input_length);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_256
+ case PSA_ALG_SHA3_256:
+ ocrypto_sha3_256_update((ocrypto_sha3_ctx*)operation->ctx, input, input_length);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_384
+ case PSA_ALG_SHA3_384:
+ ocrypto_sha3_384_update((ocrypto_sha3_ctx*)operation->ctx, input, input_length);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_512
+ case PSA_ALG_SHA3_512:
+ ocrypto_sha3_512_update((ocrypto_sha3_ctx*)operation->ctx, input, input_length);
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHAKE256_512
+ case PSA_ALG_SHAKE256_512:
+ ocrypto_shake256_update((ocrypto_shake_ctx*)operation->ctx, input, input_length);
+ break;
#endif
default:
(void)input;
@@ -157,6 +205,41 @@ psa_status_t oberon_hash_finish(
ocrypto_sha512_final((ocrypto_sha512_ctx*)operation->ctx, hash);
*hash_length = ocrypto_sha512_BYTES;
break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_224
+ case PSA_ALG_SHA3_224:
+ if (hash_size < ocrypto_sha3_224_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_224_final((ocrypto_sha3_ctx*)operation->ctx, hash);
+ *hash_length = ocrypto_sha3_224_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_256
+ case PSA_ALG_SHA3_256:
+ if (hash_size < ocrypto_sha3_256_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_256_final((ocrypto_sha3_ctx*)operation->ctx, hash);
+ *hash_length = ocrypto_sha3_256_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_384
+ case PSA_ALG_SHA3_384:
+ if (hash_size < ocrypto_sha3_384_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_384_final((ocrypto_sha3_ctx*)operation->ctx, hash);
+ *hash_length = ocrypto_sha3_384_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_512
+ case PSA_ALG_SHA3_512:
+ if (hash_size < ocrypto_sha3_512_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_512_final((ocrypto_sha3_ctx*)operation->ctx, hash);
+ *hash_length = ocrypto_sha3_512_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHAKE256_512
+ case PSA_ALG_SHAKE256_512:
+ if (hash_size < PSA_BITS_TO_BYTES(512)) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_shake256_final((ocrypto_shake_ctx*)operation->ctx, hash, PSA_BITS_TO_BYTES(512));
+ *hash_length = PSA_BITS_TO_BYTES(512);
+ break;
#endif
default:
(void)hash;
@@ -217,6 +300,41 @@ psa_status_t oberon_hash_compute(
ocrypto_sha512(hash, input, input_length);
*hash_length = ocrypto_sha512_BYTES;
break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_224
+ case PSA_ALG_SHA3_224:
+ if (hash_size < ocrypto_sha3_224_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_224(hash, input, input_length);
+ *hash_length = ocrypto_sha3_224_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_256
+ case PSA_ALG_SHA3_256:
+ if (hash_size < ocrypto_sha3_256_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_256(hash, input, input_length);
+ *hash_length = ocrypto_sha3_256_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_384
+ case PSA_ALG_SHA3_384:
+ if (hash_size < ocrypto_sha3_384_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_384(hash, input, input_length);
+ *hash_length = ocrypto_sha3_384_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHA3_512
+ case PSA_ALG_SHA3_512:
+ if (hash_size < ocrypto_sha3_512_BYTES) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_sha3_512(hash, input, input_length);
+ *hash_length = ocrypto_sha3_512_BYTES;
+ break;
+#endif
+#ifdef PSA_NEED_OBERON_SHAKE256_512
+ case PSA_ALG_SHAKE256_512:
+ if (hash_size < PSA_BITS_TO_BYTES(512)) return PSA_ERROR_BUFFER_TOO_SMALL;
+ ocrypto_shake256(hash, PSA_BITS_TO_BYTES(512), input, input_length);
+ *hash_length = PSA_BITS_TO_BYTES(512);
+ break;
#endif
default:
(void)input;
diff --git a/ext/oberon/psa/drivers/oberon_hash.h b/ext/oberon/psa/drivers/oberon_hash.h
index de07ca223ffd..a618a258a36f 100644
--- a/ext/oberon/psa/drivers/oberon_hash.h
+++ b/ext/oberon/psa/drivers/oberon_hash.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_HASH_H
#define OBERON_HASH_H
diff --git a/ext/oberon/psa/drivers/oberon_helpers.c b/ext/oberon/psa/drivers/oberon_helpers.c
index 7c2f84648ee9..601a1b4f71f7 100644
--- a/ext/oberon/psa/drivers/oberon_helpers.c
+++ b/ext/oberon/psa/drivers/oberon_helpers.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
diff --git a/ext/oberon/psa/drivers/oberon_helpers.h b/ext/oberon/psa/drivers/oberon_helpers.h
index 7d0e5ae8d060..874999b95139 100644
--- a/ext/oberon/psa/drivers/oberon_helpers.h
+++ b/ext/oberon/psa/drivers/oberon_helpers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
diff --git a/ext/oberon/psa/drivers/oberon_hmac_drbg.c b/ext/oberon/psa/drivers/oberon_hmac_drbg.c
index c092afec91f4..3ace60ecefc4 100644
--- a/ext/oberon/psa/drivers/oberon_hmac_drbg.c
+++ b/ext/oberon/psa/drivers/oberon_hmac_drbg.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
diff --git a/ext/oberon/psa/drivers/oberon_hmac_drbg.h b/ext/oberon/psa/drivers/oberon_hmac_drbg.h
index c0d44dc56762..72068dcd56ff 100644
--- a/ext/oberon/psa/drivers/oberon_hmac_drbg.h
+++ b/ext/oberon/psa/drivers/oberon_hmac_drbg.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_HMAC_DRBG_H
#define OBERON_HMAC_DRBG_H
diff --git a/ext/oberon/psa/drivers/oberon_jpake.c b/ext/oberon/psa/drivers/oberon_jpake.c
index 9ca3fec8242b..edcd7e79efc1 100644
--- a/ext/oberon/psa/drivers/oberon_jpake.c
+++ b/ext/oberon/psa/drivers/oberon_jpake.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -82,7 +84,7 @@ static psa_status_t oberon_write_key_share(
oberon_jpake_operation_t *op,
uint8_t *output, size_t output_size, size_t *output_length)
{
- int res = 0;
+ int res;
psa_status_t status;
uint8_t generator[P256_POINT_SIZE];
uint8_t v[P256_KEY_SIZE]; // ZKP secret key
@@ -93,25 +95,28 @@ static psa_status_t oberon_write_key_share(
if (idx == 2) { // second round
// generator
- res |= ocrypto_ecjpake_get_generator(generator, op->P[0], op->P[1], op->X[0]);
+ res = ocrypto_ecjpake_get_generator(generator, op->P[0], op->P[1], op->X[0]);
gen = generator;
// calculated secret key
res |= ocrypto_ecjpake_process_shared_secret(op->x[2], op->x[1], op->secret);
+ res |= ocrypto_ecjpake_get_public_key(op->X[2], gen, op->x[2]);
+ if (res) return PSA_ERROR_INVALID_ARGUMENT; // we do not have a valid generator
} else { // first round
// random secret key
- status = psa_generate_random(op->x[idx], sizeof op->x[idx]);
- if (status != PSA_SUCCESS) return status;
+ do {
+ status = psa_generate_random(op->x[idx], sizeof op->x[idx]);
+ if (status != PSA_SUCCESS) return status;
+ } while (ocrypto_ecjpake_get_public_key(op->X[idx], NULL, op->x[idx]));
}
// ZKP secret
- status = psa_generate_random(v, sizeof v);
- if (status != PSA_SUCCESS) return status;
-
- res |= ocrypto_ecjpake_get_public_key(op->X[idx], gen, op->x[idx]);
- res |= ocrypto_ecjpake_get_public_key(op->V, gen, v);
+ do {
+ status = psa_generate_random(v, sizeof v);
+ if (status != PSA_SUCCESS) return status;
+ } while (ocrypto_ecjpake_get_public_key(op->V, gen, v));
status = oberon_get_zkp_hash(op->hash_alg, op->X[idx], op->V, gen, op->user_id, op->user_id_length, h, sizeof h, &h_len);
if (status != PSA_SUCCESS) return status;
- res |= ocrypto_ecjpake_zkp_sign(op->r, op->x[idx], v, h, h_len);
+ res = ocrypto_ecjpake_zkp_sign(op->r, op->x[idx], v, h, h_len);
if (res) return PSA_ERROR_INVALID_ARGUMENT;
if (sizeof op->X[idx] >= output_size) return PSA_ERROR_BUFFER_TOO_SMALL;
@@ -205,8 +210,13 @@ static psa_status_t oberon_read_zk_proof(
psa_status_t oberon_jpake_setup(
oberon_jpake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite)
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
+ psa_pake_role_t role)
{
+ (void)role;
if (cipher_suite->algorithm != PSA_ALG_JPAKE ||
cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 ||
@@ -217,48 +227,25 @@ psa_status_t oberon_jpake_setup(
operation->hash_alg = cipher_suite->hash;
operation->rd_idx = 0;
operation->wr_idx = 0;
- return PSA_SUCCESS;
-}
-psa_status_t oberon_jpake_set_password_key(
- oberon_jpake_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length)
-{
- (void)attributes;
+ if (user_id_length == peer_id_length) {
+ if (memcmp(user_id, peer_id, user_id_length) == 0) {
+ // user and peer ids must not be equal
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ }
+
// store reduced password
ocrypto_ecjpake_read_shared_secret(operation->secret, password, password_length);
- return PSA_SUCCESS;
-}
-psa_status_t oberon_jpake_set_user(
- oberon_jpake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len)
-{
- if (user_id_len > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED;
- memcpy(operation->user_id, user_id, user_id_len);
- operation->user_id_length = (uint8_t)user_id_len;
- return PSA_SUCCESS;
-}
+ if (user_id_length > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED;
+ memcpy(operation->user_id, user_id, user_id_length);
+ operation->user_id_length = (uint8_t)user_id_length;
-psa_status_t oberon_jpake_set_peer(
- oberon_jpake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len)
-{
- if (peer_id_len > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED;
- memcpy(operation->peer_id, peer_id, peer_id_len);
- operation->peer_id_length = (uint8_t)peer_id_len;
- return PSA_SUCCESS;
-}
+ if (peer_id_length > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED;
+ memcpy(operation->peer_id, peer_id, peer_id_length);
+ operation->peer_id_length = (uint8_t)peer_id_length;
-psa_status_t oberon_jpake_set_role(
- oberon_jpake_operation_t *operation,
- psa_pake_role_t role)
-{
- if (role != PSA_PAKE_ROLE_FIRST && role != PSA_PAKE_ROLE_SECOND) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
- operation->role = role;
return PSA_SUCCESS;
}
diff --git a/ext/oberon/psa/drivers/oberon_jpake.h b/ext/oberon/psa/drivers/oberon_jpake.h
index c4902ccb54af..be42993ba9ae 100644
--- a/ext/oberon/psa/drivers/oberon_jpake.h
+++ b/ext/oberon/psa/drivers/oberon_jpake.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_JPAKE_H
#define OBERON_JPAKE_H
@@ -32,29 +34,15 @@ typedef struct {
uint8_t P[3][64]; // peer keys
uint8_t V[64]; // ZKP public key
uint8_t r[32]; // ZKP signature
- psa_pake_role_t role;
} oberon_jpake_operation_t;
psa_status_t oberon_jpake_setup(
oberon_jpake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite);
-
-psa_status_t oberon_jpake_set_password_key(
- oberon_jpake_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length);
-
-psa_status_t oberon_jpake_set_user(
- oberon_jpake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len);
-
-psa_status_t oberon_jpake_set_peer(
- oberon_jpake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len);
-
-psa_status_t oberon_jpake_set_role(
- oberon_jpake_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
psa_pake_role_t role);
psa_status_t oberon_jpake_output(
diff --git a/ext/oberon/psa/drivers/oberon_key_agreement.c b/ext/oberon/psa/drivers/oberon_key_agreement.c
index ce39cf54ab25..848b26acbee4 100644
--- a/ext/oberon/psa/drivers/oberon_key_agreement.c
+++ b/ext/oberon/psa/drivers/oberon_key_agreement.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include "psa/crypto.h"
#include "oberon_key_agreement.h"
diff --git a/ext/oberon/psa/drivers/oberon_key_agreement.h b/ext/oberon/psa/drivers/oberon_key_agreement.h
index 979274aa53b3..47bfd3ab0995 100644
--- a/ext/oberon/psa/drivers/oberon_key_agreement.h
+++ b/ext/oberon/psa/drivers/oberon_key_agreement.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_KEY_AGREEMENT_H
#define OBERON_KEY_AGREEMENT_H
diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.c b/ext/oberon/psa/drivers/oberon_key_derivation.c
index 18d1cd802cfe..97fb0b8a48f0 100644
--- a/ext/oberon/psa/drivers/oberon_key_derivation.c
+++ b/ext/oberon/psa/drivers/oberon_key_derivation.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -19,7 +21,8 @@ static const uint8_t zero[PSA_HASH_MAX_SIZE] = { 0 };
#endif
-#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128)
+#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
static psa_status_t oberon_setup_mac(
oberon_key_derivation_operation_t *operation,
const uint8_t *key, size_t key_length)
@@ -37,6 +40,22 @@ static psa_status_t oberon_setup_mac(
}
#endif
+#if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+static psa_status_t oberon_mac_update_num(
+ oberon_key_derivation_operation_t *operation,
+ uint32_t num)
+{
+ uint8_t idx[4];
+
+ idx[0] = (uint8_t)(num >> 24);
+ idx[1] = (uint8_t)(num >> 16);
+ idx[2] = (uint8_t)(num >> 8);
+ idx[3] = (uint8_t)(num);
+ return psa_driver_wrapper_mac_update(&operation->mac_op, idx, 4);
+}
+#endif
+
#ifdef PSA_NEED_OBERON_PBKDF2_HMAC
static psa_status_t oberon_hash_key(
@@ -73,6 +92,18 @@ psa_status_t oberon_key_derivation_setup(
} else
#endif /* PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 */
+#ifdef PSA_NEED_OBERON_SP800_108_COUNTER_CMAC
+ if (alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
+ operation->block_length = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES);
+ operation->mac_alg = PSA_ALG_CMAC;
+ operation->key_type = PSA_KEY_TYPE_AES;
+ operation->alg = OBERON_SP800_108_COUNTER_ALG;
+ operation->info[0] = 0u; // separator
+ operation->info_length = 1;
+ operation->count = 0xFFFFFFF8;
+ } else
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */
+
{
// all olthers are HMAC based
psa_algorithm_t hash = PSA_ALG_HKDF_GET_HASH(alg);
@@ -131,6 +162,15 @@ psa_status_t oberon_key_derivation_setup(
} else
#endif /* PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS */
+#ifdef PSA_NEED_OBERON_SP800_108_COUNTER_HMAC
+ if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg)) {
+ operation->alg = OBERON_SP800_108_COUNTER_ALG;
+ operation->info[0] = 0u; // separator
+ operation->info_length = 1;
+ operation->count = 0xFFFFFFF8;
+ } else
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_HMAC */
+
{
(void)alg;
return PSA_ERROR_NOT_SUPPORTED;
@@ -147,6 +187,11 @@ psa_status_t oberon_key_derivation_set_capacity(
oberon_key_derivation_operation_t *operation,
size_t capacity)
{
+#if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ if (operation->alg == OBERON_SP800_108_COUNTER_ALG) {
+ operation->count = (uint32_t)(capacity * 8); // L in bits
+ }
+#endif
(void)operation;
(void)capacity;
return PSA_SUCCESS;
@@ -158,7 +203,7 @@ psa_status_t oberon_key_derivation_input_bytes(
const uint8_t *data, size_t data_length)
{
psa_status_t status;
- size_t length;
+ size_t i, length;
switch (step) {
@@ -194,7 +239,8 @@ psa_status_t oberon_key_derivation_input_bytes(
#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || \
defined(PSA_NEED_OBERON_HKDF_EXPAND) || defined(PSA_NEED_OBERON_TLS12_PRF) || \
- defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) || defined(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS)
+ defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) || defined(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS) || \
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
case PSA_KEY_DERIVATION_INPUT_SECRET:
switch (operation->alg) {
#ifdef PSA_NEED_OBERON_HKDF_EXPAND
@@ -237,6 +283,13 @@ psa_status_t oberon_key_derivation_input_bytes(
operation->key_length = (uint16_t)32;
return PSA_SUCCESS;
#endif /* PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS */
+#if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ case OBERON_SP800_108_COUNTER_ALG:
+ if (data_length > sizeof operation->key) return PSA_ERROR_INSUFFICIENT_MEMORY;
+ memcpy(operation->key, data, data_length);
+ operation->key_length = (uint16_t)data_length;
+ return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_HMAC || PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */
default:
#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT)
if (operation->salt_length == 0) {
@@ -267,8 +320,7 @@ psa_status_t oberon_key_derivation_input_bytes(
case PSA_KEY_DERIVATION_INPUT_PASSWORD:
if (operation->alg == OBERON_PBKDF2_HMAC_ALG) {
#ifdef PSA_NEED_OBERON_PBKDF2_HMAC
- size_t hash_block_size = PSA_HASH_BLOCK_LENGTH(operation->mac_alg);
- if (data_length > hash_block_size) {
+ if (data_length > PSA_HASH_BLOCK_LENGTH(operation->mac_alg)) {
// key = H(password)
status = oberon_hash_key(operation, data, data_length);
if (status) return status; // no cleanup needed
@@ -303,21 +355,54 @@ psa_status_t oberon_key_derivation_input_bytes(
memcpy(operation->info, data, data_length);
operation->info_length = (uint16_t)data_length;
return PSA_SUCCESS;
+#endif /* PSA_NEED_OBERON_TLS12_PRF || PSA_NEED_OBERON_TLS12_PSK_TO_MS */
+
+#if defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) || \
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
case PSA_KEY_DERIVATION_INPUT_LABEL:
- // seed = label || seed
+#if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ if (operation->alg == OBERON_SP800_108_COUNTER_ALG) {
+ for (i = 0; i < data_length; i++) {
+ if (data[i] == 0) return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ // store label
+ if (data_length >= sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY;
+ memcpy(operation->info, data, data_length);
+ operation->info[data_length] = 0u; // separator
+ operation->info_length = (uint8_t)data_length + 1;
+ return PSA_SUCCESS;
+ } else
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_HMAC || PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */
+ {
+#if defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS)
+ // TLS12
+ // seed = label || seed
+ length = operation->info_length + data_length;
+ if (length < data_length || length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY;
+ memmove(operation->info + data_length, operation->info, operation->info_length);
+ memcpy(operation->info, data, data_length);
+ operation->info_length = (uint16_t)length;
+#endif /* PSA_NEED_OBERON_TLS12_PRF || PSA_NEED_OBERON_TLS12_PSK_TO_MS */
+ return PSA_SUCCESS;
+ }
+#endif /* PSA_NEED_OBERON_TLS12_PRF || PSA_NEED_OBERON_TLS12_PSK_TO_MS || PSA_NEED_OBERON_SP800_108_COUNTER */
+
+#if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ case PSA_KEY_DERIVATION_INPUT_CONTEXT:
+ // insert context
length = operation->info_length + data_length;
if (length < data_length || length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY;
- memmove(operation->info + data_length, operation->info, operation->info_length);
- memcpy(operation->info, data, data_length);
+ memcpy(operation->info + operation->info_length, data, data_length);
operation->info_length = (uint16_t)length;
return PSA_SUCCESS;
-#endif /* PSA_NEED_OBERON_TLS12_PRF || PSA_NEED_OBERON_TLS12_PSK_TO_MS */
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_HMAC || PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */
default:
(void)data;
(void)data_length;
(void)status;
(void)length;
+ (void)i;
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -356,7 +441,7 @@ psa_status_t oberon_key_derivation_output_bytes(
size_t data_length = operation->data_length;
size_t i, length;
uint8_t u[PSA_HASH_MAX_SIZE];
- uint8_t idx[4];
+ uint8_t idx;
if (output_length == 0) return PSA_SUCCESS;
@@ -371,7 +456,24 @@ psa_status_t oberon_key_derivation_output_bytes(
output_length -= data_length;
}
}
-
+
+#ifdef PSA_NEED_OBERON_SP800_108_COUNTER_CMAC
+ if (operation->alg == OBERON_SP800_108_COUNTER_ALG && operation->key_type == PSA_KEY_TYPE_AES) {
+ // setup K0
+ // key
+ status = oberon_setup_mac(operation, operation->key, operation->key_length);
+ if (status) goto exit;
+ // label + context
+ status = psa_driver_wrapper_mac_update(&operation->mac_op, operation->info, operation->info_length);
+ if (status) goto exit;
+ // L
+ status = oberon_mac_update_num(operation, operation->count);
+ if (status) goto exit;
+ status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, u, block_length, &length);
+ if (status) goto exit;
+ }
+#endif
+
// KDF expand
for (;;) {
switch (operation->alg) {
@@ -397,8 +499,8 @@ psa_status_t oberon_key_derivation_output_bytes(
status = psa_driver_wrapper_mac_update(&operation->mac_op, operation->info, operation->info_length);
if (status) goto exit;
// i
- idx[0] = (uint8_t)operation->index;
- status = psa_driver_wrapper_mac_update(&operation->mac_op, idx, 1);
+ idx = (uint8_t)operation->index;
+ status = psa_driver_wrapper_mac_update(&operation->mac_op, &idx, 1);
if (status) goto exit;
status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, operation->data, block_length, &length);
if (status) goto exit;
@@ -443,11 +545,7 @@ psa_status_t oberon_key_derivation_output_bytes(
if (status) goto exit;
status = psa_driver_wrapper_mac_update(&operation->mac_op, operation->info, operation->salt_length);
if (status) goto exit;
- idx[0] = (uint8_t)(operation->index >> 24);
- idx[1] = (uint8_t)(operation->index >> 16);
- idx[2] = (uint8_t)(operation->index >> 8);
- idx[3] = (uint8_t)(operation->index);
- status = psa_driver_wrapper_mac_update(&operation->mac_op, idx, 4);
+ status = oberon_mac_update_num(operation, operation->index);
if (status) goto exit;
status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, u, block_length, &length);
if (status) goto exit;
@@ -472,6 +570,33 @@ psa_status_t oberon_key_derivation_output_bytes(
return psa_driver_wrapper_hash_compute(PSA_ALG_SHA_256, operation->key, 32, output, output_length, &length);
#endif /* PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS */
+#if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
+ case OBERON_SP800_108_COUNTER_ALG:
+ // key
+ status = oberon_setup_mac(operation, operation->key, operation->key_length);
+ if (status) goto exit;
+ // i
+ status = oberon_mac_update_num(operation, operation->index);
+ if (status) goto exit;
+ // label + context
+ status = psa_driver_wrapper_mac_update(&operation->mac_op, operation->info, operation->info_length);
+ if (status) goto exit;
+ // L
+ status = oberon_mac_update_num(operation, operation->count);
+ if (status) goto exit;
+#ifdef PSA_NEED_OBERON_SP800_108_COUNTER_CMAC
+ if (operation->key_type == PSA_KEY_TYPE_AES) {
+ // K0
+ status = psa_driver_wrapper_mac_update(&operation->mac_op, u, block_length);
+ if (status) goto exit;
+ }
+#endif
+ // output
+ status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, operation->data, block_length, &length);
+ if (status) goto exit;
+ break;
+#endif /* PSA_NEED_OBERON_SP800_108_COUNTER_HMAC || PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */
+
default:
(void)i;
(void)u;
@@ -494,7 +619,8 @@ psa_status_t oberon_key_derivation_output_bytes(
#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXPAND) || \
defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \
- defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS)
+ defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) || \
+ defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC)
exit:
psa_driver_wrapper_mac_abort(&operation->mac_op);
return status;
diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.h b/ext/oberon/psa/drivers/oberon_key_derivation.h
index a66bae164245..44604b2b84ac 100644
--- a/ext/oberon/psa/drivers/oberon_key_derivation.h
+++ b/ext/oberon/psa/drivers/oberon_key_derivation.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_KEY_DERIVATION_H
#define OBERON_KEY_DERIVATION_H
@@ -31,6 +33,7 @@ typedef enum {
OBERON_TLS12_PRF_ALG = 6,
OBERON_TLS12_PSK_TO_MS_ALG = 7,
OBERON_ECJPAKE_TO_PMS_ALG = 8,
+ OBERON_SP800_108_COUNTER_ALG = 9,
} oberon_kdf_alg;
typedef struct {
diff --git a/ext/oberon/psa/drivers/oberon_key_management.c b/ext/oberon/psa/drivers/oberon_key_management.c
index 72d02cdeb1d9..20bb9793e04c 100644
--- a/ext/oberon/psa/drivers/oberon_key_management.c
+++ b/ext/oberon/psa/drivers/oberon_key_management.c
@@ -1,20 +1,17 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include "psa/crypto.h"
#include "oberon_key_management.h"
-
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_ECC
#include "oberon_ec_keys.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_ECC */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_RSA
#include "oberon_rsa.h"
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_RSA */
psa_status_t oberon_export_public_key(
@@ -24,21 +21,21 @@ psa_status_t oberon_export_public_key(
{
psa_key_type_t type = psa_get_key_type(attributes);
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_ECC
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT
if (PSA_KEY_TYPE_IS_ECC(type)) {
return oberon_export_ec_public_key(
attributes, key, key_length,
data, data_size, data_length);
} else
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_ECC */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_RSA
+#ifdef PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT
if (PSA_KEY_TYPE_IS_RSA(type)) {
return oberon_export_rsa_public_key(
attributes, key, key_length,
data, data_size, data_length);
} else
-#endif /* PSA_NEED_OBERON_RSAC_KEY_PAIR */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
{
(void)key;
@@ -59,21 +56,21 @@ psa_status_t oberon_import_key(
{
psa_key_type_t type = psa_get_key_type(attributes);
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_ECC
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT
if (PSA_KEY_TYPE_IS_ECC(type)) {
return oberon_import_ec_key(
attributes, data, data_length,
key, key_size, key_length, key_bits);
} else
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_ECC */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_RSA
+#ifdef PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT
if (PSA_KEY_TYPE_IS_RSA(type)) {
return oberon_import_rsa_key(
attributes, data, data_length,
key, key_size, key_length, key_bits);
} else
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_RSA */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
{
(void)data;
@@ -93,13 +90,13 @@ psa_status_t oberon_generate_key(
{
psa_key_type_t type = psa_get_key_type(attributes);
-#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_ECC
+#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE
if (PSA_KEY_TYPE_IS_ECC(type)) {
return oberon_generate_ec_key(
attributes,
key, key_size, key_length);
} else
-#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_ECC */
+#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
{
(void)key;
diff --git a/ext/oberon/psa/drivers/oberon_key_management.h b/ext/oberon/psa/drivers/oberon_key_management.h
index eb5a6fdcfcd4..d1c6b643c747 100644
--- a/ext/oberon/psa/drivers/oberon_key_management.h
+++ b/ext/oberon/psa/drivers/oberon_key_management.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_KEY_MANAGEMENT_H
#define OBERON_KEY_MANAGEMENT_H
diff --git a/ext/oberon/psa/drivers/oberon_mac.c b/ext/oberon/psa/drivers/oberon_mac.c
index 5750d61be25a..74e18f5d3f97 100644
--- a/ext/oberon/psa/drivers/oberon_mac.c
+++ b/ext/oberon/psa/drivers/oberon_mac.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
diff --git a/ext/oberon/psa/drivers/oberon_mac.h b/ext/oberon/psa/drivers/oberon_mac.h
index 508b713bf317..0c59ec5ab147 100644
--- a/ext/oberon/psa/drivers/oberon_mac.h
+++ b/ext/oberon/psa/drivers/oberon_mac.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_MAC_H
#define OBERON_MAC_H
diff --git a/ext/oberon/psa/drivers/oberon_pake.c b/ext/oberon/psa/drivers/oberon_pake.c
index d96298140a02..46c1bdae876c 100644
--- a/ext/oberon/psa/drivers/oberon_pake.c
+++ b/ext/oberon/psa/drivers/oberon_pake.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -14,7 +16,12 @@
psa_status_t oberon_pake_setup(
oberon_pake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite)
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
+ psa_pake_role_t role)
{
operation->alg = cipher_suite->algorithm;
@@ -22,129 +29,40 @@ psa_status_t oberon_pake_setup(
#ifdef PSA_NEED_OBERON_JPAKE
case PSA_ALG_JPAKE:
return oberon_jpake_setup(
- &operation->ctx.oberon_jpake_ctx, cipher_suite);
+ &operation->ctx.oberon_jpake_ctx, cipher_suite,
+ password, password_length,
+ user_id, user_id_length,
+ peer_id, peer_id_length,
+ role);
#endif /* PSA_NEED_OBERON_JPAKE */
#ifdef PSA_NEED_OBERON_SPAKE2P
case PSA_ALG_SPAKE2P:
return oberon_spake2p_setup(
- &operation->ctx.oberon_spake2p_ctx, cipher_suite);
+ &operation->ctx.oberon_spake2p_ctx, cipher_suite,
+ password, password_length,
+ user_id, user_id_length,
+ peer_id, peer_id_length,
+ role);
#endif /* PSA_NEED_OBERON_SPAKE2P */
#ifdef PSA_NEED_OBERON_SRP_6
case PSA_ALG_SRP_6:
return oberon_srp_setup(
- &operation->ctx.oberon_srp_ctx, cipher_suite);
-#endif /* PSA_NEED_OBERON_SRP_6 */
- default:
- (void)cipher_suite;
- return PSA_ERROR_NOT_SUPPORTED;
- }
-}
-
-psa_status_t oberon_pake_set_password_key(
- oberon_pake_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length)
-{
- switch (operation->alg) {
-#ifdef PSA_NEED_OBERON_JPAKE
- case PSA_ALG_JPAKE:
- return oberon_jpake_set_password_key(
- &operation->ctx.oberon_jpake_ctx, attributes, password, password_length);
-#endif /* PSA_NEED_OBERON_JPAKE */
-#ifdef PSA_NEED_OBERON_SPAKE2P
- case PSA_ALG_SPAKE2P:
- return oberon_spake2p_set_password_key(
- &operation->ctx.oberon_spake2p_ctx, attributes, password, password_length);
-#endif /* PSA_NEED_OBERON_SPAKE2P */
-#ifdef PSA_NEED_OBERON_SRP_6
- case PSA_ALG_SRP_6:
- return oberon_srp_set_password_key(
- &operation->ctx.oberon_srp_ctx, attributes, password, password_length);
+ &operation->ctx.oberon_srp_ctx, cipher_suite,
+ password, password_length,
+ user_id, user_id_length,
+ peer_id, peer_id_length,
+ role);
#endif /* PSA_NEED_OBERON_SRP_6 */
default:
(void)attributes;
(void)password;
(void)password_length;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t oberon_pake_set_user(
- oberon_pake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len)
-{
- switch (operation->alg) {
-#ifdef PSA_NEED_OBERON_JPAKE
- case PSA_ALG_JPAKE:
- return oberon_jpake_set_user(
- &operation->ctx.oberon_jpake_ctx, user_id, user_id_len);
-#endif /* PSA_NEED_OBERON_JPAKE */
-#ifdef PSA_NEED_OBERON_SPAKE2P
- case PSA_ALG_SPAKE2P:
- return oberon_spake2p_set_user(
- &operation->ctx.oberon_spake2p_ctx, user_id, user_id_len);
-#endif /* PSA_NEED_OBERON_SPAKE2P */
-#ifdef PSA_NEED_OBERON_SRP_6
- case PSA_ALG_SRP_6:
- return oberon_srp_set_user(
- &operation->ctx.oberon_srp_ctx, user_id, user_id_len);
-#endif /* PSA_NEED_OBERON_SRP_6 */
- default:
(void)user_id;
- (void)user_id_len;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t oberon_pake_set_peer(
- oberon_pake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len)
-{
- switch (operation->alg) {
-#ifdef PSA_NEED_OBERON_JPAKE
- case PSA_ALG_JPAKE:
- return oberon_jpake_set_peer(
- &operation->ctx.oberon_jpake_ctx, peer_id, peer_id_len);
-#endif /* PSA_NEED_OBERON_JPAKE */
-#ifdef PSA_NEED_OBERON_SPAKE2P
- case PSA_ALG_SPAKE2P:
- return oberon_spake2p_set_peer(
- &operation->ctx.oberon_spake2p_ctx, peer_id, peer_id_len);
-#endif /* PSA_NEED_OBERON_SPAKE2P */
-#ifdef PSA_NEED_OBERON_SRP_6
- case PSA_ALG_SRP_6:
- return PSA_ERROR_NOT_SUPPORTED; // no peer id in SRP
-#endif /* PSA_NEED_OBERON_SRP_6 */
- default:
+ (void)user_id_length;
(void)peer_id;
- (void)peer_id_len;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t oberon_pake_set_role(
- oberon_pake_operation_t *operation,
- psa_pake_role_t role)
-{
- switch (operation->alg) {
-#ifdef PSA_NEED_OBERON_JPAKE
- case PSA_ALG_JPAKE:
- return oberon_jpake_set_role(
- &operation->ctx.oberon_jpake_ctx, role);
-#endif /* PSA_NEED_OBERON_JPAKE */
-#ifdef PSA_NEED_OBERON_SPAKE2P
- case PSA_ALG_SPAKE2P:
- return oberon_spake2p_set_role(
- &operation->ctx.oberon_spake2p_ctx, role);
-#endif /* PSA_NEED_OBERON_SPAKE2P */
-#ifdef PSA_NEED_OBERON_SRP_6
- case PSA_ALG_SRP_6:
- return oberon_srp_set_role(
- &operation->ctx.oberon_srp_ctx, role);
-#endif /* PSA_NEED_OBERON_SRP_6 */
- default:
+ (void)peer_id_length;
(void)role;
- return PSA_ERROR_BAD_STATE;
+ return PSA_ERROR_NOT_SUPPORTED;
}
}
diff --git a/ext/oberon/psa/drivers/oberon_pake.h b/ext/oberon/psa/drivers/oberon_pake.h
index 78f88514fe7f..41984d2c24d6 100644
--- a/ext/oberon/psa/drivers/oberon_pake.h
+++ b/ext/oberon/psa/drivers/oberon_pake.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_PAKE_H
#define OBERON_PAKE_H
@@ -46,23 +48,11 @@ typedef struct {
psa_status_t oberon_pake_setup(
oberon_pake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite);
-
-psa_status_t oberon_pake_set_password_key(
- oberon_pake_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite,
const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length);
-
-psa_status_t oberon_pake_set_user(
- oberon_pake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len);
-
-psa_status_t oberon_pake_set_peer(
- oberon_pake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len);
-
-psa_status_t oberon_pake_set_role(
- oberon_pake_operation_t *operation,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
psa_pake_role_t role);
psa_status_t oberon_pake_output(
diff --git a/ext/oberon/psa/drivers/oberon_rsa.c b/ext/oberon/psa/drivers/oberon_rsa.c
index d23f824fd50a..d43cba28dbd6 100644
--- a/ext/oberon/psa/drivers/oberon_rsa.c
+++ b/ext/oberon/psa/drivers/oberon_rsa.c
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
#include
@@ -559,6 +561,26 @@ static const uint8_t DIGEST_INFO_SHA512[] = {
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
#endif
+#ifdef PSA_WANT_ALG_SHA3_224
+static const uint8_t DIGEST_INFO_SHA3_224[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+ 0x65, 0x03, 0x04, 0x02, 0x07, 0x05, 0x00, 0x04, 0x1c};
+#endif
+#ifdef PSA_WANT_ALG_SHA3_256
+static const uint8_t DIGEST_INFO_SHA3_256[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+ 0x65, 0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20};
+#endif
+#ifdef PSA_WANT_ALG_SHA3_384
+static const uint8_t DIGEST_INFO_SHA3_384[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+ 0x65, 0x03, 0x04, 0x02, 0x09, 0x05, 0x00, 0x04, 0x30};
+#endif
+#ifdef PSA_WANT_ALG_SHA3_512
+static const uint8_t DIGEST_INFO_SHA3_512[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+ 0x65, 0x03, 0x04, 0x02, 0x0A, 0x05, 0x00, 0x04, 0x40};
+#endif
static psa_status_t emsa_pkcs1_v15_get_digest(
psa_algorithm_t hash_alg,
@@ -594,6 +616,30 @@ static psa_status_t emsa_pkcs1_v15_get_digest(
*digest = DIGEST_INFO_SHA512;
*d_len = sizeof DIGEST_INFO_SHA512;
return PSA_SUCCESS;
+#endif
+#ifdef PSA_WANT_ALG_SHA3_224
+ case PSA_ALG_SHA3_224:
+ *digest = DIGEST_INFO_SHA3_224;
+ *d_len = sizeof DIGEST_INFO_SHA3_224;
+ return PSA_SUCCESS;
+#endif
+#ifdef PSA_WANT_ALG_SHA3_256
+ case PSA_ALG_SHA3_256:
+ *digest = DIGEST_INFO_SHA3_256;
+ *d_len = sizeof DIGEST_INFO_SHA3_256;
+ return PSA_SUCCESS;
+#endif
+#ifdef PSA_WANT_ALG_SHA3_384
+ case PSA_ALG_SHA3_384:
+ *digest = DIGEST_INFO_SHA3_384;
+ *d_len = sizeof DIGEST_INFO_SHA3_384;
+ return PSA_SUCCESS;
+#endif
+#ifdef PSA_WANT_ALG_SHA3_512
+ case PSA_ALG_SHA3_512:
+ *digest = DIGEST_INFO_SHA3_512;
+ *d_len = sizeof DIGEST_INFO_SHA3_512;
+ return PSA_SUCCESS;
#endif
default:
(void)digest;
diff --git a/ext/oberon/psa/drivers/oberon_rsa.h b/ext/oberon/psa/drivers/oberon_rsa.h
index 124f74121c8a..489466975b1d 100644
--- a/ext/oberon/psa/drivers/oberon_rsa.h
+++ b/ext/oberon/psa/drivers/oberon_rsa.h
@@ -1,10 +1,12 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
#ifndef OBERON_RSA_SIGNATURES_H
#define OBERON_RSA_SIGNATURES_H
diff --git a/ext/oberon/psa/drivers/oberon_spake2p.c b/ext/oberon/psa/drivers/oberon_spake2p.c
index d0ed50e2b558..eca0364897e2 100644
--- a/ext/oberon/psa/drivers/oberon_spake2p.c
+++ b/ext/oberon/psa/drivers/oberon_spake2p.c
@@ -1,10 +1,14 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
+// Different from the draft spec, the setup function has parameters, in order to
+// enable an implementation without memory allocation in the driver.
#include
@@ -57,18 +61,20 @@ static psa_status_t oberon_update_hash_with_prefix(
return status;
}
-static psa_status_t oberon_update_ids(
- oberon_spake2p_operation_t *op)
+static psa_status_t oberon_update_ids(oberon_spake2p_operation_t *op)
{
psa_status_t status;
- // add prover, verifier, M, and N to TT
+ // add idProver to TT
status = oberon_update_hash_with_prefix(&op->hash_op, op->prover, op->prover_len);
- if (status) return status;
+ if (status != PSA_SUCCESS) return status;
+ // add idVerifier to TT
status = oberon_update_hash_with_prefix(&op->hash_op, op->verifier, op->verifier_len);
- if (status) return status;
+ if (status != PSA_SUCCESS) return status;
+ // add M to TT
status = oberon_update_hash_with_prefix(&op->hash_op, M, sizeof M);
- if (status) return status;
+ if (status != PSA_SUCCESS) return status;
+ // add N to TT
return oberon_update_hash_with_prefix(&op->hash_op, N, sizeof N);
}
@@ -93,7 +99,9 @@ static psa_status_t oberon_write_key_share(
*output_length = P256_POINT_SIZE;
if (op->role == PSA_PAKE_ROLE_CLIENT) {
- oberon_update_ids(op);
+ // add ids, M, and N to TT
+ status = oberon_update_ids(op);
+ if (status != PSA_SUCCESS) return status;
}
// add share to TT
@@ -104,11 +112,15 @@ static psa_status_t oberon_read_key_share(
oberon_spake2p_operation_t *op,
const uint8_t *input, size_t input_length)
{
+ psa_status_t status;
+
if (input_length != P256_POINT_SIZE || input[0] != 0x04) return PSA_ERROR_INVALID_ARGUMENT;
memcpy(op->YX, input, P256_POINT_SIZE);
- if (op->role != PSA_PAKE_ROLE_CLIENT) {
- oberon_update_ids(op);
+ if (op->role == PSA_PAKE_ROLE_SERVER) {
+ // add ids, M, and N to TT
+ status = oberon_update_ids(op);
+ if (status != PSA_SUCCESS) return status;
}
// add share to TT
@@ -244,8 +256,15 @@ static psa_status_t oberon_read_confirm(
psa_status_t oberon_spake2p_setup(
oberon_spake2p_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite)
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
+ psa_pake_role_t role)
{
+ psa_status_t status;
+ int res;
+
if (cipher_suite->algorithm != PSA_ALG_SPAKE2P ||
cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 ||
@@ -255,87 +274,37 @@ psa_status_t oberon_spake2p_setup(
// prepare TT calculation
operation->hash_alg = cipher_suite->hash;
- return psa_driver_wrapper_hash_setup(&operation->hash_op, cipher_suite->hash);
-}
+ operation->role = role;
+ status = psa_driver_wrapper_hash_setup(&operation->hash_op, cipher_suite->hash);
+ if (status) return status;
-psa_status_t oberon_spake2p_set_role(
- oberon_spake2p_operation_t *operation,
- psa_pake_role_t role)
-{
if (role == PSA_PAKE_ROLE_CLIENT) {
operation->MN = M;
operation->NM = N;
- } else if (role == PSA_PAKE_ROLE_SERVER) {
- operation->MN = N;
- operation->NM = M;
- } else {
- return PSA_ERROR_NOT_SUPPORTED;
- }
- operation->role = role;
- return PSA_SUCCESS;
-}
-
-psa_status_t oberon_spake2p_set_user(
- oberon_spake2p_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len)
-{
- if (operation->role == PSA_PAKE_ROLE_CLIENT) {
- // prover = user
- if (user_id_len > sizeof operation->prover) return PSA_ERROR_INSUFFICIENT_MEMORY;
- if (user_id_len) {
- memcpy(operation->prover, user_id, user_id_len);
- }
- operation->prover_len = (uint8_t)user_id_len;
- } else {
- // verifier = user
- if (user_id_len > sizeof operation->verifier) return PSA_ERROR_INSUFFICIENT_MEMORY;
- if (user_id_len) {
- memcpy(operation->verifier, user_id, user_id_len);
- }
- operation->verifier_len = (uint8_t)user_id_len;
- }
-
- return PSA_SUCCESS;
-}
-
-psa_status_t oberon_spake2p_set_peer(
- oberon_spake2p_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len)
-{
- if (operation->role == PSA_PAKE_ROLE_CLIENT) {
- // verifier = peer
- if (peer_id_len > sizeof operation->verifier) return PSA_ERROR_INSUFFICIENT_MEMORY;
- if (peer_id_len) {
- memcpy(operation->verifier, peer_id, peer_id_len);
+ // prover = user; verifier = peer
+ if (user_id_length > sizeof operation->prover || peer_id_length > sizeof operation->verifier) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
}
- operation->verifier_len = (uint8_t)peer_id_len;
- } else {
- // prover = peer
- if (peer_id_len > sizeof operation->prover) return PSA_ERROR_INSUFFICIENT_MEMORY;
- if (peer_id_len) {
- memcpy(operation->prover, peer_id, peer_id_len);
- }
- operation->prover_len = (uint8_t)peer_id_len;
- }
-
- return PSA_SUCCESS;
-}
-
-psa_status_t oberon_spake2p_set_password_key(
- oberon_spake2p_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length)
-{
- int res;
- (void)attributes;
-
- if (operation->role == PSA_PAKE_ROLE_CLIENT) {
+ memcpy(operation->prover, user_id, user_id_length);
+ operation->prover_len = (uint8_t)user_id_length;
+ memcpy(operation->verifier, peer_id, peer_id_length);
+ operation->verifier_len = (uint8_t)peer_id_length;
// password = w0s:w1s
if (password_length < 2 * P256_KEY_SIZE) return PSA_ERROR_INVALID_ARGUMENT;
ocrypto_spake2p_p256_reduce(operation->w0, password, password_length >> 1);
password += password_length >> 1;
ocrypto_spake2p_p256_reduce(operation->w1, password, password_length >> 1);
} else { /* role == PSA_PAKE_ROLE_SERVER */
+ operation->MN = N;
+ operation->NM = M;
+ // prover = peer; verifier = user
+ if (peer_id_length > sizeof operation->prover || user_id_length > sizeof operation->verifier) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+ memcpy(operation->prover, peer_id, peer_id_length);
+ operation->prover_len = (uint8_t)peer_id_length;
+ memcpy(operation->verifier, user_id, user_id_length);
+ operation->verifier_len = (uint8_t)user_id_length;
// password = w0s:L
if (password_length < P256_KEY_SIZE + P256_POINT_SIZE) return PSA_ERROR_INVALID_ARGUMENT;
ocrypto_spake2p_p256_reduce(operation->w0, password, password_length - P256_POINT_SIZE);
@@ -344,9 +313,9 @@ psa_status_t oberon_spake2p_set_password_key(
if (res) return PSA_ERROR_INVALID_ARGUMENT;
memcpy(operation->L, password, P256_POINT_SIZE);
}
-
return PSA_SUCCESS;
}
+
psa_status_t oberon_spake2p_output(
oberon_spake2p_operation_t *operation,
psa_pake_step_t step,
@@ -374,7 +343,9 @@ psa_status_t oberon_spake2p_input(
switch (step) {
case PSA_PAKE_STEP_CONTEXT:
// add context to TT
- return oberon_update_hash_with_prefix(&operation->hash_op, input, input_length);
+ return oberon_update_hash_with_prefix(
+ &operation->hash_op,
+ input, input_length);
case PSA_PAKE_STEP_KEY_SHARE:
return oberon_read_key_share(
operation,
diff --git a/ext/oberon/psa/drivers/oberon_spake2p.h b/ext/oberon/psa/drivers/oberon_spake2p.h
index 767a212c83ee..98c22468877c 100644
--- a/ext/oberon/psa/drivers/oberon_spake2p.h
+++ b/ext/oberon/psa/drivers/oberon_spake2p.h
@@ -1,10 +1,14 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
+// Different from the draft spec, the setup function has parameters, in order to
+// enable an implementation without memory allocation in the driver.
#ifndef OBERON_SPAKE2P_H
#define OBERON_SPAKE2P_H
@@ -43,23 +47,10 @@ typedef struct {
psa_status_t oberon_spake2p_setup(
oberon_spake2p_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite);
-
-psa_status_t oberon_spake2p_set_password_key(
- oberon_spake2p_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length);
-
-psa_status_t oberon_spake2p_set_user(
- oberon_spake2p_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len);
-
-psa_status_t oberon_spake2p_set_peer(
- oberon_spake2p_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len);
-
-psa_status_t oberon_spake2p_set_role(
- oberon_spake2p_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
psa_pake_role_t role);
psa_status_t oberon_spake2p_output(
diff --git a/ext/oberon/psa/drivers/oberon_srp.c b/ext/oberon/psa/drivers/oberon_srp.c
index 3210f1a6d735..c01d886891ee 100644
--- a/ext/oberon/psa/drivers/oberon_srp.c
+++ b/ext/oberon/psa/drivers/oberon_srp.c
@@ -1,10 +1,14 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file implements functions from the Arm PSA Crypto Driver API.
+// Different from the draft spec, the setup function has parameters, in order to
+// enable an implementation without memory allocation in the driver.
#include
@@ -261,8 +265,15 @@ static psa_status_t oberon_read_confirm(
psa_status_t oberon_srp_setup(
oberon_srp_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite)
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
+ psa_pake_role_t role)
{
+ (void)peer_id;
+ (void)peer_id_length;
+
if (cipher_suite->algorithm != PSA_ALG_SRP_6 ||
cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH ||
cipher_suite->family != PSA_DH_FAMILY_RFC3526 ||
@@ -272,35 +283,12 @@ psa_status_t oberon_srp_setup(
operation->hash_alg = cipher_suite->hash;
operation->hash_len = PSA_HASH_LENGTH(cipher_suite->hash);
- return PSA_SUCCESS;
-}
-
-psa_status_t oberon_srp_set_role(
- oberon_srp_operation_t *operation,
- psa_pake_role_t role)
-{
- if (role != PSA_PAKE_ROLE_CLIENT && role != PSA_PAKE_ROLE_SERVER) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
operation->role = role;
- return PSA_SUCCESS;
-}
-psa_status_t oberon_srp_set_user(
- oberon_srp_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len)
-{
- if (user_id_len > sizeof operation->user) return PSA_ERROR_NOT_SUPPORTED;
- memcpy(operation->user, user_id, user_id_len);
- operation->user_len = user_id_len;
- return PSA_SUCCESS;
-}
+ if (user_id_length > sizeof operation->user) return PSA_ERROR_NOT_SUPPORTED;
+ memcpy(operation->user, user_id, user_id_length);
+ operation->user_len = user_id_length;
-psa_status_t oberon_srp_set_password_key(
- oberon_srp_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length)
-{
if (operation->role == PSA_PAKE_ROLE_CLIENT) {
// password hash
if (password_length != operation->hash_len) return PSA_ERROR_INVALID_ARGUMENT;
@@ -311,7 +299,6 @@ psa_status_t oberon_srp_set_password_key(
memcpy(operation->password, password, SRP_FIELD_SIZE);
}
- (void)attributes;
return PSA_SUCCESS;
}
diff --git a/ext/oberon/psa/drivers/oberon_srp.h b/ext/oberon/psa/drivers/oberon_srp.h
index c36b19ea0527..ec6eab47bcc3 100644
--- a/ext/oberon/psa/drivers/oberon_srp.h
+++ b/ext/oberon/psa/drivers/oberon_srp.h
@@ -1,10 +1,14 @@
/*
- * Copyright (c) 2016 - 2023 Nordic Semiconductor ASA
+ * Copyright (c) 2016 - 2024 Nordic Semiconductor ASA
* Copyright (c) since 2020 Oberon microsystems AG
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+//
+// This file is based on the Arm PSA Crypto Driver API.
+// Different from the draft spec, the setup function has parameters, in order to
+// enable an implementation without memory allocation in the driver.
#ifndef OBERON_SRP_H
#define OBERON_SRP_H
@@ -38,19 +42,10 @@ typedef struct {
psa_status_t oberon_srp_setup(
oberon_srp_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite);
-
-psa_status_t oberon_srp_set_password_key(
- oberon_srp_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password, size_t password_length);
-
-psa_status_t oberon_srp_set_user(
- oberon_srp_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len);
-
-psa_status_t oberon_srp_set_role(
- oberon_srp_operation_t *operation,
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
psa_pake_role_t role);
psa_status_t oberon_srp_output(
diff --git a/include/tfm/tfm_ioctl_api.h b/include/tfm/tfm_ioctl_api.h
index cb91570d6ec8..ca5086f39a6c 100644
--- a/include/tfm/tfm_ioctl_api.h
+++ b/include/tfm/tfm_ioctl_api.h
@@ -20,7 +20,6 @@
#include
#include
-#include
#include
#include
diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig
index df5809c47ad2..467dc0bfc206 100644
--- a/modules/hostap/Kconfig
+++ b/modules/hostap/Kconfig
@@ -102,6 +102,7 @@ config WPA_SUPP_CRYPTO_PSA
select MBEDTLS_CMAC_C
select MBEDTLS_GCM_C
select MBEDTLS_TLS_LIBRARY
+ select MBEDTLS_PK_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_X509_LIBRARY
select MBEDTLS_X509_CRT_PARSE_C
@@ -122,6 +123,9 @@ config WPA_SUPP_CRYPTO_LEGACY
select MBEDTLS_LEGACY_CRYPTO_C
select MBEDTLS_ECP_C
select MBEDTLS_CTR_DRBG_C
+ select MBEDTLS_PK_C
+ select MBEDTLS_PKCS5_C
+ select MBEDTLS_CIPHER_PADDING_PKCS7
select MBEDTLS_PK_WRITE_C
select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt
index 46a94c8380cc..974cd4b89733 100644
--- a/modules/trusted-firmware-m/CMakeLists.txt
+++ b/modules/trusted-firmware-m/CMakeLists.txt
@@ -8,7 +8,7 @@ zephyr_library()
zephyr_include_directories(.)
zephyr_library_sources_ifdef(CONFIG_TFM_ALLOW_NON_SECURE_FAULT_HANDLING fault.c)
-if (NOT CONFIG_TFM_BUILD_NS AND CONFIG_TFM_PARTITION_PLATFORM AND CONFIG_SOC_FAMILY_NRF)
+if (CONFIG_TFM_PARTITION_PLATFORM AND CONFIG_SOC_FAMILY_NRF)
zephyr_library_named(tfm_api_nrf)
# The non-secure API files are located in a folder associated with the TF-M
@@ -210,6 +210,15 @@ set_property(TARGET zephyr_property_target
-DPYTHON_PREFER=${Python3_EXECUTABLE}
)
+# CONN_HANDLE_MAX_NUM is only needed if IPC mode is used
+# The maximal number of secure services that are connected or requested at the same time
+if (CONFIG_TFM_CONN_HANDLE_MAX_NUM)
+ set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DCONFIG_TFM_DOORBELL_API=${CONFIG_TFM_CONN_HANDLE_MAX_NUM}
+ )
+endif()
+
zephyr_include_directories(${ZEPHYR_NRF_MODULE_DIR}/include/tfm)
# Default values from config_base.h in TF-M.
@@ -254,7 +263,6 @@ set(PS_VALIDATE_METADATA_FROM_FLASH ${CONFIG_TFM_PS_VALIDATE_METADATA_FRO
set(PS_MAX_ASSET_SIZE ${CONFIG_TFM_PS_MAX_ASSET_SIZE})
set(PS_NUM_ASSETS ${CONFIG_TFM_PS_NUM_ASSETS})
set(PS_STACK_SIZE ${CONFIG_TFM_PS_STACK_SIZE})
-set(CONFIG_TFM_CONN_HANDLE_MAX_NUM ${CONFIG_TFM_CONN_HANDLE_MAX_NUM})
set(CONFIG_TFM_DOORBELL_API ${CONFIG_TFM_DOORBELL_API})
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tfm_config.h.in
diff --git a/modules/trusted-firmware-m/Kconfig b/modules/trusted-firmware-m/Kconfig
index 824cb9443f00..c4e4803d743c 100644
--- a/modules/trusted-firmware-m/Kconfig
+++ b/modules/trusted-firmware-m/Kconfig
@@ -184,9 +184,6 @@ config TFM_ITS_VALIDATE_METADATA_FROM_FLASH
help
Validate filesystem metadata every time it is read from flash
-config TFM_ITS_MAX_ASSET_SIZE_OVERRIDE
- default y
-
config TFM_ITS_MAX_ASSET_SIZE
default 512
@@ -267,6 +264,7 @@ menu "TF-M SPM component configs"
config TFM_CONN_HANDLE_MAX_NUM
int "Maximal number of handling secure services"
default 8
+ depends on TFM_IPC
help
The maximal number of secure services that are connected or requested at
the same time
diff --git a/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt
index c856a9714a8c..c4eb589556ca 100644
--- a/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt
+++ b/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
@@ -71,12 +71,6 @@ target_sources(tfm_sprt
$<$>:${CMAKE_CURRENT_SOURCE_DIR}/common/dummy_tfm_sp_log_raw.c>
)
-# Disabling UART stdout not supported in NS Image, which is always built even when not needed.
-target_sources(platform_ns
- PRIVATE
- $<$>:${CMAKE_CURRENT_SOURCE_DIR}/common/dummy_uart_stdout.c>
- )
-
if (${TFM_PARTITION_CRYPTO})
target_sources(platform_crypto_keys
PRIVATE
@@ -143,7 +137,6 @@ if (CRYPTO_STORAGE_DISABLED AND TFM_PARTITION_CRYPTO AND NOT TFM_PARTITION_INTER
TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID=0x00000070)
endif()
-target_include_directories(platform_ns PUBLIC ${board_includes})
if(BL2)
message(FATAL_ERROR "BL2 is not supported")
@@ -165,23 +158,6 @@ if(TFM_PARTITION_PLATFORM)
${src_dir}/tfm_ioctl_s_api.c
)
- target_include_directories(platform_ns
- PUBLIC
- include
- ${ZEPHYR_NRF_MODULE_DIR}/include/tfm
- ${ZEPHYR_NRF_MODULE_DIR}/include
- )
-
- target_compile_definitions(platform_ns
- PUBLIC
- FIRMWARE_INFO_MAGIC=${FIRMWARE_INFO_MAGIC}
- EXT_API_MAGIC=${EXT_API_MAGIC}
- )
-
- target_sources(platform_ns
- PRIVATE
- ${src_dir}/tfm_ioctl_ns_api.c
- )
endif()
if(LOG_MEMORY_PROTECTION)
@@ -190,3 +166,17 @@ if(LOG_MEMORY_PROTECTION)
src/log_memory_protection.c
)
endif()
+
+#======================= Non Secure image ===========================
+
+install(FILES ns/CMakeLists.txt
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+if(TFM_PARTITION_PLATFORM)
+ file(COPY board/device_cfg.h
+ board/RTE_Device.h
+ DESTINATION ${INSTALL_INTERFACE_INC_DIR})
+endif()
+
+file(COPY ${CMAKE_CURRENT_LIST_DIR}/common
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
diff --git a/modules/trusted-firmware-m/tfm_boards/board/RTE_Device.h b/modules/trusted-firmware-m/tfm_boards/board/RTE_Device.h
index 9343d526af10..a0d1b80ed1f1 100644
--- a/modules/trusted-firmware-m/tfm_boards/board/RTE_Device.h
+++ b/modules/trusted-firmware-m/tfm_boards/board/RTE_Device.h
@@ -15,7 +15,7 @@
#include
-/* Configuration settings for Driver_FLASH.c and Driver_USART.c */
+#include
#define UART_PIN_INIT(node_id, prop, idx) \
DT_PROP_BY_IDX(node_id, prop, idx),
@@ -30,12 +30,26 @@
#define RTE_FLASH0 1
+#if DOMAIN_NS == 1U
+
+#ifdef NRF_UARTE0_S
+
+#define RTE_USART0 1
+
+#else /* NRF_UARTE0 */
+
+#define RTE_USART22 1
+
+#endif /* NRF_UARTE0 */
+
+#endif /* DOMAIN_NS == 1U */
+
/*
* The defines RTE_USART0, RTE_USART1, etc. determine if
* Driver_USART.c instantiates UART instance 0, 1, etc..
*/
-#if defined(CONFIG_TFM_SECURE_UART0) || DOMAIN_NS == 1U
+#if defined(CONFIG_TFM_SECURE_UART0)
#define RTE_USART0 1
#endif
@@ -43,6 +57,10 @@
#define RTE_USART1 1
#endif
+#if defined(CONFIG_TFM_SECURE_UART22)
+#define RTE_USART22 1
+#endif
+
/*
* Note that the defines RTE_USART0_PINS, RTE_USART1_PINS, etc. are
* used by Driver_USART.c, but only when RTE_USART0, RTE_USART1
diff --git a/modules/trusted-firmware-m/tfm_boards/common/ns_fault_service.c b/modules/trusted-firmware-m/tfm_boards/common/ns_fault_service.c
index 6a0b50ce2671..f71534e1c0a6 100644
--- a/modules/trusted-firmware-m/tfm_boards/common/ns_fault_service.c
+++ b/modules/trusted-firmware-m/tfm_boards/common/ns_fault_service.c
@@ -54,12 +54,6 @@
* that is triggered by events external to the CPU, such as an EasyDMA access.
*/
-#define EXCEPTION_TYPE_SECUREFAULT (NVIC_USER_IRQ_OFFSET + SecureFault_IRQn)
-#define EXCEPTION_TYPE_MEMFAULT (NVIC_USER_IRQ_OFFSET + MemoryManagement_IRQn)
-#define EXCEPTION_TYPE_HARDFAULT (NVIC_USER_IRQ_OFFSET + HardFault_IRQn)
-#define EXCEPTION_TYPE_BUSFAULT (NVIC_USER_IRQ_OFFSET + BusFault_IRQn)
-#define EXCEPTION_TYPE_USAGEFAULT (NVIC_USER_IRQ_OFFSET + UsageFault_IRQn)
-
#define EXCEPTION_TYPE_SPUFAULT (NVIC_USER_IRQ_OFFSET + SPU_IRQn)
typedef void (*ns_funcptr) (void) __attribute__((cmse_nonsecure_call));
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/CMakeLists.txt
index 3bccb8bf3b03..2656fa3fdbd8 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/CMakeLists.txt
+++ b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/CMakeLists.txt
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
@@ -9,3 +9,18 @@ set(NRF_BOARD_SELECTED True)
add_subdirectory(${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf5340 nrf5340)
add_subdirectory(.. tfm_board)
+
+
+install(FILES ${CMAKE_CURRENT_LIST_DIR}/ns/cpuarch_ns.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+ RENAME cpuarch.cmake)
+
+install(FILES config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ../common/config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/../common/)
+
+install(DIRECTORY ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/tests
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/config.cmake b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/config.cmake
index 7d3809e82022..e5f60e198669 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/config.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/config.cmake
@@ -1,12 +1,13 @@
#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
include(${CMAKE_CURRENT_LIST_DIR}/../common/config.cmake)
-set(PLATFORM_PATH platform/ext/target/nordic_nrf/)
+set(NRF_SOC_VARIANT nrf5340 CACHE STRING "nRF SoC Variant")
+
include(${PLATFORM_PATH}/common/nrf5340/config.cmake)
# Override the AEAD algorithm configuration
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/cpuarch.cmake b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/cpuarch.cmake
new file mode 100644
index 000000000000..421845b13137
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/cpuarch.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_PATH platform/ext/target/nordic_nrf)
+
+include(${PLATFORM_PATH}/common/nrf5340/cpuarch.cmake)
+add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/ns/cpuarch_ns.cmake b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/ns/cpuarch_ns.cmake
new file mode 100644
index 000000000000..90f46ee884c3
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/ns/cpuarch_ns.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR})
+
+include(${CMAKE_CURRENT_LIST_DIR}/common/nrf5340/cpuarch.cmake)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/preload.cmake b/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/preload.cmake
deleted file mode 100644
index 733f584bb2c8..000000000000
--- a/modules/trusted-firmware-m/tfm_boards/nrf5340_cpuapp/preload.cmake
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
-#
-# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
-#
-
-include(platform/ext/target/nordic_nrf/common/nrf5340/preload.cmake)
-add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt
index a58356da3669..71ffdb6ea597 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9120/CMakeLists.txt
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2023-2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
@@ -9,3 +9,18 @@ set(NRF_BOARD_SELECTED True)
add_subdirectory(${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf91 nrf91)
add_subdirectory(.. tfm_board)
+
+
+install(FILES ${CMAKE_CURRENT_LIST_DIR}/ns/cpuarch_ns.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+ RENAME cpuarch.cmake)
+
+install(FILES ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf9120/cpuarch.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf9120)
+
+install(FILES config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/../common/)
+
+install(DIRECTORY ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/tests
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9120/config.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9120/config.cmake
index 6d9c893543c7..e9ed56861b49 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf9120/config.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9120/config.cmake
@@ -1,13 +1,14 @@
#
-# Copyright (c) 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2023-2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
include(${CMAKE_CURRENT_LIST_DIR}/../common/config.cmake)
-set(PLATFORM_PATH platform/ext/target/nordic_nrf/)
-include(${PLATFORM_PATH}/common/nrf91/config.cmake)
+set(NRF_SOC_VARIANT nrf91 CACHE STRING "nRF SoC Variant")
+
+include(${PLATFORM_PATH}/common/${NRF_SOC_VARIANT}/config.cmake)
# Override the AEAD algorithm configuration since nRF91 series supports only AES_CCM
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage")
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9120/cpuarch.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9120/cpuarch.cmake
new file mode 100644
index 000000000000..80e7a4942966
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9120/cpuarch.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2023-2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_PATH platform/ext/target/nordic_nrf)
+
+include(${PLATFORM_PATH}/common/nrf9120/cpuarch.cmake)
+add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9120/ns/cpuarch_ns.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9120/ns/cpuarch_ns.cmake
new file mode 100644
index 000000000000..d6ccc23203fa
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9120/ns/cpuarch_ns.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR})
+
+include(${CMAKE_CURRENT_LIST_DIR}/common/nrf9120/cpuarch.cmake)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9120/preload.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9120/preload.cmake
deleted file mode 100644
index cb23795a97be..000000000000
--- a/modules/trusted-firmware-m/tfm_boards/nrf9120/preload.cmake
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# Copyright (c) 2023, Nordic Semiconductor ASA.
-#
-# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
-#
-
-include(platform/ext/target/nordic_nrf/common/nrf9120/preload.cmake)
-add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9160/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/nrf9160/CMakeLists.txt
index 8bcf2a1798c2..0fd8d8984e53 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf9160/CMakeLists.txt
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9160/CMakeLists.txt
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
@@ -9,3 +9,21 @@ set(NRF_BOARD_SELECTED True)
add_subdirectory(${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf91 nrf91)
add_subdirectory(.. tfm_board)
+
+
+install(FILES ${CMAKE_CURRENT_LIST_DIR}/ns/cpuarch_ns.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+ RENAME cpuarch.cmake)
+
+install(FILES ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf9160/cpuarch.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf9160)
+
+install(FILES config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ../common/config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/../common/)
+
+install(DIRECTORY ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/tests
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9160/config.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9160/config.cmake
index b1868334e6b4..20f9fe017ac9 100644
--- a/modules/trusted-firmware-m/tfm_boards/nrf9160/config.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9160/config.cmake
@@ -1,13 +1,14 @@
#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
include(${CMAKE_CURRENT_LIST_DIR}/../common/config.cmake)
-set(PLATFORM_PATH platform/ext/target/nordic_nrf/)
-include(${PLATFORM_PATH}/common/nrf91/config.cmake)
+set(NRF_SOC_VARIANT nrf91 CACHE STRING "nRF SoC Variant")
+
+include(${PLATFORM_PATH}/common/${NRF_SOC_VARIANT}/config.cmake)
# Override the AEAD algorithm configuration since nRF91 series supports only AES_CCM
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage")
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9160/cpuarch.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9160/cpuarch.cmake
new file mode 100644
index 000000000000..2a32396e6885
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9160/cpuarch.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2021 - 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_PATH platform/ext/target/nordic_nrf)
+
+include(${PLATFORM_PATH}/common/nrf9160/cpuarch.cmake)
+add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9160/ns/cpuarch_ns.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9160/ns/cpuarch_ns.cmake
new file mode 100644
index 000000000000..22c7f14646a6
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/nrf9160/ns/cpuarch_ns.cmake
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR})
+
+include(${CMAKE_CURRENT_LIST_DIR}/common/nrf9160/cpuarch.cmake)
diff --git a/modules/trusted-firmware-m/tfm_boards/nrf9160/preload.cmake b/modules/trusted-firmware-m/tfm_boards/nrf9160/preload.cmake
deleted file mode 100644
index 3b48c68afb2d..000000000000
--- a/modules/trusted-firmware-m/tfm_boards/nrf9160/preload.cmake
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# Copyright (c) 2021 - 2023, Nordic Semiconductor ASA.
-#
-# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
-#
-
-include(platform/ext/target/nordic_nrf/common/nrf9160/preload.cmake)
-add_compile_definitions(__NRF_TFM__)
diff --git a/modules/trusted-firmware-m/tfm_boards/ns/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/ns/CMakeLists.txt
new file mode 100644
index 000000000000..951aa5896814
--- /dev/null
+++ b/modules/trusted-firmware-m/tfm_boards/ns/CMakeLists.txt
@@ -0,0 +1,67 @@
+#
+# Copyright (c) 2024, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_policy(SET CMP0076 NEW)
+set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(NRF_BOARD_SELECTED True)
+set(NRF_TFM_BOARD ${ZEPHYR_NRF_MODULE_DIR}/modules/trusted-firmware-m/tfm_boards)
+
+add_library(platform_ns STATIC)
+
+set(partition_includes
+ ${NRF_TFM_BOARD}/partition
+ ${CMAKE_BINARY_DIR}/../zephyr/include/generated
+)
+
+set(board_includes
+ ${CMAKE_BINARY_DIR}/../zephyr/misc/generated/syscalls_links/include
+ ${ZEPHYR_NRF_MODULE_DIR}/include/tfm
+ ${ZEPHYR_NRF_MODULE_DIR}/include
+)
+
+target_include_directories(platform_region_defs
+ INTERFACE
+ ${partition_includes}
+)
+
+target_include_directories(platform_ns
+ PUBLIC
+ ${partition_includes}
+ ${board_includes}
+)
+
+# Disabling UART stdout not supported in NS Image, which is always built even when not needed.
+target_sources(platform_ns
+ PRIVATE
+ $<$>:${NRF_TFM_BOARD}/common/dummy_uart_stdout.c>
+)
+
+# Get the value of HAL_NORDIC_PATH
+include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake)
+add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/${NRF_SOC_VARIANT} ${NRF_SOC_VARIANT})
+
+target_include_directories(platform_ns
+ PUBLIC
+ ${CMAKE_CURRENT_LIST_DIR}
+)
+
+if(TFM_PARTITION_PLATFORM)
+ target_compile_definitions(platform_ns
+ PUBLIC
+ FIRMWARE_INFO_MAGIC=${FIRMWARE_INFO_MAGIC}
+ EXT_API_MAGIC=${EXT_API_MAGIC}
+ )
+
+ target_sources(platform_ns
+ PRIVATE
+ ${NRF_TFM_BOARD}/src/tfm_ioctl_ns_api.c
+ )
+endif()
+
+target_link_libraries(platform_ns
+ PUBLIC
+ platform_region_defs
+)
diff --git a/modules/trusted-firmware-m/tfm_config.h.in b/modules/trusted-firmware-m/tfm_config.h.in
index 749b38ebe659..770a2480cd5c 100644
--- a/modules/trusted-firmware-m/tfm_config.h.in
+++ b/modules/trusted-firmware-m/tfm_config.h.in
@@ -155,11 +155,6 @@
/* The stack size of the Protected Storage Secure Partition */
#cmakedefine PS_STACK_SIZE @PS_STACK_SIZE@
-/* SPM Partition Configs */
-
-/* The maximal number of secure services that are connected or requested at the same time */
-#cmakedefine CONFIG_TFM_CONN_HANDLE_MAX_NUM @CONFIG_TFM_CONN_HANDLE_MAX_NUM@
-
/* Enable/Disable the doorbell APIs */
#cmakedefine01 CONFIG_TFM_DOORBELL_API
diff --git a/samples/cellular/nrf_cloud_multi_service/overlay_nrf7002ek_wifi_no_lte.conf b/samples/cellular/nrf_cloud_multi_service/overlay_nrf7002ek_wifi_no_lte.conf
index 4d7586db1a95..cf2e8ce6e3a8 100644
--- a/samples/cellular/nrf_cloud_multi_service/overlay_nrf7002ek_wifi_no_lte.conf
+++ b/samples/cellular/nrf_cloud_multi_service/overlay_nrf7002ek_wifi_no_lte.conf
@@ -36,7 +36,6 @@ CONFIG_MCUBOOT_IMG_MANAGER=n
## memory when in use.
CONFIG_BUILD_WITH_TFM=y
CONFIG_TRUSTED_EXECUTION_NONSECURE=y
-CONFIG_TFM_BUILD_NS=y
## Enable Protected Storage
CONFIG_TFM_PARTITION_PROTECTED_STORAGE=y
diff --git a/samples/crypto/hmac/prj.conf b/samples/crypto/hmac/prj.conf
index 2de440e43038..0b49530404ef 100644
--- a/samples/crypto/hmac/prj.conf
+++ b/samples/crypto/hmac/prj.conf
@@ -17,3 +17,7 @@ CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_WANT_GENERATE_RANDOM=y
CONFIG_PSA_WANT_ALG_HMAC=y
+# The sample uses HMAC with SHA-256 so enabling it
+CONFIG_PSA_WANT_ALG_SHA_256=y
+
+CONFIG_DEBUG_OPTIMIZATIONS=y
diff --git a/samples/crypto/psa_tls/overlays/rsa.conf b/samples/crypto/psa_tls/overlays/rsa.conf
index afb0aed78846..2a979ee7996c 100644
--- a/samples/crypto/psa_tls/overlays/rsa.conf
+++ b/samples/crypto/psa_tls/overlays/rsa.conf
@@ -1,3 +1,5 @@
CONFIG_PSA_TLS_CERTIFICATE_TYPE_RSA=y
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_PKCS1_V15=y
+CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y
+CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
diff --git a/samples/crypto/psa_tls/prj.conf b/samples/crypto/psa_tls/prj.conf
index 81066ac4a4e2..09667dab425f 100644
--- a/samples/crypto/psa_tls/prj.conf
+++ b/samples/crypto/psa_tls/prj.conf
@@ -46,8 +46,7 @@ CONFIG_NET_BUF_TX_COUNT=100
# mbed TLS and security
CONFIG_MBEDTLS_PK_C=y
-CONFIG_MBEDTLS_RSA_C=y
-CONFIG_MBEDTLS_PKCS1_V15=y
+
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=32768
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=2304
diff --git a/samples/crypto/rsa/prj.conf b/samples/crypto/rsa/prj.conf
index 8bfb03a0214e..2770a4aaf05d 100644
--- a/samples/crypto/rsa/prj.conf
+++ b/samples/crypto/rsa/prj.conf
@@ -17,4 +17,5 @@ CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y
CONFIG_PSA_WANT_ALG_SHA_256=y
-CONFIG_PSA_WANT_RSA_KEY_SIZE_1024=y
+# This samples source code explicitly uses an RSA key size of 2048
+CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
diff --git a/samples/crypto/rsa/src/main.c b/samples/crypto/rsa/src/main.c
index a66d4768caa4..bf067c20789a 100644
--- a/samples/crypto/rsa/src/main.c
+++ b/samples/crypto/rsa/src/main.c
@@ -33,6 +33,10 @@ LOG_MODULE_REGISTER(rsa, LOG_LEVEL_DBG);
/* ====================================================================== */
/* Global variables/defines for the RSA example */
+#ifndef CONFIG_PSA_WANT_RSA_KEY_SIZE_2048
+#error "This sample needs a key size of 2048"
+#endif
+
#define NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE (100)
#define NRF_CRYPTO_EXAMPLE_RSA_PUBLIC_KEY_SIZE (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(2048))
#define NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE (PSA_BITS_TO_BYTES(2048))
diff --git a/samples/net/download/boards/nrf7002dk_nrf5340_cpuapp.conf b/samples/net/download/boards/nrf7002dk_nrf5340_cpuapp.conf
index 68f956b4ba1c..6d466873528f 100644
--- a/samples/net/download/boards/nrf7002dk_nrf5340_cpuapp.conf
+++ b/samples/net/download/boards/nrf7002dk_nrf5340_cpuapp.conf
@@ -58,5 +58,12 @@ CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=120000
CONFIG_MBEDTLS_RSA_C=y
+
+# MBEDTLS_SSL_SERVER_NAME_INDICATION depends on MBEDTLS_TLS_LIBRARY
+CONFIG_MBEDTLS_TLS_LIBRARY=y
+
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
+
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
+
+CONFIG_MBEDTLS_PSA_CRYPTO_C=n
diff --git a/samples/net/http_server/overlay-tls-nrf91.conf b/samples/net/http_server/overlay-tls-nrf91.conf
index fe9b0de550a5..ed08f930f6d1 100644
--- a/samples/net/http_server/overlay-tls-nrf91.conf
+++ b/samples/net/http_server/overlay-tls-nrf91.conf
@@ -29,6 +29,8 @@ CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_CCM_C=y
CONFIG_MBEDTLS_GCM_C=y
+CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
+CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=y
# Enable ECC
CONFIG_MBEDTLS_ECP_C=y
diff --git a/samples/tfm/tfm_psa_template/CMakeLists.txt b/samples/tfm/tfm_psa_template/CMakeLists.txt
index 62bef07d483f..12c9ab814519 100644
--- a/samples/tfm/tfm_psa_template/CMakeLists.txt
+++ b/samples/tfm/tfm_psa_template/CMakeLists.txt
@@ -16,5 +16,5 @@ target_sources(app PRIVATE src/main.c)
target_include_directories(app PRIVATE
- $/install/interface/include
+ $/api_ns/interface/include
)
diff --git a/samples/tfm/tfm_secure_peripheral/CMakeLists.txt b/samples/tfm/tfm_secure_peripheral/CMakeLists.txt
index 6e24ab3341a8..9f8dd8acc145 100644
--- a/samples/tfm/tfm_secure_peripheral/CMakeLists.txt
+++ b/samples/tfm/tfm_secure_peripheral/CMakeLists.txt
@@ -28,7 +28,7 @@ target_sources(app PRIVATE
)
target_include_directories(app PRIVATE
- $/install/interface/include
+ $/api_ns/interface/include
)
target_compile_definitions(app
diff --git a/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/CMakeLists.txt b/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/CMakeLists.txt
index abb64cb9cdfa..71c6ed7d7b8b 100644
--- a/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/CMakeLists.txt
+++ b/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/CMakeLists.txt
@@ -59,7 +59,7 @@ target_link_libraries(tfm_partitions
tfm_app_rot_partition_spp
)
-target_compile_definitions(tfm_partition_defs
+target_compile_definitions(tfm_config
INTERFACE
TFM_PARTITION_SECURE_PERIPHERAL_PARTITION
)
diff --git a/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/secure_peripheral_partition.c b/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/secure_peripheral_partition.c
index f5a8a98ec5c2..741fbc52feda 100644
--- a/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/secure_peripheral_partition.c
+++ b/samples/tfm/tfm_secure_peripheral/secure_peripheral_partition/secure_peripheral_partition.c
@@ -6,7 +6,6 @@
#include
#include
-#include "tfm_api.h"
#include "tfm_sp_log.h"
diff --git a/samples/tfm/tfm_secure_peripheral/src/secure_peripheral_partition.h b/samples/tfm/tfm_secure_peripheral/src/secure_peripheral_partition.h
index b1fce3b620c8..cd5e7d42f489 100644
--- a/samples/tfm/tfm_secure_peripheral/src/secure_peripheral_partition.h
+++ b/samples/tfm/tfm_secure_peripheral/src/secure_peripheral_partition.h
@@ -4,8 +4,6 @@
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
-#include "tfm_api.h"
-
psa_status_t spp_process(void);
psa_status_t spp_send(void);
diff --git a/scripts/quarantine_zephyr.yaml b/scripts/quarantine_zephyr.yaml
index 735650aa6425..fd21b47905fb 100644
--- a/scripts/quarantine_zephyr.yaml
+++ b/scripts/quarantine_zephyr.yaml
@@ -146,6 +146,20 @@
- nrf9160dk_nrf9160_ns
comment: "Won't be fixed - https://nordicsemi.atlassian.net/browse/NCSDK-18853"
+- scenarios:
+ - sample.tfm.regression_ipc_lvl1
+ - sample.tfm.regression_ipc_lvl2
+ - sample.tfm.regression_sfn
+ - sample.tfm.psa_test_protected_storage
+ - sample.tfm.psa_test_internal_trusted_storage
+ - sample.tfm.psa_test_storage
+ - sample.tfm.psa_test_crypto
+ comment: "Won't be fixed - We have our own copy of these regression tests in nrf"
+
+- scenarios:
+ - libraries.uoscore
+ comment: "Won't be fixes - We don't support uoscore since it doesn't use NRF security"
+
- scenarios:
- sample.drivers.crypto.mbedtls
platforms:
diff --git a/subsys/net/lib/fota_download/src/fota_download.c b/subsys/net/lib/fota_download/src/fota_download.c
index ce4faebe2e84..0c290313edc5 100644
--- a/subsys/net/lib/fota_download/src/fota_download.c
+++ b/subsys/net/lib/fota_download/src/fota_download.c
@@ -17,8 +17,8 @@
#if defined(PM_S1_ADDRESS) || defined(CONFIG_DFU_TARGET_MCUBOOT)
/* MCUBoot support is required */
#include
-#if CONFIG_BUILD_WITH_TFM
-#include
+#if CONFIG_TRUSTED_EXECUTION_NONSECURE
+#include
#endif
#include
#endif
@@ -401,13 +401,7 @@ int fota_download_s0_active_get(bool *const s0_active)
int err;
#ifdef CONFIG_TRUSTED_EXECUTION_NONSECURE
-#if CONFIG_SPM_SERVICE_S0_ACTIVE
- err = spm_s0_active(PM_S0_ADDRESS, PM_S1_ADDRESS, s0_active);
-#elif CONFIG_BUILD_WITH_TFM
err = tfm_platform_s0_active(PM_S0_ADDRESS, PM_S1_ADDRESS, s0_active);
-#else
-#error "Not possible to read s0 active status"
-#endif
#else /* CONFIG_TRUSTED_EXECUTION_NONSECURE */
err = read_s0_active(PM_S0_ADDRESS, PM_S1_ADDRESS, s0_active);
#endif /* CONFIG_TRUSTED_EXECUTION_NONSECURE */
diff --git a/subsys/net/lib/wifi_credentials/CMakeLists.txt b/subsys/net/lib/wifi_credentials/CMakeLists.txt
index 33df81171720..055c57810a2a 100644
--- a/subsys/net/lib/wifi_credentials/CMakeLists.txt
+++ b/subsys/net/lib/wifi_credentials/CMakeLists.txt
@@ -9,7 +9,7 @@ zephyr_library_sources(wifi_credentials.c)
if (CONFIG_WIFI_CREDENTIALS_BACKEND_PSA)
zephyr_library_include_directories(
- $/install/interface/include
+ $/api_ns/interface/include
)
endif()
diff --git a/subsys/nrf_security/Kconfig b/subsys/nrf_security/Kconfig
index 00934b314d44..897b41a6fb19 100644
--- a/subsys/nrf_security/Kconfig
+++ b/subsys/nrf_security/Kconfig
@@ -54,11 +54,26 @@ config MBEDTLS_CFG_FILE
config MBEDTLS_USER_CONFIG_FILE
string "mbed TLS user configuration file"
- default "nrf-config-user.h"
+ default "nrf-config-user-empty.h"
help
Name of the file that will contain additional configurations for mbed TLS.
+ This file is empty by default.
+
+config MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ string "PSA want configuration file"
+ default "nrf-psa-crypto-want-config.h"
+ help
+ Name of the config file containins the PSA configuration.
This file may be generated and will contain PSA configurations if PSA APIs
- are generated in the system. This file is empty if legacy support is used.
+ are generated in the system.
+
+config MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ string "Additional PSA configuration file"
+ default "nrf-psa-crypto-config.h"
+ help
+ Name of the file containing extra PSA configuration.
+ This file may be generated andd will contain exte PSA configurations like the
+ PSA_NEED defines for different crypto accelerators.
config GENERATE_MBEDTLS_CFG_FILE
bool
diff --git a/subsys/nrf_security/Kconfig.legacy b/subsys/nrf_security/Kconfig.legacy
index 6b422601647b..292486f8d26a 100644
--- a/subsys/nrf_security/Kconfig.legacy
+++ b/subsys/nrf_security/Kconfig.legacy
@@ -49,10 +49,6 @@ config MBEDTLS_THREADING_ALT
bool
default y if CC3XX_BACKEND || PSA_CRYPTO_DRIVER_CC3XX
-config MBEDTLS_PLATFORM_ZEROIZE_ALT
- bool
- default y if NRF_CC3XX_PLATFORM
-
# Legacy configurations for _ALT defines
config MBEDTLS_AES_SETKEY_ENC_ALT
bool
@@ -673,6 +669,7 @@ config MBEDTLS_HKDF_C
config MBEDTLS_RSA_C
bool
prompt "RSA - Rivest-Shamir-Adleman cryptosystem"
+ depends on PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || !MBEDTLS_USE_PSA_CRYPTO
help
Enable RSA cryptosystem support.
MBEDTLS_RSA_C setting in mbed TLS config file.
@@ -775,6 +772,7 @@ config MBEDTLS_PKCS5_C
prompt "Enable PKCS5 support"
default y
depends on MBEDTLS_MD_C
+ depends on MBEDTLS_CIPHER_PADDING_PKCS7
config MBEDTLS_PK_WRITE_C
bool
@@ -786,4 +784,10 @@ config MBEDTLS_PK_PARSE_C
prompt "Enable PK parse support"
default y if MBEDTLS_TLS_LIBRARY
+config MBEDTLS_PK_PARSE_EC_EXTENDED
+ bool
+ prompt "Enhance support for reading EC keys"
+ default y
+ depends on MBEDTLS_PK_PARSE_C
+
endmenu # Legacy mbed TLS crypto APIs
diff --git a/subsys/nrf_security/cmake/config_to_tf-m.cmake b/subsys/nrf_security/cmake/config_to_tf-m.cmake
index ab97abd64f8a..980cd16fc418 100644
--- a/subsys/nrf_security/cmake/config_to_tf-m.cmake
+++ b/subsys/nrf_security/cmake/config_to_tf-m.cmake
@@ -25,9 +25,18 @@ set_property(TARGET zephyr_property_target
APPEND
PROPERTY TFM_CMAKE_OPTIONS
-DTFM_MBEDCRYPTO_CONFIG_PATH:STRING=${CONFIG_MBEDTLS_CFG_FILE}
- -DTFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH:STRING=${CONFIG_MBEDTLS_USER_CONFIG_FILE}
+ -DTFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH:STRING=${CMAKE_CURRENT_BINARY_DIR}/src/include/generated/${CONFIG_MBEDTLS_PSA_CRYPTO_CONFIG_FILE}
+ -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE:STRING=${CMAKE_CURRENT_BINARY_DIR}/src/include/generated/${CONFIG_MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE}
)
+if(NOT ${CONFIG_MBEDTLS_USER_CONFIG_FILE} STREQUAL "nrf-config-user-empty.h" )
+ set_property(TARGET zephyr_property_target
+ APPEND
+ PROPERTY TFM_CMAKE_OPTIONS
+ -DTFM_MBEDCRYPTO_USER_CONFIG_PATH:STRING=${CMAKE_CURRENT_BINARY_DIR}/src/include/generated/${CONFIG_MBEDTLS_USER_CONFIG_FILE}
+ )
+endif()
+
if(CONFIG_TFM_BL2)
set_property(TARGET zephyr_property_target
APPEND PROPERTY TFM_CMAKE_OPTIONS
diff --git a/subsys/nrf_security/cmake/legacy_crypto_config.cmake b/subsys/nrf_security/cmake/legacy_crypto_config.cmake
index 965e08233b60..0556f88bd98f 100644
--- a/subsys/nrf_security/cmake/legacy_crypto_config.cmake
+++ b/subsys/nrf_security/cmake/legacy_crypto_config.cmake
@@ -94,6 +94,7 @@ kconfig_check_and_set_base(MBEDTLS_MD_C)
kconfig_check_and_set_base(MBEDTLS_PK_C)
kconfig_check_and_set_base(MBEDTLS_PKCS5_C)
kconfig_check_and_set_base(MBEDTLS_PK_PARSE_C)
+kconfig_check_and_set_base(MBEDTLS_PK_PARSE_EC_EXTENDED)
kconfig_check_and_set_base(MBEDTLS_PK_WRITE_C)
kconfig_check_and_set_base(MBEDTLS_DEBUG_C)
kconfig_check_and_set_base(MBEDTLS_MEMORY_DEBUG)
@@ -168,6 +169,7 @@ kconfig_check_and_set_base(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
kconfig_check_and_set_base(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
kconfig_check_and_set_base(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
kconfig_check_and_set_base(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+kconfig_check_and_set_base(MBEDTLS_PK_PARSE_EC_EXTENDED)
#
# CC3XX flags for threading and platform zeroize
@@ -293,8 +295,9 @@ if(CONFIG_GENERATE_MBEDTLS_CFG_FILE)
${generated_include_path}/${CONFIG_MBEDTLS_CFG_FILE}
)
- # Copy an empty user-config to help with legacy build
+ # Copy an empty PSA user-config, as it is not needed for legacy builds
+ # Generate an empty file to prevent build issues
configure_file(${NRF_SECURITY_ROOT}/configs/nrf-config-user-empty.h
- ${generated_include_path}/${CONFIG_MBEDTLS_USER_CONFIG_FILE}
+ ${generated_include_path}/${CONFIG_MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE}
)
endif()
diff --git a/subsys/nrf_security/cmake/psa_crypto_config.cmake b/subsys/nrf_security/cmake/psa_crypto_config.cmake
index ac20a0cadb49..b7526e5cd8aa 100644
--- a/subsys/nrf_security/cmake/psa_crypto_config.cmake
+++ b/subsys/nrf_security/cmake/psa_crypto_config.cmake
@@ -8,158 +8,6 @@
# PSA Core implementation
kconfig_check_and_set_base_to_one(PSA_CORE_OBERON)
-# RNG
-kconfig_check_and_set_base_to_one(PSA_WANT_GENERATE_RANDOM)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR_DRBG)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC_DRBG)
-
-# Key types
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DERIVE)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_HMAC)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RAW_DATA)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD_HASH)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PEPPER)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_AES)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARIA)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DES)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CAMELLIA)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SM4)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARC4)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CHACHA20)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
-kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-
-# AEAD
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_GCM)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CHACHA20_POLY1305)
-
-# MAC
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_MAC)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CMAC)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC)
-
-# Hash
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_1)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_384)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_384)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_512)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SM3)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHAKE256_512)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RIPEMD160)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD2)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD4)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD5)
-
-# Cipher
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECB_NO_PADDING)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_NO_PADDING)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_PKCS7)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM_STAR_NO_TAG)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CFB)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_OFB)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_XTS)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_STREAM_CIPHER)
-
-# Key agreement
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDH)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_FFDH)
-
-# Key derivation
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXPAND)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXTRACT)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_HMAC)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PRF)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
-
-# Asymmetric encryption
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_OAEP)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-
-# Assymetric signature
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA_ANY)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PURE_EDDSA)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED25519PH)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED448PH)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS_ANY_SALT)
-
-# ECC Curves
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_160)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_192)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_320)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_255)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_448)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_255)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_448)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_192)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_192)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_224)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_256)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_384)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_521)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R2_160)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_163)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_233)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_239)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_283)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_409)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_571)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_163)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_233)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_283)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_409)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_571)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R2_163)
-kconfig_check_and_set_base_to_one(PSA_WANT_ECC_FRP_V1_256)
-
-# PAKE
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_JPAKE)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P)
-kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_6)
-
-# AES key sizes
-kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_128)
-kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_192)
-kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_256)
-
-# RSA key sizes
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_8192)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_6144)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_4096)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_3072)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_2048)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1536)
-kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1024)
-
-kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS)
-
# Convert nrf_cc3xx_platform driver configurations
kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_CTR_DRBG_DRIVER)
kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_HMAC_DRBG_DRIVER)
@@ -176,66 +24,121 @@ kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ASYMMETRIC_SIGNATURE_DRIVER)
# Convert nrf_oberon driver configurations
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AEAD_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CIPHER_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HASH_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PAKE_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_MAC_DRIVER)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER)
-
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_NO_PADDING_AES)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_PKCS7_AES)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECB_NO_PADDING_AES)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CIPHER_DRIVER)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_224)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_256)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_521)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_521)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED25519PH)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED448PH)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_VERIFY)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SIGN)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DETERMINISTIC)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_RANDOMIZED)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_224)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_256)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_512)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE256_512)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HASH_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_MAC_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_SECP_R1_256)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_SECP_R1_256)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6_3072)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_SECP)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_ECC)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_RSA)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PAKE_DRIVER)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1024)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1536)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_2048)
@@ -243,17 +146,18 @@ kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_3072)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_4096)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_6144)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_8192)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_OAEP)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ANY_RSA_KEY_SIZE)
kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF)
-kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_VERIFY)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_OAEP)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER)
+kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER)
set(SPAKE2P_USE_VERSION_04 ${CONFIG_PSA_CRYPTO_SPAKE2P_USE_VERSION_04})
# Convert NRF_RNG driver configuration
@@ -397,12 +301,12 @@ endif()
if(CONFIG_GENERATE_MBEDTLS_CFG_FILE)
# Copy the mbed TLS config file (default: nrf-config.h)
- configure_file(${NRF_SECURITY_ROOT}/configs/nrf-config.h
+ configure_file(${NRF_SECURITY_ROOT}/configs/nrf-config.h.template
${generated_include_path}/${CONFIG_MBEDTLS_CFG_FILE}
)
- # Generate the mbed TLS user config file (default nrf-config-user.h)
+ # Generate the PSA config file (default nrf-psa-crypto-config.h)
configure_file(${NRF_SECURITY_ROOT}/configs/psa_crypto_config.h.template
- ${generated_include_path}/${CONFIG_MBEDTLS_USER_CONFIG_FILE}
+ ${generated_include_path}/${CONFIG_MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE}
)
endif()
diff --git a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake
new file mode 100644
index 000000000000..75e451a988f6
--- /dev/null
+++ b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake
@@ -0,0 +1,150 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+# Convert all standard Kconfig variables for mbed TLS (strip CONFIG_)
+
+
+# All PSA_WANT_ symbols in alphabetical order */
+kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_128)
+kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_192)
+kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_256)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_MAC)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_NO_PADDING)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_PKCS7)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CFB)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CHACHA20_POLY1305)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CMAC)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR_DRBG)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ECB_NO_PADDING)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDH)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA_ANY)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ED25519PH)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_ED448PH)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_FFDH)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_GCM)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXPAND)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXTRACT)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC_DRBG)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_JPAKE)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_MD2)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_MD4)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_MD5)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_OFB)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_HMAC)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_PURE_EDDSA)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RIPEMD160)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_OAEP)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS_ANY_SALT)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_224)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_256)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_384)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_512)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHAKE256_512)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_1)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_224)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_256)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_384)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_224)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_256)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SM3)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SPAKE2P)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_SRP_6)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_STREAM_CIPHER)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PRF)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+kconfig_check_and_set_base_int(PSA_WANT_ALG_XTS)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_160)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_192)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_224)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_320)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_FRP_V1_256)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_255)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_448)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_192)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_224)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_256)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_192)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_224)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_256)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_384)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_521)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R2_160)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_163)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_233)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_239)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_283)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_409)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_571)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_163)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_233)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_283)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_409)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_571)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R2_163)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_255)
+kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_448)
+kconfig_check_and_set_base_int(PSA_WANT_GENERATE_RANDOM)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_AES)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARC4)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARIA)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CAMELLIA)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CHACHA20)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DERIVE)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DES)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_HMAC)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD_HASH)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PEPPER)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RAW_DATA)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_SM4)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1024)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1536)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_2048)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_3072)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_4096)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_6144)
+kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_8192)
+
+kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS)
+
+
+if(CONFIG_GENERATE_MBEDTLS_CFG_FILE)
+ # Create the mbed TLS PSA config file that contains all the PSA_WANT definitions
+ configure_file(${NRF_SECURITY_ROOT}/configs/psa_crypto_want_config.h.template
+ ${generated_include_path}/${CONFIG_MBEDTLS_PSA_CRYPTO_CONFIG_FILE}
+ )
+endif()
diff --git a/subsys/nrf_security/configs/legacy_crypto_config.h.template b/subsys/nrf_security/configs/legacy_crypto_config.h.template
index 6e52850eda95..e771d87a299b 100644
--- a/subsys/nrf_security/configs/legacy_crypto_config.h.template
+++ b/subsys/nrf_security/configs/legacy_crypto_config.h.template
@@ -943,7 +943,7 @@
*
* Disable if you only need to support RFC 5915 + 5480 key formats.
*/
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
+#cmakedefine MBEDTLS_PK_PARSE_EC_EXTENDED
/**
* \def MBEDTLS_ERROR_STRERROR_DUMMY
@@ -3226,7 +3226,7 @@ it is (2^48 - 1), our restriction is : (int - 0xFFFF - 0xF).*/
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
* their system (e.g explicit_bzero() in BSD).
*/
-#cmakedefine MBEDTLS_PLATFORM_ZEROIZE_ALT
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
/**
* Uncomment the macro to let Mbed TLS use your alternate implementation of
diff --git a/subsys/nrf_security/configs/nrf-config.h b/subsys/nrf_security/configs/nrf-config.h.template
similarity index 89%
rename from subsys/nrf_security/configs/nrf-config.h
rename to subsys/nrf_security/configs/nrf-config.h.template
index 631d81828c63..686f639b13d0 100644
--- a/subsys/nrf_security/configs/nrf-config.h
+++ b/subsys/nrf_security/configs/nrf-config.h.template
@@ -8,12 +8,13 @@
#ifndef MBEDTLS_CONFIG_PSA_H
#define MBEDTLS_CONFIG_PSA_H
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
#else
-#error "MBEDTLS_USER_CONFIG_FILE expected to be set"
+#error "MBEDTLS_PSA_CRYPTO_CONFIG_FILE expected to be set"
#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -169,11 +170,20 @@ extern "C" {
/* TLS/DTLS additions */
#if !defined(MBEDTLS_PSA_CRYPTO_SPM)
+#cmakedefine MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#cmakedefine MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
diff --git a/subsys/nrf_security/configs/psa_crypto_config.h.template b/subsys/nrf_security/configs/psa_crypto_config.h.template
index 4c48aee8b88f..40d64ab84f9f 100644
--- a/subsys/nrf_security/configs/psa_crypto_config.h.template
+++ b/subsys/nrf_security/configs/psa_crypto_config.h.template
@@ -11,156 +11,6 @@
/* PSA Core implementation */
#cmakedefine PSA_CORE_OBERON @PSA_CORE_OBERON@
-/* RNG */
-#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@
-#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@
-#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@
-
-/* Key types */
-#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@
-#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@
-#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@
-#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@
-#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@
-#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@
-#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@
-#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@
-#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@
-#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@
-#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@
-#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@
-#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@
-#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@
-#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@
-#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@
-#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@
-#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@
-#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@
-
-/* AEAD */
-#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@
-#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@
-#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@
-
-/* MAC */
-#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@
-#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@
-#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@
-
-/* Hash */
-#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@
-#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@
-#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@
-#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@
-#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@
-#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@
-#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@
-#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@
-#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@
-#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@
-#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@
-#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@
-#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@
-#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@
-#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@
-#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@
-#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@
-
-/* Cipher */
-#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@
-#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@
-#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@
-#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@
-#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@
-#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@
-#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@
-#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@
-#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@
-
-/* Key agreement */
-#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@
-#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@
-
-/* Key derivation */
-#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@
-#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@
-#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@
-#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@
-#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@
-#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@
-#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@
-#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@
-
-/* Asymmetric encryption */
-#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@
-#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@
-
-/* Asymmetric signature */
-#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@
-#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@
-#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@
-#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@
-#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@
-#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@
-#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@
-#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@
-#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@
-#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@
-
-/* ECC Curves */
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@
-#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@
-#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@
-#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@
-#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@
-#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@
-#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@
-#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@
-#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@
-#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@
-#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@
-#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@
-#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@
-#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@
-#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@
-#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@
-#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@
-#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@
-#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@
-#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@
-#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@
-#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@
-#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@
-#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@
-#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@
-#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@
-#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@
-#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@
-
-/* PAKE */
-#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@
-#cmakedefine PSA_WANT_ALG_SPAKE2P @PSA_WANT_ALG_SPAKE2P@
-#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@
-
-/* AES key sizes */
-#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@
-#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@
-#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@
-
-/* RSA key sizes */
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@
-#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@
-
#cmakedefine PSA_MAX_RSA_KEY_BITS @PSA_MAX_RSA_KEY_BITS@
/*
@@ -184,68 +34,121 @@
/*
* nrf_oberon driver configurations
*/
+#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@
+#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@
+#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@
#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@
-#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@
-#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@
-#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@
-#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@
-#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@
-#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@
-#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@
-#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@
-#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@
-#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@
-#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@
-#cmakedefine PSA_NEED_OBERON_RSA_SIGN @PSA_NEED_OBERON_RSA_SIGN@
-
+#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@
#cmakedefine PSA_NEED_OBERON_CBC_NO_PADDING_AES @PSA_NEED_OBERON_CBC_NO_PADDING_AES@
#cmakedefine PSA_NEED_OBERON_CBC_PKCS7_AES @PSA_NEED_OBERON_CBC_PKCS7_AES@
-#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@
-#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@
-#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@
#cmakedefine PSA_NEED_OBERON_ECB_NO_PADDING_AES @PSA_NEED_OBERON_ECB_NO_PADDING_AES@
-#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@
+#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@
#cmakedefine PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20 @PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20@
-#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@
-#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@
-#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@
-#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@
+#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@
#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_224 @PSA_NEED_OBERON_ECDH_SECP_R1_224@
#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_256 @PSA_NEED_OBERON_ECDH_SECP_R1_256@
#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_384 @PSA_NEED_OBERON_ECDH_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_521 @PSA_NEED_OBERON_ECDH_SECP_R1_521@
#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_255 @PSA_NEED_OBERON_ECDH_MONTGOMERY_255@
-#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@
-#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@
+#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_448 @PSA_NEED_OBERON_ECDH_MONTGOMERY_448@
+#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@
+#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@
#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_224 @PSA_NEED_OBERON_ECDSA_SECP_R1_224@
#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_256 @PSA_NEED_OBERON_ECDSA_SECP_R1_256@
#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_384 @PSA_NEED_OBERON_ECDSA_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_521 @PSA_NEED_OBERON_ECDSA_SECP_R1_521@
+#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@
+#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448@
+#cmakedefine PSA_NEED_OBERON_ED25519PH @PSA_NEED_OBERON_ED25519PH@
+#cmakedefine PSA_NEED_OBERON_ED448PH @PSA_NEED_OBERON_ED448PH@
+#cmakedefine PSA_NEED_OBERON_ECDSA_VERIFY @PSA_NEED_OBERON_ECDSA_VERIFY@
+#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@
+#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@
+#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@
+#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@
+#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@
+#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@
+#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@
+#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@
+#cmakedefine PSA_NEED_OBERON_SHA3_224 @PSA_NEED_OBERON_SHA3_224@
+#cmakedefine PSA_NEED_OBERON_SHA3_256 @PSA_NEED_OBERON_SHA3_256@
+#cmakedefine PSA_NEED_OBERON_SHA3_384 @PSA_NEED_OBERON_SHA3_384@
+#cmakedefine PSA_NEED_OBERON_SHA3_512 @PSA_NEED_OBERON_SHA3_512@
+#cmakedefine PSA_NEED_OBERON_SHA3 @PSA_NEED_OBERON_SHA3@
+#cmakedefine PSA_NEED_OBERON_SHAKE256_512 @PSA_NEED_OBERON_SHAKE256_512@
+#cmakedefine PSA_NEED_OBERON_SHAKE @PSA_NEED_OBERON_SHAKE@
+#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT@
+#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT@
+#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@
+#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@
+#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@
+#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@
+#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@
+#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@
+#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@
+#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@
+#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@
+#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@
+#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@
#cmakedefine PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS@
+#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@
#cmakedefine PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 @PSA_NEED_OBERON_ECJPAKE_SECP_R1_256@
#cmakedefine PSA_NEED_OBERON_JPAKE @PSA_NEED_OBERON_JPAKE@
#cmakedefine PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_SECP_R1_256@
#cmakedefine PSA_NEED_OBERON_SPAKE2P @PSA_NEED_OBERON_SPAKE2P@
#cmakedefine PSA_NEED_OBERON_SRP_6_3072 @PSA_NEED_OBERON_SRP_6_3072@
#cmakedefine PSA_NEED_OBERON_SRP_6 @PSA_NEED_OBERON_SRP_6@
-#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@
-#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@
-#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@
-#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@
-#cmakedefine PSA_NEED_OBERON_KEY_PAIR_25519 @PSA_NEED_OBERON_KEY_PAIR_25519@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 @PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 @PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384 @PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384@
-#cmakedefine PSA_NEED_OBERON_KEY_PAIR_P521 @PSA_NEED_OBERON_KEY_PAIR_P521@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_ECC @PSA_NEED_OBERON_KEY_MANAGEMENT_ECC@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_RSA @PSA_NEED_OBERON_KEY_MANAGEMENT_RSA@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_SECP @PSA_NEED_OBERON_KEY_MANAGEMENT_SECP@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255@
-#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY @PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY@
-#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@
-#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@
-#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@
+#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@
@@ -253,19 +156,18 @@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@
#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@
-#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@
-#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@
+#cmakedefine PSA_NEED_OBERON_ANY_RSA_KEY_SIZE @PSA_NEED_OBERON_ANY_RSA_KEY_SIZE@
+#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@
#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@
+#cmakedefine PSA_NEED_OBERON_RSA_ANY_VERIFY @PSA_NEED_OBERON_RSA_ANY_VERIFY@
#cmakedefine PSA_NEED_OBERON_RSA_ANY_SIGN @PSA_NEED_OBERON_RSA_ANY_SIGN@
-#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@
-#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@
-#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@
-#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@
-#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@
-#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@
-#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@
-#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@
-#cmakedefine PSA_NEED_OBERON_JPAKE_DRIVER @PSA_NEED_OBERON_JPAKE_DRIVER@
+#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@
+#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@
+#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@
+#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@
+#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@
+#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@
+#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@
/* Use Matter compatible version of Spake2+ in Oberon code. */
#cmakedefine SPAKE2P_USE_VERSION_04 @SPAKE2_USE_VERSION_04@
@@ -307,7 +209,6 @@
#cmakedefine MBEDTLS_ENTROPY_HARDWARE_ALT
#cmakedefine MBEDTLS_THREADING_C
#cmakedefine MBEDTLS_THREADING_ALT
-#cmakedefine MBEDTLS_PLATFORM_ZEROIZE_ALT
/* Legacy configurations for _ALT defines */
#cmakedefine MBEDTLS_AES_SETKEY_ENC_ALT
diff --git a/subsys/nrf_security/configs/psa_crypto_want_config.h.template b/subsys/nrf_security/configs/psa_crypto_want_config.h.template
new file mode 100644
index 000000000000..9b0dcb7eb4f4
--- /dev/null
+++ b/subsys/nrf_security/configs/psa_crypto_want_config.h.template
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ *
+ */
+
+#ifndef PSA_CRYPTO_WANT_CONFIG_H
+#define PSA_CRYPTO_WANT_CONFIG_H
+
+/* TODO make sure this required */
+#ifndef MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#endif
+
+/*
+ * All PSA_WANT_ symbols in alphabetical order
+ */
+#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@
+#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@
+#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@
+#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@
+#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@
+#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@
+#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@
+#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@
+#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@
+#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@
+#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@
+#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@
+#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@
+#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@
+#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@
+#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@
+#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@
+#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@
+#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@
+#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@
+#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@
+#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@
+#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@
+#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@
+#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@
+#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@
+#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@
+#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@
+#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@
+#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@
+#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@
+#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@
+#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@
+#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@
+#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@
+#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@
+#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@
+#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@
+#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@
+#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@
+#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@
+#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@
+#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@
+#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@
+#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@
+#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@
+#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@
+#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@
+#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@
+#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@
+#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@
+#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@
+#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@
+#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@
+#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@
+#cmakedefine PSA_WANT_ALG_SPAKE2P @PSA_WANT_ALG_SPAKE2P@
+#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@
+#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@
+#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@
+#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@
+#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@
+#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@
+#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@
+#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@
+#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@
+#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@
+#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@
+#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@
+#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@
+#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@
+#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@
+#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@
+#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@
+#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@
+#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@
+#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@
+#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@
+#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@
+#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@
+#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@
+#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@
+#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@
+#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@
+#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@
+#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@
+#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@
+#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@
+#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@
+#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@
+#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@
+#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@
+#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@
+#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@
+#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@
+#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@
+#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@
+#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@
+#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@
+#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT@
+#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@
+#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@
+#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@
+#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@
+#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@
+#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT@
+#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@
+#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@
+#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@
+#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC@
+
+/* The Adjusting is done in this file */
+#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+
+#endif /* PSA_CRYPTO_WANT_CONFIG_H */
diff --git a/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h b/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h
index bb4f0dbef1b6..b7f7554f8629 100644
--- a/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h
+++ b/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h
@@ -17,21 +17,6 @@
#if defined(CONFIG_PSA_WANT_ALG_SHA_512_256) && !defined(CONFIG_PSA_ACCEL_SHA_512_256)
#error "No crypto implementation for SHA-512-256"
#endif
-#if defined(CONFIG_PSA_WANT_ALG_SHA3_224) && !defined(CONFIG_PSA_ACCEL_SHA3_224)
-#error "No crypto implementation for SHA3-224"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_SHA3_256) && !defined(CONFIG_PSA_ACCEL_SHA3_256)
-#error "No crypto implementation for SHA3-256"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_SHA3_384) && !defined(CONFIG_PSA_ACCEL_SHA3_384)
-#error "No crypto implementation for SHA3-384"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_SHA3_512) && !defined(CONFIG_PSA_ACCEL_SHA3_512)
-#error "No crypto implementation for SHA3-512"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_SHAKE256_512) && !defined(CONFIG_PSA_ACCEL_SHAKE256_512)
-#error "No crypto implementation for SHAKE-256"
-#endif
#if defined(CONFIG_PSA_WANT_ALG_MD5) && !defined(CONFIG_PSA_ACCEL_MD5)
#error "No crypto implementation for MD5"
#endif
@@ -84,21 +69,6 @@
#endif
#endif
-#if defined(CONFIG_PSA_WANT_ALG_ECDH) && defined(CONFIG_PSA_WANT_ECC_MONTGOMERY_448) && \
- !defined(CONFIG_PSA_ACCEL_ECDH_MONTGOMERY_448)
-#error "No crypto implementation for X448"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_PURE_EDDSA) && defined(CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_448) && \
- !defined(CONFIG_PSA_ACCEL_PURE_EDDSA_TWISTED_EDWARDS_448)
-#error "No crypto implementation for ED448"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_ED25519PH) && !defined(CONFIG_PSA_ACCEL_ED25519PH)
-#error "No crypto implementation for pre-hashed ED25519"
-#endif
-#if defined(CONFIG_PSA_WANT_ALG_ED448PH) && !defined(CONFIG_PSA_ACCEL_ED448PH)
-#error "No crypto implementation for pre-hashed ED448"
-#endif
-
#if defined(CONFIG_PSA_WANT_ALG_FFDH)
#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_2048) && !defined(CONFIG_PSA_ACCEL_FFDH_2048)
#error "No crypto implementation for 2048 bit FFDH"
@@ -117,109 +87,612 @@
#endif
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_192) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_192)
-#error "No crypto implementation for secp-k1-192"
+#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_192)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_192)
+#error "No crypto implementation for secp-k1-192 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_192)
+#error "No crypto implementation for secp-k1-192 key pair import"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_224) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_224)
-#error "No crypto implementation for secp-k1-224"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_192)
+#error "No crypto implementation for secp-k1-192 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_192)
+#error "No crypto implementation for secp-k1-192 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_192)
+#error "No crypto implementation for secp-k1-192 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_256) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_256)
-#error "No crypto implementation for secp-k1-256"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECP_R1_192) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_192)
-#error "No crypto implementation for secp-r1-192"
+#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_224)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_224)
+#error "No crypto implementation for secp-k1-224 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_224)
+#error "No crypto implementation for secp-k1-224 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_224)
+#error "No crypto implementation for secp-k1-224 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_224)
+#error "No crypto implementation for secp-k1-224 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_224)
+#error "No crypto implementation for secp-k1-224 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECP_R1_521) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_521)
-#error "No crypto implementation for secp-r1-521"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_163) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_163)
-#error "No crypto implementation for sect-k1-163"
+#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_256)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_256)
+#error "No crypto implementation for secp-k1-256 public key"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_233) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_233)
-#error "No crypto implementation for sect-k1-233"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_256)
+#error "No crypto implementation for secp-k1-256 key pair import"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_239) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_239)
-#error "No crypto implementation for sect-k1-239"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_256)
+#error "No crypto implementation for secp-k1-256 key pair export"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_283) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_283)
-#error "No crypto implementation for sect-k1-283"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_256)
+#error "No crypto implementation for secp-k1-256 key pair generate"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_409) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_409)
-#error "No crypto implementation for sect-k1-409"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_256)
+#error "No crypto implementation for secp-k1-256 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_571) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_571)
-#error "No crypto implementation for sect-k1-571"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_163) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_163)
-#error "No crypto implementation for sect-r1-163"
+#if defined(CONFIG_PSA_WANT_ECC_SECP_R1_192)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_192)
+#error "No crypto implementation for secp-r1-192 public key"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_233) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_233)
-#error "No crypto implementation for sect-r1-233"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_192)
+#error "No crypto implementation for secp-r1-192 key pair import"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_283) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_283)
-#error "No crypto implementation for sect-r1-283"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_192)
+#error "No crypto implementation for secp-r1-192 key pair export"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_409) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_409)
-#error "No crypto implementation for sect-r1-409"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_192)
+#error "No crypto implementation for secp-r1-192 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_192)
+#error "No crypto implementation for secp-r1-192 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_571) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_571)
-#error "No crypto implementation for sect-r1-571"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_160) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_160)
-#error "No crypto implementation for brainpoolP160r1"
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_163)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_163)
+#error "No crypto implementation for sect-k1-163 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_163)
+#error "No crypto implementation for sect-k1-163 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_163)
+#error "No crypto implementation for sect-k1-163 key pair export"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_192) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_192)
-#error "No crypto implementation for brainpoolP192r1"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_163)
+#error "No crypto implementation for sect-k1-163 key pair generate"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_224) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_224)
-#error "No crypto implementation for brainpoolP224r1"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_163)
+#error "No crypto implementation for sect-k1-163 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_256)
-#error "No crypto implementation for brainpoolP256r1"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_320) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_320)
-#error "No crypto implementation for brainpoolP320r1"
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_233)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_233)
+#error "No crypto implementation for sect-k1-233 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_233)
+#error "No crypto implementation for sect-k1-233 key pair import"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_384)
-#error "No crypto implementation for brainpoolP384r1"
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_233)
+#error "No crypto implementation for sect-k1-233 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_233)
+#error "No crypto implementation for sect-k1-233 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_233)
+#error "No crypto implementation for sect-k1-233 key pair derive"
#endif
-#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
- !defined(CONFIG_PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_512)
-#error "No crypto implementation for brainpoolP512r1"
#endif
-#if defined(CONFIG_PSA_WANT_KEY_TYPE_ARIA) && !defined(CONFIG_PSA_ACCEL_ARIA)
-#error "No crypto implementation for ARIA"
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_239)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_239)
+#error "No crypto implementation for sect-k1-239 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_239)
+#error "No crypto implementation for sect-k1-239 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_239)
+#error "No crypto implementation for sect-k1-239 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_239)
+#error "No crypto implementation for sect-k1-239 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_239)
+#error "No crypto implementation for sect-k1-239 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_283)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_283)
+#error "No crypto implementation for sect-k1-283 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_283)
+#error "No crypto implementation for sect-k1-283 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_283)
+#error "No crypto implementation for sect-k1-283 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_283)
+#error "No crypto implementation for sect-k1-283 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_283)
+#error "No crypto implementation for sect-k1-283 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_409)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_409)
+#error "No crypto implementation for sect-k1-409 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_409)
+#error "No crypto implementation for sect-k1-409 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_409)
+#error "No crypto implementation for sect-k1-409 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_409)
+#error "No crypto implementation for sect-k1-409 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_409)
+#error "No crypto implementation for sect-k1-409 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_571)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_571)
+#error "No crypto implementation for sect-k1-571 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_571)
+#error "No crypto implementation for sect-k1-571 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_571)
+#error "No crypto implementation for sect-k1-571 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_571)
+#error "No crypto implementation for sect-k1-571 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_571)
+#error "No crypto implementation for sect-k1-571 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_163)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_163)
+#error "No crypto implementation for sect-r1-163 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_163)
+#error "No crypto implementation for sect-r1-163 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_163)
+#error "No crypto implementation for sect-r1-163 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_163)
+#error "No crypto implementation for sect-r1-163 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_163)
+#error "No crypto implementation for sect-r1-163 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_233)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_233)
+#error "No crypto implementation for sect-r1-233 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_233)
+#error "No crypto implementation for sect-r1-233 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_233)
+#error "No crypto implementation for sect-r1-233 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_233)
+#error "No crypto implementation for sect-r1-233 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_233)
+#error "No crypto implementation for sect-r1-233 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_283)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_283)
+#error "No crypto implementation for sect-r1-283 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_283)
+#error "No crypto implementation for sect-r1-283 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_283)
+#error "No crypto implementation for sect-r1-283 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_283)
+#error "No crypto implementation for sect-r1-283 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_283)
+#error "No crypto implementation for sect-r1-283 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_409)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_409)
+#error "No crypto implementation for sect-r1-409 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_409)
+#error "No crypto implementation for sect-r1-409 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_409)
+#error "No crypto implementation for sect-r1-409 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_409)
+#error "No crypto implementation for sect-r1-409 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_409)
+#error "No crypto implementation for sect-r1-409 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_571)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_571)
+#error "No crypto implementation for sect-r1-571 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_571)
+#error "No crypto implementation for sect-r1-571 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_571)
+#error "No crypto implementation for sect-r1-571 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_571)
+#error "No crypto implementation for sect-r1-571 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_571)
+#error "No crypto implementation for sect-r1-571 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_160)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_160)
+#error "No crypto implementation for brainpoolP160r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_160)
+#error "No crypto implementation for brainpoolP160r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_160)
+#error "No crypto implementation for brainpoolP160r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_160)
+#error "No crypto implementation for brainpoolP160r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_160)
+#error "No crypto implementation for brainpoolP160r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_192)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_192)
+#error "No crypto implementation for brainpoolP192r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_192)
+#error "No crypto implementation for brainpoolP192r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_192)
+#error "No crypto implementation for brainpoolP192r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_192)
+#error "No crypto implementation for brainpoolP192r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_192)
+#error "No crypto implementation for brainpoolP192r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_224)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_224)
+#error "No crypto implementation for brainpoolP224r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_224)
+#error "No crypto implementation for brainpoolP224r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_224)
+#error "No crypto implementation for brainpoolP224r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_224)
+#error "No crypto implementation for brainpoolP224r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_224)
+#error "No crypto implementation for brainpoolP224r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_256)
+#error "No crypto implementation for brainpoolP256r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_256)
+#error "No crypto implementation for brainpoolP256r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_256)
+#error "No crypto implementation for brainpoolP256r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_256)
+#error "No crypto implementation for brainpoolP256r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_256)
+#error "No crypto implementation for brainpoolP256r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_320)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_320)
+#error "No crypto implementation for brainpoolP320r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_320)
+#error "No crypto implementation for brainpoolP320r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_320)
+#error "No crypto implementation for brainpoolP320r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_320)
+#error "No crypto implementation for brainpoolP320r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_320)
+#error "No crypto implementation for brainpoolP320r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_384)
+#error "No crypto implementation for brainpoolP384r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_384)
+#error "No crypto implementation for brainpoolP384r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_384)
+#error "No crypto implementation for brainpoolP384r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_384)
+#error "No crypto implementation for brainpoolP384r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_384)
+#error "No crypto implementation for brainpoolP384r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_512)
+#error "No crypto implementation for brainpoolP512r1 public key"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_512)
+#error "No crypto implementation for brainpoolP512r1 key pair import"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_512)
+#error "No crypto implementation for brainpoolP512r1 key pair export"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_512)
+#error "No crypto implementation for brainpoolP512r1 key pair generate"
+#endif
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(CONFIG_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_512)
+#error "No crypto implementation for brainpoolP512r1 key pair derive"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_ARIA)
+#if defined(CONFIG_PSA_WANT_ALG_CCM) && !defined(CONFIG_PSA_ACCEL_CCM_ARIA)
+#error "No crypto implementation for ARIA-CCM"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_GCM) && !defined(CONFIG_PSA_ACCEL_GCM_ARIA)
+#error "No crypto implementation for ARIA-GCM"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CTR) && !defined(CONFIG_PSA_ACCEL_CTR_ARIA)
+#error "No crypto implementation for ARIA-CTR"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_PKCS7) && !defined(CONFIG_PSA_ACCEL_CBC_PKCS7_ARIA)
+#error "No crypto implementation for ARIA-CBC-PKCS7"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_NO_PADDING) && !defined(CONFIG_PSA_ACCEL_CBC_NO_PADDING_ARIA)
+#error "No crypto implementation for ARIA-CBC-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_ECB_NO_PADDING) && !defined(CONFIG_PSA_ACCEL_ECB_NO_PADDING_ARIA)
+#error "No crypto implementation for ARIA-ECB-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CFB) && !defined(CONFIG_PSA_ACCEL_CFB_ARIA)
+#error "No crypto implementation for ARIA-CFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_OFB) && !defined(CONFIG_PSA_ACCEL_OFB_ARIA)
+#error "No crypto implementation for ARIA-OFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_XTS) && !defined(CONFIG_PSA_ACCEL_XTS_ARIA)
+#error "No crypto implementation for ARIA-XTS"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_MAC) && !defined(CONFIG_PSA_ACCEL_CBC_MAC_ARIA)
+#error "No crypto implementation for ARIA-CBC-MAC"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CMAC) && !defined(CONFIG_PSA_ACCEL_CMAC_ARIA)
+#error "No crypto implementation for ARIA-CMAC"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_CAMELLIA)
+#if defined(CONFIG_PSA_WANT_ALG_CCM) && !defined(CONFIG_PSA_ACCEL_CCM_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CCM"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_GCM) && !defined(CONFIG_PSA_ACCEL_GCM_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-GCM"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CTR) && !defined(CONFIG_PSA_ACCEL_CTR_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CTR"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_PKCS7) && !defined(CONFIG_PSA_ACCEL_CBC_PKCS7_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CBC-PKCS7"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_NO_PADDING) && \
+ !defined(CONFIG_PSA_ACCEL_CBC_NO_PADDING_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CBC-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_ECB_NO_PADDING) && \
+ !defined(CONFIG_PSA_ACCEL_ECB_NO_PADDING_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-ECB-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CFB) && !defined(CONFIG_PSA_ACCEL_CFB_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_OFB) && !defined(CONFIG_PSA_ACCEL_OFB_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-OFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_XTS) && !defined(CONFIG_PSA_ACCEL_XTS_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-XTS"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_MAC) && !defined(CONFIG_PSA_ACCEL_CBC_MAC_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CBC-MAC"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CMAC) && !defined(CONFIG_PSA_ACCEL_CMAC_CAMELLIA)
+#error "No crypto implementation for CAMELLIA-CMAC"
+#endif
+#endif
+
+#if defined(CONFIG_PSA_WANT_KEY_TYPE_DES)
+#if defined(CONFIG_PSA_WANT_ALG_CTR) && !defined(CONFIG_PSA_ACCEL_CTR_DES)
+#error "No crypto implementation for DES-CTR"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_PKCS7) && !defined(CONFIG_PSA_ACCEL_CBC_PKCS7_DES)
+#error "No crypto implementation for DES-CBC-PKCS7"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_NO_PADDING) && !defined(CONFIG_PSA_ACCEL_CBC_NO_PADDING_DES)
+#error "No crypto implementation for DES-CBC-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_ECB_NO_PADDING) && !defined(CONFIG_PSA_ACCEL_ECB_NO_PADDING_DES)
+#error "No crypto implementation for DES-ECB-no-padding"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CFB) && !defined(CONFIG_PSA_ACCEL_CFB_DES)
+#error "No crypto implementation for DES-CFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_OFB) && !defined(CONFIG_PSA_ACCEL_OFB_DES)
+#error "No crypto implementation for DES-OFB"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_XTS) && !defined(CONFIG_PSA_ACCEL_XTS_DES)
+#error "No crypto implementation for DES-XTS"
+#endif
+#if defined(CONFIG_PSA_WANT_ALG_CBC_MAC) && !defined(CONFIG_PSA_ACCEL_CBC_MAC_DES)
+#error "No crypto implementation for DES-CBC-MAC"
#endif
-#if defined(CONFIG_PSA_WANT_KEY_TYPE_CAMELLIA) && !defined(CONFIG_PSA_ACCEL_CAMELLIA)
-#error "No crypto implementation for CAMELLIA"
+#if defined(CONFIG_PSA_WANT_ALG_CMAC) && !defined(CONFIG_PSA_ACCEL_CMAC_DES)
+#error "No crypto implementation for DES-CMAC"
#endif
-#if defined(CONFIG_PSA_WANT_KEY_TYPE_DES) && !defined(CONFIG_PSA_ACCEL_DES)
-#error "No crypto implementation for DES"
#endif
diff --git a/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h b/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h
index 91bd7ebe1f5f..4a8f77ccde12 100644
--- a/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h
+++ b/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h
@@ -74,5 +74,12 @@ typedef union {
} psa_driver_aead_context_t;
+/* These contexts are used by psa_crypto.c and we need to define
+ * them in order to avoid building errors. We don't use these at all
+ * in the Oberon PSA core, the int type was chosen arbitrarily.
+ */
+typedef int psa_driver_sign_hash_interruptible_context_t;
+typedef int psa_driver_verify_hash_interruptible_context_t;
+
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
/* End of automatically generated file. */
diff --git a/subsys/nrf_security/src/CMakeLists.txt b/subsys/nrf_security/src/CMakeLists.txt
index 8295cd881cc4..8374ad51a722 100644
--- a/subsys/nrf_security/src/CMakeLists.txt
+++ b/subsys/nrf_security/src/CMakeLists.txt
@@ -22,9 +22,18 @@ add_library(mbedcrypto_common INTERFACE)
target_compile_definitions(mbedcrypto_common
INTERFACE
-DMBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CFG_FILE}"
- -DMBEDTLS_USER_CONFIG_FILE="${CONFIG_MBEDTLS_USER_CONFIG_FILE}"
+ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE="${CONFIG_MBEDTLS_PSA_CRYPTO_CONFIG_FILE}"
+ -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE="${CONFIG_MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE}"
)
+# Add the user config only if it is set
+if(NOT ${CONFIG_MBEDTLS_USER_CONFIG_FILE} STREQUAL "nrf-config-user-empty.h" )
+ target_compile_definitions(mbedcrypto_common
+ INTERFACE
+ -DMBEDTLS_USER_CONFIG_FILE="${CONFIG_MBEDTLS_USER_CONFIG_FILE}"
+ )
+endif()
+
if (CONFIG_MBEDTLS_PSA_CRYPTO_SPM)
# Building as part of the TF-M build system.
# In order to support FPU in TF-M the following is documented by the TF-M
@@ -49,6 +58,9 @@ set(generated_include_path ${CMAKE_CURRENT_BINARY_DIR}/include/generated)
# Empty out previous versions of config-files
file(REMOVE_RECURSE ${generated_include_path})
+# Generate PSA WANT configurations
+include(${NRF_SECURITY_ROOT}/cmake/psa_crypto_want_config.cmake)
+
# Generate mbed TLS configurations
if(CONFIG_MBEDTLS_LEGACY_CRYPTO_C OR NOT COMPILE_PSA_APIS)
include(${NRF_SECURITY_ROOT}/cmake/legacy_crypto_config.cmake)
@@ -178,6 +190,7 @@ if (CONFIG_MBEDTLS_X509_LIBRARY)
x509_crl.c
x509_crt.c
x509_csr.c
+ x509write.c
x509write_crt.c
x509write_csr.c
)
diff --git a/subsys/nrf_security/src/drivers/Kconfig.psa_accel b/subsys/nrf_security/src/drivers/Kconfig.psa_accel
index be6ca209021a..1cab025141b7 100644
--- a/subsys/nrf_security/src/drivers/Kconfig.psa_accel
+++ b/subsys/nrf_security/src/drivers/Kconfig.psa_accel
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023 Nordic Semiconductor
+# Copyright (c) 2023-2024 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
@@ -7,21 +7,25 @@
# This invisible menu helps hiding these not user selectable options
# from menuconfig even when show-all mode is enabled
menu "PSA ACCEL - invisible"
+
visible if 0
-config PSA_ACCEL_ARIA
+config PSA_ACCEL_CBC_MAC_AES_128
bool
-config PSA_ACCEL_CAMELLIA
+config PSA_ACCEL_CBC_MAC_AES_192
bool
-config PSA_ACCEL_CBC_MAC_AES_128
+config PSA_ACCEL_CBC_MAC_AES_256
bool
-config PSA_ACCEL_CBC_MAC_AES_192
+config PSA_ACCEL_CBC_MAC_ARIA
bool
-config PSA_ACCEL_CBC_MAC_AES_256
+config PSA_ACCEL_CBC_MAC_CAMELLIA
+ bool
+
+config PSA_ACCEL_CBC_MAC_DES
bool
config PSA_ACCEL_CBC_NO_PADDING_AES_128
@@ -33,6 +37,15 @@ config PSA_ACCEL_CBC_NO_PADDING_AES_192
config PSA_ACCEL_CBC_NO_PADDING_AES_256
bool
+config PSA_ACCEL_CBC_NO_PADDING_ARIA
+ bool
+
+config PSA_ACCEL_CBC_NO_PADDING_CAMELLIA
+ bool
+
+config PSA_ACCEL_CBC_NO_PADDING_DES
+ bool
+
config PSA_ACCEL_CBC_PKCS7_AES_128
bool
@@ -42,6 +55,15 @@ config PSA_ACCEL_CBC_PKCS7_AES_192
config PSA_ACCEL_CBC_PKCS7_AES_256
bool
+config PSA_ACCEL_CBC_PKCS7_ARIA
+ bool
+
+config PSA_ACCEL_CBC_PKCS7_CAMELLIA
+ bool
+
+config PSA_ACCEL_CBC_PKCS7_DES
+ bool
+
config PSA_ACCEL_CCM_AES_128
bool
@@ -51,6 +73,12 @@ config PSA_ACCEL_CCM_AES_192
config PSA_ACCEL_CCM_AES_256
bool
+config PSA_ACCEL_CCM_ARIA
+ bool
+
+config PSA_ACCEL_CCM_CAMELLIA
+ bool
+
config PSA_ACCEL_CCM_STAR_NO_TAG_AES_128
bool
@@ -69,6 +97,15 @@ config PSA_ACCEL_CFB_AES_192
config PSA_ACCEL_CFB_AES_256
bool
+config PSA_ACCEL_CFB_ARIA
+ bool
+
+config PSA_ACCEL_CFB_CAMELLIA
+ bool
+
+config PSA_ACCEL_CFB_DES
+ bool
+
config PSA_ACCEL_CHACHA20_POLY1305
bool
@@ -81,6 +118,15 @@ config PSA_ACCEL_CMAC_AES_192
config PSA_ACCEL_CMAC_AES_256
bool
+config PSA_ACCEL_CMAC_ARIA
+ bool
+
+config PSA_ACCEL_CMAC_CAMELLIA
+ bool
+
+config PSA_ACCEL_CMAC_DES
+ bool
+
config PSA_ACCEL_CTR_AES_128
bool
@@ -90,7 +136,13 @@ config PSA_ACCEL_CTR_AES_192
config PSA_ACCEL_CTR_AES_256
bool
-config PSA_ACCEL_DES
+config PSA_ACCEL_CTR_ARIA
+ bool
+
+config PSA_ACCEL_CTR_CAMELLIA
+ bool
+
+config PSA_ACCEL_CTR_DES
bool
config PSA_ACCEL_ECB_NO_PADDING_AES_128
@@ -102,6 +154,15 @@ config PSA_ACCEL_ECB_NO_PADDING_AES_192
config PSA_ACCEL_ECB_NO_PADDING_AES_256
bool
+config PSA_ACCEL_ECB_NO_PADDING_ARIA
+ bool
+
+config PSA_ACCEL_ECB_NO_PADDING_CAMELLIA
+ bool
+
+config PSA_ACCEL_ECB_NO_PADDING_DES
+ bool
+
config PSA_ACCEL_ECDH_MONTGOMERY_255
bool
@@ -117,6 +178,9 @@ config PSA_ACCEL_ECDH_SECP_R1_256
config PSA_ACCEL_ECDH_SECP_R1_384
bool
+config PSA_ACCEL_ECDH_SECP_R1_521
+ bool
+
config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_1
bool
@@ -126,238 +190,706 @@ config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_224
config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_256
bool
+config PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_512
+ bool
+
config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_384
bool
-config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_512
+config PSA_ACCEL_ECDSA_SECP_R1_224_SHA_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_1
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_1
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA_1
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_224
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_256
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_512
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA_384
+ bool
+
+config PSA_ACCEL_ECDSA_SECP_R1_521_SHA_512
+ bool
+
+config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_1
+ bool
+
+config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_224
+ bool
+
+config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_256
+ bool
+
+config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_384
+ bool
+
+config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_512
+ bool
+
+config PSA_ACCEL_ED25519PH
+ bool
+
+config PSA_ACCEL_ED448PH
+ bool
+
+config PSA_ACCEL_FFDH_2048
+ bool
+
+config PSA_ACCEL_FFDH_3072
+ bool
+
+config PSA_ACCEL_FFDH_4096
+ bool
+
+config PSA_ACCEL_FFDH_6144
+ bool
+
+config PSA_ACCEL_FFDH_8192
+ bool
+
+config PSA_ACCEL_GCM_AES_128
+ bool
+
+config PSA_ACCEL_GCM_AES_192
+ bool
+
+config PSA_ACCEL_GCM_AES_256
+ bool
+
+config PSA_ACCEL_GCM_ARIA
+ bool
+
+config PSA_ACCEL_GCM_CAMELLIA
+ bool
+
+config PSA_ACCEL_GENERATE_RANDOM
+ bool
+
+config PSA_ACCEL_GET_ENTROPY
+ bool
+
+config PSA_ACCEL_HKDF_EXPAND_SHA_1
+ bool
+
+config PSA_ACCEL_HKDF_EXPAND_SHA_224
+ bool
+
+config PSA_ACCEL_HKDF_EXPAND_SHA_256
+ bool
+
+config PSA_ACCEL_HKDF_EXPAND_SHA_384
+ bool
+
+config PSA_ACCEL_HKDF_EXPAND_SHA_512
+ bool
+
+config PSA_ACCEL_HKDF_EXTRACT_SHA_1
+ bool
+
+config PSA_ACCEL_HKDF_EXTRACT_SHA_224
+ bool
+
+config PSA_ACCEL_HKDF_EXTRACT_SHA_256
+ bool
+
+config PSA_ACCEL_HKDF_EXTRACT_SHA_384
+ bool
+
+config PSA_ACCEL_HKDF_EXTRACT_SHA_512
+ bool
+
+config PSA_ACCEL_HKDF_SHA_1
+ bool
+
+config PSA_ACCEL_HKDF_SHA_224
+ bool
+
+config PSA_ACCEL_HKDF_SHA_256
+ bool
+
+config PSA_ACCEL_HKDF_SHA_384
+ bool
+
+config PSA_ACCEL_HKDF_SHA_512
+ bool
+
+config PSA_ACCEL_HMAC_SHA_1
+ bool
+
+config PSA_ACCEL_HMAC_SHA_224
+ bool
+
+config PSA_ACCEL_HMAC_SHA_256
+ bool
+
+config PSA_ACCEL_HMAC_SHA_384
+ bool
+
+config PSA_ACCEL_HMAC_SHA_512
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_160
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_320
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_512
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_239
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_160
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_320
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_512
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_239
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_K1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECT_R1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_160
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_320
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_512
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_192
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_239
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_K1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_163
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_233
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_283
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_409
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECT_R1_571
+ bool
+
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255
bool
-config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448
bool
-config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_160
bool
-config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_192
bool
-config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_224
bool
-config PSA_ACCEL_ECDSA_SECP_R1_256_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_256
bool
-config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_320
bool
-config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_384
bool
-config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_512
bool
-config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255
bool
-config PSA_ACCEL_ECDSA_SECP_R1_384_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448
bool
-config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_192
bool
-config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_224
bool
-config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_256
bool
-config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_192
bool
-config PSA_ACCEL_ECJPAKE_SECP_R1_256_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224
bool
-config PSA_ACCEL_ED25519PH
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256
bool
-config PSA_ACCEL_ED448PH
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384
bool
-config PSA_ACCEL_FFDH_2048
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
bool
-config PSA_ACCEL_FFDH_3072
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_163
bool
-config PSA_ACCEL_FFDH_4096
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_233
bool
-config PSA_ACCEL_FFDH_6144
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_239
bool
-config PSA_ACCEL_FFDH_8192
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_283
bool
-config PSA_ACCEL_GCM_AES_128
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_409
bool
-config PSA_ACCEL_GCM_AES_192
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_K1_571
bool
-config PSA_ACCEL_GCM_AES_256
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_163
bool
-config PSA_ACCEL_GENERATE_RANDOM
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_233
bool
-config PSA_ACCEL_GET_ENTROPY
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_283
bool
-config PSA_ACCEL_HKDF_EXPAND_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_409
bool
-config PSA_ACCEL_HKDF_EXPAND_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECT_R1_571
bool
-config PSA_ACCEL_HKDF_EXPAND_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255
bool
-config PSA_ACCEL_HKDF_EXPAND_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448
bool
-config PSA_ACCEL_HKDF_EXPAND_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_160
bool
-config PSA_ACCEL_HKDF_EXTRACT_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_192
bool
-config PSA_ACCEL_HKDF_EXTRACT_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_224
bool
-config PSA_ACCEL_HKDF_EXTRACT_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_256
bool
-config PSA_ACCEL_HKDF_EXTRACT_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_320
bool
-config PSA_ACCEL_HKDF_EXTRACT_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_384
bool
-config PSA_ACCEL_HKDF_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_512
bool
-config PSA_ACCEL_HKDF_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255
bool
-config PSA_ACCEL_HKDF_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448
bool
-config PSA_ACCEL_HKDF_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_192
bool
-config PSA_ACCEL_HKDF_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_224
bool
-config PSA_ACCEL_HMAC_SHA_1
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_256
bool
-config PSA_ACCEL_HMAC_SHA_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_192
bool
-config PSA_ACCEL_HMAC_SHA_256
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224
bool
-config PSA_ACCEL_HMAC_SHA_384
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256
bool
-config PSA_ACCEL_HMAC_SHA_512
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_160
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_192
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_163
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_233
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_256
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_239
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_320
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_283
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_384
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_409
bool
-config PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_512
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_K1_571
bool
-config PSA_ACCEL_KEY_MANAGEMENT_MONTGOMERY_255
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_163
bool
-config PSA_ACCEL_KEY_MANAGEMENT_RSA
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_233
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_192
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_283
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_409
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_256
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECT_R1_571
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_192
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_224
+config PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_256
+config PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_EXPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_384
+config PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_IMPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_521
+config PSA_ACCEL_KEY_TYPE_RSA_1024_PUBLIC_KEY
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_163
+config PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_EXPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_233
+config PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_IMPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_239
+config PSA_ACCEL_KEY_TYPE_RSA_1536_PUBLIC_KEY
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_283
+config PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_EXPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_409
+config PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_IMPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_K1_571
+config PSA_ACCEL_KEY_TYPE_RSA_2048_PUBLIC_KEY
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_163
+config PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_EXPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_233
+config PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_IMPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_283
+config PSA_ACCEL_KEY_TYPE_RSA_3072_PUBLIC_KEY
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_409
+config PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_SECT_R1_571
+config PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
bool
-config PSA_ACCEL_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+config PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
bool
config PSA_ACCEL_MD5
@@ -372,6 +904,15 @@ config PSA_ACCEL_OFB_AES_192
config PSA_ACCEL_OFB_AES_256
bool
+config PSA_ACCEL_OFB_ARIA
+ bool
+
+config PSA_ACCEL_OFB_CAMELLIA
+ bool
+
+config PSA_ACCEL_OFB_DES
+ bool
+
config PSA_ACCEL_PBKDF2_AES_CMAC_PRF_128
bool
@@ -408,6 +949,18 @@ config PSA_ACCEL_RSA_OAEP_1024_SHA_224
config PSA_ACCEL_RSA_OAEP_1024_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_1024_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1024_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1024_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1024_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_1024_SHA_384
bool
@@ -423,6 +976,18 @@ config PSA_ACCEL_RSA_OAEP_1536_SHA_224
config PSA_ACCEL_RSA_OAEP_1536_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_1536_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1536_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1536_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_1536_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_1536_SHA_384
bool
@@ -438,6 +1003,18 @@ config PSA_ACCEL_RSA_OAEP_2048_SHA_224
config PSA_ACCEL_RSA_OAEP_2048_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_2048_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_2048_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_2048_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_2048_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_2048_SHA_384
bool
@@ -453,6 +1030,18 @@ config PSA_ACCEL_RSA_OAEP_3072_SHA_224
config PSA_ACCEL_RSA_OAEP_3072_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_3072_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_3072_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_3072_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_3072_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_3072_SHA_384
bool
@@ -468,6 +1057,18 @@ config PSA_ACCEL_RSA_OAEP_4096_SHA_224
config PSA_ACCEL_RSA_OAEP_4096_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_4096_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_4096_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_4096_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_4096_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_4096_SHA_384
bool
@@ -483,6 +1084,18 @@ config PSA_ACCEL_RSA_OAEP_6144_SHA_224
config PSA_ACCEL_RSA_OAEP_6144_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_6144_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_6144_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_6144_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_6144_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_6144_SHA_384
bool
@@ -498,6 +1111,18 @@ config PSA_ACCEL_RSA_OAEP_8192_SHA_224
config PSA_ACCEL_RSA_OAEP_8192_SHA_256
bool
+config PSA_ACCEL_RSA_OAEP_8192_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_OAEP_8192_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_OAEP_8192_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_OAEP_8192_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_OAEP_8192_SHA_384
bool
@@ -534,6 +1159,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_384
bool
@@ -549,6 +1186,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_384
bool
@@ -564,6 +1213,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_384
bool
@@ -579,6 +1240,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_384
bool
@@ -594,6 +1267,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_384
bool
@@ -609,6 +1294,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_384
bool
@@ -624,6 +1321,18 @@ config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_224
config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_256
bool
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_384
bool
@@ -639,6 +1348,18 @@ config PSA_ACCEL_RSA_PSS_1024_SHA_224
config PSA_ACCEL_RSA_PSS_1024_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_1024_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_1024_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_1024_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_1024_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_1024_SHA_384
bool
@@ -654,6 +1375,18 @@ config PSA_ACCEL_RSA_PSS_1536_SHA_224
config PSA_ACCEL_RSA_PSS_1536_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_1536_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_1536_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_1536_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_1536_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_1536_SHA_384
bool
@@ -669,6 +1402,18 @@ config PSA_ACCEL_RSA_PSS_2048_SHA_224
config PSA_ACCEL_RSA_PSS_2048_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_2048_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_2048_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_2048_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_2048_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_2048_SHA_384
bool
@@ -684,6 +1429,18 @@ config PSA_ACCEL_RSA_PSS_3072_SHA_224
config PSA_ACCEL_RSA_PSS_3072_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_3072_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_3072_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_3072_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_3072_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_3072_SHA_384
bool
@@ -699,6 +1456,18 @@ config PSA_ACCEL_RSA_PSS_4096_SHA_224
config PSA_ACCEL_RSA_PSS_4096_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_4096_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_4096_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_4096_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_4096_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_4096_SHA_384
bool
@@ -714,6 +1483,18 @@ config PSA_ACCEL_RSA_PSS_6144_SHA_224
config PSA_ACCEL_RSA_PSS_6144_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_6144_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_6144_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_6144_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_6144_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_6144_SHA_384
bool
@@ -729,12 +1510,33 @@ config PSA_ACCEL_RSA_PSS_8192_SHA_224
config PSA_ACCEL_RSA_PSS_8192_SHA_256
bool
+config PSA_ACCEL_RSA_PSS_8192_SHA3_224
+ bool
+
+config PSA_ACCEL_RSA_PSS_8192_SHA3_256
+ bool
+
+config PSA_ACCEL_RSA_PSS_8192_SHA3_384
+ bool
+
+config PSA_ACCEL_RSA_PSS_8192_SHA3_512
+ bool
+
config PSA_ACCEL_RSA_PSS_8192_SHA_384
bool
config PSA_ACCEL_RSA_PSS_8192_SHA_512
bool
+config PSA_ACCEL_SHA_1
+ bool
+
+config PSA_ACCEL_SHA_224
+ bool
+
+config PSA_ACCEL_SHA_256
+ bool
+
config PSA_ACCEL_SHA3_224
bool
@@ -747,28 +1549,37 @@ config PSA_ACCEL_SHA3_384
config PSA_ACCEL_SHA3_512
bool
-config PSA_ACCEL_SHAKE256_512
+config PSA_ACCEL_SHA_384
bool
-config PSA_ACCEL_SHA_1
+config PSA_ACCEL_SHA_512
bool
-config PSA_ACCEL_SHA_224
+config PSA_ACCEL_SHA_512_224
bool
-config PSA_ACCEL_SHA_256
+config PSA_ACCEL_SHA_512_256
bool
-config PSA_ACCEL_SHA_384
+config PSA_ACCEL_SHAKE256_512
bool
-config PSA_ACCEL_SHA_512
+config PSA_ACCEL_SP800_108_COUNTER_CMAC
bool
-config PSA_ACCEL_SHA_512_224
+config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_1
bool
-config PSA_ACCEL_SHA_512_256
+config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_224
+ bool
+
+config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_256
+ bool
+
+config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_384
+ bool
+
+config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_512
bool
config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_1
@@ -828,4 +1639,13 @@ config PSA_ACCEL_XTS_AES_192
config PSA_ACCEL_XTS_AES_256
bool
+config PSA_ACCEL_XTS_ARIA
+ bool
+
+config PSA_ACCEL_XTS_CAMELLIA
+ bool
+
+config PSA_ACCEL_XTS_DES
+ bool
+
endmenu
diff --git a/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig b/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig
index 66b69585809d..2af92ef65dcc 100644
--- a/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig
+++ b/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig
@@ -367,130 +367,107 @@ config PSA_NEED_CC3XX_HASH_DRIVER
PSA_NEED_CC3XX_SHA_256
# CC3xx Key Generation Driver
-
-config PSA_NEED_CC3XX_RSA_KEY_SIZE_1024
- bool
- default y
- depends on PSA_WANT_RSA_KEY_SIZE_1024
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_RSA_KEY_SIZE_1536
- bool
- default y
- depends on PSA_WANT_RSA_KEY_SIZE_1536
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_RSA_KEY_SIZE_2048
- bool
- default y
- depends on PSA_WANT_RSA_KEY_SIZE_2048
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_RSA_KEY_SIZE_3072
- bool
- default y
- depends on PSA_WANT_RSA_KEY_SIZE_3072
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
- depends on HAS_HW_NRF_CC312
-
-config PSA_NEED_CC3XX_ANY_RSA_KEY_SIZE
- bool
- default y
- depends on PSA_NEED_CC3XX_RSA_KEY_SIZE_1024 || PSA_NEED_CC3XX_RSA_KEY_SIZE_1536 || \
- PSA_NEED_CC3XX_RSA_KEY_SIZE_2048 || PSA_NEED_CC3XX_RSA_KEY_SIZE_3072
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_192
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_192
- depends on PSA_WANT_ECC_SECP_R1_192
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_224
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_224
- depends on PSA_WANT_ECC_SECP_R1_224
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_256
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_256
- depends on PSA_WANT_ECC_SECP_R1_256
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_384
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_384
- depends on PSA_WANT_ECC_SECP_R1_384
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1
- bool
- default y
- depends on PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_192 || PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_224 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_256 || PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1_384
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_MONTGOMERY_255
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_MONTGOMERY_255
- depends on PSA_WANT_ECC_MONTGOMERY_255
+config PSA_NEED_CC3XX_KEY_TYPE_RSA_ANY
+ bool
+ default y
+ select PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_EXPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_IMPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_1024_PUBLIC_KEY
+ select PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_EXPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_IMPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_1536_PUBLIC_KEY
+ select PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_EXPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_IMPORT
+ select PSA_ACCEL_KEY_TYPE_RSA_2048_PUBLIC_KEY
+ select PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_EXPORT if HAS_HW_NRF_CC312
+ select PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_IMPORT if HAS_HW_NRF_CC312
+ select PSA_ACCEL_KEY_TYPE_RSA_3072_PUBLIC_KEY if HAS_HW_NRF_CC312
depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_TWISTED_EDWARDS_255
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_TWISTED_EDWARDS_255
- depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_BRAINPOOL_P_R1_256
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_BRAINPOOL_P_R1_256
- depends on PSA_WANT_ECC_BRAINPOOL_P_R1_256
+ depends on PSA_WANT_RSA_KEY_SIZE_1024 || \
+ PSA_WANT_RSA_KEY_SIZE_2048 || \
+ (PSA_WANT_RSA_KEY_SIZE_3072 && HAS_HW_NRF_CC312)
+
+config PSA_NEED_CC3XX_KEY_TYPE_ECC_ANY
+ bool
+ default y
+ # R1 192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_192
+ # R1 224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224
+ # R1 256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256
+ # R1 384
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384
+ # K1 192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_192
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_192
+ # K1 224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_224
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_224
+ # K1 256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_K1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_K1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_K1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_K1_256
+ # Twisted edwards 255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255
+ # Montgomery 255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255
+ # Brainpool 256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_BRAINPOOL_P_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_BRAINPOOL_P_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_256
+ select PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_BRAINPOOL_P_R1_256
+ # Depends
+ depends on PSA_WANT_ECC_SECP_R1_192 || \
+ PSA_WANT_ECC_SECP_R1_224 || \
+ PSA_WANT_ECC_SECP_R1_256 || \
+ PSA_WANT_ECC_SECP_R1_384 || \
+ PSA_WANT_ECC_SECP_K1_192 || \
+ PSA_WANT_ECC_SECP_K1_224 || \
+ PSA_WANT_ECC_SECP_K1_256 || \
+ PSA_WANT_ECC_MONTGOMERY_255 || \
+ PSA_WANT_ECC_TWISTED_EDWARDS_255 || \
+ PSA_WANT_ECC_BRAINPOOL_P_R1_256
depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_192
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_192
- depends on PSA_WANT_ECC_SECP_K1_192
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_224
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_224
- depends on PSA_WANT_ECC_SECP_K1_224
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_256
- bool
- default y
- select PSA_ACCEL_KEY_MANAGEMENT_SECP_K1_256
- depends on PSA_WANT_ECC_SECP_K1_256
- depends on PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
-
-config PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1
- bool
- default y
- depends on PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_192 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_224 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1_256
-
config PSA_NEED_CC3XX_KEY_MANAGEMENT_DRIVER
bool
default y
- depends on PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_R1 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_SECP_K1 || \
- PSA_NEED_CC3XX_ANY_RSA_KEY_SIZE || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_MONTGOMERY_255 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_TWISTED_EDWARDS_255 || \
- PSA_NEED_CC3XX_KEY_MANAGEMENT_BRAINPOOL_P_R1_256
+ depends on PSA_NEED_CC3XX_KEY_TYPE_RSA_ANY || \
+ PSA_NEED_CC3XX_KEY_TYPE_ECC_ANY
# CC3xx MAC Driver
diff --git a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig
index ee0b7879b77f..0b8e50bed99a 100644
--- a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig
+++ b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig
@@ -127,19 +127,33 @@ config PSA_NEED_OBERON_ECDH_SECP_R1_384
depends on PSA_WANT_ALG_ECDH
depends on PSA_WANT_ECC_SECP_R1_384 && !PSA_ACCEL_ECDH_SECP_R1_384
+config PSA_NEED_OBERON_ECDH_SECP_R1_521
+ bool
+ default y
+ depends on PSA_WANT_ALG_ECDH
+ depends on PSA_WANT_ECC_SECP_R1_521 && !PSA_ACCEL_ECDH_SECP_R1_521
+
config PSA_NEED_OBERON_ECDH_MONTGOMERY_255
bool
default y
depends on PSA_WANT_ALG_ECDH
depends on PSA_WANT_ECC_MONTGOMERY_255 && !PSA_ACCEL_ECDH_MONTGOMERY_255
+config PSA_NEED_OBERON_ECDH_MONTGOMERY_448
+ bool
+ default y
+ depends on PSA_WANT_ALG_ECDH
+ depends on PSA_WANT_ECC_MONTGOMERY_448 && !PSA_ACCEL_ECDH_MONTGOMERY_448
+
config PSA_NEED_OBERON_ECDH
bool
default y
depends on PSA_NEED_OBERON_ECDH_SECP_R1_224 || \
- PSA_NEED_OBERON_ECDH_SECP_R1_256 || \
- PSA_NEED_OBERON_ECDH_SECP_R1_384 || \
- PSA_NEED_OBERON_ECDH_MONTGOMERY_255
+ PSA_NEED_OBERON_ECDH_SECP_R1_256 || \
+ PSA_NEED_OBERON_ECDH_SECP_R1_384 || \
+ PSA_NEED_OBERON_ECDH_SECP_R1_521 || \
+ PSA_NEED_OBERON_ECDH_MONTGOMERY_255 || \
+ PSA_NEED_OBERON_ECDH_MONTGOMERY_448
config PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER
bool
@@ -154,32 +168,59 @@ config PSA_NEED_OBERON_ECDSA_SECP_R1_224
depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA
depends on PSA_WANT_ECC_SECP_R1_224
depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_512)
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_ECDSA_SECP_R1_224_SHA3_512)
config PSA_NEED_OBERON_ECDSA_SECP_R1_256
bool
default y
depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA
depends on PSA_WANT_ECC_SECP_R1_256
- depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_1 ) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_512)
+ depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_ECDSA_SECP_R1_256_SHA3_512)
config PSA_NEED_OBERON_ECDSA_SECP_R1_384
bool
default y
depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA
depends on PSA_WANT_ECC_SECP_R1_384
- depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_1 ) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_512)
+ depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_ECDSA_SECP_R1_384_SHA3_512)
+
+config PSA_NEED_OBERON_ECDSA_SECP_R1_521
+ bool
+ default y
+ depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA
+ depends on PSA_WANT_ECC_SECP_R1_521
+ depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_ECDSA_SECP_R1_521_SHA3_512)
config PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
bool
@@ -187,24 +228,50 @@ config PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
depends on PSA_WANT_ALG_PURE_EDDSA && !PSA_ACCEL_PURE_EDDSA_TWISTED_EDWARDS_255
depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
+config PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448
+ bool
+ default y
+ depends on PSA_WANT_ALG_PURE_EDDSA && !PSA_ACCEL_PURE_EDDSA_TWISTED_EDWARDS_448
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_ED25519PH
+ bool
+ default y
+ depends on PSA_WANT_ALG_ED25519PH && !PSA_ACCEL_ED25519PH
+
+config PSA_NEED_OBERON_ED448PH
+ bool
+ default y
+ depends on PSA_WANT_ALG_ED448PH && !PSA_ACCEL_ED448PH
+
+config PSA_NEED_OBERON_ECDSA_VERIFY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_ECDSA_SECP_R1_224 || \
+ PSA_NEED_OBERON_ECDSA_SECP_R1_256 || \
+ PSA_NEED_OBERON_ECDSA_SECP_R1_384 || \
+ PSA_NEED_OBERON_ECDSA_SECP_R1_521 || \
+ PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 || \
+ PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 || \
+ PSA_NEED_OBERON_ED25519PH || \
+ PSA_NEED_OBERON_ED448PH
+
config PSA_NEED_OBERON_ECDSA_SIGN
bool
default y
- depends on PSA_NEED_OBERON_ECDSA_SECP_R1_224 || \
- PSA_NEED_OBERON_ECDSA_SECP_R1_256 || \
- PSA_NEED_OBERON_ECDSA_SECP_R1_384 || \
- PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+ depends on PSA_NEED_OBERON_ECDSA_VERIFY
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
config PSA_NEED_OBERON_ECDSA_DETERMINISTIC
bool
default y
- depends on PSA_NEED_OBERON_ECDSA_SIGN
+ depends on PSA_NEED_OBERON_ECDSA_VERIFY
depends on PSA_WANT_ALG_DETERMINISTIC_ECDSA
config PSA_NEED_OBERON_ECDSA_RANDOMIZED
bool
default y
- depends on PSA_NEED_OBERON_ECDSA_SIGN
+ depends on PSA_NEED_OBERON_ECDSA_VERIFY
depends on PSA_WANT_ALG_ECDSA
# Oberon Hash Driver
@@ -234,6 +301,44 @@ config PSA_NEED_OBERON_SHA_512
default y
depends on PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SHA_512
+config PSA_NEED_OBERON_SHA3_224
+ bool
+ default y
+ depends on PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_SHA3_224
+
+config PSA_NEED_OBERON_SHA3_256
+ bool
+ default y
+ depends on PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_SHA3_256
+
+config PSA_NEED_OBERON_SHA3_384
+ bool
+ default y
+ depends on PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_SHA3_384
+
+config PSA_NEED_OBERON_SHA3_512
+ bool
+ default y
+ depends on PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_SHA3_512
+
+config PSA_NEED_OBERON_SHA3
+ bool
+ default y
+ depends on PSA_NEED_OBERON_SHA3_224 || \
+ PSA_NEED_OBERON_SHA3_256 || \
+ PSA_NEED_OBERON_SHA3_384 || \
+ PSA_NEED_OBERON_SHA3_512
+
+config PSA_NEED_OBERON_SHAKE256_512
+ bool
+ default y
+ depends on PSA_WANT_ALG_SHAKE256_512 && !PSA_ACCEL_SHAKE256_512
+
+config PSA_NEED_OBERON_SHAKE
+ bool
+ default y
+ depends on PSA_NEED_OBERON_SHAKE256_512
+
config PSA_NEED_OBERON_HASH_DRIVER
bool
default y
@@ -241,70 +346,373 @@ config PSA_NEED_OBERON_HASH_DRIVER
PSA_NEED_OBERON_SHA_224 || \
PSA_NEED_OBERON_SHA_256 || \
PSA_NEED_OBERON_SHA_384 || \
- PSA_NEED_OBERON_SHA_512
+ PSA_NEED_OBERON_SHA_512 || \
+ PSA_NEED_OBERON_SHA3 || \
+ PSA_NEED_OBERON_SHAKE
# Oberon Key Pair Driver
-config PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224
+# SECP_R1_224
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_224
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_224
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_224
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_224
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224
+
+# SECP_R1_256
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_256
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_256
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_256
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256
+ bool
+ default y
+ depends on PSA_WANT_ECC_SECP_R1_256
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256
+
+# SECP_R1_384
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384
bool
default y
- depends on PSA_WANT_ECC_SECP_R1_224 && !PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_224
+ depends on PSA_WANT_ECC_SECP_R1_384
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384
-config PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384
bool
default y
- depends on PSA_WANT_ECC_SECP_R1_256 && !PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_256
+ depends on PSA_WANT_ECC_SECP_R1_384
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384
-config PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384
bool
default y
- depends on PSA_WANT_ECC_SECP_R1_384 && !PSA_ACCEL_KEY_MANAGEMENT_SECP_R1_384
+ depends on PSA_WANT_ECC_SECP_R1_384
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384
-config PSA_NEED_OBERON_KEY_MANAGEMENT_SECP
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384
bool
default y
- depends on PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_224 || \
- PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_256 || \
- PSA_NEED_OBERON_KEY_MANAGEMENT_SECP_R1_384
+ depends on PSA_WANT_ECC_SECP_R1_384
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384
-config PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+# SECP_R1_521
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
bool
default y
- depends on PSA_WANT_ECC_MONTGOMERY_255 && !PSA_ACCEL_KEY_MANAGEMENT_MONTGOMERY_255
+ depends on PSA_WANT_ECC_SECP_R1_521
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
-config PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
bool
default y
- depends on PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY_255
+ depends on PSA_WANT_ECC_SECP_R1_521
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
-config PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521
bool
default y
- depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 && !PSA_ACCEL_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+ depends on PSA_WANT_ECC_SECP_R1_521
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521
-config PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521
bool
default y
- depends on PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS_255
+ depends on PSA_WANT_ECC_SECP_R1_521
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521
-config PSA_NEED_OBERON_KEY_MANAGEMENT_ECC
+# MONTGOMERY_255
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255
bool
default y
- depends on PSA_NEED_OBERON_KEY_MANAGEMENT_SECP || \
- PSA_NEED_OBERON_KEY_MANAGEMENT_TWISTED_EDWARDS || \
- PSA_NEED_OBERON_KEY_MANAGEMENT_MONTGOMERY
+ depends on PSA_WANT_ECC_MONTGOMERY_255
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255
-config PSA_NEED_OBERON_KEY_MANAGEMENT_RSA
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255
bool
default y
- depends on PSA_WANT_KEY_TYPE_RSA_KEY_PAIR || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- depends on !PSA_ACCEL_KEY_MANAGEMENT_RSA
+ depends on PSA_WANT_ECC_MONTGOMERY_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255
+
+# MONTGOMERY_448
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_448
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_MONTGOMERY_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448
+
+# TWISTED_EDWARDS_255
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_255
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255
+
+# TWISTED_EDWARDS_448
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_448
+ depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448
+ bool
+ default y
+ depends on PSA_WANT_ECC_TWISTED_EDWARDS_448
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448
+
+# Key management grouping configs
+# SECP
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521
+
+# MONTGOMERY
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448
+
+# TWISTED_EDWARDS
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448
+
+# Combined ECC keys
+config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS
+
+config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+ bool
+ default y
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS
+
+# RSA key types
+config PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY
+ bool
+ default y
+ depends on PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+ depends on (PSA_WANT_RSA_KEY_SIZE_1024 && !PSA_ACCEL_KEY_TYPE_RSA_1024_PUBLIC_KEY) || \
+ (PSA_WANT_RSA_KEY_SIZE_1536 && !PSA_ACCEL_KEY_TYPE_RSA_1536_PUBLIC_KEY) || \
+ (PSA_WANT_RSA_KEY_SIZE_2048 && !PSA_ACCEL_KEY_TYPE_RSA_2048_PUBLIC_KEY) || \
+ (PSA_WANT_RSA_KEY_SIZE_3072 && !PSA_ACCEL_KEY_TYPE_RSA_3072_PUBLIC_KEY) || \
+ PSA_WANT_RSA_KEY_SIZE_4096 || \
+ PSA_WANT_RSA_KEY_SIZE_6144 || \
+ PSA_WANT_RSA_KEY_SIZE_8192
+
+
+config PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+ bool
+ default y
+ depends on PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+ depends on (PSA_WANT_RSA_KEY_SIZE_1024 && !PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_IMPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_1536 && !PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_IMPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_2048 && !PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_IMPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_3072 && !PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_IMPORT) || \
+ PSA_WANT_RSA_KEY_SIZE_4096 || \
+ PSA_WANT_RSA_KEY_SIZE_6144 || \
+ PSA_WANT_RSA_KEY_SIZE_8192
+
+config PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+ bool
+ default y
+ depends on PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+ depends on (PSA_WANT_RSA_KEY_SIZE_1024 && !PSA_ACCEL_KEY_TYPE_RSA_1024_KEY_PAIR_EXPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_1536 && !PSA_ACCEL_KEY_TYPE_RSA_1536_KEY_PAIR_EXPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_2048 && !PSA_ACCEL_KEY_TYPE_RSA_2048_KEY_PAIR_EXPORT) || \
+ (PSA_WANT_RSA_KEY_SIZE_3072 && !PSA_ACCEL_KEY_TYPE_RSA_3072_KEY_PAIR_EXPORT) || \
+ PSA_WANT_RSA_KEY_SIZE_4096 || \
+ PSA_WANT_RSA_KEY_SIZE_6144 || \
+ PSA_WANT_RSA_KEY_SIZE_8192
config PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER
bool
default y
- depends on PSA_NEED_OBERON_KEY_MANAGEMENT_ECC || \
- PSA_NEED_OBERON_KEY_MANAGEMENT_RSA
+ depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \
+ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \
+ PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY || \
+ PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \
+ PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT
# Oberon MAC Driver
@@ -401,7 +809,7 @@ config PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS
config PSA_NEED_OBERON_KEY_DERIVATION_DRIVER
bool
default y
- depends on PSA_NEED_OBERON_HKDF || \
+ depends on PSA_NEED_OBERON_HKDF || \
PSA_NEED_OBERON_HKDF_EXTRACT || \
PSA_NEED_OBERON_HKDF_EXPAND || \
PSA_NEED_OBERON_TLS12_PRF || \
@@ -472,168 +880,253 @@ config PSA_NEED_OBERON_RSA_KEY_SIZE_1024
default y
depends on PSA_WANT_RSA_KEY_SIZE_1024
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_1024) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_1024_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_1024_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_1024_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_1024_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_1024_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_1024_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_1024_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_1024_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_1024_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_1024_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_512)))
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_1024_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_1024_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_1024_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_1024_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_1024_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_1024_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_1024_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_1024_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_1024_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_1024_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_1024_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_1024_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_1024_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_1024_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_1024_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_1024_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_1024_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_1024_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1024_SHA3_512)))
config PSA_NEED_OBERON_RSA_KEY_SIZE_1536
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_1536
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_1536) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_1536_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_1536_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_1536_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_1536_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_1536_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_1536_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_1536_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_1536_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_1536_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_1536_SHA_512))) || \
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_1536_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_1536_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_1536_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_1536_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_1536_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_1536_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_1536_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_1536_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_1536_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_1536_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_1536_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_1536_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_1536_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_1536_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_1536_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_1536_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_1536_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_1536_SHA3_512))) || \
(PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_512)))
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_1536_SHA3_512)))
config PSA_NEED_OBERON_RSA_KEY_SIZE_2048
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_2048
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_2048) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_2048_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_2048_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_2048_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_2048_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_2048_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_2048_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_2048_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_2048_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_2048_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_2048_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_512)))
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_2048_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_2048_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_2048_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_2048_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_2048_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_2048_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_2048_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_2048_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_2048_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_2048_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_2048_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_2048_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_2048_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_2048_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_2048_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_2048_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_2048_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_2048_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_2048_SHA3_512)))
config PSA_NEED_OBERON_RSA_KEY_SIZE_3072
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_3072
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_3072) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_3072_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_3072_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_3072_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_3072_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_3072_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_3072_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_3072_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_3072_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_3072_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_3072_SHA_512))) || \
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_3072_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_3072_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_3072_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_3072_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_3072_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_3072_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_3072_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_3072_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_3072_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_3072_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_3072_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_3072_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_3072_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_3072_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_3072_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_3072_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_3072_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_3072_SHA3_512))) || \
(PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_512)))
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_3072_SHA3_512)))
+
config PSA_NEED_OBERON_RSA_KEY_SIZE_4096
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_4096
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_4096) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_4096_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_4096_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_4096_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_4096_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_4096_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_4096_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_4096_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_4096_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_4096_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_4096_SHA_512))) || \
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_4096_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_4096_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_4096_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_4096_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_4096_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_4096_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_4096_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_4096_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_4096_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_4096_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_4096_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_4096_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_4096_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_4096_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_4096_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_4096_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_4096_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_4096_SHA3_512))) || \
(PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_512)))
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_4096_SHA3_512)))
config PSA_NEED_OBERON_RSA_KEY_SIZE_6144
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_6144
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_6144) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_6144_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_6144_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_6144_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_6144_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_6144_SHA_512))) || \
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_6144_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_6144_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_6144_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_6144_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_6144_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_6144_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_6144_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_6144_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_6144_SHA3_512))) || \
(PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_6144_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_6144_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_6144_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_6144_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_6144_SHA_512))) || \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_6144_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_6144_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_6144_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_6144_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_6144_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_6144_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_6144_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_6144_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_6144_SHA3_512))) || \
(PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_512)))
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_6144_SHA3_512)))
config PSA_NEED_OBERON_RSA_KEY_SIZE_8192
bool
default y
depends on PSA_WANT_RSA_KEY_SIZE_8192
depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA_PKCS1V15_CRYPT_8192) || \
- (PSA_WANT_ALG_RSA_OAEP && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_8192_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_8192_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_8192_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_8192_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_8192_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PSS && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_8192_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_8192_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_8192_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_8192_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_8192_SHA_512))) || \
- (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
- (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_1) || \
- (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_224) || \
- (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_256) || \
- (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_384) || \
- (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_512)))
+ (PSA_WANT_ALG_RSA_OAEP && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_OAEP_8192_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_OAEP_8192_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_OAEP_8192_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_OAEP_8192_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_OAEP_8192_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_OAEP_8192_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_OAEP_8192_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_OAEP_8192_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_OAEP_8192_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PSS && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PSS_8192_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PSS_8192_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PSS_8192_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PSS_8192_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PSS_8192_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PSS_8192_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PSS_8192_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PSS_8192_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PSS_8192_SHA3_512))) || \
+ (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \
+ (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_1) || \
+ (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_224) || \
+ (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_256) || \
+ (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_384) || \
+ (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA_512) || \
+ (PSA_WANT_ALG_SHA3_224 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_224) || \
+ (PSA_WANT_ALG_SHA3_256 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_256) || \
+ (PSA_WANT_ALG_SHA3_384 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_384) || \
+ (PSA_WANT_ALG_SHA3_512 && !PSA_ACCEL_RSA_PKCS1V15_SIGN_8192_SHA3_512)))
config PSA_NEED_OBERON_ANY_RSA_KEY_SIZE
bool
@@ -658,10 +1151,17 @@ config PSA_NEED_OBERON_RSA_PKCS1V15_SIGN
depends on PSA_WANT_ALG_RSA_PKCS1V15_SIGN
depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE
+config PSA_NEED_OBERON_RSA_ANY_VERIFY
+ bool
+ default y
+ depends on PSA_WANT_ALG_RSA_PSS || PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+ depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE
+
config PSA_NEED_OBERON_RSA_ANY_SIGN
bool
default y
- depends on PSA_NEED_OBERON_RSA_PSS || PSA_NEED_OBERON_RSA_PKCS1V15_SIGN
+ depends on PSA_NEED_OBERON_RSA_ANY_VERIFY
+ depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
config PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT
bool
@@ -688,10 +1188,8 @@ config PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER
config PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER
bool
default y
- depends on PSA_NEED_OBERON_ECDSA_RANDOMIZED || \
- PSA_NEED_OBERON_ECDSA_DETERMINISTIC || \
- PSA_NEED_OBERON_RSA_ANY_SIGN || \
- PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255
+ depends on PSA_NEED_OBERON_ECDSA_VERIFY || \
+ PSA_NEED_OBERON_RSA_ANY_VERIFY
# Oberon Random Driver
diff --git a/subsys/nrf_security/src/legacy/CMakeLists.txt b/subsys/nrf_security/src/legacy/CMakeLists.txt
index 26c352e8b9c8..1ba729157289 100644
--- a/subsys/nrf_security/src/legacy/CMakeLists.txt
+++ b/subsys/nrf_security/src/legacy/CMakeLists.txt
@@ -4,13 +4,14 @@
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
+set(is_getting_includes FALSE)
+
# Legacy APIs missing driver support or APIs assumed to be
# deprecated with more PSA API awareness.
append_with_prefix(src_crypto_legacy ${ARM_MBEDTLS_PATH}/library
dhm.c
cipher.c
cipher_wrap.c
- hash_info.c
md.c
pk.c
pk_wrap.c
@@ -18,12 +19,16 @@ append_with_prefix(src_crypto_legacy ${ARM_MBEDTLS_PATH}/library
sha1.c
sha256.c
sha512.c
+ sha3.c
ripemd160.c
md5.c
aesni.c
+ aesce.c
aria.c
camellia.c
des.c
+ psa_util.c
+ platform_util.c
)
# Add all files that are neccessary for nrf_oberon + builtin in legacy mode
@@ -38,6 +43,7 @@ if(CONFIG_MBEDTLS_LEGACY_CRYPTO_C OR
ecdsa.c
ecp.c
ecp_curves.c
+ ecp_curves_new.c
gcm.c
hkdf.c
hmac_drbg.c
@@ -66,6 +72,7 @@ if(NOT CONFIG_OBERON_BACKEND)
chacha20.c
poly1305.c
ecjpake.c
+ platform.c
)
endif()
@@ -99,6 +106,7 @@ if(DEFINED src_crypto_legacy_base)
endif()
if(TARGET mbedcrypto_oberon_mbedtls_imported)
+ set(is_getting_includes TRUE)
# Get the include paths from nrf_oberon libraries
get_target_property(NRF_OBERON_MBEDTLS_INCLUDE_PATH mbedcrypto_oberon_mbedtls_imported
@@ -124,11 +132,13 @@ target_link_libraries(mbedcrypto_oberon_mbedtls_imported
INTERFACE
${NRF_OBERON_MBEDTLS_INCLUDE_PATH}
${NRF_OBERON_INCLUDE_PATH}
- )
+ )
endif()
if(CONFIG_MBEDTLS_LEGACY_CRYPTO_C AND CONFIG_CC3XX_BACKEND)
+ set(is_getting_includes TRUE)
+
# Link directly with cc3xx platform/mbedcrypto libraries
target_link_libraries(${mbedcrypto_target} PRIVATE
nrf_cc3xx_legacy_crypto_imported
@@ -147,6 +157,8 @@ if(CONFIG_MBEDTLS_LEGACY_CRYPTO_C AND CONFIG_CC3XX_BACKEND)
endif()
if(TARGET nrf_cc3xx_core_imported)
+ set(is_getting_includes TRUE)
+
# The CC3XX needs funcionality which is provided by the inluded source files in src_crypto_legacy
# Link CC3XX with mbedcrypto_target because of link order dependency
target_link_libraries(nrf_cc3xx_core_imported INTERFACE
@@ -165,3 +177,23 @@ target_include_directories(${mbedcrypto_target}
INTERFACE
$<$:$>
)
+
+if(NOT is_getting_includes)
+ if(NOT DEFINED ARM_MBEDTLS_PATH)
+ message(FATAL_ERROR "misconfiguration")
+ endif()
+
+ # Add mbedtls legacy include paths to the mbedtls legacy library and
+ # it's users (users get the headers because we use interface). Also
+ # since nrf_security only provides some of the headers, add the rest
+ # from Zephyr. We place nrf_security before ARM_MBEDTLS_PATH so that
+ # nrf_security takes precedence.
+ target_include_directories(${mbedcrypto_target}
+ INTERFACE
+ ${NRF_SECURITY_ROOT}/include
+ ${OBERON_PSA_PATH}/core/include
+ ${OBERON_PSA_PATH}/core/library
+ ${ARM_MBEDTLS_PATH}/include
+ ${ARM_MBEDTLS_PATH}/library
+ )
+endif()
diff --git a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c
index 70ad4e38ac23..9f18ce042ae8 100644
--- a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c
+++ b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c
@@ -15,7 +15,7 @@
#include "psa_crypto_driver_wrappers.h"
#include
-#include "mbedtls/platform.h"
+#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -1916,12 +1916,19 @@ psa_status_t psa_driver_wrapper_key_agreement(const psa_key_attributes_t *attrib
* These APIs are not standardized and should be considered experimental.
*/
psa_status_t psa_driver_wrapper_pake_setup(psa_pake_operation_t *operation,
- const psa_pake_cipher_suite_t *cipher_suite)
+ const psa_pake_cipher_suite_t *cipher_suite,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *password, size_t password_length,
+ const uint8_t *user_id, size_t user_id_length,
+ const uint8_t *peer_id, size_t peer_id_length,
+ psa_pake_role_t role)
{
psa_status_t status;
#ifdef PSA_NEED_OBERON_PAKE_DRIVER
- status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, cipher_suite);
+ status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, cipher_suite, attributes,
+ password, password_length, user_id, user_id_length, peer_id,
+ peer_id_length, role);
if (status == PSA_SUCCESS) {
operation->id = PSA_CRYPTO_OBERON_DRIVER_ID;
}
@@ -1934,72 +1941,6 @@ psa_status_t psa_driver_wrapper_pake_setup(psa_pake_operation_t *operation,
return PSA_ERROR_NOT_SUPPORTED;
}
-psa_status_t psa_driver_wrapper_pake_set_password_key(psa_pake_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *password,
- size_t password_length)
-{
- switch (operation->id) {
-#ifdef PSA_NEED_OBERON_PAKE_DRIVER
- case PSA_CRYPTO_OBERON_DRIVER_ID:
- return oberon_pake_set_password_key(&operation->ctx.oberon_pake_ctx, attributes,
- password, password_length);
-#endif /* PSA_NEED_OBERON_PAKE_DRIVER */
-
- default:
- (void)attributes;
- (void)password;
- (void)password_length;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t psa_driver_wrapper_pake_set_user(psa_pake_operation_t *operation,
- const uint8_t *user_id, size_t user_id_len)
-{
- switch (operation->id) {
-#ifdef PSA_NEED_OBERON_PAKE_DRIVER
- case PSA_CRYPTO_OBERON_DRIVER_ID:
- return oberon_pake_set_user(&operation->ctx.oberon_pake_ctx, user_id, user_id_len);
-#endif /* PSA_NEED_OBERON_PAKE_DRIVER */
-
- default:
- (void)user_id;
- (void)user_id_len;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t psa_driver_wrapper_pake_set_peer(psa_pake_operation_t *operation,
- const uint8_t *peer_id, size_t peer_id_len)
-{
- switch (operation->id) {
-#ifdef PSA_NEED_OBERON_PAKE_DRIVER
- case PSA_CRYPTO_OBERON_DRIVER_ID:
- return oberon_pake_set_peer(&operation->ctx.oberon_pake_ctx, peer_id, peer_id_len);
-#endif /* PSA_NEED_OBERON_PAKE_DRIVER */
-
- default:
- (void)peer_id;
- (void)peer_id_len;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
-psa_status_t psa_driver_wrapper_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role)
-{
- switch (operation->id) {
-#ifdef PSA_NEED_OBERON_PAKE_DRIVER
- case PSA_CRYPTO_OBERON_DRIVER_ID:
- return oberon_pake_set_role(&operation->ctx.oberon_pake_ctx, role);
-#endif /* PSA_NEED_OBERON_PAKE_DRIVER */
-
- default:
- (void)role;
- return PSA_ERROR_BAD_STATE;
- }
-}
-
psa_status_t psa_driver_wrapper_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step,
uint8_t *output, size_t output_size,
size_t *output_length)
diff --git a/subsys/nrf_security/src/zephyr/CMakeLists.txt b/subsys/nrf_security/src/zephyr/CMakeLists.txt
index df412588e630..eb0911233c34 100644
--- a/subsys/nrf_security/src/zephyr/CMakeLists.txt
+++ b/subsys/nrf_security/src/zephyr/CMakeLists.txt
@@ -38,7 +38,7 @@ if(CONFIG_BUILD_WITH_TFM)
# Add the TF-M interface to zephyr includes
zephyr_include_directories(
- ${TFM_BINARY_DIR}/install/interface/include
+ ${TFM_BINARY_DIR}/api_ns/interface/include
)
endif()
diff --git a/subsys/nrf_security/tfm/CMakeLists.txt b/subsys/nrf_security/tfm/CMakeLists.txt
index c901a2478945..415462df3192 100644
--- a/subsys/nrf_security/tfm/CMakeLists.txt
+++ b/subsys/nrf_security/tfm/CMakeLists.txt
@@ -58,7 +58,6 @@ set(CONFIG_MBEDTLS_MD_C False)
# enable it manually.
if(CONFIG_HAS_HW_NRF_CC3XX)
set(CONFIG_NRF_CC3XX_PLATFORM True)
- set(CONFIG_MBEDTLS_PLATFORM_ZEROIZE_ALT True)
endif()
# Disable threading for TF-M SPM image
diff --git a/tests/subsys/net/lib/fota_download/CMakeLists.txt b/tests/subsys/net/lib/fota_download/CMakeLists.txt
index c2c0e0d43d43..c11e182a07e7 100644
--- a/tests/subsys/net/lib/fota_download/CMakeLists.txt
+++ b/tests/subsys/net/lib/fota_download/CMakeLists.txt
@@ -25,6 +25,8 @@ target_include_directories(app
${ZEPHYR_NRF_MODULE_DIR}/subsys/net/lib/fota_download/include
${ZEPHYR_NRF_MODULE_DIR}/include/net/
${ZEPHYR_NRF_MODULE_DIR}/subsys/dfu/include
+ ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/interface/include
+ ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/platform/ext/target/nordic_nrf/common/core/services/include
. # To get 'pm_config.h'
)
diff --git a/tests/subsys/net/lib/fota_download/prj.conf b/tests/subsys/net/lib/fota_download/prj.conf
index 9f004c411e2c..b762322ac200 100644
--- a/tests/subsys/net/lib/fota_download/prj.conf
+++ b/tests/subsys/net/lib/fota_download/prj.conf
@@ -9,5 +9,5 @@ CONFIG_FW_INFO=y
CONFIG_SYS_HASH_FUNC32=y
# In order to mock tfm_platform_s0_active
-CONFIG_TFM_BUILD_NS=y
CONFIG_TFM_ALLOW_NON_SECURE_FAULT_HANDLING=n
+CONFIG_BUILD_WITH_TFM=n
diff --git a/tests/tfm/tfm_psa_test/CMakeLists.txt b/tests/tfm/tfm_psa_test/CMakeLists.txt
index f53affd1cfd9..613972103c1f 100644
--- a/tests/tfm/tfm_psa_test/CMakeLists.txt
+++ b/tests/tfm/tfm_psa_test/CMakeLists.txt
@@ -17,6 +17,102 @@ project(tfm_psa_test)
target_sources(app PRIVATE src/main.c)
-target_include_directories(app PRIVATE
- $/install/interface/include
+get_target_property(TFM_BINARY_DIR tfm TFM_BINARY_DIR)
+get_target_property(TFM_NS_BIN_FILE tfm TFM_NS_BIN_FILE)
+get_target_property(TFM_NS_HEX_FILE tfm TFM_NS_HEX_FILE)
+get_target_property(TFM_NS_SIGNED_BIN_FILE tfm TFM_NS_SIGNED_BIN_FILE)
+
+get_target_property(TFM_TOOLCHAIN_PATH tfm TFM_TOOLCHAIN_PATH)
+get_target_property(TFM_TOOLCHAIN_PREFIX tfm TFM_TOOLCHAIN_PREFIX)
+get_target_property(TFM_TOOLCHAIN_NS_FILE tfm TFM_TOOLCHAIN_NS_FILE)
+
+set(TFM_TEST_REPO_PATH ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/../tf-m-tests)
+set(TFM_PSA_ARCHTEST_REPO_PATH ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/../psa-arch-tests)
+
+set(TFM_TEST_DIR "${TFM_TEST_REPO_PATH}/tests_psa_arch/spe/partitions")
+set(PSA_ARCH_TESTS_CONFIG_FILE "${TFM_TEST_REPO_PATH}/tests_psa_arch/spe/config/config_test_psa_api.cmake")
+
+if (CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION AND CONFIG_TFM_QCBOR_PATH STREQUAL "")
+# TODO: Remove this when QCBOR licensing issues w/t_cose have been resolved,
+# or only allow it when 'QCBOR_PATH' is set to a local path where QCBOR has
+# been manually downloaded by the user before starting the build.
+message(FATAL_ERROR "CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION is not available "
+ "with TF-M 2.0.0 due to licensing issues with a dependent library. This "
+ "restriction will be removed once licensing issues have been resolved."
+ )
+endif()
+
+
+
+if (CONFIG_TFM_PSA_TEST_CRYPTO)
+ set(TFM_PSA_TEST_SUITE CRYPTO)
+elseif (CONFIG_TFM_PSA_TEST_PROTECTED_STORAGE)
+ set(TFM_PSA_TEST_SUITE PROTECTED_STORAGE)
+elseif (CONFIG_TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGE)
+ set(TFM_PSA_TEST_SUITE INTERNAL_TRUSTED_STORAGE)
+elseif (CONFIG_TFM_PSA_TEST_STORAGE)
+ set(TFM_PSA_TEST_SUITE STORAGE)
+elseif (CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION)
+ set(TFM_PSA_TEST_SUITE INITIAL_ATTESTATION)
+endif()
+
+if (NOT DEFINED TFM_PSA_TEST_SUITE)
+ message(FATAL_ERROR "Please define witch test suite to run:
+ CONFIG_TFM_PSA_TEST_CRYPTO
+ CONFIG_TFM_PSA_TEST_PROTECTED_STORAGE
+ CONFIG_TFM_PSA_TEST_STORAGE
+ CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION")
+endif()
+set(TEST_PSA_API "${TFM_PSA_TEST_SUITE}")
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DCONFIG_TFM_TEST_DIR=${TFM_TEST_DIR}
+)
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DPSA_ARCH_TESTS_PATH=${TFM_PSA_ARCHTEST_REPO_PATH}
)
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DCONFIG_PSA_ARCH_TESTS_CONFIG_FILE=${PSA_ARCH_TESTS_CONFIG_FILE}
+)
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DTEST_PSA_API=${TEST_PSA_API}
+)
+
+include(ExternalProject)
+
+ExternalProject_Add(tfm_psa_arch_test_app
+ SOURCE_DIR ${TFM_TEST_REPO_PATH}/tests_psa_arch
+ BINARY_DIR ${PROJECT_BINARY_DIR}/tfm_ns
+ CONFIGURE_COMMAND
+ ${CMAKE_COMMAND}
+ -G ${CMAKE_GENERATOR}
+ -S ${TFM_TEST_REPO_PATH}/tests_psa_arch
+ -B ${PROJECT_BINARY_DIR}/tfm_ns
+ -DCONFIG_SPE_PATH=${TFM_BINARY_DIR}/api_ns
+ -DTFM_TOOLCHAIN_FILE=cmake/${TFM_TOOLCHAIN_NS_FILE}
+ -DCROSS_COMPILE=${TFM_TOOLCHAIN_PATH}/${TFM_TOOLCHAIN_PREFIX}
+ -DPSA_TOOLCHAIN_FILE=${TFM_BINARY_DIR}/api_ns/cmake/${TFM_TOOLCHAIN_NS_FILE}
+ -DQCBOR_PATH${QCBOR_PATH_TYPE}=${CONFIG_TFM_QCBOR_PATH}
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DTEST_PSA_API=${TEST_PSA_API}
+ -DZEPHYR_NRF_MODULE_DIR=${ZEPHYR_NRF_MODULE_DIR}
+ BUILD_COMMAND ${CMAKE_COMMAND} --build .
+ INSTALL_COMMAND ""
+ BUILD_ALWAYS True
+ USES_TERMINAL_BUILD True
+ WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/tfm_ns
+ DEPENDS tfm
+ BUILD_BYPRODUCTS
+ ${TFM_NS_HEX_FILE}
+ ${TFM_NS_BIN_FILE}
+ ${TFM_NS_SIGNED_BIN_FILE}
+)
+
+add_dependencies(app tfm_psa_arch_test_app)
diff --git a/tests/tfm/tfm_psa_test/boards/nrf5340dk_nrf5340_cpuapp_ns.overlay b/tests/tfm/tfm_psa_test/app.overlay
similarity index 53%
rename from tests/tfm/tfm_psa_test/boards/nrf5340dk_nrf5340_cpuapp_ns.overlay
rename to tests/tfm/tfm_psa_test/app.overlay
index 68f74c5ce345..2318e8eff54c 100644
--- a/tests/tfm/tfm_psa_test/boards/nrf5340dk_nrf5340_cpuapp_ns.overlay
+++ b/tests/tfm/tfm_psa_test/app.overlay
@@ -9,3 +9,11 @@
status = "okay";
hw-flow-control;
};
+
+&uart1 {
+ compatible = "nordic,nrf-uarte";
+ current-speed = <115200>;
+ /* Set to disabled in application, since TF-M will be using it. */
+ status = "disabled";
+ hw-flow-control;
+};
diff --git a/tests/tfm/tfm_psa_test/boards/nrf9160dk_nrf9160_ns.overlay b/tests/tfm/tfm_psa_test/boards/nrf9160dk_nrf9160_ns.overlay
deleted file mode 100644
index 68f74c5ce345..000000000000
--- a/tests/tfm/tfm_psa_test/boards/nrf9160dk_nrf9160_ns.overlay
+++ /dev/null
@@ -1,11 +0,0 @@
-/*
- * Copyright (c) 2023 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
- */
-&uart0 {
- compatible = "nordic,nrf-uarte";
- current-speed = <115200>;
- status = "okay";
- hw-flow-control;
-};
diff --git a/tests/tfm/tfm_psa_test/prj.conf b/tests/tfm/tfm_psa_test/prj.conf
index c7298a07a300..587088df9b1e 100644
--- a/tests/tfm/tfm_psa_test/prj.conf
+++ b/tests/tfm/tfm_psa_test/prj.conf
@@ -4,8 +4,8 @@
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
-CONFIG_TFM_BUILD_NS=y
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
+CONFIG_TFM_USE_NS_APP=y
# Needed for CRYPTO and INITIAL_ATTESTATION
CONFIG_MAIN_STACK_SIZE=4096
diff --git a/tests/tfm/tfm_psa_test/src/main.c b/tests/tfm/tfm_psa_test/src/main.c
index 7c385cb37a3d..ca1ce96a2f5a 100644
--- a/tests/tfm/tfm_psa_test/src/main.c
+++ b/tests/tfm/tfm_psa_test/src/main.c
@@ -1,19 +1,19 @@
/*
- * Copyright (c) 2022 Nordic Semiconductor ASA.
+ * Copyright (c) 2022-2024 Nordic Semiconductor ASA.
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
+#include
+
#ifdef CONFIG_TFM_PSA_TEST_NONE
#error "No PSA test suite set. See "Building and Running" in README."
#endif
-/* Run the PSA test suite */
-void psa_test(void);
-
int main(void)
{
- psa_test();
+ printk("Should not be printed, expected TF-M's NS application to be run instead.\n");
+ k_panic();
- return 0;
+ return 0; /* unreachable */
}
diff --git a/tests/tfm/tfm_regression_test/CMakeLists.txt b/tests/tfm/tfm_regression_test/CMakeLists.txt
index b5bd8fec6535..64f043a73421 100644
--- a/tests/tfm/tfm_regression_test/CMakeLists.txt
+++ b/tests/tfm/tfm_regression_test/CMakeLists.txt
@@ -11,3 +11,73 @@ find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(tfm_regression_test)
target_sources(app PRIVATE src/main.c)
+
+
+get_target_property(TFM_BINARY_DIR tfm TFM_BINARY_DIR)
+get_target_property(TFM_NS_BIN_FILE tfm TFM_NS_BIN_FILE)
+get_target_property(TFM_NS_HEX_FILE tfm TFM_NS_HEX_FILE)
+get_target_property(TFM_NS_SIGNED_BIN_FILE tfm TFM_NS_SIGNED_BIN_FILE)
+
+get_target_property(TFM_TOOLCHAIN_PATH tfm TFM_TOOLCHAIN_PATH)
+get_target_property(TFM_TOOLCHAIN_PREFIX tfm TFM_TOOLCHAIN_PREFIX)
+get_target_property(TFM_TOOLCHAIN_NS_FILE tfm TFM_TOOLCHAIN_NS_FILE)
+
+set(TFM_TEST_REPO_PATH ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/../tf-m-tests)
+
+set(TFM_TEST_DIR "${TFM_TEST_REPO_PATH}/tests_reg/test/secure_regression")
+set(TFM_TEST_CONFIG_FILE "${TFM_TEST_REPO_PATH}/tests_reg/test/config/config.cmake")
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DCONFIG_TFM_TEST_DIR=${TFM_TEST_DIR}
+)
+
+set_property(TARGET zephyr_property_target
+ APPEND PROPERTY TFM_CMAKE_OPTIONS
+ -DCONFIG_TFM_TEST_CONFIG_FILE=${TFM_TEST_CONFIG_FILE}
+)
+
+# Install t_cose
+
+file(COPY ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/lib/ext/t_cose
+ DESTINATION ${TFM_BINARY_DIR}/api_ns)
+
+# Initial attestation headers are needed for the tests
+set(TFM_SECURE_FW_SRC_DIR ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/secure_fw)
+file(COPY ${TFM_SECURE_FW_SRC_DIR}/partitions/initial_attestation
+ DESTINATION ${TFM_BINARY_DIR}/api_ns
+ FILES_MATCHING PATTERN "*.h")
+
+file(COPY ${TFM_SECURE_FW_SRC_DIR}/spm/include/boot/tfm_boot_status.h
+ DESTINATION ${TFM_BINARY_DIR}/api_ns/initial_attestation)
+
+
+include(ExternalProject)
+
+ExternalProject_Add(tfm_regression_test_app
+ SOURCE_DIR ${TFM_TEST_REPO_PATH}/tests_reg
+ BINARY_DIR ${PROJECT_BINARY_DIR}/tfm_ns
+ CONFIGURE_COMMAND
+ ${CMAKE_COMMAND}
+ -G ${CMAKE_GENERATOR}
+ -S ${TFM_TEST_REPO_PATH}/tests_reg
+ -B ${PROJECT_BINARY_DIR}/tfm_ns
+ -DCONFIG_SPE_PATH=${TFM_BINARY_DIR}/api_ns
+ -DTFM_TOOLCHAIN_FILE=cmake/${TFM_TOOLCHAIN_NS_FILE}
+ -DCROSS_COMPILE=${TFM_TOOLCHAIN_PATH}/${TFM_TOOLCHAIN_PREFIX}
+ -DQCBOR_PATH${QCBOR_PATH_TYPE}=${CONFIG_TFM_QCBOR_PATH}
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DZEPHYR_NRF_MODULE_DIR=${ZEPHYR_NRF_MODULE_DIR}
+ BUILD_COMMAND ${CMAKE_COMMAND} --build .
+ INSTALL_COMMAND ""
+ BUILD_ALWAYS True
+ USES_TERMINAL_BUILD True
+ WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/tfm_ns
+ DEPENDS tfm
+ BUILD_BYPRODUCTS
+ ${TFM_NS_HEX_FILE}
+ ${TFM_NS_BIN_FILE}
+ ${TFM_NS_SIGNED_BIN_FILE}
+)
+
+add_dependencies(app tfm_regression_test_app)
diff --git a/tests/tfm/tfm_regression_test/prj.conf b/tests/tfm/tfm_regression_test/prj.conf
index 0854189cb26c..cbad9d66d7f0 100644
--- a/tests/tfm/tfm_regression_test/prj.conf
+++ b/tests/tfm/tfm_regression_test/prj.conf
@@ -5,7 +5,6 @@
#
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
-CONFIG_TFM_BUILD_NS=y
CONFIG_TFM_USE_NS_APP=y
CONFIG_TFM_REGRESSION_S=y
CONFIG_TFM_REGRESSION_NS=y
@@ -71,5 +70,7 @@ CONFIG_PSA_WANT_RSA_KEY_SIZE_3072=y
CONFIG_PSA_WANT_ALG_SHA_1=n # This is used to test not supported return code
CONFIG_PSA_WANT_ALG_SHA_224=y
CONFIG_PSA_WANT_ALG_SHA_256=y
+CONFIG_PSA_WANT_ALG_SHA_384=y
+CONFIG_PSA_WANT_ALG_SHA_512=y
CONFIG_TFM_SECURE_UART_SHARE_INSTANCE=n
diff --git a/west.yml b/west.yml
index 9dd66be8388b..9ef1e596fb55 100644
--- a/west.yml
+++ b/west.yml
@@ -61,7 +61,7 @@ manifest:
# https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
- name: zephyr
repo-path: sdk-zephyr
- revision: 617f2d3fc477a6e11863e2edae3f98b4e4ba533e
+ revision: pull/1452/head
import:
# In addition to the zephyr repository itself, NCS also
# imports the contents of zephyr/west.yml at the above
@@ -129,7 +129,7 @@ manifest:
compare-by-default: true
- name: mcuboot
repo-path: sdk-mcuboot
- revision: a9d5fa76a6840f8934b2aaaf51e290f91eb3f991
+ revision: pull/296/head
path: bootloader/mcuboot
- name: qcbor
url: https://github.com/laurencelundblade/QCBOR.git
@@ -138,23 +138,23 @@ manifest:
- name: mbedtls
path: modules/crypto/mbedtls
repo-path: sdk-mbedtls
- revision: v3.3.0-ncs2
+ revision: pull/28/head
- name: nrfxlib
repo-path: sdk-nrfxlib
path: nrfxlib
- revision: 600c76a1fdb11d54fa44023ad3750cd469d20fec
+ revision: pull/1187/head
- name: trusted-firmware-m
repo-path: sdk-trusted-firmware-m
path: modules/tee/tf-m/trusted-firmware-m
- revision: eaf90ec9d9e42a0a47c65ed34e79705e136f7a1d
+ revision: pull/118/head
- name: psa-arch-tests
repo-path: sdk-psa-arch-tests
path: modules/tee/tf-m/psa-arch-tests
- revision: 0a980137820ab08d267cce1daa93f003c0437854
+ revision: pull/2/head
- name: matter
repo-path: sdk-connectedhomeip
path: modules/lib/matter
- revision: 4936f9fa2be9e6cd16b02e4fcb9a7aff611f4981
+ revision: pull/384/head
submodules:
- name: nlio
path: third_party/nlio/repo