Apply patches from TF-M v2.3

core/psa_crypto_driver_wrappers_no_static.c

@@ -45,16 +45,48 @@
 
 #endif
 
+/* Include TF-M builtin key driver */
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+#ifndef PSA_CRYPTO_DRIVER_PRESENT
+#define PSA_CRYPTO_DRIVER_PRESENT
+#endif
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif
+#include "tfm_builtin_key_loader.h"
+#if defined(CC3XX_CRYPTO_OPAQUE_KEYS)
+#include "cc3xx_opaque_keys.h"
+#endif
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+#ifndef PSA_CRYPTO_DRIVER_PRESENT
+#define PSA_CRYPTO_DRIVER_PRESENT
+#endif
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif
+#include "cc3xx.h"
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
 /* END-driver headers */
 
 /* Auto-generated values depending on which drivers are registered.
  * ID 0 is reserved for unallocated operations.
  * ID 1 is reserved for the Mbed TLS software driver. */
 /* BEGIN-driver id definition */
-#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
-#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
-#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
-#define P256_TRANSPARENT_DRIVER_ID (4)
+enum {
+    PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
+    MBEDTLS_TEST_OPAQUE_DRIVER_ID,
+    MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
+    P256_TRANSPARENT_DRIVER_ID,
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+    PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+    PSA_CRYPTO_CC3XX_DRIVER_ID,
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+};
 
 /* END-driver id */
 
@@ -106,6 +138,15 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
                     PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
+#if defined(CC3XX_CRYPTO_OPAQUE_KEYS)
+        case CC3XX_OPAQUE_KEY_LOCATION:
+#endif
+            return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
+                                                              key_buffer_size);
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
+
         default:
             (void)key_type;
             (void)key_bits;
@@ -127,6 +168,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
     switch( location )
     {
         case PSA_KEY_LOCATION_LOCAL_STORAGE:
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
             /* Key is stored in the slot in export representation, so
              * cycle through all known transparent accelerators */
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -145,6 +189,17 @@ psa_status_t psa_driver_wrapper_export_public_key(
                 return( status );
 #endif
 
+#if defined(PSA_CRYPTO_DRIVER_CC3XX)
+            status = cc3xx_export_public_key(
+                         attributes,
+                         key_buffer,
+                         key_buffer_size,
+                         data,
+                         data_size,
+                         data_length );
+            return( status );
+#endif /* PSA_CRYPTO_DRIVER_CC3XX */
+
 #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
             status = p256_transparent_export_public_key
                 (attributes,
@@ -215,6 +270,16 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
         ));
 #endif
 
+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
+        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
+#if defined(CC3XX_CRYPTO_OPAQUE_KEYS)
+        case CC3XX_OPAQUE_KEY_LOCATION:
+#endif
+            return( tfm_builtin_key_loader_get_builtin_key(
+                        slot_number,
+                        attributes,
+                        key_buffer, key_buffer_size, key_buffer_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
 
 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
         default:

core/tf_psa_crypto_config.c

@@ -6,6 +6,8 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
+#include "tf_psa_crypto_platform_requirements.h"
+
 /* Detect whether this is a normal build of the library, or a build of
  * libtestdriver1, where all identifiers starting with normal prefixes
  * have LIBTESTDRIVER1_ prepended. Do this without relying on

core/tf_psa_crypto_platform_requirements.h

@@ -15,10 +15,13 @@
 #ifndef TF_PSA_CRYPTO_TF_PSA_CRYPTO_PLATFORM_REQUIREMENTS_H
 #define TF_PSA_CRYPTO_TF_PSA_CRYPTO_PLATFORM_REQUIREMENTS_H
 
+ /* Do not try to use the library extension with ATfE toolchain */
+#if !defined(__GNUC__) || !defined(__clang_major__)
 #ifndef __STDC_WANT_LIB_EXT1__
 /* Ask for the C11 gmtime_s() and memset_s() if available */
 #define __STDC_WANT_LIB_EXT1__ 1
 #endif
+#endif /* !__GNUC__ || !__clang_major__ */
 
 #if !defined(_POSIX_C_SOURCE)
 /* For standards-compliant access to

drivers/builtin/include/mbedtls/private/crypto_adjust_config_enable_builtins.h

@@ -817,4 +817,8 @@
 #endif /* !MBEDTLS_PSA_ACCEL_ALG_SHAKE256 */
 #endif /* PSA_WANT_ALG_SHAKE256 */
 
+#if defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_SP800_108_COUNTER_CMAC  1
+#endif /* PSA_WANT_ALG_SP800_108_COUNTER_CMAC */
+
 #endif /* TF_PSA_CRYPTO_MBEDTLS_PRIVATE_CRYPTO_ADJUST_CONFIG_ENABLE_BUILTINS_H */

drivers/builtin/include/mbedtls/private/crypto_builtin_key_derivation.h

@@ -117,4 +117,86 @@ typedef struct {
 } psa_pbkdf2_key_derivation_t;
 #endif /* PSA_HAVE_SOFT_PBKDF2 */
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SP800_108_COUNTER_CMAC)
+#include <stdbool.h>
+
+#define SP800_108_INIT_CAPACITY (0x1fffffff)
+
+#define SP800_108_INTERATION_COUNTER_SIZE   4
+
+#ifndef SP800_108_LABEL_MAX_SIZE
+#define SP800_108_LABEL_MAX_SIZE            50
+#endif
+
+#define SP800_108_NULL_BYTE_SIZE            1
+
+#ifndef SP800_108_CONTEXT_MAX_SIZE
+#define SP800_108_CONTEXT_MAX_SIZE          50
+#endif
+
+#define SP800_108_K0_MAX_SIZE               PSA_MAC_MAX_SIZE
+
+#define SP800_108_ENCODED_LENGTH_SIZE       4
+
+#define SP800_108_TOTAL_INPUT_MAX_SIZE \
+    (SP800_108_INTERATION_COUNTER_SIZE + \
+     SP800_108_LABEL_MAX_SIZE + \
+     SP800_108_NULL_BYTE_SIZE + \
+     SP800_108_CONTEXT_MAX_SIZE + \
+     SP800_108_ENCODED_LENGTH_SIZE + \
+     SP800_108_K0_MAX_SIZE)
+
+#define SP800_108_INPUT_INTERATION_COUNTER_OFFSET(ctx) (0)
+
+#define SP800_108_INPUT_LABEL_OFFSET(ctx) \
+    (SP800_108_INTERATION_COUNTER_SIZE)
+
+#define SP800_108_INPUT_CONTEXT_OFFSET(ctx) \
+    (SP800_108_INPUT_LABEL_OFFSET(ctx) + \
+     (ctx)->label_length + \
+     SP800_108_NULL_BYTE_SIZE)
+
+#define SP800_108_INPUT_ENCODED_LENGTH_OFFSET(ctx) \
+    (SP800_108_INPUT_CONTEXT_OFFSET(ctx) + \
+     (ctx)->context_length)
+
+#define SP800_108_INPUT_K0_OFFSET(ctx) \
+    (SP800_108_INPUT_ENCODED_LENGTH_OFFSET(ctx) + \
+     SP800_108_ENCODED_LENGTH_SIZE)
+
+#define SP800_108_INPUT_LENGTH(ctx) \
+    (SP800_108_INPUT_K0_OFFSET(ctx) + \
+     (ctx)->block_size)
+
+enum sp800_108_counter_cmac_state {
+    SP800_108_COUNTER_CMAC_STATE_INIT,              /* no input yet */
+    SP800_108_COUNTER_CMAC_STATE_KEYED,             /* got key */
+    SP800_108_COUNTER_CMAC_STATE_LABELED,           /* label provided */
+    SP800_108_COUNTER_CMAC_STATE_CONTEXT_PROVIDED,  /* context provided */
+    SP800_108_COUNTER_CMAC_STATE_OUTPUT     /* output started */
+};
+
+typedef struct
+{
+    uint8_t MBEDTLS_PRIVATE(inputs)[SP800_108_TOTAL_INPUT_MAX_SIZE];
+
+    /* The key must be a block-cipher that is compatible with the CMAC algorithm */
+    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key);
+
+    /* The block size depends on the key type and bits */
+    size_t block_size;
+
+    /* Label, unless omitted, must be passed after the key */
+    size_t MBEDTLS_PRIVATE(label_length);
+
+    /* Context, unless omitted, must be passed after the label */
+    size_t MBEDTLS_PRIVATE(context_length);
+
+    /* Derivation state */
+    bool capacity_set; /* capacity must be set only once */
+    enum sp800_108_counter_cmac_state MBEDTLS_PRIVATE(state);
+    size_t MBEDTLS_PRIVATE(counter); /* 1-based */
+} psa_sp800_108_cmac_key_derivation_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_SP800_108_COUNTER_CMAC */
+
 #endif /* TF_PSA_CRYPTO_MBEDTLS_PRIVATE_CRYPTO_BUILTIN_KEY_DERIVATION_H */

drivers/builtin/src/psa_crypto_mac.c

@@ -78,14 +78,20 @@ static psa_status_t psa_hmac_setup_internal(
     for (i = 0; i < key_length; i++) {
         ipad[i] ^= 0x36;
     }
-    memset(ipad + key_length, 0x36, block_size - key_length);
+
+    if (key_length < block_size) {
+        memset( ipad + key_length, 0x36, block_size - key_length );
+    }
 
     /* Copy the key material from ipad to opad, flipping the requisite bits,
      * and filling the rest of opad with the requisite constant. */
     for (i = 0; i < key_length; i++) {
         hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
     }
-    memset(hmac->opad + key_length, 0x5C, block_size - key_length);
+
+    if (key_length < block_size) {
+        memset( hmac->opad + key_length, 0x5C, block_size - key_length );
+    }
 
     status = psa_hash_setup(&hmac->hash_ctx, hash_alg);
     if (status != PSA_SUCCESS) {

drivers/code_share.c

@@ -0,0 +1,3 @@
+/* This is a deliberately empty file just to check whether the patch for enabling
+ * extensive crypto code sharing was already applied on the tf-psa-crypto library.
+ */

drivers/p256-m/p256-m/p256-m.c

@@ -197,7 +197,7 @@ static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t);
  * v7-M architectures. __ARM_ARCH_PROFILE is not defined for v6 and earlier.
  * Thumb and 32-bit assembly is supported; aarch64 is not supported.
  */
-#if defined(__GNUC__) &&\
+#if !defined(MULADD64_IGNORE_ASM) && defined(__GNUC__) &&\
     defined(__ARM_ARCH) && __ARM_ARCH >= 6 && defined(__ARM_ARCH_PROFILE) && \
     ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */ && \
     !defined(__aarch64__)