From 2cd12de61496895b9249621504dc6fb330556b09 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 09:59:44 +0100 Subject: [PATCH 1/8] Remove MBEDTLS_SHA1_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/include/alt-dummy/sha1_alt.h | 16 ---------------- .../drivers/builtin/include/mbedtls/sha1.h | 8 -------- tf-psa-crypto/drivers/builtin/src/sha1.c | 4 ---- 4 files changed, 29 deletions(-) delete mode 100644 tests/include/alt-dummy/sha1_alt.h diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 33b89ef469..a2d57fcceb 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -353,7 +353,6 @@ //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h deleted file mode 100644 index d8ac971913..0000000000 --- a/tests/include/alt-dummy/sha1_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SHA1_ALT_H -#define SHA1_ALT_H - -typedef struct mbedtls_sha1_context { - int dummy; -} -mbedtls_sha1_context; - - -#endif /* sha1_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h index 592ffd13f2..4b31c02504 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h @@ -30,10 +30,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - /** * \brief The SHA-1 context structure. * @@ -49,10 +45,6 @@ typedef struct mbedtls_sha1_context { } mbedtls_sha1_context; -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - /** * \brief This function initializes a SHA-1 context. * diff --git a/tf-psa-crypto/drivers/builtin/src/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c index dfbe481f39..c8d2852d45 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha1.c +++ b/tf-psa-crypto/drivers/builtin/src/sha1.c @@ -22,8 +22,6 @@ #include "mbedtls/platform.h" -#if !defined(MBEDTLS_SHA1_ALT) - void mbedtls_sha1_init(mbedtls_sha1_context *ctx) { memset(ctx, 0, sizeof(mbedtls_sha1_context)); @@ -346,8 +344,6 @@ exit: return ret; } -#endif /* !MBEDTLS_SHA1_ALT */ - /* * output = SHA-1( input buffer ) */ From 30c7701a1d0247553f4180b16009e3be3b539176 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 10:06:46 +0100 Subject: [PATCH 2/8] Remove MBEDTLS_RIPEMD160_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/include/alt-dummy/ripemd160_alt.h | 16 ---------------- .../drivers/builtin/include/mbedtls/ripemd160.h | 8 -------- tf-psa-crypto/drivers/builtin/src/ripemd160.c | 4 ---- 4 files changed, 29 deletions(-) delete mode 100644 tests/include/alt-dummy/ripemd160_alt.h diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a2d57fcceb..007a22dc2d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -352,7 +352,6 @@ //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_MD5_ALT -//#define MBEDTLS_RIPEMD160_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h deleted file mode 100644 index 72ae47efb9..0000000000 --- a/tests/include/alt-dummy/ripemd160_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef RIPEMD160_ALT_H -#define RIPEMD160_ALT_H - -typedef struct mbedtls_ripemd160_context { - int dummy; -} -mbedtls_ripemd160_context; - - -#endif /* ripemd160_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h index 279f92b512..570ab2e441 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h @@ -20,10 +20,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_RIPEMD160_ALT) -// Regular implementation -// - /** * \brief RIPEMD-160 context structure */ @@ -34,10 +30,6 @@ typedef struct mbedtls_ripemd160_context { } mbedtls_ripemd160_context; -#else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160_alt.h" -#endif /* MBEDTLS_RIPEMD160_ALT */ - /** * \brief Initialize RIPEMD-160 context * diff --git a/tf-psa-crypto/drivers/builtin/src/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c index b4fc3cdba1..96b546654f 100644 --- a/tf-psa-crypto/drivers/builtin/src/ripemd160.c +++ b/tf-psa-crypto/drivers/builtin/src/ripemd160.c @@ -23,8 +23,6 @@ #include "mbedtls/platform.h" -#if !defined(MBEDTLS_RIPEMD160_ALT) - void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx) { memset(ctx, 0, sizeof(mbedtls_ripemd160_context)); @@ -365,8 +363,6 @@ exit: return ret; } -#endif /* ! MBEDTLS_RIPEMD160_ALT */ - /* * output = RIPEMD-160( input buffer ) */ From 027535c8a540f69571b876f973e0ba3888d88430 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 11:04:23 +0100 Subject: [PATCH 3/8] Remove MBEDTLS_SHA256_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 4 ++-- include/mbedtls/mbedtls_config.h | 1 - tests/include/alt-dummy/sha256_alt.h | 16 ---------------- .../drivers/builtin/include/mbedtls/sha256.h | 8 -------- tf-psa-crypto/drivers/builtin/src/sha256.c | 4 ---- 5 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 tests/include/alt-dummy/sha256_alt.h diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 178bd39f28..9f1ca2bc7d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -750,8 +750,8 @@ #if !defined(MBEDTLS_SHA256_C) #error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C" #endif -#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT) -#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*" +#if defined(MBEDTLS_SHA256_PROCESS_ALT) +#error "MBEDTLS_SHA256_PROCESS_ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*" #endif #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 007a22dc2d..5b972a916a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -352,7 +352,6 @@ //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_MD5_ALT -//#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT /** diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h deleted file mode 100644 index b1900adee9..0000000000 --- a/tests/include/alt-dummy/sha256_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SHA256_ALT_H -#define SHA256_ALT_H - -typedef struct mbedtls_sha256_context { - int dummy; -} -mbedtls_sha256_context; - - -#endif /* sha256_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h index ca568e291e..0253f7dc5d 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h @@ -26,10 +26,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_SHA256_ALT) -// Regular implementation -// - /** * \brief The SHA-256 context structure. * @@ -48,10 +44,6 @@ typedef struct mbedtls_sha256_context { } mbedtls_sha256_context; -#else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" -#endif /* MBEDTLS_SHA256_ALT */ - /** * \brief This function initializes a SHA-256 context. * diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 8b2c34526b..ec1e9692e2 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -216,8 +216,6 @@ static int mbedtls_a64_crypto_sha256_determine_support(void) #endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */ -#if !defined(MBEDTLS_SHA256_ALT) - #define SHA256_BLOCK_SIZE 64 void mbedtls_sha256_init(mbedtls_sha256_context *ctx) @@ -763,8 +761,6 @@ exit: return ret; } -#endif /* !MBEDTLS_SHA256_ALT */ - /* * output = SHA-256( input buffer ) */ From efc65e1168609e3194d944ac21f1ed6c1798a3d7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 12:56:46 +0100 Subject: [PATCH 4/8] Remove MBEDTLS_CMAC_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 9 ++++----- tests/include/alt-dummy/cmac_alt.h | 15 --------------- .../drivers/builtin/include/mbedtls/cmac.h | 12 +++--------- tf-psa-crypto/drivers/builtin/src/cmac.c | 7 ------- 4 files changed, 7 insertions(+), 36 deletions(-) delete mode 100644 tests/include/alt-dummy/cmac_alt.h diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5b972a916a..57dab3fde3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_CMAC_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_SHA512_ALT @@ -2487,10 +2486,10 @@ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block * ciphers. * - * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying - * implementation of the CMAC algorithm is provided by an alternate - * implementation, that alternate implementation may opt to not support - * AES-192 or 3DES as underlying block ciphers for the CMAC operation. + * \note When the underlying implementation of the CMAC algorithm is provided + * by an alternate implementation, that alternate implementation may opt + * to not support AES-192 or 3DES as underlying block ciphers for the CMAC + * operation. * * Module: library/cmac.c * diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h deleted file mode 100644 index 68b53d707a..0000000000 --- a/tests/include/alt-dummy/cmac_alt.h +++ /dev/null @@ -1,15 +0,0 @@ -/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef CMAC_ALT_H -#define CMAC_ALT_H - -struct mbedtls_cmac_context_t { - int dummy; -}; - - -#endif /* cmac_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h index 97b86fc42b..0fa08e404c 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h @@ -51,8 +51,6 @@ extern "C" { #define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#if !defined(MBEDTLS_CMAC_ALT) - /** * The CMAC context structure. */ @@ -68,10 +66,6 @@ struct mbedtls_cmac_context_t { size_t MBEDTLS_PRIVATE(unprocessed_len); }; -#else /* !MBEDTLS_CMAC_ALT */ -#include "cmac_alt.h" -#endif /* !MBEDTLS_CMAC_ALT */ - /** * \brief This function starts a new CMAC computation * by setting the CMAC key, and preparing to authenticate @@ -86,7 +80,7 @@ struct mbedtls_cmac_context_t { * CMAC computation, use mbedtls_cipher_cmac_finish(). * * \note When the CMAC implementation is supplied by an alternate - * implementation (through #MBEDTLS_CMAC_ALT), some ciphers + * implementation (through a PSA driver), some ciphers * may not be supported by that implementation, and thus * return an error. Alternate implementations must support * AES-128 and AES-256, and may support AES-192 and 3DES. @@ -178,7 +172,7 @@ int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx); * output = generic CMAC(cmac key, input buffer). * * \note When the CMAC implementation is supplied by an alternate - * implementation (through #MBEDTLS_CMAC_ALT), some ciphers + * implementation (through a PSA driver), some ciphers * may not be supported by that implementation, and thus * return an error. Alternate implementations must support * AES-128 and AES-256, and may support AES-192 and 3DES. @@ -227,7 +221,7 @@ int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len, * \brief The CMAC checkup routine. * * \note In case the CMAC routines are provided by an alternative - * implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the + * implementation (i.e. through a PSA driver), the * checkup routine will succeed even if the implementation does * not support the less widely used AES-192 or 3DES primitives. * The self-test requires at least AES-128 and AES-256 to be diff --git a/tf-psa-crypto/drivers/builtin/src/cmac.c b/tf-psa-crypto/drivers/builtin/src/cmac.c index eda10d0b3d..5e517c4b1b 100644 --- a/tf-psa-crypto/drivers/builtin/src/cmac.c +++ b/tf-psa-crypto/drivers/builtin/src/cmac.c @@ -38,8 +38,6 @@ #include -#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) - /* * Multiplication by u in the Galois field of GF(2^n) * @@ -125,9 +123,6 @@ exit: return ret; } -#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */ - -#if !defined(MBEDTLS_CMAC_ALT) /* * Create padded last block from (partial) last block. @@ -427,8 +422,6 @@ exit: } #endif /* MBEDTLS_AES_C */ -#endif /* !MBEDTLS_CMAC_ALT */ - #if defined(MBEDTLS_SELF_TEST) /* * CMAC test data for SP800-38B From b248a93b3d5c07d153283d9ecbdc00dbcee81409 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 13:00:43 +0100 Subject: [PATCH 5/8] Remove MBEDTLS_MD5_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/include/alt-dummy/md5_alt.h | 16 ---------------- .../drivers/builtin/include/mbedtls/md5.h | 8 -------- tf-psa-crypto/drivers/builtin/src/md5.c | 4 ---- 4 files changed, 29 deletions(-) delete mode 100644 tests/include/alt-dummy/md5_alt.h diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 57dab3fde3..762ca8b6f4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_MD5_ALT //#define MBEDTLS_SHA512_ALT /** diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h deleted file mode 100644 index e3a15d70f9..0000000000 --- a/tests/include/alt-dummy/md5_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MD5_ALT_H -#define MD5_ALT_H - -typedef struct mbedtls_md5_context { - int dummy; -} -mbedtls_md5_context; - - -#endif /* md5_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h index 6bf0754a4a..826cca7a55 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h @@ -24,10 +24,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - /** * \brief MD5 context structure * @@ -43,10 +39,6 @@ typedef struct mbedtls_md5_context { } mbedtls_md5_context; -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - /** * \brief Initialize MD5 context * diff --git a/tf-psa-crypto/drivers/builtin/src/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c index e4a87a2e09..e11e078095 100644 --- a/tf-psa-crypto/drivers/builtin/src/md5.c +++ b/tf-psa-crypto/drivers/builtin/src/md5.c @@ -22,8 +22,6 @@ #include "mbedtls/platform.h" -#if !defined(MBEDTLS_MD5_ALT) - void mbedtls_md5_init(mbedtls_md5_context *ctx) { memset(ctx, 0, sizeof(mbedtls_md5_context)); @@ -309,8 +307,6 @@ exit: return ret; } -#endif /* !MBEDTLS_MD5_ALT */ - /* * output = MD5( input buffer ) */ From 25bcf27c1ad325f53b2538b673030cbb2a00079a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 5 Jun 2024 14:20:29 +0100 Subject: [PATCH 6/8] Remove MBEDTLS_SHA512_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 4 ++-- include/mbedtls/mbedtls_config.h | 2 -- tests/include/alt-dummy/sha512_alt.h | 16 ---------------- .../drivers/builtin/include/mbedtls/sha512.h | 8 -------- tf-psa-crypto/drivers/builtin/src/sha512.c | 4 ---- 5 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 tests/include/alt-dummy/sha512_alt.h diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9f1ca2bc7d..26732293ee 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -730,8 +730,8 @@ #if !defined(MBEDTLS_SHA512_C) #error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C" #endif -#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT) -#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" +#if defined(MBEDTLS_SHA512_PROCESS_ALT) +#error "MBEDTLS_SHA512_PROCESS_ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" #endif #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 762ca8b6f4..3afc99b485 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,8 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_SHA512_ALT - /** * \def MBEDTLS_SHA256_PROCESS_ALT * diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h deleted file mode 100644 index 857bc916aa..0000000000 --- a/tests/include/alt-dummy/sha512_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SHA512_ALT_H -#define SHA512_ALT_H - -typedef struct mbedtls_sha512_context { - int dummy; -} -mbedtls_sha512_context; - - -#endif /* sha512_alt.h */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h index 1c20e4c228..002fe9d935 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h @@ -25,10 +25,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - /** * \brief The SHA-512 context structure. * @@ -47,10 +43,6 @@ typedef struct mbedtls_sha512_context { } mbedtls_sha512_context; -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - /** * \brief This function initializes a SHA-512 context. * diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index 6dcea8da5d..e7575ea776 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -205,8 +205,6 @@ static int mbedtls_a64_crypto_sha512_determine_support(void) #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */ -#if !defined(MBEDTLS_SHA512_ALT) - #define SHA512_BLOCK_SIZE 128 #if defined(MBEDTLS_SHA512_SMALLER) @@ -879,8 +877,6 @@ exit: return ret; } -#endif /* !MBEDTLS_SHA512_ALT */ - /* * output = SHA-512( input buffer ) */ From 75246c0beaa1d62ae82bd7c5851abcaba2a2de75 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 17 Jun 2024 16:50:32 +0100 Subject: [PATCH 7/8] Remove irrelevant documentation notes Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 5 ----- tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h | 6 ------ 2 files changed, 11 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3afc99b485..9b616de8e4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2483,11 +2483,6 @@ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block * ciphers. * - * \note When the underlying implementation of the CMAC algorithm is provided - * by an alternate implementation, that alternate implementation may opt - * to not support AES-192 or 3DES as underlying block ciphers for the CMAC - * operation. - * * Module: library/cmac.c * * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h index 0fa08e404c..03179a2a90 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h @@ -79,12 +79,6 @@ struct mbedtls_cmac_context_t { * To start a CMAC computation using the same key as a previous * CMAC computation, use mbedtls_cipher_cmac_finish(). * - * \note When the CMAC implementation is supplied by an alternate - * implementation (through a PSA driver), some ciphers - * may not be supported by that implementation, and thus - * return an error. Alternate implementations must support - * AES-128 and AES-256, and may support AES-192 and 3DES. - * * \param ctx The cipher context used for the CMAC operation, initialized * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB, * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, From 39b5c8ad34998b70697fc160b9814a1287821def Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 Jun 2024 16:24:03 +0100 Subject: [PATCH 8/8] Remove further docs notes Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h index 03179a2a90..fd3d8a2bc7 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h @@ -165,12 +165,6 @@ int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx); * The CMAC result is calculated as * output = generic CMAC(cmac key, input buffer). * - * \note When the CMAC implementation is supplied by an alternate - * implementation (through a PSA driver), some ciphers - * may not be supported by that implementation, and thus - * return an error. Alternate implementations must support - * AES-128 and AES-256, and may support AES-192 and 3DES. - * * \param cipher_info The cipher information. * \param key The CMAC key. * \param keylen The length of the CMAC key in bits. @@ -214,12 +208,6 @@ int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len, /** * \brief The CMAC checkup routine. * - * \note In case the CMAC routines are provided by an alternative - * implementation (i.e. through a PSA driver), the - * checkup routine will succeed even if the implementation does - * not support the less widely used AES-192 or 3DES primitives. - * The self-test requires at least AES-128 and AES-256 to be - * supported by the underlying implementation. * * \return \c 0 on success. * \return \c 1 on failure.