From 30437e64083a78b1adc0b4245657703094f8ad74 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 27 Sep 2024 16:48:59 +0100 Subject: [PATCH 01/16] Add PSA interruptible key generation complete API Signed-off-by: Waleed Elmelegy --- tests/include/test/psa_test_wrappers.h | 2 +- tests/src/psa_test_wrappers.c | 2 +- tf-psa-crypto/core/psa_crypto.c | 35 +++++++++++++++++-- tf-psa-crypto/core/psa_crypto_core.h | 29 +++++++++++++++ .../drivers/builtin/src/psa_crypto_ecp.c | 26 ++++++++++++++ tf-psa-crypto/include/psa/crypto.h | 2 +- .../suites/test_suite_psa_crypto.function | 26 ++++++++++++++ 7 files changed, 117 insertions(+), 5 deletions(-) diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index 7ab2bea6b..ef115f5bd 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -370,7 +370,7 @@ psa_status_t mbedtls_test_wrap_psa_generate_key_iop_abort( psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete( psa_generate_key_iop_t *arg0_operation, - psa_key_id_t *arg1_key); + mbedtls_svc_key_id_t *arg1_key); #define psa_generate_key_iop_complete(arg0_operation, arg1_key) \ mbedtls_test_wrap_psa_generate_key_iop_complete(arg0_operation, arg1_key) diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 6e42a8bba..b5419b9cd 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -633,7 +633,7 @@ psa_status_t mbedtls_test_wrap_psa_generate_key_iop_abort( /* Wrapper for psa_generate_key_iop_complete */ psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete( psa_generate_key_iop_t *arg0_operation, - psa_key_id_t *arg1_key) + mbedtls_svc_key_id_t *arg1_key) { psa_status_t status = (psa_generate_key_iop_complete)(arg0_operation, arg1_key); return status; diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 5f44cc3bd..d41a232ed 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8110,6 +8110,8 @@ static psa_status_t psa_generate_key_iop_abort_internal( status = mbedtls_psa_generate_key_iop_abort(&operation->ctx); + psa_reset_key_attributes(&operation->attributes); + operation->id = 0; return status; @@ -8178,12 +8180,41 @@ exit: psa_status_t psa_generate_key_iop_complete( psa_generate_key_iop_t *operation, - psa_key_id_t *key) + mbedtls_svc_key_id_t *key) { +#if defined(MBEDTLS_ECP_RESTARTABLE) + psa_status_t status; + uint8_t key_data[MBEDTLS_ECP_MAX_BYTES] = { 0 }; + size_t key_len = 0; + + if (operation->id == 0 || operation->error_occurred) { + return PSA_ERROR_BAD_STATE; + } + + status = mbedtls_psa_generate_key_complete(&operation->ctx, key_data, + MBEDTLS_ECP_MAX_BYTES, &key_len); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = psa_import_key(&operation->attributes, key_data, key_len, key); + +exit: + if (status != PSA_OPERATION_INCOMPLETE) { + if (status != PSA_SUCCESS) { + operation->error_occurred = 1; + } + psa_generate_key_iop_abort_internal(operation); + } + + mbedtls_platform_zeroize(key_data, MBEDTLS_ECP_MAX_BYTES); + return status; +#else (void) operation; (void) key; - return PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_BAD_STATE; +#endif } psa_status_t psa_generate_key_iop_abort( diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 175355483..cc9a78dc9 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -456,6 +456,35 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( mbedtls_psa_generate_key_iop_t *operation, const psa_key_attributes_t *attributes); + +/** + * \brief Continue and eventually complete a key generation operation. + * + * \note The signature of this function is that of a PSA driver + * generate_key_complete entry point. This function behaves as a + * generate_key_complete entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. + * This must be initialized first and + * had \c mbedtls_psa_generate_key_iop_setup() + * called successfully. + * \param[out] key_output The buffer to which the generated key + * is to be written. + * \param[out] key_len On success, the number of bytes that make + * up the returned key output. + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * + */ +psa_status_t mbedtls_psa_generate_key_complete( + mbedtls_psa_generate_key_iop_t *operation, + uint8_t *key_output, + size_t key_output_size, + size_t *key_len); + /** * \brief Abort a key generation operation. * diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index acb248293..498072a29 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -617,6 +617,32 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( return mbedtls_to_psa_error(status); } +psa_status_t mbedtls_psa_generate_key_complete( + mbedtls_psa_generate_key_iop_t *operation, + uint8_t *key_output, + size_t key_output_size, + size_t *key_len) +{ + *key_len = 0; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + status = mbedtls_ecp_gen_privkey(&operation->ecp.grp, &operation->ecp.d, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); + + if (status) { + return mbedtls_to_psa_error(status); + } + + operation->num_ops = 1; + + *key_len = mbedtls_mpi_size(&operation->ecp.d); + if (*key_len > key_output_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key_output, operation->ecp.d.p, *key_len); + + return mbedtls_to_psa_error(status); +} + psa_status_t mbedtls_psa_generate_key_iop_abort( mbedtls_psa_generate_key_iop_t *operation) { diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 58b68870f..cb3b57955 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5501,7 +5501,7 @@ psa_status_t psa_generate_key_iop_setup( */ psa_status_t psa_generate_key_iop_complete( psa_generate_key_iop_t *operation, - psa_key_id_t *key); + mbedtls_svc_key_id_t *key); /** * \brief Abort a key generation operation. diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index eaafd90ff..b6e30c476 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10089,6 +10089,7 @@ void generate_key(int type_arg, int is_large_key) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t iop_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; @@ -10096,6 +10097,7 @@ void generate_key(int type_arg, psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t iop_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT; PSA_ASSERT(psa_crypto_init()); @@ -10135,6 +10137,12 @@ void generate_key(int type_arg, expected_status = PSA_ERROR_NOT_SUPPORTED; #endif + /* Test calling complete() without calling setup() will fail. */ + status = psa_generate_key_iop_complete(&operation, &iop_key); + TEST_EQUAL(status, PSA_ERROR_BAD_STATE); + + psa_generate_key_iop_abort(&operation); + status = psa_generate_key_iop_setup(&operation, &attributes); TEST_EQUAL(status, expected_status); @@ -10150,6 +10158,22 @@ void generate_key(int type_arg, status = psa_generate_key_iop_setup(&operation, &attributes); TEST_EQUAL(status, expected_status); + do { + status = psa_generate_key_iop_complete(&operation, &iop_key); + } while (status == PSA_OPERATION_INCOMPLETE); + + TEST_EQUAL(status, PSA_SUCCESS); + + PSA_ASSERT(psa_get_key_attributes(iop_key, &iop_attributes)); + TEST_EQUAL(psa_get_key_type(&iop_attributes), type); + TEST_EQUAL(psa_get_key_bits(&iop_attributes), bits); + + TEST_EQUAL(mbedtls_test_psa_exercise_key(iop_key, usage, alg, 0), 1); + + /* Test calling complete() 2 times consecutively will fail. */ + status = psa_generate_key_iop_complete(&operation, &iop_key); + TEST_EQUAL(status, PSA_ERROR_BAD_STATE); + exit: psa_generate_key_iop_abort(&operation); /* @@ -10157,8 +10181,10 @@ exit: * thus reset them as required. */ psa_reset_key_attributes(&got_attributes); + psa_reset_key_attributes(&iop_attributes); psa_destroy_key(key); + psa_destroy_key(iop_key); PSA_DONE(); } /* END_CASE */ From 7164dc52cec7eb489aaf1b7dba269d4bea486d02 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Oct 2024 14:50:34 +0100 Subject: [PATCH 02/16] Fix intermittent test failure Ecp key data length should not be measured by mbedtls_mpi_size(), as this does not count leading zeros, which are still part of the key. This resulted intermittently in the code attempting to import a wrongly sized key as the first byte was all zero. Signed-off-by: Paul Elliott --- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 498072a29..57131d341 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -634,7 +634,7 @@ psa_status_t mbedtls_psa_generate_key_complete( operation->num_ops = 1; - *key_len = mbedtls_mpi_size(&operation->ecp.d); + *key_len = operation->ecp.d.n * sizeof(mbedtls_mpi_uint); if (*key_len > key_output_size) { return PSA_ERROR_BUFFER_TOO_SMALL; } From 5d4de3582e2d70a86aab2e76293ea9119fe1746d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 21 Oct 2024 17:43:24 +0100 Subject: [PATCH 03/16] rename mbedtls_psa_generate_key_complete() to mbedtls_psa_generate_key_iop_complete() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 4 ++-- tf-psa-crypto/core/psa_crypto_core.h | 4 ++-- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index d41a232ed..40617b4cd 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8191,8 +8191,8 @@ psa_status_t psa_generate_key_iop_complete( return PSA_ERROR_BAD_STATE; } - status = mbedtls_psa_generate_key_complete(&operation->ctx, key_data, - MBEDTLS_ECP_MAX_BYTES, &key_len); + status = mbedtls_psa_generate_key_iop_complete(&operation->ctx, key_data, + MBEDTLS_ECP_MAX_BYTES, &key_len); if (status != PSA_SUCCESS) { goto exit; } diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index cc9a78dc9..14c74dc01 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -443,7 +443,7 @@ psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes, * \param[in] attributes The desired attributes of the generated key. * * \retval #PSA_SUCCESS - * The operation started successfully - call \c mbedtls_psa_generate_key_complete() + * The operation started successfully - call \c mbedtls_psa_generate_key_iop_complete() * with the same operation to complete the operation. * * \retval #PSA_ERROR_NOT_SUPPORTED * Either no internal interruptible operations are @@ -479,7 +479,7 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * */ -psa_status_t mbedtls_psa_generate_key_complete( +psa_status_t mbedtls_psa_generate_key_iop_complete( mbedtls_psa_generate_key_iop_t *operation, uint8_t *key_output, size_t key_output_size, diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 57131d341..cce993cf6 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -617,7 +617,7 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( return mbedtls_to_psa_error(status); } -psa_status_t mbedtls_psa_generate_key_complete( +psa_status_t mbedtls_psa_generate_key_iop_complete( mbedtls_psa_generate_key_iop_t *operation, uint8_t *key_output, size_t key_output_size, From bd36c4746a9788fb02902c2999c4726a0fd1dcc5 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 13 Nov 2024 13:08:26 +0000 Subject: [PATCH 04/16] Stop IOP generate key complete test in case expected value is not success Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/tests/suites/test_suite_psa_crypto.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index b6e30c476..900c9346d 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10158,6 +10158,10 @@ void generate_key(int type_arg, status = psa_generate_key_iop_setup(&operation, &attributes); TEST_EQUAL(status, expected_status); + if (expected_status != PSA_SUCCESS) { + goto exit; + } + do { status = psa_generate_key_iop_complete(&operation, &iop_key); } while (status == PSA_OPERATION_INCOMPLETE); From a47b82c20a40ea486886f4b60ab699c5daf0d3a0 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 13 Nov 2024 13:11:47 +0000 Subject: [PATCH 05/16] Fix issue exporting generated key to raw intermediate buffer * Used bignum helper API instead of memcpy * changed the key length output to the size of the curve because: - using the bignum produces a bigger size than the curve size due to the limb size being 8 bytes and import key rejects the key if it's not exactly curve size. - we know that the generated key is filled with leading zeros becuase the generated key is bounded by the modulas. * skipped leading zeros when passing the buffer to import_key() due to the intermediate buffer allocated to the maximum size possible and import_key() needs the exact size. Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 7 +++++-- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 6 ++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 40617b4cd..5a11b2b57 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8192,12 +8192,15 @@ psa_status_t psa_generate_key_iop_complete( } status = mbedtls_psa_generate_key_iop_complete(&operation->ctx, key_data, - MBEDTLS_ECP_MAX_BYTES, &key_len); + sizeof(key_data), &key_len); if (status != PSA_SUCCESS) { goto exit; } - status = psa_import_key(&operation->attributes, key_data, key_len, key); + status = psa_import_key(&operation->attributes, + key_data + (sizeof(key_data) - key_len), + key_len, + key); exit: if (status != PSA_OPERATION_INCOMPLETE) { diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index cce993cf6..82e873680 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -634,11 +634,13 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( operation->num_ops = 1; - *key_len = operation->ecp.d.n * sizeof(mbedtls_mpi_uint); + *key_len = PSA_BITS_TO_BYTES(operation->ecp.grp.nbits); + if (*key_len > key_output_size) { return PSA_ERROR_BUFFER_TOO_SMALL; } - memcpy(key_output, operation->ecp.d.p, *key_len); + + mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size); return mbedtls_to_psa_error(status); } From 8666b0fbc800bb2b1b200d156c0449d99dd39325 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 13 Nov 2024 13:20:20 +0000 Subject: [PATCH 06/16] Add MBEDTLS_ECP_MAX_MPI define Add MBEDTLS_ECP_MAX_MPI define to determine the maximum number of bytes for the biggest Elliptic curve in bignum representation. Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 4 ++-- tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 5a11b2b57..df4fc274e 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8184,7 +8184,7 @@ psa_status_t psa_generate_key_iop_complete( { #if defined(MBEDTLS_ECP_RESTARTABLE) psa_status_t status; - uint8_t key_data[MBEDTLS_ECP_MAX_BYTES] = { 0 }; + uint8_t key_data[MBEDTLS_ECP_MAX_MPI] = { 0 }; size_t key_len = 0; if (operation->id == 0 || operation->error_occurred) { @@ -8210,7 +8210,7 @@ exit: psa_generate_key_iop_abort_internal(operation); } - mbedtls_platform_zeroize(key_data, MBEDTLS_ECP_MAX_BYTES); + mbedtls_platform_zeroize(key_data, sizeof(key_data)); return status; #else (void) operation; diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h index b3406142f..533482c0d 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h @@ -345,6 +345,8 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8) #define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1) +#define MBEDTLS_ECP_MAX_MPI ((MBEDTLS_ECP_MAX_BYTES + sizeof(mbedtls_mpi_uint)) & \ + ~(sizeof(mbedtls_mpi_uint)-1)) #if defined(MBEDTLS_ECP_RESTARTABLE) From a3ce63184955da2efc90e83f633bf79bd7aa78e2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 14 Nov 2024 12:51:08 +0000 Subject: [PATCH 07/16] Refactor mbedtls_psa_generate_key_iop_complete() - Move the checks on the size to the start of the function to avaoid costly calls to mbedtls_ecp_gen_privkey() in case of invalid size. - Improve the readability of error checking Signed-off-by: Waleed Elmelegy --- .../drivers/builtin/src/psa_crypto_ecp.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 82e873680..4500196ef 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -625,14 +625,6 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( { *key_len = 0; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - status = mbedtls_ecp_gen_privkey(&operation->ecp.grp, &operation->ecp.d, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); - - if (status) { - return mbedtls_to_psa_error(status); - } - - operation->num_ops = 1; *key_len = PSA_BITS_TO_BYTES(operation->ecp.grp.nbits); @@ -640,6 +632,15 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( return PSA_ERROR_BUFFER_TOO_SMALL; } + status = mbedtls_ecp_gen_privkey(&operation->ecp.grp, &operation->ecp.d, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); + + if (status != 0) { + return mbedtls_to_psa_error(status); + } + + operation->num_ops = 1; + mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size); return mbedtls_to_psa_error(status); From e0dac22cf13ead574bbbb83981702ca8c4042488 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 14 Nov 2024 15:16:58 +0000 Subject: [PATCH 08/16] Change MBEDTLS_ECP_MAX_MPI to MBEDTLS_ECP_MAX_MPI_BYTES for better clarity Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index df4fc274e..30dd8292d 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8184,7 +8184,7 @@ psa_status_t psa_generate_key_iop_complete( { #if defined(MBEDTLS_ECP_RESTARTABLE) psa_status_t status; - uint8_t key_data[MBEDTLS_ECP_MAX_MPI] = { 0 }; + uint8_t key_data[MBEDTLS_ECP_MAX_MPI_BYTES] = { 0 }; size_t key_len = 0; if (operation->id == 0 || operation->error_occurred) { diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h index 533482c0d..98555903e 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h @@ -345,8 +345,8 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8) #define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1) -#define MBEDTLS_ECP_MAX_MPI ((MBEDTLS_ECP_MAX_BYTES + sizeof(mbedtls_mpi_uint)) & \ - ~(sizeof(mbedtls_mpi_uint)-1)) +#define MBEDTLS_ECP_MAX_MPI_BYTES ((MBEDTLS_ECP_MAX_BYTES + sizeof(mbedtls_mpi_uint)) & \ + ~(sizeof(mbedtls_mpi_uint)-1)) #if defined(MBEDTLS_ECP_RESTARTABLE) From db0c4a4b2ccd1d0174d3e2fcbd8edb2ee613b6ee Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 18 Nov 2024 17:38:59 +0000 Subject: [PATCH 09/16] Remove MBEDTLS_ECP_MAX_MPI_BYTES macro Remove MBEDTLS_ECP_MAX_MPI_BYTES macro as it's not needed anymore.It was added when memcpy was being used but now that mbedtls_mpi_write_binary() is being used it can handle copying a large buffer filled with leading zeros into a smaller buffer. Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 30dd8292d..2eb1d63e3 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8184,7 +8184,7 @@ psa_status_t psa_generate_key_iop_complete( { #if defined(MBEDTLS_ECP_RESTARTABLE) psa_status_t status; - uint8_t key_data[MBEDTLS_ECP_MAX_MPI_BYTES] = { 0 }; + uint8_t key_data[MBEDTLS_ECP_MAX_BYTES] = { 0 }; size_t key_len = 0; if (operation->id == 0 || operation->error_occurred) { diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h index 98555903e..b3406142f 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h @@ -345,8 +345,6 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8) #define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1) -#define MBEDTLS_ECP_MAX_MPI_BYTES ((MBEDTLS_ECP_MAX_BYTES + sizeof(mbedtls_mpi_uint)) & \ - ~(sizeof(mbedtls_mpi_uint)-1)) #if defined(MBEDTLS_ECP_RESTARTABLE) From 08e28e6573a619ad55aac7002358457a7ed20b10 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 12:29:39 +0000 Subject: [PATCH 10/16] Check error codes on called functions in mbedtls_psa_generate_key_iop_complete Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 4500196ef..9a2cd1684 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -641,7 +641,7 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( operation->num_ops = 1; - mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size); + status = mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size); return mbedtls_to_psa_error(status); } From 44e0f75ca31ffd7b6169cf5b0c814bdc8c84eea1 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 12:31:32 +0000 Subject: [PATCH 11/16] Use PSA Macros instead of legacy ones in psa_generate_key_iop_complete() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 2eb1d63e3..e319935a1 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8184,7 +8184,7 @@ psa_status_t psa_generate_key_iop_complete( { #if defined(MBEDTLS_ECP_RESTARTABLE) psa_status_t status; - uint8_t key_data[MBEDTLS_ECP_MAX_BYTES] = { 0 }; + uint8_t key_data[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)] = { 0 }; size_t key_len = 0; if (operation->id == 0 || operation->error_occurred) { From 39d54e1fb15ea4a342e1c8c08922f662a5962a57 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 15:08:52 +0000 Subject: [PATCH 12/16] Prevent a warning in case PSA_VENDOR_ECC_MAX_CURVE_BITS is set to 0 Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index e319935a1..1899114e3 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8184,7 +8184,7 @@ psa_status_t psa_generate_key_iop_complete( { #if defined(MBEDTLS_ECP_RESTARTABLE) psa_status_t status; - uint8_t key_data[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)] = { 0 }; + uint8_t key_data[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)+1] = { 0 }; size_t key_len = 0; if (operation->id == 0 || operation->error_occurred) { From 2266197e9c27dcd5dbf62f033bb00beb614e1906 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 21 Nov 2024 14:16:18 +0000 Subject: [PATCH 13/16] Move internal iop generate key function headers to psa_crypto_ecp.h Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto_core.h | 63 ------------------- .../drivers/builtin/src/psa_crypto_ecp.h | 61 ++++++++++++++++++ 2 files changed, 61 insertions(+), 63 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 14c74dc01..df0ee501a 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -435,69 +435,6 @@ psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes, size_t key_buffer_size, size_t *key_buffer_length); -/** - * \brief Setup a new interruptible key generation operation. - * - * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. - * This must be initialized first. - * \param[in] attributes The desired attributes of the generated key. - * - * \retval #PSA_SUCCESS - * The operation started successfully - call \c mbedtls_psa_generate_key_iop_complete() - * with the same operation to complete the operation. - * * \retval #PSA_ERROR_NOT_SUPPORTED - * Either no internal interruptible operations are - * currently supported, or the key attributes are not unsupported. - * * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * There was insufficient memory to load the key representation. - * - */ -psa_status_t mbedtls_psa_generate_key_iop_setup( - mbedtls_psa_generate_key_iop_t *operation, - const psa_key_attributes_t *attributes); - - -/** - * \brief Continue and eventually complete a key generation operation. - * - * \note The signature of this function is that of a PSA driver - * generate_key_complete entry point. This function behaves as a - * generate_key_complete entry point as defined in the PSA driver - * interface specification for transparent drivers. - * - * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. - * This must be initialized first and - * had \c mbedtls_psa_generate_key_iop_setup() - * called successfully. - * \param[out] key_output The buffer to which the generated key - * is to be written. - * \param[out] key_len On success, the number of bytes that make - * up the returned key output. - * \retval #PSA_SUCCESS - * The key was generated successfully. - * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription - * - */ -psa_status_t mbedtls_psa_generate_key_iop_complete( - mbedtls_psa_generate_key_iop_t *operation, - uint8_t *key_output, - size_t key_output_size, - size_t *key_len); - -/** - * \brief Abort a key generation operation. - * - * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to abort. - * - * \retval #PSA_SUCCESS - * The operation was aborted successfully. - * - */ -psa_status_t mbedtls_psa_generate_key_iop_abort( - mbedtls_psa_generate_key_iop_t *operation); - - /** Sign a message with a private key. For hash-and-sign algorithms, * this includes the hashing step. * diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h index a9f5d59de..ad8e6f1e1 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h @@ -143,6 +143,67 @@ psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); +/** + * \brief Setup a new interruptible key generation operation. + * + * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. + * This must be initialized first. + * \param[in] attributes The desired attributes of the generated key. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c mbedtls_psa_generate_key_iop_complete() + * with the same operation to complete the operation. + * * \retval #PSA_ERROR_NOT_SUPPORTED + * Either no internal interruptible operations are + * currently supported, or the key attributes are not unsupported. + * * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There was insufficient memory to load the key representation. + * + */ +psa_status_t mbedtls_psa_generate_key_iop_setup( + mbedtls_psa_generate_key_iop_t *operation, + const psa_key_attributes_t *attributes); + +/** + * \brief Continue and eventually complete a key generation operation. + * + * \note The signature of this function is that of a PSA driver + * generate_key_complete entry point. This function behaves as a + * generate_key_complete entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. + * This must be initialized first and + * had \c mbedtls_psa_generate_key_iop_setup() + * called successfully. + * \param[out] key_output The buffer to which the generated key + * is to be written. + * \param[out] key_len On success, the number of bytes that make + * up the returned key output. + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * + */ +psa_status_t mbedtls_psa_generate_key_iop_complete( + mbedtls_psa_generate_key_iop_t *operation, + uint8_t *key_output, + size_t key_output_size, + size_t *key_len); + +/** + * \brief Abort a key generation operation. + * + * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to abort. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + */ +psa_status_t mbedtls_psa_generate_key_iop_abort( + mbedtls_psa_generate_key_iop_t *operation); + /** Sign an already-calculated hash with ECDSA. * * \note The signature of this function is that of a PSA driver From f5a82fd0a2bb5aa1c383b3fa2b2013d7f643aecd Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 21 Nov 2024 14:31:55 +0000 Subject: [PATCH 14/16] Add ecp prefix to internal iop generate key function names Add ecp prefix to internal iop generate key function names to emphasize that the functions are doing eliptic curves keys only and not any other types. Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 6 +++--- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 6 +++--- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h | 11 ++++++----- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 1899114e3..bd2645129 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8108,7 +8108,7 @@ static psa_status_t psa_generate_key_iop_abort_internal( return PSA_SUCCESS; } - status = mbedtls_psa_generate_key_iop_abort(&operation->ctx); + status = mbedtls_psa_ecp_generate_key_iop_abort(&operation->ctx); psa_reset_key_attributes(&operation->attributes); @@ -8162,7 +8162,7 @@ psa_status_t psa_generate_key_iop_setup( /* We only support the builtin/Mbed TLS driver for now. */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - status = mbedtls_psa_generate_key_iop_setup(&operation->ctx, attributes); + status = mbedtls_psa_ecp_generate_key_iop_setup(&operation->ctx, attributes); exit: if (status != PSA_SUCCESS) { @@ -8191,7 +8191,7 @@ psa_status_t psa_generate_key_iop_complete( return PSA_ERROR_BAD_STATE; } - status = mbedtls_psa_generate_key_iop_complete(&operation->ctx, key_data, + status = mbedtls_psa_ecp_generate_key_iop_complete(&operation->ctx, key_data, sizeof(key_data), &key_len); if (status != PSA_SUCCESS) { goto exit; diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 9a2cd1684..6ce1cfb15 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -596,7 +596,7 @@ exit: #if defined(MBEDTLS_ECP_RESTARTABLE) -psa_status_t mbedtls_psa_generate_key_iop_setup( +psa_status_t mbedtls_psa_ecp_generate_key_iop_setup( mbedtls_psa_generate_key_iop_t *operation, const psa_key_attributes_t *attributes) { @@ -617,7 +617,7 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( return mbedtls_to_psa_error(status); } -psa_status_t mbedtls_psa_generate_key_iop_complete( +psa_status_t mbedtls_psa_ecp_generate_key_iop_complete( mbedtls_psa_generate_key_iop_t *operation, uint8_t *key_output, size_t key_output_size, @@ -646,7 +646,7 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( return mbedtls_to_psa_error(status); } -psa_status_t mbedtls_psa_generate_key_iop_abort( +psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( mbedtls_psa_generate_key_iop_t *operation) { mbedtls_ecp_keypair_free(&operation->ecp); diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h index ad8e6f1e1..a2efcb71f 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h @@ -151,7 +151,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( * \param[in] attributes The desired attributes of the generated key. * * \retval #PSA_SUCCESS - * The operation started successfully - call \c mbedtls_psa_generate_key_iop_complete() + * The operation started successfully - call \c mbedtls_psa_ecp_generate_key_iop_complete() * with the same operation to complete the operation. * * \retval #PSA_ERROR_NOT_SUPPORTED * Either no internal interruptible operations are @@ -160,7 +160,7 @@ psa_status_t mbedtls_psa_ecp_generate_key( * There was insufficient memory to load the key representation. * */ -psa_status_t mbedtls_psa_generate_key_iop_setup( +psa_status_t mbedtls_psa_ecp_generate_key_iop_setup( mbedtls_psa_generate_key_iop_t *operation, const psa_key_attributes_t *attributes); @@ -174,7 +174,7 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( * * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use. * This must be initialized first and - * had \c mbedtls_psa_generate_key_iop_setup() + * had \c mbedtls_psa_ecp_generate_key_iop_setup() * called successfully. * \param[out] key_output The buffer to which the generated key * is to be written. @@ -186,7 +186,7 @@ psa_status_t mbedtls_psa_generate_key_iop_setup( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * */ -psa_status_t mbedtls_psa_generate_key_iop_complete( +psa_status_t mbedtls_psa_ecp_generate_key_iop_complete( mbedtls_psa_generate_key_iop_t *operation, uint8_t *key_output, size_t key_output_size, @@ -201,7 +201,7 @@ psa_status_t mbedtls_psa_generate_key_iop_complete( * The operation was aborted successfully. * */ -psa_status_t mbedtls_psa_generate_key_iop_abort( +psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( mbedtls_psa_generate_key_iop_t *operation); /** Sign an already-calculated hash with ECDSA. @@ -236,6 +236,7 @@ psa_status_t mbedtls_psa_generate_key_iop_abort( * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ + psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, From c57f6fcd056b03ec72c4b47d5d219f155752dc5c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 21 Nov 2024 16:56:52 +0000 Subject: [PATCH 15/16] Fix code stayle in iop export public-key function Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index bd2645129..e18647f22 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -8192,7 +8192,7 @@ psa_status_t psa_generate_key_iop_complete( } status = mbedtls_psa_ecp_generate_key_iop_complete(&operation->ctx, key_data, - sizeof(key_data), &key_len); + sizeof(key_data), &key_len); if (status != PSA_SUCCESS) { goto exit; } From 1630603ef10f9ce661b222585e32ab241d918343 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 25 Nov 2024 16:50:06 +0000 Subject: [PATCH 16/16] Change internal iop generate key error variable to int Change internal iop generate key error variable to int instead of psa_status_t since the error variable get passed to mbedtls_to_psa_error() when being returned Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 4 ++-- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 6ce1cfb15..b43923e90 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -600,7 +600,7 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_setup( mbedtls_psa_generate_key_iop_t *operation, const psa_key_attributes_t *attributes) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + int status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair_init(&operation->ecp); @@ -624,7 +624,7 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_complete( size_t *key_len) { *key_len = 0; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + int status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *key_len = PSA_BITS_TO_BYTES(operation->ecp.grp.nbits); diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h index a2efcb71f..f3ff32328 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h @@ -236,7 +236,6 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ - psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size,