From efc65e1168609e3194d944ac21f1ed6c1798a3d7 Mon Sep 17 00:00:00 2001
From: Thomas Daubney <thomas.daubney@arm.com>
Date: Wed, 5 Jun 2024 12:56:46 +0100
Subject: [PATCH] Remove MBEDTLS_CMAC_ALT

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
---
 include/mbedtls/mbedtls_config.h                  |  9 ++++-----
 tests/include/alt-dummy/cmac_alt.h                | 15 ---------------
 .../drivers/builtin/include/mbedtls/cmac.h        | 12 +++---------
 tf-psa-crypto/drivers/builtin/src/cmac.c          |  7 -------
 4 files changed, 7 insertions(+), 36 deletions(-)
 delete mode 100644 tests/include/alt-dummy/cmac_alt.h

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 5b972a916..57dab3fde 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -350,7 +350,6 @@
  */
 //#define MBEDTLS_TIMING_ALT
 
-//#define MBEDTLS_CMAC_ALT
 //#define MBEDTLS_MD5_ALT
 //#define MBEDTLS_SHA512_ALT
 
@@ -2487,10 +2486,10 @@
  * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
  * ciphers.
  *
- * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
- *       implementation of the CMAC algorithm is provided by an alternate
- *       implementation, that alternate implementation may opt to not support
- *       AES-192 or 3DES as underlying block ciphers for the CMAC operation.
+ * \note When the underlying implementation of the CMAC algorithm is provided
+ *       by an alternate implementation, that alternate implementation may opt
+ *       to not support AES-192 or 3DES as underlying block ciphers for the CMAC
+ *       operation.
  *
  * Module:  library/cmac.c
  *
diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h
deleted file mode 100644
index 68b53d707..000000000
--- a/tests/include/alt-dummy/cmac_alt.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef CMAC_ALT_H
-#define CMAC_ALT_H
-
-struct mbedtls_cmac_context_t {
-    int dummy;
-};
-
-
-#endif /* cmac_alt.h */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
index 97b86fc42..0fa08e404 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
@@ -51,8 +51,6 @@ extern "C" {
 #define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
-#if !defined(MBEDTLS_CMAC_ALT)
-
 /**
  * The CMAC context structure.
  */
@@ -68,10 +66,6 @@ struct mbedtls_cmac_context_t {
     size_t              MBEDTLS_PRIVATE(unprocessed_len);
 };
 
-#else  /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
 /**
  * \brief               This function starts a new CMAC computation
  *                      by setting the CMAC key, and preparing to authenticate
@@ -86,7 +80,7 @@ struct mbedtls_cmac_context_t {
  *                      CMAC computation, use mbedtls_cipher_cmac_finish().
  *
  * \note                When the CMAC implementation is supplied by an alternate
- *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ *                      implementation (through a PSA driver), some ciphers
  *                      may not be supported by that implementation, and thus
  *                      return an error. Alternate implementations must support
  *                      AES-128 and AES-256, and may support AES-192 and 3DES.
@@ -178,7 +172,7 @@ int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx);
  *                      output = generic CMAC(cmac key, input buffer).
  *
  * \note                When the CMAC implementation is supplied by an alternate
- *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+ *                      implementation (through a PSA driver), some ciphers
  *                      may not be supported by that implementation, and thus
  *                      return an error. Alternate implementations must support
  *                      AES-128 and AES-256, and may support AES-192 and 3DES.
@@ -227,7 +221,7 @@ int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len,
  * \brief          The CMAC checkup routine.
  *
  * \note           In case the CMAC routines are provided by an alternative
- *                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+ *                 implementation (i.e. through a PSA driver), the
  *                 checkup routine will succeed even if the implementation does
  *                 not support the less widely used AES-192 or 3DES primitives.
  *                 The self-test requires at least AES-128 and AES-256 to be
diff --git a/tf-psa-crypto/drivers/builtin/src/cmac.c b/tf-psa-crypto/drivers/builtin/src/cmac.c
index eda10d0b3..5e517c4b1 100644
--- a/tf-psa-crypto/drivers/builtin/src/cmac.c
+++ b/tf-psa-crypto/drivers/builtin/src/cmac.c
@@ -38,8 +38,6 @@
 
 #include <string.h>
 
-#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
-
 /*
  * Multiplication by u in the Galois field of GF(2^n)
  *
@@ -125,9 +123,6 @@ exit:
 
     return ret;
 }
-#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
-
-#if !defined(MBEDTLS_CMAC_ALT)
 
 /*
  * Create padded last block from (partial) last block.
@@ -427,8 +422,6 @@ exit:
 }
 #endif /* MBEDTLS_AES_C */
 
-#endif /* !MBEDTLS_CMAC_ALT */
-
 #if defined(MBEDTLS_SELF_TEST)
 /*
  * CMAC test data for SP800-38B