diff --git a/doc/nrf/libraries/nrf_security/doc/driver_config.rst b/doc/nrf/libraries/nrf_security/doc/driver_config.rst index f4b599ae0488..c21646069fef 100644 --- a/doc/nrf/libraries/nrf_security/doc/driver_config.rst +++ b/doc/nrf/libraries/nrf_security/doc/driver_config.rst @@ -16,7 +16,7 @@ Configuring multiple drivers Multiple PSA drivers can be enabled at the same time, with added support for fine-grained control of which drivers implement support for cryptographic features. -To enable a PSA driver, set the following configurations: +To enable a PSA driver, set the configurations in the following table: +---------------+--------------------------------------------------+-----------------------------------------------------+ | PSA driver | Configuration option | Notes | @@ -28,12 +28,16 @@ To enable a PSA driver, set the following configurations: If multiple drivers are enabled, the first ordered item in this table takes precedence for an enabled cryptographic feature, unless the driver does not enable or support it. -Enabling or disabling PSA driver specific configurations controls the support for a given algorithm, per driver. +The driver :ref:`nrf_security_drivers_cc3xx` allows enabling or disabling of specific PSA APIs (such as psa_cipher_encrypt, psa_sign_hash), but not individual algorithms. + +The driver :ref:`nrf_security_drivers_oberon` allows finer configuration granularity, allowing you to enable or disable individual algorithms as well. + +When multiple enabled drivers support the same cryptographic feature, the configuration system attempts to include only one implementation to minimize code size. Key type configuration ********************** -To enable key types for cryptographic algorithms, set one or more of the following Kconfig options: +To enable key types for cryptographic algorithms, set one or more of the Kconfig options in the following table: +-----------------------+-------------------------------------------------------------+ | Key type | Configuration option | @@ -58,7 +62,7 @@ To enable key types for cryptographic algorithms, set one or more of the followi Key type support ================ -Key type support for each driver: +The following table shows key type support for each driver: +-----------------------+---------------------------+----------------------------+ | Key type | nrf_cc3xx driver support | nrf_oberon driver support | @@ -83,7 +87,7 @@ Key type support for each driver: Cipher configurations ********************* -To enable cipher modes, set one or more of the following Kconfig options: +To enable cipher modes, set one or more of the Kconfig options in the following table: +-----------------------+------------------------------------------------------+ | Cipher mode | Configuration option | @@ -105,40 +109,44 @@ To enable cipher modes, set one or more of the following Kconfig options: | Stream cipher | :kconfig:option:`CONFIG_PSA_WANT_ALG_STREAM_CIPHER` | +-----------------------+------------------------------------------------------+ - Cipher driver configurations ============================ -You can use the following Kconfig options for fine-grained control over which drivers provide cipher support: - -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| Cipher mode | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+=====================================================================+======================================================================+ -| ECB no padding | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON` | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| CBC no padding | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON` | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| CBC PKCS#7 padding | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON` | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| CFB | Not supported | Not supported | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| CTR | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CTR_OBERON` | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| OFB | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX` | Not supported | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| XTS | Not supported | Not supported | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ -| Stream cipher | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON` | -+-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ +The following table shows Cipher algorithm support for each driver: -.. note:: - * The :ref:`nrf_security_drivers_cc3xx` is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310. ++-----------------------+---------------------------+----------------------------+ +| Cipher mode | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+===========================+============================+ +| ECB no padding | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| CBC no padding | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| CBC PKCS#7 padding | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| CFB | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| CTR | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| OFB | Supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| XTS | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| Stream cipher | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ + +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_CIPHER_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for all supported algorithms. + +The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `Cipher configurations`_. +Key size configuration is supported as described in `AES key size configuration`_, for all algorithms except the stream cipher. + +.. note:: + The :ref:`nrf_security_drivers_cc3xx` is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310. Key Derivation Function *********************** -To enable key derivation function (KDF) support, set one or more of the following Kconfig options: +To enable key derivation function (KDF) support, set one or more of the Kconfig options in the following table: +--------------------------+---------------------------------------------------------------+ | KDF algorithm | Configuration option | @@ -157,35 +165,35 @@ To enable key derivation function (KDF) support, set one or more of the followin +-------------------------+----------------------------------------------------------------+ .. note:: - * PBKDF2 algorithms are not supported with TF-M. - + PBKDF2 algorithms are not supported with TF-M. Key Derivation Function driver configurations ============================================= -You can use the following Kconfig options for fine-grained control over which drivers provide Key Derivation Function (KDF) support: - -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| KDF algorithm | nrf_cc3xx driver support | nrf_oberon driver support | -+==========================+==========================+==========================================+====================================+ -| HKDF | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| PBKDF2-HMAC | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| PBKDF2-AES-CMAC-PRF-128 | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| TLS 1.2 PRF | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| TLS 1.2 PSK to MS | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ -| TLS 1.2 EC J-PAKE to PMS | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON` | -+--------------------------+--------------------------+-------------------------------------------------------------------------------+ - +The following table shows Key Derivation Function (KDF) support for each driver: + ++--------------------------+--------------------------+----------------------------+ +| KDF algorithm | nrf_cc3xx driver support | nrf_oberon driver support | ++==========================+==========================+============================+ +| HKDF | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ +| PBKDF2-HMAC | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ +| PBKDF2-AES-CMAC-PRF-128 | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ +| TLS 1.2 PRF | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ +| TLS 1.2 PSK to MS | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ +| TLS 1.2 EC J-PAKE to PMS | Not supported | Supported | ++--------------------------+--------------------------+----------------------------+ + +The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `Key Derivation Function`_. MAC configurations ****************** -To enable MAC support, set one or more of the following Kconfig options: +To enable MAC support, set one or more of the Kconfig options in the following table: +----------------+--------------------------------------------+ | MAC cipher | Configuration option | @@ -195,66 +203,77 @@ To enable MAC support, set one or more of the following Kconfig options: | HMAC | :kconfig:option:`CONFIG_PSA_WANT_ALG_HMAC` | +----------------+--------------------------------------------+ - MAC driver configurations ========================= -You can use the following Kconfig options for fine-grained control over which drivers provide MAC support: +The following table shows MAC algorithm support for each driver: ++----------------+--------------------------+----------------------------+ +| MAC cipher | nrf_cc3xx driver support | nrf_oberon driver support | ++================+==========================+============================+ +| CMAC | Supported | Supported | ++----------------+--------------------------+----------------------------+ +| HMAC | Supported | Supported | ++----------------+--------------------------+----------------------------+ -+----------------+-----------------------------------------------------------+------------------------------------------------------------+ -| MAC cipher | nrf_cc3xx driver support | nrf_oberon driver support | -+================+===========================================================+============================================================+ -| CMAC | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON` | -+----------------+-----------------------------------------------------------+------------------------------------------------------------+ -| HMAC | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON` | -+----------------+-----------------------------------------------------------+------------------------------------------------------------+ +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_MAC_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for all supported algorithms. + +The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `MAC configurations`_. + +Key size configuration for CMAC is supported as described in `AES key size configuration`_. .. note:: * The :ref:`nrf_security_drivers_cc3xx` is limited to CMAC using AES key sizes of 128 bits on devices with Arm CryptoCell cc310. * The :ref:`nrf_security_drivers_cc3xx` is limited to HMAC using SHA-1, SHA-224, and SHA-256. - AEAD configurations ******************* -To enable Authenticated Encryption with Associated Data (AEAD), set one or more of the following Kconfig options: +To enable Authenticated Encryption with Associated Data (AEAD), set one or more of the Kconfig options in the following table: +-----------------------+---------------------------------------------------------+ | AEAD cipher | Configuration option | +=======================+=========================================================+ | CCM | :kconfig:option:`CONFIG_PSA_WANT_ALG_CCM` | +-----------------------+---------------------------------------------------------+ +| CCM star with no tag | :kconfig:option:`CONFIG_PSA_WANT_ALG_CCM_STAR_NO_TAG` | ++-----------------------+---------------------------------------------------------+ | GCM | :kconfig:option:`CONFIG_PSA_WANT_ALG_GCM` | +-----------------------+---------------------------------------------------------+ | ChaCha20-Poly1305 | :kconfig:option:`CONFIG_PSA_WANT_ALG_CHACHA20_POLY1305` | +-----------------------+---------------------------------------------------------+ - AEAD driver configurations ========================== -You can use the following Kconfig options for fine-grained control over which drivers provide AEAD support: +The following table shows AEAD algorithm support for each driver: + ++-----------------------+---------------------------+---------------------------+ +| AEAD cipher | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+===========================+===========================+ +| CCM | Supported | Supported | ++-----------------------+---------------------------+---------------------------+ +| CCM star with no tag | Not supported | Supported | ++-----------------------+---------------------------+---------------------------+ +| GCM | Supported | Supported | ++-----------------------+---------------------------+---------------------------+ +| ChaCha20-Poly1305 | Supported | Supported | ++-----------------------+---------------------------+---------------------------+ -+-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ -| AEAD cipher | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+========================================================================+=========================================================================+ -| CCM | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CCM_OBERON` | -+-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ -| GCM | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_GCM_OBERON` | -+-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ -| ChaCha20-Poly1305 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON` | -+-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_AEAD_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for all supported algorithms. + +Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `AEAD configurations`_. + +Key size configuration for CCM and GCM is supported as described in `AES key size configuration`_. .. note:: * The :ref:`nrf_security_drivers_cc3xx` is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310. * The :ref:`nrf_security_drivers_cc3xx` does not provide hardware support for GCM on devices with Arm CryptoCell cc310. - ECC configurations ****************** -To enable Elliptic Curve Cryptography (ECC), set one or more of the following Kconfig options: +To enable Elliptic Curve Cryptography (ECC), set one or more of the Kconfig options in the following table: +-----------------------+-----------------------------------------------------------+ | ECC algorithm | Configuration option | @@ -268,31 +287,35 @@ To enable Elliptic Curve Cryptography (ECC), set one or more of the following Kc The ECC algorithm support is dependent on one or more Kconfig options enabling curve support according to `ECC curve configurations`_. - ECC driver configurations ========================= -You can use the following Kconfig options for fine-grained control over which drivers provide ECC support: +The following table shows ECC algorithm support for each driver: + ++-----------------------+---------------------------+----------------------------+ +| ECC algorithm | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+===========================+============================+ +| ECDH | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| ECDSA | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| ECDSA (deterministic) | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ + +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_SIGNATURE_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for the ECDSA and ECDSA deterministic algorithms. -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| ECC algorithm | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+==========================================================================+===========================================================================+ -| ECDH | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| ECDSA | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| ECDSA (deterministic) | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_ECDH_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for ECDH. + +The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `ECC configurations`_. .. note:: * The :ref:`nrf_security_drivers_oberon` is currently limited to curve types secp224r1, secp256r1, and secp384r1 for ECDH and ECDSA. * The :ref:`nrf_security_drivers_oberon` is currently limited to X25519 (using Curve25519) and Ed25519 for EdDSA. - ECC curve configurations ************************ -To configure elliptic curve support, set one or more of the following Kconfig options: +To configure elliptic curve support, set one or more of the Kconfig options in the following table: +-----------------------+-----------------------------------------------------------+ | ECC curve type | Configuration option | @@ -324,42 +347,40 @@ To configure elliptic curve support, set one or more of the following Kconfig op | secp521r1 | :kconfig:option:`CONFIG_PSA_WANT_ECC_SECP_R1_521` | +-----------------------+-----------------------------------------------------------+ - ECC curve driver configurations =============================== -You can use the following Kconfig options for fine-grained control over which drivers provide elliptic curve support: - -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| ECC curve type | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+==========================================================================+===========================================================================+ -| Brainpool256r1 | Not supported | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| Brainpool384r1 | Not supported | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| Brainpool512r1 | Not supported | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| Curve25519 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| Curve448 | Not supported | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| Edwards25519 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp192k1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_K1_192_CC3XX` | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp256k1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_K1_256_CC3XX` | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp192r1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_192_CC3XX` | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp224r1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp256r1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp384r1 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON` | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ -| secp521r1 | Not supported | Not supported | -+-----------------------+--------------------------------------------------------------------------+---------------------------------------------------------------------------+ +The following table shows ECC curve support for each driver: ++-----------------------+---------------------------+----------------------------+ +| ECC curve type | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+===========================+============================+ +| Brainpool256r1 | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| Brainpool384r1 | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| Brainpool512r1 | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| Curve25519 | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| Curve448 | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| Edwards25519 | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| secp192k1 | Supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| secp256k1 | Supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| secp192r1 | Supported | Not supported | ++-----------------------+---------------------------+----------------------------+ +| secp224r1 | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| secp256r1 | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| secp384r1 | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| secp521r1 | Not supported | Not supported | ++-----------------------+---------------------------+----------------------------+ RNG configurations ****************** @@ -367,7 +388,7 @@ RNG configurations Enable RNG using the :kconfig:option:`CONFIG_PSA_WANT_GENERATE_RANDOM` Kconfig option. RNG uses PRNG seeded by entropy (also known as TRNG). -When RNG is enabled, set at least one of the following configurations: +When RNG is enabled, set at least one of the configurations in the following table: +---------------------------+-------------------------------------------------+ | PRNG algorithms | Configuration option | @@ -382,7 +403,6 @@ When RNG is enabled, set at least one of the following configurations: * :kconfig:option:`CONFIG_PSA_WANT_ALG_CTR_DRBG` and :kconfig:option:`CONFIG_PSA_WANT_ALG_HMAC_DRBG` are custom configurations not described by the PSA Crypto specification. * If multiple PRNG algorithms are enabled at the same time, CTR-DRBG will be prioritized for random number generation through the front-end APIs for PSA Crypto. - RNG driver configurations ************************* @@ -390,13 +410,12 @@ There are no public configurations for entropy and PRNG algorithm support and th The PSA drivers using the Arm CryptoCell peripheral is enabled by default for nRF52840, nRF91 Series, and nRF5340 devices. -For devices without a hardware-accelerated cryptographic engine, entropy is provided by the nRF RNG periperal. PRNG support is provided by the Oberon PSA driver, which is implemented using software. - +For devices without a hardware-accelerated cryptographic engine, entropy is provided by the nRF RNG peripheral. PRNG support is provided by the Oberon PSA driver, which is implemented using software. RSA configurations ****************** -To enable Rivest-Shamir-Adleman (RSA) support, set one or more of the following Kconfig options: +To enable Rivest-Shamir-Adleman (RSA) support, set one or more of the Kconfig options in the following table: +-----------------------+----------------------------------------------------------+ | RSA algorithms | Configuration option | @@ -410,33 +429,39 @@ To enable Rivest-Shamir-Adleman (RSA) support, set one or more of the following | RSA PSS | :kconfig:option:`CONFIG_PSA_WANT_ALG_RSA_PSS` | +-----------------------+----------------------------------------------------------+ - RSA driver configurations ========================= -You can use the following Kconfig options for fine-grained control over which drivers provide RSA support: +The following table shows RSA algorithm support for each driver: + ++-----------------------+---------------------------+----------------------------+ +| RSA algorithms | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+===========================+============================+ +| RSA OAEP | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| RSA PKCS#1 v1.5 crypt | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| RSA PKCS#1 v1.5 sign | Supported | Supported | ++-----------------------+---------------------------+----------------------------+ +| RSA PSS | Not supported | Supported | ++-----------------------+---------------------------+----------------------------+ + +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_SIGNATURE_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for the RSA PKCS#1 v1.5 signing algorithm. + +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_ASYMMETRIC_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for RSA PKCS#1 v1.5 and RSA OAEP encryption. -+-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ -| RSA algorithms | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+==========================================================================+==========================================================================+ -| RSA OAEP | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON` | -+-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ -| RSA PKCS#1 v1.5 crypt | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON` | -+-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ -| RSA PKCS#1 v1.5 sign | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON` | -+-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ -| RSA PSS | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON` | -+-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ +Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `RSA configurations`_. + +RSA key size configuration is supported as described in `RSA key size configuration`_. .. note:: * :ref:`nrf_security_drivers_cc3xx` is limited to key sizes less than or equal to 2048 bits. * :ref:`nrf_security_drivers_oberon` does not support RSA key pair generation. - Hash configurations ******************* -To configure the Hash algorithms, set one or more of the following Kconfig options: +To configure the Hash algorithms, set one or more of the Kconfig options in the following table: +-----------------------+---------------------------------------------------+ | Hash algorithm | Configuration option | @@ -463,31 +488,34 @@ To configure the Hash algorithms, set one or more of the following Kconfig optio Hash driver configurations ========================== -You can use the following PSA driver-specific configurations for fine-grained control over which drivers provide the Hash algorithm. - -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| Hash algorithm | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+===============================================================+===============================================================+ -| SHA-1 (weak) | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON` | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| SHA-224 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON` | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| SHA-256 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON` | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| SHA-384 | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON` | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| SHA-512 | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON` | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| MD5 (weak) | Not supported | Not supported | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ -| RIPEMD-160 | Not supported | Not supported | -+-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ - +The following table shows Hash algorithm support for each driver: + ++-----------------------+----------------------------+---------------------------+ +| Hash algorithm | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+============================+===========================+ +| SHA-1 (weak) | Supported | Supported | ++-----------------------+----------------------------+---------------------------+ +| SHA-224 | Supported | Supported | ++-----------------------+----------------------------+---------------------------+ +| SHA-256 | Supported | Supported | ++-----------------------+----------------------------+---------------------------+ +| SHA-384 | Not supported | Supported | ++-----------------------+----------------------------+---------------------------+ +| SHA-512 | Not supported | Supported | ++-----------------------+----------------------------+---------------------------+ +| MD5 (weak) | Not supported | Not supported | ++-----------------------+----------------------------+---------------------------+ +| RIPEMD160 | Not supported | Not supported | ++-----------------------+----------------------------+---------------------------+ + +The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_HASH_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for all the supported algorithms. + +The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `HASH configurations`_. Password-authenticated key agreement configurations *************************************************** -To enable password-authenticated key agreement support, configure the related password-authenticated key exchange (PAKE) algorithms using one or more of the following Kconfig options: +To enable password-authenticated key agreement (PAKE) support, set one or more of the Kconfig options in the following table: +-----------------------+-----------------------------------------------+ | PAKE algorithm | Configuration option | @@ -506,14 +534,65 @@ To enable password-authenticated key agreement support, configure the related pa Password-authenticated key agreement driver configurations ========================================================== -You can use the following PSA driver-specific configurations for fine-grained control over which drivers provide password-authenticated key agreement support. - -+-----------------------+--------------------------+---------------------------------------------------------------+ -| PAKE algorithm | nrf_cc3xx driver support | nrf_oberon driver support | -+=======================+==========================+===============================================================+ -| EC J-PAKE | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON` | -+-----------------------+--------------------------+---------------------------------------------------------------+ -| SPAKE2+ | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON` | -+-----------------------+--------------------------+---------------------------------------------------------------+ -| SRP-6 | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_SRP_OBERON` | -+-----------------------+--------------------------+---------------------------------------------------------------+ +The following table shows PAKE algorithm support for each driver: + ++-----------------------+--------------------------+---------------------------+ +| PAKE algorithm | nrf_cc3xx driver support | nrf_oberon driver support | ++=======================+==========================+===========================+ +| EC J-PAKE | Not supported | Supported | ++-----------------------+--------------------------+---------------------------+ +| SPAKE2+ | Not supported | Supported | ++-----------------------+--------------------------+---------------------------+ +| SRP-6 | Not supported | Supported | ++-----------------------+--------------------------+---------------------------+ + +Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `Password-authenticated key agreement configurations`_. + +Key size configurations +*********************** + +:ref:`nrf_security` supports key size configuration options for AES and RSA keys. + +AES key size configuration +========================== + +To enable AES key size support, set one or more of the Kconfig options in the following table: + ++--------------+----------------------------------------------------+ +| AES key size | Configuration option | ++==============+====================================================+ +| 128 bits | :kconfig:option:`CONFIG_PSA_WANT_AES_KEY_SIZE_128` | ++--------------+----------------------------------------------------+ +| 192 bits | :kconfig:option:`CONFIG_PSA_WANT_AES_KEY_SIZE_192` | ++--------------+----------------------------------------------------+ +| 256 bits | :kconfig:option:`CONFIG_PSA_WANT_AES_KEY_SIZE_256` | ++--------------+----------------------------------------------------+ + +.. note:: + All AES key size configurations are introduced by :ref:`nrf_security` and are not described by the PSA Crypto specification. + +RSA key size configuration +========================== + +To enable RSA key size support, set one or more of the Kconfig options in the following table: + ++--------------------+-----------------------------------------------------+ +| RSA key size | Configuration option | ++====================+=====================================================+ +| 1024 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_1024` | ++--------------------+-----------------------------------------------------+ +| 1536 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_1536` | ++--------------------+-----------------------------------------------------+ +| 2048 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_2048` | ++--------------------+-----------------------------------------------------+ +| 3072 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_3072` | ++--------------------+-----------------------------------------------------+ +| 4096 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_4096` | ++--------------------+-----------------------------------------------------+ +| 6144 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_6144` | ++--------------------+-----------------------------------------------------+ +| 8192 bits | :kconfig:option:`CONFIG_PSA_WANT_RSA_KEY_SIZE_8192` | ++--------------------+-----------------------------------------------------+ + +.. note:: + All RSA key size configurations are introduced by :ref:`nrf_security` and are not described by the PSA Crypto specification. diff --git a/modules/trusted-firmware-m/Kconfig b/modules/trusted-firmware-m/Kconfig index 815ec52acdb3..6d57e3f49781 100644 --- a/modules/trusted-firmware-m/Kconfig +++ b/modules/trusted-firmware-m/Kconfig @@ -251,9 +251,9 @@ config TFM_CRYPTO_ENGINE_BUF_SIZE int prompt "TF-M Crypto - Engine buffer size" if !TFM_PROFILE_TYPE_MINIMAL default 1 if TFM_PROFILE_TYPE_MINIMAL - default 12288 if PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX + default 12288 if PSA_NEED_CC3XX_RSA_OAEP || \ + PSA_NEED_CC3XX_RSA_PKCS1V15_CRYPT || \ + PSA_NEED_CC3XX_RSA_PKCS1V15_SIGN default 8320 help Buffer used by Mbed Crypto for its own allocations at runtime. diff --git a/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf b/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf index b4138c390e8e..02feca54effb 100644 --- a/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf +++ b/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf @@ -1,8 +1,3 @@ CONFIG_NRF_SECURITY=y CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y CONFIG_PSA_CRYPTO_DRIVER_OBERON=y - -CONFIG_PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON=y -CONFIG_PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON=y -CONFIG_PSA_CRYPTO_DRIVER_ALG_CCM_OBERON=y -CONFIG_PSA_CRYPTO_DRIVER_ALG_GCM_OBERON=y diff --git a/subsys/nrf_security/Kconfig.psa b/subsys/nrf_security/Kconfig.psa index bac204880d30..5c2608cef391 100644 --- a/subsys/nrf_security/Kconfig.psa +++ b/subsys/nrf_security/Kconfig.psa @@ -19,14 +19,6 @@ config MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER osource "modules/mbedtls/Kconfig.psa" -config PSA_WANT_ALG_CTR_DRBG - bool - default y if ENTROPY_GENERATOR - -config PSA_WANT_ALG_HMAC_DRBG - bool - default y if PSA_WANT_ALG_DETERMINISTIC_ECDSA - config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG bool default y diff --git a/subsys/nrf_security/cmake/psa_crypto_config.cmake b/subsys/nrf_security/cmake/psa_crypto_config.cmake index 44f07be22558..6f9e3f8a225c 100644 --- a/subsys/nrf_security/cmake/psa_crypto_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_config.cmake @@ -71,6 +71,8 @@ kconfig_check_and_set_base_to_one(PSA_WANT_ALG_JPAKE) kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P) kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_6) +kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS) + kconfig_check_and_set_base_to_one(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) kconfig_check_and_set_base_to_one(MBEDTLS_PSA_ACCEL_KEY_TYPE_SUPPORT) @@ -82,108 +84,97 @@ kconfig_check_and_set_base_to_one(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) kconfig_check_and_set_base_to_one(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) # Convert nrf_cc3xx_platform driver configurations -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_CTR_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_HMAC_DRBG_DRIVER) # Convert nrf_cc3xx driver configurations -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_BRAINPOOL_P_R1_256_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_K1_192_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_K1_256_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_192_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_AEAD_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ASYMMETRIC_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_CIPHER_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ECDH_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ENTROPY_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_HASH_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_KEY_PAIR_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_MAC_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_SIGNATURE_DRIVER) + # Convert nrf_oberon driver configurations -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CCM_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_CTR_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_GCM_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_SRP_OBERON) -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AEAD_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CIPHER_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HASH_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KDF_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_MAC_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_DRIVER) + +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_CBC_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_CBC_PKCS7) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_CCM) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_CCM_STAR_NO_TAG) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_CTR) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_ECB_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AES_GCM) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_DETERMINISTIC_ECDSA) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_P224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_P256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_P384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_X25519) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_ED25519) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_P224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_P256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_P384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_TO_PMS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_25519) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_ED25519) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_P224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_P256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_P384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_P521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_PAIR_X25519) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RANDOMIZED_ECDSA) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1024) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1536) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_2048) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_4096) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_6144) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_8192) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_OAEP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS) + -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_RSA_KEY_SIZE_1024_OBERON) # Convert zephyr driver configurations -kconfig_check_and_set_base_to_one(PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR) +kconfig_check_and_set_base_to_one(PSA_NEED_ZEPHYR_ENTROPY_DRIVER) # Nordic specific kconfig_check_and_set_base_to_one(PSA_NATIVE_ITS) diff --git a/subsys/nrf_security/configs/psa_crypto_config.h.template b/subsys/nrf_security/configs/psa_crypto_config.h.template index 0b28313dfd83..f5e0285b0135 100644 --- a/subsys/nrf_security/configs/psa_crypto_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_config.h.template @@ -102,126 +102,107 @@ /* * nrf_cc3xx_platform driver configurations */ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM @PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM @PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM @PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM@ +#cmakedefine PSA_NEED_CC3XX_CTR_DRBG_DRIVER @PSA_NEED_CC3XX_CTR_DRBG_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_HMAC_DRBG_DRIVER @PSA_NEED_CC3XX_HMAC_DRBG_DRIVER@ /* * PSA driver configurations */ #cmakedefine PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT @PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT@ +#cmakedefine PSA_MAX_RSA_KEY_BITS @PSA_MAX_RSA_KEY_BITS@ + /* * nrf_cc3xx driver configurations */ -#cmakedefine PSA_CRYPTO_DRIVER_CC3XX @PSA_CRYPTO_DRIVER_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_CC3XX @PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX @PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CBC_MAC_CC3XX @PSA_CRYPTO_DRIVER_ALG_CBC_MAC_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX @PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX @PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX @PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX @PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX @PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX @PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX @PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX @PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX @PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX @PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX @PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX @PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HKDF_CC3XX @PSA_CRYPTO_DRIVER_ALG_HKDF_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX @PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_MD5_CC3XX @PSA_CRYPTO_DRIVER_ALG_MD5_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_CC3XX @PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX @PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX @PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX @PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX @PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX @PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX @PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX @PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX@ - -#cmakedefine PSA_CRYPTO_DRIVER_ECC_BRAINPOOL_P_R1_256_CC3XX @PSA_CRYPTO_DRIVER_ECC_BRAINPOOL_P_R1_256_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX @PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_K1_192_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_K1_192_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_K1_224_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_K1_224_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_K1_256_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_K1_256_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_192_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_R1_192_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_521_CC3XX @PSA_CRYPTO_DRIVER_ECC_SECP_R1_521_CC3XX@ - -#cmakedefine PSA_CRYPTO_DRIVER_ALG_XTS_CC3XX @PSA_CRYPTO_DRIVER_ALG_XTS_CC3XX@ +#cmakedefine PSA_NEED_CC3XX_AEAD_DRIVER @PSA_NEED_CC3XX_AEAD_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_ASYMMETRIC_DRIVER @PSA_NEED_CC3XX_ASYMMETRIC_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_CIPHER_DRIVER @PSA_NEED_CC3XX_CIPHER_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_ECDH_DRIVER @PSA_NEED_CC3XX_ECDH_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_ENTROPY_DRIVER @PSA_NEED_CC3XX_ENTROPY_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_HASH_DRIVER @PSA_NEED_CC3XX_HASH_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_KEY_PAIR_DRIVER @PSA_NEED_CC3XX_KEY_PAIR_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_MAC_DRIVER @PSA_NEED_CC3XX_MAC_DRIVER@ +#cmakedefine PSA_NEED_CC3XX_SIGNATURE_DRIVER @PSA_NEED_CC3XX_SIGNATURE_DRIVER@ /* * nrf_oberon driver configurations */ -#cmakedefine PSA_CRYPTO_DRIVER_OBERON @PSA_CRYPTO_DRIVER_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON @PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON @PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON @PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON @PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON @PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON @PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON @PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CCM_OBERON @PSA_CRYPTO_DRIVER_ALG_CCM_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON @PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON @PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_CTR_OBERON @PSA_CRYPTO_DRIVER_ALG_CTR_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON @PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON @PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON @PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON @PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_GCM_OBERON @PSA_CRYPTO_DRIVER_ALG_GCM_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON @PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON @PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON @PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON @PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON @PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON @PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON @PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON @PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON @PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON @PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON @PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON @PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON @PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON @PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON @PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON @PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON @PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON@ - -#cmakedefine PSA_CRYPTO_DRIVER_RSA_KEY_SIZE_1024_OBERON @PSA_CRYPTO_DRIVER_RSA_KEY_SIZE_1024_OBERON@ - -#cmakedefine PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON @PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON @PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON @PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON @PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON @PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON@ - -#cmakedefine PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR @PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON @PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON @PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON@ -#cmakedefine PSA_CRYPTO_DRIVER_ALG_SRP_OBERON @PSA_CRYPTO_DRIVER_ALG_SRP_OBERON@ +#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ECDH_DRIVER @PSA_NEED_OBERON_ECDH_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ECDSA_DRIVER @PSA_NEED_OBERON_ECDSA_DRIVER@ +#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@ +#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_JPAKE_DRIVER @PSA_NEED_OBERON_JPAKE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KDF_DRIVER @PSA_NEED_OBERON_KDF_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_DRIVER @PSA_NEED_OBERON_KEY_PAIR_DRIVER@ +#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@ +#cmakedefine PSA_NEED_OBERON_RSA_CRYPT @PSA_NEED_OBERON_RSA_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_DRIVER @PSA_NEED_OBERON_RSA_DRIVER@ +#cmakedefine PSA_NEED_OBERON_RSA_SIGN @PSA_NEED_OBERON_RSA_SIGN@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_DRIVER @PSA_NEED_OBERON_SPAKE2P_DRIVER@ +#cmakedefine PSA_NEED_OBERON_SRP_DRIVER @PSA_NEED_OBERON_SRP_DRIVER@ + +#cmakedefine PSA_NEED_OBERON_AES_CBC_NO_PADDING @PSA_NEED_OBERON_AES_CBC_NO_PADDING@ +#cmakedefine PSA_NEED_OBERON_AES_CBC_PKCS7 @PSA_NEED_OBERON_AES_CBC_PKCS7@ +#cmakedefine PSA_NEED_OBERON_AES_CCM @PSA_NEED_OBERON_AES_CCM@ +#cmakedefine PSA_NEED_OBERON_AES_CCM_STAR_NO_TAG @PSA_NEED_OBERON_AES_CCM_STAR_NO_TAG@ +#cmakedefine PSA_NEED_OBERON_AES_CTR @PSA_NEED_OBERON_AES_CTR@ +#cmakedefine PSA_NEED_OBERON_AES_ECB_NO_PADDING @PSA_NEED_OBERON_AES_ECB_NO_PADDING@ +#cmakedefine PSA_NEED_OBERON_AES_GCM @PSA_NEED_OBERON_AES_GCM@ +#cmakedefine PSA_NEED_OBERON_CHACHA20 @PSA_NEED_OBERON_CHACHA20@ +#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@ +#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@ +#cmakedefine PSA_NEED_OBERON_DETERMINISTIC_ECDSA @PSA_NEED_OBERON_DETERMINISTIC_ECDSA@ +#cmakedefine PSA_NEED_OBERON_ECDH_P224 @PSA_NEED_OBERON_ECDH_P224@ +#cmakedefine PSA_NEED_OBERON_ECDH_P256 @PSA_NEED_OBERON_ECDH_P256@ +#cmakedefine PSA_NEED_OBERON_ECDH_P384 @PSA_NEED_OBERON_ECDH_P384@ +#cmakedefine PSA_NEED_OBERON_ECDH_X25519 @PSA_NEED_OBERON_ECDH_X25519@ +#cmakedefine PSA_NEED_OBERON_ECDSA_ED25519 @PSA_NEED_OBERON_ECDSA_ED25519@ +#cmakedefine PSA_NEED_OBERON_ECDSA_P224 @PSA_NEED_OBERON_ECDSA_P224@ +#cmakedefine PSA_NEED_OBERON_ECDSA_P256 @PSA_NEED_OBERON_ECDSA_P256@ +#cmakedefine PSA_NEED_OBERON_ECDSA_P384 @PSA_NEED_OBERON_ECDSA_P384@ +#cmakedefine PSA_NEED_OBERON_ECJPAKE_TO_PMS @PSA_NEED_OBERON_ECJPAKE_TO_PMS@ +#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@ +#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_25519 @PSA_NEED_OBERON_KEY_PAIR_25519@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_ED25519 @PSA_NEED_OBERON_KEY_PAIR_ED25519@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_P224 @PSA_NEED_OBERON_KEY_PAIR_P224@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_P256 @PSA_NEED_OBERON_KEY_PAIR_P256@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_P384 @PSA_NEED_OBERON_KEY_PAIR_P384@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_P521 @PSA_NEED_OBERON_KEY_PAIR_P521@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_SECP @PSA_NEED_OBERON_KEY_PAIR_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_PAIR_X25519 @PSA_NEED_OBERON_KEY_PAIR_X25519@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@ +#cmakedefine PSA_NEED_OBERON_RANDOMIZED_ECDSA @PSA_NEED_OBERON_RANDOMIZED_ECDSA@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_3072 @PSA_NEED_OBERON_RSA_KEY_SIZE_3072@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@ +#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@ +#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@ +#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@ +#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@ +#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@ +#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@ +#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@ +#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@ +#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@ +#cmakedefine PSA_NEED_OBERON_JPAKE_DRIVER @PSA_NEED_OBERON_JPAKE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_DRIVER @PSA_NEED_OBERON_SPAKE2P_DRIVER@ +#cmakedefine PSA_NEED_OBERON_SRP_DRIVER @PSA_NEED_OBERON_SRP_DRIVER@ + +#cmakedefine PSA_NEED_ZEPHYR_ENTROPY_DRIVER @PSA_NEED_ZEPHYR_ENTROPY_DRIVER@ /* Nordic specific */ #cmakedefine PSA_NATIVE_ITS @PSA_NATIVE_ITS@ @@ -357,6 +338,6 @@ #cmakedefine MBEDTLS_MPI_WINDOW_SIZE @MBEDTLS_MPI_WINDOW_SIZE@ /**< Maximum window size used. */ #cmakedefine MBEDTLS_MPI_MAX_SIZE @MBEDTLS_MPI_MAX_SIZE@ /**< Maximum number of bytes for usable MPIs. */ -#include "psa/psa_crypto_config_oberon.h" +#include #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h b/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h new file mode 100644 index 000000000000..1bc3db58e6d8 --- /dev/null +++ b/subsys/nrf_security/include/psa/core_unsupported_ciphers_check.h @@ -0,0 +1,202 @@ +/* + * Copyright (c) 2023 Nordic Semiconductor ASA + * Copyright (c) since 2020 Oberon microsystems AG + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +/* + * The following code is imported from Oberon and should not be modified. + */ + +/* Currently Unsupported Algorithms */ + +#if defined(CONFIG_PSA_WANT_ALG_SHA_512_224) && !defined(CONFIG_PSA_ACCEL_SHA_512_224) +#error "No crypto implementation for SHA-512-224" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHA_512_256) && !defined(CONFIG_PSA_ACCEL_SHA_512_256) +#error "No crypto implementation for SHA-512-256" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHA3_224) && !defined(CONFIG_PSA_ACCEL_SHA3_224) +#error "No crypto implementation for SHA3-224" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHA3_256) && !defined(CONFIG_PSA_ACCEL_SHA3_256) +#error "No crypto implementation for SHA3-256" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHA3_384) && !defined(CONFIG_PSA_ACCEL_SHA3_384) +#error "No crypto implementation for SHA3-384" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHA3_512) && !defined(CONFIG_PSA_ACCEL_SHA3_512) +#error "No crypto implementation for SHA3-512" +#endif +#if defined(CONFIG_PSA_WANT_ALG_SHAKE256_512) && !defined(CONFIG_PSA_ACCEL_SHAKE256_512) +#error "No crypto implementation for SHAKE-256" +#endif +#if defined(CONFIG_PSA_WANT_ALG_MD5) && !defined(CONFIG_PSA_ACCEL_MD5) +#error "No crypto implementation for MD5" +#endif +#if defined(CONFIG_PSA_WANT_ALG_RIPEMD160) && !defined(CONFIG_PSA_ACCEL_RIPEMD160) +#error "No crypto implementation for RIPEMD160" +#endif + +#if defined(CONFIG_PSA_WANT_KEY_TYPE_AES) && defined(CONFIG_PSA_WANT_ALG_CFB) +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_128) && !defined(CONFIG_PSA_ACCEL_AES128_CFB) +#error "No crypto implementation for 128 bit AES-CFB" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_192) && !defined(CONFIG_PSA_ACCEL_AES192_CFB) +#error "No crypto implementation for 192 bit AES-CFB" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_256) && !defined(CONFIG_PSA_ACCEL_AES256_CFB) +#error "No crypto implementation for 256 bit AES-CFB" +#endif +#endif +#if defined(CONFIG_PSA_WANT_KEY_TYPE_AES) && defined(CONFIG_PSA_WANT_ALG_OFB) +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_128) && !defined(CONFIG_PSA_ACCEL_AES128_OFB) +#error "No crypto implementation for 128 bit AES-OFB" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_192) && !defined(CONFIG_PSA_ACCEL_AES192_OFB) +#error "No crypto implementation for 192 bit AES-OFB" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_256) && !defined(CONFIG_PSA_ACCEL_AES256_OFB) +#error "No crypto implementation for 256 bit AES-OFB" +#endif +#endif +#if defined(CONFIG_PSA_WANT_KEY_TYPE_AES) && defined(CONFIG_PSA_WANT_ALG_XTS) +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_128) && !defined(CONFIG_PSA_ACCEL_AES128_XTS) +#error "No crypto implementation for 128 bit AES-XTS" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_192) && !defined(CONFIG_PSA_ACCEL_AES192_XTS) +#error "No crypto implementation for 192 bit AES-XTS" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_256) && !defined(CONFIG_PSA_ACCEL_AES256_XTS) +#error "No crypto implementation for 256 bit AES-XTS" +#endif +#endif +#if defined(CONFIG_PSA_WANT_KEY_TYPE_AES) && defined(CONFIG_PSA_WANT_ALG_CBC_MAC) +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_128) && !defined(CONFIG_PSA_ACCEL_AES128_CBC_MAC) +#error "No crypto implementation for 128 bit AES-CBC-MAC" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_192) && !defined(CONFIG_PSA_ACCEL_AES192_CBC_MAC) +#error "No crypto implementation for 192 bit AES-CBC-MAC" +#endif +#if defined(CONFIG_PSA_WANT_AES_KEY_SIZE_256) && !defined(CONFIG_PSA_ACCEL_AES256_CBC_MAC) +#error "No crypto implementation for 256 bit AES-CBC-MAC" +#endif +#endif + +#if defined(CONFIG_PSA_WANT_ALG_ECDH) && defined(CONFIG_PSA_WANT_ECC_MONTGOMERY_448) && \ + !defined(CONFIG_PSA_ACCEL_ECDH_X448) +#error "No crypto implementation for X448" +#endif +#if defined(CONFIG_PSA_WANT_ALG_PURE_EDDSA) && defined(CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_448) && \ + !defined(CONFIG_PSA_ACCEL_ECDSA_ED448) +#error "No crypto implementation for ED448" +#endif +#if defined(CONFIG_PSA_WANT_ALG_ED25519PH) && !defined(CONFIG_PSA_ACCEL_ED25519PH) +#error "No crypto implementation for pre-hashed ED25519" +#endif +#if defined(CONFIG_PSA_WANT_ALG_ED448PH) && !defined(CONFIG_PSA_ACCEL_ED448PH) +#error "No crypto implementation for pre-hashed ED448" +#endif + +#if defined(CONFIG_PSA_WANT_ALG_FFDH) +#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_2048) && !defined(CONFIG_PSA_ACCEL_FFDH_2048) +#error "No crypto implementation for 2048 bit FFDH" +#endif +#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_3072) && !defined(CONFIG_PSA_ACCEL_FFDH_3072) +#error "No crypto implementation for 3072 bit FFDH" +#endif +#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_4096) && !defined(CONFIG_PSA_ACCEL_FFDH_4096) +#error "No crypto implementation for 4096 bit FFDH" +#endif +#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_6144) && !defined(CONFIG_PSA_ACCEL_FFDH_6144) +#error "No crypto implementation for 6144 bit FFDH" +#endif +#if defined(CONFIG_PSA_WANT_DH_KEY_SIZE_8192) && !defined(CONFIG_PSA_ACCEL_FFDH_8192) +#error "No crypto implementation for 8192 bit FFDH" +#endif +#endif + +#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_192) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K192) +#error "No crypto implementation for secp-k1-192" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_224) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K224) +#error "No crypto implementation for secp-k1-224" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECP_K1_256) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K256) +#error "No crypto implementation for secp-k1-256" +#endif + +#if defined(CONFIG_PSA_WANT_ECC_SECP_R1_192) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_P192) +#error "No crypto implementation for secp-r1-192" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECP_R1_521) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R521) +#error "No crypto implementation for secp-r1-521" +#endif + +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_163) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K163) +#error "No crypto implementation for sect-k1-163" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_233) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K233) +#error "No crypto implementation for sect-k1-233" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_239) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K239) +#error "No crypto implementation for sect-k1-239" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_283) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K283) +#error "No crypto implementation for sect-k1-283" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_409) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K409) +#error "No crypto implementation for sect-k1-409" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_K1_571) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_K571) +#error "No crypto implementation for sect-k1-571" +#endif + +#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_163) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R163) +#error "No crypto implementation for sect-r1-163" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_233) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R233) +#error "No crypto implementation for sect-r1-233" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_283) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R283) +#error "No crypto implementation for sect-r1-283" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_409) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R409) +#error "No crypto implementation for sect-r1-409" +#endif +#if defined(CONFIG_PSA_WANT_ECC_SECT_R1_571) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_R571) +#error "No crypto implementation for sect-r1-571" +#endif + +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_160) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB160) +#error "No crypto implementation for brainpoolP160r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_192) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB192) +#error "No crypto implementation for brainpoolP192r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_224) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB224) +#error "No crypto implementation for brainpoolP224r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_256) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB256) +#error "No crypto implementation for brainpoolP256r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_320) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB320) +#error "No crypto implementation for brainpoolP320r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_384) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB384) +#error "No crypto implementation for brainpoolP384r1" +#endif +#if defined(CONFIG_PSA_WANT_ECC_BRAINPOOL_P_R1_512) && !defined(CONFIG_PSA_ACCEL_KEY_PAIR_PB512) +#error "No crypto implementation for brainpoolP512r1" +#endif + +#if defined(CONFIG_PSA_WANT_KEY_TYPE_ARIA) && !defined(CONFIG_PSA_ACCEL_ARIA) +#error "No crypto implementation for ARIA" +#endif +#if defined(CONFIG_PSA_WANT_KEY_TYPE_CAMELLIA) && !defined(CONFIG_PSA_ACCEL_CAMELLIA) +#error "No crypto implementation for CAMELLIA" +#endif +#if defined(CONFIG_PSA_WANT_KEY_TYPE_DES) && !defined(CONFIG_PSA_ACCEL_DES) +#error "No crypto implementation for DES" +#endif diff --git a/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h b/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h index 63d7e9df7149..a0b82db100ff 100644 --- a/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h +++ b/subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h @@ -32,14 +32,14 @@ /* Include the context structure definitions for those drivers that were * declared during the autogeneration process. */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) || defined(PSA_NEED_CC3XX_AEAD_DRIVER) #include "cc3xx_crypto_primitives.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_MAC_DRIVER) #include "oberon_mac.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) #include "oberon_aead.h" #endif @@ -53,22 +53,22 @@ typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) cc3xx_mac_operation_t cc3xx_driver_ctx; #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_MAC_DRIVER) oberon_mac_operation_t oberon_driver_ctx; #endif } psa_driver_mac_context_t; typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) struct { cc3xx_aead_operation_t cc3xx_driver_ctx; }; -#endif /* PSA_CRYPTO_DRIVER_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) oberon_aead_operation_t oberon_driver_ctx; #endif diff --git a/subsys/nrf_security/include/psa/crypto_driver_contexts_kdf.h b/subsys/nrf_security/include/psa/crypto_driver_contexts_kdf.h index 6707a8221792..6233dd180bb9 100644 --- a/subsys/nrf_security/include/psa/crypto_driver_contexts_kdf.h +++ b/subsys/nrf_security/include/psa/crypto_driver_contexts_kdf.h @@ -11,27 +11,27 @@ /* Include the context structure definitions for enabled drivers. */ -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) #include "oberon_kdf.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_CTR_DRBG_DRIVER) #include "oberon_ctr_drbg.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) #include "oberon_hmac_drbg.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON) +#if defined(PSA_NEED_OBERON_JPAKE_DRIVER) #include "oberon_jpake.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON) +#if defined(PSA_NEED_OBERON_SPAKE2P_DRIVER) #include "oberon_spake2p.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SRP_OBERON) +#if defined(PSA_NEED_OBERON_SRP_DRIVER) #include "oberon_srp.h" #endif @@ -44,20 +44,20 @@ typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#ifdef PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON +#ifdef PSA_NEED_OBERON_KDF_DRIVER oberon_key_derivation_operation_t oberon_kdf_ctx; #endif } psa_driver_key_derivation_context_t; typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON) +#if defined(PSA_NEED_OBERON_JPAKE_DRIVER) oberon_jpake_operation_t oberon_jpake_ctx; #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON) +#if defined(PSA_NEED_OBERON_SPAKE2P_DRIVER) oberon_spake2p_operation_t oberon_spake2p_ctx; #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SRP_OBERON) +#if defined(PSA_NEED_OBERON_SRP_DRIVER) oberon_srp_operation_t oberon_srp_ctx; #endif } psa_driver_pake_context_t; @@ -65,10 +65,10 @@ typedef union { typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_CTR_DRBG_DRIVER) oberon_ctr_drbg_context_t oberon_ctr_drbg_ctx; #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) oberon_hmac_drbg_context_t oberon_hmac_drbg_ctx; #endif diff --git a/subsys/nrf_security/include/psa/crypto_driver_contexts_primitives.h b/subsys/nrf_security/include/psa/crypto_driver_contexts_primitives.h index 34f753d7afec..f4fd67528d35 100644 --- a/subsys/nrf_security/include/psa/crypto_driver_contexts_primitives.h +++ b/subsys/nrf_security/include/psa/crypto_driver_contexts_primitives.h @@ -31,14 +31,14 @@ /* Include the context structure definitions for those drivers that were * declared during the autogeneration process. */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) || defined(PSA_NEED_CC3XX_HASH_DRIVER) #include "cc3xx_crypto_primitives.h" #endif /* PSA_CRYPTO_DRIVER_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) #include "oberon_cipher.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_HASH_DRIVER) #include "oberon_hash.h" #endif @@ -52,22 +52,22 @@ typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) cc3xx_hash_operation_t cc3xx_driver_ctx; #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_HASH_DRIVER) oberon_hash_operation_t oberon_driver_ctx; #endif } psa_driver_hash_context_t; typedef union { unsigned int dummy; /* Make sure this union is always non-empty */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) cc3xx_cipher_operation_t cc3xx_driver_ctx; #endif /* PSA_CRYPTO_DRIVER_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) oberon_cipher_operation_t oberon_driver_ctx; -#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif } psa_driver_cipher_context_t; diff --git a/subsys/nrf_security/include/psa/psa_crypto_config_oberon.h b/subsys/nrf_security/include/psa/psa_crypto_config_oberon.h deleted file mode 100644 index 194562fc1947..000000000000 --- a/subsys/nrf_security/include/psa/psa_crypto_config_oberon.h +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright (c) 2021 Nordic Semiconductor - * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause - */ - -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) -#define PSA_NEED_OBERON_CIPHER_DRIVER 1 -#define PSA_NEED_OBERON_CHACHA20 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) -#define PSA_NEED_OBERON_AEAD_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) -#define PSA_NEED_OBERON_HASH_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON) -#define PSA_NEED_OBERON_AES_CBC_NO_PADDING 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON) -#define PSA_NEED_OBERON_AES_CBC_PKCS7 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CCM_OBERON) -#define PSA_NEED_OBERON_AES_CCM 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON) -#define PSA_NEED_OBERON_CHACHA20_POLY1305 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON) -#define PSA_NEED_OBERON_CMAC 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_OBERON) -#define PSA_NEED_OBERON_AES_CTR 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON) -#define PSA_NEED_OBERON_ECDSA_DRIVER 1 -#define PSA_NEED_OBERON_ECDSA_P224 1 -#define PSA_NEED_OBERON_ECDSA_P256 1 -#define PSA_NEED_OBERON_ECDSA_P384 1 -#define PSA_NEED_OBERON_ECDSA_ED25519 1 -#define PSA_NEED_OBERON_DETERMINISTIC_ECDSA 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON) -#define PSA_NEED_OBERON_AES_ECB_NO_PADDING 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON) -#define PSA_NEED_OBERON_ECDH_DRIVER 1 -#define PSA_NEED_OBERON_ECDH_P224 1 -#define PSA_NEED_OBERON_ECDH_P256 1 -#define PSA_NEED_OBERON_ECDH_P384 1 -#define PSA_NEED_OBERON_ECDH_X25519 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON) -#define PSA_NEED_OBERON_ECDSA_DRIVER 1 -#define PSA_NEED_OBERON_ECDSA_P224 1 -#define PSA_NEED_OBERON_ECDSA_P256 1 -#define PSA_NEED_OBERON_ECDSA_P384 1 -#define PSA_NEED_OBERON_ECDSA_ED25519 1 -#define PSA_NEED_OBERON_RANDOMIZED_ECDSA 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_GCM_OBERON) -#define PSA_NEED_OBERON_AES_GCM 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) -#define PSA_NEED_OBERON_KDF_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON) -#define PSA_NEED_OBERON_HKDF 1 -#define PSA_NEED_OBERON_HKDF_EXTRACT 1 -#define PSA_NEED_OBERON_HKDF_EXPAND 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON) -#define PSA_NEED_OBERON_PBKDF2_HMAC 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON) -#define PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON) -#define PSA_NEED_OBERON_HMAC 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON) -#define PSA_NEED_OBERON_SHA_1 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON) -#define PSA_NEED_OBERON_SHA_224 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON) -#define PSA_NEED_OBERON_SHA_256 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON) -#define PSA_NEED_OBERON_SHA_384 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON) -#define PSA_NEED_OBERON_SHA_512 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON) -#define PSA_NEED_OBERON_KEY_PAIR_DRIVER 1 -#define PSA_NEED_OBERON_KEY_PAIR_P224 1 -#define PSA_NEED_OBERON_KEY_PAIR_SECP 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON) -#define PSA_NEED_OBERON_KEY_PAIR_DRIVER 1 -#define PSA_NEED_OBERON_KEY_PAIR_P256 1 -#define PSA_NEED_OBERON_KEY_PAIR_SECP 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON) -#define PSA_NEED_OBERON_KEY_PAIR_DRIVER 1 -#define PSA_NEED_OBERON_KEY_PAIR_P384 1 -#define PSA_NEED_OBERON_KEY_PAIR_SECP 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON) -#define PSA_NEED_OBERON_KEY_PAIR_DRIVER 1 -#define PSA_NEED_OBERON_KEY_PAIR_X25519 1 -#define PSA_NEED_OBERON_KEY_PAIR_25519 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON) -#define PSA_NEED_OBERON_KEY_PAIR_DRIVER 1 -#define PSA_NEED_OBERON_KEY_PAIR_ED25519 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON) -#define PSA_NEED_OBERON_RSA_DRIVER 1 - -#if defined(PSA_CRYPTO_DRIVER_RSA_KEY_SIZE_1024_OBERON) -/* Only enable RSA key size 1024 for testing */ -#define PSA_NEED_OBERON_RSA_KEY_SIZE_1024 1 -#endif - -#define PSA_NEED_OBERON_RSA_KEY_SIZE_1536 1 -#define PSA_NEED_OBERON_RSA_KEY_SIZE_2048 1 -#define PSA_NEED_OBERON_RSA_KEY_SIZE_3072 1 -/* Increasing this value has consequences on callers stack usage. */ -#define PSA_MAX_RSA_KEY_BITS 3072 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON) -#define PSA_NEED_OBERON_RSA_CRYPT 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON) -#define PSA_NEED_OBERON_RSA_SIGN 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON) -#define PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON) -#define PSA_NEED_OBERON_RSA_PKCS1V15_SIGN 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON) -#define PSA_NEED_OBERON_RSA_OAEP 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON) -#define PSA_NEED_OBERON_RSA_PSS 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON) -#define PSA_NEED_OBERON_KDF_DRIVER 1 -#define PSA_NEED_OBERON_TLS12_PRF 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON) -#define PSA_NEED_OBERON_KDF_DRIVER 1 -#define PSA_NEED_OBERON_TLS12_PSK_TO_MS 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON) -#define PSA_NEED_OBERON_JPAKE_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON) -#define PSA_NEED_OBERON_SPAKE2P_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_SRP_OBERON) -#define PSA_NEED_OBERON_SRP_DRIVER 1 -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON) -#define PSA_NEED_OBERON_KDF_DRIVER 1 -#define PSA_NEED_OBERON_ECJPAKE_TO_PMS 1 -#endif diff --git a/subsys/nrf_security/src/core/Kconfig b/subsys/nrf_security/src/core/Kconfig index b7de59a58286..e9ab38008864 100644 --- a/subsys/nrf_security/src/core/Kconfig +++ b/subsys/nrf_security/src/core/Kconfig @@ -10,5 +10,10 @@ choice PSA_CORE config PSA_CORE_OBERON bool "PSA Core implementation - Oberon" + select PSA_WANT_AES_KEY_SIZE_128 + select PSA_WANT_AES_KEY_SIZE_192 + select PSA_WANT_AES_KEY_SIZE_256 + select PSA_WANT_RSA_KEY_SIZE_2048 + select PSA_WANT_RSA_KEY_SIZE_3072 endchoice diff --git a/subsys/nrf_security/src/drivers/Kconfig b/subsys/nrf_security/src/drivers/Kconfig index 302bf41da7f4..f0e6e33a9a88 100644 --- a/subsys/nrf_security/src/drivers/Kconfig +++ b/subsys/nrf_security/src/drivers/Kconfig @@ -4,56 +4,210 @@ # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # -config MBEDTLS_PSA_ACCEL_KEY_TYPE_SUPPORT +# Legacy config that needs to be removed later. The Oberon PSA driver is now the fallback option +# for all the crypto operations when hardware acceleration is not available. +config PSA_CRYPTO_DRIVER_OBERON + # The Oberon driver is required to provide HKDF needed for protected storage and bultin keys + prompt "Oberon PSA driver" if !(TFM_PARTITION_PROTECTED_STORAGE || TFM_CRYPTO_BUILTIN_KEYS) bool default y - depends on MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || \ - MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY || \ - MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR || \ - MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY || \ - MBEDTLS_PSA_ACCEL_KEY_TYPE_AES || \ - MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 + help + This configuration enables the usage of the Oberon PSA driver. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +config PSA_CRYPTO_DRIVER_CC3XX + prompt "CryptoCell PSA driver" + bool + help + This configuration enables the usage of CryptoCell for the supported operations. + Disabling this option will result in all crypto operations being handled by + the Oberon PSA driver. However, please note that disabling this option does not + affect the DRBG algorithms; even when disabled, DRBG will still be provided by CryptoCell. + The CryptoCell PSA driver does not support key size configurations. When enabled, + all supported key sizes are included in the build. + +menu "Choose DRBG algorithm" +config PSA_WANT_ALG_CTR_DRBG + prompt "Enable CTR_DRBG" + bool + default y if !PSA_WANT_ALG_HMAC_DRBG + depends on PSA_WANT_GENERATE_RANDOM + +config PSA_WANT_ALG_HMAC_DRBG + prompt "Enable HMAC_DRBG" + bool + depends on PSA_WANT_GENERATE_RANDOM + +# The Oberon PSA core requires the USE symbols to choose a DRBG algorithm. +config PSA_USE_CTR_DRBG_DRIVER + bool + default y if PSA_WANT_ALG_CTR_DRBG + +config PSA_USE_HMAC_DRBG_DRIVER + bool + default y if PSA_WANT_ALG_HMAC_DRBG + +endmenu + +menu "CryptoCell PSA Driver Configuration" +if PSA_CRYPTO_DRIVER_CC3XX + +config PSA_USE_CC3XX_CIPHER_DRIVER + prompt "Enable CryptoCell driver support for the PSA cipher APIs" bool default y - depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA Cipher APIs. Enabling this + will provide support for AES with modes CTR,CBC PKCS7, + CBC no padding, ECB no padding and Chacha20. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY +config PSA_USE_CC3XX_AEAD_DRIVER + prompt "Enable CryptoCell driver support for the PSA AEAD APIs" bool default y - depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA AEAD APIs. Enabling this + will provide support for AES CCM, AES GCM (only available on CC312) + and Chacha20Poly1305. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +config PSA_USE_CC3XX_HASH_DRIVER + prompt "Enable CryptoCell driver support for the PSA hash APIs" bool default y - depends on PSA_WANT_KEY_TYPE_RSA_KEY_PAIR && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA hash APIs. Enabling this + will provide support for SHA1, SHA224 and SHA256. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY +config PSA_USE_CC3XX_MAC_DRIVER + prompt "Enable CryptoCell driver support for the PSA mac APIs" bool default y - depends on PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA mac APIs. Enabling this + will provide support for HMAC and CMAC. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +config PSA_USE_CC3XX_ECDH_DRIVER + prompt "Enable CryptoCell driver support for the PSA key agreement APIs" bool default y - depends on PSA_WANT_KEY_TYPE_AES && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA key agreement APIs. Enabling this + will provide support for key agreement with ECDH. -config MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +config PSA_USE_CC3XX_SIGNATURE_DRIVER + prompt "Enable CryptoCell driver support for the PSA asymmetric signature APIs" bool default y - depends on PSA_WANT_KEY_TYPE_CHACHA20 && \ - (PSA_CRYPTO_DRIVER_CC3XX || PSA_CRYPTO_DRIVER_OBERON) + help + Enable CryptoCell for the PSA asymmetric signature APIs. Enabling this + will provide support signing/verification with ECDSA in deterministic + and randomized modes and RSA in PKCS1V15 and PSS modes. +config PSA_USE_CC3XX_ASYMMETRIC_DRIVER + prompt "Enable CryptoCell driver support for the PSA asymmetric encryption APIs" + bool + default y + help + Enable CryptoCell for the PSA asymmetric encryption APIs. Enabling this + will provide support for assymetric encryption with RSA + in PKCS1V15 and OAEP modes. -rsource "nrf_cc3xx/Kconfig" +config PSA_USE_CC3XX_KEY_PAIR_DRIVER + prompt "Enable CryptoCell driver support for the PSA key management APIs" + bool + default y + depends on PSA_USE_CC3XX_ASYMMETRIC_DRIVER || \ + PSA_USE_CC3XX_SIGNATURE_DRIVER || \ + PSA_USE_CC3XX_ECDH_DRIVER + help + Enabling this will provide support for key generation, key importing and + public exporting for asymmetric keys. ECC and RSA keys are supported. + +endif + +config PSA_USE_CC3XX_CTR_DRBG_DRIVER + bool + default y + depends on PSA_USE_CTR_DRBG_DRIVER + depends on CRYPTOCELL_USABLE + +config PSA_USE_CC3XX_HMAC_DRBG_DRIVER + bool + default y + depends on PSA_USE_HMAC_DRBG_DRIVER + depends on CRYPTOCELL_USABLE + +endmenu + +menu "AES key size configuration" + +config PSA_WANT_AES_KEY_SIZE_128 + prompt "AES 128 bits key" + bool + +config PSA_WANT_AES_KEY_SIZE_192 + prompt "AES 192 bits key" + bool + +config PSA_WANT_AES_KEY_SIZE_256 + prompt "AES 256 bits key" + bool + +endmenu + +menu "RSA key size configuration" + +config PSA_WANT_RSA_KEY_SIZE_1024 + prompt "RSA 1024 bits key (weak)" + bool + default y + help + RSA with 1024 bit keys are not recommended for new designs. + Please see https://www.keylength.com/ + +config PSA_WANT_RSA_KEY_SIZE_1536 + prompt "RSA 1536 bits key (weak)" + bool + help + RSA with 1536 bit keys are not recommended for new designs. + Please see https://www.keylength.com/ + +config PSA_WANT_RSA_KEY_SIZE_2048 + prompt "RSA 2048 bits key" + bool -rsource "nrf_cc3xx_platform/Kconfig" +config PSA_WANT_RSA_KEY_SIZE_3072 + prompt "RSA 3072 bits key" + bool + +config PSA_WANT_RSA_KEY_SIZE_4096 + prompt "RSA 4096 bits key" + bool + +config PSA_WANT_RSA_KEY_SIZE_6144 + prompt "RSA 6144 bits key" + bool + +config PSA_WANT_RSA_KEY_SIZE_8192 + prompt "RSA 8192 bits key" + bool + +config PSA_MAX_RSA_KEY_BITS + int + default 8192 if PSA_WANT_RSA_KEY_SIZE_8192 + default 6144 if PSA_WANT_RSA_KEY_SIZE_6144 + default 4096 if PSA_WANT_RSA_KEY_SIZE_4096 + default 3072 if PSA_WANT_RSA_KEY_SIZE_3072 + default 2048 if PSA_WANT_RSA_KEY_SIZE_2048 + default 1536 if PSA_WANT_RSA_KEY_SIZE_1536 + default 1024 if PSA_WANT_RSA_KEY_SIZE_1024 + default 0 + +endmenu + + +rsource "Kconfig.psa_accel" + +rsource "nrf_cc3xx/Kconfig" rsource "nrf_oberon/Kconfig" diff --git a/subsys/nrf_security/src/drivers/Kconfig.psa_accel b/subsys/nrf_security/src/drivers/Kconfig.psa_accel new file mode 100644 index 000000000000..a147f3c1042f --- /dev/null +++ b/subsys/nrf_security/src/drivers/Kconfig.psa_accel @@ -0,0 +1,830 @@ +# +# Copyright (c) 2023 Nordic Semiconductor +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +# This invisible menu helps hiding these not user selectable options +# from menuconfig even when show-all mode is enabled +menu "PSA ACCEL - invisible" +visible if 0 + +config PSA_ACCEL_AES128_CBC_MAC + bool + +config PSA_ACCEL_AES128_CBC_NO_PADDING + bool + +config PSA_ACCEL_AES128_CBC_PKCS7 + bool + +config PSA_ACCEL_AES128_CCM + bool + +config PSA_ACCEL_AES128_CCM_STAR_NO_TAG + bool + +config PSA_ACCEL_AES128_CFB + bool + +config PSA_ACCEL_AES128_CMAC + bool + +config PSA_ACCEL_AES128_CTR + bool + +config PSA_ACCEL_AES128_ECB_NO_PADDING + bool + +config PSA_ACCEL_AES128_GCM + bool + +config PSA_ACCEL_AES128_OFB + bool + +config PSA_ACCEL_AES128_XTS + bool + +config PSA_ACCEL_AES192_CBC_MAC + bool + +config PSA_ACCEL_AES192_CBC_NO_PADDING + bool + +config PSA_ACCEL_AES192_CBC_PKCS7 + bool + +config PSA_ACCEL_AES192_CCM + bool + +config PSA_ACCEL_AES192_CCM_STAR_NO_TAG + bool + +config PSA_ACCEL_AES192_CFB + bool + +config PSA_ACCEL_AES192_CMAC + bool + +config PSA_ACCEL_AES192_CTR + bool + +config PSA_ACCEL_AES192_ECB_NO_PADDING + bool + +config PSA_ACCEL_AES192_GCM + bool + +config PSA_ACCEL_AES192_OFB + bool + +config PSA_ACCEL_AES192_XTS + bool + +config PSA_ACCEL_AES256_CBC_MAC + bool + +config PSA_ACCEL_AES256_CBC_NO_PADDING + bool + +config PSA_ACCEL_AES256_CBC_PKCS7 + bool + +config PSA_ACCEL_AES256_CCM + bool + +config PSA_ACCEL_AES256_CCM_STAR_NO_TAG + bool + +config PSA_ACCEL_AES256_CFB + bool + +config PSA_ACCEL_AES256_CMAC + bool + +config PSA_ACCEL_AES256_CTR + bool + +config PSA_ACCEL_AES256_ECB_NO_PADDING + bool + +config PSA_ACCEL_AES256_GCM + bool + +config PSA_ACCEL_AES256_OFB + bool + +config PSA_ACCEL_AES256_XTS + bool + +config PSA_ACCEL_AES_CMAC_PRF_128 + bool + +config PSA_ACCEL_ARIA + bool + +config PSA_ACCEL_CAMELLIA + bool + +config PSA_ACCEL_CHACHA20 + bool + +config PSA_ACCEL_CHACHA20_POLY1305 + bool + +config PSA_ACCEL_DES + bool + +config PSA_ACCEL_ECDH_P224 + bool + +config PSA_ACCEL_ECDH_P256 + bool + +config PSA_ACCEL_ECDH_P384 + bool + +config PSA_ACCEL_ECDH_X25519 + bool + +config PSA_ACCEL_ECDH_X448 + bool + +config PSA_ACCEL_ECDSA_ED25519 + bool + +config PSA_ACCEL_ECDSA_ED448 + bool + +config PSA_ACCEL_ECDSA_P224_SHA1 + bool + +config PSA_ACCEL_ECDSA_P224_SHA224 + bool + +config PSA_ACCEL_ECDSA_P224_SHA256 + bool + +config PSA_ACCEL_ECDSA_P224_SHA384 + bool + +config PSA_ACCEL_ECDSA_P224_SHA512 + bool + +config PSA_ACCEL_ECDSA_P256_SHA1 + bool + +config PSA_ACCEL_ECDSA_P256_SHA224 + bool + +config PSA_ACCEL_ECDSA_P256_SHA256 + bool + +config PSA_ACCEL_ECDSA_P256_SHA384 + bool + +config PSA_ACCEL_ECDSA_P256_SHA512 + bool + +config PSA_ACCEL_ECDSA_P384_SHA1 + bool + +config PSA_ACCEL_ECDSA_P384_SHA224 + bool + +config PSA_ACCEL_ECDSA_P384_SHA256 + bool + +config PSA_ACCEL_ECDSA_P384_SHA384 + bool + +config PSA_ACCEL_ECDSA_P384_SHA512 + bool + +config PSA_ACCEL_ECJPAKE_P256_SHA1 + bool + +config PSA_ACCEL_ECJPAKE_P256_SHA224 + bool + +config PSA_ACCEL_ECJPAKE_P256_SHA256 + bool + +config PSA_ACCEL_ECJPAKE_P256_SHA384 + bool + +config PSA_ACCEL_ECJPAKE_P256_SHA512 + bool + +config PSA_ACCEL_ECJPAKE_TO_PMS + bool + +config PSA_ACCEL_ED25519PH + bool + +config PSA_ACCEL_ED448PH + bool + +config PSA_ACCEL_ENTROPY + bool + +config PSA_ACCEL_FFDH_2048 + bool + +config PSA_ACCEL_FFDH_3072 + bool + +config PSA_ACCEL_FFDH_4096 + bool + +config PSA_ACCEL_FFDH_6144 + bool + +config PSA_ACCEL_FFDH_8192 + bool + +config PSA_ACCEL_HKDF_EXPAND_SHA1 + bool + +config PSA_ACCEL_HKDF_EXPAND_SHA224 + bool + +config PSA_ACCEL_HKDF_EXPAND_SHA256 + bool + +config PSA_ACCEL_HKDF_EXPAND_SHA384 + bool + +config PSA_ACCEL_HKDF_EXPAND_SHA512 + bool + +config PSA_ACCEL_HKDF_EXTRACT_SHA1 + bool + +config PSA_ACCEL_HKDF_EXTRACT_SHA224 + bool + +config PSA_ACCEL_HKDF_EXTRACT_SHA256 + bool + +config PSA_ACCEL_HKDF_EXTRACT_SHA384 + bool + +config PSA_ACCEL_HKDF_EXTRACT_SHA512 + bool + +config PSA_ACCEL_HKDF_SHA1 + bool + +config PSA_ACCEL_HKDF_SHA224 + bool + +config PSA_ACCEL_HKDF_SHA256 + bool + +config PSA_ACCEL_HKDF_SHA384 + bool + +config PSA_ACCEL_HKDF_SHA512 + bool + +config PSA_ACCEL_HMAC_SHA1 + bool + +config PSA_ACCEL_HMAC_SHA224 + bool + +config PSA_ACCEL_HMAC_SHA256 + bool + +config PSA_ACCEL_HMAC_SHA384 + bool + +config PSA_ACCEL_HMAC_SHA512 + bool + +config PSA_ACCEL_KEY_PAIR_ED25519 + bool + +config PSA_ACCEL_KEY_PAIR_K163 + bool + +config PSA_ACCEL_KEY_PAIR_K192 + bool + +config PSA_ACCEL_KEY_PAIR_K224 + bool + +config PSA_ACCEL_KEY_PAIR_K233 + bool + +config PSA_ACCEL_KEY_PAIR_K239 + bool + +config PSA_ACCEL_KEY_PAIR_K256 + bool + +config PSA_ACCEL_KEY_PAIR_K283 + bool + +config PSA_ACCEL_KEY_PAIR_K409 + bool + +config PSA_ACCEL_KEY_PAIR_K571 + bool + +config PSA_ACCEL_KEY_PAIR_P192 + bool + +config PSA_ACCEL_KEY_PAIR_P224 + bool + +config PSA_ACCEL_KEY_PAIR_P256 + bool + +config PSA_ACCEL_KEY_PAIR_P384 + bool + +config PSA_ACCEL_KEY_PAIR_PB160 + bool + +config PSA_ACCEL_KEY_PAIR_PB192 + bool + +config PSA_ACCEL_KEY_PAIR_PB224 + bool + +config PSA_ACCEL_KEY_PAIR_PB256 + bool + +config PSA_ACCEL_KEY_PAIR_PB320 + bool + +config PSA_ACCEL_KEY_PAIR_PB384 + bool + +config PSA_ACCEL_KEY_PAIR_PB512 + bool + +config PSA_ACCEL_KEY_PAIR_R163 + bool + +config PSA_ACCEL_KEY_PAIR_R192 + bool + +config PSA_ACCEL_KEY_PAIR_R233 + bool + +config PSA_ACCEL_KEY_PAIR_R283 + bool + +config PSA_ACCEL_KEY_PAIR_R409 + bool + +config PSA_ACCEL_KEY_PAIR_R521 + bool + +config PSA_ACCEL_KEY_PAIR_R571 + bool + +config PSA_ACCEL_KEY_PAIR_X25519 + bool + +config PSA_ACCEL_MD5 + bool + +config PSA_ACCEL_PBKDF2_HMAC_SHA1 + bool + +config PSA_ACCEL_PBKDF2_HMAC_SHA224 + bool + +config PSA_ACCEL_PBKDF2_HMAC_SHA256 + bool + +config PSA_ACCEL_PBKDF2_HMAC_SHA384 + bool + +config PSA_ACCEL_PBKDF2_HMAC_SHA512 + bool + +config PSA_ACCEL_RANDOM + bool + +config PSA_ACCEL_RIPEMD160 + bool + +config PSA_ACCEL_RSA1024_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA1024_SHA1_OAEP + bool + +config PSA_ACCEL_RSA1024_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1024_SHA1_PSS + bool + +config PSA_ACCEL_RSA1024_SHA224_OAEP + bool + +config PSA_ACCEL_RSA1024_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1024_SHA224_PSS + bool + +config PSA_ACCEL_RSA1024_SHA256_OAEP + bool + +config PSA_ACCEL_RSA1024_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1024_SHA256_PSS + bool + +config PSA_ACCEL_RSA1024_SHA384_OAEP + bool + +config PSA_ACCEL_RSA1024_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1024_SHA384_PSS + bool + +config PSA_ACCEL_RSA1024_SHA512_OAEP + bool + +config PSA_ACCEL_RSA1024_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1024_SHA512_PSS + bool + +config PSA_ACCEL_RSA1536_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA1536_SHA1_OAEP + bool + +config PSA_ACCEL_RSA1536_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1536_SHA1_PSS + bool + +config PSA_ACCEL_RSA1536_SHA224_OAEP + bool + +config PSA_ACCEL_RSA1536_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1536_SHA224_PSS + bool + +config PSA_ACCEL_RSA1536_SHA256_OAEP + bool + +config PSA_ACCEL_RSA1536_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1536_SHA256_PSS + bool + +config PSA_ACCEL_RSA1536_SHA384_OAEP + bool + +config PSA_ACCEL_RSA1536_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1536_SHA384_PSS + bool + +config PSA_ACCEL_RSA1536_SHA512_OAEP + bool + +config PSA_ACCEL_RSA1536_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA1536_SHA512_PSS + bool + +config PSA_ACCEL_RSA2048_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA2048_SHA1_OAEP + bool + +config PSA_ACCEL_RSA2048_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA2048_SHA1_PSS + bool + +config PSA_ACCEL_RSA2048_SHA224_OAEP + bool + +config PSA_ACCEL_RSA2048_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA2048_SHA224_PSS + bool + +config PSA_ACCEL_RSA2048_SHA256_OAEP + bool + +config PSA_ACCEL_RSA2048_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA2048_SHA256_PSS + bool + +config PSA_ACCEL_RSA2048_SHA384_OAEP + bool + +config PSA_ACCEL_RSA2048_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA2048_SHA384_PSS + bool + +config PSA_ACCEL_RSA2048_SHA512_OAEP + bool + +config PSA_ACCEL_RSA2048_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA2048_SHA512_PSS + bool + +config PSA_ACCEL_RSA3072_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA3072_SHA1_OAEP + bool + +config PSA_ACCEL_RSA3072_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA3072_SHA1_PSS + bool + +config PSA_ACCEL_RSA3072_SHA224_OAEP + bool + +config PSA_ACCEL_RSA3072_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA3072_SHA224_PSS + bool + +config PSA_ACCEL_RSA3072_SHA256_OAEP + bool + +config PSA_ACCEL_RSA3072_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA3072_SHA256_PSS + bool + +config PSA_ACCEL_RSA3072_SHA384_OAEP + bool + +config PSA_ACCEL_RSA3072_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA3072_SHA384_PSS + bool + +config PSA_ACCEL_RSA3072_SHA512_OAEP + bool + +config PSA_ACCEL_RSA3072_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA3072_SHA512_PSS + bool + +config PSA_ACCEL_RSA4096_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA4096_SHA1_OAEP + bool + +config PSA_ACCEL_RSA4096_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA4096_SHA1_PSS + bool + +config PSA_ACCEL_RSA4096_SHA224_OAEP + bool + +config PSA_ACCEL_RSA4096_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA4096_SHA224_PSS + bool + +config PSA_ACCEL_RSA4096_SHA256_OAEP + bool + +config PSA_ACCEL_RSA4096_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA4096_SHA256_PSS + bool + +config PSA_ACCEL_RSA4096_SHA384_OAEP + bool + +config PSA_ACCEL_RSA4096_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA4096_SHA384_PSS + bool + +config PSA_ACCEL_RSA4096_SHA512_OAEP + bool + +config PSA_ACCEL_RSA4096_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA4096_SHA512_PSS + bool + +config PSA_ACCEL_RSA6144_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA6144_SHA1_OAEP + bool + +config PSA_ACCEL_RSA6144_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA6144_SHA1_PSS + bool + +config PSA_ACCEL_RSA6144_SHA224_OAEP + bool + +config PSA_ACCEL_RSA6144_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA6144_SHA224_PSS + bool + +config PSA_ACCEL_RSA6144_SHA256_OAEP + bool + +config PSA_ACCEL_RSA6144_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA6144_SHA256_PSS + bool + +config PSA_ACCEL_RSA6144_SHA384_OAEP + bool + +config PSA_ACCEL_RSA6144_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA6144_SHA384_PSS + bool + +config PSA_ACCEL_RSA6144_SHA512_OAEP + bool + +config PSA_ACCEL_RSA6144_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA6144_SHA512_PSS + bool + +config PSA_ACCEL_RSA8192_PKCS1V15_CRYPT + bool + +config PSA_ACCEL_RSA8192_SHA1_PSS + bool + +config PSA_ACCEL_RSA8192_SHA1_OAEP + bool + +config PSA_ACCEL_RSA8192_SHA1_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA8192_SHA224_OAEP + bool + +config PSA_ACCEL_RSA8192_SHA224_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA8192_SHA224_PSS + bool + +config PSA_ACCEL_RSA8192_SHA256_OAEP + bool + +config PSA_ACCEL_RSA8192_SHA256_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA8192_SHA256_PSS + bool + +config PSA_ACCEL_RSA8192_SHA384_OAEP + bool + +config PSA_ACCEL_RSA8192_SHA384_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA8192_SHA384_PSS + bool + +config PSA_ACCEL_RSA8192_SHA512_OAEP + bool + +config PSA_ACCEL_RSA8192_SHA512_PKCS1V15_SIGN + bool + +config PSA_ACCEL_RSA8192_SHA512_PSS + bool + +config PSA_ACCEL_SHA1 + bool + +config PSA_ACCEL_SHA224 + bool + +config PSA_ACCEL_SHA256 + bool + +config PSA_ACCEL_SHA384 + bool + +config PSA_ACCEL_SHA3_224 + bool + +config PSA_ACCEL_SHA3_256 + bool + +config PSA_ACCEL_SHA3_384 + bool + +config PSA_ACCEL_SHA3_512 + bool + +config PSA_ACCEL_SHA512 + bool + +config PSA_ACCEL_SHAKE256_512 + bool + +config PSA_ACCEL_SHA_512_224 + bool + +config PSA_ACCEL_SHA_512_256 + bool + +config PSA_ACCEL_SPAKE2P_P256_SHA1 + bool + +config PSA_ACCEL_SPAKE2P_P256_SHA224 + bool + +config PSA_ACCEL_SPAKE2P_P256_SHA256 + bool + +config PSA_ACCEL_SPAKE2P_P256_SHA384 + bool + +config PSA_ACCEL_SPAKE2P_P256_SHA512 + bool + +config PSA_ACCEL_SRP_6_3072_SHA1 + bool + +config PSA_ACCEL_SRP_6_3072_SHA224 + bool + +config PSA_ACCEL_SRP_6_3072_SHA256 + bool + +config PSA_ACCEL_SRP_6_3072_SHA384 + bool + +config PSA_ACCEL_SRP_6_3072_SHA512 + bool + +config PSA_ACCEL_TLS12_PRF_SHA256 + bool + +config PSA_ACCEL_TLS12_PRF_SHA384 + bool + +config PSA_ACCEL_TLS12_PSK_TO_MS_SHA256 + bool + +config PSA_ACCEL_TLS12_PSK_TO_MS_SHA384 + bool +endmenu diff --git a/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig b/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig index be28fc0a20a3..d3ef34a721a6 100644 --- a/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig +++ b/subsys/nrf_security/src/drivers/nrf_cc3xx/Kconfig @@ -1,257 +1,530 @@ # -# Copyright (c) 2021-2022 Nordic Semiconductor +# Copyright (c) 2021 - 2023 Nordic Semiconductor # # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # -menuconfig PSA_CRYPTO_DRIVER_CC3XX +# This invisible menu helps hiding these not user selectable options +# from menuconfig even when show-all mode is enabled +menu "PSA NEED CC3XX - invisible" +visible if 0 + +# CC3xx AEAD Driver + +config PSA_NEED_CC3XX_AES_CCM bool - prompt "PSA CryptoCell Driver" if !PSA_PROMPTLESS - depends on CRYPTOCELL_USABLE - default n - select NRF_CC3XX_PLATFORM if !BUILD_WITH_TFM - help - Enable PSA Driver for CryptoCell + default y + select PSA_ACCEL_AES128_CCM + select PSA_ACCEL_AES192_CCM if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_CCM if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_CCM + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_AEAD_DRIVER -if PSA_CRYPTO_DRIVER_CC3XX +config PSA_NEED_CC3XX_AES_GCM + bool + default y + select PSA_ACCEL_AES128_GCM + select PSA_ACCEL_AES192_GCM + select PSA_ACCEL_AES256_GCM + depends on HAS_HW_NRF_CC312 + depends on PSA_WANT_ALG_GCM + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_AEAD_DRIVER -config PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX +config PSA_NEED_CC3XX_CHACHA20_POLY1305 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX + select PSA_ACCEL_CHACHA20_POLY1305 + depends on PSA_WANT_ALG_CHACHA20_POLY1305 + depends on PSA_USE_CC3XX_AEAD_DRIVER -config PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX +config PSA_NEED_CC3XX_AEAD_DRIVER bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX + depends on PSA_NEED_CC3XX_AES_CCM || PSA_NEED_CC3XX_AES_GCM || PSA_NEED_CC3XX_CHACHA20_POLY1305 + +# CC3xx Cipher Driver -config PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX +config PSA_NEED_CC3XX_AES_CTR bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX + select PSA_ACCEL_AES128_CTR + select PSA_ACCEL_AES192_CTR if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_CTR if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_CTR + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_CIPHER_DRIVER -config PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX +config PSA_NEED_CC3XX_AES_CBC_PKCS7 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX + select PSA_ACCEL_AES128_CBC_PKCS7 + select PSA_ACCEL_AES192_CBC_PKCS7 if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_CBC_PKCS7 if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_CBC_PKCS7 + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_CIPHER_DRIVER -# PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_CC3XX - Currently not supported +config PSA_NEED_CC3XX_AES_CBC_NO_PADDING + bool + default y + select PSA_ACCEL_AES128_CBC_NO_PADDING + select PSA_ACCEL_AES192_CBC_NO_PADDING if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_CBC_NO_PADDING if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_CBC_NO_PADDING + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_CIPHER_DRIVER -config PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX +config PSA_NEED_CC3XX_AES_ECB_NO_PADDING bool default y - depends on PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX + select PSA_ACCEL_AES128_ECB_NO_PADDING + select PSA_ACCEL_AES192_ECB_NO_PADDING if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_ECB_NO_PADDING if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_ECB_NO_PADDING + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_CIPHER_DRIVER -config PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX +config PSA_NEED_CC3XX_AES_OFB bool default y - depends on PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX + select PSA_ACCEL_AES128_OFB + select PSA_ACCEL_AES192_OFB if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_OFB if HAS_HW_NRF_CC312 + depends on PSA_WANT_AES_KEY_SIZE_128 || !HAS_HW_NRF_CC310 + depends on PSA_WANT_ALG_OFB + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_USE_CC3XX_CIPHER_DRIVER -config PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_CC3XX +config PSA_NEED_CC3XX_CHACHA20 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX + select PSA_ACCEL_CHACHA20 + depends on PSA_WANT_ALG_STREAM_CIPHER + depends on PSA_WANT_KEY_TYPE_CHACHA20 + depends on PSA_USE_CC3XX_CIPHER_DRIVER -config PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_CC3XX +config PSA_NEED_CC3XX_CIPHER_DRIVER bool default y - depends on PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX || \ - PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX + depends on PSA_NEED_CC3XX_AES_CTR || \ + PSA_NEED_CC3XX_AES_CBC_PKCS7 || \ + PSA_NEED_CC3XX_AES_CBC_NO_PADDING || \ + PSA_NEED_CC3XX_AES_ECB_NO_PADDING || \ + PSA_NEED_CC3XX_AES_OFB || \ + PSA_NEED_CC3XX_CHACHA20 -config PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX +# CC3xx Key Agreement Driver + +config PSA_NEED_CC3XX_ECDH_P224 bool default y - depends on PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX || \ - PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX || \ - PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX || \ - PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX || \ - PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX || \ - PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_CC3XX + select PSA_ACCEL_ECDH_P224 + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_224 + depends on PSA_USE_CC3XX_ECDH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX +config PSA_NEED_CC3XX_ECDH_P256 bool - prompt "PSA CBC support (without padding) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CBC_NO_PADDING + default y + select PSA_ACCEL_ECDH_P256 + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_USE_CC3XX_ECDH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX +config PSA_NEED_CC3XX_ECDH_P384 bool - prompt "PSA CBC support (padded with PKCS#7) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CBC_PKCS7 + default y + select PSA_ACCEL_ECDH_P384 + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_384 + depends on PSA_USE_CC3XX_ECDH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX +config PSA_NEED_CC3XX_ECDH_X25519 bool - prompt "PSA AES CCM support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CCM + default y + select PSA_ACCEL_ECDH_X25519 + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_MONTGOMERY_255 + depends on PSA_USE_CC3XX_ECDH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_OFB_CC3XX +config PSA_NEED_CC3XX_ECDH_DRIVER bool - prompt "PSA AES OFB support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_OFB + default y + depends on PSA_NEED_CC3XX_ECDH_P224 || PSA_NEED_CC3XX_ECDH_P256 || \ + PSA_NEED_CC3XX_ECDH_P384 || \ + PSA_NEED_CC3XX_ECDH_X25519 -config PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX +# CC3xx Signature Driver + +config PSA_WANT_ALG_ANY_ECDSA bool - prompt "PSA ChaCha20/Poly1305 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CHACHA20_POLY1305 + default y + depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA -config PSA_CRYPTO_DRIVER_ALG_CMAC_CC3XX +config PSA_NEED_CC3XX_ECDSA_P192 bool - prompt "PSA AES CMAC support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CMAC + default y + #TODO: Add ACCEL symbol selection when available + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_R1_192 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX +config PSA_NEED_CC3XX_ECDSA_P224 bool - prompt "PSA AES CTR mode support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CTR + default y + select PSA_ACCEL_ECDSA_P224_SHA1 + select PSA_ACCEL_ECDSA_P224_SHA224 + select PSA_ACCEL_ECDSA_P224_SHA256 + select PSA_ACCEL_ECDSA_P224_SHA384 if PSA_WANT_ALG_SHA_384 + select PSA_ACCEL_ECDSA_P224_SHA512 if PSA_WANT_ALG_SHA_512 + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_R1_224 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX +config PSA_NEED_CC3XX_ECDSA_P256 bool - prompt "PSA ECDSA support (deterministic mode) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_DETERMINISTIC_ECDSA + default y + select PSA_ACCEL_ECDSA_P256_SHA1 + select PSA_ACCEL_ECDSA_P256_SHA224 + select PSA_ACCEL_ECDSA_P256_SHA256 + select PSA_ACCEL_ECDSA_P256_SHA384 if PSA_WANT_ALG_SHA_384 + select PSA_ACCEL_ECDSA_P256_SHA512 if PSA_WANT_ALG_SHA_512 + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX +config PSA_NEED_CC3XX_ECDSA_K192 bool - prompt "PSA AES ECB (no padding) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_ECB_NO_PADDING + default y + #TODO: Add the accel symbols when available + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_K1_192 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX +config PSA_NEED_CC3XX_ECDSA_K224 bool - prompt "PSA ECDH support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_ECDH + default y + #TODO: Add the accel symbols when available + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_K1_224 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER + +config PSA_NEED_CC3XX_ECDSA_K256 + bool + default y + #TODO: Add the accel symbols when available + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_K1_256 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX +config PSA_NEED_CC3XX_ECDSA_P384 bool - prompt "PSA ECDSA support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_ECDSA + default y + select PSA_ACCEL_ECDSA_P384_SHA1 + select PSA_ACCEL_ECDSA_P384_SHA224 + select PSA_ACCEL_ECDSA_P384_SHA256 + select PSA_ACCEL_ECDSA_P384_SHA384 if PSA_WANT_ALG_SHA_384 + select PSA_ACCEL_ECDSA_P384_SHA512 if PSA_WANT_ALG_SHA_512 + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_SECP_R1_384 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX +config PSA_NEED_CC3XX_ECDSA_PB256 bool - prompt "PSA AES GCM support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_GCM && CRYPTOCELL_CC312_USABLE + default y + #TODO: Add all the accel symbols when available + depends on PSA_WANT_ALG_ANY_ECDSA + depends on PSA_WANT_ECC_BRAINPOOL_P_R1_256 + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -# PSA_CRYPTO_DRIVER_ALG_HKDF_CC3XX - Currently not supported +config PSA_NEED_CC3XX_RSA_PKCS1V15_SIGN + bool + default y + select PSA_ACCEL_RSA1024_SHA224_PKCS1V15_SIGN + select PSA_ACCEL_RSA1024_SHA256_PKCS1V15_SIGN + select PSA_ACCEL_RSA1536_SHA224_PKCS1V15_SIGN + select PSA_ACCEL_RSA1536_SHA256_PKCS1V15_SIGN + select PSA_ACCEL_RSA2048_SHA224_PKCS1V15_SIGN + select PSA_ACCEL_RSA2048_SHA256_PKCS1V15_SIGN + select PSA_ACCEL_RSA3072_SHA224_PKCS1V15_SIGN if HAS_HW_NRF_CC312 + select PSA_ACCEL_RSA3072_SHA256_PKCS1V15_SIGN if HAS_HW_NRF_CC312 + depends on PSA_WANT_RSA_KEY_SIZE_1024 || PSA_WANT_RSA_KEY_SIZE_1536 || \ + PSA_WANT_RSA_KEY_SIZE_2048 || (PSA_WANT_RSA_KEY_SIZE_3072 && HAS_HW_NRF_CC312) + depends on PSA_WANT_ALG_RSA_PKCS1V15_SIGN + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER -config PSA_CRYPTO_DRIVER_ALG_HMAC_CC3XX +config PSA_NEED_CC3XX_RSA_PSS bool - prompt "PSA HMAC support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_HMAC + default y + select PSA_ACCEL_RSA1024_SHA224_PSS + select PSA_ACCEL_RSA1024_SHA256_PSS + select PSA_ACCEL_RSA1536_SHA224_PSS + select PSA_ACCEL_RSA1536_SHA256_PSS + select PSA_ACCEL_RSA2048_SHA224_PSS + select PSA_ACCEL_RSA2048_SHA256_PSS + select PSA_ACCEL_RSA3072_SHA224_PSS if HAS_HW_NRF_CC312 + select PSA_ACCEL_RSA3072_SHA256_PSS if HAS_HW_NRF_CC312 + depends on PSA_WANT_RSA_KEY_SIZE_1024 || PSA_WANT_RSA_KEY_SIZE_1536 || \ + PSA_WANT_RSA_KEY_SIZE_2048 || (PSA_WANT_RSA_KEY_SIZE_3072 && HAS_HW_NRF_CC312) + depends on PSA_WANT_ALG_RSA_PSS + depends on PSA_USE_CC3XX_SIGNATURE_DRIVER + +config PSA_NEED_CC3XX_SIGNATURE_DRIVER + bool + default y + depends on PSA_NEED_CC3XX_ECDSA_P192 || \ + PSA_NEED_CC3XX_ECDSA_P224 || \ + PSA_NEED_CC3XX_ECDSA_P256 || \ + PSA_NEED_CC3XX_ECDSA_P384 || \ + PSA_NEED_CC3XX_ECDSA_K192 || \ + PSA_NEED_CC3XX_ECDSA_K224 || \ + PSA_NEED_CC3XX_ECDSA_K256 || \ + PSA_NEED_CC3XX_ECDSA_PB256 || \ + PSA_NEED_CC3XX_RSA_PKCS1V15_SIGN || \ + PSA_NEED_CC3XX_RSA_PSS -# PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_CC3XX - Currently not supported +# CC3xx Asymmetric Encryption Driver -config PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_CC3XX +config PSA_NEED_CC3XX_RSA_OAEP bool - prompt "PSA RSA OAEP support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_RSA1024_SHA224_OAEP + select PSA_ACCEL_RSA1024_SHA256_OAEP + select PSA_ACCEL_RSA1536_SHA224_OAEP + select PSA_ACCEL_RSA1536_SHA256_OAEP + select PSA_ACCEL_RSA2048_SHA224_OAEP + select PSA_ACCEL_RSA2048_SHA256_OAEP + select PSA_ACCEL_RSA3072_SHA224_OAEP if HAS_HW_NRF_CC312 + select PSA_ACCEL_RSA3072_SHA256_OAEP if HAS_HW_NRF_CC312 + depends on PSA_WANT_RSA_KEY_SIZE_1024 || PSA_WANT_RSA_KEY_SIZE_1536 || \ + PSA_WANT_RSA_KEY_SIZE_2048 || (PSA_WANT_RSA_KEY_SIZE_3072 && HAS_HW_NRF_CC312) depends on PSA_WANT_ALG_RSA_OAEP + depends on PSA_USE_CC3XX_ASYMMETRIC_DRIVER -config PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_CC3XX +config PSA_NEED_CC3XX_RSA_PKCS1V15_CRYPT bool - prompt "PSA RSA crypt support (PKCS#1 v1.5 mode) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_RSA1024_PKCS1V15_CRYPT + select PSA_ACCEL_RSA1536_PKCS1V15_CRYPT + select PSA_ACCEL_RSA2048_PKCS1V15_CRYPT + select PSA_ACCEL_RSA3072_PKCS1V15_CRYPT if HAS_HW_NRF_CC312 + depends on PSA_WANT_RSA_KEY_SIZE_1024 || PSA_WANT_RSA_KEY_SIZE_1536 || \ + PSA_WANT_RSA_KEY_SIZE_2048 || (PSA_WANT_RSA_KEY_SIZE_3072 && HAS_HW_NRF_CC312) depends on PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + depends on PSA_USE_CC3XX_ASYMMETRIC_DRIVER -config PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_CC3XX +config PSA_NEED_CC3XX_ASYMMETRIC_DRIVER bool - prompt "PSA RSA signature support (PKCS#1 v1.5 mode) - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_RSA_PKCS1V15_SIGN + default y + depends on PSA_NEED_CC3XX_RSA_OAEP || PSA_NEED_CC3XX_RSA_PKCS1V15_CRYPT -config PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX +# CC3xx Hash Driver + +config PSA_NEED_CC3XX_SHA_1 bool - prompt "PSA SHA1 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_SHA1 depends on PSA_WANT_ALG_SHA_1 + depends on PSA_USE_CC3XX_HASH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX +config PSA_NEED_CC3XX_SHA_224 bool - prompt "PSA SHA-224 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_SHA224 depends on PSA_WANT_ALG_SHA_224 + depends on PSA_USE_CC3XX_HASH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX +config PSA_NEED_CC3XX_SHA_256 bool - prompt "PSA SHA-256 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_SHA256 depends on PSA_WANT_ALG_SHA_256 + depends on PSA_USE_CC3XX_HASH_DRIVER -config PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX +config PSA_NEED_CC3XX_HASH_DRIVER bool - prompt "PSA stream cipher support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_STREAM_CIPHER + default y + depends on PSA_NEED_CC3XX_SHA_1 || \ + PSA_NEED_CC3XX_SHA_224 || \ + PSA_NEED_CC3XX_SHA_256 -config PSA_CRYPTO_DRIVER_ECC_BRAINPOOL_P_R1_256_CC3XX +# CC3xx Key Generation Driver + +config PSA_NEED_CC3XX_RSA_KEY_SIZE_1024 bool - prompt "PSA ECC Brainpool256r1 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ECC_BRAINPOOL_P_R1_256 + default y + depends on PSA_WANT_RSA_KEY_SIZE_1024 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_RSA_KEY_SIZE_1536 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_1536 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_RSA_KEY_SIZE_2048 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_2048 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_RSA_KEY_SIZE_3072 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_3072 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + depends on HAS_HW_NRF_CC312 + +config PSA_NEED_CC3XX_KEY_PAIR_RSA + bool + default y + depends on PSA_NEED_CC3XX_RSA_KEY_SIZE_1024 || PSA_NEED_CC3XX_RSA_KEY_SIZE_1536 || \ + PSA_NEED_CC3XX_RSA_KEY_SIZE_2048 || PSA_NEED_CC3XX_RSA_KEY_SIZE_3072 + +config PSA_NEED_CC3XX_KEY_PAIR_P192 + bool + default y + select PSA_ACCEL_KEY_PAIR_P192 + depends on PSA_WANT_ECC_SECP_R1_192 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_P224 + bool + default y + select PSA_ACCEL_KEY_PAIR_P224 + depends on PSA_WANT_ECC_SECP_R1_224 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_P256 + bool + default y + select PSA_ACCEL_KEY_PAIR_P256 + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_P384 + bool + default y + select PSA_ACCEL_KEY_PAIR_P384 + depends on PSA_WANT_ECC_SECP_R1_384 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_SECP + bool + default y + depends on PSA_NEED_CC3XX_KEY_PAIR_P192 || PSA_NEED_CC3XX_KEY_PAIR_P224 || \ + PSA_NEED_CC3XX_KEY_PAIR_P256 || PSA_NEED_CC3XX_KEY_PAIR_P384 -config PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX +config PSA_NEED_CC3XX_KEY_PAIR_X25519 bool - prompt "PSA ECC Curve25519 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_KEY_PAIR_X25519 + depends on PSA_WANT_ECC_MONTGOMERY_255 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_ED25519 + bool + # TODO: Uncomment when NCSDK-22734 is fixed + #default y + #select PSA_ACCEL_KEY_PAIR_ED25519 depends on PSA_WANT_ECC_MONTGOMERY_255 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER + +config PSA_NEED_CC3XX_KEY_PAIR_25519 + bool + default y + depends on PSA_NEED_CC3XX_KEY_PAIR_X25519 || PSA_NEED_CC3XX_KEY_PAIR_ED25519 + +config PSA_NEED_CC3XX_KEY_PAIR_PB256 + bool + default y + select PSA_ACCEL_KEY_PAIR_PB256 + depends on PSA_WANT_ECC_BRAINPOOL_P_R1_256 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER -config PSA_CRYPTO_DRIVER_ECC_SECP_K1_192_CC3XX +config PSA_NEED_CC3XX_KEY_PAIR_K192 bool - prompt "PSA ECC secp192k1 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF + default y + select PSA_ACCEL_KEY_PAIR_K192 depends on PSA_WANT_ECC_SECP_K1_192 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER -# PSA_CRYPTO_DRIVER_ECC_SECP_K1_224_CC3XX - Currently not supported +config PSA_NEED_CC3XX_KEY_PAIR_K224 + bool + default y + select PSA_ACCEL_KEY_PAIR_K224 + depends on PSA_WANT_ECC_SECP_K1_224 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER -config PSA_CRYPTO_DRIVER_ECC_SECP_K1_256_CC3XX +config PSA_NEED_CC3XX_KEY_PAIR_K256 bool - prompt "PSA ECC secp256k1 support - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_K1_256 + default y + select PSA_ACCEL_KEY_PAIR_K256 + depends on PSA_WANT_ECC_SECP_K1_256 + depends on PSA_USE_CC3XX_KEY_PAIR_DRIVER -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_192_CC3XX +config PSA_NEED_CC3XX_KEY_PAIR_SECK1 bool - prompt "PSA ECC secp192r1 - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_192 + default y + depends on PSA_NEED_CC3XX_KEY_PAIR_K192 || \ + PSA_NEED_CC3XX_KEY_PAIR_K224 || \ + PSA_NEED_CC3XX_KEY_PAIR_K256 -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX +config PSA_NEED_CC3XX_KEY_PAIR_DRIVER bool - prompt "PSA ECC secp224r1 - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_224 + default y + depends on PSA_NEED_CC3XX_KEY_PAIR_SECP || \ + PSA_NEED_CC3XX_KEY_PAIR_SECK1 || \ + PSA_NEED_CC3XX_KEY_PAIR_RSA || \ + PSA_NEED_CC3XX_KEY_PAIR_ED25519 || \ + PSA_NEED_CC3XX_KEY_PAIR_PB256 + +# CC3xx MAC Driver -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX +config PSA_NEED_CC3XX_HMAC bool - prompt "PSA ECC secp256r1 - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_256 + default y + select PSA_ACCEL_HMAC_SHA1 + select PSA_ACCEL_HMAC_SHA224 + select PSA_ACCEL_HMAC_SHA256 + depends on PSA_WANT_ALG_HMAC + depends on PSA_USE_CC3XX_MAC_DRIVER -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX +config PSA_NEED_CC3XX_CMAC bool - prompt "PSA ECC secp384r1 - cc3xx" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_384 + default y + select PSA_ACCEL_AES128_CMAC + select PSA_ACCEL_AES192_CMAC if HAS_HW_NRF_CC312 + select PSA_ACCEL_AES256_CMAC if HAS_HW_NRF_CC312 + depends on PSA_WANT_ALG_CMAC + depends on PSA_USE_CC3XX_MAC_DRIVER -# PSA_CRYPTO_DRIVER_ALG_XTS_CC3XX - Currently not supported +config PSA_NEED_CC3XX_MAC_DRIVER + bool + default y + depends on PSA_NEED_CC3XX_HMAC || PSA_NEED_CC3XX_CMAC + +# CC3xx Entropy Driver + +config PSA_NEED_CC3XX_CTR_DRBG_DRIVER + bool + default y + select PSA_ACCEL_RANDOM + depends on PSA_USE_CTR_DRBG_DRIVER + depends on PSA_USE_CC3XX_CTR_DRBG_DRIVER + +config PSA_NEED_CC3XX_HMAC_DRBG_DRIVER + bool + default y + select PSA_ACCEL_RANDOM + depends on PSA_USE_HMAC_DRBG_DRIVER + depends on PSA_USE_CC3XX_HMAC_DRBG_DRIVER -endif # PSA_CRYPTO_DRIVER_CC3XX +endmenu diff --git a/subsys/nrf_security/src/drivers/nrf_cc3xx_platform/Kconfig b/subsys/nrf_security/src/drivers/nrf_cc3xx_platform/Kconfig deleted file mode 100644 index 58ff6ebe3c19..000000000000 --- a/subsys/nrf_security/src/drivers/nrf_cc3xx_platform/Kconfig +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (c) 2023 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -config PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM - bool - default y - depends on CRYPTOCELL_USABLE - depends on PSA_WANT_GENERATE_RANDOM - -config PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM - bool - default y - depends on PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM && \ - PSA_WANT_ALG_CTR_DRBG - -config PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM - bool - default y - depends on PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM && \ - PSA_WANT_ALG_HMAC_DRBG diff --git a/subsys/nrf_security/src/drivers/nrf_oberon/CMakeLists.txt b/subsys/nrf_security/src/drivers/nrf_oberon/CMakeLists.txt index 08b3db4d2f7b..266fab8ca4cb 100644 --- a/subsys/nrf_security/src/drivers/nrf_oberon/CMakeLists.txt +++ b/subsys/nrf_security/src/drivers/nrf_oberon/CMakeLists.txt @@ -25,30 +25,24 @@ if(CONFIG_MBEDTLS_PSA_CRYPTO_C) endif() if (COMPILE_PSA_APIS) - list(APPEND src_crypto_oberon ${drivers_path}/oberon_helpers.c) - - # The mapping from CONFIG_ to source file comes from the header file - # includes in psa_crypto_driver_wrappers.c - - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON src_crypto_oberon ${drivers_path} oberon_key_pair.c) - - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_aead.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_kdf.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_mac.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_cipher.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_rsa.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_hash.c) - - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON src_crypto_oberon ${drivers_path} oberon_ecdsa.c) - - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON src_crypto_oberon ${drivers_path} oberon_ecdh.c) - - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON src_crypto_oberon ${drivers_path} oberon_jpake.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON src_crypto_oberon ${drivers_path} oberon_spake2p.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_SRP_OBERON src_crypto_oberon ${drivers_path} oberon_srp.c) + list(APPEND src_crypto_oberon + ${drivers_path}/oberon_helpers.c + ) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON src_crypto_oberon ${drivers_path} oberon_ctr_drbg.c) - append_with_prefix_ifdef(CONFIG_PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON src_crypto_oberon ${drivers_path} oberon_hmac_drbg.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_KEY_PAIR_DRIVER src_crypto_oberon ${drivers_path} oberon_key_pair.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_AEAD_DRIVER src_crypto_oberon ${drivers_path} oberon_aead.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_KDF_DRIVER src_crypto_oberon ${drivers_path} oberon_kdf.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_MAC_DRIVER src_crypto_oberon ${drivers_path} oberon_mac.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_CIPHER_DRIVER src_crypto_oberon ${drivers_path} oberon_cipher.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_RSA_DRIVER src_crypto_oberon ${drivers_path} oberon_rsa.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_HASH_DRIVER src_crypto_oberon ${drivers_path} oberon_hash.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_ECDSA_DRIVER src_crypto_oberon ${drivers_path} oberon_ecdsa.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_ECDH_DRIVER src_crypto_oberon ${drivers_path} oberon_ecdh.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_JPAKE_DRIVER src_crypto_oberon ${drivers_path} oberon_jpake.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_SPAKE2P_DRIVER src_crypto_oberon ${drivers_path} oberon_spake2p.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_SRP_DRIVER src_crypto_oberon ${drivers_path} oberon_srp.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_CTR_DRBG_DRIVER src_crypto_oberon ${drivers_path} oberon_ctr_drbg.c) + append_with_prefix_ifdef(CONFIG_PSA_NEED_OBERON_HMAC_DRBG_DRIVER src_crypto_oberon ${drivers_path} oberon_hmac_drbg.c) target_sources(${mbedcrypto_target} PRIVATE ${src_crypto_oberon}) endif() diff --git a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig index d4d93746d16e..13be3aefbfbf 100644 --- a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig +++ b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig @@ -1,356 +1,674 @@ # -# Copyright (c) 2021-2022 Nordic Semiconductor +# Copyright (c) 2023 Nordic Semiconductor # # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # -menuconfig PSA_CRYPTO_DRIVER_OBERON +# This invisible menu helps hiding these not user selectable options +# from menuconfig even when show-all mode is enabled +menu "PSA NEED Oberon - invisible" +visible if 0 + +if PSA_CRYPTO_DRIVER_OBERON + +# Oberon AEAD driver + +config PSA_NEED_OBERON_AES_CCM bool - prompt "PSA Oberon Driver" if !PSA_PROMPTLESS default y - select NRF_OBERON - help - Enable PSA Driver for nrf_oberon + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_CCM + depends on PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CCM || \ + PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CCM || \ + PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CCM -if PSA_CRYPTO_DRIVER_OBERON +config PSA_NEED_OBERON_AES_GCM + bool + default y + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_GCM + depends on PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_GCM || \ + PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_GCM || \ + PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_GCM -# PSA_CRYPTO_DRIVER_ALG_CBC_MAC_OBERON - Currently not supported +config PSA_NEED_OBERON_CHACHA20_POLY1305 + bool + default y + depends on PSA_WANT_ALG_CHACHA20_POLY1305 && !PSA_ACCEL_CHACHA20_POLY1305 -config PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON +config PSA_NEED_OBERON_AEAD_DRIVER bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_CTR_OBERON + depends on PSA_NEED_OBERON_AES_CCM ||PSA_NEED_OBERON_AES_GCM || PSA_NEED_OBERON_CHACHA20_POLY1305 + +# Oberon Cipher Driver -config PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON +config PSA_NEED_OBERON_AES_CTR bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CCM_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_GCM_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_CTR + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CTR) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CTR) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CTR) -config PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON +config PSA_NEED_OBERON_AES_CBC_NO_PADDING bool default y - depends on PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_CBC_NO_PADDING + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CBC_NO_PADDING) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CBC_NO_PADDING) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CBC_NO_PADDING) -config PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON +config PSA_NEED_OBERON_AES_CBC_PKCS7 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_CBC_PKCS7 + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CBC_PKCS7) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CBC_PKCS7) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CBC_PKCS7) -config PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON +config PSA_NEED_OBERON_AES_ECB_NO_PADDING bool default y - depends on PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_ECB_NO_PADDING + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_ECB_NO_PADDING) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_ECB_NO_PADDING) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_ECB_NO_PADDING) -config PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON +config PSA_NEED_OBERON_AES_CCM_STAR_NO_TAG bool default y - depends on PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON + depends on PSA_WANT_KEY_TYPE_AES + depends on PSA_WANT_ALG_CCM_STAR_NO_TAG + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CCM_STAR_NO_TAG) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CCM_STAR_NO_TAG) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CCM_STAR_NO_TAG) -config PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON +config PSA_NEED_OBERON_CHACHA20 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON + depends on PSA_WANT_KEY_TYPE_CHACHA20 + depends on PSA_WANT_ALG_STREAM_CIPHER + depends on !PSA_ACCEL_CHACHA20 -config PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_OBERON +config PSA_NEED_OBERON_CIPHER_DRIVER bool default y - depends on PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON + depends on PSA_NEED_OBERON_AES_CTR || \ + PSA_NEED_OBERON_AES_CBC_PKCS7 || \ + PSA_NEED_OBERON_AES_CBC_NO_PADDING || \ + PSA_NEED_OBERON_AES_ECB_NO_PADDING || \ + PSA_NEED_OBERON_AES_CCM_STAR_NO_TAG || \ + PSA_NEED_OBERON_CHACHA20 -config PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON +# Oberon ECDH driver + +config PSA_NEED_OBERON_ECDH_P224 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_224 && !PSA_ACCEL_ECDH_P224 -config PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON +config PSA_NEED_OBERON_ECDH_P256 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON || \ - PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_256 && !PSA_ACCEL_ECDH_P256 -config PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON +config PSA_NEED_OBERON_ECDH_P384 bool default y - depends on PSA_CRYPTO_DRIVER_HAS_RSA_CRYPT_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_SECP_R1_384 && !PSA_ACCEL_ECDH_P384 -config PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON +config PSA_NEED_OBERON_ECDH_X25519 bool default y - depends on PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON || \ - PSA_CRYPTO_DRIVER_HAS_ECC_SUPPORT_OBERON + depends on PSA_WANT_ALG_ECDH + depends on PSA_WANT_ECC_MONTGOMERY_255 && !PSA_ACCEL_ECDH_X25519 -config PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON +config PSA_NEED_OBERON_ECDH_DRIVER bool default y - depends on !PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM - depends on !BUILD_WITH_TFM - depends on PSA_WANT_GENERATE_RANDOM + depends on PSA_NEED_OBERON_ECDH_P224 || \ + PSA_NEED_OBERON_ECDH_P256 || \ + PSA_NEED_OBERON_ECDH_P384 || \ + PSA_NEED_OBERON_ECDH_X25519 + +# Oberon ECDSA driver -config PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON +config PSA_NEED_OBERON_ECDSA_P224 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON && \ - PSA_WANT_ALG_CTR_DRBG - select PSA_WANT_ALG_ECB_NO_PADDING + depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA + depends on PSA_WANT_ECC_SECP_R1_224 + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_P224_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_P224_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_P224_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_P224_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_P224_SHA512) +config PSA_NEED_OBERON_ECDSA_P256 + bool + default y + depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA + depends on PSA_WANT_ECC_SECP_R1_256 + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_P256_SHA1 ) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_P256_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_P256_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_P256_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_P256_SHA512) -config PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON +config PSA_NEED_OBERON_ECDSA_P384 bool default y - depends on PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON && \ - PSA_WANT_ALG_HMAC_DRBG + depends on PSA_WANT_ALG_ECDSA || PSA_WANT_ALG_DETERMINISTIC_ECDSA + depends on PSA_WANT_ECC_SECP_R1_384 + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECDSA_P384_SHA1 ) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECDSA_P384_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECDSA_P384_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECDSA_P384_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECDSA_P384_SHA512) -config PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_OBERON +config PSA_NEED_OBERON_ECDSA_ED25519 bool - prompt "PSA CBC support (without padding) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_CBC_NO_PADDING && \ - !PSA_CRYPTO_DRIVER_ALG_CBC_NO_PADDING_CC3XX + default y + depends on PSA_WANT_ALG_PURE_EDDSA && !PSA_ACCEL_ECDSA_ED25519 + depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 -config PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_OBERON +config PSA_NEED_OBERON_ECDSA_DRIVER bool - prompt "PSA CBC support (with PKCS#7 padding) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_CBC_PKCS7 && \ - !PSA_CRYPTO_DRIVER_ALG_CBC_PKCS7_CC3XX + default y + depends on PSA_NEED_OBERON_ECDSA_P224 || \ + PSA_NEED_OBERON_ECDSA_P256 || \ + PSA_NEED_OBERON_ECDSA_P384 || \ + PSA_NEED_OBERON_ECDSA_ED25519 -config PSA_CRYPTO_DRIVER_ALG_CCM_OBERON +config PSA_NEED_OBERON_DETERMINISTIC_ECDSA bool - prompt "PSA AES CCM support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_CCM && \ - !PSA_CRYPTO_DRIVER_ALG_CCM_CC3XX + default y + depends on PSA_NEED_OBERON_ECDSA_DRIVER + depends on PSA_WANT_ALG_DETERMINISTIC_ECDSA -config PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON +config PSA_NEED_OBERON_RANDOMIZED_ECDSA bool - prompt "PSA ChaCha20/Poly1305 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_CHACHA20_POLY1305 && \ - !PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX + default y + depends on PSA_NEED_OBERON_ECDSA_DRIVER + depends on PSA_WANT_ALG_ECDSA -config PSA_CRYPTO_DRIVER_ALG_CMAC_OBERON +# Oberon Hash Driver + +config PSA_NEED_OBERON_SHA_1 bool - prompt "PSA AES CMAC support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_CMAC + default y + depends on PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SHA1 -config PSA_CRYPTO_DRIVER_ALG_CTR_OBERON +config PSA_NEED_OBERON_SHA_224 bool - prompt "PSA AES CTR mode support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_CTR && \ - !PSA_CRYPTO_DRIVER_ALG_CTR_CC3XX + default y + depends on PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SHA224 -config PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_OBERON +config PSA_NEED_OBERON_SHA_256 bool - prompt "PSA ECDSA support (deterministic mode) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_DETERMINISTIC_ECDSA && \ - !PSA_CRYPTO_DRIVER_ALG_DETERMINISTIC_ECDSA_CC3XX + default y + depends on PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SHA256 -config PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_OBERON +config PSA_NEED_OBERON_SHA_384 bool - prompt "PSA AES ECB (no padding) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_ECB_NO_PADDING && \ - !PSA_CRYPTO_DRIVER_ALG_ECB_NO_PADDING_CC3XX + default y + depends on PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SHA384 -config PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON +config PSA_NEED_OBERON_SHA_512 bool - prompt "PSA ECDH support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_ECDH && \ - !PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX + default y + depends on PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SHA512 -config PSA_CRYPTO_DRIVER_ALG_ECDSA_OBERON +config PSA_NEED_OBERON_HASH_DRIVER bool - prompt "PSA ECDSA support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_ECDSA && \ - !PSA_CRYPTO_DRIVER_ALG_ECDSA_CC3XX + default y + depends on PSA_NEED_OBERON_SHA_1 || \ + PSA_NEED_OBERON_SHA_224 || \ + PSA_NEED_OBERON_SHA_256 || \ + PSA_NEED_OBERON_SHA_384 || \ + PSA_NEED_OBERON_SHA_512 -config PSA_CRYPTO_DRIVER_ALG_GCM_OBERON +# Oberon Key Pair Driver + +config PSA_NEED_OBERON_KEY_PAIR_P224 bool - prompt "PSA AES GCM support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_GCM && \ - !PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX + default y + depends on PSA_WANT_ECC_SECP_R1_224 && !PSA_ACCEL_KEY_PAIR_P224 -config PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON +config PSA_NEED_OBERON_KEY_PAIR_P256 bool - prompt "PSA HKDF support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_HKDF + default y + depends on PSA_WANT_ECC_SECP_R1_256 && !PSA_ACCEL_KEY_PAIR_P256 -config PSA_CRYPTO_DRIVER_ALG_PBKDF2_HMAC_OBERON +config PSA_NEED_OBERON_KEY_PAIR_P384 bool - prompt "PSA PBKDF2-HMAC support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_PBKDF2_HMAC + default y + depends on PSA_WANT_ECC_SECP_R1_384 && !PSA_ACCEL_KEY_PAIR_P384 -config PSA_CRYPTO_DRIVER_ALG_PBKDF2_AES_CMAC_PRF_128_OBERON +config PSA_NEED_OBERON_KEY_PAIR_SECP bool - prompt "PSA PBKDF2-AES-CMAC-PRF-128 - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + default y + depends on PSA_NEED_OBERON_KEY_PAIR_P224 || \ + PSA_NEED_OBERON_KEY_PAIR_P256 || \ + PSA_NEED_OBERON_KEY_PAIR_P384 -config PSA_CRYPTO_DRIVER_ALG_HMAC_OBERON +config PSA_NEED_OBERON_KEY_PAIR_X25519 bool - prompt "PSA HMAC support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_HMAC + default y + depends on PSA_WANT_ECC_MONTGOMERY_255 && !PSA_ACCEL_KEY_PAIR_X25519 -config PSA_CRYPTO_DRIVER_ALG_RSA_OAEP_OBERON +config PSA_NEED_OBERON_KEY_PAIR_ED25519 bool - prompt "PSA RSA OAEP support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_RSA_OAEP + default y + depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 && !PSA_ACCEL_KEY_PAIR_ED25519 -config PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_CRYPT_OBERON +config PSA_NEED_OBERON_KEY_PAIR_25519 bool - prompt "PSA RSA crypt support (PKCS#1 v1.5 mode) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + default y + depends on PSA_NEED_OBERON_KEY_PAIR_X25519 || PSA_NEED_OBERON_KEY_PAIR_ED25519 -config PSA_CRYPTO_DRIVER_ALG_RSA_PKCS1V15_SIGN_OBERON + +config PSA_NEED_OBERON_KEY_PAIR_DRIVER bool - prompt "PSA RSA signature support (PKCS#1 v1.5 mode) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_RSA_PKCS1V15_SIGN + default y + depends on PSA_NEED_OBERON_KEY_PAIR_SECP || PSA_NEED_OBERON_KEY_PAIR_25519 + +# Oberon MAC Driver -config PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON +config PSA_NEED_OBERON_HMAC bool - prompt "PSA RSA (PSS mode) - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF - depends on PSA_WANT_ALG_RSA_PSS + default y + depends on PSA_WANT_ALG_HMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_HMAC_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_HMAC_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_HMAC_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_HMAC_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_HMAC_SHA512) -config PSA_CRYPTO_DRIVER_ALG_SHA_1_OBERON +config PSA_NEED_OBERON_CMAC bool - prompt "PSA SHA1 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SHA_1 && \ - !PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX + default y + depends on PSA_WANT_ALG_CMAC + depends on (PSA_WANT_AES_KEY_SIZE_128 && !PSA_ACCEL_AES128_CMAC) || \ + (PSA_WANT_AES_KEY_SIZE_192 && !PSA_ACCEL_AES192_CMAC) || \ + (PSA_WANT_AES_KEY_SIZE_256 && !PSA_ACCEL_AES256_CMAC) -config PSA_CRYPTO_DRIVER_ALG_SHA_224_OBERON +config PSA_NEED_OBERON_MAC_DRIVER bool - prompt "PSA SHA-224 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SHA_224 && \ - !PSA_CRYPTO_DRIVER_ALG_SHA_224_CC3XX + default y + depends on PSA_NEED_OBERON_CMAC || PSA_NEED_OBERON_HMAC + +# Oberon KDF Driver -config PSA_CRYPTO_DRIVER_ALG_SHA_256_OBERON +config PSA_NEED_OBERON_HKDF bool - prompt "PSA SHA-256 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SHA_256 && \ - !PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX + default y + depends on PSA_WANT_ALG_HKDF + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_HKDF_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_HKDF_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_HKDF_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_HKDF_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_HKDF_SHA512) -config PSA_CRYPTO_DRIVER_ALG_SHA_384_OBERON +config PSA_NEED_OBERON_HKDF_EXTRACT bool - prompt "PSA SHA-384 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SHA_384 + default y + depends on PSA_WANT_ALG_HKDF_EXTRACT + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_HKDF_EXTRACT_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_HKDF_EXTRACT_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_HKDF_EXTRACT_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_HKDF_EXTRACT_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_HKDF_EXTRACT_SHA512) -config PSA_CRYPTO_DRIVER_ALG_SHA_512_OBERON +config PSA_NEED_OBERON_HKDF_EXPAND bool - prompt "PSA SHA-512 support - oberon" if !PSA_PROMPTLESS - default y if PSA_WANT_ALG_SHA_512 + default y + depends on PSA_WANT_ALG_HKDF_EXPAND + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_HKDF_EXPAND_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_HKDF_EXPAND_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_HKDF_EXPAND_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_HKDF_EXPAND_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_HKDF_EXPAND_SHA512) -config PSA_CRYPTO_DRIVER_ALG_TLS12_PRF_OBERON +config PSA_NEED_OBERON_TLS12_PRF bool - prompt "PSA TLS 1.2 PRF support - oberon" if !PSA_PROMPTLESS + default y depends on PSA_WANT_ALG_TLS12_PRF - default y if !PSA_DEFAULT_OFF + depends on (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_TLS12_PRF_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_TLS12_PRF_SHA384) -config PSA_CRYPTO_DRIVER_ALG_TLS12_PSK_TO_MS_OBERON +config PSA_NEED_OBERON_TLS12_PSK_TO_MS bool - prompt "PSA TLS 1.2 PSK to MS support - oberon" if !PSA_PROMPTLESS + default y depends on PSA_WANT_ALG_TLS12_PSK_TO_MS - default y if !PSA_DEFAULT_OFF + depends on (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_TLS12_PSK_TO_MS_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_TLS12_PSK_TO_MS_SHA384) + +config PSA_NEED_OBERON_PBKDF2_HMAC + bool + default y + depends on PSA_WANT_ALG_PBKDF2_HMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_PBKDF2_HMAC_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_PBKDF2_HMAC_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_PBKDF2_HMAC_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_PBKDF2_HMAC_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_PBKDF2_HMAC_SHA512) + +config PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 + bool + default y + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_PBKDF2_HMAC_SHA1) || \ + (PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 && !PSA_ACCEL_AES_CMAC_PRF_128) + +config PSA_NEED_OBERON_ECJPAKE_TO_PMS + bool + default y + depends on PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS && !PSA_ACCEL_ECJPAKE_TO_PMS + +config PSA_NEED_OBERON_KDF_DRIVER + bool + default y + depends on PSA_NEED_OBERON_HKDF || \ + PSA_NEED_OBERON_HKDF_EXTRACT || \ + PSA_NEED_OBERON_HKDF_EXPAND || \ + PSA_NEED_OBERON_TLS12_PRF || \ + PSA_NEED_OBERON_TLS12_PSK_TO_MS || \ + PSA_NEED_OBERON_PBKDF2_HMAC || \ + PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 || \ + PSA_NEED_OBERON_ECJPAKE_TO_PMS + + +# Oberon PAKE Driver + +config PSA_NEED_OBERON_ECJPAKE_P256 + bool + default y + depends on PSA_WANT_ALG_JPAKE + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_ECJPAKE_P256_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_ECJPAKE_P256_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_ECJPAKE_P256_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_ECJPAKE_P256_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_ECJPAKE_P256_SHA512) -config PSA_CRYPTO_DRIVER_ALG_TLS12_ECJPAKE_TO_PMS_OBERON +config PSA_NEED_OBERON_JPAKE_DRIVER bool - prompt "PSA TLS 1.2 EC J-PAKE to PMS support - oberon" if !PSA_PROMPTLESS - depends on PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - depends on PSA_CORE_OBERON - select EXPERIMENTAL - default y if !PSA_DEFAULT_OFF + default y + depends on PSA_NEED_OBERON_ECJPAKE_P256 + + +config PSA_NEED_OBERON_SPAKE2P_P256 + bool + default y + depends on PSA_WANT_ALG_JPAKE + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_P256_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_P256_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_P256_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_P256_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_P256_SHA512) + +config PSA_NEED_OBERON_SPAKE2P_DRIVER + bool + default y + depends on PSA_NEED_OBERON_SPAKE2P_P256 + + +config PSA_NEED_OBERON_SRP_6_3072 + bool + default y + depends on PSA_WANT_ALG_SRP_6 + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SRP_6_3072_SHA1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SRP_6_3072_SHA224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SRP_6_3072_SHA256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SRP_6_3072_SHA384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SRP_6_3072_SHA512) + +config PSA_NEED_OBERON_SRP_DRIVER + bool + default y + depends on PSA_NEED_OBERON_SRP_6_3072 -config PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON +# Oberon RSA Driver + +config PSA_NEED_OBERON_RSA_KEY_SIZE_1024 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_1024 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA1024_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1024_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1024_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1024_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1024_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1024_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1024_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1024_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1024_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1024_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1024_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1024_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1024_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1024_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1024_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1024_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_1536 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_1536 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA1536_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1536_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1536_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1536_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1536_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1536_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1536_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1536_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1536_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1536_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1536_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA1536_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA1536_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA1536_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA1536_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA1536_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_2048 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_2048 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA2048_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA2048_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA2048_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA2048_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA2048_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA2048_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA2048_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA2048_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA2048_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA2048_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA2048_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA2048_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA2048_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA2048_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA2048_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA2048_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_3072 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_3072 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA3072_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA3072_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA3072_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA3072_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA3072_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA3072_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA3072_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA3072_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA3072_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA3072_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA3072_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA3072_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA3072_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA3072_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA3072_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA3072_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_4096 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_4096 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA4096_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA4096_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA4096_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA4096_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA4096_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA4096_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA4096_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA4096_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA4096_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA4096_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA4096_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA4096_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA4096_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA4096_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA4096_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA4096_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_6144 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_6144 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA6144_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA6144_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA6144_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA6144_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA6144_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA6144_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA6144_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA6144_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA6144_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA6144_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA6144_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA6144_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA6144_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA6144_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA6144_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA6144_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_RSA_KEY_SIZE_8192 + bool + default y + depends on PSA_WANT_RSA_KEY_SIZE_8192 + depends on (PSA_WANT_ALG_RSA_PKCS1V15_CRYPT && !PSA_ACCEL_RSA8192_PKCS1V15_CRYPT) || \ + (PSA_WANT_ALG_RSA_OAEP && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA8192_SHA1_OAEP) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA8192_SHA224_OAEP) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA8192_SHA256_OAEP) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA8192_SHA384_OAEP) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA8192_SHA512_OAEP))) || \ + (PSA_WANT_ALG_RSA_PSS && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA8192_SHA1_PSS) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA8192_SHA224_PSS) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA8192_SHA256_PSS) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA8192_SHA384_PSS) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA8192_SHA512_PSS))) || \ + (PSA_WANT_ALG_RSA_PKCS1V15_SIGN && ( \ + (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_RSA8192_SHA1_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_RSA8192_SHA224_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_RSA8192_SHA256_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_RSA8192_SHA384_PKCS1V15_SIGN) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_RSA8192_SHA512_PKCS1V15_SIGN))) + +config PSA_NEED_OBERON_ANY_RSA_KEY_SIZE bool - prompt "PSA stream cipher support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_STREAM_CIPHER && \ - !PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX + default y + depends on PSA_NEED_OBERON_RSA_KEY_SIZE_1024 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_1536 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_2048 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_3072 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_4096 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_6144 || \ + PSA_NEED_OBERON_RSA_KEY_SIZE_8192 -config PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_OBERON +config PSA_NEED_OBERON_RSA_PSS bool - prompt "PSA ECC Curve25519 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_MONTGOMERY_255 && \ - !PSA_CRYPTO_DRIVER_ECC_MONTGOMERY_255_CC3XX + default y + depends on PSA_WANT_ALG_RSA_PSS + depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_OBERON +config PSA_NEED_OBERON_RSA_PKCS1V15_SIGN bool - prompt "PSA ECC secp224r1 - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_224 && \ - !PSA_CRYPTO_DRIVER_ECC_SECP_R1_224_CC3XX + default y + depends on PSA_WANT_ALG_RSA_PKCS1V15_SIGN + depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_OBERON +config PSA_NEED_OBERON_RSA_SIGN bool - prompt "PSA ECC secp256r1 - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_256 && \ - !PSA_CRYPTO_DRIVER_ECC_SECP_R1_256_CC3XX + default y + depends on PSA_NEED_OBERON_RSA_PSS || PSA_NEED_OBERON_RSA_PKCS1V15_SIGN -config PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_OBERON +config PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT bool - prompt "PSA ECC secp384r1 - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_SECP_R1_384 && \ - !PSA_CRYPTO_DRIVER_ECC_SECP_R1_384_CC3XX + default y + depends on PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE -config PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON +config PSA_NEED_OBERON_RSA_OAEP bool - prompt "PSA ECC Curve Ed25519 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ECC_TWISTED_EDWARDS_255 + default y + depends on PSA_WANT_ALG_RSA_OAEP + depends on PSA_NEED_OBERON_ANY_RSA_KEY_SIZE -config PSA_CRYPTO_DRIVER_RSA_KEY_SIZE_1024_OBERON +config PSA_NEED_OBERON_RSA_CRYPT bool default y - depends on TFM_PSA_TEST_CRYPTO || \ - TFM_REGRESSION_S || \ - TFM_REGRESSION_NS - help - Prompt-less configuration to allow RSA key size 1024 bits for testing - RSA with 1024 bit keys is not recommended for new designs. - Please see https://www.keylength.com/ + depends on PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT || PSA_NEED_OBERON_RSA_OAEP -config PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +config PSA_NEED_OBERON_RSA_DRIVER bool - prompt "PSA J-PAKE support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_JPAKE - select EXPERIMENTAL - depends on PSA_CORE_OBERON + default y + depends on PSA_NEED_OBERON_RSA_CRYPT || PSA_NEED_OBERON_RSA_SIGN + +# Oberon Random Driver -config PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +config PSA_NEED_OBERON_CTR_DRBG_DRIVER bool - prompt "PSA SPAKE2+ support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SPAKE2P - select EXPERIMENTAL - depends on PSA_CORE_OBERON + default y + depends on PSA_ACCEL_ENTROPY + depends on PSA_USE_CTR_DRBG_DRIVER && !PSA_ACCEL_RANDOM + select PSA_WANT_ALG_ECB_NO_PADDING -config PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +config PSA_NEED_OBERON_HMAC_DRBG_DRIVER bool - prompt "PSA SRP-6 support - oberon" if !PSA_PROMPTLESS - default y if !PSA_DEFAULT_OFF && PSA_WANT_ALG_SRP_6 - select EXPERIMENTAL - depends on PSA_CORE_OBERON + default y + depends on PSA_ACCEL_ENTROPY + depends on PSA_USE_HMAC_DRBG_DRIVER && !PSA_ACCEL_RANDOM -endif +endif # PSA_CRYPTO_DRIVER_OBERON +endmenu diff --git a/subsys/nrf_security/src/drivers/zephyr/CMakeLists.txt b/subsys/nrf_security/src/drivers/zephyr/CMakeLists.txt index 5f2e862755e8..fb3864ee2ea1 100644 --- a/subsys/nrf_security/src/drivers/zephyr/CMakeLists.txt +++ b/subsys/nrf_security/src/drivers/zephyr/CMakeLists.txt @@ -4,7 +4,7 @@ # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # -if (PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR) +if (PSA_NEED_ZEPHYR_ENTROPY_DRIVER) # Add nrf_cc3xx_platform includes for mbedcrypto target_include_directories(${mbedcrypto_target} INTERFACE diff --git a/subsys/nrf_security/src/drivers/zephyr/Kconfig b/subsys/nrf_security/src/drivers/zephyr/Kconfig index 689333e693b0..4a16a8b402d6 100644 --- a/subsys/nrf_security/src/drivers/zephyr/Kconfig +++ b/subsys/nrf_security/src/drivers/zephyr/Kconfig @@ -4,8 +4,9 @@ # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # -config PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR +config PSA_NEED_ZEPHYR_ENTROPY_DRIVER bool default y - depends on !PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM - depends on PSA_WANT_GENERATE_RANDOM + select PSA_ACCEL_ENTROPY + depends on (!PSA_USE_CC3XX_CTR_DRBG_DRIVER && !PSA_USE_CC3XX_HMAC_DRBG_DRIVER) && \ + (PSA_USE_CTR_DRBG_DRIVER || PSA_USE_HMAC_DRBG_DRIVER) diff --git a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c index 4775b08c6c3c..db50bb17ff14 100644 --- a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c +++ b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c @@ -21,20 +21,30 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) -#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) || \ + defined(PSA_NEED_CC3XX_ASYMMETRIC_DRIVER) || \ + defined(PSA_NEED_CC3XX_CIPHER_DRIVER) || \ + defined(PSA_NEED_CC3XX_ECDH_DRIVER) || \ + defined(PSA_NEED_CC3XX_ENTROPY_DRIVER) || \ + defined(PSA_NEED_CC3XX_HASH_DRIVER) || \ + defined(PSA_NEED_CC3XX_KEY_PAIR_DRIVER) || \ + defined(PSA_NEED_CC3XX_MAC_DRIVER) || \ + defined(PSA_NEED_CC3XX_SIGNATURE_DRIVER) + #ifndef PSA_CRYPTO_DRIVER_PRESENT #define PSA_CRYPTO_DRIVER_PRESENT #endif #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif + #include "cc3xx.h" -#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM) +#if defined(PSA_NEED_CC3XX_CTR_DRBG_DRIVER) #include "nrf_cc3xx_platform_ctr_drbg.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM) +#if defined(PSA_NEED_CC3XX_HMAC_DRBG_DRIVER) #include "nrf_cc3xx_platform_hmac_drbg.h" #endif @@ -47,46 +57,47 @@ #endif #endif /* PSA_CRYPTO_DRIVER_OBERON */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_AEAD_DRIVER #include "oberon_aead.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_CIPHER_DRIVER #include "oberon_cipher.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_ECDSA_DRIVER #include "oberon_ecdsa.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON) +#ifdef PSA_NEED_OBERON_ECDH_DRIVER #include "oberon_ecdh.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_HASH_DRIVER #include "oberon_hash.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON) +#ifdef PSA_NEED_OBERON_KEY_PAIR_DRIVER #include "oberon_key_pair.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_MAC_DRIVER #include "oberon_mac.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#ifdef PSA_NEED_OBERON_KDF_DRIVER #include "oberon_kdf.h" #endif -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON) -#include "oberon_rsa.h" -#endif -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) + +#ifdef PSA_NEED_OBERON_CTR_DRBG_DRIVER #include "oberon_ctr_drbg.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) +#ifdef PSA_NEED_OBERON_HMAC_DRBG_DRIVER #include "oberon_hmac_drbg.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON) +#ifdef PSA_NEED_OBERON_RSA_DRIVER +#include "oberon_rsa.h" +#endif +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER #include "oberon_jpake.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON) +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER #include "oberon_spake2p.h" #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_SRP_OBERON) +#ifdef PSA_NEED_OBERON_SRP_DRIVER #include "oberon_srp.h" #endif @@ -102,7 +113,7 @@ #include "tfm_builtin_key_loader.h" #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ -#if defined(PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR) +#if defined(PSA_NEED_ZEPHYR_ENTROPY_DRIVER) #include "zephyr_entropy.h" #endif @@ -115,16 +126,13 @@ * ID 5 is defined by a vanilla TF-M patch file. */ -#if defined(PSA_CRYPTO_DRIVER_CC3XX) #define PSA_CRYPTO_CC3XX_DRIVER_ID (4) -#endif /* PSA_CRYPTO_DRIVER_CC3XX */ + #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) #define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5) #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ -#if defined(PSA_CRYPTO_DRIVER_OBERON) #define PSA_CRYPTO_OBERON_DRIVER_ID (28) -#endif /* PSA_CRYPTO_DRIVER_OBERON */ /* PAKE driver ids */ #define OBERON_JPAKE_DRIVER_ID 1 @@ -169,7 +177,7 @@ psa_status_t psa_driver_wrapper_sign_message(const psa_key_attributes_t *attribu * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_SIGNATURE_DRIVER) status = cc3xx_sign_message(attributes, key_buffer, key_buffer_size, alg, input, input_length, signature, signature_size, signature_length); @@ -177,8 +185,8 @@ psa_status_t psa_driver_wrapper_sign_message(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_SIGNATURE_DRIVER */ +#if defined(PSA_NEED_OBERON_ECDSA_DRIVER) status = oberon_sign_message(attributes, key_buffer, key_buffer_size, alg, input, input_length, signature, signature_size, signature_length); @@ -186,7 +194,7 @@ psa_status_t psa_driver_wrapper_sign_message(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_ECDSA_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ break; default: @@ -220,22 +228,22 @@ psa_status_t psa_driver_wrapper_verify_message(const psa_key_attributes_t *attri * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_SIGNATURE_DRIVER) status = cc3xx_verify_message(attributes, key_buffer, key_buffer_size, alg, input, input_length, signature, signature_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_SIGNATURE_DRIVER */ +#if defined(PSA_NEED_OBERON_ECDSA_DRIVER) status = oberon_verify_message(attributes, key_buffer, key_buffer_size, alg, input, input_length, signature, signature_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_ECDSA_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ break; #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -271,22 +279,22 @@ psa_status_t psa_driver_wrapper_sign_hash(const psa_key_attributes_t *attributes * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_SIGNATURE_DRIVER) status = cc3xx_sign_hash(attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_SIGNATURE_DRIVER */ +#if defined(PSA_NEED_OBERON_ECDSA_DRIVER) status = oberon_sign_hash(attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_RSA_SIGN) status = oberon_rsa_sign_hash(attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length); @@ -294,8 +302,8 @@ psa_status_t psa_driver_wrapper_sign_hash(const psa_key_attributes_t *attributes if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON */ -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_SIGN */ +#endif /* PSA_NEED_OBERON_ECDSA_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning nothing supports this operation */ (void)attributes; @@ -336,7 +344,7 @@ psa_status_t psa_driver_wrapper_verify_hash(const psa_key_attributes_t *attribut * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_SIGNATURE_DRIVER) /* Do not call the cc3xx_verify_hash for RSA keys since it still in early * development */ @@ -346,8 +354,8 @@ psa_status_t psa_driver_wrapper_verify_hash(const psa_key_attributes_t *attribut if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_SIGNATURE_DRIVER */ +#if defined(PSA_NEED_OBERON_ECDSA_DRIVER) status = oberon_verify_hash(attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length); @@ -355,14 +363,14 @@ psa_status_t psa_driver_wrapper_verify_hash(const psa_key_attributes_t *attribut if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_RSA_SIGN) status = oberon_rsa_verify_hash(attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_RSA_SIGN_SUPPORT_OBERON */ -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_SIGN_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_SIGN */ +#endif /* PSA_NEED_OBERON_ECDSA_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning nothing supports this operation */ (void)attributes; @@ -463,22 +471,22 @@ psa_status_t psa_driver_wrapper_generate_key(const psa_key_attributes_t *attribu /* Transparent drivers are limited to generating asymmetric keys */ if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type)) { /* Cycle through all known transparent accelerators */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX) +#if defined(PSA_NEED_CC3XX_KEY_PAIR_DRIVER) status = cc3xx_generate_key(attributes, key_buffer, key_buffer_size, key_buffer_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { break; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON) +#endif /* PSA_NEED_CC3XX_KEY_PAIR_DRIVER */ +#if defined(PSA_NEED_OBERON_KEY_PAIR_DRIVER) status = oberon_generate_key(attributes, key_buffer, key_buffer_size, key_buffer_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { break; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON */ +#endif /* PSA_NEED_OBERON_KEY_PAIR_DRIVER */ } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -514,29 +522,29 @@ psa_status_t psa_driver_wrapper_import_key(const psa_key_attributes_t *attribute * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX) +#if defined(PSA_NEED_CC3XX_KEY_PAIR_DRIVER) status = cc3xx_import_key(attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON) +#endif /* PSA_NEED_CC3XX_KEY_PAIR_DRIVER */ +#if defined(PSA_NEED_OBERON_KEY_PAIR_DRIVER) status = oberon_import_key(attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_RSA_DRIVER) status = oberon_import_rsa_key(attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON*/ -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_DRIVER*/ +#endif /* PSA_NEED_OBERON_KEY_PAIR_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* * Fall through, meaning no accelerator supports this operation. @@ -592,29 +600,29 @@ psa_status_t psa_driver_wrapper_export_public_key(const psa_key_attributes_t *at * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX) +#if defined(PSA_NEED_CC3XX_KEY_PAIR_DRIVER) status = cc3xx_export_public_key(attributes, key_buffer, key_buffer_size, data, data_size, data_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON) +#endif /* PSA_NEED_CC3XX_KEY_PAIR_DRIVER */ +#if defined(PSA_NEED_OBERON_KEY_PAIR_DRIVER) status = oberon_export_public_key(attributes, key_buffer, key_buffer_size, data, data_size, data_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#if defined(PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_RSA_DRIVER) status = oberon_export_rsa_public_key(attributes, key_buffer, key_buffer_size, data, data_size, data_length); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_RSA_SUPPORT_OBERON*/ -#endif /* PSA_CRYPTO_DRIVER_HAS_ACCEL_KEY_TYPES_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_DRIVER*/ +#endif /* PSA_NEED_OBERON_KEY_PAIR_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation. * The CryptoCell driver doesn't support export public keys when @@ -692,7 +700,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t *attri * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) status = cc3xx_cipher_encrypt(attributes, key_buffer, key_buffer_size, alg, iv, iv_length, input, input_length, output, output_size, output_length); @@ -701,8 +709,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t *attri if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) status = oberon_cipher_encrypt(attributes, key_buffer, key_buffer_size, alg, iv, iv_length, input, input_length, output, output_size, output_length); @@ -711,7 +719,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t *attri if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)attributes; (void)key_buffer; @@ -760,22 +768,22 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t *attri * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) status = cc3xx_cipher_decrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) status = oberon_cipher_decrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; default: @@ -810,7 +818,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t *ope * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) status = cc3xx_cipher_encrypt_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); /* Declared with fallback == true */ @@ -821,8 +829,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t *ope if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) status = oberon_cipher_encrypt_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); /* Declared with fallback == true */ @@ -833,7 +841,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t *ope if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; default: @@ -863,7 +871,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t *ope * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) status = cc3xx_cipher_decrypt_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); /* Declared with fallback == true */ @@ -874,8 +882,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t *ope if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) status = oberon_cipher_decrypt_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); /* Declared with fallback == true */ @@ -886,7 +894,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t *ope if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -906,14 +914,14 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t *operation, { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_cipher_set_iv(&operation->ctx.cc3xx_driver_ctx, iv, iv_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_cipher_set_iv(&operation->ctx.oberon_driver_ctx, iv, iv_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -930,16 +938,16 @@ psa_status_t psa_driver_wrapper_cipher_update(psa_cipher_operation_t *operation, { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_cipher_update(&operation->ctx.cc3xx_driver_ctx, input, input_length, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_cipher_update(&operation->ctx.oberon_driver_ctx, input, input_length, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -957,16 +965,16 @@ psa_status_t psa_driver_wrapper_cipher_finish(psa_cipher_operation_t *operation, { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_cipher_finish(&operation->ctx.cc3xx_driver_ctx, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX*/ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER*/ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_cipher_finish(&operation->ctx.oberon_driver_ctx, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -983,20 +991,20 @@ psa_status_t psa_driver_wrapper_cipher_abort(psa_cipher_operation_t *operation) switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_CIPHER_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: status = cc3xx_cipher_abort(&operation->ctx.cc3xx_driver_ctx); mbedtls_platform_zeroize(&operation->ctx.cc3xx_driver_ctx, sizeof(operation->ctx.cc3xx_driver_ctx)); return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_CIPHER_DRIVER */ +#if defined(PSA_NEED_OBERON_CIPHER_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: status = oberon_cipher_abort(&operation->ctx.oberon_driver_ctx); mbedtls_platform_zeroize(&operation->ctx.oberon_driver_ctx, sizeof(operation->ctx.oberon_driver_ctx)); return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_CIPHER_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_CIPHER_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return PSA_SUCCESS; @@ -1019,18 +1027,18 @@ psa_status_t psa_driver_wrapper_hash_compute(psa_algorithm_t alg, const uint8_t psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try accelerators first */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size, hash_length); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) status = oberon_hash_compute(alg, input, input_length, hash, hash_size, hash_length); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ (void)status; (void)alg; @@ -1054,7 +1062,7 @@ psa_status_t psa_driver_wrapper_hash_setup(psa_hash_operation_t *operation, psa_ #endif /* Try setup on accelerators first */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg); if (status == PSA_SUCCESS) { operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; @@ -1063,8 +1071,8 @@ psa_status_t psa_driver_wrapper_hash_setup(psa_hash_operation_t *operation, psa_ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) status = oberon_hash_setup(&operation->ctx.oberon_driver_ctx, alg); if (status == PSA_SUCCESS) { operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; @@ -1073,7 +1081,7 @@ psa_status_t psa_driver_wrapper_hash_setup(psa_hash_operation_t *operation, psa_ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ /* Nothing left to try if we fall through here */ (void)status; @@ -1086,18 +1094,18 @@ psa_status_t psa_driver_wrapper_hash_clone(const psa_hash_operation_t *source_op psa_hash_operation_t *target_operation) { switch (source_operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; return cc3xx_hash_clone(&source_operation->ctx.cc3xx_driver_ctx, &target_operation->ctx.cc3xx_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: target_operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; return oberon_hash_clone(&source_operation->ctx.oberon_driver_ctx, &target_operation->ctx.oberon_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ default: (void)target_operation; return PSA_ERROR_BAD_STATE; @@ -1108,14 +1116,14 @@ psa_status_t psa_driver_wrapper_hash_update(psa_hash_operation_t *operation, con size_t input_length) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_hash_update(&operation->ctx.cc3xx_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_hash_update(&operation->ctx.oberon_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ default: (void)input; (void)input_length; @@ -1127,16 +1135,16 @@ psa_status_t psa_driver_wrapper_hash_finish(psa_hash_operation_t *operation, uin size_t hash_size, size_t *hash_length) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_hash_finish(&operation->ctx.cc3xx_driver_ctx, hash, hash_size, hash_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_hash_finish(&operation->ctx.oberon_driver_ctx, hash, hash_size, hash_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ default: (void)hash; (void)hash_size; @@ -1148,14 +1156,14 @@ psa_status_t psa_driver_wrapper_hash_finish(psa_hash_operation_t *operation, uin psa_status_t psa_driver_wrapper_hash_abort(psa_hash_operation_t *operation) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_HASH_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_hash_abort(&operation->ctx.cc3xx_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_HASH_DRIVER */ +#if defined(PSA_NEED_OBERON_HASH_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_hash_abort(&operation->ctx.oberon_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_HASH_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_HASH_DRIVER */ default: return PSA_SUCCESS; } @@ -1182,7 +1190,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t *attribu * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) status = cc3xx_aead_encrypt(attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, @@ -1191,8 +1199,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) status = oberon_aead_encrypt(attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, @@ -1201,7 +1209,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)attributes; (void)key_buffer; @@ -1244,7 +1252,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t *attribu * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) status = cc3xx_aead_decrypt(attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, @@ -1253,8 +1261,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) status = oberon_aead_decrypt(attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, @@ -1263,7 +1271,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t *attribu if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)attributes; @@ -1305,7 +1313,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t *operati * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; status = cc3xx_aead_encrypt_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); @@ -1314,8 +1322,8 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t *operati if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; status = oberon_aead_encrypt_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); @@ -1324,7 +1332,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t *operati if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON*/ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER*/ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)operation; @@ -1357,7 +1365,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t *operati * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; status = cc3xx_aead_decrypt_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); @@ -1366,8 +1374,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t *operati if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; status = oberon_aead_decrypt_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); @@ -1376,7 +1384,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t *operati if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)operation; @@ -1397,15 +1405,15 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t *operation, { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_set_nonce(&operation->ctx.cc3xx_driver_ctx, nonce, nonce_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_set_nonce(&operation->ctx.oberon_driver_ctx, nonce, nonce_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1420,16 +1428,16 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t *operation { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_set_lengths(&operation->ctx.cc3xx_driver_ctx, ad_length, plaintext_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_set_lengths(&operation->ctx.oberon_driver_ctx, ad_length, plaintext_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1444,15 +1452,15 @@ psa_status_t psa_driver_wrapper_aead_update_ad(psa_aead_operation_t *operation, { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_update_ad(&operation->ctx.cc3xx_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_update_ad(&operation->ctx.oberon_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)input; @@ -1468,16 +1476,16 @@ psa_status_t psa_driver_wrapper_aead_update(psa_aead_operation_t *operation, con { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_update(&operation->ctx.cc3xx_driver_ctx, input, input_length, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_update(&operation->ctx.oberon_driver_ctx, input, input_length, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -1497,18 +1505,18 @@ psa_status_t psa_driver_wrapper_aead_finish(psa_aead_operation_t *operation, uin { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_finish(&operation->ctx.cc3xx_driver_ctx, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_finish(&operation->ctx.oberon_driver_ctx, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -1529,16 +1537,16 @@ psa_status_t psa_driver_wrapper_aead_verify(psa_aead_operation_t *operation, uin { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_verify(&operation->ctx.cc3xx_driver_ctx, plaintext, plaintext_size, plaintext_length, tag, tag_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_verify(&operation->ctx.oberon_driver_ctx, plaintext, plaintext_size, plaintext_length, tag, tag_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -1556,14 +1564,14 @@ psa_status_t psa_driver_wrapper_aead_abort(psa_aead_operation_t *operation) { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_AEAD_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_aead_abort(&operation->ctx.cc3xx_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_AEAD_DRIVER */ +#if defined(PSA_NEED_OBERON_AEAD_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_aead_abort(&operation->ctx.oberon_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_AEAD_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_AEAD_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return PSA_SUCCESS; @@ -1597,22 +1605,22 @@ psa_status_t psa_driver_wrapper_mac_compute(const psa_key_attributes_t *attribut * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) status = oberon_mac_compute(attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length); /* Declared with fallback == true */ if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -1655,7 +1663,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t *operation, * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) status = cc3xx_mac_sign_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); if (status == PSA_SUCCESS) { @@ -1664,8 +1672,8 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t *operation, if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) status = oberon_mac_sign_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); if (status == PSA_SUCCESS) { @@ -1674,7 +1682,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t *operation, if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; @@ -1713,7 +1721,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t *operation, * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) status = cc3xx_mac_verify_setup(&operation->ctx.cc3xx_driver_ctx, attributes, key_buffer, key_buffer_size, alg); if (status == PSA_SUCCESS) { @@ -1722,8 +1730,8 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t *operation, if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) status = oberon_mac_verify_setup(&operation->ctx.oberon_driver_ctx, attributes, key_buffer, key_buffer_size, alg); if (status == PSA_SUCCESS) { @@ -1732,7 +1740,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t *operation, if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)status; (void)key_buffer; @@ -1756,14 +1764,14 @@ psa_status_t psa_driver_wrapper_mac_update(psa_mac_operation_t *operation, const { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_mac_update(&operation->ctx.oberon_driver_ctx, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)input; @@ -1779,7 +1787,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t *operation, switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: status = cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx, mac, mac_size, mac_length); @@ -1789,12 +1797,12 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t *operation, } return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_mac_sign_finish(&operation->ctx.oberon_driver_ctx, mac, mac_size, mac_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)mac; @@ -1811,7 +1819,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t *operation switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: status = cc3xx_mac_verify_finish(&operation->ctx.cc3xx_driver_ctx, mac, mac_length); /* NCSDK-21377: Clean up operation context on success. */ @@ -1820,11 +1828,11 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t *operation } return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_mac_verify_finish(&operation->ctx.oberon_driver_ctx, mac, mac_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)mac; @@ -1837,14 +1845,14 @@ psa_status_t psa_driver_wrapper_mac_abort(psa_mac_operation_t *operation) { switch (operation->id) { #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_MAC_DRIVER) case PSA_CRYPTO_CC3XX_DRIVER_ID: return cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_MAC_DRIVER */ +#if defined(PSA_NEED_OBERON_MAC_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_mac_abort(&operation->ctx.oberon_driver_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_MAC_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_MAC_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return PSA_SUCCESS; @@ -1859,13 +1867,13 @@ psa_status_t psa_driver_wrapper_key_derivation_setup(psa_key_derivation_operatio { psa_status_t status; -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) status = oberon_key_derivation_setup(&operation->ctx.oberon_kdf_ctx, alg); if (status == PSA_SUCCESS) { operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; } return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ (void)status; (void)operation; @@ -1878,10 +1886,10 @@ psa_driver_wrapper_key_derivation_set_capacity(psa_key_derivation_operation_t *o size_t capacity) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_key_derivation_set_capacity(&operation->ctx.oberon_kdf_ctx, capacity); -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ default: (void)capacity; @@ -1895,11 +1903,11 @@ psa_driver_wrapper_key_derivation_input_bytes(psa_key_derivation_operation_t *op size_t data_length) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_key_derivation_input_bytes(&operation->ctx.oberon_kdf_ctx, step, data, data_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ default: (void)step; @@ -1914,11 +1922,11 @@ psa_driver_wrapper_key_derivation_input_integer(psa_key_derivation_operation_t * psa_key_derivation_step_t step, uint64_t value) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_key_derivation_input_integer(&operation->ctx.oberon_kdf_ctx, step, value); -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ default: (void)step; @@ -1932,11 +1940,11 @@ psa_driver_wrapper_key_derivation_output_bytes(psa_key_derivation_operation_t *o uint8_t *output, size_t output_length) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_key_derivation_output_bytes(&operation->ctx.oberon_kdf_ctx, output, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ default: (void)output; @@ -1948,10 +1956,10 @@ psa_driver_wrapper_key_derivation_output_bytes(psa_key_derivation_operation_t *o psa_status_t psa_driver_wrapper_key_derivation_abort(psa_key_derivation_operation_t *operation) { switch (operation->id) { -#if defined(PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON) +#if defined(PSA_NEED_OBERON_KDF_DRIVER) case PSA_CRYPTO_OBERON_DRIVER_ID: return oberon_key_derivation_abort(&operation->ctx.oberon_kdf_ctx); -#endif /* PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_KDF_DRIVER */ default: return PSA_SUCCESS; @@ -1980,17 +1988,17 @@ psa_status_t psa_driver_wrapper_key_agreement(const psa_key_attributes_t *attrib * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX) +#if defined(PSA_NEED_CC3XX_ECDH_DRIVER) status = cc3xx_key_agreement(attributes, priv_key, priv_key_size, publ_key, publ_key_size, output, output_size, output_length, alg); return status; -#endif /* PSA_CRYPTO_DRIVER_ALG_ECDH_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON) +#endif /* PSA_NEED_CC3XX_ECDH_DRIVER */ +#if defined(PSA_NEED_OBERON_ECDH_DRIVER) status = oberon_key_agreement(attributes, priv_key, priv_key_size, alg, publ_key, publ_key_size, output, output_size, output_length); return status; -#endif /* PSA_CRYPTO_DRIVER_ALG_ECDH_OBERON */ +#endif /* PSA_NEED_OBERON_ECDH_DRIVER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)status; return PSA_ERROR_NOT_SUPPORTED; @@ -2021,7 +2029,7 @@ psa_status_t psa_driver_wrapper_pake_setup( { psa_status_t status; -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER if (cipher_suite->algorithm == PSA_ALG_JPAKE) { status = oberon_jpake_setup( &operation->ctx.oberon_jpake_ctx, cipher_suite); @@ -2030,8 +2038,8 @@ psa_status_t psa_driver_wrapper_pake_setup( } return status; } -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER if (cipher_suite->algorithm == PSA_ALG_SPAKE2P) { status = oberon_spake2p_setup( &operation->ctx.oberon_spake2p_ctx, cipher_suite); @@ -2040,8 +2048,8 @@ psa_status_t psa_driver_wrapper_pake_setup( } return status; } -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER if (cipher_suite->algorithm == PSA_ALG_SRP_6) { status = oberon_srp_setup( &operation->ctx.oberon_srp_ctx, cipher_suite); @@ -2050,7 +2058,7 @@ psa_status_t psa_driver_wrapper_pake_setup( } return status; } -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ (void)status; (void)operation; @@ -2064,24 +2072,24 @@ psa_status_t psa_driver_wrapper_pake_set_password_key( const uint8_t *password, size_t password_length) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_set_password_key( &operation->ctx.oberon_jpake_ctx, attributes, password, password_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_set_password_key( &operation->ctx.oberon_spake2p_ctx, attributes, password, password_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_set_password_key( &operation->ctx.oberon_srp_ctx, attributes, password, password_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)attributes; @@ -2096,24 +2104,24 @@ psa_status_t psa_driver_wrapper_pake_set_user( const uint8_t *user_id, size_t user_id_len) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_set_user( &operation->ctx.oberon_jpake_ctx, user_id, user_id_len); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_set_user( &operation->ctx.oberon_spake2p_ctx, user_id, user_id_len); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_set_user( &operation->ctx.oberon_srp_ctx, user_id, user_id_len); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)user_id; @@ -2127,22 +2135,22 @@ psa_status_t psa_driver_wrapper_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_set_peer( &operation->ctx.oberon_jpake_ctx, peer_id, peer_id_len); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_set_peer( &operation->ctx.oberon_spake2p_ctx, peer_id, peer_id_len); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return PSA_ERROR_NOT_SUPPORTED; -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)peer_id; @@ -2156,24 +2164,24 @@ psa_status_t psa_driver_wrapper_pake_set_role( psa_pake_role_t role) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_set_role( &operation->ctx.oberon_jpake_ctx, role); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_set_role( &operation->ctx.oberon_spake2p_ctx, role); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_set_role( &operation->ctx.oberon_srp_ctx, role); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)role; @@ -2187,27 +2195,27 @@ psa_status_t psa_driver_wrapper_pake_output( uint8_t *output, size_t output_size, size_t *output_length) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_output( &operation->ctx.oberon_jpake_ctx, step, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_output( &operation->ctx.oberon_spake2p_ctx, step, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_output( &operation->ctx.oberon_srp_ctx, step, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)step; @@ -2224,27 +2232,27 @@ psa_status_t psa_driver_wrapper_pake_input( const uint8_t *input, size_t input_length) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_input( &operation->ctx.oberon_jpake_ctx, step, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_input( &operation->ctx.oberon_spake2p_ctx, step, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_input( &operation->ctx.oberon_srp_ctx, step, input, input_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)step; @@ -2259,24 +2267,24 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( uint8_t *output, size_t output_size, size_t *output_length) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_get_implicit_key( &operation->ctx.oberon_jpake_ctx, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_get_implicit_key( &operation->ctx.oberon_spake2p_ctx, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_get_implicit_key( &operation->ctx.oberon_srp_ctx, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: (void)output; @@ -2290,18 +2298,18 @@ psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t *operation) { switch (operation->id) { -#ifdef PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON +#ifdef PSA_NEED_OBERON_JPAKE_DRIVER case OBERON_JPAKE_DRIVER_ID: return oberon_jpake_abort(&operation->ctx.oberon_jpake_ctx); -#endif /* PSA_CRYPTO_DRIVER_ALG_JPAKE_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON +#endif /* PSA_NEED_OBERON_JPAKE_DRIVER */ +#ifdef PSA_NEED_OBERON_SPAKE2P_DRIVER case OBERON_SPAKE_DRIVER_ID: return oberon_spake2p_abort(&operation->ctx.oberon_spake2p_ctx); -#endif /* PSA_CRYPTO_DRIVER_ALG_SPAKE2P_OBERON */ -#ifdef PSA_CRYPTO_DRIVER_ALG_SRP_OBERON +#endif /* PSA_NEED_OBERON_SPAKE2P_DRIVER */ +#ifdef PSA_NEED_OBERON_SRP_DRIVER case OBERON_SRP_DRIVER_ID: return oberon_srp_abort(&operation->ctx.oberon_srp_ctx); -#endif /* PSA_CRYPTO_DRIVER_ALG_SRP_OBERON */ +#endif /* PSA_NEED_OBERON_SRP_DRIVER */ default: return PSA_SUCCESS; @@ -2330,18 +2338,18 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_ASYMMETRIC_DRIVER) status = cc3xx_asymmetric_encrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, salt, salt_length, output, output_size, output_length); return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_ASYMMETRIC_DRIVER */ +#if defined(PSA_NEED_OBERON_RSA_CRYPT) status = oberon_asymmetric_encrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, salt, salt_length, output, output_size, output_length); return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_CRYPT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)status; return PSA_ERROR_NOT_SUPPORTED; @@ -2380,17 +2388,17 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX) +#if defined(PSA_NEED_CC3XX_ASYMMETRIC_DRIVER) status = cc3xx_asymmetric_decrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, salt, salt_length, output, output_size, output_length); return status; -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_CC3XX */ -#if defined(PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON) +#endif /* PSA_NEED_CC3XX_ASYMMETRIC_DRIVER */ +#if defined(PSA_NEED_OBERON_RSA_CRYPT) return oberon_asymmetric_decrypt(attributes, key_buffer, key_buffer_size, alg, input, input_length, salt, salt_length, output, output_size, output_length); -#endif /* PSA_CRYPTO_DRIVER_HAS_ASYM_ENCRYPT_SUPPORT_OBERON */ +#endif /* PSA_NEED_OBERON_RSA_CRYPT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ (void)status; return PSA_ERROR_NOT_SUPPORTED; @@ -2413,23 +2421,18 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt( psa_status_t psa_driver_wrapper_init_random(psa_driver_random_context_t *context) { -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM) - /* Using internal context. */ - (void)context; - return PSA_SUCCESS; -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_CTR_DRBG_DRIVER) return oberon_ctr_drbg_init(&context->oberon_ctr_drbg_ctx); -#elif defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) +#elif defined(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) return oberon_hmac_drbg_init(&context->oberon_hmac_drbg_ctx); -#endif -#endif /* defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) */ - +#else + /* When the chosen driver does not require to initialize the context + * or the get_random call is not supported we can return success. + */ (void)context; return PSA_SUCCESS; +#endif } psa_status_t psa_driver_wrapper_get_random(psa_driver_random_context_t *context, uint8_t *output, @@ -2437,25 +2440,29 @@ psa_status_t psa_driver_wrapper_get_random(psa_driver_random_context_t *context, { #if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_TEST) psa_status_t status; + (void) context; status = prng_test_generate_random(output, output_size); if (status != PSA_ERROR_NOT_SUPPORTED) { return status; } #endif -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM) + +#if defined(PSA_NEED_OBERON_CTR_DRBG_DRIVER) + return oberon_ctr_drbg_get_random(&context->oberon_ctr_drbg_ctx, output, output_size); +#elif defined(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) + return oberon_hmac_drbg_get_random(&context->oberon_hmac_drbg_ctx, output, output_size); +#elif defined(PSA_NEED_CC3XX_CTR_DRBG_DRIVER) || defined(PSA_NEED_CC3XX_HMAC_DRBG_DRIVER) size_t output_length; int err; /* Using internal context. */ (void)context; -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_CC3XX_PLATFORM) +#if defined(PSA_NEED_CC3XX_CTR_DRBG_DRIVER) err = nrf_cc3xx_platform_ctr_drbg_get(NULL, output, output_size, &output_length); -#elif defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_CC3XX_PLATFORM) +#elif defined(PSA_NEED_CC3XX_HMAC_DRBG_DRIVER) err = nrf_cc3xx_platform_hmac_drbg_get(NULL, output, output_size, &output_length); -#else -#error "Enable CONFIG_PSA_WANT_ALG_CTR_DRBG or CONFIG_PSA_WANT_ALG_HMAC_DRBG" #endif if (err != NRF_CC3XX_PLATFORM_SUCCESS) { return PSA_ERROR_HARDWARE_FAILURE; @@ -2466,17 +2473,7 @@ psa_status_t psa_driver_wrapper_get_random(psa_driver_random_context_t *context, } return PSA_SUCCESS; -#endif /* defined(PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM) */ - -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) - return oberon_ctr_drbg_get_random(&context->oberon_ctr_drbg_ctx, output, output_size); -#elif defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) - return oberon_hmac_drbg_get_random(&context->oberon_hmac_drbg_ctx, output, output_size); -#else -#error "Enable CONFIG_PSA_WANT_ALG_CTR_DRBG or CONFIG_PSA_WANT_ALG_HMAC_DRBG" #endif -#endif /* defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) */ (void)context; (void)output; @@ -2486,21 +2483,14 @@ psa_status_t psa_driver_wrapper_get_random(psa_driver_random_context_t *context, psa_status_t psa_driver_wrapper_free_random(psa_driver_random_context_t *context) { -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_CC3XX_PLATFORM) - /* Using nrf_cc3xx_platform without context. */ - (void)context; - - return PSA_SUCCESS; -#endif - -#if defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) -#if defined(PSA_CRYPTO_DRIVER_ALG_CTR_DRBG_OBERON) +#if defined(PSA_NEED_OBERON_CTR_DRBG_DRIVER) return oberon_ctr_drbg_free(&context->oberon_ctr_drbg_ctx); -#elif defined(PSA_CRYPTO_DRIVER_ALG_HMAC_DRBG_OBERON) +#elif defined(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) return oberon_hmac_drbg_free(&context->oberon_hmac_drbg_ctx); #endif -#endif /* defined(PSA_CRYPTO_DRIVER_ALG_PRNG_OBERON) */ - + /* When the chosen driver does not require to initialize the context + * or the get_random call is not supported we can return success. + */ (void)context; return PSA_SUCCESS; } @@ -2508,7 +2498,7 @@ psa_status_t psa_driver_wrapper_free_random(psa_driver_random_context_t *context psa_status_t psa_driver_wrapper_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output, size_t output_size) { -#if defined(PSA_CRYPTO_DRIVER_ENTROPY_ZEPHYR) +#if defined(PSA_NEED_ZEPHYR_ENTROPY_DRIVER) return zephyr_get_entropy(flags, estimate_bits, output, output_size); #endif diff --git a/subsys/nrf_security/tfm/CMakeLists.txt b/subsys/nrf_security/tfm/CMakeLists.txt index 895d77cea379..3af65536e4e2 100644 --- a/subsys/nrf_security/tfm/CMakeLists.txt +++ b/subsys/nrf_security/tfm/CMakeLists.txt @@ -76,12 +76,6 @@ set(CONFIG_MBEDTLS_USE_PSA_CRYPTO False) # complete build with all libraries and a full mbedcrypto library for linking. set(CONFIG_BUILD_WITH_TFM False) -if (NOT CONFIG_TFM_PROFILE_TYPE_MINIMAL) - set(CONFIG_PSA_CRYPTO_DRIVER_OBERON True) - set(CONFIG_PSA_CRYPTO_DRIVER_HAS_KDF_SUPPORT_OBERON True) - set(CONFIG_PSA_CRYPTO_DRIVER_ALG_HKDF_OBERON True) -endif() - # TF-M build require that PSA Crypto APIs are compiled set(COMPILE_PSA_APIS True)