WIP

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

Author: tomi-font

subsys/nrf_security/CMakeLists.txt

@@ -94,7 +94,7 @@ add_library(psa_crypto_config INTERFACE)
 # Add config files required for PSA crypto interface
 target_compile_definitions(psa_crypto_config
   INTERFACE
-    -DMBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CONFIG_FILE}"
+#     -DMBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CONFIG_FILE}"
     -DTF_PSA_CRYPTO_CONFIG_FILE="${CONFIG_TF_PSA_CRYPTO_CONFIG_FILE}"
 )
 
@@ -105,7 +105,7 @@ add_library(psa_crypto_library_config INTERFACE)
 # Add config files required for PSA core
 target_compile_definitions(psa_crypto_library_config
   INTERFACE
-    -DMBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CONFIG_FILE}"
+#     -DMBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CONFIG_FILE}"
     -DTF_PSA_CRYPTO_CONFIG_FILE="${CONFIG_TF_PSA_CRYPTO_CONFIG_FILE}"
     -DTF_PSA_CRYPTO_USER_CONFIG_FILE="${CONFIG_TF_PSA_CRYPTO_USER_CONFIG_FILE}"
 )
@@ -122,9 +122,14 @@ target_include_directories(psa_interface
     ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/include
     ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/library
     # Mbed TLS (mbedcrypto) PSA headers
-    ${ZEPHYR_MBEDTLS_MODULE_DIR}/library
-    ${ZEPHYR_MBEDTLS_MODULE_DIR}/include
-    ${ZEPHYR_MBEDTLS_MODULE_DIR}/include/library
+#     ${ZEPHYR_MBEDTLS_MODULE_DIR}/library
+#     ${ZEPHYR_MBEDTLS_MODULE_DIR}/include
+#     ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/drivers/builtin/include/
+    ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/core/
+    ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/dispatch/
+    ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/platform/
+
+#     ${ZEPHYR_TF_PSA_CRYPTO_MODULE_DIR}/include/library
 )
 
 # Finally adding the crypto lib

subsys/nrf_security/Kconfig

@@ -234,19 +234,4 @@ config MBEDTLS_GENPRIME_ENABLED
 
 endmenu # Zephyr legacy configurations
 
-#
-# Provide a new choice to override the mbedtls_external library completely
-# and not have to provide a "dummy" path for the implementation
-#
-choice MBEDTLS_IMPLEMENTATION
-	default MBEDTLS_LIBRARY_NRF_SECURITY
-
-config MBEDTLS_LIBRARY_NRF_SECURITY
-	bool "Use nRF Security mbedTLS version"
-	depends on NRF_SECURITY
-	help
-	  Use Mbed TLS library from Nordic provided security backend
-
-endchoice
-
 endmenu

subsys/nrf_security/include/psa/crypto_driver_config.h

@@ -6,7 +6,7 @@
 
 #ifndef PSA_CRYPTO_DRIVER_CONFIG_H
 #define PSA_CRYPTO_DRIVER_CONFIG_H
-
+// delete this if unused by new Oberon release
 #if defined(TF_PSA_CRYPTO_CONFIG_FILE)
 #include TF_PSA_CRYPTO_CONFIG_FILE
 #else

subsys/nrf_security/include/psa/crypto_driver_contexts_composites.h

@@ -25,7 +25,7 @@
 #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
 #define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
 
-#include "oberon_psa_common.h"
+#include <tf_psa_crypto_common.h>
 
 #include "psa/crypto_driver_common.h"
 
@@ -86,8 +86,8 @@ typedef union {
  * them in order to avoid building errors. We don't use these at all
  * in the Oberon PSA core, the int type was chosen arbitrarily.
  */
-typedef int psa_driver_sign_hash_interruptible_context_t;
-typedef int psa_driver_verify_hash_interruptible_context_t;
+typedef struct { int dummy; } psa_driver_sign_hash_interruptible_context_t;
+typedef struct { int dummy; } psa_driver_verify_hash_interruptible_context_t;
 
 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
 /* End of automatically generated file. */

subsys/nrf_security/include/psa/crypto_driver_contexts_primitives.h

@@ -24,7 +24,7 @@
 #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
 #define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
 
-#include "oberon_psa_common.h"
+#include <tf_psa_crypto_common.h>
 
 #include "psa/crypto_driver_common.h"
 

subsys/nrf_security/src/CMakeLists.txt

@@ -71,20 +71,20 @@ endif()
 
 if(NOT CONFIG_MBEDTLS_PSA_CRYPTO_SPM AND NOT BUILD_INSIDE_TFM)
   append_with_prefix(src_crypto ${ZEPHYR_MBEDTLS_MODULE_DIR}/library
-    pem.c
-    pkcs12.c
-    pkcs5.c
-    pkparse.c
-    pkwrite.c
-    dhm.c
-    cipher.c
-    cipher_wrap.c
-    md.c
-    pk.c
-    pk_ecc.c
-    pk_wrap.c
-    pkwrite.c
-    psa_util.c
+#     pem.c
+#     pkcs12.c
+#     pkcs5.c
+#     pkparse.c
+#     pkwrite.c
+#     dhm.c
+#     cipher.c
+#     cipher_wrap.c
+#     md.c
+#     pk.c
+#     pk_ecc.c
+#     pk_wrap.c
+#     pkwrite.c
+#     psa_util.c
   )
 
 endif()
@@ -111,23 +111,23 @@ endif()
 nrf_security_add_zephyr_options(${mbedcrypto_target})
 
 # Base mbed TLS files (not in drivers or builtin's)
-append_with_prefix(src_crypto_base ${ZEPHYR_MBEDTLS_MODULE_DIR}/library
-  asn1parse.c
-  asn1write.c
-  base64.c
-  bignum.c
-  bignum_core.c
-  nist_kw.c
-  oid.c
-  padlock.c
-  version.c
-  constant_time.c
+append_with_prefix(src_crypto_base ${ZEPHYR_TF_PSA_CRYPTO_MODULE_DIR}/utilities
+#   asn1parse.c
+#   asn1write.c
+#   base64.c
+#   bignum.c
+#   bignum_core.c
+#   nist_kw.c
+#   oid.c
+#   padlock.c
+#   version.c
+#   constant_time.c
 )
 
 # Legacy APIs were missing files added by Oberon PSA core (not built in
 # certain instances. This adds the same platform support as the Oberon PSA core)
 if(NOT CONFIG_MBEDTLS_PSA_CRYPTO_C)
-  append_with_prefix(src_crypto_base  ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/library/
+  append_with_prefix(src_crypto_base ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/library/
     platform.c
     platform_util.c
   )

subsys/nrf_security/src/core/nrf_oberon/CMakeLists.txt

@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-append_with_prefix(src_crypto_core_oberon ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/library/
+append_with_prefix(src_crypto_core_oberon ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/platform/
   platform.c
   platform_util.c
 )
 
-append_with_prefix(src_crypto_core_oberon ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/library/
+append_with_prefix(src_crypto_core_oberon ${ZEPHYR_OBERON_PSA_CRYPTO_MODULE_DIR}/core/
   psa_crypto.c
   psa_crypto_client.c
   psa_crypto_slot_management.c

subsys/nrf_security/src/psa_crypto_driver_wrappers.c

@@ -10,10 +10,10 @@
  *  Warning: This file will be auto-generated in the future.
  */
 
-#include "common.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
-#include <string.h>
+// #include <tf_psa_crypto_common.h>
+#include <tf_psa_crypto_common.h>
+#include <psa_crypto_core.h>
+#include <psa_crypto_driver_wrappers.h>
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
@@ -2573,8 +2573,7 @@ psa_status_t psa_driver_wrapper_encapsulate(const psa_key_attributes_t *attribut
 					    size_t *output_key_length, uint8_t *ciphertext,
 					    size_t ciphertext_size, size_t *ciphertext_length)
 {
-	psa_status_t status;
-	(void)status;
+	psa_status_t status __maybe_unused;
 	psa_key_location_t location =
 		 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 
@@ -2622,8 +2621,7 @@ psa_status_t psa_driver_wrapper_decapsulate(const psa_key_attributes_t *attribut
 					    uint8_t *output_key, size_t output_key_size,
 					    size_t *output_key_length)
 {
-	psa_status_t status;
-	(void)status;
+	psa_status_t status __maybe_unused;
 	psa_key_location_t location =
 		PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));