Modifications by STMicroelectronics

Main ST changes applied

Remove dual license: STMicroelectronics provides the MbedTLS middleware under only the Apache-2.0.

Reformat the license file to Markdown and generate HTML.

Replace the Mbed TLS contribution file with the ST contribution file.

Replace the Mbed TLS security file with the ST security file (PSIRT).

Add HUK feature to allow cipher operation using the Hardware Unique Key on STM32.

Set MBEDTLS_PRIVATE for pk in mbedtls_pk_get_ec_group_id.

Enable constant time API to be used by RSA Alt in constant_time files.

Add double signature check, with single signature computation in ecdsa.c.

Improve self-test for nist_kw and gcm:

  • gcm.c and nist_kw.c: improve Mbed TLS self-test to skip the AES-192 key size test when the alternative implementation does not support it.

Add “ITS PSA driver” support in psa_crypto_storage.c.

Fixes

Miscellaneous warnings (including those raised by IAR and Arm® Keil® toolchains).

  • bignum.c: IAR Warning[Pe546]: transfer of control bypasses the initialization variable: padding.

  • psa_crypto_aead.c and psa_crypto_driver_wrappers.c: add MBEDTLS_PSA_BUILTIN_AEAD flag to avoid Keil Error: L6218E: Undefined symbol.

  • psa_crypto.c: add AT_LEAST_ONE_BUILTIN_KDF flag to avoid IAR Warning[Pe111].

  • pkcs5.c: move padding variable declaration to the beginning of mbedtls_pkcs5_pbes2_ext() to avoid an IAR warning.

  • ssl_misc.h: cast ssl state to mbedtls_ssl_states in handshake increment function to avoid IAR Warning[Pe188]: enumerated type mixed with another type.

pk.c: key_bits may be used uninitialized; add MBEDTLS_PK_HAVE_ECC_KEYS.

Enumerated type mixed with another type ( mbedtls_md_type_t).

Double inclusion path porting on crypto.h: add MBEDTLS_RSA_C in psa_crypto_driver_wrappers.h, add MBEDTLS_MD_C in md.c and config_adjust_psa_from_legacy.h, and add AT_LEAST_ONE_BUILTIN_KDF, PSA_WANT_ALG_GCM, and PSA_WANT_ALG_CCM in psa_crypto.c.

pkparse.c: fix warning when MBEDTLS_PEM_PARSE_C, MBEDTLS_PKCS12_C, and MBEDTLS_PKCS5_C are not defined.

bignum.c: optimize mbedtls_mpi_core_mla() for GCC (issue seen with 14.3.1) and -O0.

Customizations

Support STM32 Key Wrap Engine (KWE):

  • Add KWE opaque driver to Mbed TLS and improve Jinja driver templates.

  • Export rsa_rsassa_pkcs1_v15_encode() and mgf_mask() functions to be used by the Key Wrap Engine PSA driver.

Replace include psa/error by mbedtls/error in psa_crypto_se.c and psa_crypto_storage.c.

Allow creating a read-only key (for Secure Element).

Use vendor keys (for Secure Element).

Support Hardware Unique Key (HUK), under switch USE_HUK.

Support OEMiRoT: add MBEDTLS_SRAM_ERASED_ON_RESET flag in memory_buffer_alloc.c to enhance the efficiency of the boot after a reset.

Temporary changes for TF-M 1.3.0

Remove unsupported functions: psa_mac_compute(), psa_mac_verify(), psa_cipher_encrypt(), psa_cipher_decrypt().

Use deprecated define PSA_KEY_USAGE_SIGN_HASH (instead of PSA_KEY_USAGE_SIGN_MESSAGE).

Use deprecated define PSA_KEY_USAGE_VERIFY_HASH (instead of PSA_KEY_USAGE_VERIFY_MESSAGE).

Fix switch MCUBOOT_DOUBLE_SIGN_VERIF name.

Exclude macro when building project for TF-M to avoid Warning[Pa181] (incompatible redefinition of macros):

  • PSA_KEY_EXPORT_MAX_SIZE

  • PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE

  • PSA_HASH_SIZE

  • PSA_MAC_FINAL_SIZE

  • PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN

Add in crypto_spe.h a function definition to avoid duplication of symbols between TF-M and Mbed TLS.