Fspra 4778 update to mbed tls 3.6.4

include/mbedtls/build_info.h

@@ -110,7 +110,7 @@
 
 /* X.509, TLS and non-PSA crypto configuration */
 #if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/mbedtls_config.h"
+#include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif

include/mbedtls/config_adjust_legacy_from_psa.h

@@ -366,6 +366,32 @@
 
 /* End of ECC section */
 
+/* MLKEM: key types: enable built-ins as needed.
+ */
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT */
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE */
+
+#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1
+#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE */
+
+/* End of MLKEM section */
+
 /*
  * DH key types follow the same pattern used above for EC keys. They are defined
  * by a triplet (group, key_type, alg). A triplet is accelerated if all its

include/mbedtls/config_adjust_psa_from_legacy.h

@@ -84,6 +84,23 @@
 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
 #endif /* MBEDTLS_ECP_C */
 
+#if defined(MBEDTLS_MLKEM_C)
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1
+#define PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1
+// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY 1
+// #define PSA_WANT_KEY_TYPE_MLKEM_PUBLIC_KEY 1
+#endif /* MBEDTLS_MLKEM_C */
+
 #if defined(MBEDTLS_DHM_C)
 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1

include/mbedtls/mlkem.h

@@ -0,0 +1,81 @@
+/**
+ * \file mlkem.h
+ *
+ * \brief This file provides an API for Post Quantum Cryptography Module Lattice Keys(MLKEM).
+ *
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_MLKEM_H
+#define MBEDTLS_MLKEM_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
+
+#include "mbedtls/bignum.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_mlkem_data {
+    uint32_t key_len;
+    uint32_t * key_data;
+} mbedtls_mlkem_data_t;
+
+/**
+ * \brief   The MLKEM context structure.
+ */
+typedef struct mbedtls_mlkem_context {
+    mbedtls_mlkem_data_t decaps_key;  /*!< The decapsulated key data  */
+    mbedtls_mlkem_data_t d;  /*!< d seed data. */
+    mbedtls_mlkem_data_t z;  /*!< z seed data. */
+    mbedtls_mlkem_data_t encaps_key;  /*!< The encapsulated key data  */
+} mbedtls_mlkem_context;
+
+typedef enum mbedtls_mlkem_bits {
+    MBEDTLS_MLKEM_512 = 512,
+    MBEDTLS_MLKEM_768 = 768
+} mbedtls_mlkem_bits_t;
+
+void mbedtls_mlkem_init(mbedtls_mlkem_context * ctx);
+
+int mbedtls_mlkem_export_keypair(mbedtls_mlkem_context * ctx,
+                                 uint8_t * key_buffer,
+                                 size_t * key_buffer_length);
+
+int mbedtls_mlkem_export_public_key(mbedtls_mlkem_context * ctx,
+                                    mbedtls_mlkem_bits_t bits);
+
+int mbedtls_mlkem_expand_key_pair(mbedtls_mlkem_context *ctx,
+                               mbedtls_mlkem_bits_t bits,
+                               mbedtls_mlkem_data_t *random_d,
+                               mbedtls_mlkem_data_t *random_z,
+                               uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+int mbedtls_mlkem_generate_key(mbedtls_mlkem_context * ctx, 
+                               mbedtls_mlkem_bits_t bits,
+                               uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+int mbedtls_mlkem_encapsulate(mbedtls_mlkem_context * ctx,
+                              mbedtls_mlkem_bits_t bits,
+                              mbedtls_mlkem_data_t * cipher,
+                              mbedtls_mlkem_data_t * shared_key,
+                              uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+int mbedtls_mlkem_decapsulate(mbedtls_mlkem_context * ctx,
+                              mbedtls_mlkem_bits_t bits,
+                              mbedtls_mlkem_data_t * cipher,
+                              mbedtls_mlkem_data_t * shared_key,
+                              uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mlkem.h */

include/mbedtls/psa_util.h

@@ -21,7 +21,7 @@
  * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
 #include <mbedtls/asn1write.h>
 
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) || defined(MCUBOOT_USE_PSA_CRYPTO)
 
 /** The random generator function for the PSA subsystem.
  *

include/mbedtls/sha3.h

@@ -42,6 +42,9 @@ typedef enum {
     MBEDTLS_SHA3_512, /*!< SHA3-512 */
 } mbedtls_sha3_id;
 
+
+#if !defined(MBEDTLS_SHA3_ALT)
+
 /**
  * \brief          The SHA-3 context structure.
  *
@@ -55,6 +58,10 @@ typedef struct {
 }
 mbedtls_sha3_context;
 
+#else  /* MBEDTLS_SHA3_ALT */
+#include "sha3_alt.h"
+#endif /* MBEDTLS_SHA3_ALT */
+
 /**
  * \brief          This function initializes a SHA-3 context.
  *

include/psa/crypto.h

@@ -911,7 +911,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
                               const uint8_t *input,
                               size_t input_length,
                               const uint8_t *hash,
-                              size_t hash_length);
+                              const size_t hash_length);
 
 /** The type of the state data structure for multipart hash operations.
  *
@@ -1269,7 +1269,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
                             const uint8_t *input,
                             size_t input_length,
                             const uint8_t *mac,
-                            size_t mac_length);
+                            const size_t mac_length);
 
 /** The type of the state data structure for multipart MAC operations.
  *
@@ -4339,6 +4339,90 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
                                   mbedtls_svc_key_id_t *key);
 #endif /* !__cplusplus */
 
+
+/** \defgroup key_encapsulation Key encapsulation and decapsulation
+ * @{
+ */
+
+/**
+ * \brief Generate an encapsulated key pair
+ *
+ * \param[in] key                   Identifier of the key to use for encapsulation.
+ *                                  It must allow the usage #PSA_KEY_USAGE_ENCAPSULATE.  
+ * \param[in] alg                   The encapsulation algorithm to use.
+ *                                  (\c PSA_ALG_XXX value such that
+ *                                  #PSA_ALG_IS_KEY_ENCAPSULATION(\p alg) is true
+ * \param[in] attributes            The attributes of the key to be generated.
+ * \param[out] output_key           Identifier of the generated key is to be written.
+ * \param[out] ciphertext           Buffer where the ciphertext is to be written.
+ * \param ciphertext_size           Size of the \p ciphertext buffer in bytes.
+ * \param[in] ciphertext_length     On success, the number of bytes that make up \p ciphertext.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_encapsulate(psa_key_id_t key,
+                             psa_algorithm_t alg,
+                             const psa_key_attributes_t * attributes,
+                             psa_key_id_t * output_key,
+                             uint8_t * ciphertext,
+                             size_t ciphertext_size,
+                             size_t * ciphertext_length);
+
+/**
+ * \brief Decapslulate an encapsulated a shared secret key
+ *
+ *
+ * \param[in] key                   Identifier of the key to use for decapsulation.
+ *                                  It must allow the usage #PSA_KEY_USAGE_ENCAPSULATE.  
+ * \param[in] alg                   The encapsulation algorithm to use.
+ *                                  (\c PSA_ALG_XXX value such that
+ *                                  #PSA_ALG_IS_KEY_ENCAPSULATION(\p alg) is true
+ * \param[in] ciphertext            The ciphertext to decapsulate.
+ * \param ciphertext_len            Size of the \p ciphertext buffer in bytes.
+ * \param[in] attributes            The attributes of the key to be generated.
+ * \param[out] output_key           Identifier of the generated key is to be written.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_decapsulate(psa_key_id_t key,
+                             psa_algorithm_t alg,
+                             const uint8_t * ciphertext,
+                             size_t ciphertext_length,
+                             const psa_key_attributes_t * attributes,
+                             psa_key_id_t * output_key);
+
 /**@}*/
 
 /** \defgroup interruptible_hash Interruptible sign/verify hash