ARMmbed · 0xc0170 · Nov 24, 2018 · Nov 13, 2018 · Nov 18, 2018 · Nov 20, 2018
diff --git a/features/mbedtls/VERSION.txt b/features/mbedtls/VERSION.txt
@@ -1 +1,2 @@
-mbedtls-2.13.1
+mbedtls-2.15.0
+mbedcrypto-0.1.0b
diff --git a/features/mbedtls/importer/Makefile b/features/mbedtls/importer/Makefile
@@ -27,20 +27,39 @@
 #
 
 # Set the mbed TLS release to import (this can/should be edited before import)
-MBED_TLS_RELEASE ?= mbedtls-2.13.1
+MBED_TLS_RELEASE ?= mbedtls-2.15.0
 
 # Translate between mbed TLS namespace and mbed namespace
 TARGET_PREFIX:=../
+TARGET_PREFIX_CRYPTO:=../mbed-crypto/
 TARGET_SRC:=$(TARGET_PREFIX)src
 TARGET_INC:=$(TARGET_PREFIX)inc
 TARGET_TESTS:=$(TARGET_PREFIX)TESTS
 
+# New folder structure is introduced here for targets with Secured-Partition-Environment
+# and Non-Secured-Partition-Environment, below documentation for each folder:
+# COMPONENT_PSA_SRV_IMPL - include secure service business logic implementation
+# code. For example Mbed Crypto or secure time core logic
+TARGET_SRV_IMPL:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL
+# COMPONENT_SPE - include code that compiles ONLY to secure image and never
+# compiles to non-secure image
+TARGET_SPE:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_SPE
+# The folder contain specific target implementation using hardware.
+TARGET_PSA_DRIVERS:=$(TARGET_PREFIX_CRYPTO)/targets
+# COMPONENT_NSPE - include code that compiles ONLY to non-secure image and
+# never compiles to secure image
+TARGET_NSPE:=$(TARGET_SRV_IMPL)/COMPONENT_NSPE
+
 # mbed TLS source directory - hidden from mbed via TARGET_IGNORE
 MBED_TLS_URL:=git@github.com:ARMmbed/mbedtls-restricted.git
 MBED_TLS_DIR:=TARGET_IGNORE/mbedtls
 MBED_TLS_API:=$(MBED_TLS_DIR)/include/mbedtls
 MBED_TLS_GIT_CFG=$(MBED_TLS_DIR)/.git/config
 
+# Mbed Crypto directory - hidden from mbed via TARGET_IGNORE
+MBED_CRYPTO_DIR:=$(MBED_TLS_DIR)/crypto
+MBED_CRYPTO_API:=$(MBED_CRYPTO_DIR)/include/psa
+
 .PHONY: all deploy deploy-tests rsync mbedtls clean update
 
 all: mbedtls
@@ -62,6 +81,23 @@ rsync:
  cp $(MBED_TLS_DIR)/LICENSE $(TARGET_PREFIX)
  cp $(MBED_TLS_DIR)/apache-2.0.txt $(TARGET_PREFIX)
  #
+ # Create Mbed Crypto target folder
+ mkdir -p $(TARGET_PREFIX_CRYPTO)
+ #
+ # Copying Mbed Crypto into Mbed OS..
+ rm -rf $(TARGET_SRV_IMPL)
+ rm -rf $(TARGET_SPE)
+
+ mkdir -p $(TARGET_SRV_IMPL)
+ mkdir -p $(TARGET_SPE)
+ mkdir -p $(TARGET_NSPE)
+ mkdir -p $(TARGET_PSA_DRIVERS)
+
+ rsync -a --delete --exclude='crypto_struct.h' $(MBED_CRYPTO_API) $(TARGET_INC)
+ rsync -a --delete $(MBED_CRYPTO_API)/crypto_struct.h $(TARGET_NSPE)
+ rsync -a --delete $(MBED_CRYPTO_API)/crypto_struct.h $(TARGET_SPE)/crypto_struct_spe.h
+ rsync -a --delete $(MBED_CRYPTO_DIR)/library/psa_*.c $(TARGET_SRV_IMPL)
+ rsync -a --delete $(MBED_CRYPTO_DIR)/library/psa_*.h $(TARGET_SRV_IMPL)
 
 deploy: rsync
  #
@@ -92,8 +128,14 @@ update: $(MBED_TLS_GIT_CFG) $(MBED_TLS_HA_GIT_CFG)
  # Checking out the required release
  git -C $(MBED_TLS_DIR) checkout $(MBED_TLS_RELEASE)
  #
+ # Update and checkout git submodules
+ git -C $(MBED_TLS_DIR) submodule update --init --recursive
+ #
  # Updating checked out version tag
  echo $(MBED_TLS_RELEASE) > $(TARGET_PREFIX)VERSION.txt
+ #
+ # Updating Mbed Crypto checked out version tag
+ git -C $(MBED_CRYPTO_DIR) describe --tags --abbrev=12 --dirty --always >> $(TARGET_PREFIX)VERSION.txt
 
 $(MBED_TLS_GIT_CFG):
  rm -rf $(MBED_TLS_DIR)
@@ -107,4 +149,5 @@ clean:
  rm -rf $(TARGET_SRC)
  rm -rf $(TARGET_INC)
  rm -rf $(MBED_TLS_DIR)
-
+ rm -rf $(TARGET_SRV_IMPL)
+ rm -rf $(TARGET_SPE)
diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh
@@ -22,7 +22,7 @@ SCRIPT=$1
 FILE=$2
 
 conf() {
- $SCRIPT -f $FILE $@
+ $SCRIPT -f $FILE --force $@
 }
 
 add_code() {
@@ -140,3 +140,8 @@ conf unset MBEDTLS_SSL_TRUNCATED_HMAC
 
 conf unset MBEDTLS_PLATFORM_TIME_TYPE_MACRO
 
+# The following configurations are a needed for Mbed Crypto submodule.
+# They are related to the persistent key storage feature.
+conf set MBEDTLS_PSA_CRYPTO_STORAGE_C
+conf set MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
+conf unset MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C
diff --git a/features/mbedtls/inc/mbedtls/aes.h b/features/mbedtls/inc/mbedtls/aes.h
@@ -60,7 +60,11 @@
 
 /* Error codes in range 0x0021-0x0025 */
 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
+
+/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
+
+/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
 
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \

diff --git a/features/mbedtls/inc/mbedtls/arc4.h b/features/mbedtls/inc/mbedtls/arc4.h
@@ -36,6 +36,7 @@
 
 #include <stddef.h>
 
+/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
 
 #ifdef __cplusplus

diff --git a/features/mbedtls/inc/mbedtls/aria.h b/features/mbedtls/inc/mbedtls/aria.h
@@ -48,7 +48,12 @@
 
 #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
 #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
+
+/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
+ */
 #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
+
+/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
 
 #if !defined(MBEDTLS_ARIA_ALT)