feat(esp_tee): Remove unused components from the PSA Crypto library

2026-04-27 19:13:21 +00:00 · 2026-02-10 13:52:00 +05:30
parent c0523c7771
commit 1d425cee8e
4 changed files with 82 additions and 77 deletions
@@ -79,31 +79,29 @@ if(CONFIG_SOC_AES_SUPPORTED)
                                        "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
                                        "${COMPONENT_DIR}/port/aes/esp_aes_xts.c")
    target_include_directories(tfpsacrypto PRIVATE "${COMPONENT_DIR}/port/include/aes")
-    if(CONFIG_MBEDTLS_HARDWARE_AES)
-        target_sources(tfpsacrypto PRIVATE
-                "${COMPONENT_DIR}/port/psa_driver/esp_aes/psa_crypto_driver_esp_aes.c"
-                "${COMPONENT_DIR}/port/psa_driver/esp_aes/psa_crypto_driver_esp_aes_gcm.c"
-        )
-    endif()
-
+    target_sources(tfpsacrypto PRIVATE
+            "${COMPONENT_DIR}/port/psa_driver/esp_aes/psa_crypto_driver_esp_aes.c"
+            "${COMPONENT_DIR}/port/psa_driver/esp_aes/psa_crypto_driver_esp_aes_gcm.c"
+    )
 endif()
 # SHA implementation
 if(CONFIG_SOC_SHA_SUPPORTED)
    target_sources(tfpsacrypto PRIVATE
        "${COMPONENT_DIR}/port/psa_driver/esp_sha/psa_crypto_driver_esp_sha.c"
-        "${COMPONENT_DIR}/port/psa_driver/esp_sha/core/psa_crypto_driver_esp_sha1.c"
        "${COMPONENT_DIR}/port/psa_driver/esp_sha/core/psa_crypto_driver_esp_sha256.c"
-        "${COMPONENT_DIR}/port/psa_driver/esp_sha/core/psa_crypto_driver_esp_sha512.c"
        "${COMPONENT_DIR}/port/sha/core/sha.c"
        "${COMPONENT_DIR}/port/sha/esp_sha.c"
-        "${COMPONENT_DIR}/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c"
-        )
-endif()
-
-if(CONFIG_MBEDTLS_ROM_MD5)
-    target_sources(tfpsacrypto PRIVATE
-        "${COMPONENT_DIR}/port/psa_driver/esp_md/psa_crypto_driver_esp_md5.c"
    )
+    if(CONFIG_MBEDTLS_SHA1_C)
+        target_sources(tfpsacrypto PRIVATE
+            "${COMPONENT_DIR}/port/psa_driver/esp_sha/core/psa_crypto_driver_esp_sha1.c"
+        )
+    endif()
+    if(CONFIG_SOC_SHA_SUPPORT_SHA512 AND CONFIG_MBEDTLS_SHA512_C)
+        target_sources(tfpsacrypto PRIVATE
+            "${COMPONENT_DIR}/port/psa_driver/esp_sha/core/psa_crypto_driver_esp_sha512.c"
+        )
+    endif()
 endif()

 if(CONFIG_SOC_ECC_SUPPORTED)
@@ -116,6 +114,9 @@ if(CONFIG_SOC_HMAC_SUPPORTED)
    target_sources(tfpsacrypto PRIVATE "${COMPONENT_DIR}/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c")
    target_sources(tfpsacrypto PRIVATE "${COMPONENT_DIR}/port/esp_hmac_pbkdf2.c")
    target_link_libraries(tfpsacrypto PRIVATE idf::efuse)
+else()
+    target_sources(tfpsacrypto PRIVATE
+        "${COMPONENT_DIR}/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_transparent.c")
 endif()

 # PSA Attestation
@@ -40,7 +40,7 @@
 #undef MBEDTLS_TIMING_C
 #define MBEDTLS_PLATFORM_C

-#if CONFIG_MBEDTLS_HARDWARE_AES
+#if SOC_AES_SUPPORTED
 #define ESP_AES_DRIVER_ENABLED
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
 #endif
@@ -65,29 +65,41 @@
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
 #else
 #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
+#undef MBEDTLS_HMAC_DRBG_C
 #endif

-#if CONFIG_MBEDTLS_SHA1_C
-#define MBEDTLS_SHA1_C
-#endif
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-
 #if SOC_SHA_SUPPORTED
 #define ESP_SHA_DRIVER_ENABLED
-#define ESP_HMAC_TRANSPARENT_DRIVER_ENABLED
-#undef MBEDTLS_PSA_BUILTIN_ALG_HMAC
 #if CONFIG_MBEDTLS_SHA1_C
-    #define MBEDTLS_PSA_ACCEL_ALG_SHA_1
-    #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_1
-    #undef MBEDTLS_SHA1_C
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
+#undef MBEDTLS_PSA_BUILTIN_ALG_SHA_1
+#undef MBEDTLS_SHA1_C
+#else
+#undef PSA_WANT_ALG_SHA_1
 #endif
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
 #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_224
 #undef MBEDTLS_SHA224_C
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
 #undef MBEDTLS_PSA_BUILTIN_ALG_SHA_256
 #define MBEDTLS_PSA_ACCEL_ALG_SHA_256
 #undef MBEDTLS_SHA256_C
+#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
+#undef MBEDTLS_PSA_BUILTIN_ALG_SHA_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
+#undef MBEDTLS_PSA_BUILTIN_ALG_SHA_512
+#undef MBEDTLS_SHA384_C
+#undef MBEDTLS_SHA512_C
+#else
+#undef PSA_WANT_ALG_SHA_384
+#undef PSA_WANT_ALG_SHA_512
+#undef MBEDTLS_SHA512_ALT
+#endif
+#if !SOC_HMAC_SUPPORTED
+#define ESP_HMAC_TRANSPARENT_DRIVER_ENABLED
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+#undef MBEDTLS_PSA_BUILTIN_ALG_HMAC
+#endif
 #endif

 #if SOC_ECC_SUPPORTED
@@ -97,17 +109,6 @@

 #if SOC_HMAC_SUPPORTED
 #define ESP_HMAC_OPAQUE_DRIVER_ENABLED
-#else
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
-#endif
-
-#if CONFIG_MBEDTLS_ROM_MD5
-#define ESP_MD5_DRIVER_ENABLED
-#define MBEDTLS_PSA_ACCEL_ALG_MD5
-#undef MBEDTLS_PSA_BUILTIN_ALG_MD5
-#else
-#undef PSA_WANT_ALG_MD5
-#undef MBEDTLS_MD5_C
 #endif

 #undef PSA_WANT_ECC_SECP_R1_192
@@ -139,6 +140,19 @@
 #undef MBEDTLS_RIPEMD160_C
 #undef PSA_WANT_ALG_CHACHA20
 #undef MBEDTLS_CHACHA20_C
+#undef PSA_WANT_ALG_CHACHA20_POLY1305
+#undef MBEDTLS_CHACHAPOLY_C
+#undef PSA_WANT_ALG_CCM
+#undef PSA_WANT_ALG_CMAC
+
+#undef MBEDTLS_AES_C
+#define MBEDTLS_AES_ROM_TABLES
+#if SOC_AES_SUPPORTED
+#define MBEDTLS_AES_FEWER_TABLES
+#endif
+
+#undef PSA_WANT_ALG_MD5
+#undef MBEDTLS_MD5_C
 #undef PSA_WANT_ALG_SHA3_224
 #undef MBEDTLS_SHA3_224_C
 #undef PSA_WANT_ALG_SHA3_256
@@ -167,22 +181,12 @@
 #undef PSA_WANT_ALG_FFDH
 #undef MBEDTLS_ECDH_C

-#undef MBEDTLS_CCM_C
-#undef MBEDTLS_CHACHA20_C
-#undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_DEBUG_C
-
+#undef MBEDTLS_PSA_ITS_FILE_C
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
 #undef MBEDTLS_SSL_CLI_C
 #undef MBEDTLS_SSL_SRV_C

-#undef PSA_WANT_ALG_PBKDF2_HMAC
 #undef PSA_WANT_ALG_TLS12_PRF
+#undef PSA_WANT_ALG_PBKDF2_HMAC
 #undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
-#undef PSA_WANT_ALG_CCM
-#undef PSA_WANT_ALG_CMAC
-
-#undef MBEDTLS_AES_C
-#define MBEDTLS_AES_ROM_TABLES
-#if SOC_AES_SUPPORTED
-#define MBEDTLS_AES_FEWER_TABLES
-#endif
@@ -203,9 +203,9 @@
 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC
 #if SOC_SHA_SUPPORT_SHA512
 #define MBEDTLS_PSA_ACCEL_ALG_SHA_384
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384
+#undef MBEDTLS_PSA_BUILTIN_ALG_SHA_384
 #define MBEDTLS_PSA_ACCEL_ALG_SHA_512
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512
+#undef MBEDTLS_PSA_BUILTIN_ALG_SHA_512
 #undef MBEDTLS_SHA512_C
 #undef MBEDTLS_SHA384_C
 #undef MBEDTLS_PSA_BUILTIN_ALG_HMAC
@@ -16,12 +16,12 @@ psa_status_t esp_hmac_abort_transparent(esp_hmac_transparent_operation_t *esp_hm
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(esp_hmac_ctx->alg);
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_abort(&esp_hmac_ctx->md5_ctx);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_abort(&esp_hmac_ctx->esp_sha_ctx);
    }
@@ -68,9 +68,9 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm
    memset(esp_hmac_ctx->opad, 0, PSA_HMAC_MAX_HASH_BLOCK_SIZE);

    if (
-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
        hash_alg != PSA_ALG_MD5 &&
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
        (hash_alg < PSA_ALG_SHA_1
 #if SOC_SHA_SUPPORT_SHA512
        || hash_alg > PSA_ALG_SHA_512
@@ -95,12 +95,12 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm
    }

    if (key_buffer_size > block_size) {
-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
        if (hash_alg == PSA_ALG_MD5) {
            status = esp_md5_hash_compute(hash_alg, key_buffer, key_buffer_size,
                                    ipad, sizeof(ipad), &key_buffer_size);
        } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
        {
            status = esp_sha_hash_compute(hash_alg, key_buffer, key_buffer_size,
                                    ipad, sizeof(ipad), &key_buffer_size);
@@ -163,11 +163,11 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm
        memset(esp_hmac_ctx->opad + key_buffer_size, 0x5C, fill_size);
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_setup(&esp_hmac_ctx->md5_ctx, hash_alg);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg);
    }
@@ -175,11 +175,11 @@ psa_status_t esp_hmac_setup_transparent(esp_hmac_transparent_operation_t *esp_hm
        goto error;
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, ipad, block_size);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, ipad, block_size);
    }
@@ -201,12 +201,12 @@ psa_status_t esp_hmac_update_transparent(esp_hmac_transparent_operation_t *esp_h
        return PSA_ERROR_INVALID_ARGUMENT;
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(esp_hmac_ctx->alg);
    if (hash_alg == PSA_ALG_MD5) {
        return esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, data, data_length);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        return esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, data, data_length);
    }
@@ -230,11 +230,11 @@ psa_status_t esp_hmac_finish_transparent(
    size_t hash_size = 0;
    size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_finish(&esp_hmac_ctx->md5_ctx, tmp, sizeof(tmp), &hash_size);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size);
    }
@@ -243,11 +243,11 @@ psa_status_t esp_hmac_finish_transparent(
    }
    /* From here on, tmp needs to be wiped. */

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_setup(&esp_hmac_ctx->md5_ctx, hash_alg);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_setup(&esp_hmac_ctx->esp_sha_ctx, hash_alg);
    }
@@ -255,11 +255,11 @@ psa_status_t esp_hmac_finish_transparent(
        goto exit;
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, esp_hmac_ctx->opad, block_size);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, esp_hmac_ctx->opad, block_size);
    }
@@ -267,11 +267,11 @@ psa_status_t esp_hmac_finish_transparent(
        goto exit;
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_update(&esp_hmac_ctx->md5_ctx, tmp, hash_size);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_update(&esp_hmac_ctx->esp_sha_ctx, tmp, hash_size);
    }
@@ -279,11 +279,11 @@ psa_status_t esp_hmac_finish_transparent(
        goto exit;
    }

-#if CONFIG_MBEDTLS_ROM_MD5
+#if defined(ESP_MD5_DRIVER_ENABLED)
    if (hash_alg == PSA_ALG_MD5) {
        status = esp_md5_hash_finish(&esp_hmac_ctx->md5_ctx, tmp, sizeof(tmp), &hash_size);
    } else
-#endif // CONFIG_MBEDTLS_ROM_MD5
+#endif // defined(ESP_MD5_DRIVER_ENABLED)
    {
        status = esp_sha_hash_finish(&esp_hmac_ctx->esp_sha_ctx, tmp, sizeof(tmp), &hash_size);
    }