crypto: Adding nrf_cc3xx_platform/mbedcrypto v0.9.11

-Adding version 0.9.11 of CryptoCell runtime library
-Fixed mutex locking issue in CTR_DRBG reseed and
 random number generator functions
-Modified the KMU APIs to remove the reservation of
 slots 0 and 1, they can be used freely now
-Fixed issue with the global CTR_DRBG context getting
 stuck when it reached the reseed interval
-Fixed building issue with the derived key APIs
-Adding changelog items
-Setting 0.9.11 as selected version in crypto/CMakeLists.txt

Ref:NCSDK-10988

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

crypto/CMakeLists.txt

@@ -89,7 +89,7 @@ if (CONFIG_NRF_CC3XX_PLATFORM)
     set (CC3XX_ARCH cc310)
   endif()
   set (NRF_CC3XX_PLATFORM_BASE ${CMAKE_CURRENT_SOURCE_DIR}/nrf_${CC3XX_ARCH}_platform)
-  set (NRF_CC3XX_PLATFORM_VER 0.9.10)
+  set (NRF_CC3XX_PLATFORM_VER 0.9.11)
   if (NOT CONFIG_HW_CC3XX_INTERRUPT)
     set(CC3XX_PLATFORM_FLAVOR no-interrupts)
   endif()
@@ -131,7 +131,7 @@ if (CONFIG_CC3XX_BACKEND)
     set (CC3XX_ARCH cc310)
   endif()
   set(NRF_CC3XX_BASE ${CMAKE_CURRENT_SOURCE_DIR}/nrf_${CC3XX_ARCH}_mbedcrypto)
-  set(NRF_CC3XX_VER 0.9.10)
+  set(NRF_CC3XX_VER 0.9.11)
   if (NOT CONFIG_HW_CC3XX_INTERRUPT)
     set(CC3XX_FLAVOR no-interrupts)
   endif()

crypto/nrf_cc310_mbedcrypto/CHANGELOG.rst

@@ -9,6 +9,90 @@ Changelog - nrf_cc3xx_mbedcrypto
 
 All notable changes to this project are documented in this file.
 
+nrf_cc3xx_mbedcrypto - 0.9.11
+****************************
+
+New version of the runtime library with the following bug fix:
+
+* Fixed an issue with the locking of mutex in the CTR_DRBG reseed
+  and random number generator functions.
+
+Library built against Mbed TLS version 2.26.0.
+
+This version is dependent on the nrf_cc310_platform or nrf_cc312_platform library for low-level initialization of the system and proper RTOS integration.
+
+Added
+=====
+
+Added a new build of nRF_cc3xx_mbedcrypto libraries for nRF9160, nRF52840, and nRF5340.
+
+.. note::
+
+   The *short-wchar* libraries are compiled with a wchar_t size of 16 bits.
+
+* nrf_cc312_mbedcrypto, nRF5340 variants
+
+  * ``cortex-m33/hard-float/libnrf_cc312_mbedcrypto_0.9.11.a``
+  * ``cortex-m33/soft-float/libnrf_cc312_mbedcrypto_0.9.11.a``
+
+  * No interrupts
+
+    * ``cortex-m33/soft-float/no-interrupts/libnrf_cc312_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/hard-float/no-interrupts/libnrf_cc312_mbedcrypto_0.9.11.a``
+
+  * short-wchar
+
+    * ``cortex-m33/hard-float/short-wchar/libnrf_cc312_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/soft-float/short-wchar/libnrf_cc312_mbedcrypto_0.9.11.a``
+
+  * short-wchar, no interrupts
+
+    * ``cortex-m33/hard-float/short-wchar/no-interrupts/libnrf_cc312_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/soft-float/short-wchar/no-interrupts/libnrf_cc312_mbedcrypto_0.9.11.a``
+
+
+* nrf_cc310_mbedcrypto, nRF9160 variants
+
+  * ``cortex-m33/hard-float/libnrf_cc312_mbedcrypto_0.9.11.a``
+  * ``cortex-m33/soft-float/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * No interrupts
+
+    * ``cortex-m33/soft-float/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/hard-float/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * short-wchar
+
+    * ``cortex-m33/hard-float/short-wchar/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/soft-float/short-wchar/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * short-wchar, no interrupts
+
+    * ``cortex-m33/hard-float/short-wchar/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m33/soft-float/short-wchar/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+
+* nrf_cc310_mbedcrypto, nRF52840 variants
+
+  * ``cortex-m4/soft-float/libnrf_cc310_mbedcrypto_0.9.11.a``
+  * ``cortex-m4/hard-float/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * No interrupts
+
+    * ``cortex-m4/hard-float/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m4/soft-float/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * short-wchar
+
+    * ``cortex-m4/soft-float/short-wchar/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m4/hard-float/short-wchar/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+  * short-wchar, no interrupts
+
+    * ``cortex-m4/soft-float/short-wchar/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+    * ``cortex-m4/hard-float/short-wchar/no-interrupts/libnrf_cc310_mbedcrypto_0.9.11.a``
+
+
 nrf_cc3xx_mbedcrypto - 0.9.10
 *****************************
 

crypto/nrf_cc310_mbedcrypto/include/mbedtls/cc3xx_kmu.h

@@ -28,8 +28,8 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#define NRF_KMU_FIRST_SLOT              (0U)    //!< First addressable key slot in KMU (reserved for Kdr)
-#define NRF_KMU_SECOND_SLOT             (1U)    //!< Second addressable key slot in KMU (reserved for Kdr)
+#define NRF_KMU_FIRST_SLOT              (0U)    //!< First addressable key slot in KMU
+#define NRF_KMU_SECOND_SLOT             (1U)    //!< Second addressable key slot in KMU
 #define NRF_KMU_LAST_SLOT               (127U)  //!< Last addressable key slot in KMU.
 
 #define NRF_KMU_SLOT_KDR                (0U)    //!< Key slot reserved for Kdr (Also known as HUK or Root derivation key).
@@ -77,10 +77,8 @@ extern "C"
  *          If derived key usage is intended, please use the API
  *          nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived.
  *
- * @note    KMU slots 0 and 1 is reserved for Kdr and can't be used directly.
- *
  * @param   ctx         AES context to set the key by KMU slot
- * @param   slot_id     Identifier of the key slot (2 - 127)
+ * @param   slot_id     Identifier of the key slot (0 - 127)
  * @param   keybits     Key size in bits
  *
  * @returns 0 on success, otherwise a negative number.
@@ -103,10 +101,8 @@ int mbedtls_aes_setkey_enc_shadow_key(
  *          If derived key usage is intended, please use the API
  *          nrf_cc3xx_platform_kmu_aes_setkey_dec_shadow_key_derived.
  *
- * @note    KMU slots 0 and 1 is reserved for Kdr and can't be used directly.
- *
  * @param   ctx         AES context to set the key by KMU slot.
- * @param   slot_id     Identifier of the key slot (2 - 127).
+ * @param   slot_id     Identifier of the key slot (0 - 127).
  * @param   keybits     Key size in bits.
  *
  * @returns 0 on success, otherwise a negative number.
@@ -214,11 +210,9 @@ extern "C"
  *          If derived key usage is intended, please use the API
  *          nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived.
  *
- * @note    KMU slots 0 and 1 is reserved for Kdr and can't be used directly.
- *
  * @param   ctx         AES context to set the key by KMU slot.
  * @param   cipher      Cipher id to use.
- * @param   slot_id     Identifier of the key slot  (2 - 127).
+ * @param   slot_id     Identifier of the key slot  (0 - 127).
  * @param   keybits     Key size in bits.
  *
  * @returns 0 on success, otherwise a negative number.
@@ -296,11 +290,9 @@ extern "C"
  *          If derived key usage is intended, please use the API
  *          nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived.
  *
- * @note    KMU slots 0 and 1 is reserved for Kdr and can't be used directly.
- *
  * @param   ctx         AES context to set the key by KMU slot.
  * @param   cipher      Cipher id to use.
- * @param   slot_id     Identifier of the key slot (2 - 127).
+ * @param   slot_id     Identifier of the key slot (0 - 127).
  * @param   keybits     Key size in bits.
  *
  * @returns 0 on success, otherwise a negative number.