Addressed Reviewer's + copilot's comments.

Author: danielinux

hal/stm32l5.c

@@ -26,8 +26,10 @@
 
 #if defined(WOLFBOOT_HASH_SHA256)
 #include <wolfssl/wolfcrypt/sha256.h>
-#elif defined(WOLFBOOT_HASH_SHA384) || defined(WOLFBOOT_HASH_SHA3_384)
+#elif defined(WOLFBOOT_HASH_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+#include <wolfssl/wolfcrypt/sha3.h>
 #endif
 
 #include "hal.h"
@@ -121,9 +123,12 @@ static int uds_from_uid(uint8_t *out, size_t out_len)
 #if defined(WOLFBOOT_HASH_SHA256)
     uint8_t digest[SHA256_DIGEST_SIZE];
     wc_Sha256 hash;
-#else
+#elif defined(WOLFBOOT_HASH_SHA384)
     uint8_t digest[SHA384_DIGEST_SIZE];
     wc_Sha384 hash;
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+    uint8_t digest[SHA3_384_DIGEST_SIZE];
+    wc_Sha3 hash;
 #endif
     size_t copy_len;
 
@@ -149,11 +154,16 @@ static int uds_from_uid(uint8_t *out, size_t out_len)
     wc_Sha256Update(&hash, uid, sizeof(uid));
     wc_Sha256Final(&hash, digest);
     copy_len = sizeof(digest);
-#else
+#elif defined(WOLFBOOT_HASH_SHA384)
     wc_InitSha384(&hash);
     wc_Sha384Update(&hash, uid, sizeof(uid));
     wc_Sha384Final(&hash, digest);
     copy_len = sizeof(digest);
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+    wc_InitSha3_384(&hash, NULL, INVALID_DEVID);
+    wc_Sha3_384_Update(&hash, uid, sizeof(uid));
+    wc_Sha3_384_Final(&hash, digest);
+    copy_len = sizeof(digest);
 #endif
 
     if (copy_len > out_len) {

src/arm_tee_psa_ipc.c

@@ -569,7 +569,6 @@ static psa_status_t wolfboot_crypto_dispatch(const psa_invec *in_vec,
             out_vec[0].len = sizeof(uint32_t);
             return PSA_SUCCESS;
         }
-        (void)psa_hash_abort(&slot->op);
         wolfboot_hash_free(iov->op_handle);
         *(uint32_t *)out_vec[0].base = 0;
         out_vec[0].len = sizeof(uint32_t);
@@ -665,7 +664,6 @@ static psa_status_t wolfboot_crypto_dispatch(const psa_invec *in_vec,
         struct wolfboot_cipher_slot *slot;
         slot = wolfboot_cipher_find(iov->op_handle);
         if (slot != NULL) {
-            (void)psa_cipher_abort(&slot->op);
             wolfboot_cipher_free(iov->op_handle);
         }
         return PSA_SUCCESS;

test-app/Makefile

@@ -679,7 +679,7 @@ ifeq ($(TARGET),aurix_tc3xx)
 endif
 
 # Capture final flags for locally built wolfSSL objects.
-WOLFSSL_CFLAGS:=$(CFLAGS)
+WOLFSSL_CFLAGS=$(CFLAGS)
 
 ifeq ($(WOLFHSM_CLIENT),1)
   CFLAGS += -DSTRING_USER -I"$(WOLFBOOT_LIB_WOLFSSL)"

test-app/app_stm32h5.c

@@ -709,7 +709,9 @@ static int run_psa_boot_attestation(void)
     psa_status_t status;
     uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
     uint8_t token[1024];
+#if (APP_HASH_SIZE > 0u)
     uint8_t hash_buf[APP_HASH_SIZE];
+#endif
     size_t token_size = 0;
     int ret = 0;
     size_t i;
@@ -721,6 +723,7 @@ static int run_psa_boot_attestation(void)
 
     printf("  step 3: compute wolfBoot measurement\r\n");
 #if defined(WOLFBOOT_PARTITION_BOOT_ADDRESS) && defined(ARCH_FLASH_OFFSET)
+#if (APP_HASH_SIZE > 0u)
     if (ret == 0) {
         uintptr_t start = (uintptr_t)ARCH_FLASH_OFFSET;
         uintptr_t end = (uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS;
@@ -736,6 +739,9 @@ static int run_psa_boot_attestation(void)
             print_hex(hash_buf, APP_HASH_SIZE, 0);
         }
     }
+#else
+    printf("  step 3: hash algorithm not enabled\r\n");
+#endif
 #else
     printf("  step 3: wolfBoot region unavailable for hashing\r\n");
 #endif

zephyr/src/arm_tee_crypto_api.c

@@ -406,6 +406,10 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
                                const uint8_t *iv,
                                size_t iv_length)
 {
+    if (operation == NULL || (iv == NULL && iv_length > 0)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+
     struct arm_tee_crypto_pack_iovec iov = {
         .function_id = ARM_TEE_CRYPTO_CIPHER_SET_IV_SID,
         .op_handle = (uint32_t)operation->opaque,
@@ -415,10 +419,6 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
         {.base = iv, .len = iv_length},
     };
 
-    if (operation == NULL || (iv == NULL && iv_length > 0)) {
-        return PSA_ERROR_INVALID_ARGUMENT;
-    }
-
     return API_DISPATCH_NO_OUTVEC(in_vec);
 }
 
@@ -487,6 +487,12 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
 
 psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
 {
+    psa_status_t status;
+
+    if (operation == NULL) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+
     struct arm_tee_crypto_pack_iovec iov = {
         .function_id = ARM_TEE_CRYPTO_CIPHER_ABORT_SID,
         .op_handle = (uint32_t)operation->opaque,
@@ -495,12 +501,11 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
         {.base = &iov, .len = sizeof(struct arm_tee_crypto_pack_iovec)},
     };
 
-    if (operation == NULL) {
-        return PSA_ERROR_INVALID_ARGUMENT;
+    status = API_DISPATCH_NO_OUTVEC(in_vec);
+    if (status == PSA_SUCCESS) {
+        operation->opaque = 0;
     }
-
-    operation->opaque = 0;
-    return API_DISPATCH_NO_OUTVEC(in_vec);
+    return status;
 }
 
 psa_status_t psa_sign_hash(psa_key_id_t key,