core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it a

core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it also makes it
easier when syncing core/lib/libtomcrypt/src with LTC upstream since
it's out of the way.

Unused sub.mk's are removed.

Removes the now unused _CFG_CORE_LTC_CIPHER, _CFG_CORE_LTC_AUTHENC and
_CFG_CORE_LTC_MAC from core/crypto.mk.

The global LTC build flag -Wno-declaration-after-statement is removed and
only supplied to the few source files that need it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: move CFG_CORE_BIGNUM_MAX_BITS default definition

Move CFG_CORE_BIGNUM_MAX_BITS definition to mk/crypto.mk to allow crypto
drivers to override the default value.

Signed-off-by: Clement Faure <

core: move CFG_CORE_BIGNUM_MAX_BITS default definition

Move CFG_CORE_BIGNUM_MAX_BITS definition to mk/crypto.mk to allow crypto
drivers to override the default value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: move CFG_WITH_SOFTWARE_PRNG default definition

Move CFG_WITH_SOFTWARE_PRNG default definition to crypto.mk to make it
overide-able by the HW crypto implementation.
Without this fix, forcing CF

core: move CFG_WITH_SOFTWARE_PRNG default definition

Move CFG_WITH_SOFTWARE_PRNG default definition to crypto.mk to make it
overide-able by the HW crypto implementation.
Without this fix, forcing CFG_WITH_SOFTWARE_PRNG to n in a crypto driver
configuration file will trigger the following compilation issue:

core/drivers/crypto/<driver>/crypto.mk:140: *** CFG_WITH_SOFTWARE_PRNG is set to 'y' (from file) but its value must be 'n' [Mandated by xxx]. Stop.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: give the platform configuration a higher priority

The platform crypto configuration should always have a higher priority
than the generic crypto configuration.

Signed-off-by: Clement

core: crypto: give the platform configuration a higher priority

The platform crypto configuration should always have a higher priority
than the generic crypto configuration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions

Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
A

core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions

Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions

Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPT

core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions

Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SM4 CE optimization for ARMv8.2

Enabled with CFG_CRYPTO_SM4_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang

core: arm64: SM4 CE optimization for ARMv8.2

Enabled with CFG_CRYPTO_SM4_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SM4-AESE optimization for ARMv8

Enabled with CFG_CRYPTO_SM4_ARM_AESE=y, set by default if
CFG_CRYPTO_WITH_CE=y.

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang

core: arm64: SM4-AESE optimization for ARMv8

Enabled with CFG_CRYPTO_SM4_ARM_AESE=y, set by default if
CFG_CRYPTO_WITH_CE=y.

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Enable SHA-3 support by default

Enables all the supported SHA-3 algorithms by default.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.

Enable SHA-3 support by default

Enables all the supported SHA-3 algorithms by default.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support SHA-3 yet.

Implementation of the crypto_hmac_*_alloc_ctx() functions is updated to
only add a full implementation if the corresponding hash function also
is configured.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_W

core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if C

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algor

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algorithms when CFG_CRYPTO_ED25519=y
and/or CFG_CRYPTO_X25519=y, and CFG_CRYPTOLIB_NAME=mbedtls.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Ki

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add X25519 support

This adds the X25519 core functionality and
enables support for Curve25519 key attribute
type for OP-TEE crypto syscalls.

Acked-by: Etienne Carriere <etienne.carrie

core: crypto: add X25519 support

This adds the X25519 core functionality and
enables support for Curve25519 key attribute
type for OP-TEE crypto syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

crypto: optimize speed of AES CBC MAC

The current AES CBC MAC implementation invokes the AES CBC algorithm via
crypto_cipher_update() for each 16-byte block of the input data. This
can be inefficien

crypto: optimize speed of AES CBC MAC

The current AES CBC MAC implementation invokes the AES CBC algorithm via
crypto_cipher_update() for each 16-byte block of the input data. This
can be inefficient especially with hardware accelerated implementations
which may have a significant overhead (I am thinking of proprietary
implementations of MBed TLS for example).

This commit introduces a new config option:
CFG_CRYPTO_CBC_MAC_BUNDLE_BLOCKS (default 64) which allows to bundle
several 16-byte blocks of input data when calling the AES CBC function.
Therefore with the default value, data are processed 1 KB at a time
(assuming the caller provides enough data of course). There is a small
memory overhead (malloc) of the same size at most.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: enforce LTC multi-threading protection

Remove CFG_LTC_OPTEE_THREAD switch and enable or disable
_CFG_CORE_LTC_OPTEE_THREAD based on multi-thread support
since multi-threading mandates thr

core: arm: enforce LTC multi-threading protection

Remove CFG_LTC_OPTEE_THREAD switch and enable or disable
_CFG_CORE_LTC_OPTEE_THREAD based on multi-thread support
since multi-threading mandates thread protection means.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core cryp

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core crypto library (that is, when CFG_CRYPTOLIB_NAME=mbedtls
CFG_CRYPTOLIB_DIR=lib/libmbedtls).

This commit removes this restriction by porting the relevant files
(core/lib/libtomcrypt/sm2-{dsa,kep,pke}.c) over to the MBed TLS API in
lib/libmbedtls/core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@fori

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

Introduce CFG_CC_OPT_LEVEL and deprecate CFG_CC_OPTIMIZE_FOR_SIZE

The influence on the performance of the C optimization flag (-O) can be
significant as shown by the output of "time xtest":

|

Introduce CFG_CC_OPT_LEVEL and deprecate CFG_CC_OPTIMIZE_FOR_SIZE

The influence on the performance of the C optimization flag (-O) can be
significant as shown by the output of "time xtest":

| QEMUv8 | HiKey960 (A73 cores only)
-----+----------------+--------------------------
-O0 | 2m 54s, 2m 49s | 42.28s, 42.07s
-Os | 2m 03s, 2m 03s | 25.57s, 25.60s
-O2 | 1m 36s, 1m 35s | 24.01s, 23.93s

This commit introduces CFG_CC_OPT_LEVEL (default: s) which may be set to
0, s, 2 or any value accepted by the compiler. This gives better
flexibility to chose the best level depending on the use case.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA-256 crypto accelerated function

Uses the recently provided accelerated SHA-256 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: use SHA-256 crypto accelerated function

Uses the recently provided accelerated SHA-256 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA1 crypto accelerated function

Uses the recently provided accelerated SHA1 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: ltc: use SHA1 crypto accelerated function

Uses the recently provided accelerated SHA1 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...