core: ltc: use AES crypto accelerated routines

Uses the recently provided accelerated AES crypto routines in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklan

core: ltc: use AES crypto accelerated routines

Uses the recently provided accelerated AES crypto routines in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add accelerated SHA-256 routines

Adds an Arm CE accelerated SHA-256 function to core/arch/arm/crypto. The
code originates from the previous implementation inside LTC library.
With this multipl

core: add accelerated SHA-256 routines

Adds an Arm CE accelerated SHA-256 function to core/arch/arm/crypto. The
code originates from the previous implementation inside LTC library.
With this multiple crypto libraries can share the function.

The old CFG_CRYPTO_SHA256_ARM64_CE and CFG_CRYPTO_SHA256_ARM32_CE are
replaced by CFG_CRYPTO_SHA256_ARM_CE.

CFG_CORE_CRYPTO_SHA256_ACCEL is introduced as to indicate that some kind of
SHA-256 acceleration is available, not necessarily based on Arm CE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add accelerated SHA1 routines

Adds an Arm CE accelerated SHA1 function to core/arch/arm/crypto. The code
originates from the previous implementation inside LTC library. With
this multiple cryp

core: add accelerated SHA1 routines

Adds an Arm CE accelerated SHA1 function to core/arch/arm/crypto. The code
originates from the previous implementation inside LTC library. With
this multiple crypto libraries can share the function.

The old CFG_CRYPTO_SHA1_ARM64_CE and CFG_CRYPTO_SHA1_ARM32_CE are
replaced by CFG_CRYPTO_SHA1_ARM_CE.

CFG_CORE_CRYPTO_SHA1_ACCEL is introduced as to indicate that some kind of
SHA-1 acceleration is available, not necessarily based on Arm CE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add accelerated AES routines

Adds Arm CE accelerated AES routines to core/arch/arm/crypto. The code
originates from the previous implementation inside LTC library. With
this multiple crypto li

core: add accelerated AES routines

Adds Arm CE accelerated AES routines to core/arch/arm/crypto. The code
originates from the previous implementation inside LTC library. With
this multiple crypto library can share these routines.

A new header file, <crypto/crypto_accel.h>, is added with primitive
functions implementing crypto accelerated ciphers.

The old CFG_CRYPTO_AES_ARM64_CE and CFG_CRYPTO_AES_ARM32_CE are
replaced by CFG_CRYPTO_AES_ARM_CE.

CFG_CORE_CRYPTO_AES_ACCEL is introduced as to indicate that some kind of
AES acceleration is available, not necessarily based on Arm CE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: remove Arm SHA-256 CE routines

Removes the Arm CE routines accelerating SHA-256 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

core: ltc: remove Arm SHA-256 CE routines

Removes the Arm CE routines accelerating SHA-256 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: remove Arm SHA1 CE routines

Removes the Arm CE routines accelerating SHA1 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked

core: ltc: remove Arm SHA1 CE routines

Removes the Arm CE routines accelerating SHA1 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: remove Arm AES CE routines

Removes the Arm AES CE routines from the library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carr

core: ltc: remove Arm AES CE routines

Removes the Arm AES CE routines from the library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core/crypto.mk: simplify _CFG_CORE_LTC_*_DESC logic

Simplifies _CFG_CORE_LTC_*_DESC logic by always defining the
corresponding _CFG_CORE_LTC_*_DESC variable to the algorithm needed
inside LTC.

Acke

core/crypto.mk: simplify _CFG_CORE_LTC_*_DESC logic

Simplifies _CFG_CORE_LTC_*_DESC logic by always defining the
corresponding _CFG_CORE_LTC_*_DESC variable to the algorithm needed
inside LTC.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled w

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enab

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enabled with CFG_CRYPTO_SM2_DSA=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with CFG_CRYPTO_SM2_PKE=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissie

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Do not let CFG_CRYPTO_SIZE_OPTIMIZATION set -Os

Compiler optimization flags -O0 or -Os are selected globally by the
config variable CFG_CC_OPTIMIZE_FOR_SIZE, but crypto code
(lib/libmbedtls and core

Do not let CFG_CRYPTO_SIZE_OPTIMIZATION set -Os

Compiler optimization flags -O0 or -Os are selected globally by the
config variable CFG_CC_OPTIMIZE_FOR_SIZE, but crypto code
(lib/libmbedtls and core/lib/libtomcrypt) is always built with -Os
when CFG_CRYPTO_SIZE_OPTIMIZATION=y. This is a bit inconvenient
when debugging crypto code because two flags have to be set, and it
is not obvious why CFG_CC_OPTIMIZE_FOR_SIZE would not influence crypto.

Since performance does not matter much when debugging, and -Os/-O0
does not make a huge difference anyway, it is wiser to keep the purpose
of the two CFG_ variables separated: CFG_CC_OPTIMIZE_FOR_SIZE should
control the -O flag for all sources, while CFG_CRYPTO_SIZE_OPTIMIZATION
should deal with other size-related settings in the crypto code
(namely: set -DLTC_SMALL_CODE for LibTomCrypt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Support cipher XTS algorithm

Cipher XTS is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jen

libmbedtls: Support cipher XTS algorithm

Cipher XTS is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC use only _CFG_CORE_LTC_ variables

LTC is only taking _CFG_CORE_LTC_ prefixed variables into account for
configuration.

_CFG_CORE_LTC_ prefixed variables are assigned based on CFG_CRYPTO_

core: LTC use only _CFG_CORE_LTC_ variables

LTC is only taking _CFG_CORE_LTC_ prefixed variables into account for
configuration.

_CFG_CORE_LTC_ prefixed variables are assigned based on CFG_CRYPTO_ and
other variables for unchanged LTC configuration.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libtomcrypt: Import SHA512/256 approved hash algorithm

SHA-512/256 is an approved hash algorithm and a vetted conditioner as
per NIST.SP.800-90B spec. We have used it to condition raw thermal
sensor

libtomcrypt: Import SHA512/256 approved hash algorithm

SHA-512/256 is an approved hash algorithm and a vetted conditioner as
per NIST.SP.800-90B spec. We have used it to condition raw thermal
sensor noise on Developerbox to condense entropy.

It is imported from libtomcrypt:
Git url: https://github.com/libtom/libtomcrypt.git, release tag: v1.18.0.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation repla

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.

Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.

plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.

The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.

plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.

[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: default enable HWSUPP_PMULT_64 with CRYPTO_WITH_CE

64-bit polynomial multiply is defined in the ARMv8.0 Cryptographic
Extension instructions together with other instructions like AES*

core: crypto: default enable HWSUPP_PMULT_64 with CRYPTO_WITH_CE

64-bit polynomial multiply is defined in the ARMv8.0 Cryptographic
Extension instructions together with other instructions like AES*
and SHA1*. Therefore, it is reasonable to enable CFG_HWSUPP_PMULT_64
when CFG_CRYPTO_WITH_CE is enabled. Platforms can always override this
value if need be.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: AES-GCM: import table based GF-mult

Imports table based GF multiplication from mbed TLS.

Sets CFG_AES_GCM_TABLE_BASED to default y unless CFG_CRYPTO_WITH_CE is
y, then CFG_AES_GCM_TABLE_BASED

core: AES-GCM: import table based GF-mult

Imports table based GF multiplication from mbed TLS.

Sets CFG_AES_GCM_TABLE_BASED to default y unless CFG_CRYPTO_WITH_CE is
y, then CFG_AES_GCM_TABLE_BASED forced n.

With tables performance is on HiKey960 (CFG_CRYPTO_WITH_CE=n):
xtest --aes-perf -m GCM
(CFG_AES_GCM_TABLE_BASED=n)
min=69.27us max=86.458us mean=70.5695us stddev=0.955826us (cv 1.35445%) (13.8383MiB/s)
(CFG_AES_GCM_TABLE_BASED=y)
min=41.666us max=53.646us mean=42.138us stddev=0.621345us (cv 1.47455%) (23.1753MiB/s)

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add new AES-GCM implementation

Adds a new AES-GCM implementation optimized for hardware acceleration.

This implementation is enabled by default, to use the implementation in
libTomCry

core: crypto: add new AES-GCM implementation

Adds a new AES-GCM implementation optimized for hardware acceleration.

This implementation is enabled by default, to use the implementation in
libTomCrypt instead set CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB=y.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB

Adds CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB which if y will enable AES-GCM in
the crypto library and use that as the implementation used by
crypto_authen_*() f

core: add CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB

Adds CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB which if y will enable AES-GCM in
the crypto library and use that as the implementation used by
crypto_authen_*() functions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...