Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: libmbedtls: CMAC: remove code duplication

Use common code for AES CMAC and 3DES CMAC

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

core: libmbedtls: CMAC: remove code duplication

Use common code for AES CMAC and 3DES CMAC

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libmbedtls: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Et

core: libmbedtls: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: add commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core cryp

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core crypto library (that is, when CFG_CRYPTOLIB_NAME=mbedtls
CFG_CRYPTOLIB_DIR=lib/libmbedtls).

This commit removes this restriction by porting the relevant files
(core/lib/libtomcrypt/sm2-{dsa,kep,pke}.c) over to the MBed TLS API in
lib/libmbedtls/core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Do not let CFG_CRYPTO_SIZE_OPTIMIZATION set -Os

Compiler optimization flags -O0 or -Os are selected globally by the
config variable CFG_CC_OPTIMIZE_FOR_SIZE, but crypto code
(lib/libmbedtls and core

Do not let CFG_CRYPTO_SIZE_OPTIMIZATION set -Os

Compiler optimization flags -O0 or -Os are selected globally by the
config variable CFG_CC_OPTIMIZE_FOR_SIZE, but crypto code
(lib/libmbedtls and core/lib/libtomcrypt) is always built with -Os
when CFG_CRYPTO_SIZE_OPTIMIZATION=y. This is a bit inconvenient
when debugging crypto code because two flags have to be set, and it
is not obvious why CFG_CC_OPTIMIZE_FOR_SIZE would not influence crypto.

Since performance does not matter much when debugging, and -Os/-O0
does not make a huge difference anyway, it is wiser to keep the purpose
of the two CFG_ variables separated: CFG_CC_OPTIMIZE_FOR_SIZE should
control the -O flag for all sources, while CFG_CRYPTO_SIZE_OPTIMIZATION
should deal with other size-related settings in the crypto code
(namely: set -DLTC_SMALL_CODE for LibTomCrypt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Je

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls DH function

Implement DH function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by:

libmbedtls: support mbedtls DH function

Implement DH function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls acipher RSA function

Support RSA:
RSASSA_PKCS1_V1_5
RSASSA_PKCS1_PSS_MGF1
RSAES_PKCS1_V1_5
RSAES_PKCS1_OAEP_MGF1

Acked-by: Etienne Carriere <etienne.carriere@linaro.

libmbedtls: support mbedtls acipher RSA function

Support RSA:
RSASSA_PKCS1_V1_5
RSASSA_PKCS1_PSS_MGF1
RSAES_PKCS1_V1_5
RSAES_PKCS1_OAEP_MGF1

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls bignum functions

Implement bignum function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed

libmbedtls: support mbedtls bignum functions

Implement bignum function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support CMAC algorithm

Implement CMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jen

libmbedtls: support CMAC algorithm

Implement CMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls HMAC algorithm

Implement HMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off

libmbedtls: support mbedtls HMAC algorithm

Implement HMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: implement AES encrypt api

These two implemented interfaces will be used by AES-GCM algo.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Summer Qin <summer.qin@a

libmbedtls: implement AES encrypt api

These two implemented interfaces will be used by AES-GCM algo.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support symmetrical ciphers

Adds support for symmetrical ciphers. The XTS mode is not supported in
mbedTLS and will be dealt with later.

Acked-by: Etienne Carriere <etienne.carriere@lin

libmbedtls: support symmetrical ciphers

Adds support for symmetrical ciphers. The XTS mode is not supported in
mbedTLS and will be dealt with later.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls hash algorithm

1. Support mbedtls hash algorithm.
2. Add mbedtls source configure

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edis

libmbedtls: support mbedtls hash algorithm

1. Support mbedtls hash algorithm.
2. Add mbedtls source configure

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
[jw: moved hash routines to hash.c using ops interface]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: with mbedtls as crypto lib compile LTC too

When mbedtls is configured as crypto lib compile libtomcrypt too in
order to complement with missing algorithms.

Acked-by: Jerome Forissier <jerome.

core: with mbedtls as crypto lib compile LTC too

When mbedtls is configured as crypto lib compile libtomcrypt too in
order to complement with missing algorithms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedTLS in kernel mode

Initial step of mbedtls cryptos integration.
Directory created and interface file is drafted.
All function interfaces are set to "not supported".
The mbedt

libmbedtls: support mbedTLS in kernel mode

Initial step of mbedtls cryptos integration.
Directory created and interface file is drafted.
All function interfaces are set to "not supported".
The mbedtls can be selected by specifying build flags
"CFG_CRYPTOLIB_NAME=mbedtls" and "CFG_CRYPTOLIB_DIR=lib/libmbedtls"

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...