ci: .shippable.yml: add build for mbedtls

Adds shippable build configuration for using mbedtls as crypto library.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissie

ci: .shippable.yml: add build for mbedtls

Adds shippable build configuration for using mbedtls as crypto library.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, mbedtls, GP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.

mbedtls: Support AES-CCM algorithm

Use AES-CCM implementation from libtomcrypt instead of mbedtls version
due to limitations in the mbedtls API.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Support cipher XTS algorithm

Cipher XTS is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jen

libmbedtls: Support cipher XTS algorithm

Cipher XTS is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

libmbedtls: Support DSA algorithm

DSA is not supported in MbedTLS, use libtomcrypt instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Je

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls DH function

Implement DH function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by:

libmbedtls: support mbedtls DH function

Implement DH function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls acipher RSA function

Support RSA:
RSASSA_PKCS1_V1_5
RSASSA_PKCS1_PSS_MGF1
RSAES_PKCS1_V1_5
RSAES_PKCS1_OAEP_MGF1

Acked-by: Etienne Carriere <etienne.carriere@linaro.

libmbedtls: support mbedtls acipher RSA function

Support RSA:
RSASSA_PKCS1_V1_5
RSASSA_PKCS1_PSS_MGF1
RSAES_PKCS1_V1_5
RSAES_PKCS1_OAEP_MGF1

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls bignum functions

Implement bignum function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed

libmbedtls: support mbedtls bignum functions

Implement bignum function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support CMAC algorithm

Implement CMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jen

libmbedtls: support CMAC algorithm

Implement CMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls HMAC algorithm

Implement HMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off

libmbedtls: support mbedtls HMAC algorithm

Implement HMAC function based on mbedtls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: implement AES encrypt api

These two implemented interfaces will be used by AES-GCM algo.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Summer Qin <summer.qin@a

libmbedtls: implement AES encrypt api

These two implemented interfaces will be used by AES-GCM algo.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support symmetrical ciphers

Adds support for symmetrical ciphers. The XTS mode is not supported in
mbedTLS and will be dealt with later.

Acked-by: Etienne Carriere <etienne.carriere@lin

libmbedtls: support symmetrical ciphers

Adds support for symmetrical ciphers. The XTS mode is not supported in
mbedTLS and will be dealt with later.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls hash algorithm

1. Support mbedtls hash algorithm.
2. Add mbedtls source configure

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edis

libmbedtls: support mbedtls hash algorithm

1. Support mbedtls hash algorithm.
2. Add mbedtls source configure

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
[jw: moved hash routines to hash.c using ops interface]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: with mbedtls as crypto lib compile LTC too

When mbedtls is configured as crypto lib compile libtomcrypt too in
order to complement with missing algorithms.

Acked-by: Jerome Forissier <jerome.

core: with mbedtls as crypto lib compile LTC too

When mbedtls is configured as crypto lib compile libtomcrypt too in
order to complement with missing algorithms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedTLS in kernel mode

Initial step of mbedtls cryptos integration.
Directory created and interface file is drafted.
All function interfaces are set to "not supported".
The mbedt

libmbedtls: support mbedTLS in kernel mode

Initial step of mbedtls cryptos integration.
Directory created and interface file is drafted.
All function interfaces are set to "not supported".
The mbedtls can be selected by specifying build flags
"CFG_CRYPTOLIB_NAME=mbedtls" and "CFG_CRYPTOLIB_DIR=lib/libmbedtls"

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: fix no CRT issue

b95a6c5de200 ("libmbedtls: fix no CRT issue") from branch
import/mbedtls-2.16.0

In NO_CRT mode, Q and P may be invalid. But Q and P will be re-filled
again if PRNG func

libmbedtls: fix no CRT issue

b95a6c5de200 ("libmbedtls: fix no CRT issue") from branch
import/mbedtls-2.16.0

In NO_CRT mode, Q and P may be invalid. But Q and P will be re-filled
again if PRNG function is valid. So add judgement process if it is
in NO_CRT mode.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add interfaces in mbedtls for context memory operation

ac34734ac2c8 ("libmbedtls: add interfaces in mbedtls for context memory
operation") from branch import/mbedtls-2.16.0

For integrat

libmbedtls: add interfaces in mbedtls for context memory operation

ac34734ac2c8 ("libmbedtls: add interfaces in mbedtls for context memory
operation") from branch import/mbedtls-2.16.0

For integrating into OPTEE_OS, it needs add some interfaces:
1. add mbedtls_cipher_clone() for cipher to copy context between two
operations.
2. add mbedtls_cipher_setup_info() for cipher. cipher need to get its
"cipher_info" according the key length, while the key length is not an
input in allocate function. So, use a default key len in the beginning.
It need to reset the cipher info again in init function.
3. add mbedtls_cipher_cmac_setup() for cmac. This function is separate
from mbedtls_cipher_cmac_starts().
4. copy hmac context in md.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add tomcrypt_init() when not crypto lib

Adds tomcrypt_init() which is only available when LTC isn't configured
as the crypto lib. tomcrypt_init() performs the same initialization as
crypt

core: ltc: add tomcrypt_init() when not crypto lib

Adds tomcrypt_init() which is only available when LTC isn't configured
as the crypto lib. tomcrypt_init() performs the same initialization as
crypto_init() does when LTC is configured as the crypto lib.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tomcrypt.c: conditionally init for aciphers

Adds #if defined(_CFG_CORE_LTC_ACIPHER) around code only needed if LTC
is configured for asymmetric ciphers (RSA, DSA, DH or ECC).

Acked-by: Jerome

core: tomcrypt.c: conditionally init for aciphers

Adds #if defined(_CFG_CORE_LTC_ACIPHER) around code only needed if LTC
is configured for asymmetric ciphers (RSA, DSA, DH or ECC).

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC use only _CFG_CORE_LTC_ variables

LTC is only taking _CFG_CORE_LTC_ prefixed variables into account for
configuration.

_CFG_CORE_LTC_ prefixed variables are assigned based on CFG_CRYPTO_

core: LTC use only _CFG_CORE_LTC_ variables

LTC is only taking _CFG_CORE_LTC_ prefixed variables into account for
configuration.

_CFG_CORE_LTC_ prefixed variables are assigned based on CFG_CRYPTO_ and
other variables for unchanged LTC configuration.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: tomcrypt.c: remove unused includes

Removes #include of files not needed any longer.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander

core: ltc: tomcrypt.c: remove unused includes

Removes #include of files not needed any longer.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: rename prng_mpa to prng_crypto

Changes the name of the registered prng descriptor from "prng_mpa" to
"prng_crypto" to better reflect the source of the prng.

Acked-by: Jerome Forissier <j

core: ltc: rename prng_mpa to prng_crypto

Changes the name of the registered prng descriptor from "prng_mpa" to
"prng_crypto" to better reflect the source of the prng.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move remaining external files from src

Moves the remaining external source files from tomcrypt src directory.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens

core: ltc: move remaining external files from src

Moves the remaining external source files from tomcrypt src directory.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move remaining exported aes functions

Moves remaining exported aes functions to aes.c

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikland

core: ltc: move remaining exported aes functions

Moves remaining exported aes functions to aes.c

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move remaining exported hash functions

Moves remaining exported hash functions to hash.c

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikl

core: ltc: move remaining exported hash functions

Moves remaining exported hash functions to hash.c

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...