1CFG_CRYPTO ?= y 2# Select small code size in the crypto library if applicable (for instance 3# LibTomCrypt has -DLTC_SMALL_CODE) 4# Note: the compiler flag -Os is not set here but by CFG_CC_OPT_LEVEL 5CFG_CRYPTO_SIZE_OPTIMIZATION ?= y 6 7ifeq (y,$(CFG_CRYPTO)) 8 9# Ciphers 10CFG_CRYPTO_AES ?= y 11CFG_CRYPTO_DES ?= y 12CFG_CRYPTO_SM4 ?= y 13 14# Cipher block modes 15CFG_CRYPTO_ECB ?= y 16CFG_CRYPTO_CBC ?= y 17CFG_CRYPTO_CTR ?= y 18CFG_CRYPTO_CTS ?= y 19CFG_CRYPTO_XTS ?= y 20 21# Message authentication codes 22CFG_CRYPTO_HMAC ?= y 23CFG_CRYPTO_CMAC ?= y 24CFG_CRYPTO_CBC_MAC ?= y 25# Instead of calling the AES CBC encryption function for each 16 byte block of 26# input, bundle a maximum of N blocks when possible. A maximum of N*16 bytes of 27# temporary data are allocated on the heap. 28# Minimum value is 1. 29CFG_CRYPTO_CBC_MAC_BUNDLE_BLOCKS ?= 64 30 31# Hashes 32CFG_CRYPTO_MD5 ?= y 33CFG_CRYPTO_SHA1 ?= y 34CFG_CRYPTO_SHA224 ?= y 35CFG_CRYPTO_SHA256 ?= y 36CFG_CRYPTO_SHA384 ?= y 37CFG_CRYPTO_SHA512 ?= y 38CFG_CRYPTO_SHA512_256 ?= y 39CFG_CRYPTO_SM3 ?= y 40CFG_CRYPTO_SHA3_224 ?= y 41CFG_CRYPTO_SHA3_256 ?= y 42CFG_CRYPTO_SHA3_384 ?= y 43CFG_CRYPTO_SHA3_512 ?= y 44 45# Extendable-Output Functions (XOF) 46CFG_CRYPTO_SHAKE128 ?= y 47CFG_CRYPTO_SHAKE256 ?= y 48 49# Asymmetric ciphers 50CFG_CRYPTO_DSA ?= y 51CFG_CRYPTO_RSA ?= y 52CFG_CRYPTO_DH ?= y 53# ECC includes ECDSA and ECDH 54CFG_CRYPTO_ECC ?= y 55CFG_CRYPTO_SM2_PKE ?= y 56CFG_CRYPTO_SM2_DSA ?= y 57CFG_CRYPTO_SM2_KEP ?= y 58CFG_CRYPTO_ED25519 ?= y 59CFG_CRYPTO_X25519 ?= y 60 61# Authenticated encryption 62CFG_CRYPTO_CCM ?= y 63CFG_CRYPTO_GCM ?= y 64# Default uses the OP-TEE internal AES-GCM implementation 65CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB ?= n 66 67endif 68 69ifeq ($(CFG_WITH_PAGER),y) 70ifneq ($(CFG_CRYPTO_SHA256),y) 71$(warning Warning: Enabling CFG_CRYPTO_SHA256 [required by CFG_WITH_PAGER]) 72CFG_CRYPTO_SHA256:=y 73endif 74endif 75 76$(eval $(call cryp-enable-all-depends,CFG_WITH_SOFTWARE_PRNG, AES ECB SHA256)) 77 78ifeq ($(CFG_CRYPTO_WITH_CE82),y) 79$(call force,CFG_CRYPTO_WITH_CE,y,required with CFG_CRYPTO_WITH_CE82) 80CFG_CRYPTO_SHA512_ARM_CE ?= $(CFG_CRYPTO_SHA512) 81CFG_CORE_CRYPTO_SHA512_ACCEL ?= $(CFG_CRYPTO_SHA512_ARM_CE) 82CFG_CRYPTO_SHA3_ARM_CE ?= $(call cfg-one-enabled, CFG_CRYPTO_SHA3_224 \ 83 CFG_CRYPTO_SHA3_256 CFG_CRYPTO_SHA3_384 \ 84 CFG_CRYPTO_SHA3_512 CFG_CRYPTO_SHAKE128 \ 85 CFG_CRYPTO_SHAKE256) 86CFG_CORE_CRYPTO_SHA3_ACCEL ?= $(CFG_CRYPTO_SHA3_ARM_CE) 87CFG_CRYPTO_SM3_ARM_CE ?= $(CFG_CRYPTO_SM3) 88CFG_CORE_CRYPTO_SM3_ACCEL ?= $(CFG_CRYPTO_SM3_ARM_CE) 89 90# CFG_CRYPTO_SM4_ARM_CE defines whether we use SM4E to optimize SM4 91CFG_CRYPTO_SM4_ARM_CE ?= $(CFG_CRYPTO_SM4) 92CFG_CORE_CRYPTO_SM4_ACCEL ?= $(CFG_CRYPTO_SM4_ARM_CE) 93endif 94 95ifeq ($(CFG_CRYPTO_WITH_CE),y) 96 97$(call force,CFG_AES_GCM_TABLE_BASED,n,conflicts with CFG_CRYPTO_WITH_CE) 98 99# CFG_HWSUPP_PMULT_64 defines whether the CPU supports polynomial multiplies 100# of 64-bit values (Aarch64: PMULL/PMULL2 with the 1Q specifier; Aarch32: 101# VMULL.P64). These operations are part of the Cryptographic Extensions, so 102# assume they are implicitly contained in CFG_CRYPTO_WITH_CE=y. 103CFG_HWSUPP_PMULT_64 ?= y 104 105CFG_CRYPTO_SHA256_ARM_CE ?= $(CFG_CRYPTO_SHA256) 106CFG_CORE_CRYPTO_SHA256_ACCEL ?= $(CFG_CRYPTO_SHA256_ARM_CE) 107CFG_CRYPTO_SHA1_ARM_CE ?= $(CFG_CRYPTO_SHA1) 108CFG_CORE_CRYPTO_SHA1_ACCEL ?= $(CFG_CRYPTO_SHA1_ARM_CE) 109CFG_CRYPTO_AES_ARM_CE ?= $(CFG_CRYPTO_AES) 110CFG_CORE_CRYPTO_AES_ACCEL ?= $(CFG_CRYPTO_AES_ARM_CE) 111 112# CFG_CRYPTO_SM4_ARM_AESE defines whether we use AESE to optimize SM4 113CFG_CRYPTO_SM4_ARM_AESE ?= $(CFG_CRYPTO_SM4) 114CFG_CORE_CRYPTO_SM4_ACCEL ?= $(CFG_CRYPTO_SM4_ARM_AESE) 115else #CFG_CRYPTO_WITH_CE 116 117CFG_AES_GCM_TABLE_BASED ?= y 118 119endif #!CFG_CRYPTO_WITH_CE 120 121 122# Cryptographic extensions can only be used safely when OP-TEE knows how to 123# preserve the VFP context 124ifeq ($(CFG_CRYPTO_SHA256_ARM32_CE),y) 125$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA256_ARM32_CE) 126endif 127ifeq ($(CFG_CRYPTO_SHA256_ARM64_CE),y) 128$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA256_ARM64_CE) 129endif 130ifeq ($(CFG_CRYPTO_SHA1_ARM_CE),y) 131$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA1_ARM_CE) 132endif 133ifeq ($(CFG_CRYPTO_AES_ARM_CE),y) 134$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_AES_ARM_CE) 135endif 136ifeq ($(CFG_CORE_CRYPTO_SM4_ACCEL),y) 137$(call force,CFG_WITH_VFP,y,required by CFG_CORE_CRYPTO_SM4_ACCEL) 138endif 139cryp-enable-all-depends = $(call cfg-enable-all-depends,$(strip $(1)),$(foreach v,$(2),CFG_CRYPTO_$(v))) 140$(eval $(call cryp-enable-all-depends,CFG_REE_FS, AES ECB CTR HMAC SHA256 GCM)) 141$(eval $(call cryp-enable-all-depends,CFG_RPMB_FS, AES ECB CTR HMAC SHA256 GCM)) 142 143# Dependency checks: warn and disable some features if dependencies are not met 144 145cryp-dep-one = $(call cfg-depends-one,CFG_CRYPTO_$(strip $(1)),$(patsubst %, CFG_CRYPTO_%,$(strip $(2)))) 146cryp-dep-all = $(call cfg-depends-all,CFG_CRYPTO_$(strip $(1)),$(patsubst %, CFG_CRYPTO_%,$(strip $(2)))) 147 148$(eval $(call cryp-dep-one, ECB, AES DES)) 149$(eval $(call cryp-dep-one, CBC, AES DES)) 150$(eval $(call cryp-dep-one, CTR, AES)) 151# CTS is implemented with ECB and CBC 152$(eval $(call cryp-dep-all, CTS, AES ECB CBC)) 153$(eval $(call cryp-dep-one, XTS, AES)) 154$(eval $(call cryp-dep-one, HMAC, AES DES)) 155$(eval $(call cryp-dep-one, HMAC, MD5 SHA1 SHA224 SHA256 SHA384 SHA512)) 156$(eval $(call cryp-dep-one, CMAC, AES)) 157$(eval $(call cryp-dep-one, CBC_MAC, AES DES)) 158$(eval $(call cryp-dep-one, CCM, AES)) 159$(eval $(call cryp-dep-one, GCM, AES)) 160# If no AES cipher mode is left, disable AES 161$(eval $(call cryp-dep-one, AES, ECB CBC CTR CTS XTS)) 162# If no DES cipher mode is left, disable DES 163$(eval $(call cryp-dep-one, DES, ECB CBC)) 164# SM2 is Elliptic Curve Cryptography, it uses some generic ECC functions 165$(eval $(call cryp-dep-one, SM2_PKE, ECC)) 166$(eval $(call cryp-dep-one, SM2_DSA, ECC)) 167$(eval $(call cryp-dep-one, SM2_KEP, ECC)) 168 169############################################################### 170# libtomcrypt (LTC) specifics, phase #1 171# LTC is only configured via _CFG_CORE_LTC_ prefixed variables 172# 173# _CFG_CORE_LTC_xxx_DESC means that LTC will only register the 174# descriptor of the algorithm, not provide a 175# crypt_xxx_alloc_ctx() function. 176############################################################### 177 178# If LTC is the cryptolib, pull configuration from CFG_CRYPTO_xxx 179ifeq ($(CFG_CRYPTOLIB_NAME),tomcrypt) 180# dsa_make_params() needs all three SHA-2 algorithms. 181# Disable DSA if any is missing. 182$(eval $(call cryp-dep-all, DSA, SHA256 SHA384 SHA512)) 183 184# Assign _CFG_CORE_LTC_xxx based on CFG_CRYPTO_yyy 185core-ltc-vars = AES DES 186core-ltc-vars += ECB CBC CTR CTS XTS 187core-ltc-vars += MD5 SHA1 SHA224 SHA256 SHA384 SHA512 SHA512_256 188core-ltc-vars += SHA3_224 SHA3_256 SHA3_384 SHA3_512 SHAKE128 SHAKE256 189core-ltc-vars += HMAC CMAC CBC_MAC 190core-ltc-vars += CCM 191ifeq ($(CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB),y) 192core-ltc-vars += GCM 193endif 194core-ltc-vars += RSA DSA DH ECC 195core-ltc-vars += SIZE_OPTIMIZATION 196core-ltc-vars += SM2_PKE 197core-ltc-vars += SM2_DSA 198core-ltc-vars += SM2_KEP 199core-ltc-vars += ED25519 X25519 200# Assigned selected CFG_CRYPTO_xxx as _CFG_CORE_LTC_xxx 201$(foreach v, $(core-ltc-vars), $(eval _CFG_CORE_LTC_$(v) := $(CFG_CRYPTO_$(v)))) 202_CFG_CORE_LTC_MPI := $(CFG_CORE_MBEDTLS_MPI) 203_CFG_CORE_LTC_AES_ACCEL := $(CFG_CORE_CRYPTO_AES_ACCEL) 204_CFG_CORE_LTC_SHA1_ACCEL := $(CFG_CORE_CRYPTO_SHA1_ACCEL) 205_CFG_CORE_LTC_SHA256_ACCEL := $(CFG_CORE_CRYPTO_SHA256_ACCEL) 206_CFG_CORE_LTC_SHA512_ACCEL := $(CFG_CORE_CRYPTO_SHA512_ACCEL) 207_CFG_CORE_LTC_SHA3_ACCEL := $(CFG_CORE_CRYPTO_SHA3_ACCEL) 208endif 209 210############################################################### 211# mbedtls specifics 212############################################################### 213 214ifeq ($(CFG_CRYPTOLIB_NAME),mbedtls) 215# mbedtls has to be complemented with some algorithms by LTC 216# Specify the algorithms here 217_CFG_CORE_LTC_DSA := $(CFG_CRYPTO_DSA) 218_CFG_CORE_LTC_MPI := $(CFG_CRYPTO_DSA) 219_CFG_CORE_LTC_SHA256_DESC := $(CFG_CRYPTO_DSA) 220_CFG_CORE_LTC_SHA384_DESC := $(CFG_CRYPTO_DSA) 221_CFG_CORE_LTC_SHA512_DESC := $(CFG_CRYPTO_DSA) 222_CFG_CORE_LTC_XTS := $(CFG_CRYPTO_XTS) 223_CFG_CORE_LTC_CCM := $(CFG_CRYPTO_CCM) 224_CFG_CORE_LTC_AES_DESC := $(call cfg-one-enabled, CFG_CRYPTO_XTS CFG_CRYPTO_CCM) 225_CFG_CORE_LTC_X25519 := $(CFG_CRYPTO_X25519) 226_CFG_CORE_LTC_ED25519 := $(CFG_CRYPTO_ED25519) 227_CFG_CORE_LTC_SHA3_224 := $(CFG_CRYPTO_SHA3_224) 228_CFG_CORE_LTC_SHA3_256 := $(CFG_CRYPTO_SHA3_256) 229_CFG_CORE_LTC_SHA3_384 := $(CFG_CRYPTO_SHA3_384) 230_CFG_CORE_LTC_SHA3_512 := $(CFG_CRYPTO_SHA3_512) 231_CFG_CORE_LTC_SHAKE128 := $(CFG_CRYPTO_SHAKE128) 232_CFG_CORE_LTC_SHAKE256 := $(CFG_CRYPTO_SHAKE256) 233endif 234 235############################################################### 236# libtomcrypt (LTC) specifics, phase #2 237############################################################### 238 239_CFG_CORE_LTC_SHA256_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA256_DESC \ 240 _CFG_CORE_LTC_SHA224 \ 241 _CFG_CORE_LTC_SHA256) 242_CFG_CORE_LTC_SHA384_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA384_DESC \ 243 _CFG_CORE_LTC_SHA384) 244_CFG_CORE_LTC_SHA512_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA512_DESC \ 245 _CFG_CORE_LTC_SHA512_256 \ 246 _CFG_CORE_LTC_SHA512) 247_CFG_CORE_LTC_AES_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_AES_DESC \ 248 _CFG_CORE_LTC_AES) 249 250_CFG_CORE_LTC_SHA3_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA3_224 \ 251 _CFG_CORE_LTC_SHA3_256 _CFG_CORE_LTC_SHA3_384 \ 252 _CFG_CORE_LTC_SHA3_512 _CFG_CORE_LTC_SHAKE128 \ 253 _CFG_CORE_LTC_SHAKE256) 254 255# Assign system variables 256_CFG_CORE_LTC_CE := $(CFG_CRYPTO_WITH_CE) 257_CFG_CORE_LTC_VFP := $(CFG_WITH_VFP) 258_CFG_CORE_LTC_BIGNUM_MAX_BITS := $(CFG_CORE_BIGNUM_MAX_BITS) 259_CFG_CORE_LTC_PAGER := $(CFG_WITH_PAGER) 260ifneq ($(CFG_NUM_THREADS),1) 261_CFG_CORE_LTC_OPTEE_THREAD := y 262else 263_CFG_CORE_LTC_OPTEE_THREAD := n 264endif 265_CFG_CORE_LTC_HWSUPP_PMULL := $(CFG_HWSUPP_PMULL) 266 267# Assign aggregated variables 268ltc-one-enabled = $(call cfg-one-enabled,$(foreach v,$(1),_CFG_CORE_LTC_$(v))) 269_CFG_CORE_LTC_ACIPHER := $(call ltc-one-enabled, RSA DSA DH ECC) 270_CFG_CORE_LTC_AUTHENC := $(and $(filter y,$(_CFG_CORE_LTC_AES_DESC)), \ 271 $(filter y,$(call ltc-one-enabled, CCM GCM))) 272_CFG_CORE_LTC_CIPHER := $(call ltc-one-enabled, AES_DESC DES) 273_CFG_CORE_LTC_HASH := $(call ltc-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 \ 274 SHA512 SHA3_224 SHA3_256 \ 275 SHA3_384 SHA3_512) 276ifeq ($(CFG_CRYPTO_HMAC),y) 277_CFG_CORE_LTC_HMAC := $(call ltc-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 \ 278 SHA512 SHA3_224 SHA3_256 \ 279 SHA3_384 SHA3_512) 280endif 281 282_CFG_CORE_LTC_MAC := $(call ltc-one-enabled, HMAC CMAC CBC_MAC) 283_CFG_CORE_LTC_CBC := $(call ltc-one-enabled, CBC CBC_MAC) 284_CFG_CORE_LTC_ASN1 := $(call ltc-one-enabled, RSA DSA ECC) 285_CFG_CORE_LTC_EC25519 := $(call ltc-one-enabled, ED25519 X25519) 286 287############################################################### 288# Platform independent crypto-driver configuration 289############################################################### 290CRYPTO_MAKEFILES := $(sort $(wildcard core/drivers/crypto/*/crypto.mk)) 291include $(CRYPTO_MAKEFILES) 292 293# Enable TEE_ALG_RSASSA_PKCS1_V1_5 algorithm for signing with PKCS#1 v1.5 EMSA 294# without ASN.1 around the hash. 295ifeq ($(CFG_CRYPTOLIB_NAME),tomcrypt) 296CFG_CRYPTO_RSASSA_NA1 ?= y 297endif 298