1CFG_CRYPTO ?= y 2# Select small code size in the crypto library if applicable (for instance 3# LibTomCrypt has -DLTC_SMALL_CODE) 4# Note: the compiler flag -Os is not set here but by CFG_CC_OPT_LEVEL 5CFG_CRYPTO_SIZE_OPTIMIZATION ?= y 6 7ifeq (y,$(CFG_CRYPTO)) 8 9############################################################### 10# Platform crypto-driver configuration. It has a higher priority over the 11# generic crypto configuration below. 12############################################################### 13CRYPTO_MAKEFILES := $(sort $(wildcard core/drivers/crypto/*/crypto.mk)) 14include $(CRYPTO_MAKEFILES) 15 16# Ciphers 17CFG_CRYPTO_AES ?= y 18CFG_CRYPTO_DES ?= y 19CFG_CRYPTO_SM4 ?= y 20 21# Cipher block modes 22CFG_CRYPTO_ECB ?= y 23CFG_CRYPTO_CBC ?= y 24CFG_CRYPTO_CTR ?= y 25CFG_CRYPTO_CTS ?= y 26CFG_CRYPTO_XTS ?= y 27 28# Message authentication codes 29CFG_CRYPTO_HMAC ?= y 30CFG_CRYPTO_CMAC ?= y 31CFG_CRYPTO_CBC_MAC ?= y 32# Instead of calling the AES CBC encryption function for each 16 byte block of 33# input, bundle a maximum of N blocks when possible. A maximum of N*16 bytes of 34# temporary data are allocated on the heap. 35# Minimum value is 1. 36CFG_CRYPTO_CBC_MAC_BUNDLE_BLOCKS ?= 64 37 38# Hashes 39CFG_CRYPTO_MD5 ?= y 40CFG_CRYPTO_SHA1 ?= y 41CFG_CRYPTO_SHA224 ?= y 42CFG_CRYPTO_SHA256 ?= y 43CFG_CRYPTO_SHA384 ?= y 44CFG_CRYPTO_SHA512 ?= y 45CFG_CRYPTO_SHA512_256 ?= y 46CFG_CRYPTO_SM3 ?= y 47CFG_CRYPTO_SHA3_224 ?= y 48CFG_CRYPTO_SHA3_256 ?= y 49CFG_CRYPTO_SHA3_384 ?= y 50CFG_CRYPTO_SHA3_512 ?= y 51 52# Extendable-Output Functions (XOF) 53CFG_CRYPTO_SHAKE128 ?= y 54CFG_CRYPTO_SHAKE256 ?= y 55 56# Asymmetric ciphers 57CFG_CRYPTO_DSA ?= y 58CFG_CRYPTO_RSA ?= y 59CFG_CRYPTO_DH ?= y 60# ECC includes ECDSA and ECDH 61CFG_CRYPTO_ECC ?= y 62CFG_CRYPTO_SM2_PKE ?= y 63CFG_CRYPTO_SM2_DSA ?= y 64CFG_CRYPTO_SM2_KEP ?= y 65CFG_CRYPTO_ED25519 ?= y 66CFG_CRYPTO_X25519 ?= y 67 68# Authenticated encryption 69CFG_CRYPTO_CCM ?= y 70CFG_CRYPTO_GCM ?= y 71# Default uses the OP-TEE internal AES-GCM implementation 72CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB ?= n 73 74endif 75 76# PRNG configuration 77# If CFG_WITH_SOFTWARE_PRNG is enabled, crypto provider provided 78# software PRNG implementation is used. 79# Otherwise, you need to implement hw_get_random_bytes() for your platform 80CFG_WITH_SOFTWARE_PRNG ?= y 81 82# Define the maximum size, in bits, for big numbers in the TEE core (privileged 83# layer). 84# This value is an upper limit for the key size in any cryptographic algorithm 85# implemented by the TEE core. 86# Set this to a lower value to reduce the memory footprint. 87CFG_CORE_BIGNUM_MAX_BITS ?= 4096 88 89ifeq ($(CFG_WITH_PAGER),y) 90ifneq ($(CFG_CRYPTO_SHA256),y) 91$(warning Warning: Enabling CFG_CRYPTO_SHA256 [required by CFG_WITH_PAGER]) 92CFG_CRYPTO_SHA256:=y 93endif 94endif 95 96$(eval $(call cryp-enable-all-depends,CFG_WITH_SOFTWARE_PRNG, AES ECB SHA256)) 97 98ifeq ($(CFG_CRYPTO_WITH_CE82),y) 99$(call force,CFG_CRYPTO_WITH_CE,y,required with CFG_CRYPTO_WITH_CE82) 100CFG_CRYPTO_SHA512_ARM_CE ?= $(CFG_CRYPTO_SHA512) 101CFG_CORE_CRYPTO_SHA512_ACCEL ?= $(CFG_CRYPTO_SHA512_ARM_CE) 102CFG_CRYPTO_SHA3_ARM_CE ?= $(call cfg-one-enabled, CFG_CRYPTO_SHA3_224 \ 103 CFG_CRYPTO_SHA3_256 CFG_CRYPTO_SHA3_384 \ 104 CFG_CRYPTO_SHA3_512 CFG_CRYPTO_SHAKE128 \ 105 CFG_CRYPTO_SHAKE256) 106CFG_CORE_CRYPTO_SHA3_ACCEL ?= $(CFG_CRYPTO_SHA3_ARM_CE) 107CFG_CRYPTO_SM3_ARM_CE ?= $(CFG_CRYPTO_SM3) 108CFG_CORE_CRYPTO_SM3_ACCEL ?= $(CFG_CRYPTO_SM3_ARM_CE) 109 110# CFG_CRYPTO_SM4_ARM_CE defines whether we use SM4E to optimize SM4 111CFG_CRYPTO_SM4_ARM_CE ?= $(CFG_CRYPTO_SM4) 112CFG_CORE_CRYPTO_SM4_ACCEL ?= $(CFG_CRYPTO_SM4_ARM_CE) 113endif 114 115ifeq ($(CFG_CRYPTO_WITH_CE),y) 116 117$(call force,CFG_AES_GCM_TABLE_BASED,n,conflicts with CFG_CRYPTO_WITH_CE) 118 119# CFG_HWSUPP_PMULT_64 defines whether the CPU supports polynomial multiplies 120# of 64-bit values (Aarch64: PMULL/PMULL2 with the 1Q specifier; Aarch32: 121# VMULL.P64). These operations are part of the Cryptographic Extensions, so 122# assume they are implicitly contained in CFG_CRYPTO_WITH_CE=y. 123CFG_HWSUPP_PMULT_64 ?= y 124 125CFG_CRYPTO_SHA256_ARM_CE ?= $(CFG_CRYPTO_SHA256) 126CFG_CORE_CRYPTO_SHA256_ACCEL ?= $(CFG_CRYPTO_SHA256_ARM_CE) 127CFG_CRYPTO_SHA1_ARM_CE ?= $(CFG_CRYPTO_SHA1) 128CFG_CORE_CRYPTO_SHA1_ACCEL ?= $(CFG_CRYPTO_SHA1_ARM_CE) 129CFG_CRYPTO_AES_ARM_CE ?= $(CFG_CRYPTO_AES) 130CFG_CORE_CRYPTO_AES_ACCEL ?= $(CFG_CRYPTO_AES_ARM_CE) 131 132# CFG_CRYPTO_SM4_ARM_AESE defines whether we use AESE to optimize SM4 133CFG_CRYPTO_SM4_ARM_AESE ?= $(CFG_CRYPTO_SM4) 134CFG_CORE_CRYPTO_SM4_ACCEL ?= $(CFG_CRYPTO_SM4_ARM_AESE) 135else #CFG_CRYPTO_WITH_CE 136 137CFG_AES_GCM_TABLE_BASED ?= y 138 139endif #!CFG_CRYPTO_WITH_CE 140 141 142# Cryptographic extensions can only be used safely when OP-TEE knows how to 143# preserve the VFP context 144ifeq ($(CFG_CRYPTO_SHA256_ARM32_CE),y) 145$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA256_ARM32_CE) 146endif 147ifeq ($(CFG_CRYPTO_SHA256_ARM64_CE),y) 148$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA256_ARM64_CE) 149endif 150ifeq ($(CFG_CRYPTO_SHA1_ARM_CE),y) 151$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_SHA1_ARM_CE) 152endif 153ifeq ($(CFG_CRYPTO_AES_ARM_CE),y) 154$(call force,CFG_WITH_VFP,y,required by CFG_CRYPTO_AES_ARM_CE) 155endif 156ifeq ($(CFG_CORE_CRYPTO_SM4_ACCEL),y) 157$(call force,CFG_WITH_VFP,y,required by CFG_CORE_CRYPTO_SM4_ACCEL) 158endif 159cryp-enable-all-depends = $(call cfg-enable-all-depends,$(strip $(1)),$(foreach v,$(2),CFG_CRYPTO_$(v))) 160$(eval $(call cryp-enable-all-depends,CFG_REE_FS, AES ECB CTR HMAC SHA256 GCM)) 161$(eval $(call cryp-enable-all-depends,CFG_RPMB_FS, AES ECB CTR HMAC SHA256 GCM)) 162 163# Dependency checks: warn and disable some features if dependencies are not met 164 165cryp-dep-one = $(call cfg-depends-one,CFG_CRYPTO_$(strip $(1)),$(patsubst %, CFG_CRYPTO_%,$(strip $(2)))) 166cryp-dep-all = $(call cfg-depends-all,CFG_CRYPTO_$(strip $(1)),$(patsubst %, CFG_CRYPTO_%,$(strip $(2)))) 167 168$(eval $(call cryp-dep-one, ECB, AES DES)) 169$(eval $(call cryp-dep-one, CBC, AES DES)) 170$(eval $(call cryp-dep-one, CTR, AES)) 171# CTS is implemented with ECB and CBC 172$(eval $(call cryp-dep-all, CTS, AES ECB CBC)) 173$(eval $(call cryp-dep-one, XTS, AES)) 174$(eval $(call cryp-dep-one, HMAC, AES DES)) 175$(eval $(call cryp-dep-one, HMAC, MD5 SHA1 SHA224 SHA256 SHA384 SHA512)) 176$(eval $(call cryp-dep-one, CMAC, AES)) 177$(eval $(call cryp-dep-one, CBC_MAC, AES DES)) 178$(eval $(call cryp-dep-one, CCM, AES)) 179$(eval $(call cryp-dep-one, GCM, AES)) 180# If no AES cipher mode is left, disable AES 181$(eval $(call cryp-dep-one, AES, ECB CBC CTR CTS XTS)) 182# If no DES cipher mode is left, disable DES 183$(eval $(call cryp-dep-one, DES, ECB CBC)) 184# SM2 is Elliptic Curve Cryptography, it uses some generic ECC functions 185$(eval $(call cryp-dep-one, SM2_PKE, ECC)) 186$(eval $(call cryp-dep-one, SM2_DSA, ECC)) 187$(eval $(call cryp-dep-one, SM2_KEP, ECC)) 188 189############################################################### 190# libtomcrypt (LTC) specifics, phase #1 191# LTC is only configured via _CFG_CORE_LTC_ prefixed variables 192# 193# _CFG_CORE_LTC_xxx_DESC means that LTC will only register the 194# descriptor of the algorithm, not provide a 195# crypt_xxx_alloc_ctx() function. 196############################################################### 197 198# If LTC is the cryptolib, pull configuration from CFG_CRYPTO_xxx 199ifeq ($(CFG_CRYPTOLIB_NAME),tomcrypt) 200# dsa_make_params() needs all three SHA-2 algorithms. 201# Disable DSA if any is missing. 202$(eval $(call cryp-dep-all, DSA, SHA256 SHA384 SHA512)) 203 204# Assign _CFG_CORE_LTC_xxx based on CFG_CRYPTO_yyy 205core-ltc-vars = AES DES 206core-ltc-vars += ECB CBC CTR CTS XTS 207core-ltc-vars += MD5 SHA1 SHA224 SHA256 SHA384 SHA512 SHA512_256 208core-ltc-vars += SHA3_224 SHA3_256 SHA3_384 SHA3_512 SHAKE128 SHAKE256 209core-ltc-vars += HMAC CMAC CBC_MAC 210core-ltc-vars += CCM 211ifeq ($(CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB),y) 212core-ltc-vars += GCM 213endif 214core-ltc-vars += RSA DSA DH ECC 215core-ltc-vars += SIZE_OPTIMIZATION 216core-ltc-vars += SM2_PKE 217core-ltc-vars += SM2_DSA 218core-ltc-vars += SM2_KEP 219core-ltc-vars += ED25519 X25519 220# Assigned selected CFG_CRYPTO_xxx as _CFG_CORE_LTC_xxx 221$(foreach v, $(core-ltc-vars), $(eval _CFG_CORE_LTC_$(v) := $(CFG_CRYPTO_$(v)))) 222_CFG_CORE_LTC_MPI := $(CFG_CORE_MBEDTLS_MPI) 223_CFG_CORE_LTC_AES_ACCEL := $(CFG_CORE_CRYPTO_AES_ACCEL) 224_CFG_CORE_LTC_SHA1_ACCEL := $(CFG_CORE_CRYPTO_SHA1_ACCEL) 225_CFG_CORE_LTC_SHA256_ACCEL := $(CFG_CORE_CRYPTO_SHA256_ACCEL) 226_CFG_CORE_LTC_SHA512_ACCEL := $(CFG_CORE_CRYPTO_SHA512_ACCEL) 227_CFG_CORE_LTC_SHA3_ACCEL := $(CFG_CORE_CRYPTO_SHA3_ACCEL) 228endif 229 230############################################################### 231# mbedtls specifics 232############################################################### 233 234ifeq ($(CFG_CRYPTOLIB_NAME),mbedtls) 235# mbedtls has to be complemented with some algorithms by LTC 236# Specify the algorithms here 237_CFG_CORE_LTC_DSA := $(CFG_CRYPTO_DSA) 238_CFG_CORE_LTC_MPI := $(CFG_CRYPTO_DSA) 239_CFG_CORE_LTC_SHA256_DESC := $(CFG_CRYPTO_DSA) 240_CFG_CORE_LTC_SHA384_DESC := $(CFG_CRYPTO_DSA) 241_CFG_CORE_LTC_SHA512_DESC := $(CFG_CRYPTO_DSA) 242_CFG_CORE_LTC_XTS := $(CFG_CRYPTO_XTS) 243_CFG_CORE_LTC_CCM := $(CFG_CRYPTO_CCM) 244_CFG_CORE_LTC_AES := $(call cfg-one-enabled, CFG_CRYPTO_XTS CFG_CRYPTO_CCM \ 245 CFG_CRYPTO_AES) 246_CFG_CORE_LTC_AES_ACCEL := $(CFG_CORE_CRYPTO_AES_ACCEL) 247_CFG_CORE_LTC_X25519 := $(CFG_CRYPTO_X25519) 248_CFG_CORE_LTC_ED25519 := $(CFG_CRYPTO_ED25519) 249_CFG_CORE_LTC_SHA3_224 := $(CFG_CRYPTO_SHA3_224) 250_CFG_CORE_LTC_SHA3_256 := $(CFG_CRYPTO_SHA3_256) 251_CFG_CORE_LTC_SHA3_384 := $(CFG_CRYPTO_SHA3_384) 252_CFG_CORE_LTC_SHA3_512 := $(CFG_CRYPTO_SHA3_512) 253_CFG_CORE_LTC_SHAKE128 := $(CFG_CRYPTO_SHAKE128) 254_CFG_CORE_LTC_SHAKE256 := $(CFG_CRYPTO_SHAKE256) 255endif 256 257############################################################### 258# libtomcrypt (LTC) specifics, phase #2 259############################################################### 260 261_CFG_CORE_LTC_MD5_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_MD5_DESC \ 262 _CFG_CORE_LTC_MD5) 263_CFG_CORE_LTC_SHA1_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA1_DESC \ 264 _CFG_CORE_LTC_SHA1) 265_CFG_CORE_LTC_SHA224_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA224_DESC \ 266 _CFG_CORE_LTC_SHA224) 267_CFG_CORE_LTC_SHA256_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA256_DESC \ 268 _CFG_CORE_LTC_SHA224 \ 269 _CFG_CORE_LTC_SHA256) 270_CFG_CORE_LTC_SHA384_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA384_DESC \ 271 _CFG_CORE_LTC_SHA384) 272_CFG_CORE_LTC_SHA512_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA512_DESC \ 273 _CFG_CORE_LTC_SHA512_256 \ 274 _CFG_CORE_LTC_SHA512) 275_CFG_CORE_LTC_AES_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_AES_DESC \ 276 _CFG_CORE_LTC_AES) 277 278_CFG_CORE_LTC_SHA3_DESC := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA3_224 \ 279 _CFG_CORE_LTC_SHA3_256 _CFG_CORE_LTC_SHA3_384 \ 280 _CFG_CORE_LTC_SHA3_512 _CFG_CORE_LTC_SHAKE128 \ 281 _CFG_CORE_LTC_SHAKE256) 282 283# Assign system variables 284_CFG_CORE_LTC_CE := $(CFG_CRYPTO_WITH_CE) 285_CFG_CORE_LTC_VFP := $(CFG_WITH_VFP) 286_CFG_CORE_LTC_BIGNUM_MAX_BITS := $(CFG_CORE_BIGNUM_MAX_BITS) 287_CFG_CORE_LTC_PAGER := $(CFG_WITH_PAGER) 288ifneq ($(CFG_NUM_THREADS),1) 289_CFG_CORE_LTC_OPTEE_THREAD := y 290else 291_CFG_CORE_LTC_OPTEE_THREAD := n 292endif 293_CFG_CORE_LTC_HWSUPP_PMULL := $(CFG_HWSUPP_PMULL) 294 295# Assign aggregated variables 296ltc-one-enabled = $(call cfg-one-enabled,$(foreach v,$(1),_CFG_CORE_LTC_$(v))) 297_CFG_CORE_LTC_ACIPHER := $(call ltc-one-enabled, RSA DSA DH ECC) 298_CFG_CORE_LTC_HASH := $(call ltc-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 \ 299 SHA512 SHA3_224 SHA3_256 \ 300 SHA3_384 SHA3_512) 301ifeq ($(CFG_CRYPTO_HMAC),y) 302_CFG_CORE_LTC_HMAC := $(call ltc-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 \ 303 SHA512 SHA3_224 SHA3_256 \ 304 SHA3_384 SHA3_512) 305endif 306 307_CFG_CORE_LTC_CBC := $(call ltc-one-enabled, CBC CBC_MAC) 308_CFG_CORE_LTC_ASN1 := $(call ltc-one-enabled, RSA DSA ECC) 309_CFG_CORE_LTC_EC25519 := $(call ltc-one-enabled, ED25519 X25519) 310 311# Enable TEE_ALG_RSASSA_PKCS1_V1_5 algorithm for signing with PKCS#1 v1.5 EMSA 312# without ASN.1 around the hash. 313ifeq ($(CFG_CRYPTOLIB_NAME),tomcrypt) 314CFG_CRYPTO_RSASSA_NA1 ?= y 315endif 316