CC3XX: Add config switches for Chacha20/Poly1305 and CCM

Add configuration switches for Chacha20/Poly1305 and CCM in the CC3XX
driver. For the time being they're still hooked to the mbed TLS
config file but will have to adapted to the config strategy when
that is finalised (and likely to move to PSA_WANT_* mechanism).
Move the GCM ones from the internal layer to the interface.

Signed-off-by: Antonio de Angelis <[email protected]>
Change-Id: Ib8620d8cbf8ddb3981bb975ffc93c7b62f8a5aa7

Author: adeaarm

lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/cc3xx.h

@@ -71,6 +71,20 @@
  *  By default this is kept enabled. At the moment affects only the RSA utils
  */
 #define CC3XX_CONFIG_SUPPORT_RSA
+
+/*!
+ *  Used to enable support for the Chacha20 algorithm in the interface layer.
+ *  By default it's kept enabled
+ */
+#define CC3XX_CONFIG_SUPPORT_CHACHA20
+
+/*!
+ *  Used to enable support for the Poly1305 algorithm in the interface layer.
+ *  by default it's kept enabled. Note that there isn't a separate interface
+ *  to exercise the Poly1305 algorithm other than through the combination with
+ *  Chacha20 in an AEAD scheme.
+ */
+#define CC3XX_CONFIG_SUPPORT_CHACHA20_POLY1305
 #endif /* __DOXYGEN_ONLY__ */
 
 #include "cc3xx_psa_cipher.h"

lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_internal_gcm.c

@@ -20,30 +20,6 @@
 #include "cc3xx_internal_gcm.h"
 #include "psa/crypto.h"
 
-/* FixMe: Currently, some parts of the low-level driver are
- *        are not built at all based on the mbed TLS configuration,
- *        hence they can't be called from the interface code.
- *        Eventually, the low level driver should be made
- *        independent of the mbed TLS configuration and the
- *        interface layer should be the only part that should
- *        be configured through defines
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/* FixMe: Temporary way of bridging mbed TLS based configuration
- *        with specific driver configuration defines
- */
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-#define CC3XX_CONFIG_SUPPORT_GCM
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
-#ifndef MBEDTLS_GCM_C
-#undef CC3XX_CONFIG_SUPPORT_GCM
-#endif
-
 /*! AES GCM data in maximal size in bytes. */
 #define CC3XX_GCM_DATA_IN_MAX_SIZE_BYTES 0xFFFF // (64KB - 1)
 /*! AES GCM IV maximal size in bytes. */
@@ -69,7 +45,6 @@
 /*! AES GCM Tag size: 16 bytes. */
 #define CC3XX_GCM_TAG_SIZE_16_BYTES 16
 
-#ifdef CC3XX_CONFIG_SUPPORT_GCM
 static psa_status_t gcm_setkey(
         AesGcmContext_t *ctx,
         const uint8_t *key,
@@ -548,7 +523,6 @@ static psa_status_t gcm_crypt_and_tag(
 
     return status;
 }
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 
 /** \defgroup internal_gcm Internal GCM functions
  *
@@ -566,7 +540,6 @@ psa_status_t cc3xx_gcm_encrypt(
 {
     psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
 
-#ifdef CC3XX_CONFIG_SUPPORT_GCM
     psa_key_type_t key_type = psa_get_key_type(attributes);
     psa_key_bits_t key_bits = psa_get_key_bits(attributes);
     psa_algorithm_t key_alg = psa_get_key_algorithm(attributes);
@@ -587,7 +560,6 @@ psa_status_t cc3xx_gcm_encrypt(
         CRYPTO_DIRECTION_ENCRYPT, attributes, key_buffer, key_buffer_size, alg,
         nonce, nonce_length, additional_data, additional_data_length, tag,
         tag_length, plaintext, plaintext_length, ciphertext, ciphertext_length);
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 
     return status;
 }
@@ -602,7 +574,6 @@ psa_status_t cc3xx_gcm_decrypt(
 {
     psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
 
-#ifdef CC3XX_CONFIG_SUPPORT_GCM
     uint8_t local_tag_buffer[PSA_AEAD_TAG_MAX_SIZE];
 
     psa_key_type_t key_type = psa_get_key_type(attributes);
@@ -625,7 +596,7 @@ psa_status_t cc3xx_gcm_decrypt(
         nonce, nonce_length, additional_data, additional_data_length,
         local_tag_buffer, tag_length, ciphertext, ciphertext_length_without_tag,
         plaintext, plaintext_length);
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
+
     return status;
 }
 
@@ -654,23 +625,15 @@ psa_status_t cc3xx_gcm_setkey_enc(
     const uint8_t *key,
     size_t key_bits)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     return gcm_setkey(ctx, key, key_bits, CRYPTO_DIRECTION_ENCRYPT);
-#endif
 }
 
 psa_status_t cc3xx_gcm_setkey_dec(
     AesGcmContext_t *ctx,
     const uint8_t *key,
     size_t key_bits)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     return gcm_setkey(ctx, key, key_bits, CRYPTO_DIRECTION_DECRYPT);
-#endif
 }
 
 psa_status_t cc3xx_gcm_set_nonce(
@@ -679,9 +642,6 @@ psa_status_t cc3xx_gcm_set_nonce(
     size_t nonce_size,
     size_t tag_size)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED;
 
     if (NULL == ctx || NULL == nonce) {
@@ -719,17 +679,13 @@ psa_status_t cc3xx_gcm_set_nonce(
     ctx->tagSize = tag_size;
 
     return PSA_SUCCESS;
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 }
 
 psa_status_t cc3xx_gcm_set_lengths(
     AesGcmContext_t *ctx,
     size_t aadSize,
     size_t dataSize)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     if (NULL == ctx) {
         CC_PAL_LOG_ERR("ctx cannot be NULL\n");
         return PSA_ERROR_INVALID_ARGUMENT;
@@ -744,17 +700,13 @@ psa_status_t cc3xx_gcm_set_lengths(
     ctx->dataSize = dataSize;
 
     return PSA_SUCCESS;
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 }
 
 psa_status_t cc3xx_gcm_update_ad(
     AesGcmContext_t *ctx,
     const uint8_t *aad,
     size_t aad_size)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED;
 
     if (NULL == ctx || NULL == aad) {
@@ -769,7 +721,6 @@ psa_status_t cc3xx_gcm_update_ad(
     }
 
     return PSA_SUCCESS;
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 }
 
 psa_status_t cc3xx_gcm_update(
@@ -778,9 +729,6 @@ psa_status_t cc3xx_gcm_update(
     const uint8_t *input,
     uint8_t *output)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED;
 
     if (NULL == ctx || NULL == input || NULL == output) {
@@ -801,7 +749,6 @@ psa_status_t cc3xx_gcm_update(
     }
 
     return PSA_SUCCESS;
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 }
 
 psa_status_t cc3xx_gcm_finish(
@@ -810,9 +757,6 @@ psa_status_t cc3xx_gcm_finish(
     size_t tag_size,
     size_t *tag_len)
 {
-#ifndef CC3XX_CONFIG_SUPPORT_GCM
-    return PSA_ERROR_NOT_SUPPORTED;
-#else
     psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED;
 
     *tag_len = 0;
@@ -831,6 +775,5 @@ psa_status_t cc3xx_gcm_finish(
     *tag_len = ctx->tagSize;
 
     return PSA_SUCCESS;
-#endif /* CC3XX_CONFIG_SUPPORT_GCM */
 }
 /** @} */ // end of internal_gcm