1. Crypto RSA H/W supports 1024/2048/3072/4096 key bits. Fall back to software implementation for other key bits.
2. For decrypt, if MBEDTLS_RSA_NO_CRT isn't defined, go CRT, or normal.
3. For decrypt, when blinding (f_rng != NULL), enable SCAP mode.
4. Recover from Crypto RSA H/W failure:
(1) Enable timed-out wait to escape from RSA H/W trap
(2) On RSA H/W timeout, stop this RSA H/W operation
(3) Fall back to S/W implementation on failure
NOTE: RSA 4096 key bits can fail with default mbedtls configuration MBEDTLS_MPI_MAX_SIZE.
Enlarge MBEDTLS_MPI_MAX_SIZE to 1024 or larger if this feature is required.
NOTE: Fixed in BSP RSA driver, for non-CRT+SCAP mode, temporary buffer for MADDR6 requires to be key length plus 128 bits.
NOTE: Fixed in BSP RSA driver, DMA buffer must be 4-word aligned, or RSA H/W will trap.
1. Prepare crypto common code
2. Support list
- SHA
- ECC
NOTE: AES/RSA are to support in other works
NOTE: Compared to M487, M467's SHA supports context save & restore (DMA Cascade mode) and so no software fallback is needed.
NOTE: M467's ECC, following M487, goes partial-module replacement and it can just improve primitives e.g. point addition/doubling by 2X,
and cannot improve high level point multiplication because MbedTLS doesn’t open it.
To improve performance best, full-module replacement is needed.
NOTE: Continuing above, add support for Montgomery curve
The CMake target mbed-mbedtls-cryptocell310 was not linked by
default, resulting in a compilation error on targets that use
Mbed TLS:
fatal error: mbedtls_device.h: No such file or directory
Other Mbed TLS drivers simply add themselve to mbed-mbedtls, so this
commits does the alignment to fix the build error.
Note: the driver and the core Mbed TLS have mutual dependency, so
they need to be one CMake target.
Mbed TLS 2.24.0 has added a new function mbedtls_ecp_write_key()
which is the reverse of the existing mbedtls_ecp_read_key(). This
function should be platform agnostic, but needs to be copied into
Cypress's hardware-accelerated ECP driver as part of the updated
API.
- Added absolute path as cmake failed to find linker file from relative path
- Added the missing MBED_CONF_CRYPTOCELL310_PRESENT
- Added the dependency library to BLE Cordio stack
Aside from the core mbed-os CMake target, a number of targets have been created so they can optionally be included by application executables that require them using `target_link_libraries()`.
Co-authored-by: Martin Kojtal <martin.kojtal@arm.com>
Co-authored-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@arm.com>
* Remove duplicated ARM toolchain directory
* Link with archived cryptocell 310 libraries instead
of adding them as source files
* Provide default MBED_BOOT_STACK_SIZE definition
in scatter file as is done for GCC_ARM linker file
Add license identifier to files which Arm owns the copyright to,
and contain either BSD-3 or Apache-2.0 licenses. This is to address
license errors raised by scancode analysis.
mbed-os/features/cryptocell/FEATURE_CRYPTOCELL310 directory moved
to mbed-os/connectivity/drivers/cryptocell/FEATURE_CRYPTOCELL310
and restructured according to the internal proposal.
Chun-Chieh Li
cyliangtw
jeromecoutant
plan-do-break-fix
Lingkai Dong
Martin Kojtal
Rajkumar Kanagaraj
Hugues Kamba
Hugues Kamba
Harrison Mutai
George Psimenos