commit e954d6b5795c15b6eb5a4dfcd8957b150ab99f6a
author David Hu <david.hu@arm.com> Thu Apr 23 13:06:00 2020 +0800
committer David Hu <david.hu@arm.com> Thu May 28 16:49:52 2020 +0800
tree 81a0a088818d6731b148f42b526ca1112d0a1b8f
parent c1a80cb3b4abac304104d4c2e55a7043b36a5059

Crypto: Add alternatives of mbed-crypto implementations

Select MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA when
AES-CCM is selected.

Add emtpy wrappers of mbedtls_internal_aes_decrypt() and
mbedtls_aes_setkey_dec() to replace mbed-crypto implementation when
the MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_DECRYPT_ALTA are
enabled in AES-CCM mode. It can decrease memory footprint.

Add description of tfm_mbedcrypto_alt.c in Crypto document.

Change-Id: I3b9071735bfd6bafea8189dfde153d6050aefe27
Signed-off-by: David Hu <david.hu@arm.com>

secure_fw/services/crypto/tfm_mbedcrypto_alt.c

diff --git a/secure_fw/services/crypto/tfm_mbedcrypto_alt.c b/secure_fw/services/crypto/tfm_mbedcrypto_alt.c
new file mode 100644
index 0000000..9cf9277
--- /dev/null
+++ b/secure_fw/services/crypto/tfm_mbedcrypto_alt.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*
+ * This file collects the alternative functions to replace the
+ * implementations in mbed-crypto if the corresponding mbed-crypto
+ * MBEDTLS__FUNCTION_NAME__ALT is selected.
+ */
+
+/*
+ * A dummy include. Just add a dependency to make sure this file is compiled
+ * after all crypto header files are installed and configuration flags are set.
+ */
+#include "tfm_mbedcrypto_include.h"
+#if defined(MBEDTLS_AES_DECRYPT_ALT) || defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+#include "mbedtls/aes.h"
+#endif
+
+#if defined(MBEDTLS_AES_DECRYPT_ALT) && defined(MBEDTLS_CCM_C)
+#pragma message("mbedtls_internal_aes_decrypt() is replaced by an empty wrapper to decrease memory footprint")
+/*
+ * Replace the decryption process with an empty wrapper in AES-CCM mode.
+ * The decryption process is exactly the same as encryption process. Skip
+ * the decryption implementation to decrease memory footprint.
+ */
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16])
+{
+    (void)ctx;
+    (void)input;
+    (void)output;
+
+    return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+}
+#endif
+
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT) && defined(MBEDTLS_CCM_C)
+#pragma message("mbedtls_aes_setkey_dec() is replaced by an empty wrapper to decrease memory footprint")
+/*
+ * Replace the decryption process with an empty wrapper in AES-CCM mode.
+ * The decryption process is exactly the same as encryption process. Skip
+ * the decryption key setting to decrease memory footprint.
+ */
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
+                           unsigned int keybits)
+{
+    (void)ctx;
+    (void)key;
+    (void)keybits;
+
+    return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+}
+#endif