nrf_security: Enabling DHM for CryptoCell

frkv · rlubos · commit 628d01d9155b · 2022-02-11T11:50:20.000+01:00
-Enabling DHM_ALT to use CryptoCell runtime for DHM operations
-Adding missing APIs in CryptoCell library copied from Mbed TLS
 in dhm_ext.c that is added to the build.

ref: NCSDK-13744

Signed-off-by: Frank Audun Kvamtrø &lt;frank.kvamtro@nordicsemi.no&gt;
diff --git a/nrf_security/Kconfig.legacy b/nrf_security/Kconfig.legacy
@@ -114,8 +114,8 @@ config MBEDTLS_CHACHAPOLY_ALT
 
 config MBEDTLS_DHM_ALT
 	bool
-	#depends on CC3XX_BACKEND || PSA_CRYPTO_DRIVER_CC3XX
-	#default y - Currently not supported
+	depends on CC3XX_BACKEND || PSA_CRYPTO_DRIVER_CC3XX
+	default y
 
 config MBEDTLS_ECP_ALT
 	bool
diff --git a/nrf_security/src/legacy/CMakeLists.txt b/nrf_security/src/legacy/CMakeLists.txt
@@ -94,6 +94,7 @@ if (CONFIG_OBERON_BACKEND OR PSA_CRYPTO_DRIVER_OBERON)
 else()
   list(APPEND src_crypto_legacy
     ${ARM_MBEDTLS_PATH}/library/aes.c
+    ${CMAKE_CURRENT_LIST_DIR}/dhm_ext.c
   )
 endif()
 
diff --git a/nrf_security/src/legacy/dhm_ext.c b/nrf_security/src/legacy/dhm_ext.c
@@ -0,0 +1,69 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/*
+ *  The following sources were referenced in the design of this implementation
+ *  of the Diffie-Hellman-Merkle algorithm:
+ *
+ *  [1] Handbook of Applied Cryptography - 1997, Chapter 12
+ *      Menezes, van Oorschot and Vanstone
+ *
+ */
+
+/* Copied from mbed TLS, missing in CryptoCell runtime library */
+
+#include "common.h"
+
+#if defined(MBEDTLS_DHM_C) && defined(CONFIG_CC3XX_BACKEND)
+
+#include "mbedtls/dhm.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/error.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#include <stdio.h>
+#define mbedtls_printf     printf
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
+{
+    return( mbedtls_mpi_bitlen( &ctx->P ) );
+}
+
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
+{
+    return( mbedtls_mpi_size( &ctx->P ) );
+}
+
+
+#endif /* defined(MBEDTLS_DHM_C) && defined(CONFIG_CC3XX_BACKEND) */

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,7 @@ if (CONFIG_OBERON_BACKEND OR PSA_CRYPTO_DRIVER_OBERON)`
`94`	`94`	`else()`
`95`	`95`	`list(APPEND src_crypto_legacy`
`96`	`96`	`${ARM_MBEDTLS_PATH}/library/aes.c`
	`97`	`+ ${CMAKE_CURRENT_LIST_DIR}/dhm_ext.c`
`97`	`98`	`)`
`98`	`99`	`endif()`
`99`	`100`