[EFR32] Adding hardware acceleration for mbed TLS

Initial check-in of hardware acceleration support on EFR32 for mbed TLS (AES, SHA and ECC).

Author: stevew817

features/mbedtls/platform/inc/platform_mbed.h

@@ -20,3 +20,21 @@
 #if defined(DEVICE_TRNG)
 #define MBEDTLS_ENTROPY_HARDWARE_ALT
 #endif
+
+#if defined(DEVICE_AES)
+#define MBEDTLS_AES_ALT
+#endif
+
+#if defined(DEVICE_SHA)
+#define MBEDTLS_SHA1_ALT
+#define MBEDTLS_SHA256_ALT
+#endif
+
+#if defined(DEVICE_ECC)
+#define MBEDTLS_ECP_DEVICE_ALT
+#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+#define MBEDTLS_ECP_DEVICE_ADD_MIXED_ALT
+#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+#define MBEDTLS_MPI_MODULAR_DIVISION_ALT
+#endif

targets/TARGET_Silicon_Labs/TARGET_EFM32/sl_crypto/Changes_sl_mbedtls.txt

@@ -0,0 +1,67 @@
+================ Revision history ============================================
+5.0.0:
+ - Added basic support for Series 1 Configuration 2 devices (EFR32MG12, etc.)
+ - Bugfix: The asynchronous callback of mbedtls_ccm_auth_decrypt and
+   mbedtls_cmac_verify_tag reported incorrect error codes when authentication
+   verification fails.
+ - Bugfix: In asynchronous mode, the output buffer of mbedtls_ccm_auth_decrypt
+   was not properly cleared when authentication verification fails.
+
+4.4.0:
+ - Added CMAC support with a Silicon Labs specific API (slcl_cmac.c).
+   CMAC is not covered by the standard mbedtls interface.
+   The CMAC plugin use the CRYPTO hardware module for acceleration.
+ - Added CCM plugin (slcl_ccm.c) with CRYPTO hardware acceleration and
+   optimized CCM functions for BLE (mbedtls_ccm_encrypt_and_tag_ble and
+   mbedtls_ccm_auth_decrypt_ble).
+ - Added CRYPTO preemption support in the following plugins:
+   slcl_aes.c, slcl_ccm.c, slcl_cmac.c, slcl_ecp.c, slcl_sha1.c and
+   slcl_sha256.c.
+ - Added support for alternative CRYPTO critical region implementations
+   (for the CRYPTO preemption support).
+ - Added support for asynchronous (non-blocking) API calls in the following
+   plugins: slcl_aes.c, slcl_ccm.c and slcl_cmac.c.
+ - Added support for moving data with BUFC and DMA (to/from CRYPTO registers)
+   in the following plugins: slcl_aes.c and slcl_ccm.c.
+ - In order to support error codes in new SIlicon Labs specific APIs
+   extended error code interface of the standard mbedtls by using the full
+   32-bit integer range, see details in mbedtls_ecode.h.
+ - Added support for AES module on EFM32GG (Giant Gecko) in slcl_aes.c.
+   Compile with MBEDTLS_SLCL_PLUGINS in order to enable EFM32GG support.
+
+4.3.1:
+ - No changes.
+
+4.3.0:
+ - Updated to mbedtls-2.2.0 including EC JPAKE support.
+ - sl_aes.c:
+   In mbedtls_aes_setkey_enc and mbedtls_aes_setkey_dec change return value to
+   MBEDTLS_ERR_AES_INVALID_KEY_LENGTH when key length is not 128 or 256 bits.
+   In mbedtls_aes_crypt_cfb128 added support for data lengths not dividable
+   with 16 (AES block size), by using software (no crypto) implementation.
+   In mbedtls_aes_crypt_cfb8 return errors from mbedtls_aes_crypt_ecb.
+ - library/bignum.c:
+   In mbedtls_mpi_sub_abs and mbedtls_mpi_mul_mpi copy to and use local
+   variables only if necessary.
+ - library/ecp.c:
+   In ecp_modp call halResetWatchdog #ifdef MBEDTLS_HAVE_HAL_WATCHDOG_TIMER
+   for Thread stack integration.
+ - library/aes.c:
+   In mbedtls_aes_self_test allow failure when setting 192 bit keys which is
+   not supported by CRYPTO.
+ - library/gcm.c:
+   In mbedtls_gcm_self_test allow failure when setting 192 bit keys which is
+   not supported by CRYPTO.
+ - library/x509.c and x509_crt.c:
+   Excluded code when MBEDTLS_FS_IO is defined which is not supported on
+   Silicon Labs devices.
+ - Added sl_timing.c and timing_alt.h in order to compiler modules depending on
+   MBEDTLS_TIMING_C. The user should #define MBEDTLS_TIMING_ALT in order to
+   compile.
+
+4.2.1:
+ - No changes.
+
+4.2.0:
+ - First version including support for mbedtls 2.0.0 and CRYPTO acceleration of
+   AES (sl_aes.c), ECC (sl_ecp.c), SHA1 (sl_sha1.c) and SHA256 (sl_sha256.c).

targets/TARGET_Silicon_Labs/TARGET_EFM32/sl_crypto/README.txt

@@ -0,0 +1,34 @@
+README for mbed TLS CRYPTO hardware acceleraton plugins from Silicon Labs
+=========================================================================
+
+Introduction
+------------
+This folder include alternative implementations (plugins) from Silicon Labs for some of the mbed TLS library functions, including AES, CCM, CMAC, ECC (ECP, ECDH, ECDSA, ECJPAKE), SHA1 and SHA256. The plugins use the AES and CRYPTO hardware modules to accelerate the standard mbed TLS library functions that are implemented in C. The CRYPTO hardware module is incorporated in the new generations of MCUs from SIlicon Labs and the AES hardware module is incorporated in the classic EFM32 MCUs from Silicon Labs.
+
+Please refer to the mbedTLS section of the Gecko SDK documentation for more information on using mbed TLS on Silicon Labs devices.
+
+Configuration
+-------------
+The configuration macros of the CRYPTO hardware acceleraton plugins from Silicon Labs are documented in configs/config-sl-crypto-all-acceleration.h. The configs/config-sl-crypto-all-acceleration.h enables acceleration of all plugins from Silicon Labs and provides a full mbedtls configuration which can be used to get started with application development. Please refer to the Gecko SDK documentation for more information on using mbed TLS on Silicon Labs devices. Please refer to the main README file (in the mbedtls base folder) and `include/mbedtls/config.h` for general mbed TLS configuration. Below is a summary of the configuration macros of the CRYPTO hardware acceleraton plugins:
+
+#define MBEDTLS_AES_ALT   /* Includes CRYPTO accelerated implementation of the aes.h interface. */
+#define MBEDTLS_SHA1_ALT   /* Includes CRYPTO accelerated implementation of the sha1.h interface. */
+#define MBEDTLS_SHA256_ALT   /* Includes CRYPTO accelerated implementation of the sha256.h interface. */
+#define MBEDTLS_ECP_DEVICE_ALT   /* Includes CRYPTO accelerated implementation of some functions in ecp.c. */
+#define MBEDTLS_ECP_DOUBLE_JAC_ALT /* Includes CRYPTO accelerated implementation of the ecp_double_jac function. */
+#define MBEDTLS_ECP_DEVICE_ADD_MIXED_ALT /* Includes CRYPTO accelerated implementation of the ecp_add_mixed function. */
+#define MBEDTLS_ECP_NORMALIZE_JAC_ALT /* Includes CRYPTO accelerated implementation of the ecp_normalize_jac function. */
+#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT /* Includes CRYPTO accelerated implementation of the ecp_normalize_jac_many function. */
+#define MBEDTLS_MPI_MODULAR_DIVISION_ALT /* Includes the CRYPTO accelerated function mbedtls_mpi_div_mod which can serve as a replacement of the regular mbedtls_mpi_inv_mod function of mbedtls. */
+#define MBEDTLS_SLCL_PLUGINS /* Enables group 2 plugins (slcl_xxx.c) including support for CRYPTO preemption, asynchronous API support, DMA and BUFC I/O modes, and support for classic EFM32 devices with AES module, EFM32GG, etc. */
+#define MBEDTLS_CRYPTO_DEVICE_PREEMPTION /* Include CRYPTO preemption */
+#define MBEDTLS_CRYPTO_CRITICAL_REGION_ALT /* Include alternative implementation of CRYPTO critical regions (of CRYPTO preemption support). */
+#define MBEDTLS_INCLUDE_ASYNCH_API  /* Include asynchronous API support */
+#define MBEDTLS_INCLUDE_IO_MODE_DMA /* Include support for moving data to/from CRYPTO with DMA */
+
+Compiling
+---------
+Please refer to the example programs in the EFM32 SDK for project files examples for various IDE/toolchains.
+I.e:
+kits/SLSTK3401A_EFM32PG/examples/mbedtls_aescrypt
+kits/SLSTK3401A_EFM32PG/examples/mbedtls_ecdsa

targets/TARGET_Silicon_Labs/TARGET_EFM32/sl_crypto/include/.gitignore

@@ -0,0 +1 @@
+*~