Initial implementation of Cypress Crypto hardware acceleration for mbedTLS

[kotkcy]

Kind request for ARM team!!!

Could you please make a review as soon as possible - we need this for our customer. Ideally at start on the next week.

Description

This PR brings the following major updates to the Cypress PSoC 6 targets for Mbed TLS library resides in Mbed OS 5.13:

• Initial implementation of the Cypress hardware acceleration target for mbedTLS (features/mbedtls/targets/TARGET_Cypress)
• Updated Cypress CSP HAL to support all crypto hardware resources (targets/TARGET_Cypress/TARGET_PSOC6/psoc6csp/hal/)
• Updated targets.json file to enable mbedTLS hardware acceleration for Cypress MCUs (targets/targets.json)

This PR is based on PR #11018, so actual changes only related to crypto acceleration support in MbedTLS library.

Pull request type

[ ] Fix
[ ] Refactor
[x] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

Please suggest

Release Notes

[ciarmcom]

@kotkcy, thank you for your changes.
@ARMmbed/mbed-os-maintainers @ARMmbed/mbed-os-storage @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-tools please review.

[SeppoTakalo]

Many .py files are missing their license headers.
Please add.

Then there is Oracle Binary Code License Agreement is this needed, and why? I need to seek advice whether this can be accepted.

[bulislaw]

@Patater do we even accept code into mbed TLS copy that resides in Mbed OS? I have a feeling they'll be lost during an update.

[kotkcy]

Many .py files are missing their license headers.
Please add.

Then there is Oracle Binary Code License Agreement is this needed, and why? I need to seek advice whether this can be accepted.

[SeppoTakalo]

Why is the Oracle binary license required?

[kotkcy]

Many .py files are missing their license headers.
Please add.
@SeppoTakalo please look into the newly uploaded files that have required licenses.

[Patater]

@Patater do we even accept code into mbed TLS copy that resides in Mbed OS? I have a feeling they'll be lost during an update.

We generally don't accept code into the copies of Mbed TLS or Mbed Crypto that resides in Mbed OS. Exactly as you say, the changes will be lost upon the next update of Mbed TLS and Mbed Crypto. Any changes to Mbed TLS or Mbed Crypto should be raised as PRs to https://github.com/ARMmbed/mbedtls and https://github.com/ARMmbed/mbed-crypto

[SeppoTakalo]

This PR now seems to contain test changes TESTS/mbed_platform/atomic/main.cpp as well as API changes Atomic.h.
And various smaller touches to AT_cellular stuff.

Those have nothing to do with "Initial implementatation of Cypress Crypto" and should therefore be separated to own PR.

[vmedcy]

@SeppoTakalo: the presence of unrelated changes was caused by the wrong branch used as a base of contributions (GitHub PRs always display difference against latest master).

This PR is now rebased against master + #11018 commits included. Once CY8CPROTO_064_SB target is merged, this PR will contain single commit 6a123d3.

I recommend to focus the review on this commit, and track CY8CPROTO_064_SB related issues in #11018

[0xc0170]

#11018 is moving forward. Once it is in, this should be rebased. Meanwhile, can this PR be made on its own (so we can focus on reviewing just crypto implementation) ?

At least share range of commits for review here.

[kotkcy]

just alignment in some mbedtls files (tabs used?)

All TABs are changed to spaces in the commit 08fd157.

[mark-edgeworth]

Generally there are quite a few cases where some really complex C code has been used and which could be simplified to make later maintenance/bug fixing much easier. I appreciate that this stuff is complex, but using longer and more descriptive variable names might help too. Putting braces around statements within every 'if' statement is usually recommended.

[mark-edgeworth]

Not required as this is the next statement

[kotkcy]

Please look into ecp.c line 2281.

[mark-edgeworth]

Are these numbers ok to be included here or are they hackable?

[kotkcy]

Please look into ecp_curves.c line 95.

[mark-edgeworth]

Two issues:

1. If any of the input parameters have a side effect then this macro will not work as intended.
2. What happens if 'n' is signed and negative? C standard says undefined; could be sign extended.

[kotkcy]

This code was captured to support XTS cipher mode from aes.c. Please look into line 1129.

[mark-edgeworth]

Potential for error if any parameter has a side effect. Also might read better if 'n' was the result of the macro being used as an R-value, eg result = GET_UINT64_LE(buff, offset)

[kotkcy]

This code was captured to support XTS cipher mode from aes.c. Please look into line 1116.

[mark-edgeworth]

Generally it looks like lots of this code was copied from elsewhere in mbed-os, and the original code has quite a few 'clever' (aka difficult to maintain/understand) bits of C in it that are being replicated here. I have highlighted several places where improvements could be made to improve readability, and a couple of cases where incipient bugs might lurk.

[Patater]

I have just one remaining question about how the AES hardware sharing works with regard to XTS mode (which uses two AES contexts at the same time). The underlying driver handles multiple concurrent operations, but I did not review how that is done.

[0xc0170]

CI started

[mbed-ci]

Test run: FAILED

Summary: 3 of 4 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-GCC_ARM
• jenkins-ci/mbed-os-ci_build-ARM
• jenkins-ci/mbed-os-ci_build-IAR

[0xc0170]

Because of 5.14.0-rc1 CI jobs, we aborted CI job here. We will restart once 5.14.0rc1 is ready.

[kotkcy]

I have just one remaining question about how the AES hardware sharing works with regard to XTS mode (which uses two AES contexts at the same time). The underlying driver handles multiple concurrent operations, but I did not review how that is done.

PDL crypto driver provides a separated contexts for all AES objects that hold all needed information inside.

So we can use many AES objects at the same time at driver layer not in the hardware.

[Patater]

I have just one remaining question about how the AES hardware sharing works with regard to XTS mode (which uses two AES contexts at the same time). The underlying driver handles multiple concurrent operations, but I did not review how that is done.

PDL crypto driver provides a separated contexts for all AES objects that hold all needed information inside.

So we can use many AES objects at the same time at driver layer not in the hardware.

Sounds good to me. Thanks for the explanation.

[0xc0170]

CI restarted

[mbed-ci]

Test run: FAILED

Summary: 3 of 4 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-ARM
• jenkins-ci/mbed-os-ci_build-GCC_ARM
• jenkins-ci/mbed-os-ci_build-IAR

[0xc0170]

CI restarted

[kotkcy]

CI restarted

@0xc0170 I removed mbedTLS hardware support from Sequana targets, so please restart CI asap

[0xc0170]

CI aborted and restarted

[mbed-ci]

Test run: FAILED

Summary: 3 of 4 test jobs failed
Build number : 3
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-ARM
• jenkins-ci/mbed-os-ci_build-IAR
• jenkins-ci/mbed-os-ci_build-GCC_ARM

[0xc0170]

New CI is running, old one was aborted quite late.. ^^

[mbed-ci]

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 4
Build artifacts