crypto: introduce CFG_CRYPTO_HW_PBKDF2

[loubaihui]

We add a new pbkdf2 implementation.

[jenswi-linaro]

How about just:

--- a/core/tee/sub.mk
+++ b/core/tee/sub.mk
@@ -21,7 +21,9 @@ srcs-y += entry_std.c
 srcs-y += tee_cryp_utl.c
 srcs-$(CFG_CRYPTO_HKDF) += tee_cryp_hkdf.c
 srcs-$(CFG_CRYPTO_CONCAT_KDF) += tee_cryp_concat_kdf.c
+ifneq($(CFG_CRYPTO_HW_PBKDF2),y)
 srcs-$(CFG_CRYPTO_PBKDF2) += tee_cryp_pbkdf2.c
+endif
 
 ifeq ($(CFG_WITH_USER_TA),y)
 srcs-y += tee_obj.c

instead?

We should also document the CFG_CRYPTO_HW_PBKDF2 flag, probably in mk/config.mk

[loubaihui]

How about just:

--- a/core/tee/sub.mk
+++ b/core/tee/sub.mk
@@ -21,7 +21,9 @@ srcs-y += entry_std.c
 srcs-y += tee_cryp_utl.c
 srcs-$(CFG_CRYPTO_HKDF) += tee_cryp_hkdf.c
 srcs-$(CFG_CRYPTO_CONCAT_KDF) += tee_cryp_concat_kdf.c
+ifneq($(CFG_CRYPTO_HW_PBKDF2),y)
 srcs-$(CFG_CRYPTO_PBKDF2) += tee_cryp_pbkdf2.c
+endif
 
 ifeq ($(CFG_WITH_USER_TA),y)
 srcs-y += tee_obj.c

instead?

We should also document the CFG_CRYPTO_HW_PBKDF2 flag, probably in mk/config.mk

Sounds great, according to your suggestions, we made the revision.

[jenswi-linaro]

Unrelated change.

[jenswi-linaro]

I don't think pbkdf2_hw.c or pbkdf2_support.h is needed at all. The hardware implementation can just implement the tee_cryp_pbkdf2()

[loubaihui]

Is that mean:
If the two files are not needed, the hardware implementation also put in tee_cryp_pbkdf2.c and use CFG_CRYPTO_HW_PBKDF2 to distinguish?

[jenswi-linaro]

No, a hardware non-stubbed implementation is provided in some other file.
It doesn't make sense to use a stubbed hardware implementation when a working software version is available.

[loubaihui]

The hardware implementation will be different from the current software, we will use different hash algorithm etc.
So, I think the pbkdf2_hw.c and pbkdf2_support.h is necessary, specific implementation of hw_pbkdf2() function will be added in core/ drivers/crypto @jenswi-linaro

[jenswi-linaro]

Do you mean that the same input will yield different results? I don't see how a stubbed implementation helps against that.

[loubaihui]

Do you mean that the same input will yield different results? I don't see how a stubbed implementation helps against that.

I'm sorry for misunderstanding your previous comment. Now, I got it and the PR is ready for another round of review. @jenswi-linaro

[jenswi-linaro]

@jforissier, would it make sense to add a:

$(eval $(call cfg-depends-all,CFG_CRYPTO_HW_PBKDF2,CFG_CRYPTO_PBKDF2))

[jforissier]

Yes, I agree

[jenswi-linaro]

Please add a space after #, the same on the line below.

[loubaihui]

Modifications are made.

[jenswi-linaro]

Please add a newline character at the end of the file to avoid this ugly warning from git.

[jenswi-linaro]

The default value should be n.

[loubaihui]

OK

[jenswi-linaro]

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

[loubaihui]

@jenswi-linaro @jforissier

[jforissier]

@loubaihui the code looks good to me so please add:

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

However I would like the commit description changed because it does not add a new implementation, just a config flag to support a hardware implementation. How about:

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

[loubaihui]

@loubaihui the code looks good to me so please add:

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

However I would like the commit description changed because it does not add a new implementation, just a config flag to support a hardware implementation. How about:

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Ok, thanks! @jforissier

[jforissier]

The CI error with "QEMUv8, Xen" is unrelated to this PR, and probably caused by insufficient disk space. This will be addressed separately. Therefore I am merging this, thanks @loubaihui.