crypto: Add nrf_oberon 3.0.16 version

Adds experimental support for AES key wrap
and WPA3-SAE algorithms.

Check the changelog for the complete feature list.

Ref: NCSDK-30210

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>

Author: Vge0rge

crypto/CMakeLists.txt

@@ -15,7 +15,7 @@ add_library(nrfxlib_crypto INTERFACE)
 if(CONFIG_NRF_OBERON OR CONFIG_BUILD_WITH_TFM OR CONFIG_OBERON_BACKEND OR CONFIG_PSA_CRYPTO_DRIVER_OBERON)
 
   set(OBERON_BASE ${CMAKE_CURRENT_SOURCE_DIR}/nrf_oberon)
-  set(OBERON_VER 3.0.15)
+  set(OBERON_VER 3.0.16)
 
   nrfxlib_calculate_lib_path(OBERON_LIB_DIR
     BASE_DIR ${OBERON_BASE}

crypto/doc/CHANGELOG_oberon.rst

@@ -9,6 +9,101 @@ Changelog - nrf_oberon
 
 All notable changes to this project are documented in this file.
 
+nrf_oberon - 3.0.16
+*******************
+
+New version of the nrf_oberon library with the following changes.
+
+Added
+=====
+
+* Add support for LMS verify and HSS verify (PQC signature algorithms). Based on NIST SP 800-208. With support for SHA256 and SHAKE256 hashing.
+* Add AES key wrap algorithms with and without padding based on NIST standard Methods for Key Wrapping.
+* Add support for XChaCha20 and XChaCha20-Poly1305. Based on XChaCha.
+* Add support for secp256k1 (Koblitz curves). Based on NIST SP 800-56A Rev. 3 and FIPS 186-5.
+* Add AES key wrap algorithms with and without padding based on NIST standard Methods for Key Wrapping.
+* Add experimental support for WPA3-SAE/WPA3-SAE-H2E based on IEEE standard P802.11-REVme/D7.0, Part 11.
+* Add experimental support for Ascon-Hash256 (fixed size, XOF, CXOF) and Ascon-AEAD128. Based on NIST SP 800-232.
+
+Library built against Mbed TLS version 3.6.2.
+
+Added the following Oberon crypto libraries for nRF91, nRF53, nRF52, and nRF51 Series.
+
+.. note::
+   The *short-wchar* libraries are compiled with a wchar_t size of 16 bits.
+
+* nrf_oberon, nRF91 and nRF53 Series application core variants
+
+  * :file:`cortex-m33/hard-float/liboberon_3.0.16.a`
+  * :file:`cortex-m33/hard-float/liboberon_mbedtls_3.0.16.a`
+  * :file:`cortex-m33/soft-float/liboberon_3.0.16.a`
+  * :file:`cortex-m33/soft-float/liboberon_mbedtls_3.0.16.a`
+
+  * short-wchar
+
+    * :file:`cortex-m33/hard-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m33/hard-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+    * :file:`cortex-m33/soft-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m33/soft-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+
+  * Keil
+
+    * :file:`cortex-m33/hard-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m33/hard-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+    * :file:`cortex-m33/soft-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m33/soft-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+
+* nrf_oberon, nRF53 Series network core variants
+
+  * :file:`cortex-m33+nodsp/soft-float/liboberon_3.0.16.a`
+  * :file:`cortex-m33+nodsp/soft-float/liboberon_mbedtls_3.0.16.a`
+
+  * short-wchar
+
+    * :file:`cortex-m33+nodsp/soft-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m33+nodsp/soft-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+
+  * Keil
+
+    * :file:`cortex-m33/soft-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m33/soft-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+
+* nrf_oberon, nRF52 Series variants
+
+  * :file:`cortex-m4/hard-float/liboberon_3.0.16.a`
+  * :file:`cortex-m4/hard-float/liboberon_mbedtls_3.0.16.a`
+  * :file:`cortex-m4/soft-float/liboberon_3.0.16.a`
+  * :file:`cortex-m4/soft-float/liboberon_mbedtls_3.0.16.a.a`
+
+  * short-wchar
+
+    * :file:`cortex-m4/hard-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m4/hard-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+    * :file:`cortex-m4/soft-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m4/soft-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+
+  * Keil
+
+    * :file:`cortex-m4/soft-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m4/soft-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+    * :file:`cortex-m4/hard-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m4/hard-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+
+* nrf_oberon, nRF51 Series variants
+
+  * :file:`cortex-m0/soft-float/liboberon_3.0.16.a`
+  * :file:`cortex-m0/soft-float/liboberon_mbedtls_3.0.16.a`
+
+  * short-wchar
+
+    * :file:`cortex-m0/soft-float/short-wchar/liboberon_3.0.16.a`
+    * :file:`cortex-m0/soft-float/short-wchar/liboberon_mbedtls_3.0.16.a`
+
+  * Keil
+
+    * :file:`cortex-m0/soft-float/short-wchar/oberon_3.0.16.lib``
+    * :file:`cortex-m0/soft-float/short-wchar/oberon_mbedtls_3.0.16.lib``
+
 nrf_oberon - 3.0.15
 *******************
 

crypto/nrf_oberon/include/ocrypto_aes_cbc.h

@@ -6,21 +6,21 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_cbc AES-CBC - AES Cipher Block Chaining
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_cbc AES-CBC
+ * @ingroup ocrypto_unauth_enc
  * @{
- * @brief Type definitions and APIs for AES-CBC (AES Cipher Block Chaining).
+ * @brief AES Cipher Block Chaining.
  *
  * AES-CBC (AES Cipher Block Chaining) is an AES block cipher mode which avoids the problems of the
  * ECB mode by xoring each plaintext block with the previous ciphertext block before being encrypted.
+ *
+ * @see [NIST - Special Publication 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)
+ */
+
+/**
+ * @file
+ * @brief AES Cipher Block Chaining.
  */
 
 #ifndef OCRYPTO_AES_CBC_H
@@ -44,7 +44,8 @@ typedef struct {
 /**@endcond */
 
 
-/**@name Incremental AES-CBC encryption/decryption.
+/**
+ * @name Incremental AES-CBC encryption/decryption
  *
  * This group of functions can be used to incrementally compute the
  * AES-CBC encryption/decryption for a given message.

crypto/nrf_oberon/include/ocrypto_aes_cbc_pkcs.h

@@ -6,15 +6,23 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes_cbc_pkcs7 AES-CBC-PKCS7 - AES Cipher Block Chaining with PKCS7
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_cbc_pkcs7 AES-CBC-PKCS7
+ * @ingroup ocrypto_unauth_enc
  * @{
- * @brief Type definitions and APIs for AES-CBC-PKCS7 (AES Cipher Block Chaining with PKCS7 padding).
+ * @brief AES Cipher Block Chaining with PKCS7 padding.
  *
  * AES-CBC (AES Cipher Block Chaining) is an AES block cipher mode which avoids the problems of the
  * ECB mode by xoring each plaintext block with the previous ciphertext block before being encrypted.
  * PKCS7 padding allows encoding/decoding of arbitrarily sized messages.
+ *
+ * @see [NIST - Special Publication 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)
+ * @see [RFC - PKCS #7: Cryptographic Message Syntax Version 1.5](http://tools.ietf.org/html/rfc2315)
+ */
+
+/**
+ * @file
+ * @brief AES Cipher Block Chaining with PKCS7 padding.
  */
 
 #ifndef OCRYPTO_AES_CBC_PKCS_H
@@ -42,7 +50,8 @@ typedef struct {
 /**@endcond */
 
 
-/**@name Incremental AES-CBC encryption/decryption.
+/**
+ * @name Incremental AES-CBC encryption/decryption
  *
  * This group of functions can be used to incrementally compute the
  * AES-CBC encryption/decryption for a given message.

crypto/nrf_oberon/include/ocrypto_aes_ccm.h

@@ -6,22 +6,22 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_ccm AES-CCM - AES Counter mode with CBC-MAC
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_ccm AES-CCM
+ * @ingroup ocrypto_auth_enc
  * @{
- * @brief Type definitions and APIs for AES-CCM (AES Counter mode with CBC-MAC).
- *
- * AES-CCM (AES counter mode with CBC-MAC) is an AES mode which effectively turns the block
+ * @brief AES Counter Mode with CBC-MAC.
+ * 
+ * AES-CCM (AES Counter Mode with CBC-MAC) is an AES mode which effectively turns the block
  * cipher into a stream cipher. The AES block cipher primitive is used in CTR mode for
  * encryption and decryption. In addition an AES CBC-MAC is used for authentication.
+ * 
+ * @see [NIST - SP 800-38C](https://csrc.nist.gov/pubs/sp/800/38/c/upd1/final)
+ */
+
+/**
+ * @file
+ * @brief AES Counter Mode with CBC-MAC.
  */
 
 #ifndef OCRYPTO_AES_CCM_H
@@ -52,7 +52,8 @@ typedef struct {
 /**@endcond */
 
 
-/**@name Incremental AES-CCM encryption/decryption.
+/**
+ * @name Incremental AES-CCM encryption/decryption
  *
  * This group of functions can be used to incrementally compute the
  * AES-CCM encryption/decryption for a given message.

crypto/nrf_oberon/include/ocrypto_aes_cmac.h

@@ -6,22 +6,23 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_cmac AES-CMAC - AES Cipher-based Message Authentication Code APIs
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_cmac AES-CMAC
+ * @ingroup ocrypto_mac
  * @{
- * @brief Type definitions and APIs for AES-CMAC (AES Cipher-based Message Authentication Code).
+ * @brief AES Cipher-based Message Authentication Code algorithm.
  *
  * AES-CMAC (AES Cipher-based Message Authentication Code) is a block cipher-based message
  * authentication code algorithm. The AES block cipher primitive is used in variant of the
  * CBC mode to get the authentication tag.
+ *
+ * @see [RFC - The AES-CMAC Algorithm](http://tools.ietf.org/html/rfc4493)
+ * @see [NIST - Special Publication 800-38B](https://csrc.nist.gov/pubs/sp/800/38/b/upd1/final)
+ */
+
+/**
+ * @file
+ * @brief AES Cipher-based Message Authentication Code.
  */
 
 #ifndef OCRYPTO_AES_CMAC_H

crypto/nrf_oberon/include/ocrypto_aes_ctr.h

@@ -6,23 +6,23 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_ctr AES-CTR - AES counter Mode
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_ctr AES-CTR
+ * @ingroup ocrypto_unauth_enc
  * @{
- * @brief Type definitions and APIs for AES-CTR (AES counter mode).
+ * @brief AES Counter Mode.
  *
- * AES-CTR (AES counter mode) is an AES mode which effectively turns the block cipher into a stream
+ * AES-CTR (AES Counter Mode) is an AES mode which effectively turns the block cipher into a stream
  * cipher. The AES block encryption is used on a value which is incremented for each new block.
  * The resulting cipher stream is then xor combined with the plaintext to get the ciphertext.
  * In contrast to AES itself, encryption and decryption operations are identical for AES-CTR.
+ *
+ * @see [NIST - Special Publication 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)
+ */
+
+/**
+ * @file
+ * @brief AES Counter Mode.
  */
 
 #ifndef OCRYPTO_AES_CTR_H
@@ -48,7 +48,8 @@ typedef struct {
 /**@endcond */
 
 
-/**@name Incremental AES-CTR encryption/decryption.
+/**
+ * @name Incremental AES-CTR encryption/decryption
  *
  * This group of functions can be used to incrementally compute the
  * AES-CTR encryption/decryption for a given message.

crypto/nrf_oberon/include/ocrypto_aes_eax.h

@@ -6,22 +6,23 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_eax AES-EAX - AES Encrypt-then-authenticate-then-translate
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_eax AES-EAX
+ * @ingroup ocrypto_auth_enc
  * @{
- * @brief Type definitions and APIS for AES-EAX (Encrypt-then-authenticate-then-translate)
- *
+ * @brief AES Encrypt-then-Authenticate-then-Translate.
+ * 
  * AES-EAX (encrypt-then-authenticate-then-translate) is an AES mode which effectively turns the
  * block cipher into a stream cipher. The AES block cipher primitive is used in CTR mode for
  * encryption and as OMAC for authentication over each block.
+ * 
+ * @see [FIPS - Advanced Encryption Standard (AES)](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf)
+ * @see [The EAX Mode of Operation](https://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf)
+ */
+
+/**
+ * @file
+ * @brief AES Encrypt-then-Authenticate-then-Translate.
  */
 
 #ifndef OCRYPTO_AES_EAX_H

crypto/nrf_oberon/include/ocrypto_aes_ecb.h

@@ -6,20 +6,22 @@
  */
 
 
-/**@file
- * @defgroup ocrypto_aes AES - Advanced Encryption Standard APIs
- * @ingroup ocrypto
- * @{
- * @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
- * AES transfers a 128-bit block of data into an encrypted block of the same size.
- * @}
- *
- * @defgroup ocrypto_aes_ecb AES-ECB - AES Electronic Codebook
- * @ingroup ocrypto_aes
+/**
+ * @defgroup ocrypto_aes_ecb AES-ECB
+ * @ingroup ocrypto_unauth_enc
  * @{
- * @brief Type definitions and APIs for AES-ECB (AES Electronic Codebook).
+ * @brief AES Electronic Codebook.
  *
  * AES-ECB (AES Electronic Codebook) is a simple AES block cipher mode.
+ * 
+ * @remark AES-ECB is not recommended for use in cryptographic protocols.
+ *
+ * @see [NIST - Special Publication 800-38A](https://csrc.nist.gov/pubs/sp/800/38/a/final)
+ */
+
+/**
+ * @file
+ * @brief AES Electronic Codebook.
  */
 
 #ifndef OCRYPTO_AES_ECB_H
@@ -42,7 +44,8 @@ typedef struct {
 /**@endcond */
 
 
-/**@name Incremental AES-ECB encryption/decryption.
+/**
+ * @name Incremental AES-ECB encryption/decryption
  *
  * This group of functions can be used to incrementally compute the
  * AES-ECB encryption/decryption for a given message.