core: LTC use only _CFG_CORE_LTC_ variables

LTC is only taking _CFG_CORE_LTC_ prefixed variables into account for
configuration.

_CFG_CORE_LTC_ prefixed variables are assigned based on CFG_CRYPTO_ and
other variables for unchanged LTC configuration.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

24 files changed, 181 insertions, 132 deletions

diff --git a/core/crypto.mk b/core/crypto.mk
index 2fcde139..2026ad40 100644
--- a/core/crypto.mk
+++ b/core/crypto.mk
@@ -124,17 +124,61 @@ $(eval $(call cryp-dep-one, AES, ECB CBC CTR CTS XTS))
 # If no DES cipher mode is left, disable DES
 $(eval $(call cryp-dep-one, DES, ECB CBC))
 
+###############################################################
+# libtomcrypt (LTC) specifics, phase #1
+# LTC is only configured via _CFG_CORE_LTC_ prefixed variables
+#
+# _CFG_CORE_LTC_xxx_DESC means that LTC will only register the
+# descriptor of the algorithm, not provide a
+# crypt_xxx_alloc_ctx() function.
+###############################################################
+
+# If LTC is the cryptolib, pull configuration from CFG_CRYPTO_xxx
+ifeq ($(CFG_CRYPTOLIB_NAME),tomcrypt)
 # dsa_make_params() needs all three SHA-2 algorithms.
 # Disable DSA if any is missing.
 $(eval $(call cryp-dep-all, DSA, SHA256 SHA384 SHA512))
 
-cryp-one-enabled = $(call cfg-one-enabled,$(foreach v,$(1),CFG_CRYPTO_$(v)))
-cryp-all-enabled = $(call cfg-all-enabled,$(foreach v,$(1),CFG_CRYPTO_$(v)))
+# Assign _CFG_CORE_LTC_xxx based on CFG_CRYPTO_yyy
+core-ltc-vars = AES DES
+core-ltc-vars += ECB CBC CTR CTS XTS
+core-ltc-vars += MD5 SHA1 SHA224 SHA256 SHA384 SHA512 SHA512_256
+core-ltc-vars += HMAC CMAC CBC_MAC
+core-ltc-vars += CCM
+ifeq ($(CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB),y)
+core-ltc-vars += GCM
+endif
+core-ltc-vars += RSA DSA DH ECC
+core-ltc-vars += AES_ARM64_CE AES_ARM32_CE
+core-ltc-vars += SHA1_ARM32_CE SHA1_ARM64_CE
+core-ltc-vars += SHA256_ARM32_CE SHA256_ARM64_CE
+core-ltc-vars += SIZE_OPTIMIZATION
+# Assigned selected CFG_CRYPTO_xxx as _CFG_CORE_LTC_xxx
+$(foreach v, $(core-ltc-vars), $(eval _CFG_CORE_LTC_$(v) := $(CFG_CRYPTO_$(v))))
+_CFG_CORE_LTC_MPI := $(CFG_CORE_MBEDTLS_MPI)
+endif
 
-_CFG_CRYPTO_WITH_ACIPHER := $(call cryp-one-enabled, RSA DSA DH ECC)
-_CFG_CRYPTO_WITH_AUTHENC := $(and $(filter y,$(CFG_CRYPTO_AES)), $(call cryp-one-enabled, CCM GCM))
-_CFG_CRYPTO_WITH_CIPHER := $(call cryp-one-enabled, AES DES)
-_CFG_CRYPTO_WITH_HASH := $(call cryp-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 SHA512)
-_CFG_CRYPTO_WITH_MAC := $(call cryp-one-enabled, HMAC CMAC CBC_MAC)
-_CFG_CRYPTO_WITH_CBC := $(call cryp-one-enabled, CBC CBC_MAC)
-_CFG_CRYPTO_WITH_ASN1 := $(call cryp-one-enabled, RSA DSA ECC)
+###############################################################
+# libtomcrypt (LTC) specifics, phase #2
+###############################################################
+
+# Assign system variables
+_CFG_CORE_LTC_CE := $(CFG_CRYPTO_WITH_CE)
+_CFG_CORE_LTC_VFP := $(CFG_WITH_VFP)
+_CFG_CORE_LTC_BIGNUM_MAX_BITS := $(CFG_CORE_BIGNUM_MAX_BITS)
+_CFG_CORE_LTC_PAGER := $(CFG_WITH_PAGER)
+_CFG_CORE_LTC_OPTEE_THREAD := $(CFG_LTC_OPTEE_THREAD)
+_CFG_CORE_LTC_HWSUPP_PMULL := $(CFG_HWSUPP_PMULL)
+
+# Assign aggregated variables
+ltc-one-enabled = $(call cfg-one-enabled,$(foreach v,$(1),_CFG_CORE_LTC_$(v)))
+_CFG_CORE_LTC_ACIPHER := $(call ltc-one-enabled, RSA DSA DH ECC)
+_CFG_CORE_LTC_AUTHENC := $(and $(filter y,$(_CFG_CORE_LTC_AES) \
+					  $(_CFG_CORE_LTC_AES_DESC)), \
+			       $(call ltc-one-enabled, CCM GCM))
+_CFG_CORE_LTC_CIPHER := $(call ltc-one-enabled, AES AES_DESC DES)
+_CFG_CORE_LTC_HASH := $(call ltc-one-enabled, MD5 SHA1 SHA224 SHA256 SHA384 \
+					      SHA512)
+_CFG_CORE_LTC_MAC := $(call ltc-one-enabled, HMAC CMAC CBC_MAC)
+_CFG_CORE_LTC_CBC := $(call ltc-one-enabled, CBC CBC_MAC)
+_CFG_CORE_LTC_ASN1 := $(call ltc-one-enabled, RSA DSA ECC)
diff --git a/core/lib/libtomcrypt/acipher_helpers.h b/core/lib/libtomcrypt/acipher_helpers.h
index e439d35c..d8677300 100644
--- a/core/lib/libtomcrypt/acipher_helpers.h
+++ b/core/lib/libtomcrypt/acipher_helpers.h
@@ -9,7 +9,7 @@
 
 static inline bool bn_alloc_max(struct bignum **s)
 {
-	*s = crypto_bignum_allocate(CFG_CORE_BIGNUM_MAX_BITS);
+	*s = crypto_bignum_allocate(_CFG_CORE_LTC_BIGNUM_MAX_BITS);
 
 	return *s;
 }
diff --git a/core/lib/libtomcrypt/cbc.c b/core/lib/libtomcrypt/cbc.c
index ca62d11d..d096fb1d 100644
--- a/core/lib/libtomcrypt/cbc.c
+++ b/core/lib/libtomcrypt/cbc.c
@@ -120,14 +120,14 @@ static TEE_Result ltc_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx_ret,
 	return TEE_SUCCESS;
 }
 
-#if defined CFG_CRYPTO_AES
+#if defined(_CFG_CORE_LTC_AES)
 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx)
 {
 	return ltc_cbc_alloc_ctx(ctx, find_cipher("aes"), false);
 }
 #endif
 
-#if defined CFG_CRYPTO_DES
+#if defined(_CFG_CORE_LTC_DES)
 TEE_Result crypto_des_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx)
 {
 	return ltc_cbc_alloc_ctx(ctx, find_cipher("des"), false);
diff --git a/core/lib/libtomcrypt/ecb.c b/core/lib/libtomcrypt/ecb.c
index ab68efd7..1834fa5a 100644
--- a/core/lib/libtomcrypt/ecb.c
+++ b/core/lib/libtomcrypt/ecb.c
@@ -118,14 +118,14 @@ static TEE_Result ltc_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx_ret,
 	return TEE_SUCCESS;
 }
 
-#if defined(CFG_CRYPTO_AES)
+#if defined(_CFG_CORE_LTC_AES)
 TEE_Result crypto_aes_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx)
 {
 	return ltc_ecb_alloc_ctx(ctx, find_cipher("aes"), false);
 }
 #endif
 
-#if defined(CFG_CRYPTO_DES)
+#if defined(_CFG_CORE_LTC_DES)
 TEE_Result crypto_des_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx)
 {
 	return ltc_ecb_alloc_ctx(ctx, find_cipher("des"), false);
diff --git a/core/lib/libtomcrypt/hash.c b/core/lib/libtomcrypt/hash.c
index c757515d..c2f7dcda 100644
--- a/core/lib/libtomcrypt/hash.c
+++ b/core/lib/libtomcrypt/hash.c
@@ -125,49 +125,49 @@ static TEE_Result ltc_hash_alloc_ctx(struct crypto_hash_ctx **ctx_ret,
 	return TEE_SUCCESS;
 }
 
-#if defined(CFG_CRYPTO_MD5)
+#if defined(_CFG_CORE_LTC_MD5)
 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("md5"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA1)
+#if defined(_CFG_CORE_LTC_SHA1)
 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("sha1"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA224)
+#if defined(_CFG_CORE_LTC_SHA224)
 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("sha224"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA256)
+#if defined(_CFG_CORE_LTC_SHA256)
 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("sha256"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA384)
+#if defined(_CFG_CORE_LTC_SHA384)
 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("sha384"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA512)
+#if defined(_CFG_CORE_LTC_SHA512)
 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx)
 {
 	return ltc_hash_alloc_ctx(ctx, find_hash("sha512"));
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA256)
+#if defined(_CFG_CORE_LTC_SHA256)
 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data,
 		size_t data_size)
 {
@@ -186,7 +186,7 @@ TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data,
 }
 #endif
 
-#if defined(CFG_CRYPTO_SHA512_256)
+#if defined(_CFG_CORE_LTC_SHA512_256)
 TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data,
 		size_t data_size)
 {
diff --git a/core/lib/libtomcrypt/include/tomcrypt_custom.h b/core/lib/libtomcrypt/include/tomcrypt_custom.h
index fef2035a..f944dc9d 100644
--- a/core/lib/libtomcrypt/include/tomcrypt_custom.h
+++ b/core/lib/libtomcrypt/include/tomcrypt_custom.h
@@ -146,91 +146,91 @@
 
 #define LTC_NO_CIPHERS
 
-#ifdef CFG_CRYPTO_AES
+#if defined(_CFG_CORE_LTC_AES) || defined(_CFG_CORE_LTC_AES_DESC)
    #define LTC_RIJNDAEL
 #endif
-#ifdef CFG_CRYPTO_DES
+#ifdef _CFG_CORE_LTC_DES
    #define LTC_DES
 #endif
 
 #define LTC_NO_MODES
 
-#ifdef CFG_CRYPTO_ECB
+#ifdef _CFG_CORE_LTC_ECB
    #define LTC_ECB_MODE
 #endif
-#if defined(CFG_CRYPTO_CBC) || defined(CFG_CRYPTO_CBC_MAC)
+#if defined(_CFG_CORE_LTC_CBC)
    #define LTC_CBC_MODE
 #endif
-#ifdef CFG_CRYPTO_CTR
+#ifdef _CFG_CORE_LTC_CTR
    #define LTC_CTR_MODE
 #endif
-#ifdef CFG_CRYPTO_XTS
+#ifdef _CFG_CORE_LTC_XTS
    #define LTC_XTS_MODE
 #endif
 
 #define LTC_NO_HASHES
 
-#ifdef CFG_CRYPTO_MD5
+#ifdef _CFG_CORE_LTC_MD5
 #define LTC_MD5
 #endif
-#ifdef CFG_CRYPTO_SHA1
+#ifdef _CFG_CORE_LTC_SHA1
 #define LTC_SHA1
 #endif
-#ifdef CFG_CRYPTO_SHA1_ARM32_CE
+#ifdef _CFG_CORE_LTC_SHA1_ARM32_CE
 #define LTC_SHA1_ARM32_CE
 #endif
-#ifdef CFG_CRYPTO_SHA1_ARM64_CE
+#ifdef _CFG_CORE_LTC_SHA1_ARM64_CE
 #define LTC_SHA1_ARM64_CE
 #endif
-#ifdef CFG_CRYPTO_SHA224
+#ifdef _CFG_CORE_LTC_SHA224
 #define LTC_SHA224
 #endif
-#ifdef CFG_CRYPTO_SHA256
+#if defined(_CFG_CORE_LTC_SHA256) || defined(_CFG_CORE_LTC_SHA256_DESC)
 #define LTC_SHA256
 #endif
-#ifdef CFG_CRYPTO_SHA256_ARM32_CE
+#ifdef _CFG_CORE_LTC_SHA256_ARM32_CE
 #define LTC_SHA256_ARM32_CE
 #endif
-#ifdef CFG_CRYPTO_SHA256_ARM64_CE
+#ifdef _CFG_CORE_LTC_SHA256_ARM64_CE
 #define LTC_SHA256_ARM64_CE
 #endif
-#ifdef CFG_CRYPTO_SHA384
+#if defined(_CFG_CORE_LTC_SHA384) || defined(_CFG_CORE_LTC_SHA384_DESC)
 #define LTC_SHA384
 #endif
-#ifdef CFG_CRYPTO_SHA512
+#if defined(_CFG_CORE_LTC_SHA512) || defined(_CFG_CORE_LTC_SHA512_DESC)
 #define LTC_SHA512
 #endif
-#ifdef CFG_CRYPTO_SHA512_256
+#ifdef _CFG_CORE_LTC_SHA512_256
 #define LTC_SHA512_256
 #endif
 
 #define LTC_NO_MACS
 
-#ifdef CFG_CRYPTO_HMAC
+#ifdef _CFG_CORE_LTC_HMAC
    #define LTC_HMAC
 #endif
-#ifdef CFG_CRYPTO_CMAC
+#ifdef _CFG_CORE_LTC_CMAC
    #define LTC_OMAC
 #endif
-#ifdef CFG_CRYPTO_CCM
+#ifdef _CFG_CORE_LTC_CCM
    #define LTC_CCM_MODE
 #endif
-#ifdef CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB
+#ifdef _CFG_CORE_LTC_GCM
    #define LTC_GCM_MODE
 #endif
 
 #define LTC_NO_PK
 
-#ifdef CFG_CRYPTO_RSA
+#ifdef _CFG_CORE_LTC_RSA
    #define LTC_MRSA
 #endif
-#ifdef CFG_CRYPTO_DSA
+#ifdef _CFG_CORE_LTC_DSA
    #define LTC_MDSA
 #endif
-#ifdef CFG_CRYPTO_DH
+#ifdef _CFG_CORE_LTC_DH
    #define LTC_MDH
 #endif
-#ifdef CFG_CRYPTO_ECC
+#ifdef _CFG_CORE_LTC_ECC
    #define LTC_MECC
 
    /* use Shamir's trick for point mul (speeds up signature verification) */
@@ -258,8 +258,8 @@
 
 #define LTC_NO_PKCS
 
-#if defined(CFG_CRYPTO_RSA) || defined(CFG_CRYPTO_DSA) || \
-	    defined(CFG_CRYPTO_ECC)
+#if defined(_CFG_CORE_LTC_RSA) || defined(_CFG_CORE_LTC_DSA) || \
+	    defined(_CFG_CORE_LTC_ECC)
    #define LTC_DER
 #endif
 
@@ -476,7 +476,7 @@
 
 
 /* THREAD management */
-#if defined(CFG_LTC_OPTEE_THREAD)
+#if defined(_CFG_CORE_LTC_OPTEE_THREAD)
 
 #include <kernel/mutex.h>
 
diff --git a/core/lib/libtomcrypt/include/tomcrypt_mp.h b/core/lib/libtomcrypt/include/tomcrypt_mp.h
index c8ecc496..fd4df636 100644
--- a/core/lib/libtomcrypt/include/tomcrypt_mp.h
+++ b/core/lib/libtomcrypt/include/tomcrypt_mp.h
@@ -6,7 +6,7 @@
 #ifndef TOMCRYPT_MP_H_
 #define TOMCRYPT_MP_H_
 
-#if defined(_CFG_CRYPTO_WITH_ACIPHER)
+#if defined(_CFG_CORE_LTC_ACIPHER)
 void init_mp_tomcrypt(void);
 #else
 static inline void init_mp_tomcrypt(void) { }
diff --git a/core/lib/libtomcrypt/mpa_desc.c b/core/lib/libtomcrypt/mpa_desc.c
index 58aa2427..7867684c 100644
--- a/core/lib/libtomcrypt/mpa_desc.c
+++ b/core/lib/libtomcrypt/mpa_desc.c
@@ -16,9 +16,9 @@ static mpa_scratch_mem external_mem_pool;
 
 #define LTC_MEMPOOL_U32_SIZE \
 	mpa_scratch_mem_size_in_U32(LTC_VARIABLE_NUMBER, \
-				    CFG_CORE_BIGNUM_MAX_BITS)
+				    _CFG_CORE_LTC_BIGNUM_MAX_BITS)
 
-#if defined(CFG_WITH_PAGER)
+#if defined(_CFG_CORE_LTC_PAGER)
 #include <mm/tee_pager.h>
 #include <util.h>
 #include <mm/core_mmu.h>
@@ -37,7 +37,7 @@ static struct mempool *get_mpa_scratch_memory_pool(void)
 
 	return mempool_alloc_pool(data, size, tee_pager_release_phys);
 }
-#else /* CFG_WITH_PAGER */
+#else /* _CFG_CORE_LTC_PAGER */
 static struct mempool *get_mpa_scratch_memory_pool(void)
 {
 	static uint32_t data[LTC_MEMPOOL_U32_SIZE] __aligned(MEMPOOL_ALIGN);
@@ -55,7 +55,7 @@ void init_mp_tomcrypt(void)
 	 * equals the max size of the computation (for example 4096 bits),
 	 * multiplied by 2 to allow overflow in computation
 	 */
-	mem.bn_bits = CFG_CORE_BIGNUM_MAX_BITS * 2;
+	mem.bn_bits = _CFG_CORE_LTC_BIGNUM_MAX_BITS * 2;
 	mem.pool = get_mpa_scratch_memory_pool();
 	if (!mem.pool)
 		panic();
diff --git a/core/lib/libtomcrypt/mpi_desc.c b/core/lib/libtomcrypt/mpi_desc.c
index 67bc3a72..f1551adb 100644
--- a/core/lib/libtomcrypt/mpi_desc.c
+++ b/core/lib/libtomcrypt/mpi_desc.c
@@ -13,7 +13,7 @@
 #include <tomcrypt_mp.h>
 #include <util.h>
 
-#if defined(CFG_WITH_PAGER)
+#if defined(_CFG_CORE_LTC_PAGER)
 #include <mm/core_mmu.h>
 #include <mm/tee_pager.h>
 #endif
@@ -21,7 +21,7 @@
 /* Size needed for xtest to pass reliably on both ARM32 and ARM64 */
 #define MPI_MEMPOOL_SIZE	(42 * 1024)
 
-#if defined(CFG_WITH_PAGER)
+#if defined(_CFG_CORE_LTC_PAGER)
 /* allocate pageable_zi vmem for mp scratch memory pool */
 static struct mempool *get_mp_scratch_memory_pool(void)
 {
@@ -35,7 +35,7 @@ static struct mempool *get_mp_scratch_memory_pool(void)
 
 	return mempool_alloc_pool(data, size, tee_pager_release_phys);
 }
-#else /* CFG_WITH_PAGER */
+#else /* _CFG_CORE_LTC_PAGER */
 static struct mempool *get_mp_scratch_memory_pool(void)
 {
 	static uint8_t data[MPI_MEMPOOL_SIZE] __aligned(MEMPOOL_ALIGN);
diff --git a/core/lib/libtomcrypt/rsa.c b/core/lib/libtomcrypt/rsa.c
index 7e222d9f..c3b561e7 100644
--- a/core/lib/libtomcrypt/rsa.c
+++ b/core/lib/libtomcrypt/rsa.c
@@ -27,40 +27,40 @@
 static TEE_Result tee_algo_to_ltc_hashindex(uint32_t algo, int *ltc_hashindex)
 {
 	switch (algo) {
-#if defined(CFG_CRYPTO_SHA1)
+#if defined(_CFG_CORE_LTC_SHA1)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
 	case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
 	case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
 		*ltc_hashindex = find_hash("sha1");
 		break;
 #endif
-#if defined(CFG_CRYPTO_MD5)
+#if defined(_CFG_CORE_LTC_MD5)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
 		*ltc_hashindex = find_hash("md5");
 		break;
 #endif
-#if defined(CFG_CRYPTO_SHA224)
+#if defined(_CFG_CORE_LTC_SHA224)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
 	case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
 	case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
 		*ltc_hashindex = find_hash("sha224");
 		break;
 #endif
-#if defined(CFG_CRYPTO_SHA256)
+#if defined(_CFG_CORE_LTC_SHA256)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
 	case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
 	case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
 		*ltc_hashindex = find_hash("sha256");
 		break;
 #endif
-#if defined(CFG_CRYPTO_SHA384)
+#if defined(_CFG_CORE_LTC_SHA384)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
 	case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
 	case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
 		*ltc_hashindex = find_hash("sha384");
 		break;
 #endif
-#if defined(CFG_CRYPTO_SHA512)
+#if defined(_CFG_CORE_LTC_SHA512)
 	case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
 	case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
 	case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
@@ -189,7 +189,7 @@ static TEE_Result rsadorep(rsa_key *ltc_key, const uint8_t *src,
 	 * required size of the out buffer without doing a partial decrypt.
 	 * We know the upper bound though.
 	 */
-	blen = CFG_CORE_BIGNUM_MAX_BITS / sizeof(uint8_t);
+	blen = _CFG_CORE_LTC_BIGNUM_MAX_BITS / sizeof(uint8_t);
 	buf = malloc(blen);
 	if (!buf) {
 		res = TEE_ERROR_OUT_OF_MEMORY;
diff --git a/core/lib/libtomcrypt/src/ciphers/sub.mk b/core/lib/libtomcrypt/src/ciphers/sub.mk
index 6f1f1aab..996a17ec 100644
--- a/core/lib/libtomcrypt/src/ciphers/sub.mk
+++ b/core/lib/libtomcrypt/src/ciphers/sub.mk
@@ -1,17 +1,18 @@
 cflags-y += -Wno-unused-parameter
 
-ifeq ($(CFG_CRYPTO_AES_ARM64_CE),y)
+
+ifeq ($(_CFG_CORE_LTC_AES_ARM64_CE),y)
 srcs-y += aes_armv8a_ce.c
 cflags-aes_armv8a_ce.c-y += -march=armv8-a+crypto
 srcs-y += aes_modes_armv8a_ce_a64.S
 aflags-aes_modes_armv8a_ce_a64.S-y += -DINTERLEAVE=4
 else
-ifeq ($(CFG_CRYPTO_AES_ARM32_CE),y)
+ifeq ($(_CFG_CORE_LTC_AES_ARM32_CE),y)
 srcs-y += aes_armv8a_ce.c
 srcs-y += aes_modes_armv8a_ce_a32.S
 else
-srcs-$(CFG_CRYPTO_AES) += aes.c
+srcs-$(call cfg-one-enabled, _CFG_CORE_LTC_AES _CFG_CORE_LTC_AES_DESC) += aes.c
 endif
 endif
 
-srcs-$(CFG_CRYPTO_DES) += des.c
+srcs-$(_CFG_CORE_LTC_DES) += des.c
diff --git a/core/lib/libtomcrypt/src/encauth/gcm/gcm_mult_h_arm_ce.c b/core/lib/libtomcrypt/src/encauth/gcm/gcm_mult_h_arm_ce.c
index 89b03a56..895a9247 100644
--- a/core/lib/libtomcrypt/src/encauth/gcm/gcm_mult_h_arm_ce.c
+++ b/core/lib/libtomcrypt/src/encauth/gcm/gcm_mult_h_arm_ce.c
@@ -35,7 +35,7 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I)
 	dg[0] = get_be64(I + 8);
 
 	tomcrypt_arm_neon_enable(&state);
-#ifdef CFG_HWSUPP_PMULL
+#ifdef _CFG_CORE_LTC_HWSUPP_PMULL
 	pmull_ghash_update_p64(1, dg, zeroes, k, NULL);
 #else
 	pmull_ghash_update_p8(1, dg, zeroes, k, NULL);
diff --git a/core/lib/libtomcrypt/src/encauth/gcm/sub.mk b/core/lib/libtomcrypt/src/encauth/gcm/sub.mk
index 3df1df51..14874c56 100644
--- a/core/lib/libtomcrypt/src/encauth/gcm/sub.mk
+++ b/core/lib/libtomcrypt/src/encauth/gcm/sub.mk
@@ -4,7 +4,7 @@ srcs-y += gcm_done.c
 srcs-y += gcm_gf_mult.c
 srcs-y += gcm_init.c
 srcs-y += gcm_memory.c
-ifeq ($(CFG_CRYPTO_WITH_CE),y)
+ifeq ($(_CFG_CORE_LTC_CE),y)
 srcs-y += gcm_mult_h_arm_ce.c
 else
 srcs-y += gcm_mult_h.c
diff --git a/core/lib/libtomcrypt/src/encauth/sub.mk b/core/lib/libtomcrypt/src/encauth/sub.mk
index 6d6cc89d..6ef94054 100644
--- a/core/lib/libtomcrypt/src/encauth/sub.mk
+++ b/core/lib/libtomcrypt/src/encauth/sub.mk
@@ -1,2 +1,2 @@
-subdirs-$(CFG_CRYPTO_CCM) += ccm
-subdirs-$(CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB) += gcm
+subdirs-$(_CFG_CORE_LTC_CCM) += ccm
+subdirs-$(_CFG_CORE_LTC_GCM) += gcm
diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
index aa88b46c..5a4a77f4 100644
--- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
+++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
@@ -1,18 +1,22 @@
-srcs-$(CFG_CRYPTO_SHA224) += sha224.c
+srcs-$(_CFG_CORE_LTC_SHA224) += sha224.c
 
 # SHA-224 needs SHA-256
-SHA256 := $(call cfg-one-enabled, CFG_CRYPTO_SHA224 CFG_CRYPTO_SHA256)
+SHA256 := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA224 _CFG_CORE_LTC_SHA256 \
+				  _CFG_CORE_LTC_SHA256_DESC)
 ifeq ($(SHA256),y)
-SHA256_CE := $(call cfg-one-enabled, CFG_CRYPTO_SHA256_ARM32_CE CFG_CRYPTO_SHA256_ARM64_CE)
+SHA256_CE := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA256_ARM32_CE \
+				     _CFG_CORE_LTC_SHA256_ARM64_CE)
 ifeq ($(SHA256_CE),y)
 srcs-y += sha256_armv8a_ce.c
-srcs-$(CFG_CRYPTO_SHA256_ARM32_CE) += sha256_armv8a_ce_a32.S
-srcs-$(CFG_CRYPTO_SHA256_ARM64_CE) += sha256_armv8a_ce_a64.S
+srcs-$(_CFG_CORE_LTC_SHA256_ARM32_CE) += sha256_armv8a_ce_a32.S
+srcs-$(_CFG_CORE_LTC_SHA256_ARM64_CE) += sha256_armv8a_ce_a64.S
 else
 srcs-y += sha256.c
 endif
 endif
 
-srcs-$(CFG_CRYPTO_SHA384) += sha384.c
-srcs-$(CFG_CRYPTO_SHA512) += sha512.c
-srcs-$(CFG_CRYPTO_SHA512_256) += sha512_256.c
+srcs-$(call cfg-one-enabled, _CFG_CORE_LTC_SHA384 \
+			     _CFG_CORE_LTC_SHA384_DESC) += sha384.c
+srcs-$(call cfg-one-enabled, _CFG_CORE_LTC_SHA512 \
+			     _CFG_CORE_LTC_SHA512_DESC) += sha512.c
+srcs-$(_CFG_CORE_LTC_SHA512_256) += sha512_256.c
diff --git a/core/lib/libtomcrypt/src/hashes/sub.mk b/core/lib/libtomcrypt/src/hashes/sub.mk
index 7e897f70..e5d1bb50 100644
--- a/core/lib/libtomcrypt/src/hashes/sub.mk
+++ b/core/lib/libtomcrypt/src/hashes/sub.mk
@@ -1,11 +1,11 @@
-srcs-$(CFG_CRYPTO_MD5) += md5.c
+srcs-$(_CFG_CORE_LTC_MD5) += md5.c
 
-ifeq ($(CFG_CRYPTO_SHA1),y)
-SHA1_CE := $(call cfg-one-enabled, CFG_CRYPTO_SHA1_ARM32_CE CFG_CRYPTO_SHA1_ARM64_CE)
+ifeq ($(_CFG_CORE_LTC_SHA1),y)
+SHA1_CE := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA1_ARM32_CE _CFG_CORE_LTC_SHA1_ARM64_CE)
 ifeq ($(SHA1_CE),y)
 srcs-y += sha1_armv8a_ce.c
-srcs-$(CFG_CRYPTO_SHA1_ARM32_CE) += sha1_armv8a_ce_a32.S
-srcs-$(CFG_CRYPTO_SHA1_ARM64_CE) += sha1_armv8a_ce_a64.S
+srcs-$(_CFG_CORE_LTC_SHA1_ARM32_CE) += sha1_armv8a_ce_a32.S
+srcs-$(_CFG_CORE_LTC_SHA1_ARM64_CE) += sha1_armv8a_ce_a64.S
 else
 srcs-y += sha1.c
 endif
diff --git a/core/lib/libtomcrypt/src/mac/sub.mk b/core/lib/libtomcrypt/src/mac/sub.mk
index c4c60ff3..e8690abc 100644
--- a/core/lib/libtomcrypt/src/mac/sub.mk
+++ b/core/lib/libtomcrypt/src/mac/sub.mk
@@ -1,2 +1,2 @@
-subdirs-$(CFG_CRYPTO_HMAC) += hmac
-subdirs-$(CFG_CRYPTO_CMAC) += omac
+subdirs-$(_CFG_CORE_LTC_HMAC) += hmac
+subdirs-$(_CFG_CORE_LTC_CMAC) += omac
diff --git a/core/lib/libtomcrypt/src/math/fp/sub.mk b/core/lib/libtomcrypt/src/math/fp/sub.mk
index c3daceaa..fe796569 100644
--- a/core/lib/libtomcrypt/src/math/fp/sub.mk
+++ b/core/lib/libtomcrypt/src/math/fp/sub.mk
@@ -1 +1 @@
-srcs-$(CFG_CRYPTO_ECC) += ltc_ecc_fp_mulmod.c
+srcs-$(_CFG_CORE_LTC_ECC) += ltc_ecc_fp_mulmod.c
diff --git a/core/lib/libtomcrypt/src/modes/sub.mk b/core/lib/libtomcrypt/src/modes/sub.mk
index 91776226..45b14a89 100644
--- a/core/lib/libtomcrypt/src/modes/sub.mk
+++ b/core/lib/libtomcrypt/src/modes/sub.mk
@@ -1,4 +1,4 @@
-subdirs-$(_CFG_CRYPTO_WITH_CBC) += cbc
-subdirs-$(CFG_CRYPTO_CTR) += ctr
-subdirs-$(CFG_CRYPTO_ECB) += ecb
-subdirs-$(CFG_CRYPTO_XTS) += xts
+subdirs-$(_CFG_CORE_LTC_CBC) += cbc
+subdirs-$(_CFG_CORE_LTC_CTR) += ctr
+subdirs-$(_CFG_CORE_LTC_ECB) += ecb
+subdirs-$(_CFG_CORE_LTC_XTS) += xts
diff --git a/core/lib/libtomcrypt/src/pk/sub.mk b/core/lib/libtomcrypt/src/pk/sub.mk
index 562642ca..c9e5c82d 100644
--- a/core/lib/libtomcrypt/src/pk/sub.mk
+++ b/core/lib/libtomcrypt/src/pk/sub.mk
@@ -1,7 +1,7 @@
-subdirs-$(_CFG_CRYPTO_WITH_ASN1) += asn1
-subdirs-$(CFG_CRYPTO_DSA) += dsa
+subdirs-$(_CFG_CORE_LTC_ASN1) += asn1
+subdirs-$(_CFG_CORE_LTC_DSA) += dsa
 # PKCS1 paddings are used with RSA only
-subdirs-$(CFG_CRYPTO_RSA) += pkcs1
-subdirs-$(CFG_CRYPTO_RSA) += rsa
-subdirs-$(CFG_CRYPTO_DH) += dh
-subdirs-$(CFG_CRYPTO_ECC) += ecc
+subdirs-$(_CFG_CORE_LTC_RSA) += pkcs1
+subdirs-$(_CFG_CORE_LTC_RSA) += rsa
+subdirs-$(_CFG_CORE_LTC_DH) += dh
+subdirs-$(_CFG_CORE_LTC_ECC) += ecc
diff --git a/core/lib/libtomcrypt/src/prngs/sub.mk b/core/lib/libtomcrypt/src/prngs/sub.mk
index 6aeaa77a..d8a8e51e 100644
--- a/core/lib/libtomcrypt/src/prngs/sub.mk
+++ b/core/lib/libtomcrypt/src/prngs/sub.mk
@@ -4,4 +4,4 @@ srcs-y += rng_get_bytes.c
 srcs-y += rng_make_prng.c
 srcs-y += sprng.c
 srcs-y += rc4.c
-srcs-$(_CFG_CRYPTO_WITH_FORTUNA_PRNG) += fortuna.c
+srcs-$(_CFG_CORE_LTC_FORTUNA_PRNG) += fortuna.c
diff --git a/core/lib/libtomcrypt/src/sub.mk b/core/lib/libtomcrypt/src/sub.mk
index cafccc5e..c4ff5eda 100644
--- a/core/lib/libtomcrypt/src/sub.mk
+++ b/core/lib/libtomcrypt/src/sub.mk
@@ -1,8 +1,8 @@
-subdirs-$(_CFG_CRYPTO_WITH_CIPHER) += ciphers
-subdirs-$(_CFG_CRYPTO_WITH_AUTHENC) += encauth
+subdirs-$(_CFG_CORE_LTC_CIPHER) += ciphers
+subdirs-$(_CFG_CORE_LTC_AUTHENC) += encauth
 subdirs-y += hashes
-subdirs-$(_CFG_CRYPTO_WITH_MAC) += mac
-subdirs-$(_CFG_CRYPTO_WITH_ACIPHER) += math
+subdirs-$(_CFG_CORE_LTC_MAC) += mac
+subdirs-$(_CFG_CORE_LTC_ACIPHER) += math
 subdirs-y += misc
 subdirs-y += modes
-subdirs-$(_CFG_CRYPTO_WITH_ACIPHER) += pk
+subdirs-$(_CFG_CORE_LTC_ACIPHER) += pk
diff --git a/core/lib/libtomcrypt/sub.mk b/core/lib/libtomcrypt/sub.mk
index 90a61c94..9a9cccf2 100644
--- a/core/lib/libtomcrypt/sub.mk
+++ b/core/lib/libtomcrypt/sub.mk
@@ -1,28 +1,28 @@
-cppflags-lib-$(CFG_CRYPTO_SIZE_OPTIMIZATION) += -DLTC_SMALL_CODE
+cppflags-lib-$(_CFG_CORE_LTC_SIZE_OPTIMIZATION) += -DLTC_SMALL_CODE
 cppflags-lib-y += -DLTC_RSA_CRT_HARDENING -DLTC_RSA_BLINDING
-cflags-lib-$(CFG_CRYPTO_SIZE_OPTIMIZATION) += -Os
+cflags-lib-$(_CFG_CORE_LTC_SIZE_OPTIMIZATION) += -Os
 
 global-incdirs-y += include
 
 subdirs-y += src
 
-srcs-$(_CFG_CRYPTO_WITH_HASH) += hash.c
-srcs-$(CFG_CRYPTO_HMAC) += hmac.c
-srcs-$(CFG_CRYPTO_CMAC) += cmac.c
-srcs-$(CFG_CRYPTO_ECB) += ecb.c
-srcs-$(CFG_CRYPTO_CBC) += cbc.c
-srcs-$(CFG_CRYPTO_CTR) += ctr.c
-srcs-$(CFG_CRYPTO_XTS) += xts.c
-srcs-$(CFG_CRYPTO_CCM) += ccm.c
-srcs-$(CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB) += gcm.c
-srcs-$(CFG_CRYPTO_DSA) += dsa.c
-srcs-$(CFG_CRYPTO_ECC) += ecc.c
-srcs-$(CFG_CRYPTO_RSA) += rsa.c
-srcs-$(CFG_CRYPTO_DH) += dh.c
-srcs-$(CFG_CRYPTO_AES) += aes.c
+srcs-$(_CFG_CORE_LTC_HASH) += hash.c
+srcs-$(_CFG_CORE_LTC_HMAC) += hmac.c
+srcs-$(_CFG_CORE_LTC_CMAC) += cmac.c
+srcs-$(_CFG_CORE_LTC_ECB) += ecb.c
+srcs-$(_CFG_CORE_LTC_CBC) += cbc.c
+srcs-$(_CFG_CORE_LTC_CTR) += ctr.c
+srcs-$(_CFG_CORE_LTC_XTS) += xts.c
+srcs-$(_CFG_CORE_LTC_CCM) += ccm.c
+srcs-$(_CFG_CORE_LTC_GCM) += gcm.c
+srcs-$(_CFG_CORE_LTC_DSA) += dsa.c
+srcs-$(_CFG_CORE_LTC_ECC) += ecc.c
+srcs-$(_CFG_CORE_LTC_RSA) += rsa.c
+srcs-$(_CFG_CORE_LTC_DH) += dh.c
+srcs-$(_CFG_CORE_LTC_AES) += aes.c
 
-ifdef _CFG_CRYPTO_WITH_ACIPHER
-ifeq ($(CFG_CORE_MBEDTLS_MPI),y)
+ifdef _CFG_CORE_LTC_ACIPHER
+ifeq ($(_CFG_CORE_LTC_MPI),y)
 srcs-y += mpi_desc.c
 else
 srcs-y += mpa_desc.c
diff --git a/core/lib/libtomcrypt/tomcrypt.c b/core/lib/libtomcrypt/tomcrypt.c
index e8ffc67e..52e26155 100644
--- a/core/lib/libtomcrypt/tomcrypt.c
+++ b/core/lib/libtomcrypt/tomcrypt.c
@@ -10,7 +10,7 @@
 #include "tomcrypt_mp.h"
 #include <trace.h>
 
-#if defined(CFG_WITH_VFP)
+#if defined(_CFG_CORE_LTC_VFP)
 #include <tomcrypt_arm_neon.h>
 #include <kernel/thread.h>
 #endif
@@ -89,29 +89,29 @@ static const struct ltc_prng_descriptor prng_crypto_desc = {
 
 static void tee_ltc_reg_algs(void)
 {
-#if defined(CFG_CRYPTO_AES)
+#if defined(_CFG_CORE_LTC_AES) || defined(_CFG_CORE_LTC_AES_DESC)
 	register_cipher(&aes_desc);
 #endif
-#if defined(CFG_CRYPTO_DES)
+#if defined(_CFG_CORE_LTC_DES)
 	register_cipher(&des_desc);
 	register_cipher(&des3_desc);
 #endif
-#if defined(CFG_CRYPTO_MD5)
+#if defined(_CFG_CORE_LTC_MD5)
 	register_hash(&md5_desc);
 #endif
-#if defined(CFG_CRYPTO_SHA1)
+#if defined(_CFG_CORE_LTC_SHA1)
 	register_hash(&sha1_desc);
 #endif
-#if defined(CFG_CRYPTO_SHA224)
+#if defined(_CFG_CORE_LTC_SHA224)
 	register_hash(&sha224_desc);
 #endif
-#if defined(CFG_CRYPTO_SHA256)
+#if defined(_CFG_CORE_LTC_SHA256) || defined(_CFG_CORE_LTC_SHA256_DESC)
 	register_hash(&sha256_desc);
 #endif
-#if defined(CFG_CRYPTO_SHA384)
+#if defined(_CFG_CORE_LTC_SHA384) || defined(_CFG_CORE_LTC_SHA384_DESC)
 	register_hash(&sha384_desc);
 #endif
-#if defined(CFG_CRYPTO_SHA512)
+#if defined(_CFG_CORE_LTC_SHA512) || defined(_CFG_CORE_LTC_SHA512_DESC)
 	register_hash(&sha512_desc);
 #endif
 	register_prng(&prng_crypto_desc);