core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and rena

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and renamed to
cbc_cts_update().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ack

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface i

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface in the core/driver/crypto/crypto_api
is implemented to be able to use a HW driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: crypto.c: don't use _CFG_CRYPTO_WITH_ACIPHER

Uses CFG_CRYPTO_RSA, CFG_CRYPTO_DSA, CFG_CRYPTO_DH and CFG_CRYPTO_ECC to
tell if bignum functions needs to be stubbed instead of relying on
_CFG_CR

core: crypto.c: don't use _CFG_CRYPTO_WITH_ACIPHER

Uses CFG_CRYPTO_RSA, CFG_CRYPTO_DSA, CFG_CRYPTO_DH and CFG_CRYPTO_ECC to
tell if bignum functions needs to be stubbed instead of relying on
_CFG_CRYPTO_WITH_ACIPHER which is about to be removed.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_authenc_ops

Uses struct crypto_authenc_ops pointer in crypto context for authenc
ciphers (AES-GCM and AES-CCM) as a glue layer instead of a switch(algo)
in each

core: crypto: introduce struct crypto_authenc_ops

Uses struct crypto_authenc_ops pointer in crypto context for authenc
ciphers (AES-GCM and AES-CCM) as a glue layer instead of a switch(algo)
in each cryto_authenc_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_cipher_ops

Uses struct crypto_cipher_ops pointer in crypto context for ciphers as a
glue layer instead of a switch(algo) in each crypto_cipher_*() function.

Re

core: crypto: introduce struct crypto_cipher_ops

Uses struct crypto_cipher_ops pointer in crypto context for ciphers as a
glue layer instead of a switch(algo) in each crypto_cipher_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_mac_ops

Uses struct crypto_mac_ops pointer in crypto context for MACs as a
glue layer instead of a switch(algo) in each crypto_mac_*() function.

Moves CBC-MAC

core: crypto: introduce struct crypto_mac_ops

Uses struct crypto_mac_ops pointer in crypto context for MACs as a
glue layer instead of a switch(algo) in each crypto_mac_*() function.

Moves CBC-MAC implementation from LTC wrapper to core/crypto.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: implement crypto_cipher_get_block_size()

Prior to this patch only the prototype and a stub of
crypto_cipher_get_block_size() was available. With this patch replace
the stub with an implementat

core: implement crypto_cipher_get_block_size()

Prior to this patch only the prototype and a stub of
crypto_cipher_get_block_size() was available. With this patch replace
the stub with an implementation.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_hash_ops

Uses struct crypto_hash_ops pointer in crypto context for hashes as a
glue layer instead of a switch(algo) in each crypto_hash_*() function.

Reviewed-

core: crypto: introduce struct crypto_hash_ops

Uses struct crypto_hash_ops pointer in crypto context for hashes as a
glue layer instead of a switch(algo) in each crypto_hash_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.c: crypto_*_free_ctx() stubs should allow NULL context

Update the crypto_*_free_ctx() functions so that they do nothing when
passed a NULL ctx. Allows for easier error handling.

Signed

core: crypto.c: crypto_*_free_ctx() stubs should allow NULL context

Update the crypto_*_free_ctx() functions so that they do nothing when
passed a NULL ctx. Allows for easier error handling.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Rev

core: crypto.h manages authenc context memory

To ease integration with other crypto libraries change the authenc context
interface in crypto.h to manage the memory used for the authenc context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Review

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Je

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by:

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Reformat copyright/license header in files with an SPDX ID

Some files were committed with an SPDX license identifier before the
rules were defined [1]. Reformat them accordingly.

[1] documentation/

Reformat copyright/license header in files with an SPDX ID

Some files were committed with an SPDX license identifier before the
rules were defined [1]. Reformat them accordingly.

[1] documentation/copyright_and_license_headers.rst

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core/crypto/crypto.c: fix compile errors when _CFG_CRYPTO_WITH_CIPHER=n

Although _CFG_CRYPTO_WITH_CIPHER=n does not seem to be a valid
configuration (both the REE and RPMB FS use AES and at least on

core/crypto/crypto.c: fix compile errors when _CFG_CRYPTO_WITH_CIPHER=n

Although _CFG_CRYPTO_WITH_CIPHER=n does not seem to be a valid
configuration (both the REE and RPMB FS use AES and at least one has to
be enabled currently), fix build errors triggered by:

make _CFG_CRYPTO_WITH_CIPHER=n \
out/arm-plat-vexpress/core/crypto/crypto.o

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move crypto_authenc_*() from LTC

* Moves crypto_authenc_*() from LTC to core/crypto/crypto.c
* Defines <crypto/aes-gcm.h> and <crypto/aes-ccm.h> and
implements the functions in
core/lib/li

core: move crypto_authenc_*() from LTC

* Moves crypto_authenc_*() from LTC to core/crypto/crypto.c
* Defines <crypto/aes-gcm.h> and <crypto/aes-ccm.h> and
implements the functions in
core/lib/libtomcrypt/src/tee_ltc_provider.c based on the
old implementations of crypto_authenc_*().

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct acipher_ops with function interface

Adds crypto_acipher_*() replacing struct acipher_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

Replace struct acipher_ops with function interface

Adds crypto_acipher_*() replacing struct acipher_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct bignum_ops with function interface

Adds crypto_bignum_*() replacing struct bignum_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Car

Replace struct bignum_ops with function interface

Adds crypto_bignum_*() replacing struct bignum_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct authenc_ops with function interface

Adds crypto_authenc_*() replacing struct authenc_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

Replace struct authenc_ops with function interface

Adds crypto_authenc_*() replacing struct authenc_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...