crypto: se050: adaptors: elliptic curve

APDU and utility functions required to support elliptic curve
cryptography.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander

crypto: se050: adaptors: elliptic curve

APDU and utility functions required to support elliptic curve
cryptography.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: limitations to RSA crypto

The supported algorithms for encryption/decryption are:
PKCS1_OAEP
PKCS1_V1_5

When using PKCS1_PSS_MGF1 the se050 also has some restrictions on

drivers: crypto: se050: limitations to RSA crypto

The supported algorithms for encryption/decryption are:
PKCS1_OAEP
PKCS1_V1_5

When using PKCS1_PSS_MGF1 the se050 also has some restrictions on the
hash algorithms that can be used depending on the RSA key size.

Source: Plug And Trust MW documentation, Release v02,14,00 (Apr 03,
2020)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 1

drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 12 bytes while the se050 unique
identifier is 18 bytes which is an issue as the uniqueness of the
device can be lost due to the truncation of the identifier.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: se050: strip spaces from crypto.mk

Some versions of the force function used in the makefile might produce
incorrect results when spaces are included in the parameter field.

In gene

drivers: crypto: se050: strip spaces from crypto.mk

Some versions of the force function used in the makefile might produce
incorrect results when spaces are included in the parameter field.

In general is a better practice to strip spaces when invoking this
sort of functions.

To prevent issues (ie: in case of backport) make sure that the SE050
driver is not affected by that variability.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: se050: glue layer

The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.

1) user crypto operations: these operations must run outside the SE050
in orde

drivers: se050: glue layer

The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.

1) user crypto operations: these operations must run outside the SE050
in order to implement SCP03.

2) i2c operations: these operations provide access to the I2C bus to
communicate with the SE050.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@fori

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: driver: generic resources for crypto device driver - ECC

Add a generic cryptographic ECC driver interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveu

core: driver: generic resources for crypto device driver - ECC

Add a generic cryptographic ECC driver interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: use do_free_keypair() instead of open-coding

There is a function to free an RSA keypair, use it instead of
duplicating the code.

Signed-off-by: Jerome Forissier <jerome@forissier.org

drivers: caam: use do_free_keypair() instead of open-coding

There is a function to free an RSA keypair, use it instead of
duplicating the code.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: do_free_keypair(): add missing free for key->dq

The do_free_keypair() function lacks a call to crypto_bignum_free() for
the dq member of the key. Add it.

Fixes: a1d5c81f8834 ("crypto

drivers: caam: do_free_keypair(): add missing free for key->dq

The do_free_keypair() function lacks a call to crypto_bignum_free() for
the dq member of the key. Add it.

Fixes: a1d5c81f8834 ("crypto: add function to free rsa keypair")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these fi

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these files are renamed with a vm prefix.

Introduces: vm_map_param(), vm_clean_param(),
vm_buf_is_inside_private(), vm_buf_intersects_private(),
vm_buf_to_mboj_offs(), vm_buf_is_inside_um_private(),
vm_buf_intersects_um_private(), vm_add_rwmem(), vm_rem_rwmem(),
vm_va2pa(), vm_pa2va(), vm_check_access_rights(), vm_set_ctx() replacing
their tee_mmu_*() counterpart.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix build warning

Compiler warns about comparison of integer expressions of different
signedness. This causes build failures when error on warning is enabled.

Signed-off-by: Jorge Ra

drivers: caam: fix build warning

Compiler warns about comparison of integer expressions of different
signedness. This causes build failures when error on warning is enabled.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

crypto: add function to free rsa keypair

There was no function to proper free a rsa kepair from inside a PTA.
Now there is crypto_acipher_free_rsa_keypair().

Signed-off-by: Elias von Däniken <elias

crypto: add function to free rsa keypair

There was no function to proper free a rsa kepair from inside a PTA.
Now there is crypto_acipher_free_rsa_keypair().

Signed-off-by: Elias von Däniken <elias.vondaeniken@bluewin.ch>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <j

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Fau

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: change caam_cipher_block() prototype for added block

Introduce 'blocks' parameter for caam_cipher_block() function for
addtionnal data block to handle during cipher operations.
Add `e

drivers: caam: change caam_cipher_block() prototype for added block

Introduce 'blocks' parameter for caam_cipher_block() function for
addtionnal data block to handle during cipher operations.
Add `enum caam_cipher_block` to describe these additionnal data blocks.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: change caam_set_or_alloc_align_buf() prototype

The function now returns an `enum caam_status`.
It also returns a boolean with realloc pointer : true if the buffer is
reallocated by th

drivers: caam: change caam_set_or_alloc_align_buf() prototype

The function now returns an `enum caam_status`.
It also returns a boolean with realloc pointer : true if the buffer is
reallocated by the function, false otherwise.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: move MAX_DESC_ENTRIES to local.h

Move maximum job ring descriptor entries to local.h

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@lin

drivers: caam: move MAX_DESC_ENTRIES to local.h

Move maximum job ring descriptor entries to local.h

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <et

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carri

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Fix alignment fault caused by caam_desc_pop()

Size of each JR Output ring entry is of 12 bytes for CAAM
using address pointer size as 64 bit. The descriptor address
pointer thus lies

drivers: caam: Fix alignment fault caused by caam_desc_pop()

Size of each JR Output ring entry is of 12 bytes for CAAM
using address pointer size as 64 bit. The descriptor address
pointer thus lies at 32 bit boundary in second output ring entry.
64 bit access of descriptor pointer at 32 bit boundary generates
alignment fault. To fix this, descriptor address pointer should
be accessed as two 32 bit operations.

regression_1004 Test User Crypt TA

E/TC:03 00 Core data-abort at address 0xfc09e74c (alignment fault)
E/TC:03 00 esr 0x96000021 ttbr0 0x20000fc0d7060 ttbr1 0x00000000 cidr 0x0
E/TC:03 00 cpu #3 cpsr 0x200001c4
E/TC:03 00 x0 00000000fc09e74c x1 0000000000000000
E/TC:03 00 x2 0000000000000050 x3 0000008000010100
E/TC:03 00 x4 0000000000000003 x5 00000000fc0e46e5
E/TC:03 00 x6 00000000fc09e74c x7 00000000fc09df78
E/TC:03 00 x8 0000000000000078 x9 00000000fc09c110
E/TC:03 00 x10 0000000041001900 x11 00000000ab12a911
E/TC:03 00 x12 0000000032e4d24d x13 00000000fc0e46e5
E/TC:03 00 x14 0000000000000000 x15 0000000000000000
E/TC:03 00 x16 00000000fc0e4b88 x17 0000000000000000
E/TC:03 00 x18 0000000000000000 x19 0000000000000000
E/TC:03 00 x20 000000000000270f x21 00000000fc07c000
E/TC:03 00 x22 00000000fc07c000 x23 0000000000000000
E/TC:03 00 x24 00000000fc09e74c x25 00000000fc0716d0
E/TC:03 00 x26 00000000fc09df78 x27 0000000000000000
E/TC:03 00 x28 0000000000000000 x29 00000000fc0e4900
E/TC:03 00 x30 00000000fc01ae8c elr 00000000fc01c124
E/TC:03 00 sp_el0 00000000fc0e4900
E/TC:03 00 TEE load address @ 0xfc000000
E/TC:03 00 Core data-abort at address 0xfc09e74c .debug_info+649036 (alignment fault)
E/TC:03 00 Call stack:
E/TC:03 00 0x00000000fc01c124 caam_desc_pop at core/drivers/crypto/caam/caam_desc.c:88
E/TC:03 00 0x00000000fc01b2ac caam_jr_enqueue at core/drivers/crypto/caam/caam_jr.c:510
E/TC:03 00 0x00000000fc02247c caam_cipher_block at core/drivers/crypto/caam/cipher/caam_cipher.c:331
E/TC:03 00 0x00000000fc022970 do_update_cipher at core/drivers/crypto/caam/cipher/caam_cipher.c:976
E/TC:03 00 0x00000000fc01a290 cipher_update at core/drivers/crypto/crypto_api/cipher/cipher.c:144
E/TC:03 00 0x00000000fc03562c tee_fs_fek_crypt at core/tee/tee_fs_key_manager.c:118
E/TC:03 00 0x00000000fc033dbc verify_root at core/tee/fs_htree.c:549
E/TC:03 00 0x00000000fc031edc ree_fs_open_primitive at core/tee/tee_ree_fs.c:416
E/TC:03 00 0x00000000fc0345d0 tee_fs_dirfile_open at core/tee/fs_dirfile.c:122
E/TC:03 00 0x00000000fc0321cc open_dirh at core/tee/tee_ree_fs.c:530
E/TC:03 00 0x00000000fc032498 ree_fs_open at core/tee/tee_ree_fs.c:604
E/TC:03 00 0x00000000fc0363dc tadb_open at core/tee/tadb.c:214
E/TC:03 00 0x00000000fc036c44 tee_tadb_ta_open at core/tee/tadb.c:633
E/TC:03 00 0x00000000fc00578c secstor_ta_open at core/arch/arm/kernel/secstor_ta.c:19
E/TC:03 00 0x00000000fc026658 system_open_ta_binary at core/pta/system.c:259
E/TC:03 00 0x00000000fc005e24 pseudo_ta_enter_invoke_cmd at core/arch/arm/kernel/pseudo_ta.c:199
E/TC:03 00 0x00000000fc0250dc tee_ta_invoke_command at core/kernel/tee_ta_manager.c:761
E/TC:03 00 0x00000000fc02b398 syscall_invoke_ta_command at core/tee/tee_svc.c:885
E/TC:03 00 0x00000000fc0123bc tee_svc_do_call at core/arch/arm/tee/arch_svc_a64.S:141
E/TC:03 00 0x00000000fc00811c thread_svc_handler at core/arch/arm/kernel/thread.c:1378
E/TC:03 00 0x00000000fc0039e0 el0_svc at core/arch/arm/kernel/thread_a64.S:639

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...