core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations

OP-TEE currently doesn't support using a different hash for MGF1
with RSA-OAEP. However, this is required for AOSP compatibility
(e.

core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations

OP-TEE currently doesn't support using a different hash for MGF1
with RSA-OAEP. However, this is required for AOSP compatibility
(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).

Pass the MGF1 attribute to crypto implementations. Note that
only libtomcrypt supports this feature at the moment, so other
implementations will either fail or fall back to libtomcrypt when
passed a different MGF1 hash.

Link: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
fun

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
function label.

Fixes: 5516c6cd78da ("core: ecc: support the crypto driver")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support SHA-3 yet.

Implementation of the crypto_hmac_*_alloc_ctx() functions is updated to
only add a full implementation if the corresponding hash function also
is configured.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF),

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF), but handled as hashes in the API.

Adds API for SHA-3 based HMAC functions.

For XOF algorithms crypto_hash_final() can be called multiple times and
generate an arbitrary amount of data. Note that this data will have a
common prefix if done over the same input (see A.2 in [1]).

[1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acke

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ecc: support the crypto driver

Provide an interface that cryptographic IC drivers can use to fallback
to the software implementation of the algorithms.

This supports the use case where vulner

core: ecc: support the crypto driver

Provide an interface that cryptographic IC drivers can use to fallback
to the software implementation of the algorithms.

This supports the use case where vulnerabilities in the IC algorithms
can be addressed without a respin of the hardware.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rsa: support the crypto driver

Provide an explicit interface to software cryptographic operations to
allow accessing them whenever the Crypto driver API is enabled.

Signed-off-by: Jorge Ramir

core: rsa: support the crypto driver

Provide an explicit interface to software cryptographic operations to
allow accessing them whenever the Crypto driver API is enabled.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Ni

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used fo

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used for the SM2 PKE algorithms.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add struct crypto_ecc_[public/keypair]_ops

In order to enable one ECC HW driver and one ECC SW library at build and
runtime, introduces struct crypto_ecc_public_ops and
struct crypto_e

core: crypto: add struct crypto_ecc_[public/keypair]_ops

In order to enable one ECC HW driver and one ECC SW library at build and
runtime, introduces struct crypto_ecc_public_ops and
struct crypto_ecc_keypair_ops respectively to the struct ecc_public_key
and struct ecc_keypair.

At key (public/keypair) allocation, the HW driver is first called and
if key type/size not supported, the SW library is then called.
When key is allocated with success, the key->ops is set with the
cryptographic functions pointer to call when using keys to:
- Generate keypair
- Sign with keypair
- Shared secret with keypair
- Verify with public key
- Free public key

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: generic resources for crypto MAC driver - MAC

Add a generic cryptographic driver MAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveu

drivers: crypto: generic resources for crypto MAC driver - MAC

Add a generic cryptographic driver MAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: driver: generic resources for crypto cipher driver

Add a generic cryptographic Cipher driver interface connecting
TEE Crypto generic APIs to HW driver interface

To make Cipher HW driver gener

core: driver: generic resources for crypto cipher driver

Add a generic cryptographic Cipher driver interface connecting
TEE Crypto generic APIs to HW driver interface

To make Cipher HW driver generic and to reduce the amount of function
parameters, add structure data for the initialization and update
function driver call.
Checks the Cipher operation's parameter in the generic part before
calling the HW driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface i

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface in the core/driver/crypto/crypto_api
is implemented to be able to use a HW driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: crypto: introduce struct crypto_authenc_ops

Uses struct crypto_authenc_ops pointer in crypto context for authenc
ciphers (AES-GCM and AES-CCM) as a glue layer instead of a switch(algo)
in each

core: crypto: introduce struct crypto_authenc_ops

Uses struct crypto_authenc_ops pointer in crypto context for authenc
ciphers (AES-GCM and AES-CCM) as a glue layer instead of a switch(algo)
in each cryto_authenc_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_cipher_ops

Uses struct crypto_cipher_ops pointer in crypto context for ciphers as a
glue layer instead of a switch(algo) in each crypto_cipher_*() function.

Re

core: crypto: introduce struct crypto_cipher_ops

Uses struct crypto_cipher_ops pointer in crypto context for ciphers as a
glue layer instead of a switch(algo) in each crypto_cipher_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_mac_ops

Uses struct crypto_mac_ops pointer in crypto context for MACs as a
glue layer instead of a switch(algo) in each crypto_mac_*() function.

Moves CBC-MAC

core: crypto: introduce struct crypto_mac_ops

Uses struct crypto_mac_ops pointer in crypto context for MACs as a
glue layer instead of a switch(algo) in each crypto_mac_*() function.

Moves CBC-MAC implementation from LTC wrapper to core/crypto.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: introduce struct crypto_hash_ops

Uses struct crypto_hash_ops pointer in crypto context for hashes as a
glue layer instead of a switch(algo) in each crypto_hash_*() function.

Reviewed-

core: crypto: introduce struct crypto_hash_ops

Uses struct crypto_hash_ops pointer in crypto context for hashes as a
glue layer instead of a switch(algo) in each crypto_hash_*() function.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...