| #
8411e6ad |
| 23-Sep-2022 |
Jerome Forissier <jerome.forissier@linaro.org> |
Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913
Squash merging branch import/libtomcrypt-1.18.2-develop-20220913
cedf001cc024 ("ci: rust: apply upstream patch to fix failure in au
Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913
Squash merging branch import/libtomcrypt-1.18.2-develop-20220913
cedf001cc024 ("ci: rust: apply upstream patch to fix failure in authentication-rs")
1c8f27245e4f ("core: ltc: fix .qord value in DSA sign and verify")
87431ada69ed ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
7d8cdbb85a57 ("core: ltc: add missing <string_ext.h>")
fa3ac5998cc7 ("core: ltc: import sub.mk files from master and update")
35f56bc9f8c4 ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
85140c1f9be4 ("core: ltc: fix missing mutex unlock")
02f519845bbe ("core: ltc: add SM2 curve parameters")
757ab2c4462d ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
15c897fbe000 ("core: ltc: fix 'switch case misses default'")
6276df75362f ("core: ltc: add custom DH key generation function dh_make_key()")
1da50b460270 ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
6f78a99a6e8c ("libtomcrypt: implement zeromem() with memzero_explicit()")
90eaafe0f10f ("core: LTC use only _CFG_CORE_LTC_ variables")
fbd6fb746576 ("LTC: add GHASH acceleration")
e3ff5f701223 ("ltc: make cipher_descriptor a pointer to descriptors")
fbe13c05804d ("ltc: make hash_descriptor a pointer to descriptors")
6c193f5e561a ("ltc: make prng_descriptor a pointer to descriptors")
9f40d2838fa3 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
4f6b32962d15 ("ECC: optimize the pool of temporary variables")
955eced29a6f ("Import LibTomCrypt v1.18.2 branch "develop" (Sep 13, 2022)")
3717d76418c8 ("Remove LibTomCrypt")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
1e149c24 |
| 21-Jan-2021 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c
The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
c
core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c
The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
currently implemented in core/lib/libtomcrypt/sm2_kdf.c, next to the SM2
source code based on LibTomCrypt.
In order to provide an MBed TLS implementation of SM2, the helper
function shall be outside the LibTomCrypt directory. Move it to
core/crypto/sm2-kdf.c.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| #
301ade76 |
| 05-Nov-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
core: ltc: fix return value in crypto API SM2 PKA decrypt
Fix calloc() failure case in core crypto API function for SM2 PKE
decryption. Prior this change the function failed but return 0/OK.
This ch
core: ltc: fix return value in crypto API SM2 PKA decrypt
Fix calloc() failure case in core crypto API function for SM2 PKE
decryption. Prior this change the function failed but return 0/OK.
This change sets the return value to TEE_ERROR_OUT_OF_MEMORY before
reaching the function exit sequence.
Fixes: f9a78287dd12 (core: ltc: add support for SM2 PKE)
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| #
685d1524 |
| 02-Nov-2020 |
Cedric Neveux <cedric.neveux@nxp.com> |
core: ltc: fix SM2 PKE memory leak
In function `sm2_ltc_pke_decrypt`, the ecc_point `S` was not deleted
if the following bignumber `h` initialization failed.
Fixes: f9a78287dd1 (core: ltc: add supp
core: ltc: fix SM2 PKE memory leak
In function `sm2_ltc_pke_decrypt`, the ecc_point `S` was not deleted
if the following bignumber `h` initialization failed.
Fixes: f9a78287dd1 (core: ltc: add support for SM2 PKE)
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
5328dfb1 |
| 02-Nov-2020 |
Cedric Neveux <cedric.neveux@nxp.com> |
core: ltc: change SM2 PKE to use crypto_ecc_[public/keypair]_ops
Change the crypto_acipher_sm2_pke_encrypt and
crypto_acipher_sm2_pke_decrypt to use the crypto_ecc_public_ops and
crypto_ecc_keypair_
core: ltc: change SM2 PKE to use crypto_ecc_[public/keypair]_ops
Change the crypto_acipher_sm2_pke_encrypt and
crypto_acipher_sm2_pke_decrypt to use the crypto_ecc_public_ops and
crypto_ecc_keypair_ops methods.
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
6b6195cb |
| 22-Jan-2020 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: sm2: add missing status check
crypto_acipher_sm2_pke_decrypt() fails to check a return status from
LibTomCrypt. Add the missing check.
Fixes: f9a78287dd12 ("core: ltc: add support for SM
core: ltc: sm2: add missing status check
crypto_acipher_sm2_pke_decrypt() fails to check a return status from
LibTomCrypt. Add the missing check.
Fixes: f9a78287dd12 ("core: ltc: add support for SM2 PKE")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
eee2e03b |
| 14-Jan-2020 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: SM2 PKE: export sm2_kdf()
The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to
core: ltc: SM2 PKE: export sm2_kdf()
The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to re-use it.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
a72295ea |
| 16-Jan-2020 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: SM2 PKE: fix bignum conversions
All integers used in the SM2 algorithms are encoded as 32 byte buffers
in big endian format. The current code does not properly pad the buffer
with zeros w
core: ltc: SM2 PKE: fix bignum conversions
All integers used in the SM2 algorithms are encoded as 32 byte buffers
in big endian format. The current code does not properly pad the buffer
with zeros when a value does not need the whole 32 bytes and has a few
other related issues. Fix that.
Fixes: f9a78287dd12 ("core: ltc: add support for SM2 PKE")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
80d47d0a |
| 09-Jan-2020 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: SM2 PKE: fix bignum memory leaks
crypto_acipher_sm2_pke_encrypt() and crypto_acipher_sm2_pke_decrypt()
leak some bignum memory due to missing calls to ecc_free() and also due
to the fact
core: ltc: SM2 PKE: fix bignum memory leaks
crypto_acipher_sm2_pke_encrypt() and crypto_acipher_sm2_pke_decrypt()
leak some bignum memory due to missing calls to ecc_free() and also due
to the fact that the x and y fields of an ecc_point are overwritten.
This is all the more problematic that bignum allocations use a special
memory pool [1] that can easily cause deadlocks when misused.
This commit fixes these problems.
[1] Commit a2eb5b55d169 ("libutils: add mempool API")
Fixes: f9a78287dd12 ("core: ltc: add support for SM2 PKE")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
17d4286f |
| 09-Jan-2020 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: SM2 PKE: add missing return status check
The status of function ltc_ecc_is_point_at_infinity() is not checked in
crypto_acipher_sm2_pke_encrypt(). Fix that.
Fixes: f9a78287dd12 ("core: l
core: ltc: SM2 PKE: add missing return status check
The status of function ltc_ecc_is_point_at_infinity() is not checked in
crypto_acipher_sm2_pke_encrypt(). Fix that.
Fixes: f9a78287dd12 ("core: ltc: add support for SM2 PKE")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
f9a78287 |
| 17-Dec-2019 |
Jerome Forissier <jerome@forissier.org> |
core: ltc: add support for SM2 PKE
SM2 is a set of public key cryptographic algorithms based on elliptic
curves published by the Chinese Commercial Cryptography Administration
Office [1]. The standa
core: ltc: add support for SM2 PKE
SM2 is a set of public key cryptographic algorithms based on elliptic
curves published by the Chinese Commercial Cryptography Administration
Office [1]. The standard has three main parts which define:
- A Digital Signature Algorithm (part 2)
- A Key Exchange Protocol (part 3)
- A Public Key Encryption method (part 4)
This commit implements the PKE LibTomcrypt for use by the OP-TEE core.
It uses the LibTomCrypt ECC and arithmetic helper functions as well as
the OP-TEE hash interface for the SM3 algorithm.
As far as the ECC point encoding goes, only the uncompressed form is
supported, as permitted by the standard. In practice, it means that the
cipher text always starts with the byte value 0x04. Other forms cannot
be decrypted by this implementation.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|