Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in au

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in authentication-rs")
1c8f27245e4f ("core: ltc: fix .qord value in DSA sign and verify")
87431ada69ed ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
7d8cdbb85a57 ("core: ltc: add missing <string_ext.h>")
fa3ac5998cc7 ("core: ltc: import sub.mk files from master and update")
35f56bc9f8c4 ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
85140c1f9be4 ("core: ltc: fix missing mutex unlock")
02f519845bbe ("core: ltc: add SM2 curve parameters")
757ab2c4462d ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
15c897fbe000 ("core: ltc: fix 'switch case misses default'")
6276df75362f ("core: ltc: add custom DH key generation function dh_make_key()")
1da50b460270 ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
6f78a99a6e8c ("libtomcrypt: implement zeromem() with memzero_explicit()")
90eaafe0f10f ("core: LTC use only _CFG_CORE_LTC_ variables")
fbd6fb746576 ("LTC: add GHASH acceleration")
e3ff5f701223 ("ltc: make cipher_descriptor a pointer to descriptors")
fbe13c05804d ("ltc: make hash_descriptor a pointer to descriptors")
6c193f5e561a ("ltc: make prng_descriptor a pointer to descriptors")
9f40d2838fa3 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
4f6b32962d15 ("ECC: optimize the pool of temporary variables")
955eced29a6f ("Import LibTomCrypt v1.18.2 branch "develop" (Sep 13, 2022)")
3717d76418c8 ("Remove LibTomCrypt")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20180819

Squash merging branch import/libtomcrypt-1.18.2-develop-20180819

5ecac6e9227c ("core: ltc: adapt to new version of LibTomCrypt")
54d

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20180819

Squash merging branch import/libtomcrypt-1.18.2-develop-20180819

5ecac6e9227c ("core: ltc: adapt to new version of LibTomCrypt")
54d7f2f10c33 ("core: ltc: aes_modes_armv8a_ce_a64.S: get rid of literal load of addend vector")
68b1adf4c3db ("core: ltc: aes_modes_armv8a_ce_a64.S: fix incorrect assembly syntax")
b73cfbef058f ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
7160452f6698 ("core: ltc: fix 'switch case misses default'")
05313fd03df1 ("core: ltc: move AES CE files under aes/")
00ed54001f7d ("core: ltc: add custom DH key generation function dh_make_key()")
279e09ee4c7c ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
e61adb1a2203 ("core: crypto: libtomcrypt: fix LTC_CLEAN_STACK bug")
5c75c2d02f13 ("core: LTC use only _CFG_CORE_LTC_ variables")
5decfe20864a ("core: crypto: arm64 ce: update AES CBC routines")
c54b6344cc4e ("core: crypto: cleanup and fix CE accelerated AES CTR")
3f4d78d04eef ("core: crypto: arm32: add counter increment in ce_aes_ctr_encrypt()")
a85a4f88e39d ("Remove 'All rights reserved' from Linaro files")
14ec45d62762 ("Remove license notice from Linaro files")
084691667db2 ("Add SPDX license identifiers")
48de810896b8 ("LTC: add GHASH acceleration")
9f4ecf2ea898 ("arm32: AES using ARMv8-A cryptographic extensions")
a360627e4130 ("arm64: libtomcrypt: rename AES CE files")
48dab9f6464b ("arm64: libtomcrypt: move inline assembly to .S file")
7479ed2a4be9 ("ltc: bugfix find_prng()")
271db0fe9309 ("ltc: make cipher_descriptor a pointer to descriptors")
cbf6e51b6086 ("ltc: make hash_descriptor a pointer to descriptors")
6982b2b65910 ("ltc: make prng_descriptor a pointer to descriptors")
034ed64a6bb2 ("arm: Fix SHA-1 with cryptographic extensions")
468fcca20d8b ("arm64: SHA-224/SHA-256 using ARMv8-A cryptographic extensions")
a55567f8611c ("arm: update SHA-256 32-bit CE implementation to process multiple blocks")
ee62ece8ecf4 ("arm: update SHA-1 32-bit CE implementation to process multiple blocks")
4287faa43c7c ("arm64: SHA-1 using ARMv8-A cryptographic extensions")
0c6c51d33f05 ("ECC: optimize the pool of temporary variables")
f79f07210b95 ("arm64: AES XTS using ARMv8-A cryptographic extensions")
dc3e64eee4af ("arm64: AES using ARMv8-A cryptographic extensions")
fcad408195d8 ("SHA-1 ARMv8 crypto extension implementation")
e9fa8daa66ed ("SHA-256 ARMv8 crypto extension implementation")
36c11ddb0f2f ("Import LibTomCrypt v1.18.2 branch "develop" (Aug 19, 2019)")
01c7a0fe164c ("Remove LibTomCrypt")

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Fix leaking information from mem_neq

This fix comes from https://github.com/libtom/libtomcrypt/issues/74
mem_neq is a constant time comparison function, but it leaks information
on the secre

Fix leaking information from mem_neq

This fix comes from https://github.com/libtom/libtomcrypt/issues/74
mem_neq is a constant time comparison function, but it leaks information
on the secret data that is being compared in the value that is returned.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)

show more ...

RSA decode in constant time

This is a cherry-pick of the libtomcrypt pull-request
https://github.com/libtom/libtomcrypt/pull/57

As pointed by Herve Sibert, verification has been kept non-constant t

RSA decode in constant time

This is a cherry-pick of the libtomcrypt pull-request
https://github.com/libtom/libtomcrypt/pull/57

As pointed by Herve Sibert, verification has been kept non-constant time
in this patch.

Excerpt from original libtomcrypt pull-request:
as proposed in RFC 3447 only one error return code is used when there are
errors while decoding the pkcs#1 format.
also, all steps are executed and only the "output" is skipped if something
went wrong.

Sorry this could break backwards compatibility, since there's no more
BUFFER_OVERFLOW messaging.
Former error-handling code could also be affected because now there's only
OK as return code in cases where "res" is also set to '1'.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...