Squashed commit upgrading to libtomcrypt-1.18.2-develop-20240412

Squash merging branch import/libtomcrypt-1.18.2-develop-20240412

165e1fe7816a ("core: ltc: update for libtomcrypt changes")
ff29487

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20240412

Squash merging branch import/libtomcrypt-1.18.2-develop-20240412

165e1fe7816a ("core: ltc: update for libtomcrypt changes")
ff294871020d ("core: ltc: rsa_verify_hash: fix panic on hash mismatch")
43363afc3d5e ("core: ltc: add fault mitigation in crypto_acipher_rsassa_verify()")
d3040d8bc691 ("libtomcrypt: Remove prng_state* NULL pointer check from ed25519_make_key()")
a1e9686a20cf ("libtomcrypt: ctr_encrypt(): adjust for OP-TEE CE accelerated routines")
eba1524a3989 ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
e8f42d80d27f ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
edb8618bfe6c ("core: ltc: add SM2 curve parameters")
1713825bebd1 ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
53d2509130ce ("core: ltc: fix 'switch case misses default'")
5c7e0de468d1 ("core: ltc: add custom DH key generation function dh_make_key()")
cba20f6a156e ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
7f247add8fd9 ("libtomcrypt: implement zeromem() with memzero_explicit()")
96ac368c5e68 ("LTC: add GHASH acceleration")
79bd5cb8391c ("ltc: make cipher_descriptor a pointer to descriptors")
a9f0d677e922 ("ltc: make hash_descriptor a pointer to descriptors")
82feb7ac9709 ("ltc: make prng_descriptor a pointer to descriptors")
ae75124e3113 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
a4281f43ea65 ("ECC: optimize the pool of temporary variables")
b32f84118399 ("Import LibTomCrypt v1.18.2 branch "develop" (Apr 12, 2024)")
035c58eeb602 ("Remove LibTomCrypt")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: ltc: sub.mk: reorganize and simplify

Reorganize the LTC sub.mk by collecting configuration and files in
groups by algorithm or feature.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.or

core: ltc: sub.mk: reorganize and simplify

Reorganize the LTC sub.mk by collecting configuration and files in
groups by algorithm or feature.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it a

core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it also makes it
easier when syncing core/lib/libtomcrypt/src with LTC upstream since
it's out of the way.

Unused sub.mk's are removed.

Removes the now unused _CFG_CORE_LTC_CIPHER, _CFG_CORE_LTC_AUTHENC and
_CFG_CORE_LTC_MAC from core/crypto.mk.

The global LTC build flag -Wno-declaration-after-statement is removed and
only supplied to the few source files that need it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support SHA-3 yet.

Implementation of the crypto_hmac_*_alloc_ctx() functions is updated to
only add a full implementation if the corresponding hash function also
is configured.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in au

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in authentication-rs")
1c8f27245e4f ("core: ltc: fix .qord value in DSA sign and verify")
87431ada69ed ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
7d8cdbb85a57 ("core: ltc: add missing <string_ext.h>")
fa3ac5998cc7 ("core: ltc: import sub.mk files from master and update")
35f56bc9f8c4 ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
85140c1f9be4 ("core: ltc: fix missing mutex unlock")
02f519845bbe ("core: ltc: add SM2 curve parameters")
757ab2c4462d ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
15c897fbe000 ("core: ltc: fix 'switch case misses default'")
6276df75362f ("core: ltc: add custom DH key generation function dh_make_key()")
1da50b460270 ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
6f78a99a6e8c ("libtomcrypt: implement zeromem() with memzero_explicit()")
90eaafe0f10f ("core: LTC use only _CFG_CORE_LTC_ variables")
fbd6fb746576 ("LTC: add GHASH acceleration")
e3ff5f701223 ("ltc: make cipher_descriptor a pointer to descriptors")
fbe13c05804d ("ltc: make hash_descriptor a pointer to descriptors")
6c193f5e561a ("ltc: make prng_descriptor a pointer to descriptors")
9f40d2838fa3 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
4f6b32962d15 ("ECC: optimize the pool of temporary variables")
955eced29a6f ("Import LibTomCrypt v1.18.2 branch "develop" (Sep 13, 2022)")
3717d76418c8 ("Remove LibTomCrypt")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: Add X25519 support

This enables the X25519 implementation of libtomcrypt
and adds the OP-TEE wrapper function definitions

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: libtomcrypt: Add X25519 support

This enables the X25519 implementation of libtomcrypt
and adds the OP-TEE wrapper function definitions

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

libtomcrypt: disable -Wdeclaration-after-statement

Disables -Wdeclaration-after-statement when compiling the libtomcrypt
library in order to avoid that kind of warnings from upstream code.

Reviewed

libtomcrypt: disable -Wdeclaration-after-statement

Disables -Wdeclaration-after-statement when compiling the libtomcrypt
library in order to avoid that kind of warnings from upstream code.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: always define LTC_DER

tomcrypt_private.h uses ltc_asn1_list which is defined in tomcrypt_pk.h
only when LTC_DER is defined. Since tomcrypt_private.h is included
unconditionally in some fi

core: ltc: always define LTC_DER

tomcrypt_private.h uses ltc_asn1_list which is defined in tomcrypt_pk.h
only when LTC_DER is defined. Since tomcrypt_private.h is included
unconditionally in some files such as core/lib/libtomcrypt/tomcrypt.c
it needs to compile with no error. Therefore add -DLTC_DER.

Fixes the following error:

$ make CFG_CRYPTO=n CFG_REE_FS=n
...
CC out/arm-plat-vexpress/core/lib/libtomcrypt/tomcrypt.o
In file included from core/lib/libtomcrypt/tomcrypt.c:9:
core/lib/libtomcrypt/src/headers/tomcrypt_private.h:64:4: error: unknown type name ‘ltc_asn1_list’
64 | ltc_asn1_list *enc_data;
| ^~~~~~~~~~~~~
...

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
c

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
currently implemented in core/lib/libtomcrypt/sm2_kdf.c, next to the SM2
source code based on LibTomCrypt.

In order to provide an MBed TLS implementation of SM2, the helper
function shall be outside the LibTomCrypt directory. Move it to
core/crypto/sm2-kdf.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: use SHA-256 crypto accelerated function

Uses the recently provided accelerated SHA-256 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: use SHA-256 crypto accelerated function

Uses the recently provided accelerated SHA-256 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA1 crypto accelerated function

Uses the recently provided accelerated SHA1 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: ltc: use SHA1 crypto accelerated function

Uses the recently provided accelerated SHA1 function in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use AES crypto accelerated routines

Uses the recently provided accelerated AES crypto routines in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklan

core: ltc: use AES crypto accelerated routines

Uses the recently provided accelerated AES crypto routines in LTC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: remove Arm SHA-256 CE routines

Removes the Arm CE routines accelerating SHA-256 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

core: ltc: remove Arm SHA-256 CE routines

Removes the Arm CE routines accelerating SHA-256 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: remove Arm SHA1 CE routines

Removes the Arm CE routines accelerating SHA1 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked

core: ltc: remove Arm SHA1 CE routines

Removes the Arm CE routines accelerating SHA1 in the LTC library.

This will later be added in common code to be shared with other crypto
libraries etc.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: simplify _CFG_CORE_LTC_*_DESC logic

If a SHA-{256,384,512} or AES algorithm is needed in LTC a matching
_CFG_CORE_LTC_*_DESC variable will be set. So only check the
_CFG_CORE_LTC_*_DESC v

core: ltc: simplify _CFG_CORE_LTC_*_DESC logic

If a SHA-{256,384,512} or AES algorithm is needed in LTC a matching
_CFG_CORE_LTC_*_DESC variable will be set. So only check the
_CFG_CORE_LTC_*_DESC variable to see if a certain algorithm is needed.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add support for SM2 KEP

Adds support for the SM3 Key Exchange Protocol [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

core: ltc: add support for SM2 KEP

Adds support for the SM3 Key Exchange Protocol [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: SM2 PKE: export sm2_kdf()

The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to

core: ltc: SM2 PKE: export sm2_kdf()

The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to re-use it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: SM2 DSA: fix configuration variable name

The name of the config variable indicating support for SM2 DSA is
_CFG_CORE_LTC_SM2_DSA, not _CFG_CORE_LTC_SM2_DSA_SM3.

Fixes: 76c7ba4b9ff7 ("cor

core: ltc: SM2 DSA: fix configuration variable name

The name of the config variable indicating support for SM2 DSA is
_CFG_CORE_LTC_SM2_DSA, not _CFG_CORE_LTC_SM2_DSA_SM3.

Fixes: 76c7ba4b9ff7 ("core: ltc: add support for SM2 DSA")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add support for SM2 DSA

Adds support for the SM2 Digital Signature Algorithm [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724

core: ltc: add support for SM2 DSA

Adds support for the SM2 Digital Signature Algorithm [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add support for SM2 PKE

SM2 is a set of public key cryptographic algorithms based on elliptic
curves published by the Chinese Commercial Cryptography Administration
Office [1]. The standa

core: ltc: add support for SM2 PKE

SM2 is a set of public key cryptographic algorithms based on elliptic
curves published by the Chinese Commercial Cryptography Administration
Office [1]. The standard has three main parts which define:

- A Digital Signature Algorithm (part 2)
- A Key Exchange Protocol (part 3)
- A Public Key Encryption method (part 4)

This commit implements the PKE LibTomcrypt for use by the OP-TEE core.
It uses the LibTomCrypt ECC and arithmetic helper functions as well as
the OP-TEE hash interface for the SM3 algorithm.

As far as the ECC point encoding goes, only the uncompressed form is
supported, as permitted by the standard. In practice, it means that the
cipher text always starts with the byte value 0x04. Other forms cannot
be decrypted by this implementation.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...