core: merge tee_*_get_digest_size() into a single function

Rename tee_hash_get_digest_size() to tee_alg_get_digest_size().

Change tee_alg_get_digest_size() to use new libutee macro
TEE_ALG_GET_DIGE

core: merge tee_*_get_digest_size() into a single function

Rename tee_hash_get_digest_size() to tee_alg_get_digest_size().

Change tee_alg_get_digest_size() to use new libutee macro
TEE_ALG_GET_DIGEST_SIZE.

Remove tee_mac_get_digest_size() as its functionality
is handled by tee_alg_get_digest_size() now.

Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: hkdf_expand(): call crypto_mac_free_ctx() instead of free()

A context allocated via crypto_mac_alloc_ctx() has to be freed using
crypto_mac_free_ctx(). While the default implementation just

crypto: hkdf_expand(): call crypto_mac_free_ctx() instead of free()

A context allocated via crypto_mac_alloc_ctx() has to be freed using
crypto_mac_free_ctx(). While the default implementation just ends up
calling free(), other implementations may not.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Summer Qin <summer.qin@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Je

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerom

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optimize size with const crypto_ops

Optimize size of unpaged data by making crypto_ops const.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand

core: optimize size with const crypto_ops

Optimize size of unpaged data by making crypto_ops const.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a bas

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a basic and essential component of
cryptographic systems. Its goal is to take some source of initial
keying material and derive from it one or more cryptographically
strong secret keys.
[...]
HKDF follows the "extract-then-expand" paradigm, where the KDF
logically consists of two modules.
[...]
The goal of the "extract" stage is to "concentrate" the possibly
dispersed entropy of the input keying material into a short, but
cryptographically strong, pseudorandom key.
[...]
The second stage "expands" the pseudorandom key to the desired
length; the number and lengths of the output keys depend on the
specific cryptographic algorithms for which the keys are needed.

Since HKDF is not covered by the GlobalPlatform Internal API specification
v1.0/v1.1, this commit introduces extensions to the specification.
More specifically: it defines new algorithms, a new object type and new
object attributes. This implementation supports all the usual hash
functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) and may
produce output keys of length up to 4096 bits (currently limited only by
the maximum size allowed for an object of type TEE_TYPE_GENERIC_SECRET).
Aside from minor updates to object manipulation functions to support
the new data, the function TEE_DeriveKey() is mostly impacted.

The file documentation/extensions/crypto_hkdf.md contains the modifications
to the GP Internal API v1.0 spec in order to support HKDF.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...