core: fail build when CFG_INSECURE=n used with unsafe RNG seed

A production build needs a proper RNG seed. Fail the build when
CFG_INSECURE=n is used in conjunction with the default weak stub
implem

core: fail build when CFG_INSECURE=n used with unsafe RNG seed

A production build needs a proper RNG seed. Fail the build when
CFG_INSECURE=n is used in conjunction with the default weak stub
implementation of plat_rng_init().

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: define plat_rng_init() as a weak alias of __plat_rng_init()

Rename the function plat_rng_init() to __plat_rng_init() and define
plat_rng_init() as a weak alias of __plat_rng_init().
This allow

core: define plat_rng_init() as a weak alias of __plat_rng_init()

Rename the function plat_rng_init() to __plat_rng_init() and define
plat_rng_init() as a weak alias of __plat_rng_init().
This allow to use the default RNG initialization in the platform
plat_rng_init() function.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-of

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_c

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_cryp_init() is changed to call dt_driver_crypt_init_complete() once
crypt layer initialization completes.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: merge tee_*_get_digest_size() into a single function

Rename tee_hash_get_digest_size() to tee_alg_get_digest_size().

Change tee_alg_get_digest_size() to use new libutee macro
TEE_ALG_GET_DIGE

core: merge tee_*_get_digest_size() into a single function

Rename tee_hash_get_digest_size() to tee_alg_get_digest_size().

Change tee_alg_get_digest_size() to use new libutee macro
TEE_ALG_GET_DIGEST_SIZE.

Remove tee_mac_get_digest_size() as its functionality
is handled by tee_alg_get_digest_size() now.

Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and rena

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and renamed to
cbc_cts_update().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ack

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee: crypt_utl: remove one crypto_init

Crypto_init is called twice in tee_cryp_init.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@

core: tee: crypt_utl: remove one crypto_init

Crypto_init is called twice in tee_cryp_init.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@lina

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation repla

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.

Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.

plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.

The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.

plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.

[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by:

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct crypto_ops

Removes struct crypto_ops and adds crypto_init()

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: remove struct crypto_ops

Removes struct crypto_ops and adds crypto_init()

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing struct cipher_ops in
crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct hash_ops with function interface

Adds crypto_hash_get_ctx_size(), crypto_hash_init(),
crypto_hash_update() and crypto_hash_final() replacing struct hash_ops
in crypto_ops.

Acked-by:

Replace struct hash_ops with function interface

Adds crypto_hash_get_ctx_size(), crypto_hash_init(),
crypto_hash_update() and crypto_hash_final() replacing struct hash_ops
in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove buffering for AES CTR

CTR mode of AES algorithm turns block cipher into stream cipher.
It means that input data can has any size independent from block
size. It must be processed and result c

Remove buffering for AES CTR

CTR mode of AES algorithm turns block cipher into stream cipher.
It means that input data can has any size independent from block
size. It must be processed and result ciphertext must be
generated after each TEE_CipherUpdate function call. That is why
it is incorrect to apply for AES CTR the input buffering on
TEE_CipherUpdate call when size is not multiple of block size.

Signed-off-by: Bogdan Liulko <bogdan.liulko@globallogic.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Bogdan Liulko <bogdan.liulko@globallogic.com> (R-Car)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...