core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and rena

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and renamed to
cbc_cts_update().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: wipe sensitive data after use

The secure storage code makes use of various cryptographic data (keys
and IVs). Make sure the buffers are wiped after use to minimize the
risks that sensitive

core: FS: wipe sensitive data after use

The secure storage code makes use of various cryptographic data (keys
and IVs). Make sure the buffers are wiped after use to minimize the
risks that sensitive data may be leaked to an attacker who would have
gained some access to the secure memory.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_C

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Initialize the chip_id array when generating the SSK

In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as
follow:

SSK = HMAC(HUK, message)
message := concatenate(chip

core: Initialize the chip_id array when generating the SSK

In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as
follow:

SSK = HMAC(HUK, message)
message := concatenate(chip_id, static string)

chip_id is a 32-byte array but some tee_otp_get_die_id() implementation
may provide a smaller chip ID. Initialize the chip_id array to make
sure the remaining bytes do not contain garbage data. Without this
initialization, SSK may be inconsistent across power cycles generating
failures when reading back data from the secure storage.

Signed-off-by: Alexandre Jutras <alexandre.jutras@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: check the value of tee_otp_get_die_id()

Just like the get_prop_tee_dev_id() in tee_svc.c, it returns
TEE_ERROR_BAD_STATE, when tee_otp_get_die_id() reports someting bad.
Put the same check in

core: check the value of tee_otp_get_die_id()

Just like the get_prop_tee_dev_id() in tee_svc.c, it returns
TEE_ERROR_BAD_STATE, when tee_otp_get_die_id() reports someting bad.
Put the same check in tee_fs_init_key_manager() as well.

Fixes: https://github.com/OP-TEE/optee_os/issues/2762
Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: use URL in Fixes: tag]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: check return value from essiv call

An error in the function essiv, as for example memory allocation failure
could result in an uninitialized IV, which means that the IV used for
en/decryption

rpmb: check return value from essiv call

An error in the function essiv, as for example memory allocation failure
could result in an uninitialized IV, which means that the IV used for
en/decryption would consist of data previously stored at this memory
location. This could eventually corrupt the filesystem.

Fixes: "Return value of cryptographic function is unchecked" by Riscure.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reported-by: Riscure <inforequest@riscure.com>
Reported-by: Alyssa Milburn <a.a.milburn@vu.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Review

core: crypto.h manages cipher context memory

To ease integration with other crypto libraries change the cipher context
interface in crypto.h to manage the memory used for the cipher context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Je

core: crypto.h manages mac context memory

To ease integration with other crypto libraries change the mac context
interface in crypto.h to manage the memory used for the mac context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by:

core: crypto.h manages hash context memory

To ease integration with other crypto libraries change the hash context
interface in crypto.h to manage the memory used for the hash context.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerom

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing struct cipher_ops in
crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct hash_ops with function interface

Adds crypto_hash_get_ctx_size(), crypto_hash_init(),
crypto_hash_update() and crypto_hash_final() replacing struct hash_ops
in crypto_ops.

Acked-by:

Replace struct hash_ops with function interface

Adds crypto_hash_get_ctx_size(), crypto_hash_init(),
crypto_hash_update() and crypto_hash_final() replacing struct hash_ops
in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

Replace struct prng_ops with function interface

Adds crypto_rng_add_entropy() and crypto_rng_read() replacing
struct prng_ops in crypto_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: key manager takes supplied UUID

The FS key manager takes a supplied UUID instead of extracting it from
current session in order to be more flexible.

Reviewed-by: Jerome Forissier <jerome.

core: FS: key manager takes supplied UUID

The FS key manager takes a supplied UUID instead of extracting it from
current session in order to be more flexible.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused FS key manager features

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: provide tee_fs_fek_crypt()

FS key manager provides tee_fs_fek_crypt().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@lin

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __asse

core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __assert_log() uses EMSG_RAW() to no pollute trace with
__assert_log() internals (duplicated file/line/func traces).

Change assert() to use a low/high verbosity mode upon
CFG_TEE_CORE_DEBUG as panic() does.

Change assert() to also trace the C function where assertion failed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

core: remove TEE_ASSERT()

TEE_ASSERT() can be confusing regarding assert() as assert() can
be disabled through NDEBUG while TEE_ASSERT() can't.
Instead one should explicitly implement "if (cond) { p

core: remove TEE_ASSERT()

TEE_ASSERT() can be confusing regarding assert() as assert() can
be disabled through NDEBUG while TEE_ASSERT() can't.
Instead one should explicitly implement "if (cond) { panic(); }"

This patch removes several inclusions on tee_common_unpg.h as it
used to define TEE_ASSERT() that has been removed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...