Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2898.txt), which is a re-publish of PKCS #5 v2.0.
The underlying pseudorandom function is HMAC-SHA1, which is the default PRF
specified in the RFC. It would be trivial to support the other HMAC functions
already implemented in OP-TEE.

See documentation/extensions/crypto_pbkdf2.md for details.

Tested on PLATFORM=vexpress-qemu_virt with the test vectors from RFC 6070
(https://www.ietf.org/rfc/rfc6070.txt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a bas

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a basic and essential component of
cryptographic systems. Its goal is to take some source of initial
keying material and derive from it one or more cryptographically
strong secret keys.
[...]
HKDF follows the "extract-then-expand" paradigm, where the KDF
logically consists of two modules.
[...]
The goal of the "extract" stage is to "concentrate" the possibly
dispersed entropy of the input keying material into a short, but
cryptographically strong, pseudorandom key.
[...]
The second stage "expands" the pseudorandom key to the desired
length; the number and lengths of the output keys depend on the
specific cryptographic algorithms for which the keys are needed.

Since HKDF is not covered by the GlobalPlatform Internal API specification
v1.0/v1.1, this commit introduces extensions to the specification.
More specifically: it defines new algorithms, a new object type and new
object attributes. This implementation supports all the usual hash
functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) and may
produce output keys of length up to 4096 bits (currently limited only by
the maximum size allowed for an object of type TEE_TYPE_GENERIC_SECRET).
Aside from minor updates to object manipulation functions to support
the new data, the function TEE_DeriveKey() is mostly impacted.

The file documentation/extensions/crypto_hkdf.md contains the modifications
to the GP Internal API v1.0 spec in order to support HKDF.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Reco

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Recommendation for Pair-Wise
Key Establishment Schemes Using Discrete Logarithm Cryptography"
(http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf)

This is a TEE implementation of the function, which supports the following
hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
The actual key derivation is implemented in TEE_DeriveKey() thanks to
custom extensions to the GlobalPlatform API v1.0. Please refer to
documentation/extensions/crypto_concat_kdf.md for details.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add plat-sunxi

Initial version support for Allwinner A80 platform.
Allwinner A80 is big.little archtecture with 4*A7 + 4*A15,
Support Trustzone tech and secureboot inside hardware.
plat-sunxi suppor

Add plat-sunxi

Initial version support for Allwinner A80 platform.
Allwinner A80 is big.little archtecture with 4*A7 + 4*A15,
Support Trustzone tech and secureboot inside hardware.
plat-sunxi support features:
1.Clone plat-sunxi from plat-vexpress;
2.Secure bootloader reserved 64MB secure DRAM for optee_os;
3.Support SMP secondary cpu secure stage bootup;
4.Add uart driver to core/driver/*;
5.Support GIC driver initialization.
The porting work test on Optimus board, with allwinner A80 chip.

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

driver/gic: add gic_cpu_init interface.

The interface mainly use for secondary cpu bootup.
When secondary cpu bootup, It will initialize per-cpu gic-cpu-interface.
The gic_cpu_init main work include

driver/gic: add gic_cpu_init interface.

The interface mainly use for secondary cpu bootup.
When secondary cpu bootup, It will initialize per-cpu gic-cpu-interface.
The gic_cpu_init main work include:
1.Set the per-cpu interrupts as Group1;
2.Enable Group0-interrupts/Group1-interrupts/FIQEn.

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Fix #6686: Support passing Public Exponent when generating RSA key pair

Global Platform Internal API 1.0 is not accurate when describing
RSA key pair generation. It only indicates
No parameter i

Fix #6686: Support passing Public Exponent when generating RSA key pair

Global Platform Internal API 1.0 is not accurate when describing
RSA key pair generation. It only indicates
No parameter is required
This is why RSA key pair generation was always using 65537
as the public exponent.

Version 1.1 of the API is much more precise:
No parameter is required.
The TEE_ATTR_RSA_PUBLIC_EXPONENT attribute may be
specified; if omitted, the default value is 65537.

This patch implements this requirement.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Laurent GERARD <laurent.gerard@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

ta_dev_kit.mk: get platform-specific flags from platform_flags.mk

Platform-specific flags that apply to user-mode code are moved from
from core/arch/$(ARCH)/plat-$(PLATFORM)/conf.mk to a new file:
c

ta_dev_kit.mk: get platform-specific flags from platform_flags.mk

Platform-specific flags that apply to user-mode code are moved from
from core/arch/$(ARCH)/plat-$(PLATFORM)/conf.mk to a new file:
core/arch/$(ARCH)/plat-$(PLATFORM)/platform_flags.mk.

This file is used by ta/mk/ta_dev_kit.mk so that the Trusted Applications
are built with the same flags used when building the user-mode TEE code.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: get value of CFG_ variables directly from generated/conf.h

Add a '-include' preprocessor flag to the command line so that all
TEE core files include generated/conf.h automatically. Then, there

core: get value of CFG_ variables directly from generated/conf.h

Add a '-include' preprocessor flag to the command line so that all
TEE core files include generated/conf.h automatically. Then, there
is no need to define macros via the command line (-DCFG_XYZ=...).

This commit also fixes a compile error when
CFG_TEE_CORE_EMBED_INTERNAL_TESTS=0.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Align plat-stm and plat-vexpress versions of core_bootcfg.c

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.

Align plat-stm and plat-vexpress versions of core_bootcfg.c

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

plat-stm: move memory definition in platform_config.h

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-stm: rename memory definition name

Rename following memory area definition name, according
to the one used in vexpress:
CFG_DDR_START into DRAM0_BASE
CFG_DDR_SIZE

plat-stm: rename memory definition name

Rename following memory area definition name, according
to the one used in vexpress:
CFG_DDR_START into DRAM0_BASE
CFG_DDR_SIZE into DRAM0_SIZE
CFG_DDR1_START into DRAM1_BASE
CFG_DDR1_SIZE into DRAM1_SIZE
CFG_DDR_ARM_ARMTZ_START into CFG_SHMEM_START
CFG_DDR_ARM_ARMTZ_SIZE into CFG_SHMEM_SIZE
CFG_DDR_ARMTZ_ONLY_START into TZDRAM_BASE
CFG_DDR_ARMTZ_ONLY_SIZE into TZDRAM_SIZE

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm: make stacks cache line aligned

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.or

plat-stm: make stacks cache line aligned

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

arm32: remove memmap_notinit bookkeeping

Removes the bookkeeping of whether memory map has been initialized or
not using the memmap_notinit variable. Memory map is always initialized
before any core

arm32: remove memmap_notinit bookkeeping

Removes the bookkeeping of whether memory map has been initialized or
not using the memmap_notinit variable. Memory map is always initialized
before any core_va2pa() or core_pa2va() is performed so the bookkeeping
doesn't do much good.

The variable was updated with caches disabled while other CPUs might have
caches enabled. This can result in unexpected problems.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

plat-vexpress: make stacks cache line aligned

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

arm32: paging of TEE Core optionally enabled

plat-vexpress-*:
* Optionally enable paging with CFG_WITH_PAGER=y
* Uses fake SRAM when paging is enabled
* Supports partitioning OP-TEE binary in unpage

arm32: paging of TEE Core optionally enabled

plat-vexpress-*:
* Optionally enable paging with CFG_WITH_PAGER=y
* Uses fake SRAM when paging is enabled
* Supports partitioning OP-TEE binary in unpaged, init and pagable areas

plat-stm:
* Displays an error message if compiled with CFG_WITH_PAGER=y

arm32:
* Replaces legacy paging support with new paging support
* Removes unused tee_pager_unpg.c

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP, Juno)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform - Check the code without the pager is not broken).

show more ...

plat-vexpress: linking supports pagable tee.bin

* Adds scripts to create a pagable tee.bin
* Updates link script and link.mk to support pagable tee.bin
* Binary format of tee.bin is changed from a r

plat-vexpress: linking supports pagable tee.bin

* Adds scripts to create a pagable tee.bin
* Updates link script and link.mk to support pagable tee.bin
* Binary format of tee.bin is changed from a raw format to a header
followed by the binary data as described by the header. This requires
updates in ARM-TF OP-TEE Dispatcher and QEMU virt bios.

fvp:
* Changes OP-TEE load address to start of TZDRAM_BASE

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

plat-vexpress: Clean D-cache on reset_primary exit

Cleans and invalidates D-cache when primary CPU has initialized
and is ready to exit to normal world.

Signed-off-by: Jens Wiklander <jens.wiklande

plat-vexpress: Clean D-cache on reset_primary exit

Cleans and invalidates D-cache when primary CPU has initialized
and is ready to exit to normal world.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm32: clear junk in UL1 table

Clears junk in UL1 translation table when setting mapping for a TA in
tee_mmu_set_ctx().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal

arm32: clear junk in UL1 table

Clears junk in UL1 translation table when setting mapping for a TA in
tee_mmu_set_ctx().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt)

show more ...

provide hash_sha256_check()

Adds hash_sha256_check() to the tee_crypt_provider interface to be
used by pager and early initialization code where the complete crypto
library might not be available.

provide hash_sha256_check()

Adds hash_sha256_check() to the tee_crypt_provider interface to be
used by pager and early initialization code where the complete crypto
library might not be available.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

plat-stm: separate sections

Puts functions and data into separate sections

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: P

plat-stm: separate sections

Puts functions and data into separate sections

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

plat-vexpress: separate sections

Puts functions and data into separate sections

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU

plat-vexpress: separate sections

Puts functions and data into separate sections

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt and FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm32: assembly routines in separate sections

Moves some assembly routines into separate sections. This helps the garbage
collecting with the linker when separating what's must be unpaged from the
r

arm32: assembly routines in separate sections

Moves some assembly routines into separate sections. This helps the garbage
collecting with the linker when separating what's must be unpaged from the
rest of the code. The garbage collector in the linker works on dependencies
between sections.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

tee_mm: remove legacy TEE_MM_POOL_PAGED define

Removes the legacy TEE_MM_POOL_PAGED define and unsused code
associated with it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by

tee_mm: remove legacy TEE_MM_POOL_PAGED define

Removes the legacy TEE_MM_POOL_PAGED define and unsused code
associated with it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

plat-vexpress: reorganize boot for paging

Reorganizes the boot functions to keep primary and secondary boot path
more separated as a preparation for the pager.

Signed-off-by: Jens Wiklander <jens.w

plat-vexpress: reorganize boot for paging

Reorganizes the boot functions to keep primary and secondary boot path
more separated as a preparation for the pager.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm32: move call to teecore_init_ta_ram()

Moves call to teecore_init_ta_ram() from init_teecore() to be called
directly from platform initialization routines. It's needed later when
the pager alloc

arm32: move call to teecore_init_ta_ram()

Moves call to teecore_init_ta_ram() from init_teecore() to be called
directly from platform initialization routines. It's needed later when
the pager allocates secure DDR to store that backing pages. We don't want
to call init_teecore() until the pager is fully initialized because
init_teecore() pulls in many dependencies.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...