tree-wide: remove useless newline character in *MSG() messages

The *MSG() macros take care of printing a newline. Adding a newline
character ('\n') is useless. Remove it.

Signed-off-by: Vincent Mai

tree-wide: remove useless newline character in *MSG() messages

The *MSG() macros take care of printing a newline. Adding a newline
character ('\n') is useless. Remove it.

Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: J

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: Jihwan Park <jihwp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mbedtls: ecc_get_keysize(): do not check algorithm against curve

Since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"), the algorithm and curve valu

core: mbedtls: ecc_get_keysize(): do not check algorithm against curve

Since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"), the algorithm and curve values are not tied
as closely as before. The GP TEE Internal Core API specification v1.3.1
mentions "ECDSA algorithm identifiers should be tied to the size of the
digest, not the key. The key size information is provided with the key
material." (Table B-2). In other words, a number of algorithm values
are valid for use with any given ECC curve. Therefore remove the
algorithm checks in ecc_get_keysize(). This function is not the proper
place anyways.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: mbedtls: ecc: support the crypto driver

Provide an interface that can be used by drivers using the Crypto API
so that they can fallback to MBEDTLS software operations.

Signed-off-by: Jorge Ram

lib: mbedtls: ecc: support the crypto driver

Provide an interface that can be used by drivers using the Crypto API
so that they can fallback to MBEDTLS software operations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mbedtls: Add ECC signature size check

The ECC signature implementation must check that the output buffer
has sufficient space to store the signature. This check was missing
in the mbedtls vers

core: mbedtls: Add ECC signature size check

The ECC signature implementation must check that the output buffer
has sufficient space to store the signature. This check was missing
in the mbedtls version of ecc_sign.

Fixes: ad6cfae7c0 ("libmbedtls: support mbedtls ECC function")
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Lars Persson <lars.persson@axis.com>

show more ...

core: mbedtls: sm2: fix SM2 key generation

ecc_get_keysize() lacks a case for TEE_ECC_CURVE_SM2, which prevents the
generation of a SM2 key pair. Fix this.

Signed-off-by: Jerome Forissier <jerome@f

core: mbedtls: sm2: fix SM2 key generation

ecc_get_keysize() lacks a case for TEE_ECC_CURVE_SM2, which prevents the
generation of a SM2 key pair. Fix this.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: add curve type to domain parameter group ID conversion

MBedTLS functions mbedtls_ecp_group_load() and mbedtls_ecdsa_genkey()
take a group ID parameter of type mbedtls_ecp_group_id whi

core: mbedtls: add curve type to domain parameter group ID conversion

MBedTLS functions mbedtls_ecp_group_load() and mbedtls_ecdsa_genkey()
take a group ID parameter of type mbedtls_ecp_group_id which is an enum
(MBEDTLS_ECP_DP_SECP192R1, etc.). The code in lib/libmbedtls/core/ecc.c
incorrectly passes a uint32_t TEE curve ID instead
(TEE_ECC_CURVE_NIST_P192, etc.). By chance the values happen to be the
same for all the NIST curves, but not for SM2. Fix that by introducing a
conversion function.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CU

core: mbedtls: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CURVE_SM2
when the key type is one of TEE_TYPE_SM2_{DSA,KEP,PKE}_KEYPAIR because
the user is not supposed to provide any TEE_ATTR_ECC_CURVE attribute,
contrary to other ECC algorithms.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core cryp

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core crypto library (that is, when CFG_CRYPTOLIB_NAME=mbedtls
CFG_CRYPTOLIB_DIR=lib/libmbedtls).

This commit removes this restriction by porting the relevant files
(core/lib/libtomcrypt/sm2-{dsa,kep,pke}.c) over to the MBed TLS API in
lib/libmbedtls/core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libmbedtls: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <j

core: libmbedtls: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: core: rename mbd_rand.h to mbed_helpers.h

mbd_rand.h contains only one helper function: mbd_rand(). Give it a more
generic name so that other functions may be added in subsequent commits

libmbedtls: core: rename mbd_rand.h to mbed_helpers.h

mbd_rand.h contains only one helper function: mbd_rand(). Give it a more
generic name so that other functions may be added in subsequent commits.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libs: ltc and mbedtls introduce crypto_ecc[public/keypair]_ops

Change ECC call functions name to be able to use a ECC HW driver.
At ECC public and keypair allocation, if success, set the key ops fie

libs: ltc and mbedtls introduce crypto_ecc[public/keypair]_ops

Change ECC call functions name to be able to use a ECC HW driver.
At ECC public and keypair allocation, if success, set the key ops field
to call the cryptographic operations linked to the key allocator.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we sh

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we should return
TEE_ERROR_BAD_PARAMETERS as per the GP TEE Internal Core API
specification v1.2.1: "If an incorrect or inconsistent attribute is
detected. The checks that are performed depend on the implementation.".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Je

libmbedtls: support mbedtls ECC function

Support mbedtls ECC: ecdh and ecdsa.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...