GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to b

GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to be compatible with v1.3.1 so update the value to match
that version of the GlobalPlatform specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carrie

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissi

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen parameters
are changed to use size_t instead of uint32_t

Adds the optional attribute TEE_ATTR_RSA_OAEP_MGF_HASH which if provided
specifies the MGF1 hash function to use. Prior to GP v1.3.1 it was
implementation defined. OP-TEE only supports using the same MGF1 hash
function as the internal hash function of the algorithim, that is, for
the algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x that hash function
TEE_ALG_x is used.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_Malloc() and TEE_Realloc()

Update TEE_Malloc() and TEE_Realloc() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

GP131: Update TEE_Malloc() and TEE_Realloc()

Update TEE_Malloc() and TEE_Realloc() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t. The hint parameter has two new values, TEE_MALLOC_NO_FILL and
TEE_MALLOC_NO_SHARE.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_OperationMode

Updates TEE_OperationMode according to TEE Internal Core API version
1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

GP131: Update TEE_OperationMode

Updates TEE_OperationMode according to TEE Internal Core API version
1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_Whence

Updates TEE_Whence according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carr

GP131: Update TEE_Whence

Updates TEE_Whence according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update HKDF defines

OP-TEE provides an HKDF implementation as an extension to the TEE
Internal Core API which predates version 1.3 of the specification where
HKDF was officially introduced.

GP131: Update HKDF defines

OP-TEE provides an HKDF implementation as an extension to the TEE
Internal Core API which predates version 1.3 of the specification where
HKDF was officially introduced.

Update with the official defines and resolve name clashes. With this
OP-TEE supports both the old extension and the new official API.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TEE_ATTR_X448_* defines

Adds TEE_ATTR_X448_PUBLIC_VALUE and TEE_ATTR_X448_PRIVATE_VALUE
according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@

GP131: Add TEE_ATTR_X448_* defines

Adds TEE_ATTR_X448_PUBLIC_VALUE and TEE_ATTR_X448_PRIVATE_VALUE
according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add two new API error codes

Adds the two new API error codes, TEE_ERROR_UNSUPPORTED_VERSION and
TEE_ERROR_TIMEOUT, according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Foris

GP131: add two new API error codes

Adds the two new API error codes, TEE_ERROR_UNSUPPORTED_VERSION and
TEE_ERROR_TIMEOUT, according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_ALG_SHA3_* and TEE_ALG_SHAKE* defines

Adds defines for the SHA3 algorithms from the GlobalPlatform TEE
Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.f

GP131: add TEE_ALG_SHA3_* and TEE_ALG_SHAKE* defines

Adds defines for the SHA3 algorithms from the GlobalPlatform TEE
Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA*

Adds the defines
- TEE_ALG_ECDH_DERIVE_SHARED_SECRET
- TEE_ALG_ECDSA_SHA1
- TEE_ALG_ECDSA_SHA224
- TEE_ALG_ECDSA_SHA256
- TEE_ALG_

GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA*

Adds the defines
- TEE_ALG_ECDH_DERIVE_SHARED_SECRET
- TEE_ALG_ECDSA_SHA1
- TEE_ALG_ECDSA_SHA224
- TEE_ALG_ECDSA_SHA256
- TEE_ALG_ECDSA_SHA386
- TEE_ALG_ECDSA_SHA512
from TEE Internal Core API version 1.3.1 to replace the previous now
deprecated defines:
- TEE_ALG_ECDSA_P192
- TEE_ALG_ECDSA_P224
- TEE_ALG_ECDSA_P256
- TEE_ALG_ECDSA_P384
- TEE_ALG_ECDSA_P521
- TEE_ALG_ECDH_P192
- TEE_ALG_ECDH_P224
- TEE_ALG_ECDH_P256
- TEE_ALG_ECDH_P384
- TEE_ALG_ECDH_P521

The new defines have new values and the values from the old defines are
not reused.

The syscall ABI maintains compatibility by handling both the old and new
values in parallel from now on.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update reported version to GP TEE Core Internal API v1.3.1

The UUID assigned to libutee when compiled as a shared library is update
to let old TAs use the ABI of the old libutee before it's upgraded

Update reported version to GP TEE Core Internal API v1.3.1

The UUID assigned to libutee when compiled as a shared library is update
to let old TAs use the ABI of the old libutee before it's upgraded to
support Internal API v1.3.1.

This commit is followed by a number of commits which finally brings
OP-TEE up to date with v1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: clarify that the used version is still 1.1

Clarifies that the used version in TEE Internal Core API is still v1.1.
Changes the version defines back to v1.1.0.

Acked-by: Etienne Carriere <e

libutee: clarify that the used version is still 1.1

Clarifies that the used version in TEE Internal Core API is still v1.1.
Changes the version defines back to v1.1.0.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alt

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alternative IDs which OP-TEE will recognize in addition to the
correct official values when deriving a key using the TEE_ALG_SM2_KEP
algorithm.

TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and
TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters
so there is no need to translate back to the old invalid values.

Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_COR

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_CORE_API_REQUIRED_MAINTENANCE_VERSION
are added by the standard as a way for the TA to specify required
version of the API. OP-TEE only supports downgrading to version 1.1.

A simplified OP-TEE specific method is also provided:
Adds the configuration option CFG_TA_OPTEE_CORE_API_COMPAT_1_1 which
enables TEE Internal Core API v1.1 compatibility for in-tree TAs.

The TA dev kit is also updated to recognize
CFG_TA_OPTEE_CORE_API_COMPAT_1_1 and set define
__OPTEE_CORE_API_COMPAT_1_1 to 1 if set.

These new defines does not do anything yet, but in following commits
functions and types will be updated gradually until all functions and
types changed in version 1.3.1 compared to the ones in v1.1 have been
updated.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add Ed25519 support

This commit adds Ed25519 support as defined in TEE Internal Core API v1.3.1

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii

libutee: add Ed25519 support

This commit adds Ed25519 support as defined in TEE Internal Core API v1.3.1

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add SHA3 algorithm identifiers

Add SHA3 algorithm identifiers from TEE Internal Core API Specification
Public Release v1.3.1.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Review

libutee: add SHA3 algorithm identifiers

Add SHA3 algorithm identifiers from TEE Internal Core API Specification
Public Release v1.3.1.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: add X25519 support

This commit adds X25519 support to libutee as defined in
TEE Internal Core API v1.2.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier

libutee: add X25519 support

This commit adds X25519 support to libutee as defined in
TEE Internal Core API v1.2.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>
[jf: minor edit to commit description]
Signed-off-by: Jerome Forissier <jerone.forissier@linaro.org>

show more ...

libutee: fix value of TEE_ECC_CURVE_SM2

The GlobalPlatform TEE Interbal Core API specification v1.3 has the
following text:

In TEE Internal Core API v1.2 and v1.2.1, TEE_ECC_CURVE_25519 and
TEE_E

libutee: fix value of TEE_ECC_CURVE_SM2

The GlobalPlatform TEE Interbal Core API specification v1.3 has the
following text:

In TEE Internal Core API v1.2 and v1.2.1, TEE_ECC_CURVE_25519 and
TEE_ECC_CURVE_SM2 were incorrectly assigned the same identifier.

Indeed, both were 0x00000300. In v1.3, TEE_ECC_CURVE_SM2 is now
0x00000400. Update the code accordingly.

This is an API and ABI change, but note that this value is used only
in TEE_IsAlgorithmSupported(). Therefore, only TAs that dynamically
check for algorithm support at runtime may be impacted. This change
was tested on QEMUv8 by running "old" TAs (built without this commit)
with a "newer" OP-TEE OS (including this commit), that is:
- 'make run' and run 'xtest'
- apply this change
- 'make arm-tf && make run-only' and run 'xtest' again. No errors.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC

Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined
already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old
TEE_ATTR

Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC

Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined
already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old
TEE_ATTR_BIT_VALUE and TEE_ATTR_BIT_PROTECTED are kept for backwards
compatibility for now.

[1]: GlobalPlatform TEE Internal API Specification v1.0
[2]: GlobalPlatform TEE Internal Core API Specification v1.1

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a cou

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a couple of minor issues:

1. Values 0x00000009-0x7FFFFFFF are "Reserved for future use" according
to the TEE Internal Core API specification v1.2.1 (Table 5-6),

2. The meaning of this #define is not clear: "extension" is not a
kind of operation like "cipher", "MAC", "asymmetric signature" etc.
The algorithm added by the above commit is TEE_ALG_RSASSA_PKCS1_V1_5
which is an asymmetric signature and should therefore be associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

I suppose the operation value was added in a attempt to keep the
structure of algorithm identifiers as defined in the GP v1.1
specification, where some particular bits indicate some attributes of
the algorithm. This scheme has since been abandoned by GlobalPlatform so
there is no reason to keep it.

Therefore, this commit removes the TEE_OPERATION_EXTENSION macro and
makes a special case in the TEE_GET_CLASS() macro so that algorithm
TEE_ALG_RSASSA_PKCS1_V1_5 is associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Gabor Szekely <szvgabor@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled w

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...