core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enab

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enabled with CFG_CRYPTO_SM2_DSA=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with CFG_CRYPTO_SM2_PKE=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

utee: support prehashed RSA sign/ver without ASN.1

Add TEE Core Internal API extension TEE_ALG_RSASSA_PKCS1_V1_5 to
sign/verify pre-hashed PKCS#1 v1.5 EMSA without ASN.1 around the hash.
This relies

utee: support prehashed RSA sign/ver without ASN.1

Add TEE Core Internal API extension TEE_ALG_RSASSA_PKCS1_V1_5 to
sign/verify pre-hashed PKCS#1 v1.5 EMSA without ASN.1 around the hash.
This relies on libtomcrypt LTC_PKCS_1_V1_5_NA1. The extension can be
turned on with CFG_CRYPTO_RSASSA_NA1.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>

show more ...

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

libutee: remove unused TEE_ERROR_FILE_NOT_FOUND

Removes unused proprietary TEE_Result code TEE_ERROR_FILE_NOT_FOUND.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens

libutee: remove unused TEE_ERROR_FILE_NOT_FOUND

Removes unused proprietary TEE_Result code TEE_ERROR_FILE_NOT_FOUND.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use condvar when serializing TA execution

struct tee_ta_ctx::busy is used to serialize TA execution. Before this
patch the operation would fail if busy is true. This patch waits for
busy to be

core: use condvar when serializing TA execution

struct tee_ta_ctx::busy is used to serialize TA execution. Before this
patch the operation would fail if busy is true. This patch waits for
busy to become false if needed with help of wait_queue. Also uses the
busy flag for open session to avoid races on multi-session
single-instance TAs.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Sign

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

ECC: gen_ecc_key HAL

Implementation and test of crypto_ops.acipher.gen_ecc_key

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: P

ECC: gen_ecc_key HAL

Implementation and test of crypto_ops.acipher.gen_ecc_key

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

GP Internal Core API v1.1 : TEE_CreatePersistentObject

Deprecated TEE_DATA_FLAG_EXCLUSIVE
Replaced by TEE__DATA_FLAG_OVERWRITE

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: J

GP Internal Core API v1.1 : TEE_CreatePersistentObject

Deprecated TEE_DATA_FLAG_EXCLUSIVE
Replaced by TEE__DATA_FLAG_OVERWRITE

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

GP Internal Core API v1.1 : memory management functions

default hint with TEE_MALLOC_FILL_ZERO

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@li

GP Internal Core API v1.1 : memory management functions

default hint with TEE_MALLOC_FILL_ZERO

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

GP Internal Core API v1.1 : add new functions, panicked IDs

- Add new functions (that will replace deprecated functions)
TEE_GetObjectInfo1, TEE_RestrictObjectUsage1,
TEE_CopyObjectAttributes1, TEE_

GP Internal Core API v1.1 : add new functions, panicked IDs

- Add new functions (that will replace deprecated functions)
TEE_GetObjectInfo1, TEE_RestrictObjectUsage1,
TEE_CopyObjectAttributes1, TEE_CloseAndDeletePersistentObject1

- Support of deprecated functions available (will be removed in future release).
Note: TEE_ERROR_STORAGE_NOT_AVAILABLE case not implemented in OP-TEE core
(e.g. media removal)

- Add panicked functions identifiers (debug purpose)

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

Define 32-bit ABI

Defines 32-bit ABI for various types passed by reference. Either by an
explicit conversion to/from TEE_Param and TEE_Attribute or by changing
size_t to uint32_t. Affected interface

Define 32-bit ABI

Defines 32-bit ABI for various types passed by reference. Either by an
explicit conversion to/from TEE_Param and TEE_Attribute or by changing
size_t to uint32_t. Affected interfaces are SVC interface and parameters
passed to user TA inside tee_user_ta_enter().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

GP Internal Core API v1.1 : add defines, update type

Note: TEE_DATA_FLAG_OVERWRITE not supported

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@lina

GP Internal Core API v1.1 : add defines, update type

Note: TEE_DATA_FLAG_OVERWRITE not supported

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: James Kung <james.kung@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM Cannes)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)

show more ...

Minor updates and cleanup

Open-source the TEE Core

Signed-off-by: Pascal Brand <pascal.brand@st.com>