Make TEE Core TA interaction 64-bit compatible

* Updates TA entry
* Update ta_head
* Updates the syscall interface
* Adds functions to make a short pointer (32-bit uref) from a kernel pointer
and

Make TEE Core TA interaction 64-bit compatible

* Updates TA entry
* Update ta_head
* Updates the syscall interface
* Adds functions to make a short pointer (32-bit uref) from a kernel pointer
and vice versa

Note that this change is not backwards compatible, TAs needs to be
recompiled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Add ALIGNMENT_IS_OK to libutils/ext/include/util.h, delete unused code

TEE_ALIGNMENT_IS_OK() is renamed ALIGNMENT_IS_OK() and moved to
lib/libutils/ext/include/util.h, which avoids duplication (was

Add ALIGNMENT_IS_OK to libutils/ext/include/util.h, delete unused code

TEE_ALIGNMENT_IS_OK() is renamed ALIGNMENT_IS_OK() and moved to
lib/libutils/ext/include/util.h, which avoids duplication (was
previously in core/include/kernel/tee_common_unpg.h and
lib/libutee/include/utee_defines.h). Call sites are adjusted
accordingly.

It is assumed that the compiler keyword __alignof__ is available, so
CFG_TC_NO_ALIGNOF is of no use. We also remove unused definitions:
TEE_ALIGNMENT_*B_IS_OK().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Sign

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

GP Internal Core API v1.1 : generic object functions

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal

GP Internal Core API v1.1 : generic object functions

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

util.h: add parentheses in ROUND{UP,DOWN} macros

Adds parentheses in ROUND{UP,DOWN} macros in util.h and removes
ROUND{UP,DOWN} and MIN/MAX macros from utee_defines.h as they are
redundant.

Signed-

util.h: add parentheses in ROUND{UP,DOWN} macros

Adds parentheses in ROUND{UP,DOWN} macros in util.h and removes
ROUND{UP,DOWN} and MIN/MAX macros from utee_defines.h as they are
redundant.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2898.txt), which is a re-publish of PKCS #5 v2.0.
The underlying pseudorandom function is HMAC-SHA1, which is the default PRF
specified in the RFC. It would be trivial to support the other HMAC functions
already implemented in OP-TEE.

See documentation/extensions/crypto_pbkdf2.md for details.

Tested on PLATFORM=vexpress-qemu_virt with the test vectors from RFC 6070
(https://www.ietf.org/rfc/rfc6070.txt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a bas

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a basic and essential component of
cryptographic systems. Its goal is to take some source of initial
keying material and derive from it one or more cryptographically
strong secret keys.
[...]
HKDF follows the "extract-then-expand" paradigm, where the KDF
logically consists of two modules.
[...]
The goal of the "extract" stage is to "concentrate" the possibly
dispersed entropy of the input keying material into a short, but
cryptographically strong, pseudorandom key.
[...]
The second stage "expands" the pseudorandom key to the desired
length; the number and lengths of the output keys depend on the
specific cryptographic algorithms for which the keys are needed.

Since HKDF is not covered by the GlobalPlatform Internal API specification
v1.0/v1.1, this commit introduces extensions to the specification.
More specifically: it defines new algorithms, a new object type and new
object attributes. This implementation supports all the usual hash
functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) and may
produce output keys of length up to 4096 bits (currently limited only by
the maximum size allowed for an object of type TEE_TYPE_GENERIC_SECRET).
Aside from minor updates to object manipulation functions to support
the new data, the function TEE_DeriveKey() is mostly impacted.

The file documentation/extensions/crypto_hkdf.md contains the modifications
to the GP Internal API v1.0 spec in order to support HKDF.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Reco

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Recommendation for Pair-Wise
Key Establishment Schemes Using Discrete Logarithm Cryptography"
(http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf)

This is a TEE implementation of the function, which supports the following
hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
The actual key derivation is implemented in TEE_DeriveKey() thanks to
custom extensions to the GlobalPlatform API v1.0. Please refer to
documentation/extensions/crypto_concat_kdf.md for details.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

TEE_ROUNDxxx renamed in ROUNDxxx in libutee

This change is to have the same macro names in core
part and libutee part

Open-source the TEE Core

Signed-off-by: Pascal Brand <pascal.brand@st.com>