lib: libutee: init array to 0

Add missing initialization in array declaration.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Revi

lib: libutee: init array to 0

Add missing initialization in array declaration.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

Revert "libutee: TEE_MACCompareFinal(): panic if input size is too large"

This reverts commit dbb3274a60f0b258fe115ed1678fc569335c0c5d. It turns
out the panic reason cited in the commit ("If input d

Revert "libutee: TEE_MACCompareFinal(): panic if input size is too large"

This reverts commit dbb3274a60f0b258fe115ed1678fc569335c0c5d. It turns
out the panic reason cited in the commit ("If input data exceeds maximum
length for the algorithm") applies to the message only and has nothing
to do with macLen. The same sentence appears elsewhere in the spec where
there is no ambiguity.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_MACCompareFinal(): panic if input size is too large

The GlobalPlatform TEE Internal Core API specification mentions the
following panic reason for TEE_MACCompareFinal(): "if input data

libutee: TEE_MACCompareFinal(): panic if input size is too large

The GlobalPlatform TEE Internal Core API specification mentions the
following panic reason for TEE_MACCompareFinal(): "if input data exceeds
the maximum length for the algorithm". The current code returns
TEE_ERROR_MAC_INVALID instead. Fix this by assigning error code
TEE_ERROR_BAD_PARAMETERS which gets translated into a panic later.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: check srcLen in TEE_CipherDoFinal()

Adds another check of srcLen in TEE_CipherDoFinal() before calling
tee_buffer_update() to make sure that we don't dereference destLen when
it's NULL.

Th

libutee: check srcLen in TEE_CipherDoFinal()

Adds another check of srcLen in TEE_CipherDoFinal() before calling
tee_buffer_update() to make sure that we don't dereference destLen when
it's NULL.

This fixes coverity scan:
CID 1501811 (#1 of 1): Dereference after null check (FORWARD_NULL)

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee: TEE_CopyOperation() copy info.digestLength

When copying an operation include info.digestLength in the copied fields
which is needed for the authenticated encryption algorithms AES-GCM and
A

libutee: TEE_CopyOperation() copy info.digestLength

When copying an operation include info.digestLength in the copied fields
which is needed for the authenticated encryption algorithms AES-GCM and
AES-CCM.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Tony He <tony.he@armchina.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_CopyOperation() check operation mode

Adds a check in TEE_CopyOperation() to panic if operation mode doesn't
match in the source and destination operations.

Reviewed-by: Jerome Forissie

libutee: TEE_CopyOperation() check operation mode

Adds a check in TEE_CopyOperation() to panic if operation mode doesn't
match in the source and destination operations.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Use fallthrough pseudo-keyword in switch/case statements

Use fallthrough; in switch/case statements. Imported libraries
(libtomcrypt, libmbedtls) are not modified to minimize differences with
upstre

Use fallthrough pseudo-keyword in switch/case statements

Use fallthrough; in switch/case statements. Imported libraries
(libtomcrypt, libmbedtls) are not modified to minimize differences with
upstream.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix TEE_GetOperationInfoMultiple()

The size parameter passed to TEE_GetOperationInfoMultiple() tells the
size of the op_info buffer. The maximum number of keys which can be
contained in the

libutee: fix TEE_GetOperationInfoMultiple()

The size parameter passed to TEE_GetOperationInfoMultiple() tells the
size of the op_info buffer. The maximum number of keys which can be
contained in the struct can be calculated from this size parameter.

Prior to this patch is was assumed that the caller by this specified the
exact number of keys to report. This is not correct as the size
parameter is only the upper limit. Fix this by instead figuring out how
many keys (one or two) needs to be returned and after that check if the
buffer is large enough.

Fixes: 05304565f188 ("GP11 : TEE_GetOperationInfoMultiple")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix TEE_SetOperationKey() and TEE_SetOperationKey2()

Supplying TEE_HANDLE_NULL instead of a valid key handle is supposed to
clear an eventual already present key from the operation handle a

libutee: fix TEE_SetOperationKey() and TEE_SetOperationKey2()

Supplying TEE_HANDLE_NULL instead of a valid key handle is supposed to
clear an eventual already present key from the operation handle and
return TEE_SUCCESS. Prior to this patch the key(s) where halfway cleared
and then functions panicked with TEE_ERROR_BAD_PARAMETERS. So fix this.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_GetOperationInfo() v1.1 update

In the v1.1 specification [1] TEE_GetOperationInfo() is required to set
keySize and requiredKeyUsage to 0 if TEE_HANDLE_FLAG_EXPECT_TWO_KEYS is
set in han

libutee: TEE_GetOperationInfo() v1.1 update

In the v1.1 specification [1] TEE_GetOperationInfo() is required to set
keySize and requiredKeyUsage to 0 if TEE_HANDLE_FLAG_EXPECT_TWO_KEYS is
set in handleState.

This is a clarification compared to the v1.0 [2] specification where
nothing special was noted for those fields when
TEE_HANDLE_FLAG_EXPECT_TWO_KEYS is set.

[1]: GlobalPlatform TEE Internal Core API Specification v1.1
[2]: GlobalPlatform TEE Internal API Specification v1.0
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_AllocateOperation(): digest operations must have 0 max key size

Make sure that the "maxKeySize" parameter supplied to
TEE_AllocateOperation() is 0 for digest operations since they don't

libutee: TEE_AllocateOperation(): digest operations must have 0 max key size

Make sure that the "maxKeySize" parameter supplied to
TEE_AllocateOperation() is 0 for digest operations since they don't
accept any keys.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP 1.1: Check parameters annotated in the specification

Checks that all the function parameters which are annotated in the
specification [1] are compliant with regards to memory access and memory
lo

GP 1.1: Check parameters annotated in the specification

Checks that all the function parameters which are annotated in the
specification [1] are compliant with regards to memory access and memory
location. In case the check fails the TA panics to help debugging. The
more precise and expensive checks can be disabled with
CFG_TA_STRICT_ANNOTATION_CHECKS=n.

TEE_Realloc(), TEE_MemMove(), TEE_MemCompare(), TEE_MemFill() are
skipped for performance reasons. The TA will instead die with a fatal
exception if buffers supplied to these functions do not follow the
annotation rules.

[1]: GlobalPlatform TEE Internal Core API Specification v1.1

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: TEE_AsymmetricSignDigest support 0 signature len

User can call TEE_AsymmetricSignDigest with a NULL signature and a valid
zero signatureLen in order to discover the size of the required
sig

libutee: TEE_AsymmetricSignDigest support 0 signature len

User can call TEE_AsymmetricSignDigest with a NULL signature and a valid
zero signatureLen in order to discover the size of the required
signature buffer (function should then return TEE_ERROR_SHORT_BUFFER and
update signatureLen with the required amount).

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: crypto: AE: Explicitly initialize buffer_offs

Explicitly initialize operation param buffer_offs in TEE_AEInit() instead
of relying on TEE_AllocateOperation() as it may cause issues while us

libutee: crypto: AE: Explicitly initialize buffer_offs

Explicitly initialize operation param buffer_offs in TEE_AEInit() instead
of relying on TEE_AllocateOperation() as it may cause issues while using
operation handle allocated once and used in subsequent authenticated
encryption operations.

It is quite similar to how TEE_CipherInit() and init_hash_operation()
initializes buffer_offs.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee: Remove ae_tag_len from __TEE_OperationHandle

Remove ae_tag_len from __TEE_OperationHandle structure, since
that information is available in the TEE_OperationInfo.digestLength
field.

Signed

libutee: Remove ae_tag_len from __TEE_OperationHandle

Remove ae_tag_len from __TEE_OperationHandle structure, since
that information is available in the TEE_OperationInfo.digestLength
field.

Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: Set digestLength value in TEE_OperationInfo structure

Set digestLength as specified in TEE Internal Core API,
section 6.2.3.

Introduce a new macro TEE_ALG_GET_DIGEST_SIZE() to utee_defines

libutee: Set digestLength value in TEE_OperationInfo structure

Set digestLength as specified in TEE Internal Core API,
section 6.2.3.

Introduce a new macro TEE_ALG_GET_DIGEST_SIZE() to utee_defines.h,
combining the implementation of tee_hash_get_digest_size() and
tee_mac_get_digest_size()

Fixes: https://github.com/OP-TEE/optee_os/issues/3471

Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled w

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enab

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enabled with CFG_CRYPTO_SM2_DSA=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with CFG_CRYPTO_SM2_PKE=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: remove buf_compare_ct()

Now that we have consttime_memcmp(), buf_compare_ct() is redundant.
Every time buf_compare_ct() is used, consttime_memcmp() may be used
instead.

This commit remove

libutils: remove buf_compare_ct()

Now that we have consttime_memcmp(), buf_compare_ct() is redundant.
Every time buf_compare_ct() is used, consttime_memcmp() may be used
instead.

This commit removes buf_compare_ct(). A compatibility wrapper is kept
in <string_ext.h> to avoid knowingly breaking the build of any TA that
may use it.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...