GP131: check permissions on buffer passed to other TAs

In TEE Internal Core API Specification version 1.2 there is a passed in
"4.9.4 Operation Parameters in the Internal Client API" that says that:

GP131: check permissions on buffer passed to other TAs

In TEE Internal Core API Specification version 1.2 there is a passed in
"4.9.4 Operation Parameters in the Internal Client API" that says that:
Where all or part of the referenced memory buffer was passed to the
TA from the REE or from another TA, the implementation SHALL NOT
result in downgrade of the security characteristics of the buffer.
That is, buffers read-only memrefs should not be passed on to other TAs
as read/write. Fix this by adding the needed check in
TEE_OpenTASession() and TEE_InvokeTACommand().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_CheckMemoryAccessRights()

Updates TEE_CheckMemoryAccessRights() to be more strict by taking passed
memory parameters (memrefs) and heap allocations into account.

Reviewed-by: Etie

GP131: Update TEE_CheckMemoryAccessRights()

Updates TEE_CheckMemoryAccessRights() to be more strict by taking passed
memory parameters (memrefs) and heap allocations into account.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carrie

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF),

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF), but handled as hashes in the API.

Adds API for SHA-3 based HMAC functions.

For XOF algorithms crypto_hash_final() can be called multiple times and
generate an arbitrary amount of data. Note that this data will have a
common prefix if done over the same input (see A.2 in [1]).

[1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissi

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_FreeOperation()

Update TEE_FreeOperation() according to TEE Internal Core API version
1.3.1. TEE_FreeOperation() does nothing if operation is TEE_HANDLE_NULL.

Reviewed-by: Jerome

GP131: Update TEE_FreeOperation()

Update TEE_FreeOperation() according to TEE Internal Core API version
1.3.1. TEE_FreeOperation() does nothing if operation is TEE_HANDLE_NULL.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TA property gpd.ta.endian

Adds the new property "gpd.ta.endian" to report the endianness used by
the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

GP131: add TA property gpd.ta.endian

Adds the new property "gpd.ta.endian" to report the endianness used by
the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add ta property gpd.tee.internalCore.version

Adds the new property "gpd.tee.internalCore.version" to report the
TEE Internal Core API Specification version number used.

Reviewed-by: Jerome F

GP131: add ta property gpd.tee.internalCore.version

Adds the new property "gpd.tee.internalCore.version" to report the
TEE Internal Core API Specification version number used.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_BigInt*() functions

Updates the following functions:
- TEE_BigIntInitFMMContext()
- TEE_BigIntFMMContextSizeInU32()
- TEE_BigIntFMMSizeInU32()
- TEE_BigIntInitFMMContext()
- TEE_Bi

GP131: Update TEE_BigInt*() functions

Updates the following functions:
- TEE_BigIntInitFMMContext()
- TEE_BigIntFMMContextSizeInU32()
- TEE_BigIntFMMSizeInU32()
- TEE_BigIntInitFMMContext()
- TEE_BigIntInitFMM()
- TEE_BigIntShiftRight()
according to TEE Internal Core API version 1.3.1. The modulusSizeInBits,
len, and bufferLen parameters are changed to use size_t instead of
uint32_t.

TEE_BigIntInitFMMContext1() is added.

TEE_BigIntInit() checks that supplied length isn't larger than
"gpd.tee.arith.maxBigIntSize", based on CFG_TA_BIGNUM_MAX_BITS.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_GenerateRandom()

Update TEE_GenerateRandom() according to TEE Internal Core API version
1.3.1. The randomBufferLen parameter is changed to use size_t instead of
uint32_t.

Reviewed

GP131: Update TEE_GenerateRandom()

Update TEE_GenerateRandom() according to TEE Internal Core API version
1.3.1. The randomBufferLen parameter is changed to use size_t instead of
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()

Updates TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()
according to TEE Internal Core API version 1.3.1. The di

GP131: Update TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()

Updates TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()
according to TEE Internal Core API version 1.3.1. The digestLen and
signatureLen parameters are changed to use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen parameters
are changed to use size_t instead of uint32_t

Adds the optional attribute TEE_ATTR_RSA_OAEP_MGF_HASH which if provided
specifies the MGF1 hash function to use. Prior to GP v1.3.1 it was
implementation defined. OP-TEE only supports using the same MGF1 hash
function as the internal hash function of the algorithim, that is, for
the algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x that hash function
TEE_ALG_x is used.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AE* functions

Updates the following functions:
- TEE_AEInit()
- TEE_AEUpdateAAD()
- TEE_AEUpdate()
- TEE_AEEncryptFinal()
- TEE_AEDecryptFinal()
according to TEE Internal Core API

GP131: Update TEE_AE* functions

Updates the following functions:
- TEE_AEInit()
- TEE_AEUpdateAAD()
- TEE_AEUpdate()
- TEE_AEEncryptFinal()
- TEE_AEDecryptFinal()
according to TEE Internal Core API version 1.3.1. The nonceLen, AADLen,
payloadLen, AADdataLen, srcLen, destLen and tagLen parameters are
changed to use size_t instead of uint32_t.

Note that the tagLen parameter of TEE_AEInit() is still of the type
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_{Digest,Cipher,MAC}* functions

Updates the following functions:
- TEE_CipherDoFinal()
- TEE_CipherInit()
- TEE_CipherUpdate()
- TEE_DigestDoFinal()
- TEE_DigestUpdate()
- TEE_MACCo

GP131: Update TEE_{Digest,Cipher,MAC}* functions

Updates the following functions:
- TEE_CipherDoFinal()
- TEE_CipherInit()
- TEE_CipherUpdate()
- TEE_DigestDoFinal()
- TEE_DigestUpdate()
- TEE_MACCompareFinal()
- TEE_MACComputeFinal()
- TEE_MACInit()
- TEE_MACUpdate()
according to TEE Internal Core API version 1.3.1. The chunkSize,
chunkLen, hashLen, srcLen, destLen, IVLen, messageLen and macLen
parameters are changed to use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_GetOperationInfoMultiple()

Update TEE_GetOperationInfoMultiple() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

GP131: Update TEE_GetOperationInfoMultiple()

Update TEE_GetOperationInfoMultiple() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_SeekObjectData()

Update TEE_SeekObjectData() according to TEE Internal Core API version
1.3.1. The offset parameter is changed to use intmax_t instead of
int32_t.

Reviewed-by: Jer

GP131: Update TEE_SeekObjectData()

Update TEE_SeekObjectData() according to TEE Internal Core API version
1.3.1. The offset parameter is changed to use intmax_t instead of
int32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_TruncateObjectData()

Update TEE_TruncateObjectData() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

Reviewed-by

GP131: Update TEE_TruncateObjectData()

Update TEE_TruncateObjectData() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_ReadObjectData() and TEE_WriteObjectData()

Updates TEE_ReadObjectData() and TEE_WriteObjectData() according to TEE
Internal Core API version 1.3.1. The size and count parameters ar

GP131: Update TEE_ReadObjectData() and TEE_WriteObjectData()

Updates TEE_ReadObjectData() and TEE_WriteObjectData() according to TEE
Internal Core API version 1.3.1. The size and count parameters are
changed to use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_RenamePersistentObject() and TEE_GetNextPersistentObject()

Update TEE_RenamePersistentObject() and TEE_GetNextPersistentObject()
according to TEE Internal Core API version 1.3.1. T

GP131: Update TEE_RenamePersistentObject() and TEE_GetNextPersistentObject()

Update TEE_RenamePersistentObject() and TEE_GetNextPersistentObject()
according to TEE Internal Core API version 1.3.1. The size parameter is
changed to use size_t instead of uint32_t

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_CreatePersistentObject()

Update TEE_CreatePersistentObject() according to TEE Internal Core API
version 1.3.1. The objectIDLen parameter is changed to use size_t
instead of uint32_

GP131: Update TEE_CreatePersistentObject()

Update TEE_CreatePersistentObject() according to TEE Internal Core API
version 1.3.1. The objectIDLen parameter is changed to use size_t
instead of uint32_t.

The object parameter is now an optional pointer to a handle. When NULL
the standard says:
If attributes is a handle on an initialized transient object,
the initialized transient object SHALL be transformed to a
persistent object.
So syscall_storage_obj_create() is also updated accordingly.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_OpenPersistentObject()

Update TEE_OpenPersistentObject() according to TEE Internal Core API
version 1.3.1. The objectIDLen parameter is changed to use size_t
instead of uint32_t.

GP131: Update TEE_OpenPersistentObject()

Update TEE_OpenPersistentObject() according to TEE Internal Core API
version 1.3.1. The objectIDLen parameter is changed to use size_t
instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_InitRefAttribute()

Update TEE_InitRefAttribute() according to TEE Internal Core API version
1.3.1. The size parameter is changed to use size_t instead of uint32_t.

Reviewed-by: Je

GP131: Update TEE_InitRefAttribute()

Update TEE_InitRefAttribute() according to TEE Internal Core API version
1.3.1. The size parameter is changed to use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AllocateTransientObject()

Update TEE_AllocateTransientObject() according to TEE Internal Core API
version 1.3.1.

It's not permitted to use TEE_AllocateTransientObject() to allocat

GP131: Update TEE_AllocateTransientObject()

Update TEE_AllocateTransientObject() according to TEE Internal Core API
version 1.3.1.

It's not permitted to use TEE_AllocateTransientObject() to allocate
objects with the type TEE_TYPE_DATA any longer.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_GetObjectBufferAttribute()

Update TEE_GetObjectBufferAttribute() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

GP131: Update TEE_GetObjectBufferAttribute()

Update TEE_GetObjectBufferAttribute() according to TEE Internal Core API
version 1.3.1. The size parameter is changed to use size_t instead of
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_MemMove(), TEE_MemCompare() and TEE_MemFill()

Update TEE_MemMove(), TEE_MemCompare() and TEE_MemFill() according to
TEE Internal Core API version 1.3.1. The size parameter is chan

GP131: Update TEE_MemMove(), TEE_MemCompare() and TEE_MemFill()

Update TEE_MemMove(), TEE_MemCompare() and TEE_MemFill() according to
TEE Internal Core API version 1.3.1. The size parameter is changed to
use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...