Remove __noreturn from TEE_Panic prototype

According to the Global Plaform Internal Core API v1.1, the prototype
of the function TEE_Panic must be
void TEE_Panic(TEE_Result panicCode);

Reviewed

Remove __noreturn from TEE_Panic prototype

According to the Global Plaform Internal Core API v1.1, the prototype
of the function TEE_Panic must be
void TEE_Panic(TEE_Result panicCode);

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

select base types based on ILP32 and LP64 defines

* Selects base types base on the __ILP32__ and __LP64__ defines
* Fixes warnings from change of base types

Signed-off-by: Jens Wiklander <jens.wikl

select base types based on ILP32 and LP64 defines

* Selects base types base on the __ILP32__ and __LP64__ defines
* Fixes warnings from change of base types

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Rename CFG_TRACE_LEVEL to TRACE_LEVEL

The trace level macro is not meant to be configured directly, it takes its
value from CFG_TEE_CORE_LOG_LEVEL (when the TEE core is compiled) or from
CFG_TEE_TA_

Rename CFG_TRACE_LEVEL to TRACE_LEVEL

The trace level macro is not meant to be configured directly, it takes its
value from CFG_TEE_CORE_LOG_LEVEL (when the TEE core is compiled) or from
CFG_TEE_TA_LOG_LEVEL (when user libraries are compiled). Therefore it should
not have a CFG_ prefix.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: rename aeabi files

Renames aeabi files to reflect the processor mode (ARM32) and instruction
set used in assembly files (A32).

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Te

libutils: rename aeabi files

Renames aeabi files to reflect the processor mode (ARM32) and instruction
set used in assembly files (A32).

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Define 32-bit ABI

Defines 32-bit ABI for various types passed by reference. Either by an
explicit conversion to/from TEE_Param and TEE_Attribute or by changing
size_t to uint32_t. Affected interface

Define 32-bit ABI

Defines 32-bit ABI for various types passed by reference. Either by an
explicit conversion to/from TEE_Param and TEE_Attribute or by changing
size_t to uint32_t. Affected interfaces are SVC interface and parameters
passed to user TA inside tee_user_ta_enter().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

GP Internal Core API v1.1 : add defines, update type

Note: TEE_DATA_FLAG_OVERWRITE not supported

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@lina

GP Internal Core API v1.1 : add defines, update type

Note: TEE_DATA_FLAG_OVERWRITE not supported

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: James Kung <james.kung@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM Cannes)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)

show more ...

Handle "keep alive" TA property

At session open, if a TA instance is found, single session TAs are
busy only if context already handle a session.

At session closure, KeepAlive TA must close all pen

Handle "keep alive" TA property

At session open, if a TA instance is found, single session TAs are
busy only if context already handle a session.

At session closure, KeepAlive TA must close all pending session
but not free remaining allocations nor free its context.

From user TA entry code, remove useless "ta_dead" field and insure
heap and math support is only initialized once (for KeepAlive TA not
to re-init these libs).

Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Added Abstract Layer for PRNG

- Extended crypto_ops with a new prng_ops which handles prng operations.
- Replace calls to get_rng_array() with crypto_ops.prng.read(), this
enforces PRNG operations

Added Abstract Layer for PRNG

- Extended crypto_ops with a new prng_ops which handles prng operations.
- Replace calls to get_rng_array() with crypto_ops.prng.read(), this
enforces PRNG operations go through PRNG HAL, instead of invoking
platform-dependent PRNG implementation directly.
- Create a new mpa_set_random_generator() interface for mpa user to register
a callback to generate random number, instead of expecting the user to provide
a get_rng_array(). This enables libmpa uses crypto_ops.prng.read().
- Added a new configuration CFG_WITH_PRNG_SOFTWARE to toggle SW/HW-dependent
PRNG implementation.
- The SW PRNG implementation is supplied by backed cryto library(libtomcrypt).
- Added a new SW PRNG 'Fortuna' to libtomcrypt.
- Added a new SW PRNG 'RC4' to libtomcrypt, when Fortuna is not available due
to AES and SHA256 not available, fallback to RC4.
- Get rid of bad implemented SW PRNG in plat_vexpress(rng_support.c).
- If CFG_WITH_PRNG_SOFTWARE is not enabled, the platform needs to supply
hw_get_random_byte().

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)

show more ...

types_ext.h: add PRI* macros

* Adds PRIxVA and PRIxPA macros to types.h.
* Includes inttypes.h instead of stdint.h to make all PRI* macros
available when including this file.

Signed-off-by: Jens

types_ext.h: add PRI* macros

* Adds PRIxVA and PRIxPA macros to types.h.
* Includes inttypes.h instead of stdint.h to make all PRI* macros
available when including this file.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

libutee: AES buffer not processed when size=16

In TEE_CipherUpdate, buffers must be processed when
the size of the input buffer is exactly the right minimum size.
As an example, in AES128, 16 bytes

libutee: AES buffer not processed when size=16

In TEE_CipherUpdate, buffers must be processed when
the size of the input buffer is exactly the right minimum size.
As an example, in AES128, 16 bytes output must be given
every 16 bytes input.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Tested-by: Jeremy PLANEIX <jeremy.planeix@st.com>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Internal API extension on Cache Operations

Following extensions are introduced:
- TEE_CacheClean()
- TEE_CacheFlush()
- TEE_CacheInvalidate()

Reviewed-by: Jerome Forissier <jerome.foris

Internal API extension on Cache Operations

Following extensions are introduced:
- TEE_CacheClean()
- TEE_CacheFlush()
- TEE_CacheInvalidate()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Fix user TA trace issue

Definition of the global "trace_level" variable has been
moved from the libutil to a TA file (user_ta_header.c).
This allows to initialize it with the correct value/level
CFG

Fix user TA trace issue

Definition of the global "trace_level" variable has been
moved from the libutil to a TA file (user_ta_header.c).
This allows to initialize it with the correct value/level
CFG_TEE_TA_LOG_LEVEL when the TA code is compiled.
Same trace level is now applied at all TA code and associated
libraries: libutee/libutils/libmpa.

Change-Id: Id6bda7f0611f78fe7ad3ee6b61193f4b80aba94d
Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-on: https://gerrit.st.com/22472
Reviewed-by: Emmanuel MICHEL <emmanuel.michel@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

util.h: add parentheses in ROUND{UP,DOWN} macros

Adds parentheses in ROUND{UP,DOWN} macros in util.h and removes
ROUND{UP,DOWN} and MIN/MAX macros from utee_defines.h as they are
redundant.

Signed-

util.h: add parentheses in ROUND{UP,DOWN} macros

Adds parentheses in ROUND{UP,DOWN} macros in util.h and removes
ROUND{UP,DOWN} and MIN/MAX macros from utee_defines.h as they are
redundant.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

snprintf: add 64bit support

* Adds AEABI support for 64-bit division
* Updates snprintf.c from a more resent version of subr_prf.c from
NetBSD

Signed-off-by: Jens Wiklander <jens.wiklander@linaro

snprintf: add 64bit support

* Adds AEABI support for 64-bit division
* Updates snprintf.c from a more resent version of subr_prf.c from
NetBSD

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

compiler.h: add section macros

Adds convenience macros to supply the section attribute.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@lin

compiler.h: add section macros

Adds convenience macros to supply the section attribute.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

SE API: hide private interfaces

- Split each headers into module.h and module_priv.h, move the methods that
is only used internally by SE implementation to module_priv.h, and export
module_priv.

SE API: hide private interfaces

- Split each headers into module.h and module_priv.h, move the methods that
is only used internally by SE implementation to module_priv.h, and export
module_priv.h to rest of TEE Core
- Added new include path to se_api_self_tests.c for which needs to include
private headers
- Split aid.c and apdu.c from iso7816.c. Originally they have to be wriiten in
the same file since they share some private data structures. Now, the
private data structure can be shared via private headers.
- Split reader.c from manager.c for the same reason above.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h)

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h) in libutee
- Implemented svc handler for SE API
- rename protocol.[ch] to iso7816.[ch]
- prefix aid_* with "tee_se_"
- add an option to enable/disable se_api_self_tests

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

SE API: SE Manager and Reader implementation

- Introduce an interface for developers to write reader driver
(core/include/tee/se/reader/interface.h)
- A sample reader driver implementation: PC/SC

SE API: SE Manager and Reader implementation

- Introduce an interface for developers to write reader driver
(core/include/tee/se/reader/interface.h)
- A sample reader driver implementation: PC/SC passthru reader
(core/tee/se/reader/passthru_reader)
- Currently supported machine is qemu-virt (compile with --with-pcsc-passthru)
- A selftest STA is included to test the functionality of SE Reader
(core/arch/arm32/sta/se_api_self_tests.c)
- To enable SE API, add "WITH_SE_API := y" in your platform config

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2898.txt), which is a re-publish of PKCS #5 v2.0.
The underlying pseudorandom function is HMAC-SHA1, which is the default PRF
specified in the RFC. It would be trivial to support the other HMAC functions
already implemented in OP-TEE.

See documentation/extensions/crypto_pbkdf2.md for details.

Tested on PLATFORM=vexpress-qemu_virt with the test vectors from RFC 6070
(https://www.ietf.org/rfc/rfc6070.txt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a bas

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a basic and essential component of
cryptographic systems. Its goal is to take some source of initial
keying material and derive from it one or more cryptographically
strong secret keys.
[...]
HKDF follows the "extract-then-expand" paradigm, where the KDF
logically consists of two modules.
[...]
The goal of the "extract" stage is to "concentrate" the possibly
dispersed entropy of the input keying material into a short, but
cryptographically strong, pseudorandom key.
[...]
The second stage "expands" the pseudorandom key to the desired
length; the number and lengths of the output keys depend on the
specific cryptographic algorithms for which the keys are needed.

Since HKDF is not covered by the GlobalPlatform Internal API specification
v1.0/v1.1, this commit introduces extensions to the specification.
More specifically: it defines new algorithms, a new object type and new
object attributes. This implementation supports all the usual hash
functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) and may
produce output keys of length up to 4096 bits (currently limited only by
the maximum size allowed for an object of type TEE_TYPE_GENERIC_SECRET).
Aside from minor updates to object manipulation functions to support
the new data, the function TEE_DeriveKey() is mostly impacted.

The file documentation/extensions/crypto_hkdf.md contains the modifications
to the GP Internal API v1.0 spec in order to support HKDF.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Reco

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Recommendation for Pair-Wise
Key Establishment Schemes Using Discrete Logarithm Cryptography"
(http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf)

This is a TEE implementation of the function, which supports the following
hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
The actual key derivation is implemented in TEE_DeriveKey() thanks to
custom extensions to the GlobalPlatform API v1.0. Please refer to
documentation/extensions/crypto_concat_kdf.md for details.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

TEE_DeriveKey(): remove redundant parameter check

paramCount and params are checked by the system service
tee_svc_cryp_derive_key() so they do not need to be checked in libutee.

Signed-off-by: Jero

TEE_DeriveKey(): remove redundant parameter check

paramCount and params are checked by the system service
tee_svc_cryp_derive_key() so they do not need to be checked in libutee.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Cosmetics fixes

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Keep binary compatilities TEECore <--> TA

In case the core is compiled with
CFG_TEE_TA_LOG_LEVEL=0
then TA cannot be compiled with CFG_TEE_TA_LOG_LEVEL!=0 because of the trace
function.

This pa

Keep binary compatilities TEECore <--> TA

In case the core is compiled with
CFG_TEE_TA_LOG_LEVEL=0
then TA cannot be compiled with CFG_TEE_TA_LOG_LEVEL!=0 because of the trace
function.

This patch implements stub trace functions in case of unsufficient trace level.
It also check
- TRACE_LEVEL < 0 instead of TRACE_LEVEL == 0
- TRACE_LEVEL >= 0 instead of TRACE_LEVEL != 0
to take into account negative trae levels

Change-Id: I7b4d2d576c50e103d9cf6f5b22f9f99a1ab96d6a
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add MSG() macro for traces

MSG() and MSG_RAW() macros are added.
They are the same as xMSG() and xMSG_RAW() existing macros, but are not
subject to dynamic trace level

Note that when the core trace

Add MSG() macro for traces

MSG() and MSG_RAW() macros are added.
They are the same as xMSG() and xMSG_RAW() existing macros, but are not
subject to dynamic trace level

Note that when the core trace level is 0, these macros are void.

This patch also fixes an issue with "printf" level.

Change-Id: Ibff6058d7e35d728a46878b345b6e0833c18aec1
Reviewed-on: https://gerrit.st.com/18102
Reviewed-by: Emmanuel MICHEL <emmanuel.michel@st.com>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...