tree-wide: use ROUNDUP_DIV() where applicable

Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Je

tree-wide: use ROUNDUP_DIV() where applicable

Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since G

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since GP TEE Internal Core API specification only allows
these modes for TEE_ALG_RSA_NOPAD algorithm. The pkcs11 TA only support
sign operation when the provided payload is exactly of the same size
as the RSA key used and checks the generate signature is of right size.

This mechanism can be needed to support CKM_RSA_X_509 for TLSv1.2
connections.

Add CFG_PKCS11_TA_RSA_X_509 to allow configuring the pkcs11 TA
with or without raw RSA crypto support. The config switch is default
enabled.

Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: implement AES GCM operations

Implement AES GCM authenticated encryption and decryption.

AES GCM decryption requires that the output data is revealed only once
decryption is finalized an

ta: pkcs11: implement AES GCM operations

Implement AES GCM authenticated encryption and decryption.

AES GCM decryption requires that the output data is revealed only once
decryption is finalized and the MAC signature successfully verified.
For this operation, the AES GCM context references a dynamically
allocated data buffer to store output data as they are generated by
each call to TEE_AEUpdate().

AES GCM one-shot operation in the pkc11 TA is a bit specific in that
it requires an extra TEE operation handle to save the initialized
operation state in case of one shot processing request (C_Encrypt()
or C_Decrypt() cryptoki API functions) that queries the output buffer
size. GP TEE Internal Core API does not define a single API function
for such one shot operation that could be called to query the output
buffer size. We must first fully process the input data (TEE_AEUpdate())
before we can query the output buffer size with TEE_AEEncryptFinal() or
TEE_AEDecryptFinal(). Consequently we will need to process again the
input data when client provides a well sized output buffer as we are not
sure that input data will be the same. Therefore the implementation
allocates a 2nd operation handle, copy the operation state into after
it is initialized and use this context to restore this initial state in
case the one shot AE operation is returning PKCS11_CKR_BUFFER_TOO_SMALL.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Co-developed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: fix build warning on unused arguments

Add missing __maybe_unused attribute for function arguments not
used when the pkcs11 TA is built with NDEBUG directive, as shown
by the following bu

ta: pkcs11: fix build warning on unused arguments

Add missing __maybe_unused attribute for function arguments not
used when the pkcs11 TA is built with NDEBUG directive, as shown
by the following build trace message:

ta/pkcs11/src/pkcs11_attributes.c: In function ‘get_default_value’:
ta/pkcs11/src/pkcs11_attributes.c:261:61: warning: unused parameter ‘id’ [-Wunused-parameter]
261 | static enum pkcs11_rc get_default_value(enum pkcs11_attr_id id, void **value,
| ~~~~~~~~~~~~~~~~~~~~^~
ta/pkcs11/src/pkcs11_attributes.c: In function ‘check_created_attrs_against_processing’:
ta/pkcs11/src/pkcs11_attributes.c:1647:73: warning: unused parameter ‘head’ [-Wunused-parameter]
1647 | struct obj_attrs *head)
| ~~~~~~~~~~~~~~~~~~^~~~

Fixes: 63f89caa9022 ("ta: pkcs11: attribute helper functions")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: check returned value of mbedtls_pk_rsa()

Check returned pointer of mbedtls_pk_rsa() as it can return NULL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Foris

ta: pkcs11: check returned value of mbedtls_pk_rsa()

Check returned pointer of mbedtls_pk_rsa() as it can return NULL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes:

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: p

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful st

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful status instead of bad argument error code when
there is no key check value attribute to compute.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
in

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
instead of in the heap since the block is quite small.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
c

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
check value attribute is optional therefore add pkcs11 TA configuration
switch CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE to embed or not the support.

When supported, as per the spec, the attribute can be either the
legitimate value recomputed by the PKCS#11 token or a zero-sized value
called a no-value for when client does not want the attribute to set
in an object.

This change adds the support for the pcks11 TA commands related to
Cryptoki API functions C_GenerateKey(), C_CreateObject(), C_CopyObject(),
C_SetAttributeValue(), C_UnwrapKey() and C_DeriveKey(). TA command
related to C_FindOjects() support the attribute without any change.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.ja

ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jä

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>

show more ...

ta: pkcs11: on RSA public key import calculate CKA_MODULUS_BITS

When RSA public key is created with C_CreateObject() CKA_MODULUS_BITS is
not allowed to be specified.

The tooling like pkcs11-tool ex

ta: pkcs11: on RSA public key import calculate CKA_MODULUS_BITS

When RSA public key is created with C_CreateObject() CKA_MODULUS_BITS is
not allowed to be specified.

The tooling like pkcs11-tool expects that the value is there.

In specification it is not specified clearly that it needs to be
calculated but it is assumed to be in the RSA public key object.

Calculate the value and add it to the object during RSA public key import.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: remove redundant comment about start and end date

PKCS#11 standard specifies that verification or usage of start and end
date for certificate objects is responsibility of the application

ta: pkcs11: remove redundant comment about start and end date

PKCS#11 standard specifies that verification or usage of start and end
date for certificate objects is responsibility of the application.

There is no other activity than storage needed for those.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES K

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES KWP mechanism CKM_AES_KEY_WRAP_KWP
which is not currently implemented in OP-TEE nor mentioned in
Global Platform specification.

Use the MBedTLS to wrap/unwrap the target key.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some memory has to be
allocated and populated. After the unwrapping an allocated
memory has to be freed. To generalise, return the secret
key value as a copy.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-editor.org/rfc/rfc8420.html
A.1. ASN.1 Object for Ed25519

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: PKCS11_CKM_AES_CBC_PAD is not supported

Remove PKCS11_CKM_AES_CBC_PAD from the list of the supported mechanism
as it is not implemented by the TA.

Fixes: https://github.com/OP-TEE/optee

ta: pkcs11: PKCS11_CKM_AES_CBC_PAD is not supported

Remove PKCS11_CKM_AES_CBC_PAD from the list of the supported mechanism
as it is not implemented by the TA.

Fixes: https://github.com/OP-TEE/optee_os/issues/5142
Acked-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: support for ECDH1_DERIVE

Add support for ECDH1_DERIVE operation.

Only the key derivation function CKD_NULL is supported: the raw shared
secret value is therefore generated without apply

ta: pkcs11: support for ECDH1_DERIVE

Add support for ECDH1_DERIVE operation.

Only the key derivation function CKD_NULL is supported: the raw shared
secret value is therefore generated without applying any key
derivation function.

Tested with pkcs11_tool -m ECDH1-DERIVE

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Co-developed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key ce

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linar

ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <et

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add operation state in session

Add more operation states to take care of scenarios like failure
of an incremental (update) operation if a one-shot/final operation
has been started.

Sign

ta: pkcs11: Add operation state in session

Add more operation states to take care of scenarios like failure
of an incremental (update) operation if a one-shot/final operation
has been started.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...