GP131: add TEE_BigIntExpMod()

Adds the function TEE_BigIntExpMod() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntExpMod()

Adds the function TEE_BigIntExpMod() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntAbs()

Adds the function TEE_BigIntAbs() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jen

GP131: add TEE_BigIntAbs()

Adds the function TEE_BigIntAbs() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntSetBit()

Adds the function TEE_BigIntSetBit() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntSetBit()

Adds the function TEE_BigIntSetBit() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntAssign()

Adds the function TEE_BigIntAssign() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntAssign()

Adds the function TEE_BigIntAssign() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_SetOperationKey*()

Update TEE_SetOperationKey() and TEE_SetOperationKey2() according to TEE
Internal Core API version 1.3.1.

Compatibility functions for v1.1 are added due an inco

GP131: Update TEE_SetOperationKey*()

Update TEE_SetOperationKey() and TEE_SetOperationKey2() according to TEE
Internal Core API version 1.3.1.

Compatibility functions for v1.1 are added due an incompatible change
highlighted by the GP compliance test suite. Prior to 1.3 the functions
where should panic if operation state isn't "initial", in 1.3 they are
instead required to always reset the operation state to "initial".

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Upgrade in-tree TAs to use latest version of TEE Internal Core API

Upgrades in-tree TAs to use latest version of TEE Internal Core API and
the compatibility flag is by default turned off.

Upgrading

Upgrade in-tree TAs to use latest version of TEE Internal Core API

Upgrades in-tree TAs to use latest version of TEE Internal Core API and
the compatibility flag is by default turned off.

Upgrading the TAs is basically a matter of replacing a few uint32_t
pointers with size_t pointers instead. This is done in as few places as
possible. So in particular the PKCS#11 TA might benefit from another
round of refactoring now that the contagious use of uint32_t as size
field is removed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add support for TEE_MALLOC_NO_SHARE

Adds support for the TEE_MALLOC_NO_SHARE hint to TEE_Malloc(). With this
there is a check in TEE_OpenTASession() and TEE_InvokeTACommand() to see
that buff

GP131: add support for TEE_MALLOC_NO_SHARE

Adds support for the TEE_MALLOC_NO_SHARE hint to TEE_Malloc(). With this
there is a check in TEE_OpenTASession() and TEE_InvokeTACommand() to see
that buffers allocated with this flag are passed on to other TAs.

A second memory pool is added to be used for memory allocations using
this flag. This means a new configuration variable,
TA_NO_SHARE_DATA_SIZE, for user_ta_header.h. It's set to 0 by default,
so by default nothing can be allocated using the TEE_MALLOC_NO_SHARE
hint.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: check permissions on buffer passed to other TAs

In TEE Internal Core API Specification version 1.2 there is a passed in
"4.9.4 Operation Parameters in the Internal Client API" that says that:

GP131: check permissions on buffer passed to other TAs

In TEE Internal Core API Specification version 1.2 there is a passed in
"4.9.4 Operation Parameters in the Internal Client API" that says that:
Where all or part of the referenced memory buffer was passed to the
TA from the REE or from another TA, the implementation SHALL NOT
result in downgrade of the security characteristics of the buffer.
That is, buffers read-only memrefs should not be passed on to other TAs
as read/write. Fix this by adding the needed check in
TEE_OpenTASession() and TEE_InvokeTACommand().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_CheckMemoryAccessRights()

Updates TEE_CheckMemoryAccessRights() to be more strict by taking passed
memory parameters (memrefs) and heap allocations into account.

Reviewed-by: Etie

GP131: Update TEE_CheckMemoryAccessRights()

Updates TEE_CheckMemoryAccessRights() to be more strict by taking passed
memory parameters (memrefs) and heap allocations into account.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carrie

GP131: add TEE_DigestExtract()

Adds TEE_DigestExtract() to support Extendable Output Functions, that
is, for now TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_hash_final() support XOF

Adds support in syscall_hash_final() for Extendable Output Functions,
that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now.

Acked-by: Etienne Carriere <etie

core: syscall_hash_final() support XOF

Adds support in syscall_hash_final() for Extendable Output Functions,
that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Enable SHA-3 support by default

Enables all the supported SHA-3 algorithms by default.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.

Enable SHA-3 support by default

Enables all the supported SHA-3 algorithms by default.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support

core: LTC: conditionally enable SHA-3 implementation

Enables SHA-3 implementation in libtomcrypt and add OP-TEE wrappers.

Adds LTC fallback for mbedtls configurations since mbedtls doesn't
support SHA-3 yet.

Implementation of the crypto_hmac_*_alloc_ctx() functions is updated to
only add a full implementation if the corresponding hash function also
is configured.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF),

core: crypto: add API for SHA-3

Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384,
SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are
Extendable-Output Functions (XOF), but handled as hashes in the API.

Adds API for SHA-3 based HMAC functions.

For XOF algorithms crypto_hash_final() can be called multiple times and
generate an arbitrary amount of data. Note that this data will have a
common prefix if done over the same input (see A.2 in [1]).

[1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissi

GP131: add missing TEE_ALG_* and TEE_TYPE_* defines

Adds the missing TEE_ALG_* and TEE_TYPE_* defines from the
GlobalPlatform TEE Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_FreeOperation()

Update TEE_FreeOperation() according to TEE Internal Core API version
1.3.1. TEE_FreeOperation() does nothing if operation is TEE_HANDLE_NULL.

Reviewed-by: Jerome

GP131: Update TEE_FreeOperation()

Update TEE_FreeOperation() according to TEE Internal Core API version
1.3.1. TEE_FreeOperation() does nothing if operation is TEE_HANDLE_NULL.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel

Updates used values for
gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE
Internal Core API version 1.3.1.

Note

GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel

Updates used values for
gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE
Internal Core API version 1.3.1.

Note that protection level 0 is not valid any longer, so report level
100 when RPMB isn't in use. Only root can tamper with the REE FS storage
due to the REE file system permissions.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TA property gpd.client.endian

Adds the new property "gpd.client.endian" to report the endianness used
by a client.

At the moment there is no way for a client to report its endianness to

GP131: add TA property gpd.client.endian

Adds the new property "gpd.client.endian" to report the endianness used
by a client.

At the moment there is no way for a client to report its endianness to
OP-TEE so assume that all are little-endian.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TA property gpd.ta.endian

Adds the new property "gpd.ta.endian" to report the endianness used by
the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

GP131: add TA property gpd.ta.endian

Adds the new property "gpd.ta.endian" to report the endianness used by
the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add ta property gpd.tee.internalCore.version

Adds the new property "gpd.tee.internalCore.version" to report the
TEE Internal Core API Specification version number used.

Reviewed-by: Jerome F

GP131: add ta property gpd.tee.internalCore.version

Adds the new property "gpd.tee.internalCore.version" to report the
TEE Internal Core API Specification version number used.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_BigInt*() functions

Updates the following functions:
- TEE_BigIntInitFMMContext()
- TEE_BigIntFMMContextSizeInU32()
- TEE_BigIntFMMSizeInU32()
- TEE_BigIntInitFMMContext()
- TEE_Bi

GP131: Update TEE_BigInt*() functions

Updates the following functions:
- TEE_BigIntInitFMMContext()
- TEE_BigIntFMMContextSizeInU32()
- TEE_BigIntFMMSizeInU32()
- TEE_BigIntInitFMMContext()
- TEE_BigIntInitFMM()
- TEE_BigIntShiftRight()
according to TEE Internal Core API version 1.3.1. The modulusSizeInBits,
len, and bufferLen parameters are changed to use size_t instead of
uint32_t.

TEE_BigIntInitFMMContext1() is added.

TEE_BigIntInit() checks that supplied length isn't larger than
"gpd.tee.arith.maxBigIntSize", based on CFG_TA_BIGNUM_MAX_BITS.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_GenerateRandom()

Update TEE_GenerateRandom() according to TEE Internal Core API version
1.3.1. The randomBufferLen parameter is changed to use size_t instead of
uint32_t.

Reviewed

GP131: Update TEE_GenerateRandom()

Update TEE_GenerateRandom() according to TEE Internal Core API version
1.3.1. The randomBufferLen parameter is changed to use size_t instead of
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()

Updates TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()
according to TEE Internal Core API version 1.3.1. The di

GP131: Update TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()

Updates TEE_AsymmetricSignDigest() and TEE_AsymmetricVerifyDigest()
according to TEE Internal Core API version 1.3.1. The digestLen and
signatureLen parameters are changed to use size_t instead of uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen

GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt()

Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to
TEE Internal Core API version 1.3.1. The srcLen and dstLen parameters
are changed to use size_t instead of uint32_t

Adds the optional attribute TEE_ATTR_RSA_OAEP_MGF_HASH which if provided
specifies the MGF1 hash function to use. Prior to GP v1.3.1 it was
implementation defined. OP-TEE only supports using the same MGF1 hash
function as the internal hash function of the algorithim, that is, for
the algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x that hash function
TEE_ALG_x is used.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_AE* functions

Updates the following functions:
- TEE_AEInit()
- TEE_AEUpdateAAD()
- TEE_AEUpdate()
- TEE_AEEncryptFinal()
- TEE_AEDecryptFinal()
according to TEE Internal Core API

GP131: Update TEE_AE* functions

Updates the following functions:
- TEE_AEInit()
- TEE_AEUpdateAAD()
- TEE_AEUpdate()
- TEE_AEEncryptFinal()
- TEE_AEDecryptFinal()
according to TEE Internal Core API version 1.3.1. The nonceLen, AADLen,
payloadLen, AADdataLen, srcLen, destLen and tagLen parameters are
changed to use size_t instead of uint32_t.

Note that the tagLen parameter of TEE_AEInit() is still of the type
uint32_t.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...