crypto_authenc_update_aad on decrypt path in hash tree

[Amit-Radur]

I have few queries regarding crypto function used under hash tree.

1. Do we really need to call crypto_authenc_update_aad when TEE_OperationMode is decrypt, shouldn't the Additional
   authenticated data is updated only when TEE_OperationMode is encrypt ?

   https://github.com/OP-TEE/optee_os/blob/master/core/tee/fs_htree.c#L476C9-L476C34

2. Is this a BUG, using TEE_FS_HTREE_FEK_SIZE instead of TEE_FS_HTREE_HASH_SIZE ?

``

        if (!ni) {
               res = crypto_authenc_update_aad(ctx, mode, ht->root.node.hash,
 -                                               TEE_FS_HTREE_FEK_SIZE);
 +                                               TEE_FS_HTREE_HASH_SIZE);

3. How do one fully reset secure storage, do we need to create the /data/tee directory every time we wanted to reset
   the secure storage ?

[jenswi-linaro]

1. Yes, it's needed to calculate the tag correctly.
2. Yes, fixing it will unfortunately break already existing secure storage objects. This means that we're currently using truncated SHA-256 hashes. I would very much like to fix this, but we should do it in a compatible way.
3. That depends on what you use for rollback protection. If you have none, it's enough to remove the content of /data/tee.

[jenswi-linaro]

https://optee.readthedocs.io/en/latest/debug/abort_dumps.html

[Amit-Radur]

@jenswi-linaro , run the "optee_example_secure_storage" after deleting the content of /data/tee (and encrypt/decrypt is offloaded to my platform specific authenc/cipher block) but I see plain data here is printed as 0.

https://github.com/OP-TEE/optee_os/blob/master/core/tee/fs_htree.c#L528

May I know the reason why imeta data (&ht->imeta) is not populated here properly, and all I see is 0's ?

[jenswi-linaro]

I'm sorry, I can't help debugging your code.

[Amit-Radur]

Sure, No issues. I am closing it as your answers helped me with few things.