Replace crypto ops #1931
Replace crypto ops #1931
Conversation
|
TL;DR: agreed with everything,
Indeed, replacing I also agree with renaming |
|
Sounds good. :-)
|
jenswi-linaro
force-pushed
the
rem_crypto_ops
branch
from
8a45563
to
070c65f
Compare
|
Tag applied |
|
So, besides the code we have some more places that needs to be fixed due to this
|
|
@jbech-linaro correct for the first two, but the last one (the faq) is OK I think. |
There was a problem hiding this comment.
looks good to me. few minor comments.
Acked-by Etienne Carriere <[email protected]>
core/crypto/crypto.c
Outdated
| TEE_Result crypto_hash_get_ctx_size(uint32_t algo __unused, | ||
| size_t *size __unused) | ||
| { | ||
| return TEE_ERROR_NOT_SUPPORTED; |
There was a problem hiding this comment.
TEE_ERROR_NOT_IMPLEMENTED instead, for consistency ?
Only hash function use here TEE_ERROR_NOT_SUPPORTED. Others uses TEE_ERROR_NOT_IMPLEMENTED.
There was a problem hiding this comment.
Thanks, I'll replace all those.
core/include/tee/tee_cryp_provider.h
Outdated
| /* | ||
| * Key allocation functions | ||
| * Allocate the bignum's inside a key structure. | ||
| * TEE core will later use bignum.free(). |
There was a problem hiding this comment.
minor: s/bignum.free/crypto_bignum_free/
core/tee/tee_rpmb_fs.c
Outdated
| TEE_ALG_HMAC_SHA256, | ||
| &rpmb_ctx->hash_ctx_size))) { | ||
| (crypto_mac_get_ctx_size(TEE_ALG_HMAC_SHA256, | ||
| &rpmb_ctx->hash_ctx_size))) { |
There was a problem hiding this comment.
minor: can remove the parentheses around crypto_mac_get_ctx_size().
You're probably right, but is it really an abstraction layer anymore? Maybe? |
|
Yes, it's still an abstraction layer. |
core/include/tee/tee_cryp_provider.h
Outdated
| TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, | ||
| struct ecc_public_key *public_key, | ||
| void *secret, | ||
| unsigned long *secret_len); | ||
|
|
||
| /* | ||
| * Verifies a SHA-256 hash, doesn't require tee_cryp_init() to be called in |
There was a problem hiding this comment.
s/tee_cryp_init()/crypto_init()/
core/crypto/crypto.c
Outdated
| #include <kernel/panic.h> | ||
| #include <tee/tee_cryp_provider.h> | ||
|
|
||
| #if !defined(_CFG_CRYPTO_WITH_HASH) |
There was a problem hiding this comment.
How about making the symbols __weak instead? It looks like we could get rid of all the #ifdef-ery in this file.
There was a problem hiding this comment.
I was thinking the same first, but the problem is that some functions are supposed to be provided in groups and that's not possible with weak functions.
|
Addressed comments, moved |
|
Section "How to add a new crypto implementation" in
|
core/include/crypto/crypto.h
Outdated
| * @algo: algorithm identifier (TEE_ALG_*) | ||
| */ | ||
|
|
||
|
|
There was a problem hiding this comment.
minor: remove 1 empty line
core/arch/arm/kernel/user_ta.c
Outdated
| @@ -28,6 +28,7 @@ | |||
|
|
|||
| #include <assert.h> | |||
| #include <compiler.h> | |||
| #include <crypto/crypto.h> | |||
There was a problem hiding this comment.
minor: seems useless here.
core/arch/arm/tee/init.c
Outdated
| @@ -25,6 +25,7 @@ | |||
| * POSSIBILITY OF SUCH DAMAGE. | |||
| */ | |||
|
|
|||
| #include <crypto/crypto.h> | |||
There was a problem hiding this comment.
minor: seems useless here.
core/tee/tee_ree_fs.c
Outdated
| @@ -26,6 +26,7 @@ | |||
| */ | |||
|
|
|||
| #include <assert.h> | |||
| #include <crypto/crypto.h> | |||
There was a problem hiding this comment.
minor: seems useless here.
documentation/crypto.md
Outdated
| * Implementation of crypto_authenc_*() due to divided implementation, | ||
| * AES-GCM is normally using an OP-TEE internal implementation while | ||
| * AES-CCM is using the LibTomCrypt implementation. | ||
| */ |
documentation/crypto.md
Outdated
| TEE_Result crypto_hash_get_ctx_size(uint32_t algo __unused, | ||
| size_t *size __unused) | ||
| { | ||
| return TEE_ERROR_NOT_SUPPORTED; |
There was a problem hiding this comment.
s/TEE_ERROR_NOT_SUPPORTED/TEE_ERROR_NOT_IMPLEMENTED/
|
Update |
documentation/crypto.md
Outdated
| the top level of your new directory. | ||
| - Although not all pointers in **crypto_ops** need to be defined, all are | ||
| required for compliance to the GlobalPlatform specification. | ||
| - Although not crypto families need to be defines, all are required for |
There was a problem hiding this comment.
"... not all crypto families ..." ?
core/crypto/crypto.c
Outdated
| #if defined(CFG_CRYPTO_GCM) | ||
| case TEE_ALG_AES_GCM: | ||
| if (*dst_len < src_len) | ||
| return TEE_ERROR_SHORT_BUFFER; |
There was a problem hiding this comment.
should set *dst_len = src_len; before returning TEE_ERROR_SHORT_BUFFER.
here and below, and in few below functions.
|
Update |
|
|
There was a problem hiding this comment.
trailing minor comments.
Reviewed-by: Etienne Carriere <[email protected]>
core/include/crypto/crypto.h
Outdated
| /* Add entropy to PRNG entropy pool. */ | ||
| TEE_Result crypto_rng_add_entropy(const uint8_t *inbuf, size_t len); | ||
|
|
||
| /* To read random data from PRNG implementation. */ |
There was a problem hiding this comment.
minor: trailing spaces inside comment.
| #include <tee/tee_cryp_provider.h> | ||
| #include <crypto/crypto.h> | ||
| #include <crypto/aes-gcm.h> | ||
| #include <crypto/aes-ccm.h> |
| TEE_Result res = TEE_ERROR_BAD_STATE; | ||
| struct tee_ccm_state *ccm = ctx; | ||
| int ltc_res; | ||
| uint8_t dst_tag[TEE_xCM_TAG_MAX_LENGTH]; |
There was a problem hiding this comment.
minor: s/TEE_xCM_TAG_MAX_LENGTH/TEE_CCM_TAG_MAX_LENGTH/ here and line 2665.
(definition of TEE_xCM_TAG_MAX_LENGTH could be removed.
| #if defined(CFG_CRYPTO_GCM) | ||
| struct tee_gcm_state *gcm; | ||
| #endif | ||
| struct tee_gcm_state *gcm = ctx; | ||
| int ltc_res; | ||
| uint8_t dst_tag[TEE_xCM_TAG_MAX_LENGTH]; |
There was a problem hiding this comment.
minor: s/TEE_xCM_TAG_MAX_LENGTH/TEE_GCM_TAG_MAX_LENGTH/ here and line 2823.
|
Addressed comments |
|
fine for me |
Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds crypto_hash_get_ctx_size(), crypto_hash_init(), crypto_hash_update() and crypto_hash_final() replacing struct hash_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(), crypto_cipher_update(), crypto_cipher_final() and crypto_cipher_get_block_size() replacing struct cipher_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update() and mac_cipher_final() replacing struct mac_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds crypto_authenc_*() replacing struct authenc_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds crypto_bignum_*() replacing struct bignum_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds crypto_acipher_*() replacing struct acipher_ops in crypto_ops. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Removes struct crypto_ops and adds crypto_init() Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Renames core/include/tee/tee_cryp_provider.h to core/include/crypto/crypto.h Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
* Moves crypto_authenc_*() from LTC to core/crypto/crypto.c * Defines <crypto/aes-gcm.h> and <crypto/aes-ccm.h> and implements the functions in core/lib/libtomcrypt/src/tee_ltc_provider.c based on the old implementations of crypto_authenc_*(). Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Update documentation of the Crypto API with the new <crypto/crypto.h> replacing the old crypto_ops based API. Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Fixes the build error: kern.ld:153: undefined symbol `__asan_shadow_start' referenced in expression Tested-by: Jerome Forissier <[email protected]> (HiKey960, GP) Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
jenswi-linaro
force-pushed
the
rem_crypto_ops
branch
from
cabda6d
to
04c628d
Compare
|
Squashed, rebased and tags applied. |
This takes care of replacing the
crypto_opsstruct as requested in #1908But this doesn't solve the problem of supplying AES-GCM from an OP-TEE internal implementation and AES-CCM from LTC. How can that be done?
core/tee/tee_svc_cryp.cexpectscrypto_authenc_*()functions so those need to be provided somewhere, but not in LTC ascrypto_authenc_*()implementation will use OP-TEE internal AES-GCM implementation further on.One way forward could be:
crypto_aes_gcm_*()andcrypto_aes_ccm_*()incore/include/crypto/aes-{g,c}cm.hcrypto_authenc_*()implementation tocore/crypto/crypto.c, implemented by using the new functions above.I suppose the best would be to solve the
crypto_authenc_*()problem in this pull request to avoid messing with crypto interface little by little (or more truthfully much by much).Another thing is the
core/include/tee/tee_cryp_provider.hfile, it should probably be renamed tocore/include/crypto/api.hor something similar.Should I move forward as proposed above? Comments/thoughts?