AES ciphering APIs (setup operation, load key/iv, process ciphering)

This change provides an example of a AES ciphering operation from a
trusted application (TA) using the GPD TEE Core Internal API.

AES TA implements the basics for setting a AES/CTR ciphering session
using the TEE Core Internal API:
- Opening a session toward the AES TA creates AES ciphering session.
- A TA command allows to setup and allocate the ciphering resources.
- A TA command allows to load the AES key.
- A TA command allows to reset the initial vector.
- A TA command allows to cipher an input buffer into an output buffer.

The sample application creates an AES128-CTR encryption session,
provides the AES key and and initial vector then request encryption of
a data buffer. Then it sets up a decryption session, provide the same
key and initial vector and request decryption of the encrypted content.
Finally it checks clear and decoded data are the same.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
diff --git a/.gitignore b/.gitignore
index 560f78b..0a65cf5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@
 out/
 hello_world/host/optee_example_hello_world
 random/host/optee_example_random
+aes/host/optee_example_aes
diff --git a/Makefile b/Makefile
index 9fb6b46..31019fa 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@
 
 EXAMPLE_LIST := hello_world
 EXAMPLE_LIST += random
+EXAMPLE_LIST += aes
 
 .PHONY: all
 all: examples prepare-for-rootfs
diff --git a/README.md b/README.md
index 7d83de1..b400f1b 100644
--- a/README.md
+++ b/README.md
@@ -24,3 +24,10 @@
 * Generates a random UUID using capabilities of TEE API (`TEE_GenerateRandom()`).
 * Test application: `optee_example_random`
 * Trusted application UUID: b6c53aba-9669-4668-a7f2-205629d00f86
+
+Directory **aes/**:
+* Runs an AES encryption and decryption from a TA using the GPD TEE Internal
+Core API. Non secure test application provides the key, initial vector and
+ciphered data.
+* Test application: `optee_example_aes`
+* Trusted application UUID: 5dbac793-f574-4871-8ad3-04331ec17f24
diff --git a/aes/Android.mk b/aes/Android.mk
new file mode 100644
index 0000000..ba513ca
--- /dev/null
+++ b/aes/Android.mk
@@ -0,0 +1,19 @@
+LOCAL_PATH := $(call my-dir)
+
+OPTEE_CLIENT_EXPORT ?= $(LOCAL_PATH)/../../optee_client/out/export
+
+include $(CLEAR_VARS)
+LOCAL_CFLAGS += -DANDROID_BUILD
+LOCAL_CFLAGS += -Wall
+
+LOCAL_SRC_FILES += host/main.c
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/ta/include \
+		    $(OPTEE_CLIENT_EXPORT)/include
+
+LOCAL_SHARED_LIBRARIES := libteec
+LOCAL_MODULE := optee_example_aes
+LOCAL_MODULE_TAGS := optional
+include $(BUILD_EXECUTABLE)
+
+include $(LOCAL_PATH)/ta/Android.mk
diff --git a/aes/Makefile b/aes/Makefile
new file mode 100644
index 0000000..3b9a8dc
--- /dev/null
+++ b/aes/Makefile
@@ -0,0 +1,15 @@
+export V ?= 0
+
+# If _HOST or _TA specific compilers are not specified, then use CROSS_COMPILE
+HOST_CROSS_COMPILE ?= $(CROSS_COMPILE)
+TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
+
+.PHONY: all
+all:
+	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
+	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)"
+
+.PHONY: clean
+clean:
+	$(MAKE) -C host clean
+	$(MAKE) -C ta clean
diff --git a/aes/host/Makefile b/aes/host/Makefile
new file mode 100644
index 0000000..4b444d8
--- /dev/null
+++ b/aes/host/Makefile
@@ -0,0 +1,25 @@
+CC      = $(CROSS_COMPILE)gcc
+LD      = $(CROSS_COMPILE)ld
+AR      = $(CROSS_COMPILE)ar
+NM      = $(CROSS_COMPILE)nm
+OBJCOPY = $(CROSS_COMPILE)objcopy
+OBJDUMP = $(CROSS_COMPILE)objdump
+READELF = $(CROSS_COMPILE)readelf
+
+OBJS = main.o
+
+CFLAGS += -Wall -I../ta/include -I./include
+CFLAGS += -I$(TEEC_EXPORT)/include
+LDADD += -lteec -L$(TEEC_EXPORT)/lib
+
+BINARY = optee_example_aes
+
+.PHONY: all
+all: $(BINARY)
+
+$(BINARY): $(OBJS)
+	$(CC) -o $@ $< $(LDADD)
+
+.PHONY: clean
+clean:
+	rm -f $(OBJS) $(BINARY)
diff --git a/aes/host/main.c b/aes/host/main.c
new file mode 100644
index 0000000..7c9d79e
--- /dev/null
+++ b/aes/host/main.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <err.h>
+#include <stdio.h>
+#include <string.h>
+
+/* OP-TEE TEE client API (built by optee_client) */
+#include <tee_client_api.h>
+
+/* To the the UUID (found the the TA's h-file(s)) */
+#include <aes_ta.h>
+
+#define AES_TEST_BUFFER_SIZE	4096
+#define AES_TEST_KEY_SIZE	16
+
+#define DECODE			0
+#define ENCODE			1
+
+/* TEE resources */
+struct test_ctx {
+	TEEC_Context ctx;
+	TEEC_Session sess;
+};
+
+void prepare_tee_session(struct test_ctx *ctx)
+{
+	TEEC_UUID uuid = TA_AES_UUID;
+	uint32_t origin;
+	TEEC_Result res;
+
+	/* Initialize a context connecting us to the TEE */
+	res = TEEC_InitializeContext(NULL, &ctx->ctx);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InitializeContext failed with code 0x%x", res);
+
+	/* Open a session with the TA */
+	res = TEEC_OpenSession(&ctx->ctx, &ctx->sess, &uuid,
+			       TEEC_LOGIN_PUBLIC, NULL, NULL, &origin);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_Opensession failed with code 0x%x origin 0x%x",
+			res, origin);
+}
+
+void terminate_tee_session(struct test_ctx *ctx)
+{
+	TEEC_CloseSession(&ctx->sess);
+	TEEC_FinalizeContext(&ctx->ctx);
+}
+
+void prepare_aes(struct test_ctx *ctx, int encode)
+{
+	TEEC_Operation op;
+	uint32_t origin;
+	TEEC_Result res;
+
+	memset(&op, 0, sizeof(op));
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
+					 TEEC_VALUE_INPUT,
+					 TEEC_VALUE_INPUT,
+					 TEEC_NONE);
+
+	op.params[0].value.a = TA_AES_ALGO_CTR;
+	op.params[1].value.a = TA_AES_SIZE_128BIT;
+	op.params[2].value.a = encode ? TA_AES_MODE_ENCODE :
+					TA_AES_MODE_DECODE;
+
+	res = TEEC_InvokeCommand(&ctx->sess, TA_AES_CMD_PREPARE,
+				 &op, &origin);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InvokeCommand(PREPARE) failed 0x%x origin 0x%x",
+			res, origin);
+}
+
+void set_key(struct test_ctx *ctx, char *key, size_t key_sz)
+{
+	TEEC_Operation op;
+	uint32_t origin;
+	TEEC_Result res;
+
+	memset(&op, 0, sizeof(op));
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+					 TEEC_NONE, TEEC_NONE, TEEC_NONE);
+
+	op.params[0].tmpref.buffer = key;
+	op.params[0].tmpref.size = key_sz;
+
+	res = TEEC_InvokeCommand(&ctx->sess, TA_AES_CMD_SET_KEY,
+				 &op, &origin);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InvokeCommand(SET_KEY) failed 0x%x origin 0x%x",
+			res, origin);
+}
+
+void set_iv(struct test_ctx *ctx, char *iv, size_t iv_sz)
+{
+	TEEC_Operation op;
+	uint32_t origin;
+	TEEC_Result res;
+
+	memset(&op, 0, sizeof(op));
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+					  TEEC_NONE, TEEC_NONE, TEEC_NONE);
+	op.params[0].tmpref.buffer = iv;
+	op.params[0].tmpref.size = iv_sz;
+
+	res = TEEC_InvokeCommand(&ctx->sess, TA_AES_CMD_SET_IV,
+				 &op, &origin);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InvokeCommand(SET_IV) failed 0x%x origin 0x%x",
+			res, origin);
+}
+
+void cipher_buffer(struct test_ctx *ctx, char *in, char *out, size_t sz)
+{
+	TEEC_Operation op;
+	uint32_t origin;
+	TEEC_Result res;
+
+	memset(&op, 0, sizeof(op));
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+					 TEEC_MEMREF_TEMP_OUTPUT,
+					 TEEC_NONE, TEEC_NONE);
+	op.params[0].tmpref.buffer = in;
+	op.params[0].tmpref.size = sz;
+	op.params[1].tmpref.buffer = out;
+	op.params[1].tmpref.size = sz;
+
+	res = TEEC_InvokeCommand(&ctx->sess, TA_AES_CMD_CIPHER,
+				 &op, &origin);
+	if (res != TEEC_SUCCESS)
+		errx(1, "TEEC_InvokeCommand(CIPHER) failed 0x%x origin 0x%x",
+			res, origin);
+}
+
+int main(int argc, char *argv[])
+{
+	struct test_ctx ctx;
+	char key[AES_TEST_KEY_SIZE];
+	char iv[AES_TEST_KEY_SIZE];
+	char clear[AES_TEST_BUFFER_SIZE];
+	char ciph[AES_TEST_BUFFER_SIZE];
+	char temp[AES_TEST_BUFFER_SIZE];
+
+	printf("Prepare session with the TA\n");
+	prepare_tee_session(&ctx);
+
+	printf("Prepare encode operation\n");
+	prepare_aes(&ctx, ENCODE);
+
+	printf("Load key in TA\n");
+	memset(key, 0xa5, sizeof(key)); /* Load some dummy value */
+	set_key(&ctx, key, AES_TEST_KEY_SIZE);
+
+	printf("Reset ciphering operation in TA (provides the initial vector)\n");
+	memset(iv, 0, sizeof(iv)); /* Load some dummy value */
+	set_iv(&ctx, iv, AES_TEST_KEY_SIZE);
+
+	printf("Encore buffer from TA\n");
+	memset(clear, 0x5a, sizeof(clear)); /* Load some dummy value */
+	cipher_buffer(&ctx, clear, ciph, AES_TEST_BUFFER_SIZE);
+
+	printf("Prepare decode operation\n");
+	prepare_aes(&ctx, DECODE);
+
+	printf("Load key in TA\n");
+	memset(key, 0xa5, sizeof(key)); /* Load some dummy value */
+	set_key(&ctx, key, AES_TEST_KEY_SIZE);
+
+	printf("Reset ciphering operation in TA (provides the initial vector)\n");
+	memset(iv, 0, sizeof(iv)); /* Load some dummy value */
+	set_iv(&ctx, iv, AES_TEST_KEY_SIZE);
+
+	printf("Decode buffer from TA\n");
+	memset(clear, 0x5a, sizeof(clear)); /* Load some dummy value */
+	cipher_buffer(&ctx, ciph, temp, AES_TEST_BUFFER_SIZE);
+
+	/* Check decoded is the clear content */
+	if (memcmp(clear, temp, AES_TEST_BUFFER_SIZE))
+		printf("Clear text and decoded text differ => ERROR\n");
+	else
+		printf("Clear text and decoded text match\n");
+
+	terminate_tee_session(&ctx);
+	return 0;
+}
diff --git a/aes/ta/Android.mk b/aes/ta/Android.mk
new file mode 100644
index 0000000..931f8e4
--- /dev/null
+++ b/aes/ta/Android.mk
@@ -0,0 +1,4 @@
+LOCAL_PATH := $(call my-dir)
+
+local_module := 5dbac793-f574-4871-8ad3-04331ec17f24.ta
+include $(BUILD_OPTEE_MK)
diff --git a/aes/ta/Makefile b/aes/ta/Makefile
new file mode 100644
index 0000000..406b4f8
--- /dev/null
+++ b/aes/ta/Makefile
@@ -0,0 +1,13 @@
+CFG_TEE_TA_LOG_LEVEL ?= 4
+CPPFLAGS += -DCFG_TEE_TA_LOG_LEVEL=$(CFG_TEE_TA_LOG_LEVEL)
+
+# The UUID for the Trusted Application
+BINARY=5dbac793-f574-4871-8ad3-04331ec17f24
+
+-include $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk
+
+ifeq ($(wildcard $(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk), )
+clean:
+	@echo 'Note: $$(TA_DEV_KIT_DIR)/mk/ta_dev_kit.mk not found, cannot clean TA'
+	@echo 'Note: TA_DEV_KIT_DIR=$(TA_DEV_KIT_DIR)'
+endif
diff --git a/aes/ta/aes_ta.c b/aes/ta/aes_ta.c
new file mode 100644
index 0000000..0c6077b
--- /dev/null
+++ b/aes/ta/aes_ta.c
@@ -0,0 +1,432 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tee_internal_api.h>
+#include <tee_internal_api_extensions.h>
+
+#include <aes_ta.h>
+
+#define AES128_KEY_BIT_SIZE		128
+#define AES128_KEY_BYTE_SIZE		(AES128_KEY_BIT_SIZE / 8)
+#define AES256_KEY_BIT_SIZE		256
+#define AES256_KEY_BYTE_SIZE		(AES256_KEY_BIT_SIZE / 8)
+
+/*
+ * Ciphering context: each opened session relates to a cipehring operation.
+ * - configure the AES flavour from a command.
+ * - load key from a command (here the key is provided by the REE)
+ * - reset init vector (here IV is provided by the REE)
+ * - cipher a buffer frame (here input and output buffers are non-secure)
+ */
+struct aes_cipher {
+	uint32_t algo;			/* AES flavour */
+	uint32_t mode;			/* Encode or decode */
+	size_t key_size;		/* AES key size in byte */
+	TEE_OperationHandle op_handle;	/* AES ciphering operation */
+	TEE_ObjectHandle key_handle;	/* transient object to load the key */
+};
+
+/*
+ * Few routines to convert IDs from TA API into IDs from OP-TEE.
+ */
+static TEE_Result ta2tee_algo_id(uint32_t param, uint32_t *algo)
+{
+	switch (param) {
+	case TA_AES_ALGO_ECB:
+		*algo = TEE_ALG_AES_ECB_NOPAD;
+		return TEE_SUCCESS;
+	case TA_AES_ALGO_CBC:
+		*algo = TEE_ALG_AES_CBC_NOPAD;
+		return TEE_SUCCESS;
+	case TA_AES_ALGO_CTR:
+		*algo = TEE_ALG_AES_CTR;
+		return TEE_SUCCESS;
+	default:
+		EMSG("Invalid algo %u", param);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+}
+static TEE_Result ta2tee_key_size(uint32_t param, uint32_t *key_size)
+{
+	switch (param) {
+	case AES128_KEY_BYTE_SIZE:
+	case AES256_KEY_BYTE_SIZE:
+		*key_size = param;
+		return TEE_SUCCESS;
+	default:
+		EMSG("Invalid key size %u", param);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+}
+static TEE_Result ta2tee_mode_id(uint32_t param, uint32_t *mode)
+{
+	switch (param) {
+	case TA_AES_MODE_ENCODE:
+		*mode = TEE_MODE_ENCRYPT;
+		return TEE_SUCCESS;
+	case TA_AES_MODE_DECODE:
+		*mode = TEE_MODE_DECRYPT;
+		return TEE_SUCCESS;
+	default:
+		EMSG("Invalid mode %u", param);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+}
+
+/*
+ * Process command TA_AES_CMD_PREPARE. API in aes_ta.h
+ *
+ * Allocate resources required for the ciphering operation.
+ * During ciphering operation, when expect client can:
+ * - update the key materials (provided by client)
+ * - reset the initial vector (provided by client)
+ * - cipher an input buffer into an output buffer (provided by client)
+ */
+static TEE_Result alloc_resources(void *session, uint32_t param_types,
+				  TEE_Param params[4])
+{
+	const uint32_t exp_param_types =
+		TEE_PARAM_TYPES(TEE_PARAM_TYPE_VALUE_INPUT,
+				TEE_PARAM_TYPE_VALUE_INPUT,
+				TEE_PARAM_TYPE_VALUE_INPUT,
+				TEE_PARAM_TYPE_NONE);
+	struct aes_cipher *sess;
+	TEE_Attribute attr;
+	TEE_Result res;
+	char *key;
+
+	/* Get ciphering context from session ID */
+	DMSG("Session %p: get ciphering resources", session);
+	sess = (struct aes_cipher *)session;
+
+	/* Safely get the invocation parameters */
+	if (param_types != exp_param_types)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	res = ta2tee_algo_id(params[0].value.a, &sess->algo);
+	if (res != TEE_SUCCESS)
+		return res;
+
+	res = ta2tee_key_size(params[1].value.a, &sess->key_size);
+	if (res != TEE_SUCCESS)
+		return res;
+
+	res = ta2tee_mode_id(params[2].value.a, &sess->mode);
+	if (res != TEE_SUCCESS)
+		return res;
+
+	/*
+	 * Ready to allocate the resources which are:
+	 * - an operation handle, for an AES ciphering of given configuration
+	 * - a transient object that will be use to load the key materials
+	 *   into the AES ciphering operation.
+	 */
+
+	/* Free potential previous operation */
+	if (sess->op_handle != TEE_HANDLE_NULL)
+		TEE_FreeOperation(sess->op_handle);
+
+	/* Allocate operation: AES/CTR, mode and size from params */
+	res = TEE_AllocateOperation(&sess->op_handle,
+				    sess->algo,
+				    sess->mode,
+				    sess->key_size * 8);
+	if (res != TEE_SUCCESS) {
+		EMSG("Failed to allocate operation");
+		sess->op_handle = TEE_HANDLE_NULL;
+		goto err;
+	}
+
+	/* Free potential previous transient object */
+	if (sess->key_handle != TEE_HANDLE_NULL)
+		TEE_FreeTransientObject(sess->key_handle);
+
+	/* Allocate transient object according to target key size */
+	res = TEE_AllocateTransientObject(TEE_TYPE_AES,
+					  sess->key_size * 8,
+					  &sess->key_handle);
+	if (res != TEE_SUCCESS) {
+		EMSG("Failed to allocate transient object");
+		sess->key_handle = TEE_HANDLE_NULL;
+		goto err;
+	}
+
+	/*
+	 * When loading a key in the cipher session, set_aes_key()
+	 * will reset the operation and load a key. But we cannot
+	 * reset and operation that has no key yet (GPD TEE Internal
+	 * Core API Specification – Public Release v1.1.1, section
+	 * 6.2.5 TEE_ResetOperation). In consequence, we will load a
+	 * dummy key in the operation so that operation can be reset
+	 * when updating the key.
+	 */
+	key = TEE_Malloc(sess->key_size, 0);
+	if (!key) {
+		res = TEE_ERROR_OUT_OF_MEMORY;
+		goto err;
+	}
+
+	TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, sess->key_size);
+
+	res = TEE_PopulateTransientObject(sess->key_handle, &attr, 1);
+	if (res != TEE_SUCCESS) {
+		EMSG("TEE_PopulateTransientObject failed, %x", res);
+		goto err;
+	}
+
+	res = TEE_SetOperationKey(sess->op_handle, sess->key_handle);
+	if (res != TEE_SUCCESS) {
+		EMSG("TEE_SetOperationKey failed %x", res);
+		goto err;
+	}
+
+	return res;
+
+err:
+	if (sess->op_handle != TEE_HANDLE_NULL)
+		TEE_FreeOperation(sess->op_handle);
+	sess->op_handle = TEE_HANDLE_NULL;
+
+	if (sess->key_handle != TEE_HANDLE_NULL)
+		TEE_FreeTransientObject(sess->key_handle);
+	sess->key_handle = TEE_HANDLE_NULL;
+
+	return res;
+}
+
+/*
+ * Process command TA_AES_CMD_SET_KEY. API in aes_ta.h
+ */
+static TEE_Result set_aes_key(void *session, uint32_t param_types,
+				TEE_Param params[4])
+{
+	const uint32_t exp_param_types =
+		TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
+				TEE_PARAM_TYPE_NONE,
+				TEE_PARAM_TYPE_NONE,
+				TEE_PARAM_TYPE_NONE);
+	struct aes_cipher *sess;
+	TEE_Attribute attr;
+	TEE_Result res;
+	size_t key_sz;
+	char *key;
+
+	/* Get ciphering context from session ID */
+	DMSG("Session %p: load key material", session);
+	sess = (struct aes_cipher *)session;
+
+	/* Safely get the invocation parameters */
+	if (param_types != exp_param_types)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	key = params[0].memref.buffer;
+	key_sz = params[0].memref.size;
+
+	if (key_sz != sess->key_size) {
+		EMSG("Worng key size %d, expect %d bytes",
+				key_sz, sess->key_size);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+
+	/*
+	 * Load the key material into the configured operation
+	 * - create a secret key attribute with the key material
+	 *   TEE_InitRefAttribute()
+	 * - reset transient object and load attribute data
+	 *   TEE_ResetTransientObject()
+	 *   TEE_PopulateTransientObject()
+	 * - load the key (transient object) into the cihering operation
+	 *   TEE_SetOperationKey()
+	 *
+	 * TEE_SetOperationKey() requires operation to be in "initial state".
+	 * We can use TEE_ResetOperation() to reset the operation but this
+	 * api cannot be used on operation with key(s) not yet set. Hence,
+	 * when allocating the operation handle, we prevovision a dummy key.
+	 * Thus, set_key sequence always reset then set key on operation.
+	 */
+
+	TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_sz);
+
+	TEE_ResetTransientObject(sess->key_handle);
+	res = TEE_PopulateTransientObject(sess->key_handle, &attr, 1);
+	if (res != TEE_SUCCESS) {
+		EMSG("TEE_PopulateTransientObject failed, %x", res);
+		return res;
+	}
+
+	TEE_ResetOperation(sess->op_handle);
+	res = TEE_SetOperationKey(sess->op_handle, sess->key_handle);
+	if (res != TEE_SUCCESS) {
+		EMSG("TEE_SetOperationKey failed %x", res);
+		return res;
+	}
+
+	return res;
+}
+
+/*
+ * Process command TA_AES_CMD_SET_IV. API in aes_ta.h
+ */
+static TEE_Result reset_aes_iv(void *session, uint32_t param_types,
+				TEE_Param params[4])
+{
+	const uint32_t exp_param_types =
+		TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
+				TEE_PARAM_TYPE_NONE,
+				TEE_PARAM_TYPE_NONE,
+				TEE_PARAM_TYPE_NONE);
+	struct aes_cipher *sess;
+	size_t iv_sz;
+	char *iv;
+
+	/* Get ciphering context from session ID */
+	DMSG("Session %p: reset initial vector", session);
+	sess = (struct aes_cipher *)session;
+
+	/* Safely get the invocation parameters */
+	if (param_types != exp_param_types)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	iv = params[0].memref.buffer;
+	iv_sz = params[0].memref.size;
+
+	/*
+	 * Init cipher operation with the initialization vector.
+	 */
+	TEE_CipherInit(sess->op_handle, iv, iv_sz);
+
+	return TEE_SUCCESS;
+}
+
+/*
+ * Process command TA_AES_CMD_CIPHER. API in aes_ta.h
+ */
+static TEE_Result cipher_buffer(void *session, uint32_t param_types,
+				TEE_Param params[4])
+{
+	const uint32_t exp_param_types =
+		TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
+				TEE_PARAM_TYPE_MEMREF_OUTPUT,
+				TEE_PARAM_TYPE_NONE,
+				TEE_PARAM_TYPE_NONE);
+	struct aes_cipher *sess;
+
+	/* Get ciphering context from session ID */
+	DMSG("Session %p: cipher buffer", session);
+	sess = (struct aes_cipher *)session;
+
+	/* Safely get the invocation parameters */
+	if (param_types != exp_param_types)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	if (params[1].memref.size < params[0].memref.size) {
+		EMSG("Bad sizes: in %d, out %d", params[0].memref.size,
+						 params[1].memref.size);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+
+	if (sess->op_handle == TEE_HANDLE_NULL)
+		return TEE_ERROR_BAD_STATE;
+
+	/*
+	 * Process ciphering operation on provided buffers
+	 */
+	return TEE_CipherUpdate(sess->op_handle,
+				params[0].memref.buffer, params[0].memref.size,
+				params[1].memref.buffer, &params[1].memref.size);
+}
+
+TEE_Result TA_CreateEntryPoint(void)
+{
+	/* Nothing to do */
+	return TEE_SUCCESS;
+}
+
+void TA_DestroyEntryPoint(void)
+{
+	/* Nothing to do */
+}
+
+TEE_Result TA_OpenSessionEntryPoint(uint32_t __unused param_types,
+					TEE_Param __unused params[4],
+					void __unused **session)
+{
+	struct aes_cipher *sess;
+
+	/*
+	 * Allocate and init ciphering materials for the session.
+	 * The address of the structure is used as session ID for
+	 * the client.
+	 */
+	sess = TEE_Malloc(sizeof(*sess), 0);
+	if (!sess)
+		return TEE_ERROR_OUT_OF_MEMORY;
+
+	sess->key_handle = TEE_HANDLE_NULL;
+	sess->op_handle = TEE_HANDLE_NULL;
+
+	*session = (void *)sess;
+	DMSG("Session %p: newly allocated", *session);
+
+	return TEE_SUCCESS;
+}
+
+void TA_CloseSessionEntryPoint(void *session)
+{
+	struct aes_cipher *sess;
+
+	/* Get ciphering context from session ID */
+	DMSG("Session %p: release session", session);
+	sess = (struct aes_cipher *)session;
+
+	/* Release the session resources */
+	if (sess->key_handle != TEE_HANDLE_NULL)
+		TEE_FreeTransientObject(sess->key_handle);
+	if (sess->op_handle != TEE_HANDLE_NULL)
+		TEE_FreeOperation(sess->op_handle);
+	TEE_Free(sess);
+}
+
+TEE_Result TA_InvokeCommandEntryPoint(void *session,
+					uint32_t cmd,
+					uint32_t param_types,
+					TEE_Param params[4])
+{
+	switch (cmd) {
+	case TA_AES_CMD_PREPARE:
+		return alloc_resources(session, param_types, params);
+	case TA_AES_CMD_SET_KEY:
+		return set_aes_key(session, param_types, params);
+	case TA_AES_CMD_SET_IV:
+		return reset_aes_iv(session, param_types, params);
+	case TA_AES_CMD_CIPHER:
+		return cipher_buffer(session, param_types, params);
+	default:
+		EMSG("Command ID 0x%x is not supported", cmd);
+		return TEE_ERROR_NOT_SUPPORTED;
+	}
+}
diff --git a/aes/ta/include/aes_ta.h b/aes/ta/include/aes_ta.h
new file mode 100644
index 0000000..ecdddb6
--- /dev/null
+++ b/aes/ta/include/aes_ta.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __AES_TA_H__
+#define __AES_TA_H__
+
+/* UUID of the AES example trusted application */
+#define TA_AES_UUID \
+	{ 0x5dbac793, 0xf574, 0x4871, \
+		{ 0x8a, 0xd3, 0x04, 0x33, 0x1e, 0xc1, 0x7f, 0x24 } }
+
+/*
+ * TA_AES_CMD_PREPARE - Allocate resources for the AES ciphering
+ * param[0] (value) a: TA_AES_ALGO_xxx, b: unused
+ * param[1] (value) a: key size in bytes, b: unused
+ * param[2] (value) a: TA_AES_MODE_ENCODE/_DECODE, b: unused
+ * param[3] unused
+ */
+#define TA_AES_CMD_PREPARE		0
+
+#define TA_AES_ALGO_ECB			0
+#define TA_AES_ALGO_CBC			1
+#define TA_AES_ALGO_CTR			2
+
+#define TA_AES_SIZE_128BIT		(128 / 8)
+#define TA_AES_SIZE_256BIT		(256 / 8)
+
+#define TA_AES_MODE_ENCODE		1
+#define TA_AES_MODE_DECODE		0
+
+/*
+ * TA_AES_CMD_SET_KEY - Allocate resources for the AES ciphering
+ * param[0] (memref) key data, size shall equal key length
+ * param[1] unused
+ * param[2] unused
+ * param[3] unused
+ */
+#define TA_AES_CMD_SET_KEY		1
+
+/*
+ * TA_AES_CMD_SET_IV - reset IV
+ * param[0] (memref) initial vector, size shall equal key length
+ * param[1] unused
+ * param[2] unused
+ * param[3] unused
+ */
+#define TA_AES_CMD_SET_IV		2
+
+/*
+ * TA_AES_CMD_CIPHER - Ciphere inut buffer into output buffer
+ * param[0] (memref) input buffer
+ * param[1] (memref) output buffer (shall be bigger than input buffer)
+ * param[2] unused
+ * param[3] unused
+ */
+#define TA_AES_CMD_CIPHER		3
+
+#endif /* __AES_TA_H */
diff --git a/aes/ta/sub.mk b/aes/ta/sub.mk
new file mode 100644
index 0000000..96c58b2
--- /dev/null
+++ b/aes/ta/sub.mk
@@ -0,0 +1,2 @@
+global-incdirs-y += include
+srcs-y += aes_ta.c
diff --git a/aes/ta/user_ta_header_defines.h b/aes/ta/user_ta_header_defines.h
new file mode 100644
index 0000000..9f944b8
--- /dev/null
+++ b/aes/ta/user_ta_header_defines.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The name of this file must not be modified
+ */
+
+#ifndef USER_TA_HEADER_DEFINES_H
+#define USER_TA_HEADER_DEFINES_H
+
+#include <aes_ta.h>
+
+#define TA_UUID				TA_AES_UUID
+
+#define TA_FLAGS			TA_FLAG_EXEC_DDR
+#define TA_STACK_SIZE			(2 * 1024)
+#define TA_DATA_SIZE			(32 * 1024)
+
+#define TA_CURRENT_TA_EXT_PROPERTIES \
+    { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \
+        "Example of TA using an AES sequence" }, \
+    { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } }
+
+#endif /*USER_TA_HEADER_DEFINES_H*/