1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2018-2021, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <pkcs11_ta.h>
8 #include <tee_api_defines.h>
9 #include <tee_internal_api.h>
10 #include <tee_internal_api_extensions.h>
11
12 #include "attributes.h"
13 #include "object.h"
14 #include "pkcs11_token.h"
15 #include "processing.h"
16
17 enum pkcs11_rc
pkcs2tee_proc_params_rsa_pss(struct active_processing * proc,struct pkcs11_attribute_head * proc_params)18 pkcs2tee_proc_params_rsa_pss(struct active_processing *proc,
19 struct pkcs11_attribute_head *proc_params)
20 {
21 struct serialargs args = { };
22 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
23 struct rsa_pss_processing_ctx *ctx = NULL;
24 uint32_t hash = 0;
25 uint32_t mgf = 0;
26 uint32_t salt_len = 0;
27
28 serialargs_init(&args, proc_params->data, proc_params->size);
29
30 rc = serialargs_get_u32(&args, &hash);
31 if (rc)
32 return rc;
33
34 rc = serialargs_get_u32(&args, &mgf);
35 if (rc)
36 return rc;
37
38 rc = serialargs_get_u32(&args, &salt_len);
39 if (rc)
40 return rc;
41
42 if (serialargs_remaining_bytes(&args))
43 return PKCS11_CKR_ARGUMENTS_BAD;
44
45 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_pss_processing_ctx),
46 TEE_USER_MEM_HINT_NO_FILL_ZERO);
47 if (!proc->extra_ctx)
48 return PKCS11_CKR_DEVICE_MEMORY;
49
50 ctx = proc->extra_ctx;
51
52 ctx->hash_alg = hash;
53 ctx->mgf_type = mgf;
54 ctx->salt_len = salt_len;
55
56 return PKCS11_CKR_OK;
57 }
58
pkcs2tee_validate_rsa_pss(struct active_processing * proc,struct pkcs11_object * obj)59 enum pkcs11_rc pkcs2tee_validate_rsa_pss(struct active_processing *proc,
60 struct pkcs11_object *obj)
61 {
62 struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL;
63 size_t modulus_size = 0;
64 size_t hash_size = 0;
65 uint32_t k = 0;
66
67 rsa_pss_ctx = proc->extra_ctx;
68 assert(rsa_pss_ctx);
69
70 switch (rsa_pss_ctx->hash_alg) {
71 case PKCS11_CKM_SHA_1:
72 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA1);
73 break;
74 case PKCS11_CKM_SHA224:
75 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA224);
76 break;
77 case PKCS11_CKM_SHA256:
78 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA256);
79 break;
80 case PKCS11_CKM_SHA384:
81 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA384);
82 break;
83 case PKCS11_CKM_SHA512:
84 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA512);
85 break;
86 default:
87 assert(0);
88 break;
89 }
90
91 modulus_size = get_object_key_bit_size(obj);
92
93 /**
94 * The sLen field must be less than or equal to k*-2-hLen where
95 * hLen is the length in bytes of the hash value. k* is the
96 * length in bytes of the RSA modulus, except if the length in
97 * bits of the RSA modulus is one more than a multiple of 8, in
98 * which case k* is one less than the length in bytes of the
99 * RSA modulus.
100 */
101 if ((modulus_size % 8) == 1)
102 k = modulus_size / 8;
103 else
104 k = ROUNDUP_DIV(modulus_size, 8);
105
106 if (rsa_pss_ctx->salt_len > (k - 2 - hash_size))
107 return PKCS11_CKR_KEY_SIZE_RANGE;
108
109 return PKCS11_CKR_OK;
110 }
111
112 /*
113 * Check or set TEE algorithm identifier upon PKCS11 mechanism parameters
114 * @tee_id: Input and/or output TEE algorithm identifier
115 * @proc_params: PKCS11 processing parameters
116 */
pkcs2tee_algo_rsa_pss(uint32_t * tee_id,struct pkcs11_attribute_head * proc_params)117 enum pkcs11_rc pkcs2tee_algo_rsa_pss(uint32_t *tee_id,
118 struct pkcs11_attribute_head *proc_params)
119 {
120 struct serialargs args = { };
121 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
122 uint32_t hash = 0;
123 uint32_t mgf = 0;
124 uint32_t salt_len = 0;
125
126 serialargs_init(&args, proc_params->data, proc_params->size);
127
128 rc = serialargs_get_u32(&args, &hash);
129 if (rc)
130 return rc;
131
132 rc = serialargs_get_u32(&args, &mgf);
133 if (rc)
134 return rc;
135
136 rc = serialargs_get_u32(&args, &salt_len);
137 if (rc)
138 return rc;
139
140 if (serialargs_remaining_bytes(&args))
141 return PKCS11_CKR_ARGUMENTS_BAD;
142
143 if (proc_params->id == PKCS11_CKM_RSA_PKCS_PSS) {
144 if (hash == PKCS11_CKM_SHA_1 && mgf == PKCS11_CKG_MGF1_SHA1) {
145 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1;
146 return PKCS11_CKR_OK;
147 }
148 if (hash == PKCS11_CKM_SHA224 &&
149 mgf == PKCS11_CKG_MGF1_SHA224) {
150 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224;
151 return PKCS11_CKR_OK;
152 }
153 if (hash == PKCS11_CKM_SHA256 &&
154 mgf == PKCS11_CKG_MGF1_SHA256) {
155 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256;
156 return PKCS11_CKR_OK;
157 }
158 if (hash == PKCS11_CKM_SHA384 &&
159 mgf == PKCS11_CKG_MGF1_SHA384) {
160 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384;
161 return PKCS11_CKR_OK;
162 }
163 if (hash == PKCS11_CKM_SHA512 &&
164 mgf == PKCS11_CKG_MGF1_SHA512) {
165 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512;
166 return PKCS11_CKR_OK;
167 }
168 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
169 }
170
171 switch (*tee_id) {
172 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
173 if (hash != PKCS11_CKM_SHA_1 || mgf != PKCS11_CKG_MGF1_SHA1)
174 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
175 break;
176 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
177 if (hash != PKCS11_CKM_SHA224 || mgf != PKCS11_CKG_MGF1_SHA224)
178 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
179 break;
180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
181 if (hash != PKCS11_CKM_SHA256 || mgf != PKCS11_CKG_MGF1_SHA256)
182 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
183 break;
184 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
185 if (hash != PKCS11_CKM_SHA384 || mgf != PKCS11_CKG_MGF1_SHA384)
186 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
187 break;
188 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
189 if (hash != PKCS11_CKM_SHA512 || mgf != PKCS11_CKG_MGF1_SHA512)
190 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
191 break;
192 default:
193 return PKCS11_CKR_GENERAL_ERROR;
194 }
195
196 return PKCS11_CKR_OK;
197 }
198
199 enum pkcs11_rc
pkcs2tee_proc_params_rsa_oaep(struct active_processing * proc,struct pkcs11_attribute_head * proc_params)200 pkcs2tee_proc_params_rsa_oaep(struct active_processing *proc,
201 struct pkcs11_attribute_head *proc_params)
202 {
203 struct serialargs args = { };
204 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
205 struct rsa_oaep_processing_ctx *ctx = NULL;
206 uint32_t hash = 0;
207 uint32_t mgf = 0;
208 uint32_t source_type = 0;
209 void *source_data = NULL;
210 uint32_t source_size = 0;
211
212 serialargs_init(&args, proc_params->data, proc_params->size);
213
214 rc = serialargs_get_u32(&args, &hash);
215 if (rc)
216 return rc;
217
218 rc = serialargs_get_u32(&args, &mgf);
219 if (rc)
220 return rc;
221
222 rc = serialargs_get_u32(&args, &source_type);
223 if (rc)
224 return rc;
225
226 rc = serialargs_get_u32(&args, &source_size);
227 if (rc)
228 return rc;
229
230 rc = serialargs_get_ptr(&args, &source_data, source_size);
231 if (rc)
232 return rc;
233
234 if (serialargs_remaining_bytes(&args))
235 return PKCS11_CKR_ARGUMENTS_BAD;
236
237 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_oaep_processing_ctx) +
238 source_size,
239 TEE_USER_MEM_HINT_NO_FILL_ZERO);
240 if (!proc->extra_ctx)
241 return PKCS11_CKR_DEVICE_MEMORY;
242
243 ctx = proc->extra_ctx;
244
245 ctx->hash_alg = hash;
246 ctx->mgf_type = mgf;
247 ctx->source_type = source_type;
248 ctx->source_data_len = source_size;
249 TEE_MemMove(ctx->source_data, source_data, source_size);
250
251 return PKCS11_CKR_OK;
252 }
253
254 enum pkcs11_rc
pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing * proc,struct pkcs11_attribute_head * proc_params)255 pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing *proc,
256 struct pkcs11_attribute_head *proc_params)
257 {
258 struct serialargs args = { };
259 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
260 struct rsa_aes_key_wrap_processing_ctx *ctx = NULL;
261 uint32_t aes_key_bits = 0;
262 uint32_t hash = 0;
263 uint32_t mgf = 0;
264 uint32_t source_type = 0;
265 void *source_data = NULL;
266 uint32_t source_size = 0;
267
268 serialargs_init(&args, proc_params->data, proc_params->size);
269
270 rc = serialargs_get_u32(&args, &aes_key_bits);
271 if (rc)
272 return rc;
273
274 rc = serialargs_get_u32(&args, &hash);
275 if (rc)
276 return rc;
277
278 rc = serialargs_get_u32(&args, &mgf);
279 if (rc)
280 return rc;
281
282 rc = serialargs_get_u32(&args, &source_type);
283 if (rc)
284 return rc;
285
286 rc = serialargs_get_u32(&args, &source_size);
287 if (rc)
288 return rc;
289
290 rc = serialargs_get_ptr(&args, &source_data, source_size);
291 if (rc)
292 return rc;
293
294 if (serialargs_remaining_bytes(&args))
295 return PKCS11_CKR_ARGUMENTS_BAD;
296
297 proc->extra_ctx =
298 TEE_Malloc(sizeof(struct rsa_aes_key_wrap_processing_ctx) +
299 source_size,
300 TEE_USER_MEM_HINT_NO_FILL_ZERO);
301 if (!proc->extra_ctx)
302 return PKCS11_CKR_DEVICE_MEMORY;
303
304 ctx = proc->extra_ctx;
305
306 ctx->aes_key_bits = aes_key_bits;
307 ctx->hash_alg = hash;
308 ctx->mgf_type = mgf;
309 ctx->source_type = source_type;
310 ctx->source_data_len = source_size;
311 TEE_MemMove(ctx->source_data, source_data, source_size);
312
313 return PKCS11_CKR_OK;
314 }
315
316 /*
317 * Set TEE RSA OAEP algorithm identifier upon PKCS11 mechanism parameters
318 * @tee_id: output TEE RSA OAEP algorithm identifier
319 * @tee_hash_id: output TEE hash algorithm identifier
320 * @proc_params: PKCS11 processing parameters
321 */
322 enum pkcs11_rc
pkcs2tee_algo_rsa_oaep(uint32_t * tee_id,uint32_t * tee_hash_id,struct pkcs11_attribute_head * proc_params)323 pkcs2tee_algo_rsa_oaep(uint32_t *tee_id, uint32_t *tee_hash_id,
324 struct pkcs11_attribute_head *proc_params)
325 {
326 struct serialargs args = { };
327 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
328 uint32_t hash = 0;
329 uint32_t mgf = 0;
330 uint32_t source_type = 0;
331 void *source_data = NULL;
332 uint32_t source_size = 0;
333
334 serialargs_init(&args, proc_params->data, proc_params->size);
335
336 rc = serialargs_get_u32(&args, &hash);
337 if (rc)
338 return rc;
339
340 rc = serialargs_get_u32(&args, &mgf);
341 if (rc)
342 return rc;
343
344 rc = serialargs_get_u32(&args, &source_type);
345 if (rc)
346 return rc;
347
348 rc = serialargs_get_u32(&args, &source_size);
349 if (rc)
350 return rc;
351
352 rc = serialargs_get_ptr(&args, &source_data, source_size);
353 if (rc)
354 return rc;
355
356 if (serialargs_remaining_bytes(&args))
357 return PKCS11_CKR_ARGUMENTS_BAD;
358
359 if (source_type != PKCS11_CKZ_DATA_SPECIFIED)
360 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
361
362 switch (proc_params->id) {
363 case PKCS11_CKM_RSA_PKCS_OAEP:
364 switch (hash) {
365 case PKCS11_CKM_SHA_1:
366 if (mgf != PKCS11_CKG_MGF1_SHA1)
367 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
368 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1;
369 *tee_hash_id = TEE_ALG_SHA1;
370 break;
371 case PKCS11_CKM_SHA224:
372 if (mgf != PKCS11_CKG_MGF1_SHA224)
373 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
374 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224;
375 *tee_hash_id = TEE_ALG_SHA224;
376 break;
377 case PKCS11_CKM_SHA256:
378 if (mgf != PKCS11_CKG_MGF1_SHA256)
379 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
380 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256;
381 *tee_hash_id = TEE_ALG_SHA256;
382 break;
383 case PKCS11_CKM_SHA384:
384 if (mgf != PKCS11_CKG_MGF1_SHA384)
385 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
386 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384;
387 *tee_hash_id = TEE_ALG_SHA384;
388 break;
389 case PKCS11_CKM_SHA512:
390 if (mgf != PKCS11_CKG_MGF1_SHA512)
391 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
392 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512;
393 *tee_hash_id = TEE_ALG_SHA512;
394 break;
395 default:
396 EMSG("Unexpected %#"PRIx32"/%s", hash,
397 id2str_proc(hash));
398
399 return PKCS11_CKR_GENERAL_ERROR;
400 }
401 break;
402 default:
403 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id,
404 id2str_proc(proc_params->id));
405
406 return PKCS11_CKR_GENERAL_ERROR;
407 }
408
409 return PKCS11_CKR_OK;
410 }
411
412 enum pkcs11_rc
pkcs2tee_algo_rsa_aes_wrap(uint32_t * tee_id,uint32_t * tee_hash_id,struct pkcs11_attribute_head * proc_params)413 pkcs2tee_algo_rsa_aes_wrap(uint32_t *tee_id, uint32_t *tee_hash_id,
414 struct pkcs11_attribute_head *proc_params)
415 {
416 struct serialargs args = { };
417 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
418 uint32_t aes_key_bits = 0;
419 uint32_t hash = 0;
420 uint32_t mgf = 0;
421 uint32_t source_type = 0;
422 void *source_data = NULL;
423 uint32_t source_size = 0;
424
425 serialargs_init(&args, proc_params->data, proc_params->size);
426
427 rc = serialargs_get_u32(&args, &aes_key_bits);
428 if (rc)
429 return rc;
430
431 rc = serialargs_get_u32(&args, &hash);
432 if (rc)
433 return rc;
434
435 rc = serialargs_get_u32(&args, &mgf);
436 if (rc)
437 return rc;
438
439 rc = serialargs_get_u32(&args, &source_type);
440 if (rc)
441 return rc;
442
443 rc = serialargs_get_u32(&args, &source_size);
444 if (rc)
445 return rc;
446
447 rc = serialargs_get_ptr(&args, &source_data, source_size);
448 if (rc)
449 return rc;
450
451 if (serialargs_remaining_bytes(&args))
452 return PKCS11_CKR_ARGUMENTS_BAD;
453
454 if (source_type != PKCS11_CKZ_DATA_SPECIFIED)
455 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
456
457 switch (proc_params->id) {
458 case PKCS11_CKM_RSA_AES_KEY_WRAP:
459 switch (hash) {
460 case PKCS11_CKM_SHA_1:
461 if (mgf != PKCS11_CKG_MGF1_SHA1)
462 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
463 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1;
464 *tee_hash_id = TEE_ALG_SHA1;
465 break;
466 case PKCS11_CKM_SHA224:
467 if (mgf != PKCS11_CKG_MGF1_SHA224)
468 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
469 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224;
470 *tee_hash_id = TEE_ALG_SHA224;
471 break;
472 case PKCS11_CKM_SHA256:
473 if (mgf != PKCS11_CKG_MGF1_SHA256)
474 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
475 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256;
476 *tee_hash_id = TEE_ALG_SHA256;
477 break;
478 case PKCS11_CKM_SHA384:
479 if (mgf != PKCS11_CKG_MGF1_SHA384)
480 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
481 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384;
482 *tee_hash_id = TEE_ALG_SHA384;
483 break;
484 case PKCS11_CKM_SHA512:
485 if (mgf != PKCS11_CKG_MGF1_SHA512)
486 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
487 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512;
488 *tee_hash_id = TEE_ALG_SHA512;
489 break;
490 default:
491 EMSG("Unexpected %#"PRIx32"/%s", hash,
492 id2str_proc(hash));
493
494 return PKCS11_CKR_GENERAL_ERROR;
495 }
496 break;
497 default:
498 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id,
499 id2str_proc(proc_params->id));
500
501 return PKCS11_CKR_GENERAL_ERROR;
502 }
503
504 return PKCS11_CKR_OK;
505 }
506
contains_all_rsa_crt_parameters(struct pkcs11_object * obj)507 static enum pkcs11_rc contains_all_rsa_crt_parameters(struct pkcs11_object *obj)
508 {
509 const uint32_t crt_attr[] = {
510 PKCS11_CKA_PRIME_1, PKCS11_CKA_PRIME_2, PKCS11_CKA_EXPONENT_1,
511 PKCS11_CKA_EXPONENT_2, PKCS11_CKA_COEFFICIENT,
512 };
513 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
514 uint32_t a_size = 0;
515 void *a_ptr = NULL;
516 size_t count = 0;
517 size_t n = 0;
518
519 for (n = 0; n < ARRAY_SIZE(crt_attr); n++) {
520 rc = get_attribute_ptr(obj->attributes, crt_attr[n], &a_ptr,
521 &a_size);
522 if (rc != PKCS11_CKR_OK)
523 return rc;
524 if (a_ptr && a_size)
525 count++;
526 }
527
528 if (count != ARRAY_SIZE(crt_attr))
529 return PKCS11_RV_NOT_FOUND;
530
531 return PKCS11_CKR_OK;
532 }
533
load_tee_rsa_key_attrs(TEE_Attribute ** tee_attrs,size_t * tee_count,struct pkcs11_object * obj)534 enum pkcs11_rc load_tee_rsa_key_attrs(TEE_Attribute **tee_attrs,
535 size_t *tee_count,
536 struct pkcs11_object *obj)
537 {
538 TEE_Attribute *attrs = NULL;
539 size_t count = 0;
540 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
541
542 assert(get_key_type(obj->attributes) == PKCS11_CKK_RSA);
543
544 switch (get_class(obj->attributes)) {
545 case PKCS11_CKO_PUBLIC_KEY:
546 attrs = TEE_Malloc(2 * sizeof(TEE_Attribute),
547 TEE_USER_MEM_HINT_NO_FILL_ZERO);
548 if (!attrs)
549 return PKCS11_CKR_DEVICE_MEMORY;
550
551 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS,
552 obj, PKCS11_CKA_MODULUS))
553 count++;
554
555 if (pkcs2tee_load_attr(&attrs[count],
556 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj,
557 PKCS11_CKA_PUBLIC_EXPONENT))
558 count++;
559
560 if (count == 2)
561 rc = PKCS11_CKR_OK;
562
563 break;
564
565 case PKCS11_CKO_PRIVATE_KEY:
566 attrs = TEE_Malloc(8 * sizeof(TEE_Attribute),
567 TEE_USER_MEM_HINT_NO_FILL_ZERO);
568 if (!attrs)
569 return PKCS11_CKR_DEVICE_MEMORY;
570
571 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS,
572 obj, PKCS11_CKA_MODULUS))
573 count++;
574
575 if (pkcs2tee_load_attr(&attrs[count],
576 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj,
577 PKCS11_CKA_PUBLIC_EXPONENT))
578 count++;
579
580 if (pkcs2tee_load_attr(&attrs[count],
581 TEE_ATTR_RSA_PRIVATE_EXPONENT, obj,
582 PKCS11_CKA_PRIVATE_EXPONENT))
583 count++;
584
585 if (count != 3)
586 break;
587
588 /*
589 * If the pre-computed CRT parameters are present load them
590 * but only if they are all present since the GP TEE
591 * specification expects either the 5 are present
592 * or none is present.
593 */
594 rc = contains_all_rsa_crt_parameters(obj);
595 if (rc != PKCS11_CKR_OK) {
596 if (rc == PKCS11_RV_NOT_FOUND)
597 rc = PKCS11_CKR_OK;
598 break;
599 }
600
601 rc = PKCS11_CKR_GENERAL_ERROR;
602
603 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME1, obj,
604 PKCS11_CKA_PRIME_1))
605 count++;
606
607 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME2, obj,
608 PKCS11_CKA_PRIME_2))
609 count++;
610
611 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT1,
612 obj, PKCS11_CKA_EXPONENT_1))
613 count++;
614
615 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT2,
616 obj, PKCS11_CKA_EXPONENT_2))
617 count++;
618
619 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_COEFFICIENT,
620 obj, PKCS11_CKA_COEFFICIENT))
621 count++;
622
623 if (count == 8)
624 rc = PKCS11_CKR_OK;
625
626 break;
627
628 default:
629 assert(0);
630 break;
631 }
632
633 if (rc == PKCS11_CKR_OK) {
634 *tee_attrs = attrs;
635 *tee_count = count;
636 } else {
637 TEE_Free(attrs);
638 }
639
640 return rc;
641 }
642
tee2pkcs_rsa_attributes(struct obj_attrs ** pub_head,struct obj_attrs ** priv_head,TEE_ObjectHandle tee_obj)643 static enum pkcs11_rc tee2pkcs_rsa_attributes(struct obj_attrs **pub_head,
644 struct obj_attrs **priv_head,
645 TEE_ObjectHandle tee_obj)
646 {
647 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
648 void *a_ptr = NULL;
649
650 rc = tee2pkcs_add_attribute(pub_head, PKCS11_CKA_MODULUS, tee_obj,
651 TEE_ATTR_RSA_MODULUS);
652 if (rc)
653 goto out;
654
655 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr,
656 NULL);
657 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND)
658 goto out;
659
660 if (rc == PKCS11_CKR_OK && !a_ptr) {
661 rc = remove_empty_attribute(pub_head,
662 PKCS11_CKA_PUBLIC_EXPONENT);
663 if (rc)
664 goto out;
665 rc = PKCS11_RV_NOT_FOUND;
666 }
667
668 if (rc == PKCS11_RV_NOT_FOUND) {
669 rc = tee2pkcs_add_attribute(pub_head,
670 PKCS11_CKA_PUBLIC_EXPONENT,
671 tee_obj,
672 TEE_ATTR_RSA_PUBLIC_EXPONENT);
673 if (rc)
674 goto out;
675 }
676
677 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_MODULUS, tee_obj,
678 TEE_ATTR_RSA_MODULUS);
679 if (rc)
680 goto out;
681
682 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT,
683 tee_obj, TEE_ATTR_RSA_PUBLIC_EXPONENT);
684 if (rc)
685 goto out;
686
687 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT,
688 tee_obj, TEE_ATTR_RSA_PRIVATE_EXPONENT);
689 if (rc)
690 goto out;
691
692 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_1, tee_obj,
693 TEE_ATTR_RSA_PRIME1);
694 if (rc)
695 goto out;
696
697 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_2, tee_obj,
698 TEE_ATTR_RSA_PRIME2);
699 if (rc)
700 goto out;
701
702 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_1, tee_obj,
703 TEE_ATTR_RSA_EXPONENT1);
704 if (rc)
705 goto out;
706
707 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_2, tee_obj,
708 TEE_ATTR_RSA_EXPONENT2);
709 if (rc)
710 goto out;
711
712 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_COEFFICIENT, tee_obj,
713 TEE_ATTR_RSA_COEFFICIENT);
714 out:
715 return rc;
716 }
717
generate_rsa_keys(struct pkcs11_attribute_head * proc_params,struct obj_attrs ** pub_head,struct obj_attrs ** priv_head)718 enum pkcs11_rc generate_rsa_keys(struct pkcs11_attribute_head *proc_params,
719 struct obj_attrs **pub_head,
720 struct obj_attrs **priv_head)
721 {
722 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
723 void *a_ptr = NULL;
724 uint32_t a_size = 0;
725 TEE_ObjectHandle tee_obj = TEE_HANDLE_NULL;
726 TEE_Result res = TEE_ERROR_GENERIC;
727 uint32_t modulus_bits = 0;
728 TEE_Attribute tee_attrs[1] = { };
729 uint32_t tee_count = 0;
730
731 if (!proc_params || !*pub_head || !*priv_head)
732 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
733
734 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_MODULUS_BITS, &a_ptr,
735 &a_size);
736 if (rc != PKCS11_CKR_OK || a_size != sizeof(uint32_t))
737 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
738
739 TEE_MemMove(&modulus_bits, a_ptr, sizeof(uint32_t));
740
741 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr,
742 &a_size);
743 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND)
744 return rc;
745
746 if (rc == PKCS11_CKR_OK && a_ptr) {
747 TEE_InitRefAttribute(&tee_attrs[tee_count],
748 TEE_ATTR_RSA_PUBLIC_EXPONENT,
749 a_ptr, a_size);
750 tee_count++;
751 }
752
753 if (remove_empty_attribute(priv_head, PKCS11_CKA_MODULUS) ||
754 remove_empty_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT) ||
755 remove_empty_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT) ||
756 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_1) ||
757 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_2) ||
758 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_1) ||
759 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_2) ||
760 remove_empty_attribute(priv_head, PKCS11_CKA_COEFFICIENT)) {
761 EMSG("Unexpected attribute(s) found");
762 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
763 goto out;
764 }
765
766 /* Create an RSA TEE key */
767 res = TEE_AllocateTransientObject(TEE_TYPE_RSA_KEYPAIR, modulus_bits,
768 &tee_obj);
769 if (res) {
770 DMSG("TEE_AllocateTransientObject failed %#"PRIx32, res);
771
772 rc = tee2pkcs_error(res);
773 goto out;
774 }
775
776 res = TEE_RestrictObjectUsage1(tee_obj, TEE_USAGE_EXTRACTABLE);
777 if (res) {
778 DMSG("TEE_RestrictObjectUsage1 failed %#"PRIx32, res);
779
780 rc = tee2pkcs_error(res);
781 goto out;
782 }
783
784 res = TEE_GenerateKey(tee_obj, modulus_bits, tee_attrs, tee_count);
785 if (res) {
786 DMSG("TEE_GenerateKey failed %#"PRIx32, res);
787
788 rc = tee2pkcs_error(res);
789 goto out;
790 }
791
792 rc = tee2pkcs_rsa_attributes(pub_head, priv_head, tee_obj);
793
794 out:
795 if (tee_obj != TEE_HANDLE_NULL)
796 TEE_CloseObject(tee_obj);
797
798 return rc;
799 }
800
rsa_get_input_max_byte_size(TEE_OperationHandle op)801 size_t rsa_get_input_max_byte_size(TEE_OperationHandle op)
802 {
803 TEE_OperationInfo info = { };
804
805 TEE_GetOperationInfo(op, &info);
806
807 return info.maxKeySize / 8;
808 }
809
pkcs2tee_rsa_nopad_context(struct active_processing * proc)810 enum pkcs11_rc pkcs2tee_rsa_nopad_context(struct active_processing *proc)
811 {
812 size_t key_size = 0;
813
814 /*
815 * RSA no-pad (CKM_RSA_X_509) verify needs a buffer of the size
816 * of the key to safely run.
817 */
818 key_size = rsa_get_input_max_byte_size(proc->tee_op_handle);
819 if (!key_size)
820 return PKCS11_CKR_GENERAL_ERROR;
821
822 proc->extra_ctx = TEE_Malloc(key_size, TEE_USER_MEM_HINT_NO_FILL_ZERO);
823 if (!proc->extra_ctx)
824 return PKCS11_CKR_DEVICE_MEMORY;
825
826 return PKCS11_CKR_OK;
827 }
828