1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2014, STMicroelectronics International N.V.
4 * Copyright (c) 2021, SumUp Services GmbH
5 */
6 #include <assert.h>
7 #include <config.h>
8 #include <stdlib.h>
9 #include <string.h>
10 #include <string_ext.h>
11 #include <tee_api.h>
12 #include <tee_api_defines_extensions.h>
13 #include <tee_internal_api_extensions.h>
14 #include <utee_syscalls.h>
15 #include <utee_defines.h>
16 #include <util.h>
17 #include "tee_api_private.h"
18
19 struct __TEE_OperationHandle {
20 TEE_OperationInfo info;
21 TEE_ObjectHandle key1;
22 TEE_ObjectHandle key2;
23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */
24
25 /*
26 * buffer to collect complete blocks or to keep a complete digest
27 * for TEE_DigestExtract().
28 */
29 uint8_t *buffer;
30 bool buffer_two_blocks; /* True if two blocks need to be buffered */
31 size_t block_size; /* Block size of cipher */
32 size_t buffer_offs; /* Offset in buffer */
33 uint32_t state; /* Handle to state in TEE Core */
34 };
35
36 /* Cryptographic Operations API - Generic Operation Functions */
37
TEE_AllocateOperation(TEE_OperationHandle * operation,uint32_t algorithm,uint32_t mode,uint32_t maxKeySize)38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation,
39 uint32_t algorithm, uint32_t mode,
40 uint32_t maxKeySize)
41 {
42 TEE_Result res;
43 TEE_OperationHandle op = TEE_HANDLE_NULL;
44 uint32_t handle_state = 0;
45 size_t block_size = 1;
46 uint32_t req_key_usage;
47 bool with_private_key = false;
48 bool buffer_two_blocks = false;
49
50 if (!operation)
51 TEE_Panic(0);
52
53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP ||
54 algorithm == TEE_ALG_SM4_XTS)
55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
56
57 /* Check algorithm max key size */
58 switch (algorithm) {
59 case TEE_ALG_DSA_SHA1:
60 if (maxKeySize < 512)
61 return TEE_ERROR_NOT_SUPPORTED;
62 if (maxKeySize > 1024)
63 return TEE_ERROR_NOT_SUPPORTED;
64 if (maxKeySize % 64 != 0)
65 return TEE_ERROR_NOT_SUPPORTED;
66 break;
67
68 case TEE_ALG_DSA_SHA224:
69 if (maxKeySize != 2048)
70 return TEE_ERROR_NOT_SUPPORTED;
71 break;
72
73 case TEE_ALG_DSA_SHA256:
74 if (maxKeySize != 2048 && maxKeySize != 3072)
75 return TEE_ERROR_NOT_SUPPORTED;
76 break;
77
78 case TEE_ALG_ECDSA_SHA1:
79 case __OPTEE_ALG_ECDSA_P192:
80 case __OPTEE_ALG_ECDH_P192:
81 if (maxKeySize != 192)
82 return TEE_ERROR_NOT_SUPPORTED;
83 break;
84
85 case TEE_ALG_ECDSA_SHA224:
86 case __OPTEE_ALG_ECDSA_P224:
87 case __OPTEE_ALG_ECDH_P224:
88 if (maxKeySize != 224)
89 return TEE_ERROR_NOT_SUPPORTED;
90 break;
91
92 case TEE_ALG_ECDSA_SHA256:
93 case __OPTEE_ALG_ECDSA_P256:
94 case __OPTEE_ALG_ECDH_P256:
95 case TEE_ALG_SM2_PKE:
96 case TEE_ALG_SM2_DSA_SM3:
97 if (maxKeySize != 256)
98 return TEE_ERROR_NOT_SUPPORTED;
99 break;
100
101 case TEE_ALG_SM2_KEP:
102 /* Two 256-bit keys */
103 if (maxKeySize != 512)
104 return TEE_ERROR_NOT_SUPPORTED;
105 break;
106
107 case TEE_ALG_ECDSA_SHA384:
108 case __OPTEE_ALG_ECDSA_P384:
109 case __OPTEE_ALG_ECDH_P384:
110 if (maxKeySize != 384)
111 return TEE_ERROR_NOT_SUPPORTED;
112 break;
113
114 case TEE_ALG_ECDSA_SHA512:
115 case __OPTEE_ALG_ECDSA_P521:
116 case __OPTEE_ALG_ECDH_P521:
117 if (maxKeySize != 521)
118 return TEE_ERROR_NOT_SUPPORTED;
119 break;
120
121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
122 if (maxKeySize > 521)
123 return TEE_ERROR_NOT_SUPPORTED;
124 break;
125
126 case TEE_ALG_ED25519:
127 case TEE_ALG_X25519:
128 if (maxKeySize != 256)
129 return TEE_ERROR_NOT_SUPPORTED;
130 break;
131 default:
132 break;
133 }
134
135 /* Check algorithm mode */
136 switch (algorithm) {
137 case TEE_ALG_AES_CTS:
138 case TEE_ALG_AES_XTS:
139 case TEE_ALG_SM4_XTS:
140 buffer_two_blocks = true;
141 fallthrough;
142 case TEE_ALG_AES_ECB_NOPAD:
143 case TEE_ALG_AES_CBC_NOPAD:
144 case TEE_ALG_AES_CCM:
145 case TEE_ALG_DES_ECB_NOPAD:
146 case TEE_ALG_DES_CBC_NOPAD:
147 case TEE_ALG_DES3_ECB_NOPAD:
148 case TEE_ALG_DES3_CBC_NOPAD:
149 case TEE_ALG_SM4_ECB_NOPAD:
150 case TEE_ALG_SM4_CBC_NOPAD:
151 case TEE_ALG_SM4_CTR:
152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES)
153 block_size = TEE_AES_BLOCK_SIZE;
154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4)
155 block_size = TEE_SM4_BLOCK_SIZE;
156 else
157 block_size = TEE_DES_BLOCK_SIZE;
158 fallthrough;
159 case TEE_ALG_AES_CTR:
160 case TEE_ALG_AES_GCM:
161 if (mode == TEE_MODE_ENCRYPT)
162 req_key_usage = TEE_USAGE_ENCRYPT;
163 else if (mode == TEE_MODE_DECRYPT)
164 req_key_usage = TEE_USAGE_DECRYPT;
165 else
166 return TEE_ERROR_NOT_SUPPORTED;
167 break;
168
169 #if defined(CFG_CRYPTO_RSASSA_NA1)
170 case TEE_ALG_RSASSA_PKCS1_V1_5:
171 #endif
172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5:
179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
183 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
184 case TEE_ALG_DSA_SHA1:
185 case TEE_ALG_DSA_SHA224:
186 case TEE_ALG_DSA_SHA256:
187 case TEE_ALG_ECDSA_SHA1:
188 case TEE_ALG_ECDSA_SHA224:
189 case TEE_ALG_ECDSA_SHA256:
190 case TEE_ALG_ECDSA_SHA384:
191 case TEE_ALG_ECDSA_SHA512:
192 case __OPTEE_ALG_ECDSA_P192:
193 case __OPTEE_ALG_ECDSA_P224:
194 case __OPTEE_ALG_ECDSA_P256:
195 case __OPTEE_ALG_ECDSA_P384:
196 case __OPTEE_ALG_ECDSA_P521:
197 case TEE_ALG_SM2_DSA_SM3:
198 case TEE_ALG_ED25519:
199 if (mode == TEE_MODE_SIGN) {
200 with_private_key = true;
201 req_key_usage = TEE_USAGE_SIGN;
202 } else if (mode == TEE_MODE_VERIFY) {
203 req_key_usage = TEE_USAGE_VERIFY;
204 } else {
205 return TEE_ERROR_NOT_SUPPORTED;
206 }
207 break;
208
209 case TEE_ALG_RSAES_PKCS1_V1_5:
210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5:
211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
214 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
215 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
216 case TEE_ALG_SM2_PKE:
217 if (mode == TEE_MODE_ENCRYPT) {
218 req_key_usage = TEE_USAGE_ENCRYPT;
219 } else if (mode == TEE_MODE_DECRYPT) {
220 with_private_key = true;
221 req_key_usage = TEE_USAGE_DECRYPT;
222 } else {
223 return TEE_ERROR_NOT_SUPPORTED;
224 }
225 break;
226
227 case TEE_ALG_RSA_NOPAD:
228 if (mode == TEE_MODE_ENCRYPT) {
229 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY;
230 } else if (mode == TEE_MODE_DECRYPT) {
231 with_private_key = true;
232 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN;
233 } else {
234 return TEE_ERROR_NOT_SUPPORTED;
235 }
236 break;
237
238 case TEE_ALG_DH_DERIVE_SHARED_SECRET:
239 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
240 case __OPTEE_ALG_ECDH_P192:
241 case __OPTEE_ALG_ECDH_P224:
242 case __OPTEE_ALG_ECDH_P256:
243 case __OPTEE_ALG_ECDH_P384:
244 case __OPTEE_ALG_ECDH_P521:
245 case TEE_ALG_HKDF_MD5_DERIVE_KEY:
246 case TEE_ALG_HKDF_SHA1_DERIVE_KEY:
247 case TEE_ALG_HKDF_SHA224_DERIVE_KEY:
248 case TEE_ALG_HKDF_SHA256_DERIVE_KEY:
249 case TEE_ALG_HKDF_SHA384_DERIVE_KEY:
250 case TEE_ALG_HKDF_SHA512_DERIVE_KEY:
251 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY:
252 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY:
253 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY:
254 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY:
255 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY:
256 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY:
257 case TEE_ALG_SM2_KEP:
258 case TEE_ALG_X25519:
259 if (mode != TEE_MODE_DERIVE)
260 return TEE_ERROR_NOT_SUPPORTED;
261 with_private_key = true;
262 req_key_usage = TEE_USAGE_DERIVE;
263 break;
264
265 case TEE_ALG_MD5:
266 case TEE_ALG_SHA1:
267 case TEE_ALG_SHA224:
268 case TEE_ALG_SHA256:
269 case TEE_ALG_SHA384:
270 case TEE_ALG_SHA512:
271 case TEE_ALG_SHA3_224:
272 case TEE_ALG_SHA3_256:
273 case TEE_ALG_SHA3_384:
274 case TEE_ALG_SHA3_512:
275 case TEE_ALG_SHAKE128:
276 case TEE_ALG_SHAKE256:
277 case TEE_ALG_SM3:
278 if (mode != TEE_MODE_DIGEST)
279 return TEE_ERROR_NOT_SUPPORTED;
280 /* v1.1: flags always set for digest operations */
281 handle_state |= TEE_HANDLE_FLAG_KEY_SET;
282 req_key_usage = 0;
283 break;
284
285 case TEE_ALG_DES_CBC_MAC_NOPAD:
286 case TEE_ALG_AES_CBC_MAC_NOPAD:
287 case TEE_ALG_AES_CBC_MAC_PKCS5:
288 case TEE_ALG_AES_CMAC:
289 case TEE_ALG_DES_CBC_MAC_PKCS5:
290 case TEE_ALG_DES3_CBC_MAC_NOPAD:
291 case TEE_ALG_DES3_CBC_MAC_PKCS5:
292 case TEE_ALG_DES3_CMAC:
293 case TEE_ALG_HMAC_MD5:
294 case TEE_ALG_HMAC_SHA1:
295 case TEE_ALG_HMAC_SHA224:
296 case TEE_ALG_HMAC_SHA256:
297 case TEE_ALG_HMAC_SHA384:
298 case TEE_ALG_HMAC_SHA512:
299 case TEE_ALG_HMAC_SHA3_224:
300 case TEE_ALG_HMAC_SHA3_256:
301 case TEE_ALG_HMAC_SHA3_384:
302 case TEE_ALG_HMAC_SHA3_512:
303 case TEE_ALG_HMAC_SM3:
304 if (mode != TEE_MODE_MAC)
305 return TEE_ERROR_NOT_SUPPORTED;
306 req_key_usage = TEE_USAGE_MAC;
307 break;
308
309 default:
310 return TEE_ERROR_NOT_SUPPORTED;
311 }
312
313 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO);
314 if (!op)
315 return TEE_ERROR_OUT_OF_MEMORY;
316
317 op->info.algorithm = algorithm;
318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm);
319 #ifdef CFG_CRYPTO_RSASSA_NA1
320 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5)
321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE;
322 #endif
323 op->info.mode = mode;
324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm);
325 op->info.maxKeySize = maxKeySize;
326 op->info.requiredKeyUsage = req_key_usage;
327 op->info.handleState = handle_state;
328
329 /*
330 * Needed to buffer the digest if TEE_DigestExtract() doesn't
331 * retrieve the entire digest in one go.
332 */
333 if (op->info.operationClass == TEE_OPERATION_DIGEST)
334 block_size = op->info.digestLength;
335
336 if (block_size > 1) {
337 size_t buffer_size = block_size;
338
339 if (buffer_two_blocks)
340 buffer_size *= 2;
341
342 op->buffer = TEE_Malloc(buffer_size,
343 TEE_USER_MEM_HINT_NO_FILL_ZERO);
344 if (op->buffer == NULL) {
345 res = TEE_ERROR_OUT_OF_MEMORY;
346 goto out;
347 }
348 }
349 op->block_size = block_size;
350 op->buffer_two_blocks = buffer_two_blocks;
351
352 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) {
353 uint32_t mks = maxKeySize;
354 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm,
355 with_private_key);
356
357 /*
358 * If two keys are expected the max key size is the sum of
359 * the size of both keys.
360 */
361 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS)
362 mks /= 2;
363
364 res = TEE_AllocateTransientObject(key_type, mks, &op->key1);
365 if (res != TEE_SUCCESS)
366 goto out;
367
368 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
369 res = TEE_AllocateTransientObject(key_type, mks,
370 &op->key2);
371 if (res != TEE_SUCCESS)
372 goto out;
373 }
374 }
375
376 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1,
377 (unsigned long)op->key2, &op->state);
378 if (res != TEE_SUCCESS)
379 goto out;
380
381 /*
382 * Initialize digest operations
383 * Other multi-stage operations initialized w/ TEE_xxxInit functions
384 * Non-applicable on asymmetric operations
385 */
386 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) {
387 res = _utee_hash_init(op->state, NULL, 0);
388 if (res != TEE_SUCCESS)
389 goto out;
390 /* v1.1: flags always set for digest operations */
391 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
392 }
393
394 op->operationState = TEE_OPERATION_STATE_INITIAL;
395
396 *operation = op;
397
398 out:
399 if (res != TEE_SUCCESS) {
400 if (res != TEE_ERROR_OUT_OF_MEMORY &&
401 res != TEE_ERROR_NOT_SUPPORTED)
402 TEE_Panic(res);
403 if (op) {
404 if (op->state) {
405 TEE_FreeOperation(op);
406 } else {
407 TEE_Free(op->buffer);
408 TEE_FreeTransientObject(op->key1);
409 TEE_FreeTransientObject(op->key2);
410 TEE_Free(op);
411 }
412 }
413 }
414
415 return res;
416 }
417
TEE_FreeOperation(TEE_OperationHandle operation)418 void TEE_FreeOperation(TEE_OperationHandle operation)
419 {
420 TEE_Result res;
421
422 if (operation == TEE_HANDLE_NULL)
423 return;
424
425 /*
426 * Note that keys should not be freed here, since they are
427 * claimed by the operation they will be freed by
428 * utee_cryp_state_free().
429 */
430 res = _utee_cryp_state_free(operation->state);
431 if (res != TEE_SUCCESS)
432 TEE_Panic(res);
433
434 TEE_Free(operation->buffer);
435 TEE_Free(operation);
436 }
437
__GP11_TEE_FreeOperation(TEE_OperationHandle operation)438 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation)
439 {
440 if (operation == TEE_HANDLE_NULL)
441 TEE_Panic(0);
442 TEE_FreeOperation(operation);
443 }
444
TEE_GetOperationInfo(TEE_OperationHandle operation,TEE_OperationInfo * operationInfo)445 void TEE_GetOperationInfo(TEE_OperationHandle operation,
446 TEE_OperationInfo *operationInfo)
447 {
448 if (operation == TEE_HANDLE_NULL)
449 TEE_Panic(0);
450
451 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo));
452
453 *operationInfo = operation->info;
454 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
455 operationInfo->keySize = 0;
456 operationInfo->requiredKeyUsage = 0;
457 }
458 }
459
TEE_GetOperationInfoMultiple(TEE_OperationHandle op,TEE_OperationInfoMultiple * op_info,size_t * size)460 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op,
461 TEE_OperationInfoMultiple *op_info,
462 size_t *size)
463 {
464 TEE_Result res = TEE_SUCCESS;
465 TEE_ObjectInfo kinfo = { };
466 size_t max_key_count = 0;
467 bool two_keys = false;
468
469 if (op == TEE_HANDLE_NULL) {
470 res = TEE_ERROR_BAD_PARAMETERS;
471 goto out;
472 }
473
474 __utee_check_outbuf_annotation(op_info, size);
475
476 if (*size < sizeof(*op_info)) {
477 res = TEE_ERROR_BAD_PARAMETERS;
478 goto out;
479 }
480 max_key_count = (*size - sizeof(*op_info)) /
481 sizeof(TEE_OperationInfoKey);
482
483 TEE_MemFill(op_info, 0, *size);
484
485 /* Two keys flag (TEE_ALG_AES_XTS only) */
486 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
487
488 if (op->info.mode == TEE_MODE_DIGEST) {
489 op_info->numberOfKeys = 0;
490 } else if (!two_keys) {
491 if (max_key_count < 1) {
492 res = TEE_ERROR_SHORT_BUFFER;
493 goto out;
494 }
495
496 res = TEE_GetObjectInfo1(op->key1, &kinfo);
497 /* Key1 is not a valid handle, "can't happen". */
498 if (res)
499 goto out;
500
501 op_info->keyInformation[0].keySize = kinfo.objectSize;
502 op_info->keyInformation[0].requiredKeyUsage =
503 op->info.requiredKeyUsage;
504 op_info->numberOfKeys = 1;
505 } else {
506 if (max_key_count < 2) {
507 res = TEE_ERROR_SHORT_BUFFER;
508 goto out;
509 }
510
511 res = TEE_GetObjectInfo1(op->key1, &kinfo);
512 /* Key1 is not a valid handle, "can't happen". */
513 if (res)
514 goto out;
515
516 op_info->keyInformation[0].keySize = kinfo.objectSize;
517 op_info->keyInformation[0].requiredKeyUsage =
518 op->info.requiredKeyUsage;
519
520 res = TEE_GetObjectInfo1(op->key2, &kinfo);
521 /* Key2 is not a valid handle, "can't happen". */
522 if (res)
523 goto out;
524
525 op_info->keyInformation[1].keySize = kinfo.objectSize;
526 op_info->keyInformation[1].requiredKeyUsage =
527 op->info.requiredKeyUsage;
528
529 op_info->numberOfKeys = 2;
530 }
531
532 op_info->algorithm = op->info.algorithm;
533 op_info->operationClass = op->info.operationClass;
534 op_info->mode = op->info.mode;
535 op_info->digestLength = op->info.digestLength;
536 op_info->maxKeySize = op->info.maxKeySize;
537 op_info->handleState = op->info.handleState;
538 op_info->operationState = op->operationState;
539
540 out:
541 if (res != TEE_SUCCESS &&
542 res != TEE_ERROR_SHORT_BUFFER)
543 TEE_Panic(res);
544
545 return res;
546 }
547
548 TEE_Result
__GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation,TEE_OperationInfoMultiple * info,uint32_t * operationSize)549 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation,
550 TEE_OperationInfoMultiple *info,
551 uint32_t *operationSize)
552 {
553 TEE_Result res = TEE_SUCCESS;
554 size_t s = 0;
555
556 __utee_check_gp11_outbuf_annotation(info, operationSize);
557 s = *operationSize;
558 res = TEE_GetOperationInfoMultiple(operation, info, &s);
559 *operationSize = s;
560 return res;
561 }
562
reset_operation_state(TEE_OperationHandle op)563 static void reset_operation_state(TEE_OperationHandle op)
564 {
565 op->operationState = TEE_OPERATION_STATE_INITIAL;
566
567 if (op->info.operationClass == TEE_OPERATION_DIGEST) {
568 TEE_Result res = _utee_hash_init(op->state, NULL, 0);
569
570 if (res != TEE_SUCCESS)
571 TEE_Panic(res);
572 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
573 } else {
574 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
575 }
576 }
577
TEE_ResetOperation(TEE_OperationHandle operation)578 void TEE_ResetOperation(TEE_OperationHandle operation)
579 {
580 if (operation == TEE_HANDLE_NULL)
581 TEE_Panic(0);
582
583 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET))
584 TEE_Panic(0);
585
586 reset_operation_state(operation);
587 }
588
set_operation_key(TEE_OperationHandle operation,TEE_ObjectHandle key)589 static TEE_Result set_operation_key(TEE_OperationHandle operation,
590 TEE_ObjectHandle key)
591 {
592 TEE_Result res;
593 uint32_t key_size = 0;
594 TEE_ObjectInfo key_info;
595
596 assert(operation);
597
598 if (key == TEE_HANDLE_NULL) {
599 /* Operation key cleared */
600 TEE_ResetTransientObject(operation->key1);
601 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
602 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
603 reset_operation_state(operation);
604 return TEE_SUCCESS;
605 }
606
607 /* No key for digest operation */
608 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
609 res = TEE_ERROR_BAD_PARAMETERS;
610 goto out;
611 }
612
613 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */
614 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) !=
615 0) {
616 res = TEE_ERROR_BAD_PARAMETERS;
617 goto out;
618 }
619
620 res = TEE_GetObjectInfo1(key, &key_info);
621 /* Key is not a valid handle */
622 if (res != TEE_SUCCESS)
623 goto out;
624
625 /* Supplied key has to meet required usage */
626 if ((key_info.objectUsage & operation->info.requiredKeyUsage) !=
627 operation->info.requiredKeyUsage) {
628 res = TEE_ERROR_BAD_PARAMETERS;
629 goto out;
630 }
631
632 if (operation->info.maxKeySize < key_info.objectSize) {
633 res = TEE_ERROR_BAD_PARAMETERS;
634 goto out;
635 }
636
637 key_size = key_info.objectSize;
638
639 TEE_ResetTransientObject(operation->key1);
640 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
641
642 res = TEE_CopyObjectAttributes1(operation->key1, key);
643 if (res != TEE_SUCCESS)
644 goto out;
645
646 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
647
648 operation->info.keySize = key_size;
649
650 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
651 reset_operation_state(operation);
652
653 out:
654 if (res != TEE_SUCCESS &&
655 res != TEE_ERROR_CORRUPT_OBJECT &&
656 res != TEE_ERROR_STORAGE_NOT_AVAILABLE)
657 TEE_Panic(res);
658
659 return res;
660 }
661
TEE_SetOperationKey(TEE_OperationHandle operation,TEE_ObjectHandle key)662 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation,
663 TEE_ObjectHandle key)
664 {
665 if (operation == TEE_HANDLE_NULL ||
666 operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED)
667 TEE_Panic(0);
668
669 return set_operation_key(operation, key);
670 }
671
__GP11_TEE_SetOperationKey(TEE_OperationHandle operation,TEE_ObjectHandle key)672 TEE_Result __GP11_TEE_SetOperationKey(TEE_OperationHandle operation,
673 TEE_ObjectHandle key)
674 {
675 if (operation == TEE_HANDLE_NULL ||
676 operation->operationState != TEE_OPERATION_STATE_INITIAL)
677 TEE_Panic(0);
678
679 return set_operation_key(operation, key);
680 }
681
set_operation_key2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)682 static TEE_Result set_operation_key2(TEE_OperationHandle operation,
683 TEE_ObjectHandle key1,
684 TEE_ObjectHandle key2)
685 {
686 TEE_Result res;
687 uint32_t key_size = 0;
688 TEE_ObjectInfo key_info1;
689 TEE_ObjectInfo key_info2;
690
691 assert(operation);
692
693 /*
694 * Key1/Key2 and/or are not initialized and
695 * Either both keys are NULL or both are not NULL
696 */
697 if (!key1 && !key2) {
698 /* Clear the keys */
699 TEE_ResetTransientObject(operation->key1);
700 TEE_ResetTransientObject(operation->key2);
701 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
702 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
703 reset_operation_state(operation);
704 return TEE_SUCCESS;
705 } else if (!key1 || !key2) {
706 /* Both keys are obviously not valid. */
707 res = TEE_ERROR_BAD_PARAMETERS;
708 goto out;
709 }
710
711 /* No key for digest operation */
712 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
713 res = TEE_ERROR_BAD_PARAMETERS;
714 goto out;
715 }
716
717 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */
718 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) ==
719 0) {
720 res = TEE_ERROR_BAD_PARAMETERS;
721 goto out;
722 }
723
724 res = TEE_GetObjectInfo1(key1, &key_info1);
725 /* Key1 is not a valid handle */
726 if (res != TEE_SUCCESS)
727 goto out;
728
729 /* Supplied key has to meet required usage */
730 if ((key_info1.objectUsage & operation->info.
731 requiredKeyUsage) != operation->info.requiredKeyUsage) {
732 res = TEE_ERROR_BAD_PARAMETERS;
733 goto out;
734 }
735
736 res = TEE_GetObjectInfo1(key2, &key_info2);
737 /* Key2 is not a valid handle */
738 if (res != TEE_SUCCESS) {
739 if (res == TEE_ERROR_CORRUPT_OBJECT)
740 res = TEE_ERROR_CORRUPT_OBJECT_2;
741 goto out;
742 }
743
744 /* Supplied key has to meet required usage */
745 if ((key_info2.objectUsage & operation->info.
746 requiredKeyUsage) != operation->info.requiredKeyUsage) {
747 res = TEE_ERROR_BAD_PARAMETERS;
748 goto out;
749 }
750
751 /*
752 * All the multi key algorithm currently supported requires the keys to
753 * be of equal size.
754 */
755 if (key_info1.objectSize != key_info2.objectSize) {
756 res = TEE_ERROR_BAD_PARAMETERS;
757 goto out;
758
759 }
760
761 if (operation->info.maxKeySize < key_info1.objectSize) {
762 res = TEE_ERROR_BAD_PARAMETERS;
763 goto out;
764 }
765
766 /*
767 * Odd that only the size of one key should be reported while
768 * size of two key are used when allocating the operation.
769 */
770 key_size = key_info1.objectSize;
771
772 TEE_ResetTransientObject(operation->key1);
773 TEE_ResetTransientObject(operation->key2);
774 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
775
776 res = TEE_CopyObjectAttributes1(operation->key1, key1);
777 if (res != TEE_SUCCESS)
778 goto out;
779 res = TEE_CopyObjectAttributes1(operation->key2, key2);
780 if (res != TEE_SUCCESS) {
781 if (res == TEE_ERROR_CORRUPT_OBJECT)
782 res = TEE_ERROR_CORRUPT_OBJECT_2;
783 goto out;
784 }
785
786 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
787
788 operation->info.keySize = key_size;
789
790 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
791 reset_operation_state(operation);
792 out:
793 if (res != TEE_SUCCESS &&
794 res != TEE_ERROR_CORRUPT_OBJECT &&
795 res != TEE_ERROR_CORRUPT_OBJECT_2 &&
796 res != TEE_ERROR_STORAGE_NOT_AVAILABLE &&
797 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2)
798 TEE_Panic(res);
799
800 return res;
801 }
802
__GP11_TEE_SetOperationKey2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)803 TEE_Result __GP11_TEE_SetOperationKey2(TEE_OperationHandle operation,
804 TEE_ObjectHandle key1,
805 TEE_ObjectHandle key2)
806 {
807 if (operation == TEE_HANDLE_NULL ||
808 operation->operationState != TEE_OPERATION_STATE_INITIAL)
809 TEE_Panic(0);
810
811 return set_operation_key2(operation, key1, key2);
812 }
813
TEE_SetOperationKey2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)814 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation,
815 TEE_ObjectHandle key1, TEE_ObjectHandle key2)
816 {
817 if (operation != TEE_HANDLE_NULL && key1 && key1 == key2)
818 return TEE_ERROR_SECURITY;
819
820 return __GP11_TEE_SetOperationKey2(operation, key1, key2);
821 }
822
TEE_CopyOperation(TEE_OperationHandle dst_op,TEE_OperationHandle src_op)823 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op)
824 {
825 TEE_Result res;
826
827 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL)
828 TEE_Panic(0);
829 if (dst_op->info.algorithm != src_op->info.algorithm)
830 TEE_Panic(0);
831 if (dst_op->info.mode != src_op->info.mode)
832 TEE_Panic(0);
833 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) {
834 TEE_ObjectHandle key1 = TEE_HANDLE_NULL;
835 TEE_ObjectHandle key2 = TEE_HANDLE_NULL;
836
837 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) {
838 key1 = src_op->key1;
839 key2 = src_op->key2;
840 }
841
842 if ((src_op->info.handleState &
843 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) {
844 /*
845 * TEE_SetOperationKey() cannot operate on an operation
846 * that has TEE_HANDLE_FLAG_INITIALIZED. Use the
847 * internal function.
848 */
849 set_operation_key(dst_op, key1);
850 } else {
851 TEE_SetOperationKey2(dst_op, key1, key2);
852 }
853 }
854 dst_op->info.handleState = src_op->info.handleState;
855 dst_op->info.keySize = src_op->info.keySize;
856 dst_op->info.digestLength = src_op->info.digestLength;
857 dst_op->operationState = src_op->operationState;
858
859 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks ||
860 dst_op->block_size != src_op->block_size)
861 TEE_Panic(0);
862
863 if (dst_op->buffer != NULL) {
864 size_t sz = src_op->block_size;
865
866 if (src_op->buffer == NULL)
867 TEE_Panic(0);
868
869 if (src_op->buffer_two_blocks)
870 sz *= 2;
871 memcpy(dst_op->buffer, src_op->buffer, sz);
872 dst_op->buffer_offs = src_op->buffer_offs;
873 } else if (src_op->buffer != NULL) {
874 TEE_Panic(0);
875 }
876
877 res = _utee_cryp_state_copy(dst_op->state, src_op->state);
878 if (res != TEE_SUCCESS)
879 TEE_Panic(res);
880 }
881
882 /* Cryptographic Operations API - Message Digest Functions */
883
init_hash_operation(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)884 static void init_hash_operation(TEE_OperationHandle operation, const void *IV,
885 uint32_t IVLen)
886 {
887 TEE_Result res;
888
889 /*
890 * Note : IV and IVLen are never used in current implementation
891 * This is why coherent values of IV and IVLen are not checked
892 */
893 res = _utee_hash_init(operation->state, IV, IVLen);
894 if (res != TEE_SUCCESS)
895 TEE_Panic(res);
896 operation->buffer_offs = 0;
897 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
898 }
899
TEE_DigestUpdate(TEE_OperationHandle operation,const void * chunk,size_t chunkSize)900 void TEE_DigestUpdate(TEE_OperationHandle operation,
901 const void *chunk, size_t chunkSize)
902 {
903 TEE_Result res = TEE_ERROR_GENERIC;
904
905 if (operation == TEE_HANDLE_NULL ||
906 operation->info.operationClass != TEE_OPERATION_DIGEST)
907 TEE_Panic(0);
908
909 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
910
911 res = _utee_hash_update(operation->state, chunk, chunkSize);
912 if (res != TEE_SUCCESS)
913 TEE_Panic(res);
914 }
915
__GP11_TEE_DigestUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)916 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation,
917 const void *chunk, uint32_t chunkSize)
918 {
919 return TEE_DigestUpdate(operation, chunk, chunkSize);
920 }
921
TEE_DigestDoFinal(TEE_OperationHandle operation,const void * chunk,size_t chunkLen,void * hash,size_t * hashLen)922 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk,
923 size_t chunkLen, void *hash, size_t *hashLen)
924 {
925 TEE_Result res = TEE_SUCCESS;
926 uint64_t hl = 0;
927 size_t len = 0;
928
929 if ((operation == TEE_HANDLE_NULL) ||
930 (!chunk && chunkLen) ||
931 (operation->info.operationClass != TEE_OPERATION_DIGEST)) {
932 res = TEE_ERROR_BAD_PARAMETERS;
933 goto out;
934 }
935 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING &&
936 chunkLen) {
937 res = TEE_ERROR_BAD_PARAMETERS;
938 goto out;
939 }
940 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
941
942 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING &&
943 operation->buffer) {
944 /*
945 * This is not an Extendable-Output Function and we have
946 * already started extracting
947 */
948 len = MIN(operation->block_size - operation->buffer_offs,
949 *hashLen);
950 memcpy(hash, operation->buffer + operation->buffer_offs, len);
951 *hashLen = len;
952 } else {
953 hl = *hashLen;
954 res = _utee_hash_final(operation->state, chunk, chunkLen, hash,
955 &hl);
956 *hashLen = hl;
957 if (res)
958 goto out;
959 }
960
961 /* Reset operation state */
962 init_hash_operation(operation, NULL, 0);
963
964 operation->operationState = TEE_OPERATION_STATE_INITIAL;
965
966 out:
967 if (res != TEE_SUCCESS &&
968 res != TEE_ERROR_SHORT_BUFFER)
969 TEE_Panic(res);
970
971 return res;
972 }
973
__GP11_TEE_DigestDoFinal(TEE_OperationHandle operation,const void * chunk,uint32_t chunkLen,void * hash,uint32_t * hashLen)974 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation,
975 const void *chunk, uint32_t chunkLen,
976 void *hash, uint32_t *hashLen)
977 {
978 TEE_Result res = TEE_SUCCESS;
979 size_t l = 0;
980
981 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
982 l = *hashLen;
983 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l);
984 *hashLen = l;
985 return res;
986 }
987
TEE_DigestExtract(TEE_OperationHandle operation,void * hash,size_t * hashLen)988 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash,
989 size_t *hashLen)
990 {
991 TEE_Result res = TEE_SUCCESS;
992 uint64_t hl = 0;
993 size_t len = 0;
994
995 if (operation == TEE_HANDLE_NULL ||
996 operation->info.operationClass != TEE_OPERATION_DIGEST)
997 TEE_Panic(0);
998 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
999
1000 if (!operation->buffer) {
1001 /* This is an Extendable-Output Function */
1002 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING;
1003 operation->operationState = TEE_OPERATION_STATE_EXTRACTING;
1004 hl = *hashLen;
1005 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl);
1006 if (res)
1007 TEE_Panic(0);
1008 *hashLen = hl;
1009
1010 return TEE_SUCCESS;
1011 }
1012
1013 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) {
1014 hl = operation->block_size;
1015 res = _utee_hash_final(operation->state, NULL, 0,
1016 operation->buffer, &hl);
1017 if (res)
1018 TEE_Panic(0);
1019 if (hl != operation->block_size)
1020 TEE_Panic(0);
1021 assert(!operation->buffer_offs);
1022 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING;
1023 operation->operationState = TEE_OPERATION_STATE_EXTRACTING;
1024 }
1025
1026 len = MIN(operation->block_size - operation->buffer_offs, *hashLen);
1027 memcpy(hash, operation->buffer + operation->buffer_offs, len);
1028 *hashLen = len;
1029 operation->buffer_offs += len;
1030
1031 return TEE_SUCCESS;
1032 }
1033
1034 /* Cryptographic Operations API - Symmetric Cipher Functions */
1035
TEE_CipherInit(TEE_OperationHandle operation,const void * IV,size_t IVLen)1036 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV,
1037 size_t IVLen)
1038 {
1039 TEE_Result res;
1040
1041 if (operation == TEE_HANDLE_NULL)
1042 TEE_Panic(0);
1043
1044 if (operation->info.operationClass != TEE_OPERATION_CIPHER)
1045 TEE_Panic(0);
1046
1047 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
1048 !(operation->key1))
1049 TEE_Panic(0);
1050
1051 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1052 TEE_ResetOperation(operation);
1053
1054 if (IV && IVLen) {
1055 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
1056 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
1057 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
1058 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD)
1059 TEE_Panic(0);
1060 }
1061
1062 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1063
1064 res = _utee_cipher_init(operation->state, IV, IVLen);
1065 if (res != TEE_SUCCESS)
1066 TEE_Panic(res);
1067
1068 operation->buffer_offs = 0;
1069 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
1070 }
1071
__GP11_TEE_CipherInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)1072 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV,
1073 uint32_t IVLen)
1074 {
1075 return TEE_CipherInit(operation, IV, IVLen);
1076 }
1077
tee_buffer_update(TEE_OperationHandle op,TEE_Result (* update_func)(unsigned long state,const void * src,size_t slen,void * dst,uint64_t * dlen),const void * src_data,size_t src_len,void * dest_data,uint64_t * dest_len)1078 static TEE_Result tee_buffer_update(
1079 TEE_OperationHandle op,
1080 TEE_Result(*update_func)(unsigned long state, const void *src,
1081 size_t slen, void *dst, uint64_t *dlen),
1082 const void *src_data, size_t src_len,
1083 void *dest_data, uint64_t *dest_len)
1084 {
1085 TEE_Result res;
1086 const uint8_t *src = src_data;
1087 size_t slen = src_len;
1088 uint8_t *dst = dest_data;
1089 size_t dlen = *dest_len;
1090 size_t acc_dlen = 0;
1091 uint64_t tmp_dlen;
1092 size_t l;
1093 size_t buffer_size;
1094 size_t buffer_left;
1095
1096 if (!src) {
1097 if (slen)
1098 TEE_Panic(0);
1099 goto out;
1100 }
1101
1102 if (op->buffer_two_blocks) {
1103 buffer_size = op->block_size * 2;
1104 buffer_left = 1;
1105 } else {
1106 buffer_size = op->block_size;
1107 buffer_left = 0;
1108 }
1109
1110 if (op->buffer_offs > 0) {
1111 /* Fill up complete block */
1112 if (op->buffer_offs < op->block_size)
1113 l = MIN(slen, op->block_size - op->buffer_offs);
1114 else
1115 l = MIN(slen, buffer_size - op->buffer_offs);
1116 memcpy(op->buffer + op->buffer_offs, src, l);
1117 op->buffer_offs += l;
1118 src += l;
1119 slen -= l;
1120 if ((op->buffer_offs % op->block_size) != 0)
1121 goto out; /* Nothing left to do */
1122 }
1123
1124 /* If we can feed from buffer */
1125 if ((op->buffer_offs > 0) &&
1126 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) {
1127 l = ROUNDUP2(op->buffer_offs + slen - buffer_size,
1128 op->block_size);
1129 l = MIN(op->buffer_offs, l);
1130 /*
1131 * If we're buffering only a single block, process it
1132 * immediately.
1133 */
1134 if (!op->buffer_two_blocks)
1135 l = op->block_size;
1136 tmp_dlen = dlen;
1137 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen);
1138 if (res != TEE_SUCCESS)
1139 TEE_Panic(res);
1140 dst += tmp_dlen;
1141 dlen -= tmp_dlen;
1142 acc_dlen += tmp_dlen;
1143 op->buffer_offs -= l;
1144 if (op->buffer_offs > 0) {
1145 /*
1146 * Slen is small enough to be contained in rest buffer.
1147 */
1148 memcpy(op->buffer, op->buffer + l, buffer_size - l);
1149 memcpy(op->buffer + op->buffer_offs, src, slen);
1150 op->buffer_offs += slen;
1151 goto out; /* Nothing left to do */
1152 }
1153 }
1154
1155 if (slen >= (buffer_size + buffer_left)) {
1156 /* Buffer is empty, feed as much as possible from src */
1157 if (op->buffer_two_blocks)
1158 l = ROUNDUP2(slen - buffer_size, op->block_size);
1159 else
1160 l = ROUNDUP2(slen - buffer_size + 1, op->block_size);
1161
1162 tmp_dlen = dlen;
1163 res = update_func(op->state, src, l, dst, &tmp_dlen);
1164 if (res != TEE_SUCCESS)
1165 TEE_Panic(res);
1166 src += l;
1167 slen -= l;
1168 dst += tmp_dlen;
1169 dlen -= tmp_dlen;
1170 acc_dlen += tmp_dlen;
1171 }
1172
1173 /* Slen is small enough to be contained in buffer. */
1174 memcpy(op->buffer + op->buffer_offs, src, slen);
1175 op->buffer_offs += slen;
1176
1177 out:
1178 *dest_len = acc_dlen;
1179 return TEE_SUCCESS;
1180 }
1181
TEE_CipherUpdate(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1182 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData,
1183 size_t srcLen, void *destData, size_t *destLen)
1184 {
1185 TEE_Result res;
1186 size_t req_dlen;
1187 uint64_t dl;
1188
1189 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1190 res = TEE_ERROR_BAD_PARAMETERS;
1191 goto out;
1192 }
1193 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1194
1195 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
1196 res = TEE_ERROR_BAD_PARAMETERS;
1197 goto out;
1198 }
1199
1200 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1201 res = TEE_ERROR_BAD_PARAMETERS;
1202 goto out;
1203 }
1204
1205 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1206 res = TEE_ERROR_BAD_PARAMETERS;
1207 goto out;
1208 }
1209
1210 if (!srcData && !srcLen) {
1211 *destLen = 0;
1212 res = TEE_SUCCESS;
1213 goto out;
1214 }
1215
1216 /* Calculate required dlen */
1217 if (operation->block_size > 1) {
1218 req_dlen = ((operation->buffer_offs + srcLen) /
1219 operation->block_size) * operation->block_size;
1220 } else {
1221 req_dlen = srcLen;
1222 }
1223 if (operation->buffer_two_blocks) {
1224 if (operation->buffer_offs + srcLen >
1225 operation->block_size * 2) {
1226 req_dlen = operation->buffer_offs + srcLen -
1227 operation->block_size * 2;
1228 req_dlen = ROUNDUP2(req_dlen, operation->block_size);
1229 } else {
1230 req_dlen = 0;
1231 }
1232 }
1233 /*
1234 * Check that required destLen is big enough before starting to feed
1235 * data to the algorithm. Errors during feeding of data are fatal as we
1236 * can't restore sync with this API.
1237 */
1238 if (*destLen < req_dlen) {
1239 *destLen = req_dlen;
1240 res = TEE_ERROR_SHORT_BUFFER;
1241 goto out;
1242 }
1243
1244 dl = *destLen;
1245 if (operation->block_size > 1) {
1246 res = tee_buffer_update(operation, _utee_cipher_update, srcData,
1247 srcLen, destData, &dl);
1248 } else {
1249 if (srcLen > 0) {
1250 res = _utee_cipher_update(operation->state, srcData,
1251 srcLen, destData, &dl);
1252 } else {
1253 res = TEE_SUCCESS;
1254 dl = 0;
1255 }
1256 }
1257 *destLen = dl;
1258
1259 out:
1260 if (res != TEE_SUCCESS &&
1261 res != TEE_ERROR_SHORT_BUFFER)
1262 TEE_Panic(res);
1263
1264 return res;
1265 }
1266
__GP11_TEE_CipherUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1267 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation,
1268 const void *srcData, uint32_t srcLen,
1269 void *destData, uint32_t *destLen)
1270 {
1271 TEE_Result res = TEE_SUCCESS;
1272 size_t dl = 0;
1273
1274 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1275 dl = *destLen;
1276 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl);
1277 *destLen = dl;
1278 return res;
1279 }
1280
TEE_CipherDoFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1281 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation,
1282 const void *srcData, size_t srcLen,
1283 void *destData, size_t *destLen)
1284 {
1285 TEE_Result res = TEE_SUCCESS;
1286 uint8_t *dst = destData;
1287 size_t acc_dlen = 0;
1288 uint64_t tmp_dlen = 0;
1289 size_t req_dlen = 0;
1290
1291 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1292 res = TEE_ERROR_BAD_PARAMETERS;
1293 goto out;
1294 }
1295 if (destLen)
1296 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1297
1298 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
1299 res = TEE_ERROR_BAD_PARAMETERS;
1300 goto out;
1301 }
1302
1303 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1304 res = TEE_ERROR_BAD_PARAMETERS;
1305 goto out;
1306 }
1307
1308 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1309 res = TEE_ERROR_BAD_PARAMETERS;
1310 goto out;
1311 }
1312
1313 /*
1314 * Check that the final block doesn't require padding for those
1315 * algorithms that requires client to supply padding.
1316 */
1317 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
1318 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD ||
1319 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
1320 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD ||
1321 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
1322 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD ||
1323 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD ||
1324 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) {
1325 if (((operation->buffer_offs + srcLen) % operation->block_size)
1326 != 0) {
1327 res = TEE_ERROR_BAD_PARAMETERS;
1328 goto out;
1329 }
1330 }
1331
1332 /*
1333 * Check that required destLen is big enough before starting to feed
1334 * data to the algorithm. Errors during feeding of data are fatal as we
1335 * can't restore sync with this API.
1336 */
1337 if (operation->block_size > 1) {
1338 req_dlen = operation->buffer_offs + srcLen;
1339 } else {
1340 req_dlen = srcLen;
1341 }
1342 if (destLen)
1343 tmp_dlen = *destLen;
1344 if (tmp_dlen < req_dlen) {
1345 if (destLen)
1346 *destLen = req_dlen;
1347 res = TEE_ERROR_SHORT_BUFFER;
1348 goto out;
1349 }
1350
1351 if (operation->block_size > 1) {
1352 if (srcLen) {
1353 res = tee_buffer_update(operation, _utee_cipher_update,
1354 srcData, srcLen, dst,
1355 &tmp_dlen);
1356 if (res != TEE_SUCCESS)
1357 goto out;
1358
1359 dst += tmp_dlen;
1360 acc_dlen += tmp_dlen;
1361
1362 tmp_dlen = *destLen - acc_dlen;
1363 }
1364 res = _utee_cipher_final(operation->state, operation->buffer,
1365 operation->buffer_offs, dst,
1366 &tmp_dlen);
1367 } else {
1368 res = _utee_cipher_final(operation->state, srcData, srcLen, dst,
1369 &tmp_dlen);
1370 }
1371 if (res != TEE_SUCCESS)
1372 goto out;
1373
1374 acc_dlen += tmp_dlen;
1375 if (destLen)
1376 *destLen = acc_dlen;
1377
1378 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1379
1380 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1381
1382 out:
1383 if (res != TEE_SUCCESS &&
1384 res != TEE_ERROR_SHORT_BUFFER)
1385 TEE_Panic(res);
1386
1387 return res;
1388 }
1389
__GP11_TEE_CipherDoFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1390 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation,
1391 const void *srcData, uint32_t srcLen,
1392 void *destData, uint32_t *destLen)
1393 {
1394 TEE_Result res = TEE_SUCCESS;
1395 size_t dl = 0;
1396
1397 if (destLen) {
1398 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1399 dl = *destLen;
1400 }
1401 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl);
1402 if (destLen)
1403 *destLen = dl;
1404 return res;
1405 }
1406
1407 /* Cryptographic Operations API - MAC Functions */
1408
TEE_MACInit(TEE_OperationHandle operation,const void * IV,size_t IVLen)1409 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen)
1410 {
1411 if (operation == TEE_HANDLE_NULL)
1412 TEE_Panic(0);
1413
1414 if (operation->info.operationClass != TEE_OPERATION_MAC)
1415 TEE_Panic(0);
1416
1417 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
1418 !(operation->key1))
1419 TEE_Panic(0);
1420
1421 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1422 TEE_ResetOperation(operation);
1423
1424 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1425
1426 init_hash_operation(operation, IV, IVLen);
1427 }
1428
__GP11_TEE_MACInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)1429 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV,
1430 uint32_t IVLen)
1431 {
1432 return TEE_MACInit(operation, IV, IVLen);
1433 }
1434
TEE_MACUpdate(TEE_OperationHandle operation,const void * chunk,size_t chunkSize)1435 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk,
1436 size_t chunkSize)
1437 {
1438 TEE_Result res;
1439
1440 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0))
1441 TEE_Panic(0);
1442
1443 if (operation->info.operationClass != TEE_OPERATION_MAC)
1444 TEE_Panic(0);
1445
1446 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1447 TEE_Panic(0);
1448
1449 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE)
1450 TEE_Panic(0);
1451
1452 res = _utee_hash_update(operation->state, chunk, chunkSize);
1453 if (res != TEE_SUCCESS)
1454 TEE_Panic(res);
1455 }
1456
__GP11_TEE_MACUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)1457 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk,
1458 uint32_t chunkSize)
1459 {
1460 return TEE_MACUpdate(operation, chunk, chunkSize);
1461 }
1462
TEE_MACComputeFinal(TEE_OperationHandle operation,const void * message,size_t messageLen,void * mac,size_t * macLen)1463 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation,
1464 const void *message, size_t messageLen,
1465 void *mac, size_t *macLen)
1466 {
1467 TEE_Result res;
1468 uint64_t ml;
1469
1470 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) {
1471 res = TEE_ERROR_BAD_PARAMETERS;
1472 goto out;
1473 }
1474 __utee_check_inout_annotation(macLen, sizeof(*macLen));
1475
1476 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1477 res = TEE_ERROR_BAD_PARAMETERS;
1478 goto out;
1479 }
1480
1481 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1482 res = TEE_ERROR_BAD_PARAMETERS;
1483 goto out;
1484 }
1485
1486 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1487 res = TEE_ERROR_BAD_PARAMETERS;
1488 goto out;
1489 }
1490
1491 ml = *macLen;
1492 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml);
1493 *macLen = ml;
1494 if (res != TEE_SUCCESS)
1495 goto out;
1496
1497 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1498
1499 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1500
1501 out:
1502 if (res != TEE_SUCCESS &&
1503 res != TEE_ERROR_SHORT_BUFFER)
1504 TEE_Panic(res);
1505
1506 return res;
1507 }
1508
__GP11_TEE_MACComputeFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,void * mac,uint32_t * macLen)1509 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation,
1510 const void *message, uint32_t messageLen,
1511 void *mac, uint32_t *macLen)
1512 {
1513 TEE_Result res = TEE_SUCCESS;
1514 size_t ml = 0;
1515
1516 __utee_check_inout_annotation(macLen, sizeof(*macLen));
1517 ml = *macLen;
1518 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml);
1519 *macLen = ml;
1520 return res;
1521 }
1522
TEE_MACCompareFinal(TEE_OperationHandle operation,const void * message,size_t messageLen,const void * mac,size_t macLen)1523 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation,
1524 const void *message, size_t messageLen,
1525 const void *mac, size_t macLen)
1526 {
1527 TEE_Result res;
1528 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 };
1529 size_t computed_mac_size = TEE_MAX_HASH_SIZE;
1530
1531 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1532 res = TEE_ERROR_BAD_PARAMETERS;
1533 goto out;
1534 }
1535
1536 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1537 res = TEE_ERROR_BAD_PARAMETERS;
1538 goto out;
1539 }
1540
1541 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1542 res = TEE_ERROR_BAD_PARAMETERS;
1543 goto out;
1544 }
1545
1546 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac,
1547 &computed_mac_size);
1548 if (res != TEE_SUCCESS)
1549 goto out;
1550
1551 if (computed_mac_size != macLen) {
1552 res = TEE_ERROR_MAC_INVALID;
1553 goto out;
1554 }
1555
1556 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) {
1557 res = TEE_ERROR_MAC_INVALID;
1558 goto out;
1559 }
1560
1561 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1562
1563 out:
1564 if (res != TEE_SUCCESS &&
1565 res != TEE_ERROR_MAC_INVALID)
1566 TEE_Panic(res);
1567
1568 return res;
1569 }
1570
__GP11_TEE_MACCompareFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,const void * mac,uint32_t macLen)1571 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation,
1572 const void *message, uint32_t messageLen,
1573 const void *mac, uint32_t macLen)
1574 {
1575 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen);
1576 }
1577
1578 /* Cryptographic Operations API - Authenticated Encryption Functions */
1579
TEE_AEInit(TEE_OperationHandle operation,const void * nonce,size_t nonceLen,uint32_t tagLen,size_t AADLen,size_t payloadLen)1580 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce,
1581 size_t nonceLen, uint32_t tagLen, size_t AADLen,
1582 size_t payloadLen)
1583 {
1584 TEE_Result res;
1585
1586 if (operation == TEE_HANDLE_NULL || nonce == NULL) {
1587 res = TEE_ERROR_BAD_PARAMETERS;
1588 goto out;
1589 }
1590
1591 if (operation->info.operationClass != TEE_OPERATION_AE) {
1592 res = TEE_ERROR_BAD_PARAMETERS;
1593 goto out;
1594 }
1595
1596 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) {
1597 res = TEE_ERROR_BAD_PARAMETERS;
1598 goto out;
1599 }
1600
1601 /*
1602 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core
1603 * in the implementation. But AES-GCM spec doesn't specify the tag len
1604 * according to the same principle so we have to check here instead to
1605 * be GP compliant.
1606 */
1607 if (operation->info.algorithm == TEE_ALG_AES_GCM) {
1608 /*
1609 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96
1610 */
1611 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) {
1612 res = TEE_ERROR_NOT_SUPPORTED;
1613 goto out;
1614 }
1615 }
1616
1617 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8,
1618 AADLen, payloadLen);
1619 if (res != TEE_SUCCESS)
1620 goto out;
1621
1622 operation->info.digestLength = tagLen / 8;
1623 operation->buffer_offs = 0;
1624 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
1625
1626 out:
1627 if (res != TEE_SUCCESS &&
1628 res != TEE_ERROR_NOT_SUPPORTED)
1629 TEE_Panic(res);
1630
1631 return res;
1632 }
1633
__GP11_TEE_AEInit(TEE_OperationHandle operation,const void * nonce,uint32_t nonceLen,uint32_t tagLen,uint32_t AADLen,uint32_t payloadLen)1634 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce,
1635 uint32_t nonceLen, uint32_t tagLen,
1636 uint32_t AADLen, uint32_t payloadLen)
1637 {
1638 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen,
1639 payloadLen);
1640 }
1641
TEE_AEUpdateAAD(TEE_OperationHandle operation,const void * AADdata,size_t AADdataLen)1642 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata,
1643 size_t AADdataLen)
1644 {
1645 TEE_Result res = TEE_SUCCESS;
1646
1647 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen))
1648 TEE_Panic(0);
1649
1650 if (operation->info.operationClass != TEE_OPERATION_AE)
1651 TEE_Panic(0);
1652
1653 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1654 TEE_Panic(0);
1655
1656 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1657 TEE_Panic(0);
1658
1659 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen);
1660 if (res != TEE_SUCCESS)
1661 TEE_Panic(res);
1662 }
1663
__GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation,const void * AADdata,uint32_t AADdataLen)1664 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata,
1665 uint32_t AADdataLen)
1666 {
1667 TEE_Result res = TEE_SUCCESS;
1668
1669 if (operation == TEE_HANDLE_NULL ||
1670 (AADdata == NULL && AADdataLen != 0))
1671 TEE_Panic(0);
1672
1673 if (operation->info.operationClass != TEE_OPERATION_AE)
1674 TEE_Panic(0);
1675
1676 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1677 TEE_Panic(0);
1678
1679 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen);
1680
1681 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1682
1683 if (res != TEE_SUCCESS)
1684 TEE_Panic(res);
1685 }
1686
ae_update_helper(TEE_OperationHandle operation,const void * src,size_t slen,void * dst,size_t * dlen)1687 static TEE_Result ae_update_helper(TEE_OperationHandle operation,
1688 const void *src, size_t slen, void *dst,
1689 size_t *dlen)
1690 {
1691 TEE_Result res = TEE_SUCCESS;
1692 size_t req_dlen = 0;
1693 uint64_t dl = 0;
1694
1695 if (!src && !slen) {
1696 *dlen = 0;
1697 return TEE_SUCCESS;
1698 }
1699
1700 /*
1701 * Check that required destLen is big enough before starting to feed
1702 * data to the algorithm. Errors during feeding of data are fatal as we
1703 * can't restore sync with this API.
1704 */
1705 if (operation->block_size > 1) {
1706 req_dlen = ROUNDDOWN2(operation->buffer_offs + slen,
1707 operation->block_size);
1708 } else {
1709 req_dlen = slen;
1710 }
1711
1712 dl = *dlen;
1713 if (dl < req_dlen) {
1714 *dlen = req_dlen;
1715 return TEE_ERROR_SHORT_BUFFER;
1716 }
1717
1718 if (operation->block_size > 1) {
1719 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1720 src, slen, dst, &dl);
1721 } else {
1722 if (slen > 0) {
1723 res = _utee_authenc_update_payload(operation->state,
1724 src, slen, dst, &dl);
1725 } else {
1726 dl = 0;
1727 res = TEE_SUCCESS;
1728 }
1729 }
1730
1731 if (!res)
1732 *dlen = dl;
1733
1734 return res;
1735 }
1736
TEE_AEUpdate(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1737 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData,
1738 size_t srcLen, void *destData, size_t *destLen)
1739 {
1740 TEE_Result res = TEE_SUCCESS;
1741
1742 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1743 res = TEE_ERROR_BAD_PARAMETERS;
1744 goto out;
1745 }
1746 __utee_check_outbuf_annotation(destData, destLen);
1747
1748 if (operation->info.operationClass != TEE_OPERATION_AE) {
1749 res = TEE_ERROR_BAD_PARAMETERS;
1750 goto out;
1751 }
1752
1753 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1754 res = TEE_ERROR_BAD_PARAMETERS;
1755 goto out;
1756 }
1757
1758 res = ae_update_helper(operation, srcData, srcLen, destData, destLen);
1759 if (res != TEE_ERROR_SHORT_BUFFER && srcLen)
1760 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1761
1762 out:
1763 if (res != TEE_SUCCESS &&
1764 res != TEE_ERROR_SHORT_BUFFER)
1765 TEE_Panic(res);
1766
1767 return res;
1768 }
1769
__GP11_TEE_AEUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1770 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation,
1771 const void *srcData, uint32_t srcLen,
1772 void *destData, uint32_t *destLen)
1773 {
1774 TEE_Result res = TEE_SUCCESS;
1775 size_t dl = 0;
1776
1777 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1778 res = TEE_ERROR_BAD_PARAMETERS;
1779 goto out;
1780 }
1781 __utee_check_gp11_outbuf_annotation(destData, destLen);
1782
1783 if (operation->info.operationClass != TEE_OPERATION_AE) {
1784 res = TEE_ERROR_BAD_PARAMETERS;
1785 goto out;
1786 }
1787
1788 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1789 res = TEE_ERROR_BAD_PARAMETERS;
1790 goto out;
1791 }
1792
1793 dl = *destLen;
1794 res = ae_update_helper(operation, srcData, srcLen, destData, &dl);
1795 *destLen = dl;
1796
1797 if (res != TEE_SUCCESS)
1798 goto out;
1799
1800 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1801
1802 out:
1803 if (res != TEE_SUCCESS &&
1804 res != TEE_ERROR_SHORT_BUFFER)
1805 TEE_Panic(res);
1806
1807 return res;
1808 }
1809
TEE_AEEncryptFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen,void * tag,size_t * tagLen)1810 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation,
1811 const void *srcData, size_t srcLen,
1812 void *destData, size_t *destLen, void *tag,
1813 size_t *tagLen)
1814 {
1815 TEE_Result res = TEE_SUCCESS;
1816 uint8_t *dst = destData;
1817 size_t acc_dlen = 0;
1818 uint64_t tmp_dlen = 0;
1819 size_t req_dlen = 0;
1820 uint64_t tl = 0;
1821
1822 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1823 res = TEE_ERROR_BAD_PARAMETERS;
1824 goto out;
1825 }
1826 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1827 __utee_check_inout_annotation(tagLen, sizeof(*tagLen));
1828
1829 if (operation->info.operationClass != TEE_OPERATION_AE) {
1830 res = TEE_ERROR_BAD_PARAMETERS;
1831 goto out;
1832 }
1833
1834 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1835 res = TEE_ERROR_BAD_PARAMETERS;
1836 goto out;
1837 }
1838
1839 /*
1840 * Check that required destLen is big enough before starting to feed
1841 * data to the algorithm. Errors during feeding of data are fatal as we
1842 * can't restore sync with this API.
1843 *
1844 * Need to check this before update_payload since sync would be lost if
1845 * we return short buffer after that.
1846 */
1847 res = TEE_ERROR_GENERIC;
1848
1849 req_dlen = operation->buffer_offs + srcLen;
1850 if (*destLen < req_dlen) {
1851 *destLen = req_dlen;
1852 res = TEE_ERROR_SHORT_BUFFER;
1853 }
1854
1855 if (*tagLen < operation->info.digestLength) {
1856 *tagLen = operation->info.digestLength;
1857 res = TEE_ERROR_SHORT_BUFFER;
1858 }
1859
1860 if (res == TEE_ERROR_SHORT_BUFFER)
1861 goto out;
1862
1863 tl = *tagLen;
1864 tmp_dlen = *destLen - acc_dlen;
1865 if (operation->block_size > 1) {
1866 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1867 srcData, srcLen, dst, &tmp_dlen);
1868 if (res != TEE_SUCCESS)
1869 goto out;
1870
1871 dst += tmp_dlen;
1872 acc_dlen += tmp_dlen;
1873
1874 tmp_dlen = *destLen - acc_dlen;
1875 res = _utee_authenc_enc_final(operation->state,
1876 operation->buffer,
1877 operation->buffer_offs, dst,
1878 &tmp_dlen, tag, &tl);
1879 } else {
1880 res = _utee_authenc_enc_final(operation->state, srcData,
1881 srcLen, dst, &tmp_dlen,
1882 tag, &tl);
1883 }
1884 *tagLen = tl;
1885 if (res != TEE_SUCCESS)
1886 goto out;
1887
1888 acc_dlen += tmp_dlen;
1889 *destLen = acc_dlen;
1890
1891 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1892
1893 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1894
1895 out:
1896 if (res != TEE_SUCCESS &&
1897 res != TEE_ERROR_SHORT_BUFFER)
1898 TEE_Panic(res);
1899
1900 return res;
1901 }
1902
__GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t * tagLen)1903 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation,
1904 const void *srcData, uint32_t srcLen,
1905 void *destData, uint32_t *destLen,
1906 void *tag, uint32_t *tagLen)
1907 {
1908 TEE_Result res = TEE_SUCCESS;
1909 size_t dl = 0;
1910 size_t tl = 0;
1911
1912 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1913 __utee_check_inout_annotation(tagLen, sizeof(*tagLen));
1914 dl = *destLen;
1915 tl = *tagLen;
1916 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl,
1917 tag, &tl);
1918 *destLen = dl;
1919 *tagLen = tl;
1920 return res;
1921 }
1922
TEE_AEDecryptFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen,void * tag,size_t tagLen)1923 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation,
1924 const void *srcData, size_t srcLen,
1925 void *destData, size_t *destLen, void *tag,
1926 size_t tagLen)
1927 {
1928 TEE_Result res = TEE_SUCCESS;
1929 uint8_t *dst = destData;
1930 size_t acc_dlen = 0;
1931 uint64_t tmp_dlen = 0;
1932 size_t req_dlen = 0;
1933
1934 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1935 res = TEE_ERROR_BAD_PARAMETERS;
1936 goto out;
1937 }
1938 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1939
1940 if (operation->info.operationClass != TEE_OPERATION_AE) {
1941 res = TEE_ERROR_BAD_PARAMETERS;
1942 goto out;
1943 }
1944
1945 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1946 res = TEE_ERROR_BAD_PARAMETERS;
1947 goto out;
1948 }
1949
1950 /*
1951 * Check that required destLen is big enough before starting to feed
1952 * data to the algorithm. Errors during feeding of data are fatal as we
1953 * can't restore sync with this API.
1954 */
1955 req_dlen = operation->buffer_offs + srcLen;
1956 if (*destLen < req_dlen) {
1957 *destLen = req_dlen;
1958 res = TEE_ERROR_SHORT_BUFFER;
1959 goto out;
1960 }
1961
1962 tmp_dlen = *destLen - acc_dlen;
1963 if (operation->block_size > 1) {
1964 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1965 srcData, srcLen, dst, &tmp_dlen);
1966 if (res != TEE_SUCCESS)
1967 goto out;
1968
1969 dst += tmp_dlen;
1970 acc_dlen += tmp_dlen;
1971
1972 tmp_dlen = *destLen - acc_dlen;
1973 res = _utee_authenc_dec_final(operation->state,
1974 operation->buffer,
1975 operation->buffer_offs, dst,
1976 &tmp_dlen, tag, tagLen);
1977 } else {
1978 res = _utee_authenc_dec_final(operation->state, srcData,
1979 srcLen, dst, &tmp_dlen,
1980 tag, tagLen);
1981 }
1982 if (res != TEE_SUCCESS)
1983 goto out;
1984
1985 /* Supplied tagLen should match what we initiated with */
1986 if (tagLen != operation->info.digestLength)
1987 res = TEE_ERROR_MAC_INVALID;
1988
1989 acc_dlen += tmp_dlen;
1990 *destLen = acc_dlen;
1991
1992 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1993
1994 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1995
1996 out:
1997 if (res != TEE_SUCCESS &&
1998 res != TEE_ERROR_SHORT_BUFFER &&
1999 res != TEE_ERROR_MAC_INVALID)
2000 TEE_Panic(res);
2001
2002 return res;
2003 }
2004
__GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t tagLen)2005 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation,
2006 const void *srcData, uint32_t srcLen,
2007 void *destData, uint32_t *destLen,
2008 void *tag, uint32_t tagLen)
2009 {
2010 TEE_Result res = TEE_SUCCESS;
2011 size_t dl = 0;
2012
2013 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2014 dl = *destLen;
2015 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl,
2016 tag, tagLen);
2017 *destLen = dl;
2018 return res;
2019 }
2020
2021 /* Cryptographic Operations API - Asymmetric Functions */
2022
TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,size_t srcLen,void * destData,size_t * destLen)2023 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation,
2024 const TEE_Attribute *params,
2025 uint32_t paramCount, const void *srcData,
2026 size_t srcLen, void *destData,
2027 size_t *destLen)
2028 {
2029 TEE_Result res = TEE_SUCCESS;
2030 struct utee_attribute ua[paramCount];
2031 uint64_t dl = 0;
2032
2033 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2034 TEE_Panic(0);
2035
2036 __utee_check_attr_in_annotation(params, paramCount);
2037 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2038
2039 if (!operation->key1)
2040 TEE_Panic(0);
2041 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2042 TEE_Panic(0);
2043 if (operation->info.mode != TEE_MODE_ENCRYPT)
2044 TEE_Panic(0);
2045
2046 __utee_from_attr(ua, params, paramCount);
2047 dl = *destLen;
2048 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2049 srcLen, destData, &dl);
2050 *destLen = dl;
2051
2052 if (res != TEE_SUCCESS &&
2053 res != TEE_ERROR_SHORT_BUFFER &&
2054 res != TEE_ERROR_BAD_PARAMETERS &&
2055 res != TEE_ERROR_CIPHERTEXT_INVALID &&
2056 res != TEE_ERROR_NOT_SUPPORTED)
2057 TEE_Panic(res);
2058
2059 return res;
2060 }
2061
__GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)2062 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation,
2063 const __GP11_TEE_Attribute *params,
2064 uint32_t paramCount,
2065 const void *srcData, uint32_t srcLen,
2066 void *destData, uint32_t *destLen)
2067 {
2068 TEE_Result res = TEE_SUCCESS;
2069 struct utee_attribute ua[paramCount];
2070 uint64_t dl = 0;
2071
2072 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2073 TEE_Panic(0);
2074
2075 __utee_check_gp11_attr_in_annotation(params, paramCount);
2076 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2077
2078 if (!operation->key1)
2079 TEE_Panic(0);
2080 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2081 TEE_Panic(0);
2082 if (operation->info.mode != TEE_MODE_ENCRYPT)
2083 TEE_Panic(0);
2084
2085 __utee_from_gp11_attr(ua, params, paramCount);
2086 dl = *destLen;
2087 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2088 srcLen, destData, &dl);
2089 *destLen = dl;
2090
2091 if (res != TEE_SUCCESS &&
2092 res != TEE_ERROR_SHORT_BUFFER &&
2093 res != TEE_ERROR_BAD_PARAMETERS)
2094 TEE_Panic(res);
2095
2096 return res;
2097 }
2098
TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,size_t srcLen,void * destData,size_t * destLen)2099 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation,
2100 const TEE_Attribute *params,
2101 uint32_t paramCount, const void *srcData,
2102 size_t srcLen, void *destData,
2103 size_t *destLen)
2104 {
2105 TEE_Result res = TEE_SUCCESS;
2106 struct utee_attribute ua[paramCount];
2107 uint64_t dl = 0;
2108
2109 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2110 TEE_Panic(0);
2111
2112 __utee_check_attr_in_annotation(params, paramCount);
2113 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2114
2115 if (!operation->key1)
2116 TEE_Panic(0);
2117 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2118 TEE_Panic(0);
2119 if (operation->info.mode != TEE_MODE_DECRYPT)
2120 TEE_Panic(0);
2121
2122 __utee_from_attr(ua, params, paramCount);
2123 dl = *destLen;
2124 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2125 srcLen, destData, &dl);
2126 *destLen = dl;
2127
2128 if (res != TEE_SUCCESS &&
2129 res != TEE_ERROR_SHORT_BUFFER &&
2130 res != TEE_ERROR_BAD_PARAMETERS &&
2131 res != TEE_ERROR_CIPHERTEXT_INVALID &&
2132 res != TEE_ERROR_NOT_SUPPORTED)
2133 TEE_Panic(res);
2134
2135 return res;
2136 }
2137
__GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)2138 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation,
2139 const __GP11_TEE_Attribute *params,
2140 uint32_t paramCount,
2141 const void *srcData, uint32_t srcLen,
2142 void *destData, uint32_t *destLen)
2143 {
2144 TEE_Result res = TEE_SUCCESS;
2145 struct utee_attribute ua[paramCount];
2146 uint64_t dl = 0;
2147
2148 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2149 TEE_Panic(0);
2150
2151 __utee_check_gp11_attr_in_annotation(params, paramCount);
2152 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2153
2154 if (!operation->key1)
2155 TEE_Panic(0);
2156 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2157 TEE_Panic(0);
2158 if (operation->info.mode != TEE_MODE_DECRYPT)
2159 TEE_Panic(0);
2160
2161 __utee_from_gp11_attr(ua, params, paramCount);
2162 dl = *destLen;
2163 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2164 srcLen, destData, &dl);
2165 *destLen = dl;
2166
2167 if (res != TEE_SUCCESS &&
2168 res != TEE_ERROR_SHORT_BUFFER &&
2169 res != TEE_ERROR_BAD_PARAMETERS)
2170 TEE_Panic(res);
2171
2172 return res;
2173 }
2174
TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,size_t digestLen,void * signature,size_t * signatureLen)2175 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation,
2176 const TEE_Attribute *params,
2177 uint32_t paramCount, const void *digest,
2178 size_t digestLen, void *signature,
2179 size_t *signatureLen)
2180 {
2181 TEE_Result res = TEE_SUCCESS;
2182 struct utee_attribute ua[paramCount];
2183 uint64_t sl = 0;
2184
2185 if (operation == TEE_HANDLE_NULL || (!digest && digestLen))
2186 TEE_Panic(0);
2187
2188 __utee_check_attr_in_annotation(params, paramCount);
2189 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen));
2190
2191 if (!operation->key1)
2192 TEE_Panic(0);
2193 if (operation->info.operationClass !=
2194 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2195 TEE_Panic(0);
2196 if (operation->info.mode != TEE_MODE_SIGN)
2197 TEE_Panic(0);
2198
2199 __utee_from_attr(ua, params, paramCount);
2200 sl = *signatureLen;
2201 res = _utee_asymm_operate(operation->state, ua, paramCount, digest,
2202 digestLen, signature, &sl);
2203 *signatureLen = sl;
2204
2205 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER)
2206 TEE_Panic(res);
2207
2208 return res;
2209 }
2210
__GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,void * signature,uint32_t * signatureLen)2211 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation,
2212 const __GP11_TEE_Attribute *params,
2213 uint32_t paramCount,
2214 const void *digest,
2215 uint32_t digestLen, void *signature,
2216 uint32_t *signatureLen)
2217 {
2218 TEE_Result res = TEE_SUCCESS;
2219 struct utee_attribute ua[paramCount];
2220 uint64_t sl = 0;
2221
2222 if (operation == TEE_HANDLE_NULL || (!digest && digestLen))
2223 TEE_Panic(0);
2224
2225 __utee_check_gp11_attr_in_annotation(params, paramCount);
2226 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen));
2227
2228 if (!operation->key1)
2229 TEE_Panic(0);
2230 if (operation->info.operationClass !=
2231 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2232 TEE_Panic(0);
2233 if (operation->info.mode != TEE_MODE_SIGN)
2234 TEE_Panic(0);
2235
2236 __utee_from_gp11_attr(ua, params, paramCount);
2237 sl = *signatureLen;
2238 res = _utee_asymm_operate(operation->state, ua, paramCount, digest,
2239 digestLen, signature, &sl);
2240 *signatureLen = sl;
2241
2242 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER)
2243 TEE_Panic(res);
2244
2245 return res;
2246 }
2247
TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,size_t digestLen,const void * signature,size_t signatureLen)2248 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,
2249 const TEE_Attribute *params,
2250 uint32_t paramCount, const void *digest,
2251 size_t digestLen,
2252 const void *signature,
2253 size_t signatureLen)
2254 {
2255 TEE_Result res;
2256 struct utee_attribute ua[paramCount];
2257
2258 if (operation == TEE_HANDLE_NULL ||
2259 (digest == NULL && digestLen != 0) ||
2260 (signature == NULL && signatureLen != 0))
2261 TEE_Panic(0);
2262
2263 __utee_check_attr_in_annotation(params, paramCount);
2264
2265 if (!operation->key1)
2266 TEE_Panic(0);
2267 if (operation->info.operationClass !=
2268 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2269 TEE_Panic(0);
2270 if (operation->info.mode != TEE_MODE_VERIFY)
2271 TEE_Panic(0);
2272
2273 __utee_from_attr(ua, params, paramCount);
2274 res = _utee_asymm_verify(operation->state, ua, paramCount, digest,
2275 digestLen, signature, signatureLen);
2276
2277 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID)
2278 TEE_Panic(res);
2279
2280 return res;
2281 }
2282
__GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,const void * signature,uint32_t signatureLen)2283 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,
2284 const __GP11_TEE_Attribute *params,
2285 uint32_t paramCount,
2286 const void *digest,
2287 uint32_t digestLen,
2288 const void *signature,
2289 uint32_t signatureLen)
2290 {
2291 TEE_Result res = TEE_SUCCESS;
2292 struct utee_attribute ua[paramCount];
2293
2294 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) ||
2295 (!signature && signatureLen))
2296 TEE_Panic(0);
2297
2298 __utee_check_gp11_attr_in_annotation(params, paramCount);
2299
2300 if (!operation->key1)
2301 TEE_Panic(0);
2302 if (operation->info.operationClass !=
2303 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2304 TEE_Panic(0);
2305 if (operation->info.mode != TEE_MODE_VERIFY)
2306 TEE_Panic(0);
2307
2308 __utee_from_gp11_attr(ua, params, paramCount);
2309 res = _utee_asymm_verify(operation->state, ua, paramCount, digest,
2310 digestLen, signature, signatureLen);
2311
2312 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID)
2313 TEE_Panic(res);
2314
2315 return res;
2316 }
2317
2318 /* Cryptographic Operations API - Key Derivation Functions */
2319
TEE_DeriveKey(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,TEE_ObjectHandle derivedKey)2320 void TEE_DeriveKey(TEE_OperationHandle operation,
2321 const TEE_Attribute *params, uint32_t paramCount,
2322 TEE_ObjectHandle derivedKey)
2323 {
2324 struct utee_attribute ua[paramCount];
2325 struct utee_object_info key_info = { };
2326 TEE_Result res = TEE_SUCCESS;
2327
2328 if (operation == TEE_HANDLE_NULL || derivedKey == 0)
2329 TEE_Panic(0);
2330
2331 __utee_check_attr_in_annotation(params, paramCount);
2332
2333 if (TEE_ALG_GET_CLASS(operation->info.algorithm) !=
2334 TEE_OPERATION_KEY_DERIVATION)
2335 TEE_Panic(0);
2336
2337 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION)
2338 TEE_Panic(0);
2339 if (!operation->key1)
2340 TEE_Panic(0);
2341 if (operation->info.mode != TEE_MODE_DERIVE)
2342 TEE_Panic(0);
2343 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0)
2344 TEE_Panic(0);
2345
2346 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info);
2347 if (res != TEE_SUCCESS)
2348 TEE_Panic(res);
2349
2350 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET)
2351 TEE_Panic(0);
2352 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0)
2353 TEE_Panic(0);
2354
2355 __utee_from_attr(ua, params, paramCount);
2356 res = _utee_cryp_derive_key(operation->state, ua, paramCount,
2357 (unsigned long)derivedKey);
2358 if (res != TEE_SUCCESS)
2359 TEE_Panic(res);
2360 }
2361
__GP11_TEE_DeriveKey(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,TEE_ObjectHandle derivedKey)2362 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation,
2363 const __GP11_TEE_Attribute *params,
2364 uint32_t paramCount, TEE_ObjectHandle derivedKey)
2365 {
2366 struct utee_attribute ua[paramCount];
2367 struct utee_object_info key_info = { };
2368 TEE_Result res = TEE_SUCCESS;
2369
2370 if (operation == TEE_HANDLE_NULL || derivedKey == 0)
2371 TEE_Panic(0);
2372
2373 __utee_check_gp11_attr_in_annotation(params, paramCount);
2374
2375 if (TEE_ALG_GET_CLASS(operation->info.algorithm) !=
2376 TEE_OPERATION_KEY_DERIVATION)
2377 TEE_Panic(0);
2378
2379 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION)
2380 TEE_Panic(0);
2381 if (!operation->key1)
2382 TEE_Panic(0);
2383 if (operation->info.mode != TEE_MODE_DERIVE)
2384 TEE_Panic(0);
2385 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0)
2386 TEE_Panic(0);
2387
2388 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info);
2389 if (res != TEE_SUCCESS)
2390 TEE_Panic(res);
2391
2392 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET)
2393 TEE_Panic(0);
2394 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0)
2395 TEE_Panic(0);
2396
2397 __utee_from_gp11_attr(ua, params, paramCount);
2398 res = _utee_cryp_derive_key(operation->state, ua, paramCount,
2399 (unsigned long)derivedKey);
2400 if (res != TEE_SUCCESS)
2401 TEE_Panic(res);
2402 }
2403
2404 /* Cryptographic Operations API - Random Number Generation Functions */
2405
TEE_GenerateRandom(void * randomBuffer,size_t randomBufferLen)2406 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen)
2407 {
2408 TEE_Result res;
2409
2410 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen);
2411 if (res != TEE_SUCCESS)
2412 TEE_Panic(res);
2413 }
2414
__GP11_TEE_GenerateRandom(void * randomBuffer,uint32_t randomBufferLen)2415 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen)
2416 {
2417 TEE_GenerateRandom(randomBuffer, randomBufferLen);
2418 }
2419
rand(void)2420 int rand(void)
2421 {
2422 int rc;
2423
2424 TEE_GenerateRandom(&rc, sizeof(rc));
2425
2426 /*
2427 * RAND_MAX is the larges int, INT_MAX which is all bits but the
2428 * highest bit set.
2429 */
2430 return rc & RAND_MAX;
2431 }
2432
TEE_IsAlgorithmSupported(uint32_t alg,uint32_t element)2433 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element)
2434 {
2435 if (IS_ENABLED(CFG_CRYPTO_AES)) {
2436 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2437 if (alg == TEE_ALG_AES_ECB_NOPAD)
2438 goto check_element_none;
2439 }
2440 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2441 if (alg == TEE_ALG_AES_CBC_NOPAD)
2442 goto check_element_none;
2443 }
2444 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
2445 if (alg == TEE_ALG_AES_CTR)
2446 goto check_element_none;
2447 }
2448 if (IS_ENABLED(CFG_CRYPTO_CTS)) {
2449 if (alg == TEE_ALG_AES_CTS)
2450 goto check_element_none;
2451 }
2452 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
2453 if (alg == TEE_ALG_AES_XTS)
2454 goto check_element_none;
2455 }
2456 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
2457 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD ||
2458 alg == TEE_ALG_AES_CBC_MAC_PKCS5)
2459 goto check_element_none;
2460 }
2461 if (IS_ENABLED(CFG_CRYPTO_CMAC)) {
2462 if (alg == TEE_ALG_AES_CMAC)
2463 goto check_element_none;
2464 }
2465 if (IS_ENABLED(CFG_CRYPTO_CCM)) {
2466 if (alg == TEE_ALG_AES_CCM)
2467 goto check_element_none;
2468 }
2469 if (IS_ENABLED(CFG_CRYPTO_GCM)) {
2470 if (alg == TEE_ALG_AES_GCM)
2471 goto check_element_none;
2472 }
2473 }
2474 if (IS_ENABLED(CFG_CRYPTO_DES)) {
2475 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2476 if (alg == TEE_ALG_DES_ECB_NOPAD ||
2477 alg == TEE_ALG_DES3_ECB_NOPAD)
2478 goto check_element_none;
2479 }
2480 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2481 if (alg == TEE_ALG_DES_CBC_NOPAD ||
2482 alg == TEE_ALG_DES3_CBC_NOPAD)
2483 goto check_element_none;
2484 }
2485 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
2486 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD ||
2487 alg == TEE_ALG_DES_CBC_MAC_PKCS5 ||
2488 alg == TEE_ALG_DES3_CBC_MAC_NOPAD ||
2489 alg == TEE_ALG_DES3_CBC_MAC_PKCS5)
2490 goto check_element_none;
2491 }
2492 }
2493 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2494 if (alg == TEE_ALG_MD5)
2495 goto check_element_none;
2496 }
2497 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2498 if (alg == TEE_ALG_SHA1)
2499 goto check_element_none;
2500 }
2501 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2502 if (alg == TEE_ALG_SHA224)
2503 goto check_element_none;
2504 }
2505 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2506 if (alg == TEE_ALG_SHA256)
2507 goto check_element_none;
2508 }
2509 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2510 if (alg == TEE_ALG_SHA384)
2511 goto check_element_none;
2512 }
2513 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2514 if (alg == TEE_ALG_SHA512)
2515 goto check_element_none;
2516 }
2517 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) {
2518 if (alg == TEE_ALG_SHA3_224)
2519 goto check_element_none;
2520 }
2521 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) {
2522 if (alg == TEE_ALG_SHA3_256)
2523 goto check_element_none;
2524 }
2525 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) {
2526 if (alg == TEE_ALG_SHA3_384)
2527 goto check_element_none;
2528 }
2529 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) {
2530 if (alg == TEE_ALG_SHA3_512)
2531 goto check_element_none;
2532 }
2533 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
2534 if (alg == TEE_ALG_MD5SHA1)
2535 goto check_element_none;
2536 }
2537 if (IS_ENABLED(CFG_CRYPTO_HMAC)) {
2538 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2539 if (alg == TEE_ALG_HMAC_MD5)
2540 goto check_element_none;
2541 }
2542 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2543 if (alg == TEE_ALG_HMAC_SHA1)
2544 goto check_element_none;
2545 }
2546 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2547 if (alg == TEE_ALG_HMAC_SHA224)
2548 goto check_element_none;
2549 }
2550 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2551 if (alg == TEE_ALG_HMAC_SHA256)
2552 goto check_element_none;
2553 }
2554 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2555 if (alg == TEE_ALG_HMAC_SHA384)
2556 goto check_element_none;
2557 }
2558 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2559 if (alg == TEE_ALG_HMAC_SHA512)
2560 goto check_element_none;
2561 }
2562 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) {
2563 if (alg == TEE_ALG_HMAC_SHA3_224)
2564 goto check_element_none;
2565 }
2566 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) {
2567 if (alg == TEE_ALG_HMAC_SHA3_256)
2568 goto check_element_none;
2569 }
2570 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) {
2571 if (alg == TEE_ALG_HMAC_SHA3_384)
2572 goto check_element_none;
2573 }
2574 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) {
2575 if (alg == TEE_ALG_HMAC_SHA3_512)
2576 goto check_element_none;
2577 }
2578 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
2579 if (alg == TEE_ALG_HMAC_SM3)
2580 goto check_element_none;
2581 }
2582 }
2583 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
2584 if (alg == TEE_ALG_SM3)
2585 goto check_element_none;
2586 }
2587 if (IS_ENABLED(CFG_CRYPTO_SM4)) {
2588 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2589 if (alg == TEE_ALG_SM4_ECB_NOPAD)
2590 goto check_element_none;
2591 }
2592 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2593 if (alg == TEE_ALG_SM4_CBC_NOPAD)
2594 goto check_element_none;
2595 }
2596 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
2597 if (alg == TEE_ALG_SM4_CTR)
2598 goto check_element_none;
2599 }
2600 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
2601 if (alg == TEE_ALG_SM4_XTS)
2602 goto check_element_none;
2603 }
2604 }
2605 if (IS_ENABLED(CFG_CRYPTO_RSA)) {
2606 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2607 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5 ||
2608 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 ||
2609 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5)
2610 goto check_element_none;
2611 }
2612 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2613 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 ||
2614 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 ||
2615 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1)
2616 goto check_element_none;
2617 }
2618 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
2619 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1)
2620 goto check_element_none;
2621 }
2622 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2623 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 ||
2624 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 ||
2625 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224)
2626 goto check_element_none;
2627 }
2628 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2629 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 ||
2630 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 ||
2631 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256)
2632 goto check_element_none;
2633 }
2634 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2635 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 ||
2636 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 ||
2637 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384)
2638 goto check_element_none;
2639 }
2640 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2641 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 ||
2642 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 ||
2643 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512)
2644 goto check_element_none;
2645 }
2646 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) {
2647 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5)
2648 goto check_element_none;
2649 }
2650 if (alg == TEE_ALG_RSA_NOPAD)
2651 goto check_element_none;
2652 }
2653 if (IS_ENABLED(CFG_CRYPTO_DSA)) {
2654 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2655 if (alg == TEE_ALG_DSA_SHA1)
2656 goto check_element_none;
2657 }
2658 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2659 if (alg == TEE_ALG_DSA_SHA224)
2660 goto check_element_none;
2661 }
2662 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2663 if (alg == TEE_ALG_DSA_SHA256)
2664 goto check_element_none;
2665 }
2666 }
2667 if (IS_ENABLED(CFG_CRYPTO_DH)) {
2668 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET)
2669 goto check_element_none;
2670 }
2671 if (IS_ENABLED(CFG_CRYPTO_ECC)) {
2672 if ((alg == __OPTEE_ALG_ECDH_P192 ||
2673 alg == __OPTEE_ALG_ECDSA_P192 ||
2674 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2675 alg == TEE_ALG_ECDSA_SHA1) &&
2676 element == TEE_ECC_CURVE_NIST_P192)
2677 return TEE_SUCCESS;
2678 if ((alg == __OPTEE_ALG_ECDH_P224 ||
2679 alg == __OPTEE_ALG_ECDSA_P224 ||
2680 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2681 alg == TEE_ALG_ECDSA_SHA224) &&
2682 element == TEE_ECC_CURVE_NIST_P224)
2683 return TEE_SUCCESS;
2684 if ((alg == __OPTEE_ALG_ECDH_P256 ||
2685 alg == __OPTEE_ALG_ECDSA_P256 ||
2686 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2687 alg == TEE_ALG_ECDSA_SHA256) &&
2688 element == TEE_ECC_CURVE_NIST_P256)
2689 return TEE_SUCCESS;
2690 if ((alg == __OPTEE_ALG_ECDH_P384 ||
2691 alg == __OPTEE_ALG_ECDSA_P384 ||
2692 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2693 alg == TEE_ALG_ECDSA_SHA384) &&
2694 element == TEE_ECC_CURVE_NIST_P384)
2695 return TEE_SUCCESS;
2696 if ((alg == __OPTEE_ALG_ECDH_P521 ||
2697 alg == __OPTEE_ALG_ECDSA_P521 ||
2698 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2699 alg == TEE_ALG_ECDSA_SHA512) &&
2700 element == TEE_ECC_CURVE_NIST_P521)
2701 return TEE_SUCCESS;
2702 }
2703 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) {
2704 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2)
2705 return TEE_SUCCESS;
2706 }
2707 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) {
2708 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2)
2709 return TEE_SUCCESS;
2710 }
2711 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) {
2712 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2)
2713 return TEE_SUCCESS;
2714 }
2715 if (IS_ENABLED(CFG_CRYPTO_X25519)) {
2716 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519)
2717 return TEE_SUCCESS;
2718 }
2719 if (IS_ENABLED(CFG_CRYPTO_ED25519)) {
2720 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519)
2721 return TEE_SUCCESS;
2722 }
2723
2724 return TEE_ERROR_NOT_SUPPORTED;
2725 check_element_none:
2726 if (element == TEE_CRYPTO_ELEMENT_NONE)
2727 return TEE_SUCCESS;
2728 return TEE_ERROR_NOT_SUPPORTED;
2729 }
2730