1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved
4 * Author: Jorge Ramirez <jorge@foundries.io>
5 */
6
7 #include <assert.h>
8 #include <config.h>
9 #include <crypto/crypto_impl.h>
10 #include <drvcrypt.h>
11 #include <drvcrypt_acipher.h>
12 #include <drvcrypt_math.h>
13 #include <initcall.h>
14 #include <mempool.h>
15 #include <se050.h>
16 #include <string.h>
17 #include <tee/cache.h>
18 #include <tee/tee_cryp_utl.h>
19 #include <tee_api_defines_extensions.h>
20
oefid_cipher_type(void)21 static sss_cipher_type_t oefid_cipher_type(void)
22 {
23 switch (se050_get_oefid()) {
24 case SE050F_ID:
25 return kSSS_CipherType_RSA_CRT;
26 default:
27 return kSSS_CipherType_RSA;
28 }
29 }
30
oefid_keylen_supported(size_t bits)31 static bool oefid_keylen_supported(size_t bits)
32 {
33 switch (se050_get_oefid()) {
34 case SE050F_ID:
35 return bits >= 2048;
36 default:
37 return true;
38 }
39 }
40
rsa_keypair_has_crt(struct rsa_keypair * key)41 static bool rsa_keypair_has_crt(struct rsa_keypair *key)
42 {
43 if (key->p && crypto_bignum_num_bytes(key->p) &&
44 key->q && crypto_bignum_num_bytes(key->q) &&
45 key->qp && crypto_bignum_num_bytes(key->qp) &&
46 key->dp && crypto_bignum_num_bytes(key->dp) &&
47 key->dq && crypto_bignum_num_bytes(key->dq))
48 return true;
49
50 return false;
51 }
52
keypair_supported(struct rsa_keypair * key,sss_cipher_type_t ctype)53 static bool keypair_supported(struct rsa_keypair *key, sss_cipher_type_t ctype)
54 {
55 if (se050_rsa_keypair_from_nvm(key))
56 return true;
57
58 if (ctype == kSSS_CipherType_RSA_CRT)
59 return rsa_keypair_has_crt(key);
60
61 return true;
62 }
63
tee2se050(uint32_t algo)64 static uint32_t tee2se050(uint32_t algo)
65 {
66 switch (algo) {
67 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
68 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1;
69 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
70 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224;
71 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
72 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256;
73 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
74 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384;
75 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
76 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512;
77 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
78 return kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1;
79 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
80 return kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224;
81 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
82 return kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256;
83 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
84 return kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384;
85 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
86 return kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512;
87 case TEE_ALG_RSAES_PKCS1_V1_5:
88 return kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA256;
89 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
90 return kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1;
91 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
92 return kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224;
93 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
94 return kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256;
95 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
96 return kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384;
97 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
98 return kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512;
99 case TEE_ALG_RSA_NOPAD:
100 return kAlgorithm_SSS_RSASSA_NO_PADDING;
101 #ifdef CFG_CRYPTO_RSASSA_NA1
102 case TEE_ALG_RSASSA_PKCS1_V1_5:
103 return kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH;
104 #endif
105 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
106 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1:
107 default:
108 return kAlgorithm_None;
109 }
110 }
111
bn_alloc_max(struct bignum ** s)112 static bool bn_alloc_max(struct bignum **s)
113 {
114 *s = crypto_bignum_allocate(4096);
115
116 return *s;
117 }
118
set_binary_data(struct bignum * b,uint8_t ** p,size_t * len)119 static TEE_Result set_binary_data(struct bignum *b, uint8_t **p, size_t *len)
120 {
121 *len = crypto_bignum_num_bytes(b);
122 if (*len) {
123 *p = (uint8_t *)calloc(1, *len);
124 if (!*p)
125 return TEE_ERROR_OUT_OF_MEMORY;
126 crypto_bignum_bn2bin(b, *p);
127 }
128 return TEE_SUCCESS;
129 }
130
se050_inject_public_key(sss_se05x_object_t * k_object,struct rsa_public_key * key)131 static TEE_Result se050_inject_public_key(sss_se05x_object_t *k_object,
132 struct rsa_public_key *key)
133 {
134 sss_status_t st = kStatus_SSS_Fail;
135 struct se050_rsa_keypub key_bin = { };
136 uint32_t oid = 0;
137
138 st = sss_se05x_key_object_init(k_object, se050_kstore);
139 if (st != kStatus_SSS_Success)
140 return TEE_ERROR_BAD_PARAMETERS;
141
142 st = se050_get_oid(&oid);
143 if (st != kStatus_SSS_Success)
144 return TEE_ERROR_GENERIC;
145
146 /*
147 * Keys 2048 and above MUST to be placed on persistent storage even
148 * though the keys will be deleted after the operation. This is a
149 * memory restriction in the secure element.
150 */
151 st = sss_se05x_key_object_allocate_handle(k_object, oid,
152 kSSS_KeyPart_Public,
153 oefid_cipher_type(), 0,
154 kKeyObject_Mode_Persistent);
155 if (st != kStatus_SSS_Success)
156 return TEE_ERROR_BAD_PARAMETERS;
157
158 set_binary_data(key->e, &key_bin.e, &key_bin.e_len);
159 set_binary_data(key->n, &key_bin.n, &key_bin.n_len);
160 st = se050_key_store_set_rsa_key_bin(se050_kstore, k_object, NULL,
161 &key_bin, key_bin.n_len * 8);
162 free(key_bin.n);
163 free(key_bin.e);
164
165 if (st != kStatus_SSS_Success) {
166 sss_se05x_key_store_erase_key(se050_kstore, k_object);
167 return TEE_ERROR_BAD_PARAMETERS;
168 }
169
170 return TEE_SUCCESS;
171 }
172
se050_inject_keypair(sss_se05x_object_t * k_object,struct rsa_keypair * key)173 static TEE_Result se050_inject_keypair(sss_se05x_object_t *k_object,
174 struct rsa_keypair *key)
175 {
176 sss_status_t st = kStatus_SSS_Fail;
177 struct se050_rsa_keypair key_bin = { };
178 uint32_t key_id = 0;
179 uint32_t oid = 0;
180
181 st = sss_se05x_key_object_init(k_object, se050_kstore);
182 if (st != kStatus_SSS_Success)
183 return TEE_ERROR_BAD_PARAMETERS;
184
185 key_id = se050_rsa_keypair_from_nvm(key);
186 if (key_id) {
187 st = sss_se05x_key_object_get_handle(k_object, key_id);
188 if (st != kStatus_SSS_Success)
189 return TEE_ERROR_BAD_PARAMETERS;
190 return TEE_SUCCESS;
191 }
192
193 st = se050_get_oid(&oid);
194 if (st != kStatus_SSS_Success)
195 return TEE_ERROR_GENERIC;
196
197 /* Keys 2048 and above need to be placed on persistent storage */
198 st = sss_se05x_key_object_allocate_handle(k_object, oid,
199 kSSS_KeyPart_Pair,
200 oefid_cipher_type(), 0,
201 kKeyObject_Mode_Persistent);
202 if (st != kStatus_SSS_Success)
203 return TEE_ERROR_BAD_PARAMETERS;
204
205 set_binary_data(key->e, &key_bin.e, &key_bin.e_len);
206 set_binary_data(key->d, &key_bin.d, &key_bin.d_len);
207 set_binary_data(key->n, &key_bin.n, &key_bin.n_len);
208 set_binary_data(key->p, &key_bin.p, &key_bin.p_len);
209 set_binary_data(key->q, &key_bin.q, &key_bin.q_len);
210 set_binary_data(key->qp, &key_bin.qp, &key_bin.qp_len);
211 set_binary_data(key->dp, &key_bin.dp, &key_bin.dp_len);
212 set_binary_data(key->dq, &key_bin.dq, &key_bin.dq_len);
213 st = se050_key_store_set_rsa_key_bin(se050_kstore, k_object,
214 &key_bin, NULL,
215 crypto_bignum_num_bits(key->n));
216 free(key_bin.e);
217 free(key_bin.d);
218 free(key_bin.n);
219 free(key_bin.p);
220 free(key_bin.q);
221 free(key_bin.qp);
222 free(key_bin.dp);
223 free(key_bin.dq);
224
225 if (st != kStatus_SSS_Success) {
226 sss_se05x_key_store_erase_key(se050_kstore, k_object);
227 return TEE_ERROR_BAD_PARAMETERS;
228 }
229
230 return TEE_SUCCESS;
231 }
232
decrypt_es(uint32_t algo,struct rsa_keypair * key,const uint8_t * src,size_t src_len,uint8_t * dst,size_t * dst_len)233 static TEE_Result decrypt_es(uint32_t algo, struct rsa_keypair *key,
234 const uint8_t *src, size_t src_len,
235 uint8_t *dst, size_t *dst_len)
236 {
237 sss_status_t st = kStatus_SSS_Fail;
238 sss_se05x_asymmetric_t ctx = { };
239 sss_se05x_object_t kobject = { };
240 TEE_Result res = TEE_SUCCESS;
241 uint8_t *buf = NULL;
242 size_t buf_len = src_len;
243
244 res = se050_inject_keypair(&kobject, key);
245 if (res)
246 return res;
247
248 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
249 tee2se050(algo),
250 kMode_SSS_Decrypt);
251 if (st != kStatus_SSS_Success) {
252 if (!se050_rsa_keypair_from_nvm(key))
253 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
254 return TEE_ERROR_BAD_PARAMETERS;
255 }
256
257 /* we don't know the size of the decrypted data, just the upper limit */
258 buf = mempool_calloc(mempool_default, 1, buf_len);
259 if (!buf) {
260 res = TEE_ERROR_OUT_OF_MEMORY;
261 goto out;
262 }
263
264 st = sss_se05x_asymmetric_decrypt(&ctx, src, src_len, buf, &buf_len);
265 if (st != kStatus_SSS_Success) {
266 res = TEE_ERROR_BAD_PARAMETERS;
267 goto out;
268 }
269
270 if (buf_len > *dst_len) {
271 *dst_len = buf_len;
272 res = TEE_ERROR_SHORT_BUFFER;
273 goto out;
274 }
275
276 *dst_len = buf_len;
277 memcpy(dst, buf, buf_len);
278 out:
279 if (!se050_rsa_keypair_from_nvm(key))
280 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
281
282 sss_se05x_asymmetric_context_free(&ctx);
283 mempool_free(mempool_default, buf);
284
285 return res;
286 }
287
encrypt_es(uint32_t algo,struct rsa_public_key * key,const uint8_t * src,size_t src_len,uint8_t * dst,size_t * dst_len)288 static TEE_Result encrypt_es(uint32_t algo, struct rsa_public_key *key,
289 const uint8_t *src, size_t src_len,
290 uint8_t *dst, size_t *dst_len)
291 {
292 sss_status_t st = kStatus_SSS_Fail;
293 sss_se05x_asymmetric_t ctx = { };
294 sss_se05x_object_t kobject = { };
295 TEE_Result res = TEE_SUCCESS;
296
297 if (*dst_len < crypto_bignum_num_bytes(key->n)) {
298 *dst_len = crypto_bignum_num_bytes(key->n);
299 return TEE_ERROR_SHORT_BUFFER;
300 }
301
302 if (se050_inject_public_key(&kobject, key))
303 return TEE_ERROR_BAD_PARAMETERS;
304
305 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
306 tee2se050(algo),
307 kMode_SSS_Encrypt);
308 if (st != kStatus_SSS_Success) {
309 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
310 return TEE_ERROR_BAD_PARAMETERS;
311 }
312
313 st = sss_se05x_asymmetric_encrypt(&ctx, src, src_len, dst, dst_len);
314 if (st != kStatus_SSS_Success)
315 res = TEE_ERROR_BAD_PARAMETERS;
316
317 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
318 sss_se05x_asymmetric_context_free(&ctx);
319
320 return res;
321 }
322
decrypt_nopad(struct rsa_keypair * key,const uint8_t * src,size_t src_len,uint8_t * dst,size_t * dst_len)323 static TEE_Result decrypt_nopad(struct rsa_keypair *key, const uint8_t *src,
324 size_t src_len, uint8_t *dst, size_t *dst_len)
325 {
326 sss_status_t st = kStatus_SSS_Fail;
327 sss_se05x_asymmetric_t ctx = { };
328 sss_se05x_object_t kobject = { };
329 TEE_Result res = TEE_SUCCESS;
330 uint8_t *buf = NULL;
331 size_t offset = 0;
332 size_t blen = 0;
333 size_t rsa_len = 0;
334
335 res = se050_inject_keypair(&kobject, key);
336 if (res)
337 return res;
338
339 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
340 kAlgorithm_SSS_RSASSA_NO_PADDING,
341 kMode_SSS_Decrypt);
342 if (st != kStatus_SSS_Success) {
343 if (!se050_rsa_keypair_from_nvm(key))
344 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
345 return TEE_ERROR_BAD_PARAMETERS;
346 }
347
348 blen = CFG_CORE_BIGNUM_MAX_BITS / 8;
349 buf = mempool_calloc(mempool_default, 1, blen);
350 if (!buf) {
351 res = TEE_ERROR_OUT_OF_MEMORY;
352 goto out;
353 }
354
355 rsa_len = crypto_bignum_num_bytes(key->n);
356 memcpy(buf + rsa_len - src_len, src, src_len);
357
358 st = sss_se05x_asymmetric_decrypt(&ctx, buf, rsa_len, buf, &blen);
359 if (st != kStatus_SSS_Success) {
360 res = TEE_ERROR_BAD_PARAMETERS;
361 goto out;
362 }
363
364 /* Remove the zero-padding (leave one zero if buff is all zeroes) */
365 offset = 0;
366 while ((offset < blen - 1) && (buf[offset] == 0))
367 offset++;
368
369 if (*dst_len < blen - offset) {
370 *dst_len = blen - offset;
371 res = TEE_ERROR_SHORT_BUFFER;
372 goto out;
373 }
374
375 *dst_len = blen - offset;
376 memcpy(dst, buf + offset, *dst_len);
377 out:
378 mempool_free(mempool_default, buf);
379 if (!se050_rsa_keypair_from_nvm(key))
380 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
381
382 sss_se05x_asymmetric_context_free(&ctx);
383
384 return res;
385 }
386
encrypt_nopad(struct rsa_public_key * key,const uint8_t * src,size_t src_len,uint8_t * dst,size_t * dst_len)387 static TEE_Result encrypt_nopad(struct rsa_public_key *key, const uint8_t *src,
388 size_t src_len, uint8_t *dst, size_t *dst_len)
389 {
390 sss_status_t st = kStatus_SSS_Fail;
391 sss_se05x_asymmetric_t ctx = { };
392 sss_se05x_object_t kobject = { };
393 TEE_Result res = TEE_SUCCESS;
394 uint8_t *buf = NULL;
395 size_t offset = 0;
396 size_t blen = 0;
397 size_t rsa_len = 0;
398
399 if (se050_inject_public_key(&kobject, key))
400 return TEE_ERROR_BAD_PARAMETERS;
401
402 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
403 kAlgorithm_SSS_RSASSA_NO_PADDING,
404 kMode_SSS_Encrypt);
405 if (st != kStatus_SSS_Success) {
406 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
407 return TEE_ERROR_BAD_PARAMETERS;
408 }
409
410 blen = CFG_CORE_BIGNUM_MAX_BITS / 8;
411 buf = mempool_calloc(mempool_default, 1, blen);
412 if (!buf) {
413 res = TEE_ERROR_OUT_OF_MEMORY;
414 goto out;
415 }
416
417 rsa_len = crypto_bignum_num_bytes(key->n);
418 memcpy(buf + rsa_len - src_len, src, src_len);
419
420 st = sss_se05x_asymmetric_encrypt(&ctx, buf, rsa_len, buf, &blen);
421 if (st != kStatus_SSS_Success) {
422 res = TEE_ERROR_BAD_PARAMETERS;
423 goto out;
424 }
425
426 /* Remove the zero-padding (leave one zero if buff is all zeroes) */
427 offset = 0;
428 while ((offset < blen - 1) && (buf[offset] == 0))
429 offset++;
430
431 if (*dst_len < blen - offset) {
432 *dst_len = blen - offset;
433 res = TEE_ERROR_SHORT_BUFFER;
434 goto out;
435 }
436
437 *dst_len = blen - offset;
438 memcpy(dst, buf + offset, *dst_len);
439 out:
440 mempool_free(mempool_default, buf);
441 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
442 sss_se05x_asymmetric_context_free(&ctx);
443
444 return res;
445 }
446
sign_ssa(uint32_t algo,struct rsa_keypair * key,const uint8_t * msg,size_t msg_len,uint8_t * sig,size_t * sig_len)447 static TEE_Result sign_ssa(uint32_t algo, struct rsa_keypair *key,
448 const uint8_t *msg, size_t msg_len,
449 uint8_t *sig, size_t *sig_len)
450 {
451 sss_status_t st = kStatus_SSS_Fail;
452 sss_se05x_asymmetric_t ctx = { };
453 sss_se05x_object_t kobject = { };
454 TEE_Result res = TEE_SUCCESS;
455
456 if (*sig_len < crypto_bignum_num_bytes(key->n)) {
457 *sig_len = crypto_bignum_num_bytes(key->n);
458 return TEE_ERROR_SHORT_BUFFER;
459 }
460
461 res = se050_inject_keypair(&kobject, key);
462 if (res)
463 return res;
464
465 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
466 tee2se050(algo), kMode_SSS_Sign);
467 if (st != kStatus_SSS_Success) {
468 if (!se050_rsa_keypair_from_nvm(key))
469 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
470 return TEE_ERROR_BAD_PARAMETERS;
471 }
472
473 st = sss_se05x_asymmetric_sign_digest(&ctx, (uint8_t *)msg, msg_len,
474 sig, sig_len);
475 if (st != kStatus_SSS_Success)
476 res = TEE_ERROR_BAD_PARAMETERS;
477
478 if (!se050_rsa_keypair_from_nvm(key))
479 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
480
481 sss_se05x_asymmetric_context_free(&ctx);
482
483 return res;
484 }
485
verify_ssa(uint32_t algo,struct rsa_public_key * key,const uint8_t * msg,size_t msg_len,const uint8_t * sig,size_t sig_len)486 static TEE_Result verify_ssa(uint32_t algo, struct rsa_public_key *key,
487 const uint8_t *msg, size_t msg_len,
488 const uint8_t *sig, size_t sig_len)
489 {
490 sss_status_t st = kStatus_SSS_Fail;
491 sss_se05x_asymmetric_t ctx = { };
492 sss_se05x_object_t kobject = { };
493 TEE_Result res = TEE_SUCCESS;
494
495 if (se050_inject_public_key(&kobject, key))
496 return TEE_ERROR_BAD_PARAMETERS;
497
498 st = sss_se05x_asymmetric_context_init(&ctx, se050_session, &kobject,
499 tee2se050(algo),
500 kMode_SSS_Verify);
501 if (st != kStatus_SSS_Success) {
502 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
503 return TEE_ERROR_BAD_PARAMETERS;
504 }
505
506 st = sss_se05x_asymmetric_verify_digest(&ctx, (uint8_t *)msg, msg_len,
507 (uint8_t *)sig, sig_len);
508 if (st != kStatus_SSS_Success)
509 res = TEE_ERROR_SIGNATURE_INVALID;
510
511 sss_se05x_key_store_erase_key(se050_kstore, &kobject);
512 sss_se05x_asymmetric_context_free(&ctx);
513
514 return res;
515 }
516
do_alloc_keypair(struct rsa_keypair * s,size_t key_size_bits __unused)517 static TEE_Result do_alloc_keypair(struct rsa_keypair *s,
518 size_t key_size_bits __unused)
519 {
520 memset(s, 0, sizeof(*s));
521 if (!bn_alloc_max(&s->e))
522 return TEE_ERROR_OUT_OF_MEMORY;
523 if (!bn_alloc_max(&s->d))
524 goto err;
525 if (!bn_alloc_max(&s->n))
526 goto err;
527 if (!bn_alloc_max(&s->p))
528 goto err;
529 if (!bn_alloc_max(&s->q))
530 goto err;
531 if (!bn_alloc_max(&s->qp))
532 goto err;
533 if (!bn_alloc_max(&s->dp))
534 goto err;
535 if (!bn_alloc_max(&s->dq))
536 goto err;
537
538 return TEE_SUCCESS;
539 err:
540 crypto_bignum_free(&s->e);
541 crypto_bignum_free(&s->d);
542 crypto_bignum_free(&s->n);
543 crypto_bignum_free(&s->p);
544 crypto_bignum_free(&s->q);
545 crypto_bignum_free(&s->qp);
546 crypto_bignum_free(&s->dp);
547 crypto_bignum_free(&s->dq);
548
549 return TEE_ERROR_OUT_OF_MEMORY;
550 }
551
do_alloc_publickey(struct rsa_public_key * s,size_t key_size_bits __unused)552 static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
553 size_t key_size_bits __unused)
554 {
555 memset(s, 0, sizeof(*s));
556 if (!bn_alloc_max(&s->e))
557 return TEE_ERROR_OUT_OF_MEMORY;
558 if (!bn_alloc_max(&s->n)) {
559 crypto_bignum_free(&s->e);
560 return TEE_ERROR_OUT_OF_MEMORY;
561 }
562
563 return TEE_SUCCESS;
564 }
565
do_free_publickey(struct rsa_public_key * s)566 static void do_free_publickey(struct rsa_public_key *s)
567 {
568 if (s) {
569 crypto_bignum_free(&s->n);
570 crypto_bignum_free(&s->e);
571 }
572 }
573
do_free_keypair(struct rsa_keypair * s)574 static void do_free_keypair(struct rsa_keypair *s)
575 {
576 sss_status_t st = kStatus_SSS_Fail;
577 sss_se05x_object_t k_object = { };
578 uint32_t key_id = 0;
579
580 if (!s)
581 return;
582
583 key_id = se050_rsa_keypair_from_nvm(s);
584 if (key_id) {
585 st = sss_se05x_key_object_get_handle(&k_object, key_id);
586 if (st == kStatus_SSS_Success)
587 sss_se05x_key_store_erase_key(se050_kstore, &k_object);
588 }
589
590 crypto_bignum_free(&s->e);
591 crypto_bignum_free(&s->d);
592 crypto_bignum_free(&s->n);
593 crypto_bignum_free(&s->p);
594 crypto_bignum_free(&s->q);
595 crypto_bignum_free(&s->qp);
596 crypto_bignum_free(&s->dp);
597 crypto_bignum_free(&s->dq);
598 }
599
do_gen_keypair(struct rsa_keypair * key,size_t kb)600 static TEE_Result do_gen_keypair(struct rsa_keypair *key, size_t kb)
601 {
602 sss_status_t st = kStatus_SSS_Fail;
603 sss_se05x_object_t k_object = { };
604 uint32_t oid = 0;
605 uint64_t kid = 0;
606 uint8_t k[2048] = { 0 };
607 uint8_t *n = NULL;
608 uint8_t *e = NULL;
609 size_t n_len = 0;
610 size_t e_len = 0;
611 size_t k_len = sizeof(k);
612
613 if (!oefid_keylen_supported(kb)) {
614 if (!IS_ENABLED(CFG_NXP_SE05X_RSA_DRV_FALLBACK))
615 return TEE_ERROR_NOT_IMPLEMENTED;
616
617 DMSG("se050: debug: RSA software fallback: KEYGEN");
618 return sw_crypto_acipher_gen_rsa_key(key, kb);
619 }
620
621 st = sss_se05x_key_object_init(&k_object, se050_kstore);
622 if (st != kStatus_SSS_Success)
623 return TEE_ERROR_BAD_PARAMETERS;
624
625 st = se050_get_oid(&oid);
626 if (st != kStatus_SSS_Success)
627 return TEE_ERROR_GENERIC;
628
629 st = sss_se05x_key_object_allocate_handle(&k_object, oid,
630 kSSS_KeyPart_Pair,
631 oefid_cipher_type(), 0,
632 kKeyObject_Mode_Persistent);
633 if (st != kStatus_SSS_Success)
634 return TEE_ERROR_BAD_PARAMETERS;
635
636 st = sss_se05x_key_store_generate_key(se050_kstore, &k_object, kb,
637 &se050_asym_policy);
638 if (st != kStatus_SSS_Success)
639 goto error;
640
641 st = sss_se05x_key_store_get_key(se050_kstore, &k_object, k, &k_len,
642 &kb);
643 if (st != kStatus_SSS_Success)
644 goto error;
645
646 st = sss_util_asn1_rsa_parse_public(k, k_len, &n, &n_len, &e, &e_len);
647 if (st != kStatus_SSS_Success)
648 goto error;
649
650 crypto_bignum_bin2bn(n, n_len, key->n);
651 crypto_bignum_bin2bn(e, e_len, key->e);
652 kid = se050_generate_private_key(oid);
653 crypto_bignum_bin2bn((uint8_t *)&kid, sizeof(kid), (key->d));
654 crypto_bignum_bin2bn((uint8_t *)&oid, sizeof(oid), key->p);
655 crypto_bignum_bin2bn((uint8_t *)&oid, sizeof(oid), key->q);
656 crypto_bignum_bin2bn((uint8_t *)&oid, sizeof(oid), key->qp);
657 crypto_bignum_bin2bn((uint8_t *)&oid, sizeof(oid), key->dp);
658 crypto_bignum_bin2bn((uint8_t *)&oid, sizeof(oid), key->dq);
659 free(n);
660 free(e);
661
662 return TEE_SUCCESS;
663 error:
664 sss_se05x_key_store_erase_key(se050_kstore, &k_object);
665 return TEE_ERROR_BAD_PARAMETERS;
666 }
667
encrypt_fallback(struct drvcrypt_rsa_ed * p)668 static TEE_Result encrypt_fallback(struct drvcrypt_rsa_ed *p)
669 {
670 if (!IS_ENABLED(CFG_NXP_SE05X_RSA_DRV_FALLBACK))
671 return TEE_ERROR_NOT_IMPLEMENTED;
672
673 switch (p->rsa_id) {
674 case DRVCRYPT_RSA_NOPAD:
675 DMSG("se050: debug: RSA software fallback: ENCRYPT_NOPAD");
676 return sw_crypto_acipher_rsanopad_encrypt(p->key.key,
677 p->message.data,
678 p->message.length,
679 p->cipher.data,
680 &p->cipher.length);
681
682 case DRVCRYPT_RSA_OAEP:
683 case DRVCRYPT_RSA_PKCS_V1_5:
684 case DRVCRYPT_RSASSA_PKCS_V1_5:
685 case DRVCRYPT_RSASSA_PSS:
686 default:
687 DMSG("se050: debug: RSA software fallback: ENCRYPT_ES");
688 return sw_crypto_acipher_rsaes_encrypt(p->algo,
689 p->key.key,
690 p->label.data,
691 p->label.length,
692 p->mgf_algo,
693 p->message.data,
694 p->message.length,
695 p->cipher.data,
696 &p->cipher.length);
697 }
698 }
699
do_encrypt(struct drvcrypt_rsa_ed * rsa_data)700 static TEE_Result do_encrypt(struct drvcrypt_rsa_ed *rsa_data)
701 {
702 if (!oefid_keylen_supported(rsa_data->key.n_size * 8))
703 return encrypt_fallback(rsa_data);
704
705 switch (rsa_data->rsa_id) {
706 case DRVCRYPT_RSA_NOPAD:
707 case DRVCRYPT_RSASSA_PSS:
708 case DRVCRYPT_RSASSA_PKCS_V1_5:
709 return encrypt_nopad(rsa_data->key.key,
710 rsa_data->message.data,
711 rsa_data->message.length,
712 rsa_data->cipher.data,
713 &rsa_data->cipher.length);
714
715 case DRVCRYPT_RSA_PKCS_V1_5:
716 return encrypt_es(TEE_ALG_RSAES_PKCS1_V1_5,
717 rsa_data->key.key,
718 rsa_data->message.data,
719 rsa_data->message.length,
720 rsa_data->cipher.data,
721 &rsa_data->cipher.length);
722
723 case DRVCRYPT_RSA_OAEP:
724 if (rsa_data->hash_algo != TEE_ALG_SHA1 ||
725 rsa_data->hash_algo != rsa_data->mgf_algo)
726 return encrypt_fallback(rsa_data);
727
728 return encrypt_es(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
729 rsa_data->key.key,
730 rsa_data->message.data,
731 rsa_data->message.length,
732 rsa_data->cipher.data,
733 &rsa_data->cipher.length);
734
735 default:
736 break;
737 }
738
739 return encrypt_fallback(rsa_data);
740 }
741
decrypt_fallback(struct drvcrypt_rsa_ed * p)742 static TEE_Result decrypt_fallback(struct drvcrypt_rsa_ed *p)
743 {
744 if (!IS_ENABLED(CFG_NXP_SE05X_RSA_DRV_FALLBACK))
745 return TEE_ERROR_NOT_IMPLEMENTED;
746
747 if (se050_rsa_keypair_from_nvm(p->key.key))
748 return TEE_ERROR_NOT_IMPLEMENTED;
749
750 switch (p->rsa_id) {
751 case DRVCRYPT_RSA_NOPAD:
752 DMSG("se050: debug: RSA software fallback: DECRYPT_NOPAD");
753 return sw_crypto_acipher_rsanopad_decrypt(p->key.key,
754 p->cipher.data,
755 p->cipher.length,
756 p->message.data,
757 &p->message.length);
758
759 case DRVCRYPT_RSA_OAEP:
760 case DRVCRYPT_RSA_PKCS_V1_5:
761 case DRVCRYPT_RSASSA_PKCS_V1_5:
762 case DRVCRYPT_RSASSA_PSS:
763 default:
764 DMSG("se050: debug: RSA software fallback: DECRYPT_ES");
765 return sw_crypto_acipher_rsaes_decrypt(p->algo,
766 p->key.key,
767 p->label.data,
768 p->label.length,
769 p->mgf_algo,
770 p->cipher.data,
771 p->cipher.length,
772 p->message.data,
773 &p->message.length);
774 }
775 }
776
do_decrypt(struct drvcrypt_rsa_ed * rsa_data)777 static TEE_Result do_decrypt(struct drvcrypt_rsa_ed *rsa_data)
778 {
779 if (!oefid_keylen_supported(rsa_data->key.n_size * 8))
780 return decrypt_fallback(rsa_data);
781
782 if (!keypair_supported(rsa_data->key.key, oefid_cipher_type()))
783 return decrypt_fallback(rsa_data);
784
785 switch (rsa_data->rsa_id) {
786 case DRVCRYPT_RSA_NOPAD:
787 case DRVCRYPT_RSASSA_PSS:
788 case DRVCRYPT_RSASSA_PKCS_V1_5:
789 return decrypt_nopad(rsa_data->key.key,
790 rsa_data->cipher.data,
791 rsa_data->cipher.length,
792 rsa_data->message.data,
793 &rsa_data->message.length);
794
795 case DRVCRYPT_RSA_PKCS_V1_5:
796 return decrypt_es(TEE_ALG_RSAES_PKCS1_V1_5,
797 rsa_data->key.key,
798 rsa_data->cipher.data,
799 rsa_data->cipher.length,
800 rsa_data->message.data,
801 &rsa_data->message.length);
802
803 case DRVCRYPT_RSA_OAEP:
804 if (rsa_data->hash_algo != TEE_ALG_SHA1 ||
805 rsa_data->hash_algo != rsa_data->mgf_algo)
806 return decrypt_fallback(rsa_data);
807
808 return decrypt_es(TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1,
809 rsa_data->key.key,
810 rsa_data->cipher.data,
811 rsa_data->cipher.length,
812 rsa_data->message.data,
813 &rsa_data->message.length);
814
815 default:
816 break;
817 }
818
819 return TEE_ERROR_NOT_IMPLEMENTED;
820 }
821
sign_ssa_fallback(struct drvcrypt_rsa_ssa * p)822 static TEE_Result sign_ssa_fallback(struct drvcrypt_rsa_ssa *p)
823 {
824 if (!IS_ENABLED(CFG_NXP_SE05X_RSA_DRV_FALLBACK))
825 return TEE_ERROR_NOT_IMPLEMENTED;
826
827 if (se050_rsa_keypair_from_nvm(p->key.key))
828 return TEE_ERROR_NOT_IMPLEMENTED;
829
830 DMSG("se050: debug: RSA software fallback: SIGN");
831 return sw_crypto_acipher_rsassa_sign(p->algo,
832 p->key.key,
833 p->salt_len,
834 p->message.data,
835 p->message.length,
836 p->signature.data,
837 &p->signature.length);
838 }
839
do_ssa_sign(struct drvcrypt_rsa_ssa * ssa_data)840 static TEE_Result do_ssa_sign(struct drvcrypt_rsa_ssa *ssa_data)
841 {
842 if (!oefid_keylen_supported(ssa_data->key.n_size * 8))
843 return sign_ssa_fallback(ssa_data);
844
845 if (!keypair_supported(ssa_data->key.key, oefid_cipher_type()))
846 return sign_ssa_fallback(ssa_data);
847
848 /* PKCS1_PSS_MGF1 padding limitations */
849 switch (ssa_data->algo) {
850 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
851 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
852 break;
853 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
854 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
855 if (ssa_data->key.n_size * 8 <= 512)
856 return sign_ssa_fallback(ssa_data);
857 break;
858 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
859 if (ssa_data->key.n_size * 8 <= 1024)
860 return sign_ssa_fallback(ssa_data);
861 break;
862 default:
863 break;
864 }
865
866 return sign_ssa(ssa_data->algo,
867 ssa_data->key.key,
868 ssa_data->message.data,
869 ssa_data->message.length,
870 ssa_data->signature.data,
871 &ssa_data->signature.length);
872 }
873
verify_ssa_fallback(struct drvcrypt_rsa_ssa * p)874 static TEE_Result verify_ssa_fallback(struct drvcrypt_rsa_ssa *p)
875 {
876 if (!IS_ENABLED(CFG_NXP_SE05X_RSA_DRV_FALLBACK))
877 return TEE_ERROR_NOT_IMPLEMENTED;
878
879 DMSG("se050: debug: RSA software fallback: VERIFY");
880 return sw_crypto_acipher_rsassa_verify(p->algo,
881 p->key.key,
882 p->salt_len,
883 p->message.data,
884 p->message.length,
885 p->signature.data,
886 p->signature.length);
887 }
888
do_ssa_verify(struct drvcrypt_rsa_ssa * ssa_data)889 static TEE_Result do_ssa_verify(struct drvcrypt_rsa_ssa *ssa_data)
890 {
891 if (!oefid_keylen_supported(ssa_data->key.n_size * 8))
892 return verify_ssa_fallback(ssa_data);
893
894 /* PKCS1_PSS_MGF1 padding limitations */
895 switch (ssa_data->algo) {
896 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
897 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
898 break;
899 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
900 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
901 if (ssa_data->key.n_size * 8 <= 512)
902 return verify_ssa_fallback(ssa_data);
903 break;
904 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
905 if (ssa_data->key.n_size * 8 <= 1024)
906 return verify_ssa_fallback(ssa_data);
907 break;
908 default:
909 break;
910 }
911
912 return verify_ssa(ssa_data->algo,
913 ssa_data->key.key,
914 ssa_data->message.data,
915 ssa_data->message.length,
916 ssa_data->signature.data,
917 ssa_data->signature.length);
918 }
919
920 static const struct drvcrypt_rsa driver_rsa = {
921 .alloc_keypair = do_alloc_keypair,
922 .alloc_publickey = do_alloc_publickey,
923 .free_publickey = do_free_publickey,
924 .free_keypair = do_free_keypair,
925 .gen_keypair = do_gen_keypair,
926 .encrypt = do_encrypt,
927 .decrypt = do_decrypt,
928 .optional.ssa_sign = do_ssa_sign,
929 .optional.ssa_verify = do_ssa_verify,
930 };
931
rsa_init(void)932 static TEE_Result rsa_init(void)
933 {
934 return drvcrypt_register_rsa(&driver_rsa);
935 }
936
937 driver_init_late(rsa_init);
938