1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <compiler.h> 8 #include <crypto/crypto.h> 9 #include <crypto/crypto_impl.h> 10 #include <kernel/panic.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <utee_defines.h> 14 15 TEE_Result crypto_hash_alloc_ctx(void **ctx, uint32_t algo) 16 { 17 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 18 struct crypto_hash_ctx *c = NULL; 19 20 /* 21 * Use default cryptographic implement if no matching 22 * drvcrypt device. 23 */ 24 res = drvcrypt_hash_alloc_ctx(&c, algo); 25 26 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 27 switch (algo) { 28 case TEE_ALG_MD5: 29 res = crypto_md5_alloc_ctx(&c); 30 break; 31 case TEE_ALG_SHA1: 32 res = crypto_sha1_alloc_ctx(&c); 33 break; 34 case TEE_ALG_SHA224: 35 res = crypto_sha224_alloc_ctx(&c); 36 break; 37 case TEE_ALG_SHA256: 38 res = crypto_sha256_alloc_ctx(&c); 39 break; 40 case TEE_ALG_SHA384: 41 res = crypto_sha384_alloc_ctx(&c); 42 break; 43 case TEE_ALG_SHA512: 44 res = crypto_sha512_alloc_ctx(&c); 45 break; 46 default: 47 break; 48 } 49 } 50 51 if (!res) 52 *ctx = c; 53 54 return res; 55 } 56 57 static const struct crypto_hash_ops *hash_ops(void *ctx) 58 { 59 struct crypto_hash_ctx *c = ctx; 60 61 assert(c && c->ops); 62 63 return c->ops; 64 } 65 66 void crypto_hash_free_ctx(void *ctx) 67 { 68 if (ctx) 69 hash_ops(ctx)->free_ctx(ctx); 70 } 71 72 void crypto_hash_copy_state(void *dst_ctx, void *src_ctx) 73 { 74 hash_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 75 } 76 77 TEE_Result crypto_hash_init(void *ctx) 78 { 79 return hash_ops(ctx)->init(ctx); 80 } 81 82 TEE_Result crypto_hash_update(void *ctx, const uint8_t *data, size_t len) 83 { 84 return hash_ops(ctx)->update(ctx, data, len); 85 } 86 87 TEE_Result crypto_hash_final(void *ctx, uint8_t *digest, size_t len) 88 { 89 return hash_ops(ctx)->final(ctx, digest, len); 90 } 91 92 TEE_Result crypto_cipher_alloc_ctx(void **ctx, uint32_t algo) 93 { 94 TEE_Result res = TEE_SUCCESS; 95 struct crypto_cipher_ctx *c = NULL; 96 97 switch (algo) { 98 case TEE_ALG_AES_ECB_NOPAD: 99 res = crypto_aes_ecb_alloc_ctx(&c); 100 break; 101 case TEE_ALG_AES_CBC_NOPAD: 102 res = crypto_aes_cbc_alloc_ctx(&c); 103 break; 104 case TEE_ALG_AES_CTR: 105 res = crypto_aes_ctr_alloc_ctx(&c); 106 break; 107 case TEE_ALG_AES_CTS: 108 res = crypto_aes_cts_alloc_ctx(&c); 109 break; 110 case TEE_ALG_AES_XTS: 111 res = crypto_aes_xts_alloc_ctx(&c); 112 break; 113 case TEE_ALG_DES_ECB_NOPAD: 114 res = crypto_des_ecb_alloc_ctx(&c); 115 break; 116 case TEE_ALG_DES3_ECB_NOPAD: 117 res = crypto_des3_ecb_alloc_ctx(&c); 118 break; 119 case TEE_ALG_DES_CBC_NOPAD: 120 res = crypto_des_cbc_alloc_ctx(&c); 121 break; 122 case TEE_ALG_DES3_CBC_NOPAD: 123 res = crypto_des3_cbc_alloc_ctx(&c); 124 break; 125 default: 126 return TEE_ERROR_NOT_IMPLEMENTED; 127 } 128 129 if (!res) 130 *ctx = c; 131 132 return res; 133 } 134 135 static const struct crypto_cipher_ops *cipher_ops(void *ctx) 136 { 137 struct crypto_cipher_ctx *c = ctx; 138 139 assert(c && c->ops); 140 141 return c->ops; 142 } 143 144 void crypto_cipher_free_ctx(void *ctx) 145 { 146 if (ctx) 147 cipher_ops(ctx)->free_ctx(ctx); 148 } 149 150 void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx) 151 { 152 cipher_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 153 } 154 155 TEE_Result crypto_cipher_init(void *ctx, TEE_OperationMode mode, 156 const uint8_t *key1, size_t key1_len, 157 const uint8_t *key2, size_t key2_len, 158 const uint8_t *iv, size_t iv_len) 159 { 160 if (mode != TEE_MODE_DECRYPT && mode != TEE_MODE_ENCRYPT) 161 return TEE_ERROR_BAD_PARAMETERS; 162 163 return cipher_ops(ctx)->init(ctx, mode, key1, key1_len, key2, key2_len, 164 iv, iv_len); 165 } 166 167 TEE_Result crypto_cipher_update(void *ctx, TEE_OperationMode mode __unused, 168 bool last_block, const uint8_t *data, 169 size_t len, uint8_t *dst) 170 { 171 return cipher_ops(ctx)->update(ctx, last_block, data, len, dst); 172 } 173 174 void crypto_cipher_final(void *ctx) 175 { 176 cipher_ops(ctx)->final(ctx); 177 } 178 179 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size) 180 { 181 uint32_t class = TEE_ALG_GET_CLASS(algo); 182 183 if (class != TEE_OPERATION_CIPHER && class != TEE_OPERATION_MAC && 184 class != TEE_OPERATION_AE) 185 return TEE_ERROR_BAD_PARAMETERS; 186 187 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 188 case TEE_MAIN_ALGO_AES: 189 *size = TEE_AES_BLOCK_SIZE; 190 return TEE_SUCCESS; 191 case TEE_MAIN_ALGO_DES: 192 case TEE_MAIN_ALGO_DES3: 193 *size = TEE_DES_BLOCK_SIZE; 194 return TEE_SUCCESS; 195 default: 196 return TEE_ERROR_NOT_SUPPORTED; 197 } 198 } 199 200 TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo) 201 { 202 TEE_Result res = TEE_SUCCESS; 203 struct crypto_mac_ctx *c = NULL; 204 205 switch (algo) { 206 case TEE_ALG_HMAC_MD5: 207 res = crypto_hmac_md5_alloc_ctx(&c); 208 break; 209 case TEE_ALG_HMAC_SHA1: 210 res = crypto_hmac_sha1_alloc_ctx(&c); 211 break; 212 case TEE_ALG_HMAC_SHA224: 213 res = crypto_hmac_sha224_alloc_ctx(&c); 214 break; 215 case TEE_ALG_HMAC_SHA256: 216 res = crypto_hmac_sha256_alloc_ctx(&c); 217 break; 218 case TEE_ALG_HMAC_SHA384: 219 res = crypto_hmac_sha384_alloc_ctx(&c); 220 break; 221 case TEE_ALG_HMAC_SHA512: 222 res = crypto_hmac_sha512_alloc_ctx(&c); 223 break; 224 case TEE_ALG_AES_CBC_MAC_NOPAD: 225 res = crypto_aes_cbc_mac_nopad_alloc_ctx(&c); 226 break; 227 case TEE_ALG_AES_CBC_MAC_PKCS5: 228 res = crypto_aes_cbc_mac_pkcs5_alloc_ctx(&c); 229 break; 230 case TEE_ALG_DES_CBC_MAC_NOPAD: 231 res = crypto_des_cbc_mac_nopad_alloc_ctx(&c); 232 break; 233 case TEE_ALG_DES_CBC_MAC_PKCS5: 234 res = crypto_des_cbc_mac_pkcs5_alloc_ctx(&c); 235 break; 236 case TEE_ALG_DES3_CBC_MAC_NOPAD: 237 res = crypto_des3_cbc_mac_nopad_alloc_ctx(&c); 238 break; 239 case TEE_ALG_DES3_CBC_MAC_PKCS5: 240 res = crypto_des3_cbc_mac_pkcs5_alloc_ctx(&c); 241 break; 242 case TEE_ALG_AES_CMAC: 243 res = crypto_aes_cmac_alloc_ctx(&c); 244 break; 245 default: 246 return TEE_ERROR_NOT_SUPPORTED; 247 } 248 249 if (!res) 250 *ctx = c; 251 252 return res; 253 } 254 255 static const struct crypto_mac_ops *mac_ops(void *ctx) 256 { 257 struct crypto_mac_ctx *c = ctx; 258 259 assert(c && c->ops); 260 261 return c->ops; 262 } 263 264 void crypto_mac_free_ctx(void *ctx) 265 { 266 if (ctx) 267 mac_ops(ctx)->free_ctx(ctx); 268 } 269 270 void crypto_mac_copy_state(void *dst_ctx, void *src_ctx) 271 { 272 mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 273 } 274 275 TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len) 276 { 277 return mac_ops(ctx)->init(ctx, key, len); 278 } 279 280 TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len) 281 { 282 if (!len) 283 return TEE_SUCCESS; 284 285 return mac_ops(ctx)->update(ctx, data, len); 286 } 287 288 TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len) 289 { 290 return mac_ops(ctx)->final(ctx, digest, digest_len); 291 } 292 293 TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo) 294 { 295 TEE_Result res = TEE_SUCCESS; 296 struct crypto_authenc_ctx *c = NULL; 297 298 switch (algo) { 299 #if defined(CFG_CRYPTO_CCM) 300 case TEE_ALG_AES_CCM: 301 res = crypto_aes_ccm_alloc_ctx(&c); 302 break; 303 #endif 304 #if defined(CFG_CRYPTO_GCM) 305 case TEE_ALG_AES_GCM: 306 res = crypto_aes_gcm_alloc_ctx(&c); 307 break; 308 #endif 309 default: 310 return TEE_ERROR_NOT_IMPLEMENTED; 311 } 312 313 if (!res) 314 *ctx = c; 315 316 return res; 317 } 318 319 static const struct crypto_authenc_ops *ae_ops(void *ctx) 320 { 321 struct crypto_authenc_ctx *c = ctx; 322 323 assert(c && c->ops); 324 325 return c->ops; 326 } 327 328 TEE_Result crypto_authenc_init(void *ctx, TEE_OperationMode mode, 329 const uint8_t *key, size_t key_len, 330 const uint8_t *nonce, size_t nonce_len, 331 size_t tag_len, size_t aad_len, 332 size_t payload_len) 333 { 334 return ae_ops(ctx)->init(ctx, mode, key, key_len, nonce, nonce_len, 335 tag_len, aad_len, payload_len); 336 } 337 338 TEE_Result crypto_authenc_update_aad(void *ctx, TEE_OperationMode mode __unused, 339 const uint8_t *data, size_t len) 340 { 341 return ae_ops(ctx)->update_aad(ctx, data, len); 342 } 343 344 345 TEE_Result crypto_authenc_update_payload(void *ctx, TEE_OperationMode mode, 346 const uint8_t *src_data, 347 size_t src_len, uint8_t *dst_data, 348 size_t *dst_len) 349 { 350 if (*dst_len < src_len) 351 return TEE_ERROR_SHORT_BUFFER; 352 *dst_len = src_len; 353 354 return ae_ops(ctx)->update_payload(ctx, mode, src_data, src_len, 355 dst_data); 356 } 357 358 TEE_Result crypto_authenc_enc_final(void *ctx, const uint8_t *src_data, 359 size_t src_len, uint8_t *dst_data, 360 size_t *dst_len, uint8_t *dst_tag, 361 size_t *dst_tag_len) 362 { 363 if (*dst_len < src_len) 364 return TEE_ERROR_SHORT_BUFFER; 365 *dst_len = src_len; 366 367 return ae_ops(ctx)->enc_final(ctx, src_data, src_len, dst_data, 368 dst_tag, dst_tag_len); 369 } 370 371 TEE_Result crypto_authenc_dec_final(void *ctx, const uint8_t *src_data, 372 size_t src_len, uint8_t *dst_data, 373 size_t *dst_len, const uint8_t *tag, 374 size_t tag_len) 375 { 376 if (*dst_len < src_len) 377 return TEE_ERROR_SHORT_BUFFER; 378 *dst_len = src_len; 379 380 return ae_ops(ctx)->dec_final(ctx, src_data, src_len, dst_data, tag, 381 tag_len); 382 } 383 384 void crypto_authenc_final(void *ctx) 385 { 386 ae_ops(ctx)->final(ctx); 387 } 388 389 void crypto_authenc_free_ctx(void *ctx) 390 { 391 if (ctx) 392 ae_ops(ctx)->free_ctx(ctx); 393 } 394 395 void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx) 396 { 397 ae_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 398 } 399 400 #if !defined(CFG_CRYPTO_RSA) && !defined(CFG_CRYPTO_DSA) && \ 401 !defined(CFG_CRYPTO_DH) && !defined(CFG_CRYPTO_ECC) 402 struct bignum *crypto_bignum_allocate(size_t size_bits __unused) 403 { 404 return NULL; 405 } 406 407 TEE_Result crypto_bignum_bin2bn(const uint8_t *from __unused, 408 size_t fromsize __unused, 409 struct bignum *to __unused) 410 { 411 return TEE_ERROR_NOT_IMPLEMENTED; 412 } 413 414 size_t crypto_bignum_num_bytes(struct bignum *a __unused) 415 { 416 return 0; 417 } 418 419 size_t crypto_bignum_num_bits(struct bignum *a __unused) 420 { 421 return 0; 422 } 423 424 /* 425 * crypto_bignum_allocate() and crypto_bignum_bin2bn() failing should be 426 * enough to guarantee that the functions calling this function aren't 427 * called, but just in case add a panic() here to avoid unexpected 428 * behavoir. 429 */ 430 static void bignum_cant_happen(void) 431 { 432 volatile bool b = true; 433 434 /* Avoid warning about function does not return */ 435 if (b) 436 panic(); 437 } 438 439 void crypto_bignum_bn2bin(const struct bignum *from __unused, 440 uint8_t *to __unused) 441 { 442 bignum_cant_happen(); 443 } 444 445 void crypto_bignum_copy(struct bignum *to __unused, 446 const struct bignum *from __unused) 447 { 448 bignum_cant_happen(); 449 } 450 451 void crypto_bignum_free(struct bignum *a) 452 { 453 if (a) 454 panic(); 455 } 456 457 void crypto_bignum_clear(struct bignum *a __unused) 458 { 459 bignum_cant_happen(); 460 } 461 462 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 463 int32_t crypto_bignum_compare(struct bignum *a __unused, 464 struct bignum *b __unused) 465 { 466 bignum_cant_happen(); 467 return -1; 468 } 469 #endif 470 471 #if !defined(CFG_CRYPTO_RSA) 472 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s __unused, 473 size_t key_size_bits __unused) 474 { 475 return TEE_ERROR_NOT_IMPLEMENTED; 476 } 477 478 TEE_Result 479 crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s __unused, 480 size_t key_size_bits __unused) 481 { 482 return TEE_ERROR_NOT_IMPLEMENTED; 483 } 484 485 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s __unused) 486 { 487 } 488 489 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key __unused, 490 size_t key_size __unused) 491 { 492 return TEE_ERROR_NOT_IMPLEMENTED; 493 } 494 495 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key __unused, 496 const uint8_t *src __unused, 497 size_t src_len __unused, 498 uint8_t *dst __unused, 499 size_t *dst_len __unused) 500 { 501 return TEE_ERROR_NOT_IMPLEMENTED; 502 } 503 504 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key __unused, 505 const uint8_t *src __unused, 506 size_t src_len __unused, 507 uint8_t *dst __unused, 508 size_t *dst_len __unused) 509 { 510 return TEE_ERROR_NOT_IMPLEMENTED; 511 } 512 513 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo __unused, 514 struct rsa_keypair *key __unused, 515 const uint8_t *label __unused, 516 size_t label_len __unused, 517 const uint8_t *src __unused, 518 size_t src_len __unused, 519 uint8_t *dst __unused, 520 size_t *dst_len __unused) 521 { 522 return TEE_ERROR_NOT_IMPLEMENTED; 523 } 524 525 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo __unused, 526 struct rsa_public_key *key __unused, 527 const uint8_t *label __unused, 528 size_t label_len __unused, 529 const uint8_t *src __unused, 530 size_t src_len __unused, 531 uint8_t *dst __unused, 532 size_t *dst_len __unused) 533 { 534 return TEE_ERROR_NOT_IMPLEMENTED; 535 } 536 537 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo __unused, 538 struct rsa_keypair *key __unused, 539 int salt_len __unused, 540 const uint8_t *msg __unused, 541 size_t msg_len __unused, 542 uint8_t *sig __unused, 543 size_t *sig_len __unused) 544 { 545 return TEE_ERROR_NOT_IMPLEMENTED; 546 } 547 548 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo __unused, 549 struct rsa_public_key *key __unused, 550 int salt_len __unused, 551 const uint8_t *msg __unused, 552 size_t msg_len __unused, 553 const uint8_t *sig __unused, 554 size_t sig_len __unused) 555 { 556 return TEE_ERROR_NOT_IMPLEMENTED; 557 } 558 #endif /*!CFG_CRYPTO_RSA*/ 559 560 #if !defined(CFG_CRYPTO_DSA) 561 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s __unused, 562 size_t key_size_bits __unused) 563 { 564 return TEE_ERROR_NOT_IMPLEMENTED; 565 } 566 567 TEE_Result 568 crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s __unused, 569 size_t key_size_bits __unused) 570 { 571 return TEE_ERROR_NOT_IMPLEMENTED; 572 } 573 574 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key __unused, 575 size_t key_size __unused) 576 { 577 return TEE_ERROR_NOT_IMPLEMENTED; 578 } 579 580 TEE_Result crypto_acipher_dsa_sign(uint32_t algo __unused, 581 struct dsa_keypair *key __unused, 582 const uint8_t *msg __unused, 583 size_t msg_len __unused, 584 uint8_t *sig __unused, 585 size_t *sig_len __unused) 586 { 587 return TEE_ERROR_NOT_IMPLEMENTED; 588 } 589 590 TEE_Result crypto_acipher_dsa_verify(uint32_t algo __unused, 591 struct dsa_public_key *key __unused, 592 const uint8_t *msg __unused, 593 size_t msg_len __unused, 594 const uint8_t *sig __unused, 595 size_t sig_len __unused) 596 { 597 return TEE_ERROR_NOT_IMPLEMENTED; 598 } 599 #endif /*!CFG_CRYPTO_DSA*/ 600 601 #if !defined(CFG_CRYPTO_DH) 602 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s __unused, 603 size_t key_size_bits __unused) 604 { 605 return TEE_ERROR_NOT_IMPLEMENTED; 606 } 607 608 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key __unused, 609 struct bignum *q __unused, 610 size_t xbits __unused) 611 { 612 return TEE_ERROR_NOT_IMPLEMENTED; 613 } 614 615 TEE_Result 616 crypto_acipher_dh_shared_secret(struct dh_keypair *private_key __unused, 617 struct bignum *public_key __unused, 618 struct bignum *secret __unused) 619 { 620 return TEE_ERROR_NOT_IMPLEMENTED; 621 } 622 #endif /*!CFG_CRYPTO_DH*/ 623 624 #if !defined(CFG_CRYPTO_ECC) 625 TEE_Result 626 crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s __unused, 627 size_t key_size_bits __unused) 628 { 629 return TEE_ERROR_NOT_IMPLEMENTED; 630 } 631 632 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s __unused, 633 size_t key_size_bits __unused) 634 { 635 return TEE_ERROR_NOT_IMPLEMENTED; 636 } 637 638 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s __unused) 639 { 640 } 641 642 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key __unused) 643 { 644 return TEE_ERROR_NOT_IMPLEMENTED; 645 } 646 647 TEE_Result crypto_acipher_ecc_sign(uint32_t algo __unused, 648 struct ecc_keypair *key __unused, 649 const uint8_t *msg __unused, 650 size_t msg_len __unused, 651 uint8_t *sig __unused, 652 size_t *sig_len __unused) 653 { 654 return TEE_ERROR_NOT_IMPLEMENTED; 655 } 656 657 TEE_Result crypto_acipher_ecc_verify(uint32_t algo __unused, 658 struct ecc_public_key *key __unused, 659 const uint8_t *msg __unused, 660 size_t msg_len __unused, 661 const uint8_t *sig __unused, 662 size_t sig_len __unused) 663 { 664 return TEE_ERROR_NOT_IMPLEMENTED; 665 } 666 667 TEE_Result 668 crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key __unused, 669 struct ecc_public_key *public_key __unused, 670 void *secret __unused, 671 unsigned long *secret_len __unused) 672 { 673 return TEE_ERROR_NOT_IMPLEMENTED; 674 } 675 #endif /*!CFG_CRYPTO_ECC*/ 676