1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 * Copyright 2020 NXP 5 * Copyright 2021, SumUp Service GmbH 6 */ 7 8 #include <assert.h> 9 #include <compiler.h> 10 #include <crypto/crypto.h> 11 #include <crypto/crypto_impl.h> 12 #include <kernel/panic.h> 13 #include <stdlib.h> 14 #include <utee_defines.h> 15 16 TEE_Result crypto_hash_alloc_ctx(void **ctx, uint32_t algo) 17 { 18 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 19 struct crypto_hash_ctx *c = NULL; 20 21 /* 22 * Use default cryptographic implementation if no matching 23 * drvcrypt device. 24 */ 25 res = drvcrypt_hash_alloc_ctx(&c, algo); 26 27 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 28 switch (algo) { 29 case TEE_ALG_MD5: 30 res = crypto_md5_alloc_ctx(&c); 31 break; 32 case TEE_ALG_SHA1: 33 res = crypto_sha1_alloc_ctx(&c); 34 break; 35 case TEE_ALG_SHA224: 36 res = crypto_sha224_alloc_ctx(&c); 37 break; 38 case TEE_ALG_SHA256: 39 res = crypto_sha256_alloc_ctx(&c); 40 break; 41 case TEE_ALG_SHA384: 42 res = crypto_sha384_alloc_ctx(&c); 43 break; 44 case TEE_ALG_SHA512: 45 res = crypto_sha512_alloc_ctx(&c); 46 break; 47 case TEE_ALG_SHA3_224: 48 res = crypto_sha3_224_alloc_ctx(&c); 49 break; 50 case TEE_ALG_SHA3_256: 51 res = crypto_sha3_256_alloc_ctx(&c); 52 break; 53 case TEE_ALG_SHA3_384: 54 res = crypto_sha3_384_alloc_ctx(&c); 55 break; 56 case TEE_ALG_SHA3_512: 57 res = crypto_sha3_512_alloc_ctx(&c); 58 break; 59 case TEE_ALG_SHAKE128: 60 res = crypto_shake128_alloc_ctx(&c); 61 break; 62 case TEE_ALG_SHAKE256: 63 res = crypto_shake256_alloc_ctx(&c); 64 break; 65 case TEE_ALG_SM3: 66 res = crypto_sm3_alloc_ctx(&c); 67 break; 68 default: 69 break; 70 } 71 } 72 73 if (!res) 74 *ctx = c; 75 76 return res; 77 } 78 79 static const struct crypto_hash_ops *hash_ops(void *ctx) 80 { 81 struct crypto_hash_ctx *c = ctx; 82 83 assert(c && c->ops); 84 85 return c->ops; 86 } 87 88 void crypto_hash_free_ctx(void *ctx) 89 { 90 if (ctx) 91 hash_ops(ctx)->free_ctx(ctx); 92 } 93 94 void crypto_hash_copy_state(void *dst_ctx, void *src_ctx) 95 { 96 hash_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 97 } 98 99 TEE_Result crypto_hash_init(void *ctx) 100 { 101 return hash_ops(ctx)->init(ctx); 102 } 103 104 TEE_Result crypto_hash_update(void *ctx, const uint8_t *data, size_t len) 105 { 106 return hash_ops(ctx)->update(ctx, data, len); 107 } 108 109 TEE_Result crypto_hash_final(void *ctx, uint8_t *digest, size_t len) 110 { 111 return hash_ops(ctx)->final(ctx, digest, len); 112 } 113 114 TEE_Result crypto_cipher_alloc_ctx(void **ctx, uint32_t algo) 115 { 116 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 117 struct crypto_cipher_ctx *c = NULL; 118 119 /* 120 * Use default cryptographic implementation if no matching 121 * drvcrypt device. 122 */ 123 res = drvcrypt_cipher_alloc_ctx(&c, algo); 124 125 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 126 switch (algo) { 127 case TEE_ALG_AES_ECB_NOPAD: 128 res = crypto_aes_ecb_alloc_ctx(&c); 129 break; 130 case TEE_ALG_AES_CBC_NOPAD: 131 res = crypto_aes_cbc_alloc_ctx(&c); 132 break; 133 case TEE_ALG_AES_CTR: 134 res = crypto_aes_ctr_alloc_ctx(&c); 135 break; 136 case TEE_ALG_AES_CTS: 137 res = crypto_aes_cts_alloc_ctx(&c); 138 break; 139 case TEE_ALG_AES_XTS: 140 res = crypto_aes_xts_alloc_ctx(&c); 141 break; 142 case TEE_ALG_DES_ECB_NOPAD: 143 res = crypto_des_ecb_alloc_ctx(&c); 144 break; 145 case TEE_ALG_DES3_ECB_NOPAD: 146 res = crypto_des3_ecb_alloc_ctx(&c); 147 break; 148 case TEE_ALG_DES_CBC_NOPAD: 149 res = crypto_des_cbc_alloc_ctx(&c); 150 break; 151 case TEE_ALG_DES3_CBC_NOPAD: 152 res = crypto_des3_cbc_alloc_ctx(&c); 153 break; 154 case TEE_ALG_SM4_ECB_NOPAD: 155 res = crypto_sm4_ecb_alloc_ctx(&c); 156 break; 157 case TEE_ALG_SM4_CBC_NOPAD: 158 res = crypto_sm4_cbc_alloc_ctx(&c); 159 break; 160 case TEE_ALG_SM4_CTR: 161 res = crypto_sm4_ctr_alloc_ctx(&c); 162 break; 163 case TEE_ALG_SM4_XTS: 164 res = crypto_sm4_xts_alloc_ctx(&c); 165 break; 166 default: 167 return TEE_ERROR_NOT_IMPLEMENTED; 168 } 169 } 170 171 if (!res) 172 *ctx = c; 173 174 return res; 175 } 176 177 static const struct crypto_cipher_ops *cipher_ops(void *ctx) 178 { 179 struct crypto_cipher_ctx *c = ctx; 180 181 assert(c && c->ops); 182 183 return c->ops; 184 } 185 186 void crypto_cipher_free_ctx(void *ctx) 187 { 188 if (ctx) 189 cipher_ops(ctx)->free_ctx(ctx); 190 } 191 192 void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx) 193 { 194 cipher_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 195 } 196 197 TEE_Result crypto_cipher_init(void *ctx, TEE_OperationMode mode, 198 const uint8_t *key1, size_t key1_len, 199 const uint8_t *key2, size_t key2_len, 200 const uint8_t *iv, size_t iv_len) 201 { 202 if (mode != TEE_MODE_DECRYPT && mode != TEE_MODE_ENCRYPT) 203 return TEE_ERROR_BAD_PARAMETERS; 204 205 return cipher_ops(ctx)->init(ctx, mode, key1, key1_len, key2, key2_len, 206 iv, iv_len); 207 } 208 209 TEE_Result crypto_cipher_update(void *ctx, TEE_OperationMode mode __unused, 210 bool last_block, const uint8_t *data, 211 size_t len, uint8_t *dst) 212 { 213 return cipher_ops(ctx)->update(ctx, last_block, data, len, dst); 214 } 215 216 void crypto_cipher_final(void *ctx) 217 { 218 cipher_ops(ctx)->final(ctx); 219 } 220 221 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size) 222 { 223 uint32_t class = TEE_ALG_GET_CLASS(algo); 224 225 if (class != TEE_OPERATION_CIPHER && class != TEE_OPERATION_MAC && 226 class != TEE_OPERATION_AE) 227 return TEE_ERROR_BAD_PARAMETERS; 228 229 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 230 case TEE_MAIN_ALGO_AES: 231 *size = TEE_AES_BLOCK_SIZE; 232 return TEE_SUCCESS; 233 case TEE_MAIN_ALGO_DES: 234 case TEE_MAIN_ALGO_DES3: 235 *size = TEE_DES_BLOCK_SIZE; 236 return TEE_SUCCESS; 237 case TEE_MAIN_ALGO_SM4: 238 *size = TEE_SM4_BLOCK_SIZE; 239 return TEE_SUCCESS; 240 default: 241 return TEE_ERROR_NOT_SUPPORTED; 242 } 243 } 244 245 TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo) 246 { 247 TEE_Result res = TEE_SUCCESS; 248 struct crypto_mac_ctx *c = NULL; 249 250 /* 251 * Use default cryptographic implementation if no matching 252 * drvcrypt device. 253 */ 254 res = drvcrypt_mac_alloc_ctx(&c, algo); 255 256 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 257 switch (algo) { 258 case TEE_ALG_HMAC_MD5: 259 res = crypto_hmac_md5_alloc_ctx(&c); 260 break; 261 case TEE_ALG_HMAC_SHA1: 262 res = crypto_hmac_sha1_alloc_ctx(&c); 263 break; 264 case TEE_ALG_HMAC_SHA224: 265 res = crypto_hmac_sha224_alloc_ctx(&c); 266 break; 267 case TEE_ALG_HMAC_SHA256: 268 res = crypto_hmac_sha256_alloc_ctx(&c); 269 break; 270 case TEE_ALG_HMAC_SHA384: 271 res = crypto_hmac_sha384_alloc_ctx(&c); 272 break; 273 case TEE_ALG_HMAC_SHA512: 274 res = crypto_hmac_sha512_alloc_ctx(&c); 275 break; 276 case TEE_ALG_HMAC_SHA3_224: 277 res = crypto_hmac_sha3_224_alloc_ctx(&c); 278 break; 279 case TEE_ALG_HMAC_SHA3_256: 280 res = crypto_hmac_sha3_256_alloc_ctx(&c); 281 break; 282 case TEE_ALG_HMAC_SHA3_384: 283 res = crypto_hmac_sha3_384_alloc_ctx(&c); 284 break; 285 case TEE_ALG_HMAC_SHA3_512: 286 res = crypto_hmac_sha3_512_alloc_ctx(&c); 287 break; 288 case TEE_ALG_HMAC_SM3: 289 res = crypto_hmac_sm3_alloc_ctx(&c); 290 break; 291 case TEE_ALG_AES_CBC_MAC_NOPAD: 292 res = crypto_aes_cbc_mac_nopad_alloc_ctx(&c); 293 break; 294 case TEE_ALG_AES_CBC_MAC_PKCS5: 295 res = crypto_aes_cbc_mac_pkcs5_alloc_ctx(&c); 296 break; 297 case TEE_ALG_DES_CBC_MAC_NOPAD: 298 res = crypto_des_cbc_mac_nopad_alloc_ctx(&c); 299 break; 300 case TEE_ALG_DES_CBC_MAC_PKCS5: 301 res = crypto_des_cbc_mac_pkcs5_alloc_ctx(&c); 302 break; 303 case TEE_ALG_DES3_CBC_MAC_NOPAD: 304 res = crypto_des3_cbc_mac_nopad_alloc_ctx(&c); 305 break; 306 case TEE_ALG_DES3_CBC_MAC_PKCS5: 307 res = crypto_des3_cbc_mac_pkcs5_alloc_ctx(&c); 308 break; 309 case TEE_ALG_DES3_CMAC: 310 res = crypto_des3_cmac_alloc_ctx(&c); 311 break; 312 case TEE_ALG_AES_CMAC: 313 res = crypto_aes_cmac_alloc_ctx(&c); 314 break; 315 default: 316 return TEE_ERROR_NOT_SUPPORTED; 317 } 318 } 319 320 if (!res) 321 *ctx = c; 322 323 return res; 324 } 325 326 static const struct crypto_mac_ops *mac_ops(void *ctx) 327 { 328 struct crypto_mac_ctx *c = ctx; 329 330 assert(c && c->ops); 331 332 return c->ops; 333 } 334 335 void crypto_mac_free_ctx(void *ctx) 336 { 337 if (ctx) 338 mac_ops(ctx)->free_ctx(ctx); 339 } 340 341 void crypto_mac_copy_state(void *dst_ctx, void *src_ctx) 342 { 343 mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 344 } 345 346 TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len) 347 { 348 return mac_ops(ctx)->init(ctx, key, len); 349 } 350 351 TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len) 352 { 353 if (!len) 354 return TEE_SUCCESS; 355 356 return mac_ops(ctx)->update(ctx, data, len); 357 } 358 359 TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len) 360 { 361 return mac_ops(ctx)->final(ctx, digest, digest_len); 362 } 363 364 TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo) 365 { 366 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 367 struct crypto_authenc_ctx *c = NULL; 368 369 /* 370 * Use default authenc implementation if no matching 371 * drvcrypt device. 372 */ 373 res = drvcrypt_authenc_alloc_ctx(&c, algo); 374 375 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 376 switch (algo) { 377 #if defined(CFG_CRYPTO_CCM) 378 case TEE_ALG_AES_CCM: 379 res = crypto_aes_ccm_alloc_ctx(&c); 380 break; 381 #endif 382 #if defined(CFG_CRYPTO_GCM) 383 case TEE_ALG_AES_GCM: 384 res = crypto_aes_gcm_alloc_ctx(&c); 385 break; 386 #endif 387 default: 388 break; 389 } 390 } 391 392 if (!res) 393 *ctx = c; 394 395 return res; 396 } 397 398 static const struct crypto_authenc_ops *ae_ops(void *ctx) 399 { 400 struct crypto_authenc_ctx *c = ctx; 401 402 assert(c && c->ops); 403 404 return c->ops; 405 } 406 407 TEE_Result crypto_authenc_init(void *ctx, TEE_OperationMode mode, 408 const uint8_t *key, size_t key_len, 409 const uint8_t *nonce, size_t nonce_len, 410 size_t tag_len, size_t aad_len, 411 size_t payload_len) 412 { 413 return ae_ops(ctx)->init(ctx, mode, key, key_len, nonce, nonce_len, 414 tag_len, aad_len, payload_len); 415 } 416 417 TEE_Result crypto_authenc_update_aad(void *ctx, TEE_OperationMode mode __unused, 418 const uint8_t *data, size_t len) 419 { 420 return ae_ops(ctx)->update_aad(ctx, data, len); 421 } 422 423 424 TEE_Result crypto_authenc_update_payload(void *ctx, TEE_OperationMode mode, 425 const uint8_t *src_data, 426 size_t src_len, uint8_t *dst_data, 427 size_t *dst_len) 428 { 429 if (*dst_len < src_len) 430 return TEE_ERROR_SHORT_BUFFER; 431 *dst_len = src_len; 432 433 return ae_ops(ctx)->update_payload(ctx, mode, src_data, src_len, 434 dst_data); 435 } 436 437 TEE_Result crypto_authenc_enc_final(void *ctx, const uint8_t *src_data, 438 size_t src_len, uint8_t *dst_data, 439 size_t *dst_len, uint8_t *dst_tag, 440 size_t *dst_tag_len) 441 { 442 if (*dst_len < src_len) 443 return TEE_ERROR_SHORT_BUFFER; 444 *dst_len = src_len; 445 446 return ae_ops(ctx)->enc_final(ctx, src_data, src_len, dst_data, 447 dst_tag, dst_tag_len); 448 } 449 450 TEE_Result crypto_authenc_dec_final(void *ctx, const uint8_t *src_data, 451 size_t src_len, uint8_t *dst_data, 452 size_t *dst_len, const uint8_t *tag, 453 size_t tag_len) 454 { 455 if (*dst_len < src_len) 456 return TEE_ERROR_SHORT_BUFFER; 457 *dst_len = src_len; 458 459 return ae_ops(ctx)->dec_final(ctx, src_data, src_len, dst_data, tag, 460 tag_len); 461 } 462 463 void crypto_authenc_final(void *ctx) 464 { 465 ae_ops(ctx)->final(ctx); 466 } 467 468 void crypto_authenc_free_ctx(void *ctx) 469 { 470 if (ctx) 471 ae_ops(ctx)->free_ctx(ctx); 472 } 473 474 void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx) 475 { 476 ae_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 477 } 478 479 #if !defined(CFG_CRYPTO_RSA) && !defined(CFG_CRYPTO_DSA) && \ 480 !defined(CFG_CRYPTO_DH) && !defined(CFG_CRYPTO_ECC) 481 struct bignum *crypto_bignum_allocate(size_t size_bits __unused) 482 { 483 return NULL; 484 } 485 486 TEE_Result crypto_bignum_bin2bn(const uint8_t *from __unused, 487 size_t fromsize __unused, 488 struct bignum *to __unused) 489 { 490 return TEE_ERROR_NOT_IMPLEMENTED; 491 } 492 493 size_t crypto_bignum_num_bytes(struct bignum *a __unused) 494 { 495 return 0; 496 } 497 498 size_t crypto_bignum_num_bits(struct bignum *a __unused) 499 { 500 return 0; 501 } 502 503 /* 504 * crypto_bignum_allocate() and crypto_bignum_bin2bn() failing should be 505 * enough to guarantee that the functions calling this function aren't 506 * called, but just in case add a panic() here to avoid unexpected 507 * behavoir. 508 */ 509 static void bignum_cant_happen(void) 510 { 511 volatile bool b = true; 512 513 /* Avoid warning about function does not return */ 514 if (b) 515 panic(); 516 } 517 518 void crypto_bignum_bn2bin(const struct bignum *from __unused, 519 uint8_t *to __unused) 520 { 521 bignum_cant_happen(); 522 } 523 524 void crypto_bignum_copy(struct bignum *to __unused, 525 const struct bignum *from __unused) 526 { 527 bignum_cant_happen(); 528 } 529 530 void crypto_bignum_free(struct bignum **a) 531 { 532 if (a && *a) 533 panic(); 534 } 535 536 void crypto_bignum_clear(struct bignum *a __unused) 537 { 538 bignum_cant_happen(); 539 } 540 541 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 542 int32_t crypto_bignum_compare(struct bignum *a __unused, 543 struct bignum *b __unused) 544 { 545 bignum_cant_happen(); 546 return -1; 547 } 548 #endif 549 550 #if !defined(CFG_CRYPTO_RSA) 551 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s __unused, 552 size_t key_size_bits __unused) 553 { 554 return TEE_ERROR_NOT_IMPLEMENTED; 555 } 556 557 TEE_Result 558 crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s __unused, 559 size_t key_size_bits __unused) 560 { 561 return TEE_ERROR_NOT_IMPLEMENTED; 562 } 563 564 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s __unused) 565 { 566 } 567 568 void crypto_acipher_free_rsa_keypair(struct rsa_keypair *s __unused) 569 { 570 } 571 572 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key __unused, 573 size_t key_size __unused) 574 { 575 return TEE_ERROR_NOT_IMPLEMENTED; 576 } 577 578 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key __unused, 579 const uint8_t *src __unused, 580 size_t src_len __unused, 581 uint8_t *dst __unused, 582 size_t *dst_len __unused) 583 { 584 return TEE_ERROR_NOT_IMPLEMENTED; 585 } 586 587 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key __unused, 588 const uint8_t *src __unused, 589 size_t src_len __unused, 590 uint8_t *dst __unused, 591 size_t *dst_len __unused) 592 { 593 return TEE_ERROR_NOT_IMPLEMENTED; 594 } 595 596 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo __unused, 597 struct rsa_keypair *key __unused, 598 const uint8_t *label __unused, 599 size_t label_len __unused, 600 const uint8_t *src __unused, 601 size_t src_len __unused, 602 uint8_t *dst __unused, 603 size_t *dst_len __unused) 604 { 605 return TEE_ERROR_NOT_IMPLEMENTED; 606 } 607 608 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo __unused, 609 struct rsa_public_key *key __unused, 610 const uint8_t *label __unused, 611 size_t label_len __unused, 612 const uint8_t *src __unused, 613 size_t src_len __unused, 614 uint8_t *dst __unused, 615 size_t *dst_len __unused) 616 { 617 return TEE_ERROR_NOT_IMPLEMENTED; 618 } 619 620 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo __unused, 621 struct rsa_keypair *key __unused, 622 int salt_len __unused, 623 const uint8_t *msg __unused, 624 size_t msg_len __unused, 625 uint8_t *sig __unused, 626 size_t *sig_len __unused) 627 { 628 return TEE_ERROR_NOT_IMPLEMENTED; 629 } 630 631 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo __unused, 632 struct rsa_public_key *key __unused, 633 int salt_len __unused, 634 const uint8_t *msg __unused, 635 size_t msg_len __unused, 636 const uint8_t *sig __unused, 637 size_t sig_len __unused) 638 { 639 return TEE_ERROR_NOT_IMPLEMENTED; 640 } 641 #endif /*!CFG_CRYPTO_RSA*/ 642 643 #if !defined(CFG_CRYPTO_DSA) 644 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s __unused, 645 size_t key_size_bits __unused) 646 { 647 return TEE_ERROR_NOT_IMPLEMENTED; 648 } 649 650 TEE_Result 651 crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s __unused, 652 size_t key_size_bits __unused) 653 { 654 return TEE_ERROR_NOT_IMPLEMENTED; 655 } 656 657 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key __unused, 658 size_t key_size __unused) 659 { 660 return TEE_ERROR_NOT_IMPLEMENTED; 661 } 662 663 TEE_Result crypto_acipher_dsa_sign(uint32_t algo __unused, 664 struct dsa_keypair *key __unused, 665 const uint8_t *msg __unused, 666 size_t msg_len __unused, 667 uint8_t *sig __unused, 668 size_t *sig_len __unused) 669 { 670 return TEE_ERROR_NOT_IMPLEMENTED; 671 } 672 673 TEE_Result crypto_acipher_dsa_verify(uint32_t algo __unused, 674 struct dsa_public_key *key __unused, 675 const uint8_t *msg __unused, 676 size_t msg_len __unused, 677 const uint8_t *sig __unused, 678 size_t sig_len __unused) 679 { 680 return TEE_ERROR_NOT_IMPLEMENTED; 681 } 682 #endif /*!CFG_CRYPTO_DSA*/ 683 684 #if !defined(CFG_CRYPTO_DH) 685 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s __unused, 686 size_t key_size_bits __unused) 687 { 688 return TEE_ERROR_NOT_IMPLEMENTED; 689 } 690 691 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key __unused, 692 struct bignum *q __unused, 693 size_t xbits __unused, 694 size_t key_size __unused) 695 { 696 return TEE_ERROR_NOT_IMPLEMENTED; 697 } 698 699 TEE_Result 700 crypto_acipher_dh_shared_secret(struct dh_keypair *private_key __unused, 701 struct bignum *public_key __unused, 702 struct bignum *secret __unused) 703 { 704 return TEE_ERROR_NOT_IMPLEMENTED; 705 } 706 #endif /*!CFG_CRYPTO_DH*/ 707 708 TEE_Result crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *key, 709 uint32_t key_type, 710 size_t key_size_bits) 711 { 712 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 713 714 /* 715 * Use default cryptographic implementation if no matching 716 * drvcrypt device. 717 */ 718 res = drvcrypt_asym_alloc_ecc_public_key(key, key_type, key_size_bits); 719 if (res == TEE_ERROR_NOT_IMPLEMENTED) 720 res = crypto_asym_alloc_ecc_public_key(key, key_type, 721 key_size_bits); 722 723 return res; 724 } 725 726 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *key, 727 uint32_t key_type, 728 size_t key_size_bits) 729 { 730 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 731 732 /* 733 * Use default cryptographic implementation if no matching 734 * drvcrypt device. 735 */ 736 res = drvcrypt_asym_alloc_ecc_keypair(key, key_type, key_size_bits); 737 if (res == TEE_ERROR_NOT_IMPLEMENTED) 738 res = crypto_asym_alloc_ecc_keypair(key, key_type, 739 key_size_bits); 740 741 return res; 742 } 743 744 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *key) 745 { 746 assert(key->ops && key->ops->free); 747 748 key->ops->free(key); 749 } 750 751 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key, 752 size_t key_size_bits) 753 { 754 assert(key->ops && key->ops->generate); 755 756 return key->ops->generate(key, key_size_bits); 757 } 758 759 TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key, 760 const uint8_t *msg, size_t msg_len, 761 uint8_t *sig, size_t *sig_len) 762 { 763 assert(key->ops); 764 765 if (!key->ops->sign) 766 return TEE_ERROR_NOT_IMPLEMENTED; 767 768 return key->ops->sign(algo, key, msg, msg_len, sig, sig_len); 769 } 770 771 TEE_Result crypto_acipher_ecc_verify(uint32_t algo, struct ecc_public_key *key, 772 const uint8_t *msg, size_t msg_len, 773 const uint8_t *sig, size_t sig_len) 774 { 775 assert(key->ops); 776 777 if (!key->ops->verify) 778 return TEE_ERROR_NOT_IMPLEMENTED; 779 780 return key->ops->verify(algo, key, msg, msg_len, sig, sig_len); 781 } 782 783 TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, 784 struct ecc_public_key *public_key, 785 void *secret, 786 unsigned long *secret_len) 787 { 788 assert(private_key->ops); 789 790 if (!private_key->ops->shared_secret) 791 return TEE_ERROR_NOT_IMPLEMENTED; 792 793 return private_key->ops->shared_secret(private_key, public_key, secret, 794 secret_len); 795 } 796 797 TEE_Result crypto_acipher_sm2_pke_decrypt(struct ecc_keypair *key, 798 const uint8_t *src, size_t src_len, 799 uint8_t *dst, size_t *dst_len) 800 { 801 assert(key->ops); 802 803 if (!key->ops->decrypt) 804 return TEE_ERROR_NOT_IMPLEMENTED; 805 806 return key->ops->decrypt(key, src, src_len, dst, dst_len); 807 } 808 809 TEE_Result crypto_acipher_sm2_pke_encrypt(struct ecc_public_key *key, 810 const uint8_t *src, size_t src_len, 811 uint8_t *dst, size_t *dst_len) 812 { 813 assert(key->ops); 814 815 if (!key->ops->encrypt) 816 return TEE_ERROR_NOT_IMPLEMENTED; 817 818 return key->ops->encrypt(key, src, src_len, dst, dst_len); 819 } 820 821 #if !defined(CFG_CRYPTO_SM2_KEP) 822 TEE_Result crypto_acipher_sm2_kep_derive(struct ecc_keypair *my_key __unused, 823 struct ecc_keypair *my_eph_key 824 __unused, 825 struct ecc_public_key *peer_key 826 __unused, 827 struct ecc_public_key *peer_eph_key 828 __unused, 829 struct sm2_kep_parms *p __unused) 830 { 831 return TEE_ERROR_NOT_IMPLEMENTED; 832 } 833 #endif 834 835 #if !defined(CFG_CRYPTO_X25519) 836 TEE_Result crypto_acipher_alloc_x25519_keypair(struct montgomery_keypair *key 837 __unused, 838 size_t key_size_bits __unused) 839 { 840 return TEE_ERROR_NOT_IMPLEMENTED; 841 } 842 843 TEE_Result crypto_acipher_gen_x25519_key(struct montgomery_keypair 844 *key __unused, 845 size_t key_size __unused) 846 { 847 return TEE_ERROR_NOT_IMPLEMENTED; 848 } 849 850 TEE_Result crypto_acipher_x25519_shared_secret(struct montgomery_keypair 851 *private_key __unused, 852 void *public_key __unused, 853 void *secret __unused, 854 unsigned long 855 *secret_len __unused) 856 { 857 return TEE_ERROR_NOT_IMPLEMENTED; 858 } 859 #endif 860 861 #if !defined(CFG_CRYPTO_X448) 862 TEE_Result crypto_acipher_alloc_x448_keypair(struct montgomery_keypair *key 863 __unused, 864 size_t key_size_bits __unused) 865 { 866 return TEE_ERROR_NOT_IMPLEMENTED; 867 } 868 869 TEE_Result crypto_acipher_gen_x448_key(struct montgomery_keypair *key __unused, 870 size_t key_size __unused) 871 { 872 return TEE_ERROR_NOT_IMPLEMENTED; 873 } 874 875 TEE_Result crypto_acipher_x448_shared_secret(struct montgomery_keypair 876 *private_key __unused, 877 void *public_key __unused, 878 void *secret __unused, 879 unsigned long 880 *secret_len __unused) 881 { 882 return TEE_ERROR_NOT_IMPLEMENTED; 883 } 884 #endif 885 886 #if !defined(CFG_CRYPTO_ED25519) 887 TEE_Result crypto_acipher_alloc_ed25519_keypair(struct ed25519_keypair *key 888 __unused, 889 size_t key_size_bits __unused) 890 { 891 return TEE_ERROR_NOT_IMPLEMENTED; 892 } 893 894 TEE_Result 895 crypto_acipher_alloc_ed25519_public_key(struct ed25519_public_key *key __unused, 896 size_t key_size __unused) 897 { 898 return TEE_ERROR_NOT_IMPLEMENTED; 899 } 900 901 TEE_Result crypto_acipher_gen_ed25519_key(struct ed25519_keypair *key __unused, 902 size_t key_size __unused) 903 { 904 return TEE_ERROR_NOT_IMPLEMENTED; 905 } 906 907 TEE_Result crypto_acipher_ed25519_sign(struct ed25519_keypair *key __unused, 908 const uint8_t *msg __unused, 909 size_t msg_len __unused, 910 uint8_t *sig __unused, 911 size_t *sig_len __unused) 912 { 913 return TEE_ERROR_NOT_IMPLEMENTED; 914 } 915 916 TEE_Result 917 crypto_acipher_ed25519_verify(struct ed25519_public_key *key __unused, 918 const uint8_t *msg __unused, 919 size_t msg_len __unused, 920 const uint8_t *sig __unused, 921 size_t sig_len __unused) 922 { 923 return TEE_ERROR_NOT_IMPLEMENTED; 924 } 925 926 TEE_Result crypto_acipher_ed25519ctx_sign(struct ed25519_keypair *key __unused, 927 const uint8_t *msg __unused, 928 size_t msg_len __unused, 929 uint8_t *sig __unused, 930 size_t *sig_len __unused, 931 bool ph_flag __unused, 932 const uint8_t *ctx __unused, 933 size_t ctxlen __unused) 934 { 935 return TEE_ERROR_NOT_IMPLEMENTED; 936 } 937 938 TEE_Result 939 crypto_acipher_ed25519ctx_verify(struct ed25519_public_key *key __unused, 940 const uint8_t *msg __unused, 941 size_t msg_len __unused, 942 const uint8_t *sig __unused, 943 size_t sig_len __unused, 944 bool ph_flag __unused, 945 const uint8_t *ctx __unused, 946 size_t ctxlen __unused) 947 { 948 return TEE_ERROR_NOT_IMPLEMENTED; 949 } 950 #endif 951 952 __weak TEE_Result crypto_storage_obj_del(struct tee_obj *obj __unused) 953 { 954 return TEE_ERROR_NOT_IMPLEMENTED; 955 } 956