1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <compiler.h> 8 #include <crypto/crypto.h> 9 #include <crypto/crypto_impl.h> 10 #include <kernel/panic.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <utee_defines.h> 14 15 TEE_Result crypto_hash_alloc_ctx(void **ctx, uint32_t algo) 16 { 17 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 18 struct crypto_hash_ctx *c = NULL; 19 20 /* 21 * Use default cryptographic implement if no matching 22 * drvcrypt device. 23 */ 24 res = drvcrypt_hash_alloc_ctx(&c, algo); 25 26 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 27 switch (algo) { 28 case TEE_ALG_MD5: 29 res = crypto_md5_alloc_ctx(&c); 30 break; 31 case TEE_ALG_SHA1: 32 res = crypto_sha1_alloc_ctx(&c); 33 break; 34 case TEE_ALG_SHA224: 35 res = crypto_sha224_alloc_ctx(&c); 36 break; 37 case TEE_ALG_SHA256: 38 res = crypto_sha256_alloc_ctx(&c); 39 break; 40 case TEE_ALG_SHA384: 41 res = crypto_sha384_alloc_ctx(&c); 42 break; 43 case TEE_ALG_SHA512: 44 res = crypto_sha512_alloc_ctx(&c); 45 break; 46 case TEE_ALG_SM3: 47 res = crypto_sm3_alloc_ctx(&c); 48 break; 49 default: 50 break; 51 } 52 } 53 54 if (!res) 55 *ctx = c; 56 57 return res; 58 } 59 60 static const struct crypto_hash_ops *hash_ops(void *ctx) 61 { 62 struct crypto_hash_ctx *c = ctx; 63 64 assert(c && c->ops); 65 66 return c->ops; 67 } 68 69 void crypto_hash_free_ctx(void *ctx) 70 { 71 if (ctx) 72 hash_ops(ctx)->free_ctx(ctx); 73 } 74 75 void crypto_hash_copy_state(void *dst_ctx, void *src_ctx) 76 { 77 hash_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 78 } 79 80 TEE_Result crypto_hash_init(void *ctx) 81 { 82 return hash_ops(ctx)->init(ctx); 83 } 84 85 TEE_Result crypto_hash_update(void *ctx, const uint8_t *data, size_t len) 86 { 87 return hash_ops(ctx)->update(ctx, data, len); 88 } 89 90 TEE_Result crypto_hash_final(void *ctx, uint8_t *digest, size_t len) 91 { 92 return hash_ops(ctx)->final(ctx, digest, len); 93 } 94 95 TEE_Result crypto_cipher_alloc_ctx(void **ctx, uint32_t algo) 96 { 97 TEE_Result res = TEE_SUCCESS; 98 struct crypto_cipher_ctx *c = NULL; 99 100 switch (algo) { 101 case TEE_ALG_AES_ECB_NOPAD: 102 res = crypto_aes_ecb_alloc_ctx(&c); 103 break; 104 case TEE_ALG_AES_CBC_NOPAD: 105 res = crypto_aes_cbc_alloc_ctx(&c); 106 break; 107 case TEE_ALG_AES_CTR: 108 res = crypto_aes_ctr_alloc_ctx(&c); 109 break; 110 case TEE_ALG_AES_CTS: 111 res = crypto_aes_cts_alloc_ctx(&c); 112 break; 113 case TEE_ALG_AES_XTS: 114 res = crypto_aes_xts_alloc_ctx(&c); 115 break; 116 case TEE_ALG_DES_ECB_NOPAD: 117 res = crypto_des_ecb_alloc_ctx(&c); 118 break; 119 case TEE_ALG_DES3_ECB_NOPAD: 120 res = crypto_des3_ecb_alloc_ctx(&c); 121 break; 122 case TEE_ALG_DES_CBC_NOPAD: 123 res = crypto_des_cbc_alloc_ctx(&c); 124 break; 125 case TEE_ALG_DES3_CBC_NOPAD: 126 res = crypto_des3_cbc_alloc_ctx(&c); 127 break; 128 case TEE_ALG_SM4_ECB_NOPAD: 129 res = crypto_sm4_ecb_alloc_ctx(&c); 130 break; 131 case TEE_ALG_SM4_CBC_NOPAD: 132 res = crypto_sm4_cbc_alloc_ctx(&c); 133 break; 134 case TEE_ALG_SM4_CTR: 135 res = crypto_sm4_ctr_alloc_ctx(&c); 136 break; 137 default: 138 return TEE_ERROR_NOT_IMPLEMENTED; 139 } 140 141 if (!res) 142 *ctx = c; 143 144 return res; 145 } 146 147 static const struct crypto_cipher_ops *cipher_ops(void *ctx) 148 { 149 struct crypto_cipher_ctx *c = ctx; 150 151 assert(c && c->ops); 152 153 return c->ops; 154 } 155 156 void crypto_cipher_free_ctx(void *ctx) 157 { 158 if (ctx) 159 cipher_ops(ctx)->free_ctx(ctx); 160 } 161 162 void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx) 163 { 164 cipher_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 165 } 166 167 TEE_Result crypto_cipher_init(void *ctx, TEE_OperationMode mode, 168 const uint8_t *key1, size_t key1_len, 169 const uint8_t *key2, size_t key2_len, 170 const uint8_t *iv, size_t iv_len) 171 { 172 if (mode != TEE_MODE_DECRYPT && mode != TEE_MODE_ENCRYPT) 173 return TEE_ERROR_BAD_PARAMETERS; 174 175 return cipher_ops(ctx)->init(ctx, mode, key1, key1_len, key2, key2_len, 176 iv, iv_len); 177 } 178 179 TEE_Result crypto_cipher_update(void *ctx, TEE_OperationMode mode __unused, 180 bool last_block, const uint8_t *data, 181 size_t len, uint8_t *dst) 182 { 183 return cipher_ops(ctx)->update(ctx, last_block, data, len, dst); 184 } 185 186 void crypto_cipher_final(void *ctx) 187 { 188 cipher_ops(ctx)->final(ctx); 189 } 190 191 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size) 192 { 193 uint32_t class = TEE_ALG_GET_CLASS(algo); 194 195 if (class != TEE_OPERATION_CIPHER && class != TEE_OPERATION_MAC && 196 class != TEE_OPERATION_AE) 197 return TEE_ERROR_BAD_PARAMETERS; 198 199 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 200 case TEE_MAIN_ALGO_AES: 201 *size = TEE_AES_BLOCK_SIZE; 202 return TEE_SUCCESS; 203 case TEE_MAIN_ALGO_DES: 204 case TEE_MAIN_ALGO_DES3: 205 *size = TEE_DES_BLOCK_SIZE; 206 return TEE_SUCCESS; 207 case TEE_MAIN_ALGO_SM4: 208 *size = TEE_SM4_BLOCK_SIZE; 209 return TEE_SUCCESS; 210 default: 211 return TEE_ERROR_NOT_SUPPORTED; 212 } 213 } 214 215 TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo) 216 { 217 TEE_Result res = TEE_SUCCESS; 218 struct crypto_mac_ctx *c = NULL; 219 220 switch (algo) { 221 case TEE_ALG_HMAC_MD5: 222 res = crypto_hmac_md5_alloc_ctx(&c); 223 break; 224 case TEE_ALG_HMAC_SHA1: 225 res = crypto_hmac_sha1_alloc_ctx(&c); 226 break; 227 case TEE_ALG_HMAC_SHA224: 228 res = crypto_hmac_sha224_alloc_ctx(&c); 229 break; 230 case TEE_ALG_HMAC_SHA256: 231 res = crypto_hmac_sha256_alloc_ctx(&c); 232 break; 233 case TEE_ALG_HMAC_SHA384: 234 res = crypto_hmac_sha384_alloc_ctx(&c); 235 break; 236 case TEE_ALG_HMAC_SHA512: 237 res = crypto_hmac_sha512_alloc_ctx(&c); 238 break; 239 case TEE_ALG_HMAC_SM3: 240 res = crypto_hmac_sm3_alloc_ctx(&c); 241 break; 242 case TEE_ALG_AES_CBC_MAC_NOPAD: 243 res = crypto_aes_cbc_mac_nopad_alloc_ctx(&c); 244 break; 245 case TEE_ALG_AES_CBC_MAC_PKCS5: 246 res = crypto_aes_cbc_mac_pkcs5_alloc_ctx(&c); 247 break; 248 case TEE_ALG_DES_CBC_MAC_NOPAD: 249 res = crypto_des_cbc_mac_nopad_alloc_ctx(&c); 250 break; 251 case TEE_ALG_DES_CBC_MAC_PKCS5: 252 res = crypto_des_cbc_mac_pkcs5_alloc_ctx(&c); 253 break; 254 case TEE_ALG_DES3_CBC_MAC_NOPAD: 255 res = crypto_des3_cbc_mac_nopad_alloc_ctx(&c); 256 break; 257 case TEE_ALG_DES3_CBC_MAC_PKCS5: 258 res = crypto_des3_cbc_mac_pkcs5_alloc_ctx(&c); 259 break; 260 case TEE_ALG_AES_CMAC: 261 res = crypto_aes_cmac_alloc_ctx(&c); 262 break; 263 default: 264 return TEE_ERROR_NOT_SUPPORTED; 265 } 266 267 if (!res) 268 *ctx = c; 269 270 return res; 271 } 272 273 static const struct crypto_mac_ops *mac_ops(void *ctx) 274 { 275 struct crypto_mac_ctx *c = ctx; 276 277 assert(c && c->ops); 278 279 return c->ops; 280 } 281 282 void crypto_mac_free_ctx(void *ctx) 283 { 284 if (ctx) 285 mac_ops(ctx)->free_ctx(ctx); 286 } 287 288 void crypto_mac_copy_state(void *dst_ctx, void *src_ctx) 289 { 290 mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 291 } 292 293 TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len) 294 { 295 return mac_ops(ctx)->init(ctx, key, len); 296 } 297 298 TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len) 299 { 300 if (!len) 301 return TEE_SUCCESS; 302 303 return mac_ops(ctx)->update(ctx, data, len); 304 } 305 306 TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len) 307 { 308 return mac_ops(ctx)->final(ctx, digest, digest_len); 309 } 310 311 TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo) 312 { 313 TEE_Result res = TEE_SUCCESS; 314 struct crypto_authenc_ctx *c = NULL; 315 316 switch (algo) { 317 #if defined(CFG_CRYPTO_CCM) 318 case TEE_ALG_AES_CCM: 319 res = crypto_aes_ccm_alloc_ctx(&c); 320 break; 321 #endif 322 #if defined(CFG_CRYPTO_GCM) 323 case TEE_ALG_AES_GCM: 324 res = crypto_aes_gcm_alloc_ctx(&c); 325 break; 326 #endif 327 default: 328 return TEE_ERROR_NOT_IMPLEMENTED; 329 } 330 331 if (!res) 332 *ctx = c; 333 334 return res; 335 } 336 337 static const struct crypto_authenc_ops *ae_ops(void *ctx) 338 { 339 struct crypto_authenc_ctx *c = ctx; 340 341 assert(c && c->ops); 342 343 return c->ops; 344 } 345 346 TEE_Result crypto_authenc_init(void *ctx, TEE_OperationMode mode, 347 const uint8_t *key, size_t key_len, 348 const uint8_t *nonce, size_t nonce_len, 349 size_t tag_len, size_t aad_len, 350 size_t payload_len) 351 { 352 return ae_ops(ctx)->init(ctx, mode, key, key_len, nonce, nonce_len, 353 tag_len, aad_len, payload_len); 354 } 355 356 TEE_Result crypto_authenc_update_aad(void *ctx, TEE_OperationMode mode __unused, 357 const uint8_t *data, size_t len) 358 { 359 return ae_ops(ctx)->update_aad(ctx, data, len); 360 } 361 362 363 TEE_Result crypto_authenc_update_payload(void *ctx, TEE_OperationMode mode, 364 const uint8_t *src_data, 365 size_t src_len, uint8_t *dst_data, 366 size_t *dst_len) 367 { 368 if (*dst_len < src_len) 369 return TEE_ERROR_SHORT_BUFFER; 370 *dst_len = src_len; 371 372 return ae_ops(ctx)->update_payload(ctx, mode, src_data, src_len, 373 dst_data); 374 } 375 376 TEE_Result crypto_authenc_enc_final(void *ctx, const uint8_t *src_data, 377 size_t src_len, uint8_t *dst_data, 378 size_t *dst_len, uint8_t *dst_tag, 379 size_t *dst_tag_len) 380 { 381 if (*dst_len < src_len) 382 return TEE_ERROR_SHORT_BUFFER; 383 *dst_len = src_len; 384 385 return ae_ops(ctx)->enc_final(ctx, src_data, src_len, dst_data, 386 dst_tag, dst_tag_len); 387 } 388 389 TEE_Result crypto_authenc_dec_final(void *ctx, const uint8_t *src_data, 390 size_t src_len, uint8_t *dst_data, 391 size_t *dst_len, const uint8_t *tag, 392 size_t tag_len) 393 { 394 if (*dst_len < src_len) 395 return TEE_ERROR_SHORT_BUFFER; 396 *dst_len = src_len; 397 398 return ae_ops(ctx)->dec_final(ctx, src_data, src_len, dst_data, tag, 399 tag_len); 400 } 401 402 void crypto_authenc_final(void *ctx) 403 { 404 ae_ops(ctx)->final(ctx); 405 } 406 407 void crypto_authenc_free_ctx(void *ctx) 408 { 409 if (ctx) 410 ae_ops(ctx)->free_ctx(ctx); 411 } 412 413 void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx) 414 { 415 ae_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 416 } 417 418 #if !defined(CFG_CRYPTO_RSA) && !defined(CFG_CRYPTO_DSA) && \ 419 !defined(CFG_CRYPTO_DH) && !defined(CFG_CRYPTO_ECC) 420 struct bignum *crypto_bignum_allocate(size_t size_bits __unused) 421 { 422 return NULL; 423 } 424 425 TEE_Result crypto_bignum_bin2bn(const uint8_t *from __unused, 426 size_t fromsize __unused, 427 struct bignum *to __unused) 428 { 429 return TEE_ERROR_NOT_IMPLEMENTED; 430 } 431 432 size_t crypto_bignum_num_bytes(struct bignum *a __unused) 433 { 434 return 0; 435 } 436 437 size_t crypto_bignum_num_bits(struct bignum *a __unused) 438 { 439 return 0; 440 } 441 442 /* 443 * crypto_bignum_allocate() and crypto_bignum_bin2bn() failing should be 444 * enough to guarantee that the functions calling this function aren't 445 * called, but just in case add a panic() here to avoid unexpected 446 * behavoir. 447 */ 448 static void bignum_cant_happen(void) 449 { 450 volatile bool b = true; 451 452 /* Avoid warning about function does not return */ 453 if (b) 454 panic(); 455 } 456 457 void crypto_bignum_bn2bin(const struct bignum *from __unused, 458 uint8_t *to __unused) 459 { 460 bignum_cant_happen(); 461 } 462 463 void crypto_bignum_copy(struct bignum *to __unused, 464 const struct bignum *from __unused) 465 { 466 bignum_cant_happen(); 467 } 468 469 void crypto_bignum_free(struct bignum *a) 470 { 471 if (a) 472 panic(); 473 } 474 475 void crypto_bignum_clear(struct bignum *a __unused) 476 { 477 bignum_cant_happen(); 478 } 479 480 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 481 int32_t crypto_bignum_compare(struct bignum *a __unused, 482 struct bignum *b __unused) 483 { 484 bignum_cant_happen(); 485 return -1; 486 } 487 #endif 488 489 #if !defined(CFG_CRYPTO_RSA) 490 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s __unused, 491 size_t key_size_bits __unused) 492 { 493 return TEE_ERROR_NOT_IMPLEMENTED; 494 } 495 496 TEE_Result 497 crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s __unused, 498 size_t key_size_bits __unused) 499 { 500 return TEE_ERROR_NOT_IMPLEMENTED; 501 } 502 503 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s __unused) 504 { 505 } 506 507 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key __unused, 508 size_t key_size __unused) 509 { 510 return TEE_ERROR_NOT_IMPLEMENTED; 511 } 512 513 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key __unused, 514 const uint8_t *src __unused, 515 size_t src_len __unused, 516 uint8_t *dst __unused, 517 size_t *dst_len __unused) 518 { 519 return TEE_ERROR_NOT_IMPLEMENTED; 520 } 521 522 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key __unused, 523 const uint8_t *src __unused, 524 size_t src_len __unused, 525 uint8_t *dst __unused, 526 size_t *dst_len __unused) 527 { 528 return TEE_ERROR_NOT_IMPLEMENTED; 529 } 530 531 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo __unused, 532 struct rsa_keypair *key __unused, 533 const uint8_t *label __unused, 534 size_t label_len __unused, 535 const uint8_t *src __unused, 536 size_t src_len __unused, 537 uint8_t *dst __unused, 538 size_t *dst_len __unused) 539 { 540 return TEE_ERROR_NOT_IMPLEMENTED; 541 } 542 543 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo __unused, 544 struct rsa_public_key *key __unused, 545 const uint8_t *label __unused, 546 size_t label_len __unused, 547 const uint8_t *src __unused, 548 size_t src_len __unused, 549 uint8_t *dst __unused, 550 size_t *dst_len __unused) 551 { 552 return TEE_ERROR_NOT_IMPLEMENTED; 553 } 554 555 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo __unused, 556 struct rsa_keypair *key __unused, 557 int salt_len __unused, 558 const uint8_t *msg __unused, 559 size_t msg_len __unused, 560 uint8_t *sig __unused, 561 size_t *sig_len __unused) 562 { 563 return TEE_ERROR_NOT_IMPLEMENTED; 564 } 565 566 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo __unused, 567 struct rsa_public_key *key __unused, 568 int salt_len __unused, 569 const uint8_t *msg __unused, 570 size_t msg_len __unused, 571 const uint8_t *sig __unused, 572 size_t sig_len __unused) 573 { 574 return TEE_ERROR_NOT_IMPLEMENTED; 575 } 576 #endif /*!CFG_CRYPTO_RSA*/ 577 578 #if !defined(CFG_CRYPTO_DSA) 579 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s __unused, 580 size_t key_size_bits __unused) 581 { 582 return TEE_ERROR_NOT_IMPLEMENTED; 583 } 584 585 TEE_Result 586 crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s __unused, 587 size_t key_size_bits __unused) 588 { 589 return TEE_ERROR_NOT_IMPLEMENTED; 590 } 591 592 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key __unused, 593 size_t key_size __unused) 594 { 595 return TEE_ERROR_NOT_IMPLEMENTED; 596 } 597 598 TEE_Result crypto_acipher_dsa_sign(uint32_t algo __unused, 599 struct dsa_keypair *key __unused, 600 const uint8_t *msg __unused, 601 size_t msg_len __unused, 602 uint8_t *sig __unused, 603 size_t *sig_len __unused) 604 { 605 return TEE_ERROR_NOT_IMPLEMENTED; 606 } 607 608 TEE_Result crypto_acipher_dsa_verify(uint32_t algo __unused, 609 struct dsa_public_key *key __unused, 610 const uint8_t *msg __unused, 611 size_t msg_len __unused, 612 const uint8_t *sig __unused, 613 size_t sig_len __unused) 614 { 615 return TEE_ERROR_NOT_IMPLEMENTED; 616 } 617 #endif /*!CFG_CRYPTO_DSA*/ 618 619 #if !defined(CFG_CRYPTO_DH) 620 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s __unused, 621 size_t key_size_bits __unused) 622 { 623 return TEE_ERROR_NOT_IMPLEMENTED; 624 } 625 626 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key __unused, 627 struct bignum *q __unused, 628 size_t xbits __unused) 629 { 630 return TEE_ERROR_NOT_IMPLEMENTED; 631 } 632 633 TEE_Result 634 crypto_acipher_dh_shared_secret(struct dh_keypair *private_key __unused, 635 struct bignum *public_key __unused, 636 struct bignum *secret __unused) 637 { 638 return TEE_ERROR_NOT_IMPLEMENTED; 639 } 640 #endif /*!CFG_CRYPTO_DH*/ 641 642 #if !defined(CFG_CRYPTO_ECC) 643 TEE_Result 644 crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s __unused, 645 size_t key_size_bits __unused) 646 { 647 return TEE_ERROR_NOT_IMPLEMENTED; 648 } 649 650 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s __unused, 651 size_t key_size_bits __unused) 652 { 653 return TEE_ERROR_NOT_IMPLEMENTED; 654 } 655 656 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s __unused) 657 { 658 } 659 660 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key __unused) 661 { 662 return TEE_ERROR_NOT_IMPLEMENTED; 663 } 664 665 TEE_Result crypto_acipher_ecc_sign(uint32_t algo __unused, 666 struct ecc_keypair *key __unused, 667 const uint8_t *msg __unused, 668 size_t msg_len __unused, 669 uint8_t *sig __unused, 670 size_t *sig_len __unused) 671 { 672 return TEE_ERROR_NOT_IMPLEMENTED; 673 } 674 675 TEE_Result crypto_acipher_ecc_verify(uint32_t algo __unused, 676 struct ecc_public_key *key __unused, 677 const uint8_t *msg __unused, 678 size_t msg_len __unused, 679 const uint8_t *sig __unused, 680 size_t sig_len __unused) 681 { 682 return TEE_ERROR_NOT_IMPLEMENTED; 683 } 684 685 TEE_Result 686 crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key __unused, 687 struct ecc_public_key *public_key __unused, 688 void *secret __unused, 689 unsigned long *secret_len __unused) 690 { 691 return TEE_ERROR_NOT_IMPLEMENTED; 692 } 693 #endif /*!CFG_CRYPTO_ECC*/ 694