1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <compiler.h> 8 #include <crypto/crypto.h> 9 #include <crypto/crypto_impl.h> 10 #include <kernel/panic.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <utee_defines.h> 14 15 TEE_Result crypto_hash_alloc_ctx(void **ctx, uint32_t algo) 16 { 17 TEE_Result res = TEE_ERROR_NOT_IMPLEMENTED; 18 struct crypto_hash_ctx *c = NULL; 19 20 /* 21 * Use default cryptographic implement if no matching 22 * drvcrypt device. 23 */ 24 res = drvcrypt_hash_alloc_ctx(&c, algo); 25 26 if (res == TEE_ERROR_NOT_IMPLEMENTED) { 27 switch (algo) { 28 case TEE_ALG_MD5: 29 res = crypto_md5_alloc_ctx(&c); 30 break; 31 case TEE_ALG_SHA1: 32 res = crypto_sha1_alloc_ctx(&c); 33 break; 34 case TEE_ALG_SHA224: 35 res = crypto_sha224_alloc_ctx(&c); 36 break; 37 case TEE_ALG_SHA256: 38 res = crypto_sha256_alloc_ctx(&c); 39 break; 40 case TEE_ALG_SHA384: 41 res = crypto_sha384_alloc_ctx(&c); 42 break; 43 case TEE_ALG_SHA512: 44 res = crypto_sha512_alloc_ctx(&c); 45 break; 46 default: 47 break; 48 } 49 } 50 51 if (!res) 52 *ctx = c; 53 54 return res; 55 } 56 57 static const struct crypto_hash_ops *hash_ops(void *ctx) 58 { 59 struct crypto_hash_ctx *c = ctx; 60 61 assert(c && c->ops); 62 63 return c->ops; 64 } 65 66 void crypto_hash_free_ctx(void *ctx) 67 { 68 if (ctx) 69 hash_ops(ctx)->free_ctx(ctx); 70 } 71 72 void crypto_hash_copy_state(void *dst_ctx, void *src_ctx) 73 { 74 hash_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 75 } 76 77 TEE_Result crypto_hash_init(void *ctx) 78 { 79 return hash_ops(ctx)->init(ctx); 80 } 81 82 TEE_Result crypto_hash_update(void *ctx, const uint8_t *data, size_t len) 83 { 84 return hash_ops(ctx)->update(ctx, data, len); 85 } 86 87 TEE_Result crypto_hash_final(void *ctx, uint8_t *digest, size_t len) 88 { 89 return hash_ops(ctx)->final(ctx, digest, len); 90 } 91 92 TEE_Result crypto_cipher_alloc_ctx(void **ctx, uint32_t algo) 93 { 94 TEE_Result res = TEE_SUCCESS; 95 struct crypto_cipher_ctx *c = NULL; 96 97 switch (algo) { 98 case TEE_ALG_AES_ECB_NOPAD: 99 res = crypto_aes_ecb_alloc_ctx(&c); 100 break; 101 case TEE_ALG_AES_CBC_NOPAD: 102 res = crypto_aes_cbc_alloc_ctx(&c); 103 break; 104 case TEE_ALG_AES_CTR: 105 res = crypto_aes_ctr_alloc_ctx(&c); 106 break; 107 case TEE_ALG_AES_CTS: 108 res = crypto_aes_cts_alloc_ctx(&c); 109 break; 110 case TEE_ALG_AES_XTS: 111 res = crypto_aes_xts_alloc_ctx(&c); 112 break; 113 case TEE_ALG_DES_ECB_NOPAD: 114 res = crypto_des_ecb_alloc_ctx(&c); 115 break; 116 case TEE_ALG_DES3_ECB_NOPAD: 117 res = crypto_des3_ecb_alloc_ctx(&c); 118 break; 119 case TEE_ALG_DES_CBC_NOPAD: 120 res = crypto_des_cbc_alloc_ctx(&c); 121 break; 122 case TEE_ALG_DES3_CBC_NOPAD: 123 res = crypto_des3_cbc_alloc_ctx(&c); 124 break; 125 case TEE_ALG_SM4_ECB_NOPAD: 126 res = crypto_sm4_ecb_alloc_ctx(&c); 127 break; 128 case TEE_ALG_SM4_CBC_NOPAD: 129 res = crypto_sm4_cbc_alloc_ctx(&c); 130 break; 131 case TEE_ALG_SM4_CTR: 132 res = crypto_sm4_ctr_alloc_ctx(&c); 133 break; 134 default: 135 return TEE_ERROR_NOT_IMPLEMENTED; 136 } 137 138 if (!res) 139 *ctx = c; 140 141 return res; 142 } 143 144 static const struct crypto_cipher_ops *cipher_ops(void *ctx) 145 { 146 struct crypto_cipher_ctx *c = ctx; 147 148 assert(c && c->ops); 149 150 return c->ops; 151 } 152 153 void crypto_cipher_free_ctx(void *ctx) 154 { 155 if (ctx) 156 cipher_ops(ctx)->free_ctx(ctx); 157 } 158 159 void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx) 160 { 161 cipher_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 162 } 163 164 TEE_Result crypto_cipher_init(void *ctx, TEE_OperationMode mode, 165 const uint8_t *key1, size_t key1_len, 166 const uint8_t *key2, size_t key2_len, 167 const uint8_t *iv, size_t iv_len) 168 { 169 if (mode != TEE_MODE_DECRYPT && mode != TEE_MODE_ENCRYPT) 170 return TEE_ERROR_BAD_PARAMETERS; 171 172 return cipher_ops(ctx)->init(ctx, mode, key1, key1_len, key2, key2_len, 173 iv, iv_len); 174 } 175 176 TEE_Result crypto_cipher_update(void *ctx, TEE_OperationMode mode __unused, 177 bool last_block, const uint8_t *data, 178 size_t len, uint8_t *dst) 179 { 180 return cipher_ops(ctx)->update(ctx, last_block, data, len, dst); 181 } 182 183 void crypto_cipher_final(void *ctx) 184 { 185 cipher_ops(ctx)->final(ctx); 186 } 187 188 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size) 189 { 190 uint32_t class = TEE_ALG_GET_CLASS(algo); 191 192 if (class != TEE_OPERATION_CIPHER && class != TEE_OPERATION_MAC && 193 class != TEE_OPERATION_AE) 194 return TEE_ERROR_BAD_PARAMETERS; 195 196 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 197 case TEE_MAIN_ALGO_AES: 198 *size = TEE_AES_BLOCK_SIZE; 199 return TEE_SUCCESS; 200 case TEE_MAIN_ALGO_DES: 201 case TEE_MAIN_ALGO_DES3: 202 *size = TEE_DES_BLOCK_SIZE; 203 return TEE_SUCCESS; 204 case TEE_MAIN_ALGO_SM4: 205 *size = TEE_SM4_BLOCK_SIZE; 206 return TEE_SUCCESS; 207 default: 208 return TEE_ERROR_NOT_SUPPORTED; 209 } 210 } 211 212 TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo) 213 { 214 TEE_Result res = TEE_SUCCESS; 215 struct crypto_mac_ctx *c = NULL; 216 217 switch (algo) { 218 case TEE_ALG_HMAC_MD5: 219 res = crypto_hmac_md5_alloc_ctx(&c); 220 break; 221 case TEE_ALG_HMAC_SHA1: 222 res = crypto_hmac_sha1_alloc_ctx(&c); 223 break; 224 case TEE_ALG_HMAC_SHA224: 225 res = crypto_hmac_sha224_alloc_ctx(&c); 226 break; 227 case TEE_ALG_HMAC_SHA256: 228 res = crypto_hmac_sha256_alloc_ctx(&c); 229 break; 230 case TEE_ALG_HMAC_SHA384: 231 res = crypto_hmac_sha384_alloc_ctx(&c); 232 break; 233 case TEE_ALG_HMAC_SHA512: 234 res = crypto_hmac_sha512_alloc_ctx(&c); 235 break; 236 case TEE_ALG_AES_CBC_MAC_NOPAD: 237 res = crypto_aes_cbc_mac_nopad_alloc_ctx(&c); 238 break; 239 case TEE_ALG_AES_CBC_MAC_PKCS5: 240 res = crypto_aes_cbc_mac_pkcs5_alloc_ctx(&c); 241 break; 242 case TEE_ALG_DES_CBC_MAC_NOPAD: 243 res = crypto_des_cbc_mac_nopad_alloc_ctx(&c); 244 break; 245 case TEE_ALG_DES_CBC_MAC_PKCS5: 246 res = crypto_des_cbc_mac_pkcs5_alloc_ctx(&c); 247 break; 248 case TEE_ALG_DES3_CBC_MAC_NOPAD: 249 res = crypto_des3_cbc_mac_nopad_alloc_ctx(&c); 250 break; 251 case TEE_ALG_DES3_CBC_MAC_PKCS5: 252 res = crypto_des3_cbc_mac_pkcs5_alloc_ctx(&c); 253 break; 254 case TEE_ALG_AES_CMAC: 255 res = crypto_aes_cmac_alloc_ctx(&c); 256 break; 257 default: 258 return TEE_ERROR_NOT_SUPPORTED; 259 } 260 261 if (!res) 262 *ctx = c; 263 264 return res; 265 } 266 267 static const struct crypto_mac_ops *mac_ops(void *ctx) 268 { 269 struct crypto_mac_ctx *c = ctx; 270 271 assert(c && c->ops); 272 273 return c->ops; 274 } 275 276 void crypto_mac_free_ctx(void *ctx) 277 { 278 if (ctx) 279 mac_ops(ctx)->free_ctx(ctx); 280 } 281 282 void crypto_mac_copy_state(void *dst_ctx, void *src_ctx) 283 { 284 mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 285 } 286 287 TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len) 288 { 289 return mac_ops(ctx)->init(ctx, key, len); 290 } 291 292 TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len) 293 { 294 if (!len) 295 return TEE_SUCCESS; 296 297 return mac_ops(ctx)->update(ctx, data, len); 298 } 299 300 TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len) 301 { 302 return mac_ops(ctx)->final(ctx, digest, digest_len); 303 } 304 305 TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo) 306 { 307 TEE_Result res = TEE_SUCCESS; 308 struct crypto_authenc_ctx *c = NULL; 309 310 switch (algo) { 311 #if defined(CFG_CRYPTO_CCM) 312 case TEE_ALG_AES_CCM: 313 res = crypto_aes_ccm_alloc_ctx(&c); 314 break; 315 #endif 316 #if defined(CFG_CRYPTO_GCM) 317 case TEE_ALG_AES_GCM: 318 res = crypto_aes_gcm_alloc_ctx(&c); 319 break; 320 #endif 321 default: 322 return TEE_ERROR_NOT_IMPLEMENTED; 323 } 324 325 if (!res) 326 *ctx = c; 327 328 return res; 329 } 330 331 static const struct crypto_authenc_ops *ae_ops(void *ctx) 332 { 333 struct crypto_authenc_ctx *c = ctx; 334 335 assert(c && c->ops); 336 337 return c->ops; 338 } 339 340 TEE_Result crypto_authenc_init(void *ctx, TEE_OperationMode mode, 341 const uint8_t *key, size_t key_len, 342 const uint8_t *nonce, size_t nonce_len, 343 size_t tag_len, size_t aad_len, 344 size_t payload_len) 345 { 346 return ae_ops(ctx)->init(ctx, mode, key, key_len, nonce, nonce_len, 347 tag_len, aad_len, payload_len); 348 } 349 350 TEE_Result crypto_authenc_update_aad(void *ctx, TEE_OperationMode mode __unused, 351 const uint8_t *data, size_t len) 352 { 353 return ae_ops(ctx)->update_aad(ctx, data, len); 354 } 355 356 357 TEE_Result crypto_authenc_update_payload(void *ctx, TEE_OperationMode mode, 358 const uint8_t *src_data, 359 size_t src_len, uint8_t *dst_data, 360 size_t *dst_len) 361 { 362 if (*dst_len < src_len) 363 return TEE_ERROR_SHORT_BUFFER; 364 *dst_len = src_len; 365 366 return ae_ops(ctx)->update_payload(ctx, mode, src_data, src_len, 367 dst_data); 368 } 369 370 TEE_Result crypto_authenc_enc_final(void *ctx, const uint8_t *src_data, 371 size_t src_len, uint8_t *dst_data, 372 size_t *dst_len, uint8_t *dst_tag, 373 size_t *dst_tag_len) 374 { 375 if (*dst_len < src_len) 376 return TEE_ERROR_SHORT_BUFFER; 377 *dst_len = src_len; 378 379 return ae_ops(ctx)->enc_final(ctx, src_data, src_len, dst_data, 380 dst_tag, dst_tag_len); 381 } 382 383 TEE_Result crypto_authenc_dec_final(void *ctx, const uint8_t *src_data, 384 size_t src_len, uint8_t *dst_data, 385 size_t *dst_len, const uint8_t *tag, 386 size_t tag_len) 387 { 388 if (*dst_len < src_len) 389 return TEE_ERROR_SHORT_BUFFER; 390 *dst_len = src_len; 391 392 return ae_ops(ctx)->dec_final(ctx, src_data, src_len, dst_data, tag, 393 tag_len); 394 } 395 396 void crypto_authenc_final(void *ctx) 397 { 398 ae_ops(ctx)->final(ctx); 399 } 400 401 void crypto_authenc_free_ctx(void *ctx) 402 { 403 if (ctx) 404 ae_ops(ctx)->free_ctx(ctx); 405 } 406 407 void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx) 408 { 409 ae_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); 410 } 411 412 #if !defined(CFG_CRYPTO_RSA) && !defined(CFG_CRYPTO_DSA) && \ 413 !defined(CFG_CRYPTO_DH) && !defined(CFG_CRYPTO_ECC) 414 struct bignum *crypto_bignum_allocate(size_t size_bits __unused) 415 { 416 return NULL; 417 } 418 419 TEE_Result crypto_bignum_bin2bn(const uint8_t *from __unused, 420 size_t fromsize __unused, 421 struct bignum *to __unused) 422 { 423 return TEE_ERROR_NOT_IMPLEMENTED; 424 } 425 426 size_t crypto_bignum_num_bytes(struct bignum *a __unused) 427 { 428 return 0; 429 } 430 431 size_t crypto_bignum_num_bits(struct bignum *a __unused) 432 { 433 return 0; 434 } 435 436 /* 437 * crypto_bignum_allocate() and crypto_bignum_bin2bn() failing should be 438 * enough to guarantee that the functions calling this function aren't 439 * called, but just in case add a panic() here to avoid unexpected 440 * behavoir. 441 */ 442 static void bignum_cant_happen(void) 443 { 444 volatile bool b = true; 445 446 /* Avoid warning about function does not return */ 447 if (b) 448 panic(); 449 } 450 451 void crypto_bignum_bn2bin(const struct bignum *from __unused, 452 uint8_t *to __unused) 453 { 454 bignum_cant_happen(); 455 } 456 457 void crypto_bignum_copy(struct bignum *to __unused, 458 const struct bignum *from __unused) 459 { 460 bignum_cant_happen(); 461 } 462 463 void crypto_bignum_free(struct bignum *a) 464 { 465 if (a) 466 panic(); 467 } 468 469 void crypto_bignum_clear(struct bignum *a __unused) 470 { 471 bignum_cant_happen(); 472 } 473 474 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 475 int32_t crypto_bignum_compare(struct bignum *a __unused, 476 struct bignum *b __unused) 477 { 478 bignum_cant_happen(); 479 return -1; 480 } 481 #endif 482 483 #if !defined(CFG_CRYPTO_RSA) 484 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s __unused, 485 size_t key_size_bits __unused) 486 { 487 return TEE_ERROR_NOT_IMPLEMENTED; 488 } 489 490 TEE_Result 491 crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s __unused, 492 size_t key_size_bits __unused) 493 { 494 return TEE_ERROR_NOT_IMPLEMENTED; 495 } 496 497 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s __unused) 498 { 499 } 500 501 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key __unused, 502 size_t key_size __unused) 503 { 504 return TEE_ERROR_NOT_IMPLEMENTED; 505 } 506 507 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key __unused, 508 const uint8_t *src __unused, 509 size_t src_len __unused, 510 uint8_t *dst __unused, 511 size_t *dst_len __unused) 512 { 513 return TEE_ERROR_NOT_IMPLEMENTED; 514 } 515 516 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key __unused, 517 const uint8_t *src __unused, 518 size_t src_len __unused, 519 uint8_t *dst __unused, 520 size_t *dst_len __unused) 521 { 522 return TEE_ERROR_NOT_IMPLEMENTED; 523 } 524 525 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo __unused, 526 struct rsa_keypair *key __unused, 527 const uint8_t *label __unused, 528 size_t label_len __unused, 529 const uint8_t *src __unused, 530 size_t src_len __unused, 531 uint8_t *dst __unused, 532 size_t *dst_len __unused) 533 { 534 return TEE_ERROR_NOT_IMPLEMENTED; 535 } 536 537 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo __unused, 538 struct rsa_public_key *key __unused, 539 const uint8_t *label __unused, 540 size_t label_len __unused, 541 const uint8_t *src __unused, 542 size_t src_len __unused, 543 uint8_t *dst __unused, 544 size_t *dst_len __unused) 545 { 546 return TEE_ERROR_NOT_IMPLEMENTED; 547 } 548 549 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo __unused, 550 struct rsa_keypair *key __unused, 551 int salt_len __unused, 552 const uint8_t *msg __unused, 553 size_t msg_len __unused, 554 uint8_t *sig __unused, 555 size_t *sig_len __unused) 556 { 557 return TEE_ERROR_NOT_IMPLEMENTED; 558 } 559 560 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo __unused, 561 struct rsa_public_key *key __unused, 562 int salt_len __unused, 563 const uint8_t *msg __unused, 564 size_t msg_len __unused, 565 const uint8_t *sig __unused, 566 size_t sig_len __unused) 567 { 568 return TEE_ERROR_NOT_IMPLEMENTED; 569 } 570 #endif /*!CFG_CRYPTO_RSA*/ 571 572 #if !defined(CFG_CRYPTO_DSA) 573 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s __unused, 574 size_t key_size_bits __unused) 575 { 576 return TEE_ERROR_NOT_IMPLEMENTED; 577 } 578 579 TEE_Result 580 crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s __unused, 581 size_t key_size_bits __unused) 582 { 583 return TEE_ERROR_NOT_IMPLEMENTED; 584 } 585 586 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key __unused, 587 size_t key_size __unused) 588 { 589 return TEE_ERROR_NOT_IMPLEMENTED; 590 } 591 592 TEE_Result crypto_acipher_dsa_sign(uint32_t algo __unused, 593 struct dsa_keypair *key __unused, 594 const uint8_t *msg __unused, 595 size_t msg_len __unused, 596 uint8_t *sig __unused, 597 size_t *sig_len __unused) 598 { 599 return TEE_ERROR_NOT_IMPLEMENTED; 600 } 601 602 TEE_Result crypto_acipher_dsa_verify(uint32_t algo __unused, 603 struct dsa_public_key *key __unused, 604 const uint8_t *msg __unused, 605 size_t msg_len __unused, 606 const uint8_t *sig __unused, 607 size_t sig_len __unused) 608 { 609 return TEE_ERROR_NOT_IMPLEMENTED; 610 } 611 #endif /*!CFG_CRYPTO_DSA*/ 612 613 #if !defined(CFG_CRYPTO_DH) 614 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s __unused, 615 size_t key_size_bits __unused) 616 { 617 return TEE_ERROR_NOT_IMPLEMENTED; 618 } 619 620 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key __unused, 621 struct bignum *q __unused, 622 size_t xbits __unused) 623 { 624 return TEE_ERROR_NOT_IMPLEMENTED; 625 } 626 627 TEE_Result 628 crypto_acipher_dh_shared_secret(struct dh_keypair *private_key __unused, 629 struct bignum *public_key __unused, 630 struct bignum *secret __unused) 631 { 632 return TEE_ERROR_NOT_IMPLEMENTED; 633 } 634 #endif /*!CFG_CRYPTO_DH*/ 635 636 #if !defined(CFG_CRYPTO_ECC) 637 TEE_Result 638 crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s __unused, 639 size_t key_size_bits __unused) 640 { 641 return TEE_ERROR_NOT_IMPLEMENTED; 642 } 643 644 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s __unused, 645 size_t key_size_bits __unused) 646 { 647 return TEE_ERROR_NOT_IMPLEMENTED; 648 } 649 650 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s __unused) 651 { 652 } 653 654 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key __unused) 655 { 656 return TEE_ERROR_NOT_IMPLEMENTED; 657 } 658 659 TEE_Result crypto_acipher_ecc_sign(uint32_t algo __unused, 660 struct ecc_keypair *key __unused, 661 const uint8_t *msg __unused, 662 size_t msg_len __unused, 663 uint8_t *sig __unused, 664 size_t *sig_len __unused) 665 { 666 return TEE_ERROR_NOT_IMPLEMENTED; 667 } 668 669 TEE_Result crypto_acipher_ecc_verify(uint32_t algo __unused, 670 struct ecc_public_key *key __unused, 671 const uint8_t *msg __unused, 672 size_t msg_len __unused, 673 const uint8_t *sig __unused, 674 size_t sig_len __unused) 675 { 676 return TEE_ERROR_NOT_IMPLEMENTED; 677 } 678 679 TEE_Result 680 crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key __unused, 681 struct ecc_public_key *public_key __unused, 682 void *secret __unused, 683 unsigned long *secret_len __unused) 684 { 685 return TEE_ERROR_NOT_IMPLEMENTED; 686 } 687 #endif /*!CFG_CRYPTO_ECC*/ 688