1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <tee_api_types.h> 28 #include <kernel/tee_ta_manager.h> 29 #include <utee_defines.h> 30 #include <mm/tee_mmu.h> 31 #include <tee/tee_svc.h> 32 #include <tee/tee_svc_cryp.h> 33 #include <tee/tee_cryp_utl.h> 34 #include <sys/queue.h> 35 #include <tee/tee_obj.h> 36 #include <tee/tee_cryp_provider.h> 37 #include <trace.h> 38 #include <string_ext.h> 39 40 /* Set an attribute on an object */ 41 #define SET_ATTRIBUTE(_object, _props, _attr) \ 42 ((_object)->have_attrs |= \ 43 (1 << (tee_svc_cryp_obj_find_type_attr_idx((_attr), (_props))))) 44 45 /* Get an attribute on an object */ 46 #define GET_ATTRIBUTE(_object, _props, _attr) \ 47 ((_object)->have_attrs & \ 48 (1 << (tee_svc_cryp_obj_find_type_attr_idx((_attr), (_props))))) 49 50 #define TEE_USAGE_DEFAULT 0xffffffff 51 #define TEE_ATTR_BIT_PROTECTED (1 << 28) 52 53 typedef void (*tee_cryp_ctx_finalize_func_t) (void *ctx, uint32_t algo); 54 struct tee_cryp_state { 55 TAILQ_ENTRY(tee_cryp_state) link; 56 uint32_t algo; 57 uint32_t mode; 58 uint32_t key1; 59 uint32_t key2; 60 size_t ctx_size; 61 void *ctx; 62 tee_cryp_ctx_finalize_func_t ctx_finalize; 63 }; 64 65 struct tee_cryp_obj_secret { 66 uint32_t key_size; 67 68 /* 69 * Pseudo code visualize layout of structure 70 * Next follows data, such as: 71 * uint8_t data[key_size] 72 * key_size must never exceed 73 * (obj->data_size - sizeof(struct tee_cryp_obj_secret)). 74 */ 75 }; 76 77 #define TEE_TYPE_ATTR_OPTIONAL 0x0 78 #define TEE_TYPE_ATTR_REQUIRED 0x1 79 #define TEE_TYPE_ATTR_OPTIONAL_GROUP 0x2 80 #define TEE_TYPE_ATTR_SIZE_INDICATOR 0x4 81 #define TEE_TYPE_ATTR_GEN_KEY_OPT 0x8 82 #define TEE_TYPE_ATTR_GEN_KEY_REQ 0x10 83 84 #define TEE_TYPE_CONV_FUNC_NONE 0 85 /* Handle storing of generic secret keys of varying lengths */ 86 #define TEE_TYPE_CONV_FUNC_SECRET 1 87 /* Convert to/from big-endian byte array and provider-specific bignum */ 88 #define TEE_TYPE_CONV_FUNC_BIGNUM 2 89 /* Convert to/from value attribute depending on direction */ 90 #define TEE_TYPE_CONV_FUNC_VALUE 4 91 92 struct tee_cryp_obj_type_attrs { 93 uint32_t attr_id; 94 uint16_t flags; 95 uint16_t conv_func; 96 uint16_t raw_offs; 97 uint16_t raw_size; 98 }; 99 100 #define RAW_DATA(_x, _y) \ 101 .raw_offs = offsetof(_x, _y), .raw_size = TEE_MEMBER_SIZE(_x, _y) 102 103 static const struct tee_cryp_obj_type_attrs 104 tee_cryp_obj_secret_value_attrs[] = { 105 { 106 .attr_id = TEE_ATTR_SECRET_VALUE, 107 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 108 .conv_func = TEE_TYPE_CONV_FUNC_SECRET, 109 .raw_offs = 0, 110 .raw_size = 0 111 }, 112 }; 113 114 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_pub_key_attrs[] = { 115 { 116 .attr_id = TEE_ATTR_RSA_MODULUS, 117 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 118 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 119 RAW_DATA(struct rsa_public_key, n) 120 }, 121 122 { 123 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 124 .flags = TEE_TYPE_ATTR_REQUIRED, 125 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 126 RAW_DATA(struct rsa_public_key, e) 127 }, 128 }; 129 130 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_keypair_attrs[] = { 131 { 132 .attr_id = TEE_ATTR_RSA_MODULUS, 133 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 134 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 135 RAW_DATA(struct rsa_keypair, n) 136 }, 137 138 { 139 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 140 .flags = TEE_TYPE_ATTR_REQUIRED, 141 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 142 RAW_DATA(struct rsa_keypair, e) 143 }, 144 145 { 146 .attr_id = TEE_ATTR_RSA_PRIVATE_EXPONENT, 147 .flags = TEE_TYPE_ATTR_REQUIRED, 148 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 149 RAW_DATA(struct rsa_keypair, d) 150 }, 151 152 { 153 .attr_id = TEE_ATTR_RSA_PRIME1, 154 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 155 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 156 RAW_DATA(struct rsa_keypair, p) 157 }, 158 159 { 160 .attr_id = TEE_ATTR_RSA_PRIME2, 161 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 162 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 163 RAW_DATA(struct rsa_keypair, q) 164 }, 165 166 { 167 .attr_id = TEE_ATTR_RSA_EXPONENT1, 168 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 169 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 170 RAW_DATA(struct rsa_keypair, dp) 171 }, 172 173 { 174 .attr_id = TEE_ATTR_RSA_EXPONENT2, 175 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 176 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 177 RAW_DATA(struct rsa_keypair, dq) 178 }, 179 180 { 181 .attr_id = TEE_ATTR_RSA_COEFFICIENT, 182 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 183 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 184 RAW_DATA(struct rsa_keypair, qp) 185 }, 186 }; 187 188 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_pub_key_attrs[] = { 189 { 190 .attr_id = TEE_ATTR_DSA_PRIME, 191 .flags = TEE_TYPE_ATTR_REQUIRED, 192 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 193 RAW_DATA(struct dsa_public_key, p) 194 }, 195 196 { 197 .attr_id = TEE_ATTR_DSA_SUBPRIME, 198 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 199 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 200 RAW_DATA(struct dsa_public_key, q) 201 }, 202 203 { 204 .attr_id = TEE_ATTR_DSA_BASE, 205 .flags = TEE_TYPE_ATTR_REQUIRED, 206 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 207 RAW_DATA(struct dsa_public_key, g) 208 }, 209 210 { 211 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 212 .flags = TEE_TYPE_ATTR_REQUIRED, 213 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 214 RAW_DATA(struct dsa_public_key, y) 215 }, 216 }; 217 218 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_keypair_attrs[] = { 219 { 220 .attr_id = TEE_ATTR_DSA_PRIME, 221 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 222 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 223 RAW_DATA(struct dsa_keypair, p) 224 }, 225 226 { 227 .attr_id = TEE_ATTR_DSA_SUBPRIME, 228 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 229 TEE_TYPE_ATTR_GEN_KEY_REQ, 230 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 231 RAW_DATA(struct dsa_keypair, q) 232 }, 233 234 { 235 .attr_id = TEE_ATTR_DSA_BASE, 236 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 237 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 238 RAW_DATA(struct dsa_keypair, g) 239 }, 240 241 { 242 .attr_id = TEE_ATTR_DSA_PRIVATE_VALUE, 243 .flags = TEE_TYPE_ATTR_REQUIRED, 244 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 245 RAW_DATA(struct dsa_keypair, x) 246 }, 247 248 { 249 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 250 .flags = TEE_TYPE_ATTR_REQUIRED, 251 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 252 RAW_DATA(struct dsa_keypair, y) 253 }, 254 }; 255 256 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dh_keypair_attrs[] = { 257 { 258 .attr_id = TEE_ATTR_DH_PRIME, 259 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 260 TEE_TYPE_ATTR_GEN_KEY_REQ, 261 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 262 RAW_DATA(struct dh_keypair, p) 263 }, 264 265 { 266 .attr_id = TEE_ATTR_DH_BASE, 267 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 268 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 269 RAW_DATA(struct dh_keypair, g) 270 }, 271 272 { 273 .attr_id = TEE_ATTR_DH_PUBLIC_VALUE, 274 .flags = TEE_TYPE_ATTR_REQUIRED, 275 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 276 RAW_DATA(struct dh_keypair, y) 277 }, 278 279 { 280 .attr_id = TEE_ATTR_DH_PRIVATE_VALUE, 281 .flags = TEE_TYPE_ATTR_REQUIRED, 282 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 283 RAW_DATA(struct dh_keypair, x) 284 }, 285 286 { 287 .attr_id = TEE_ATTR_DH_SUBPRIME, 288 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP | TEE_TYPE_ATTR_GEN_KEY_OPT, 289 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 290 RAW_DATA(struct dh_keypair, q) 291 }, 292 293 { 294 .attr_id = TEE_ATTR_DH_X_BITS, 295 .flags = TEE_TYPE_ATTR_GEN_KEY_OPT, 296 .conv_func = TEE_TYPE_CONV_FUNC_VALUE, 297 RAW_DATA(struct dh_keypair, xbits) 298 }, 299 }; 300 301 struct tee_cryp_obj_type_props { 302 TEE_ObjectType obj_type; 303 uint16_t min_size; /* may not be smaller than this */ 304 uint16_t max_size; /* may not be larger than this */ 305 uint16_t alloc_size; /* this many bytes are allocated to hold data */ 306 uint8_t quanta; /* may only be an multiple of this */ 307 308 uint8_t num_type_attrs; 309 const struct tee_cryp_obj_type_attrs *type_attrs; 310 }; 311 312 #define PROP(obj_type, quanta, min_size, max_size, alloc_size, type_attrs) \ 313 { (obj_type), (min_size), (max_size), (alloc_size), (quanta), \ 314 TEE_ARRAY_SIZE(type_attrs), (type_attrs) } 315 316 static const struct tee_cryp_obj_type_props tee_cryp_obj_props[] = { 317 PROP(TEE_TYPE_AES, 64, 128, 256, /* valid sizes 128, 192, 256 */ 318 256 / 8 + sizeof(struct tee_cryp_obj_secret), 319 tee_cryp_obj_secret_value_attrs), 320 PROP(TEE_TYPE_DES, 56, 56, 56, 321 /* 322 * Valid size 56 without parity, note that we still allocate 323 * for 64 bits since the key is supplied with parity. 324 */ 325 64 / 8 + sizeof(struct tee_cryp_obj_secret), 326 tee_cryp_obj_secret_value_attrs), 327 PROP(TEE_TYPE_DES3, 56, 112, 168, 328 /* 329 * Valid sizes 112, 168 without parity, note that we still 330 * allocate for with space for the parity since the key is 331 * supplied with parity. 332 */ 333 192 / 8 + sizeof(struct tee_cryp_obj_secret), 334 tee_cryp_obj_secret_value_attrs), 335 PROP(TEE_TYPE_HMAC_MD5, 8, 64, 512, 336 512 / 8 + sizeof(struct tee_cryp_obj_secret), 337 tee_cryp_obj_secret_value_attrs), 338 PROP(TEE_TYPE_HMAC_SHA1, 8, 80, 512, 339 512 / 8 + sizeof(struct tee_cryp_obj_secret), 340 tee_cryp_obj_secret_value_attrs), 341 PROP(TEE_TYPE_HMAC_SHA224, 8, 112, 512, 342 512 / 8 + sizeof(struct tee_cryp_obj_secret), 343 tee_cryp_obj_secret_value_attrs), 344 PROP(TEE_TYPE_HMAC_SHA256, 8, 192, 1024, 345 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 346 tee_cryp_obj_secret_value_attrs), 347 PROP(TEE_TYPE_HMAC_SHA384, 8, 256, 1024, 348 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 349 tee_cryp_obj_secret_value_attrs), 350 PROP(TEE_TYPE_HMAC_SHA512, 8, 256, 1024, 351 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 352 tee_cryp_obj_secret_value_attrs), 353 PROP(TEE_TYPE_GENERIC_SECRET, 8, 0, 4096, 354 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 355 tee_cryp_obj_secret_value_attrs), 356 357 PROP(TEE_TYPE_RSA_PUBLIC_KEY, 1, 256, 2048, 358 sizeof(struct rsa_public_key), 359 tee_cryp_obj_rsa_pub_key_attrs), 360 361 PROP(TEE_TYPE_RSA_KEYPAIR, 1, 256, 2048, 362 sizeof(struct rsa_keypair), 363 tee_cryp_obj_rsa_keypair_attrs), 364 365 PROP(TEE_TYPE_DSA_PUBLIC_KEY, 64, 512, 1024, 366 sizeof(struct dsa_public_key), 367 tee_cryp_obj_dsa_pub_key_attrs), 368 369 PROP(TEE_TYPE_DSA_KEYPAIR, 64, 512, 1024, 370 sizeof(struct dsa_keypair), 371 tee_cryp_obj_dsa_keypair_attrs), 372 373 PROP(TEE_TYPE_DH_KEYPAIR, 1, 256, 2048, 374 sizeof(struct dh_keypair), 375 tee_cryp_obj_dh_keypair_attrs), 376 }; 377 378 TEE_Result tee_svc_cryp_obj_get_info(uint32_t obj, TEE_ObjectInfo *info) 379 { 380 TEE_Result res; 381 struct tee_ta_session *sess; 382 struct tee_obj *o; 383 384 res = tee_ta_get_current_session(&sess); 385 if (res != TEE_SUCCESS) 386 return res; 387 388 res = tee_obj_get(sess->ctx, obj, &o); 389 if (res != TEE_SUCCESS) 390 return res; 391 392 return tee_svc_copy_to_user(sess, info, &o->info, sizeof(o->info)); 393 } 394 395 TEE_Result tee_svc_cryp_obj_restrict_usage(uint32_t obj, uint32_t usage) 396 { 397 TEE_Result res; 398 struct tee_ta_session *sess; 399 struct tee_obj *o; 400 401 res = tee_ta_get_current_session(&sess); 402 if (res != TEE_SUCCESS) 403 return res; 404 405 res = tee_obj_get(sess->ctx, obj, &o); 406 if (res != TEE_SUCCESS) 407 return res; 408 409 o->info.objectUsage &= usage; 410 411 return TEE_SUCCESS; 412 } 413 414 static TEE_Result tee_svc_cryp_obj_get_raw_data( 415 struct tee_obj *o, 416 const struct tee_cryp_obj_type_props *type_props, 417 size_t idx, void **data, size_t *size) 418 { 419 const struct tee_cryp_obj_type_attrs *type_attr = 420 type_props->type_attrs + idx; 421 if (type_attr->raw_size == 0) { 422 struct tee_cryp_obj_secret *key = 423 (struct tee_cryp_obj_secret *)o->data; 424 425 /* Handle generic secret */ 426 if (type_attr->raw_offs != 0) 427 return TEE_ERROR_BAD_STATE; 428 *size = key->key_size; 429 } else { 430 *size = type_attr->raw_size; 431 } 432 *data = (uint8_t *)o->data + type_attr->raw_offs; 433 return TEE_SUCCESS; 434 } 435 436 static int tee_svc_cryp_obj_find_type_attr_idx( 437 uint32_t attr_id, 438 const struct tee_cryp_obj_type_props *type_props) 439 { 440 size_t n; 441 442 for (n = 0; n < type_props->num_type_attrs; n++) { 443 if (attr_id == type_props->type_attrs[n].attr_id) 444 return n; 445 } 446 return -1; 447 } 448 449 static const struct tee_cryp_obj_type_props *tee_svc_find_type_props( 450 TEE_ObjectType obj_type) 451 { 452 size_t n; 453 454 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_props); n++) { 455 if (tee_cryp_obj_props[n].obj_type == obj_type) 456 return tee_cryp_obj_props + n; 457 } 458 459 return NULL; 460 } 461 462 static TEE_Result tee_svc_cryp_obj_copy_out(struct tee_ta_session *sess, 463 void *buffer, size_t *size, 464 uint16_t conv_func, 465 void *raw_data, 466 size_t raw_data_size) 467 { 468 TEE_Result res; 469 size_t s, key_size, req_size, n; 470 struct tee_cryp_obj_secret *obj; 471 struct bignum *bn; 472 uint32_t value[2] = { 0, 0 }; 473 474 res = tee_svc_copy_from_user(sess, &s, size, sizeof(size_t)); 475 if (res != TEE_SUCCESS) 476 return res; 477 478 switch (conv_func) { 479 case TEE_TYPE_CONV_FUNC_NONE: 480 481 res = tee_svc_copy_to_user(sess, size, &raw_data_size, 482 sizeof(size_t)); 483 if (res != TEE_SUCCESS) 484 return res; 485 if (s < raw_data_size) 486 return TEE_ERROR_SHORT_BUFFER; 487 return tee_svc_copy_to_user(sess, buffer, raw_data, 488 raw_data_size); 489 case TEE_TYPE_CONV_FUNC_SECRET: 490 491 if (!TEE_ALIGNMENT_IS_OK(raw_data, struct tee_cryp_obj_secret)) 492 return TEE_ERROR_BAD_STATE; 493 obj = (struct tee_cryp_obj_secret *)(void *)raw_data; 494 key_size = obj->key_size; 495 res = tee_svc_copy_to_user(sess, size, &key_size, 496 sizeof(size_t)); 497 if (res != TEE_SUCCESS) 498 return res; 499 if (s < key_size) 500 return TEE_ERROR_SHORT_BUFFER; 501 return tee_svc_copy_to_user(sess, buffer, obj + 1, 502 key_size); 503 504 case TEE_TYPE_CONV_FUNC_BIGNUM: 505 506 bn = *(struct bignum **)raw_data; 507 req_size = crypto_ops.bignum.num_bytes(bn); 508 if (req_size == 0) 509 return TEE_SUCCESS; 510 res = tee_svc_copy_to_user( 511 sess, size, &req_size, sizeof(size_t)); 512 if (res != TEE_SUCCESS) 513 return res; 514 /* Check that the converted result fits the user buffer. */ 515 if (s < req_size) 516 return TEE_ERROR_SHORT_BUFFER; 517 /* Check we can access data using supplied user mode pointer */ 518 res = tee_mmu_check_access_rights(sess->ctx, 519 TEE_MEMORY_ACCESS_READ | 520 TEE_MEMORY_ACCESS_WRITE | 521 TEE_MEMORY_ACCESS_ANY_OWNER, 522 (tee_uaddr_t)buffer, 523 req_size); 524 if (res != TEE_SUCCESS) 525 return res; 526 /* 527 * Write the bignum (wich raw data points to) into an array of 528 * bytes (stored in buffer) 529 */ 530 crypto_ops.bignum.bn2bin(bn, buffer); 531 return TEE_SUCCESS; 532 533 case TEE_TYPE_CONV_FUNC_VALUE: 534 n = sizeof(value); 535 /* 536 * a value attribute consists of two uint32 but have not 537 * seen anything that actaully would need that so this 538 * fills in one with data and the other with zero 539 */ 540 TEE_ASSERT(raw_data_size == sizeof(uint32_t)); 541 value[0] = *(uint32_t *)raw_data; 542 res = tee_svc_copy_to_user(sess, size, &n, sizeof(size_t)); 543 if (res != TEE_SUCCESS) 544 return res; 545 /* Check that the converted result fits the user buf */ 546 if (s < n) 547 return TEE_ERROR_SHORT_BUFFER; 548 return tee_svc_copy_to_user(sess, buffer, &value, n); 549 550 default: 551 return TEE_ERROR_BAD_STATE; 552 } 553 } 554 555 TEE_Result tee_svc_cryp_obj_get_attr(uint32_t obj, uint32_t attr_id, 556 void *buffer, size_t *size) 557 { 558 TEE_Result res; 559 struct tee_ta_session *sess; 560 struct tee_obj *o; 561 const struct tee_cryp_obj_type_props *type_props; 562 int idx; 563 size_t raw_size; 564 void *raw_data; 565 566 res = tee_ta_get_current_session(&sess); 567 if (res != TEE_SUCCESS) 568 return res; 569 570 res = tee_obj_get(sess->ctx, obj, &o); 571 if (res != TEE_SUCCESS) 572 return TEE_ERROR_ITEM_NOT_FOUND; 573 574 /* Check that the object is initialized */ 575 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 576 return TEE_ERROR_ITEM_NOT_FOUND; 577 578 /* Check that getting the attribute is allowed */ 579 if ((attr_id & TEE_ATTR_BIT_PROTECTED) == 0 && 580 (o->info.objectUsage & TEE_USAGE_EXTRACTABLE) == 0) 581 return TEE_ERROR_ACCESS_DENIED; 582 583 type_props = tee_svc_find_type_props(o->info.objectType); 584 if (!type_props) { 585 /* Unknown object type, "can't happen" */ 586 return TEE_ERROR_BAD_STATE; 587 } 588 589 idx = tee_svc_cryp_obj_find_type_attr_idx(attr_id, type_props); 590 if ((idx < 0) || ((o->have_attrs & (1 << idx)) == 0)) 591 return TEE_ERROR_ITEM_NOT_FOUND; 592 593 res = tee_svc_cryp_obj_get_raw_data(o, type_props, idx, 594 &raw_data, &raw_size); 595 if (res != TEE_SUCCESS) 596 return res; 597 598 return tee_svc_cryp_obj_copy_out(sess, buffer, size, 599 type_props->type_attrs[idx].conv_func, 600 raw_data, raw_size); 601 } 602 603 static void bn_cleanup(struct bignum *bn, bool del) 604 { 605 if (del) 606 crypto_ops.bignum.free(bn); 607 else 608 crypto_ops.bignum.clear(bn); 609 } 610 611 static void cleanup_rsa_keypair(void *p, bool del) 612 { 613 struct rsa_keypair *s = (struct rsa_keypair *)p; 614 615 bn_cleanup(s->e, del); 616 bn_cleanup(s->d, del); 617 bn_cleanup(s->n, del); 618 bn_cleanup(s->p, del); 619 bn_cleanup(s->q, del); 620 bn_cleanup(s->qp, del); 621 bn_cleanup(s->dp, del); 622 bn_cleanup(s->dq, del); 623 } 624 625 static void cleanup_dsa_keypair(void *p, bool del) 626 { 627 struct dsa_keypair *s = (struct dsa_keypair *)p; 628 629 bn_cleanup(s->g, del); 630 bn_cleanup(s->p, del); 631 bn_cleanup(s->q, del); 632 bn_cleanup(s->y, del); 633 bn_cleanup(s->x, del); 634 } 635 636 static void cleanup_rsa_public_key(void *p, bool del) 637 { 638 struct rsa_public_key *s = (struct rsa_public_key *)p; 639 640 bn_cleanup(s->e, del); 641 bn_cleanup(s->n, del); 642 } 643 644 static void cleanup_dsa_public_key(void *p, bool del) 645 { 646 struct dsa_public_key *s = (struct dsa_public_key *)p; 647 648 bn_cleanup(s->g, del); 649 bn_cleanup(s->p, del); 650 bn_cleanup(s->q, del); 651 bn_cleanup(s->y, del); 652 } 653 654 static void cleanup_dh_keypair(void *p, bool del) 655 { 656 struct dh_keypair *s = (struct dh_keypair *)p; 657 658 bn_cleanup(s->g, del); 659 bn_cleanup(s->p, del); 660 bn_cleanup(s->x, del); 661 bn_cleanup(s->y, del); 662 bn_cleanup(s->q, del); 663 s->xbits = 0; 664 } 665 666 static void copy_rsa_public_key(struct rsa_public_key *to, 667 const struct rsa_public_key *from) 668 { 669 crypto_ops.bignum.copy(to->e, from->e); 670 crypto_ops.bignum.copy(to->n, from->n); 671 } 672 673 static void copy_rsa_keypair(struct rsa_keypair *to, 674 const struct rsa_keypair *from) 675 { 676 crypto_ops.bignum.copy(to->e, from->e); 677 crypto_ops.bignum.copy(to->d, from->d); 678 crypto_ops.bignum.copy(to->n, from->n); 679 crypto_ops.bignum.copy(to->p, from->p); 680 crypto_ops.bignum.copy(to->q, from->q); 681 crypto_ops.bignum.copy(to->qp, from->qp); 682 crypto_ops.bignum.copy(to->dp, from->dp); 683 crypto_ops.bignum.copy(to->dq, from->dq); 684 } 685 686 static void copy_dsa_public_key(struct dsa_public_key *to, 687 const struct dsa_public_key *from) 688 { 689 crypto_ops.bignum.copy(to->g, from->g); 690 crypto_ops.bignum.copy(to->p, from->p); 691 crypto_ops.bignum.copy(to->q, from->q); 692 crypto_ops.bignum.copy(to->y, from->y); 693 } 694 695 696 static void copy_dsa_keypair(struct dsa_keypair *to, 697 const struct dsa_keypair *from) 698 { 699 crypto_ops.bignum.copy(to->g, from->g); 700 crypto_ops.bignum.copy(to->p, from->p); 701 crypto_ops.bignum.copy(to->q, from->q); 702 crypto_ops.bignum.copy(to->y, from->y); 703 crypto_ops.bignum.copy(to->x, from->x); 704 } 705 706 static void copy_dh_keypair(struct dh_keypair *to, 707 const struct dh_keypair *from) 708 { 709 crypto_ops.bignum.copy(to->g, from->g); 710 crypto_ops.bignum.copy(to->p, from->p); 711 crypto_ops.bignum.copy(to->y, from->y); 712 crypto_ops.bignum.copy(to->x, from->x); 713 crypto_ops.bignum.copy(to->q, from->q); 714 to->xbits = from->xbits; 715 } 716 717 static void extract_rsa_public_key(struct rsa_public_key *to, 718 const struct rsa_keypair *from) 719 { 720 crypto_ops.bignum.copy(to->e, from->e); 721 crypto_ops.bignum.copy(to->n, from->n); 722 } 723 724 static void extract_dsa_public_key(struct dsa_public_key *to, 725 const struct dsa_keypair *from) 726 { 727 crypto_ops.bignum.copy(to->g, from->g); 728 crypto_ops.bignum.copy(to->p, from->p); 729 crypto_ops.bignum.copy(to->q, from->q); 730 crypto_ops.bignum.copy(to->y, from->y); 731 } 732 733 TEE_Result tee_svc_cryp_obj_alloc(TEE_ObjectType obj_type, 734 uint32_t max_obj_size, uint32_t *obj) 735 { 736 TEE_Result res; 737 struct tee_ta_session *sess; 738 const struct tee_cryp_obj_type_props *type_props; 739 struct tee_obj *o; 740 741 res = tee_ta_get_current_session(&sess); 742 if (res != TEE_SUCCESS) 743 return res; 744 745 /* 746 * Verify that maxObjectSize is supported and find out how 747 * much should be allocated. 748 */ 749 750 /* Find description of object */ 751 type_props = tee_svc_find_type_props(obj_type); 752 if (!type_props) 753 return TEE_ERROR_NOT_SUPPORTED; 754 755 /* Check that maxObjectSize follows restrictions */ 756 if (max_obj_size % type_props->quanta != 0) 757 return TEE_ERROR_NOT_SUPPORTED; 758 if (max_obj_size < type_props->min_size) 759 return TEE_ERROR_NOT_SUPPORTED; 760 if (max_obj_size > type_props->max_size) 761 return TEE_ERROR_NOT_SUPPORTED; 762 763 o = calloc(1, sizeof(*o)); 764 if (!o) 765 return TEE_ERROR_OUT_OF_MEMORY; 766 o->data = calloc(1, type_props->alloc_size); 767 if (!o->data) { 768 free(o); 769 return TEE_ERROR_OUT_OF_MEMORY; 770 } 771 o->data_size = type_props->alloc_size; 772 773 /* If we have a key structure, pre-allocate the bignums inside */ 774 switch (obj_type) { 775 case TEE_TYPE_RSA_PUBLIC_KEY: 776 if (!crypto_ops.acipher.alloc_rsa_public_key) 777 goto notimpl; 778 if (crypto_ops.acipher.alloc_rsa_public_key(o->data, 779 max_obj_size) 780 != TEE_SUCCESS) 781 goto alloc_err; 782 o->cleanup = cleanup_rsa_public_key; 783 break; 784 case TEE_TYPE_RSA_KEYPAIR: 785 if (!crypto_ops.acipher.alloc_rsa_keypair) 786 goto notimpl; 787 if (crypto_ops.acipher.alloc_rsa_keypair(o->data, 788 max_obj_size) 789 != TEE_SUCCESS) 790 goto alloc_err; 791 o->cleanup = cleanup_rsa_keypair; 792 break; 793 case TEE_TYPE_DSA_PUBLIC_KEY: 794 if (!crypto_ops.acipher.alloc_dsa_public_key) 795 goto notimpl; 796 if (crypto_ops.acipher.alloc_dsa_public_key(o->data, 797 max_obj_size) 798 != TEE_SUCCESS) 799 goto alloc_err; 800 o->cleanup = cleanup_dsa_public_key; 801 break; 802 case TEE_TYPE_DSA_KEYPAIR: 803 if (!crypto_ops.acipher.alloc_dsa_keypair) 804 goto notimpl; 805 if (crypto_ops.acipher.alloc_dsa_keypair(o->data, max_obj_size) 806 != TEE_SUCCESS) 807 goto alloc_err; 808 o->cleanup = cleanup_dsa_keypair; 809 break; 810 case TEE_TYPE_DH_KEYPAIR: 811 if (!crypto_ops.acipher.alloc_dh_keypair) 812 goto notimpl; 813 if (crypto_ops.acipher.alloc_dh_keypair(o->data, max_obj_size) 814 != TEE_SUCCESS) 815 goto alloc_err; 816 o->cleanup = cleanup_dh_keypair; 817 break; 818 default: 819 break; 820 } 821 822 o->info.objectType = obj_type; 823 o->info.maxObjectSize = max_obj_size; 824 o->info.objectUsage = TEE_USAGE_DEFAULT; 825 o->info.handleFlags = 0; 826 827 o->fd = -1; 828 829 tee_obj_add(sess->ctx, o); 830 831 res = tee_svc_copy_to_user(sess, obj, &o, sizeof(o)); 832 if (res != TEE_SUCCESS) 833 tee_obj_close(sess->ctx, o); 834 return res; 835 836 alloc_err: 837 free(o->data); 838 free(o); 839 return TEE_ERROR_OUT_OF_MEMORY; 840 notimpl: 841 free(o->data); 842 free(o); 843 return TEE_ERROR_NOT_IMPLEMENTED; 844 } 845 846 TEE_Result tee_svc_cryp_obj_close(uint32_t obj) 847 { 848 TEE_Result res; 849 struct tee_ta_session *sess; 850 struct tee_obj *o; 851 852 res = tee_ta_get_current_session(&sess); 853 if (res != TEE_SUCCESS) 854 return res; 855 856 res = tee_obj_get(sess->ctx, obj, &o); 857 if (res != TEE_SUCCESS) 858 return res; 859 860 /* 861 * If it's busy it's used by an operation, a client should never have 862 * this handle. 863 */ 864 if (o->busy) 865 return TEE_ERROR_ITEM_NOT_FOUND; 866 867 tee_obj_close(sess->ctx, o); 868 return TEE_SUCCESS; 869 } 870 871 TEE_Result tee_svc_cryp_obj_reset(uint32_t obj) 872 { 873 TEE_Result res; 874 struct tee_ta_session *sess; 875 struct tee_obj *o; 876 877 res = tee_ta_get_current_session(&sess); 878 if (res != TEE_SUCCESS) 879 return res; 880 881 res = tee_obj_get(sess->ctx, obj, &o); 882 if (res != TEE_SUCCESS) 883 return res; 884 885 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) == 0) { 886 if (o->cleanup) { 887 /* 888 * o->data contains pointers to key data. 889 * Clear key data, but keep the pointers. 890 */ 891 o->cleanup(o->data, false); 892 } else { 893 memset(o->data, 0, o->data_size); 894 } 895 o->info.objectSize = 0; 896 o->info.objectUsage = TEE_USAGE_DEFAULT; 897 } else { 898 return TEE_ERROR_BAD_PARAMETERS; 899 } 900 901 return TEE_SUCCESS; 902 } 903 904 static TEE_Result tee_svc_cryp_obj_store_attr_raw(struct tee_ta_session *sess, 905 uint16_t conv_func, 906 const TEE_Attribute *attr, 907 void *data, size_t data_size) 908 { 909 TEE_Result res; 910 struct tee_cryp_obj_secret *obj; 911 struct bignum *bn; 912 913 if (!attr) 914 return TEE_ERROR_BAD_STATE; 915 916 if (conv_func != TEE_TYPE_CONV_FUNC_VALUE && !attr->content.ref.buffer) 917 return TEE_ERROR_BAD_PARAMETERS; 918 919 switch (conv_func) { 920 case TEE_TYPE_CONV_FUNC_NONE: 921 /* No conversion data size has to match exactly */ 922 if (attr->content.ref.length != data_size) 923 return TEE_ERROR_BAD_PARAMETERS; 924 return tee_svc_copy_from_user(sess, data, 925 attr->content.ref.buffer, 926 data_size); 927 case TEE_TYPE_CONV_FUNC_SECRET: 928 if (!TEE_ALIGNMENT_IS_OK(data, struct tee_cryp_obj_secret)) 929 return TEE_ERROR_BAD_STATE; 930 obj = (struct tee_cryp_obj_secret *)(void *)data; 931 932 /* Data size has to fit in allocated buffer */ 933 if (attr->content.ref.length > 934 (data_size - sizeof(struct tee_cryp_obj_secret))) 935 return TEE_ERROR_BAD_PARAMETERS; 936 937 res = tee_svc_copy_from_user(sess, obj + 1, 938 attr->content.ref.buffer, 939 attr->content.ref.length); 940 if (res == TEE_SUCCESS) 941 obj->key_size = attr->content.ref.length; 942 return res; 943 944 case TEE_TYPE_CONV_FUNC_BIGNUM: 945 /* Check data can be accessed */ 946 res = tee_mmu_check_access_rights( 947 sess->ctx, 948 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, 949 (tee_uaddr_t)attr->content.ref.buffer, 950 attr->content.ref.length); 951 if (res != TEE_SUCCESS) 952 return res; 953 954 /* 955 * Read the array of bytes (stored in attr->content.ref.buffer) 956 * and convert it to a bignum (pointed to by data) 957 */ 958 bn = *(struct bignum **)data; 959 if (!crypto_ops.bignum.bin2bn) 960 return TEE_ERROR_NOT_IMPLEMENTED; 961 res = crypto_ops.bignum.bin2bn(attr->content.ref.buffer, 962 attr->content.ref.length, 963 bn); 964 return res; 965 966 case TEE_TYPE_CONV_FUNC_VALUE: 967 /* 968 * a value attribute consists of two uint32 but have not 969 * seen anything that actaully would need that so this fills 970 * the data from the first value and discards the second value 971 */ 972 *(uint32_t *)data = attr->content.value.a; 973 974 return TEE_SUCCESS; 975 976 default: 977 return TEE_ERROR_BAD_STATE; 978 } 979 } 980 981 enum attr_usage { 982 ATTR_USAGE_POPULATE, 983 ATTR_USAGE_GENERATE_KEY 984 }; 985 986 static TEE_Result tee_svc_cryp_check_attr( 987 enum attr_usage usage, 988 const struct tee_cryp_obj_type_props *type_props, 989 TEE_Attribute *attrs, 990 uint32_t attr_count) 991 { 992 uint32_t required_flag; 993 uint32_t opt_flag; 994 bool all_opt_needed; 995 uint32_t req_attrs = 0; 996 uint32_t opt_grp_attrs = 0; 997 uint32_t attrs_found = 0; 998 size_t n; 999 1000 if (usage == ATTR_USAGE_POPULATE) { 1001 required_flag = TEE_TYPE_ATTR_REQUIRED; 1002 opt_flag = TEE_TYPE_ATTR_OPTIONAL_GROUP; 1003 all_opt_needed = true; 1004 } else { 1005 required_flag = TEE_TYPE_ATTR_GEN_KEY_REQ; 1006 opt_flag = TEE_TYPE_ATTR_GEN_KEY_OPT; 1007 all_opt_needed = false; 1008 } 1009 1010 /* 1011 * First find out which attributes are required and which belong to 1012 * the optional group 1013 */ 1014 for (n = 0; n < type_props->num_type_attrs; n++) { 1015 uint32_t bit = 1 << n; 1016 uint32_t flags = type_props->type_attrs[n].flags; 1017 1018 if (flags & required_flag) 1019 req_attrs |= bit; 1020 else if (flags & opt_flag) 1021 opt_grp_attrs |= bit; 1022 } 1023 1024 /* 1025 * Verify that all required attributes are in place and 1026 * that the same attribute isn't repeated. 1027 */ 1028 for (n = 0; n < attr_count; n++) { 1029 int idx = 1030 tee_svc_cryp_obj_find_type_attr_idx(attrs[n].attributeID, 1031 type_props); 1032 if (idx >= 0) { 1033 uint32_t bit = 1 << idx; 1034 1035 if ((attrs_found & bit) != 0) 1036 return TEE_ERROR_ITEM_NOT_FOUND; 1037 1038 attrs_found |= bit; 1039 } 1040 } 1041 /* Required attribute missing */ 1042 if ((attrs_found & req_attrs) != req_attrs) 1043 return TEE_ERROR_ITEM_NOT_FOUND; 1044 1045 /* 1046 * If the flag says that "if one of the optional attributes are included 1047 * all of them has to be included" this must be checked. 1048 */ 1049 if (all_opt_needed && (attrs_found & opt_grp_attrs) != 0 && 1050 (attrs_found & opt_grp_attrs) != opt_grp_attrs) 1051 return TEE_ERROR_ITEM_NOT_FOUND; 1052 1053 return TEE_SUCCESS; 1054 } 1055 1056 static TEE_Result tee_svc_cryp_obj_populate_type( 1057 struct tee_ta_session *sess, 1058 struct tee_obj *o, 1059 const struct tee_cryp_obj_type_props *type_props, 1060 const TEE_Attribute *attrs, 1061 uint32_t attr_count) 1062 { 1063 TEE_Result res; 1064 uint32_t have_attrs = 0; 1065 size_t obj_size = 0; 1066 size_t n; 1067 1068 for (n = 0; n < attr_count; n++) { 1069 size_t raw_size; 1070 void *raw_data; 1071 int idx = 1072 tee_svc_cryp_obj_find_type_attr_idx(attrs[n].attributeID, 1073 type_props); 1074 if (idx < 0) 1075 continue; 1076 1077 have_attrs |= 1 << idx; 1078 1079 res = tee_svc_cryp_obj_get_raw_data(o, type_props, idx, 1080 &raw_data, &raw_size); 1081 if (res != TEE_SUCCESS) 1082 return res; 1083 1084 res = 1085 tee_svc_cryp_obj_store_attr_raw( 1086 sess, type_props->type_attrs[idx].conv_func, 1087 attrs + n, raw_data, raw_size); 1088 if (res != TEE_SUCCESS) 1089 return res; 1090 1091 /* 1092 * First attr_idx signifies the attribute that gives the size 1093 * of the object 1094 */ 1095 if (type_props->type_attrs[idx].flags & 1096 TEE_TYPE_ATTR_SIZE_INDICATOR) { 1097 obj_size += attrs[n].content.ref.length * 8; 1098 } 1099 } 1100 1101 /* 1102 * We have to do it like this because the parity bits aren't counted 1103 * when telling the size of the key in bits. 1104 */ 1105 if (o->info.objectType == TEE_TYPE_DES || 1106 o->info.objectType == TEE_TYPE_DES3) 1107 obj_size -= obj_size / 8; /* Exclude parity in size of key */ 1108 1109 o->have_attrs = have_attrs; 1110 o->info.objectSize = obj_size; 1111 return TEE_SUCCESS; 1112 } 1113 1114 TEE_Result tee_svc_cryp_obj_populate(uint32_t obj, TEE_Attribute *attrs, 1115 uint32_t attr_count) 1116 { 1117 TEE_Result res; 1118 struct tee_ta_session *sess; 1119 struct tee_obj *o; 1120 const struct tee_cryp_obj_type_props *type_props; 1121 1122 res = tee_ta_get_current_session(&sess); 1123 if (res != TEE_SUCCESS) 1124 return res; 1125 1126 res = tee_obj_get(sess->ctx, obj, &o); 1127 if (res != TEE_SUCCESS) 1128 return res; 1129 1130 /* Must be a transient object */ 1131 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1132 return TEE_ERROR_BAD_PARAMETERS; 1133 1134 /* Must not be initialized already */ 1135 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1136 return TEE_ERROR_BAD_PARAMETERS; 1137 1138 type_props = tee_svc_find_type_props(o->info.objectType); 1139 if (!type_props) 1140 return TEE_ERROR_NOT_IMPLEMENTED; 1141 1142 res = tee_svc_cryp_check_attr(ATTR_USAGE_POPULATE, type_props, attrs, 1143 attr_count); 1144 if (res != TEE_SUCCESS) 1145 return res; 1146 1147 res = tee_svc_cryp_obj_populate_type(sess, o, type_props, attrs, 1148 attr_count); 1149 if (res == TEE_SUCCESS) 1150 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1151 1152 return res; 1153 } 1154 1155 TEE_Result tee_svc_cryp_obj_copy(uint32_t dst, uint32_t src) 1156 { 1157 TEE_Result res; 1158 struct tee_ta_session *sess; 1159 struct tee_obj *dst_o; 1160 struct tee_obj *src_o; 1161 1162 res = tee_ta_get_current_session(&sess); 1163 if (res != TEE_SUCCESS) 1164 return res; 1165 1166 res = tee_obj_get(sess->ctx, dst, &dst_o); 1167 if (res != TEE_SUCCESS) 1168 return res; 1169 1170 res = tee_obj_get(sess->ctx, src, &src_o); 1171 if (res != TEE_SUCCESS) 1172 return res; 1173 1174 if ((src_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1175 return TEE_ERROR_BAD_PARAMETERS; 1176 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1177 return TEE_ERROR_BAD_PARAMETERS; 1178 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1179 return TEE_ERROR_BAD_PARAMETERS; 1180 1181 if (dst_o->info.objectType == src_o->info.objectType) { 1182 /* Copy whole data */ 1183 1184 if (dst_o->data_size != src_o->data_size) 1185 return TEE_ERROR_BAD_STATE; 1186 if (dst_o->cleanup != src_o->cleanup) 1187 return TEE_ERROR_BAD_STATE; 1188 1189 dst_o->have_attrs = src_o->have_attrs; 1190 1191 switch (src_o->info.objectType) { 1192 case TEE_TYPE_RSA_PUBLIC_KEY: 1193 copy_rsa_public_key(dst_o->data, src_o->data); 1194 break; 1195 case TEE_TYPE_RSA_KEYPAIR: 1196 copy_rsa_keypair(dst_o->data, src_o->data); 1197 break; 1198 case TEE_TYPE_DSA_PUBLIC_KEY: 1199 copy_dsa_public_key(dst_o->data, src_o->data); 1200 break; 1201 case TEE_TYPE_DSA_KEYPAIR: 1202 copy_dsa_keypair(dst_o->data, src_o->data); 1203 break; 1204 case TEE_TYPE_DH_KEYPAIR: 1205 copy_dh_keypair(dst_o->data, src_o->data); 1206 break; 1207 default: 1208 /* Generic case */ 1209 memcpy(dst_o->data, src_o->data, src_o->data_size); 1210 } 1211 } else if (dst_o->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY && 1212 src_o->info.objectType == TEE_TYPE_RSA_KEYPAIR) { 1213 /* Extract public key from RSA key pair */ 1214 size_t n; 1215 1216 extract_rsa_public_key(dst_o->data, src_o->data); 1217 dst_o->have_attrs = 0; 1218 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_rsa_pub_key_attrs); 1219 n++) 1220 dst_o->have_attrs |= 1 << n; 1221 1222 } else if (dst_o->info.objectType == TEE_TYPE_DSA_PUBLIC_KEY && 1223 src_o->info.objectType == TEE_TYPE_DSA_KEYPAIR) { 1224 /* Extract public key from DSA key pair */ 1225 size_t n; 1226 1227 extract_dsa_public_key(dst_o->data, src_o->data); 1228 dst_o->have_attrs = 0; 1229 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_dsa_pub_key_attrs); 1230 n++) 1231 dst_o->have_attrs |= 1 << n; 1232 1233 } else { 1234 return TEE_ERROR_BAD_PARAMETERS; 1235 } 1236 1237 dst_o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1238 dst_o->info.objectSize = src_o->info.objectSize; 1239 dst_o->info.objectUsage = src_o->info.objectUsage; 1240 return TEE_SUCCESS; 1241 } 1242 1243 static TEE_Result tee_svc_obj_generate_key_rsa( 1244 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1245 uint32_t key_size) 1246 { 1247 TEE_Result res; 1248 1249 TEE_ASSERT(sizeof(struct rsa_keypair) == o->data_size); 1250 if (!crypto_ops.acipher.gen_rsa_key) 1251 return TEE_ERROR_NOT_IMPLEMENTED; 1252 res = crypto_ops.acipher.gen_rsa_key(o->data, key_size); 1253 if (res != TEE_SUCCESS) 1254 return res; 1255 1256 /* Set bits for all known attributes for this object type */ 1257 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1258 1259 return TEE_SUCCESS; 1260 } 1261 1262 static TEE_Result tee_svc_obj_generate_key_dsa( 1263 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1264 uint32_t key_size) 1265 { 1266 TEE_Result res; 1267 1268 TEE_ASSERT(sizeof(struct dsa_keypair) == o->data_size); 1269 if (!crypto_ops.acipher.gen_dsa_key) 1270 return TEE_ERROR_NOT_IMPLEMENTED; 1271 res = crypto_ops.acipher.gen_dsa_key(o->data, key_size); 1272 if (res != TEE_SUCCESS) 1273 return res; 1274 1275 /* Set bits for all known attributes for this object type */ 1276 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1277 1278 return TEE_SUCCESS; 1279 } 1280 1281 static TEE_Result tee_svc_obj_generate_key_dh( 1282 struct tee_ta_session *sess, 1283 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1284 uint32_t key_size __unused, 1285 const TEE_Attribute *params, uint32_t param_count) 1286 { 1287 TEE_Result res; 1288 struct dh_keypair *tee_dh_key; 1289 struct bignum *dh_q = NULL; 1290 uint32_t dh_xbits = 0; 1291 1292 TEE_ASSERT(sizeof(struct dh_keypair) == o->data_size); 1293 1294 /* Copy the present attributes into the obj before starting */ 1295 res = tee_svc_cryp_obj_populate_type( 1296 sess, o, type_props, params, param_count); 1297 if (res != TEE_SUCCESS) 1298 return res; 1299 1300 tee_dh_key = (struct dh_keypair *)o->data; 1301 1302 if (GET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_SUBPRIME)) 1303 dh_q = tee_dh_key->q; 1304 if (GET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_X_BITS)) 1305 dh_xbits = tee_dh_key->xbits; 1306 if (!crypto_ops.acipher.gen_dh_key) 1307 return TEE_ERROR_NOT_IMPLEMENTED; 1308 res = crypto_ops.acipher.gen_dh_key(tee_dh_key, dh_q, dh_xbits); 1309 if (res != TEE_SUCCESS) 1310 return res; 1311 1312 /* Set bits for the generated public and private key */ 1313 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_PUBLIC_VALUE); 1314 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_PRIVATE_VALUE); 1315 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_X_BITS); 1316 return TEE_SUCCESS; 1317 } 1318 1319 TEE_Result tee_svc_obj_generate_key( 1320 uint32_t obj, uint32_t key_size, 1321 const TEE_Attribute *params, uint32_t param_count) 1322 { 1323 TEE_Result res; 1324 struct tee_ta_session *sess; 1325 const struct tee_cryp_obj_type_props *type_props; 1326 struct tee_obj *o; 1327 struct tee_cryp_obj_secret *key; 1328 size_t byte_size; 1329 1330 res = tee_ta_get_current_session(&sess); 1331 if (res != TEE_SUCCESS) 1332 return res; 1333 1334 res = tee_obj_get(sess->ctx, obj, &o); 1335 if (res != TEE_SUCCESS) 1336 return res; 1337 1338 /* Must be a transient object */ 1339 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1340 return TEE_ERROR_BAD_STATE; 1341 1342 /* Must not be initialized already */ 1343 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1344 return TEE_ERROR_BAD_STATE; 1345 1346 /* Find description of object */ 1347 type_props = tee_svc_find_type_props(o->info.objectType); 1348 if (!type_props) 1349 return TEE_ERROR_NOT_SUPPORTED; 1350 1351 /* Check that maxObjectSize follows restrictions */ 1352 if (key_size % type_props->quanta != 0) 1353 return TEE_ERROR_NOT_SUPPORTED; 1354 if (key_size < type_props->min_size) 1355 return TEE_ERROR_NOT_SUPPORTED; 1356 if (key_size > type_props->max_size) 1357 return TEE_ERROR_NOT_SUPPORTED; 1358 1359 res = tee_svc_cryp_check_attr(ATTR_USAGE_GENERATE_KEY, type_props, 1360 (TEE_Attribute *)params, param_count); 1361 if (res != TEE_SUCCESS) 1362 return res; 1363 1364 switch (o->info.objectType) { 1365 case TEE_TYPE_AES: 1366 case TEE_TYPE_DES: 1367 case TEE_TYPE_DES3: 1368 case TEE_TYPE_HMAC_MD5: 1369 case TEE_TYPE_HMAC_SHA1: 1370 case TEE_TYPE_HMAC_SHA224: 1371 case TEE_TYPE_HMAC_SHA256: 1372 case TEE_TYPE_HMAC_SHA384: 1373 case TEE_TYPE_HMAC_SHA512: 1374 case TEE_TYPE_GENERIC_SECRET: 1375 byte_size = key_size / 8; 1376 1377 /* 1378 * We have to do it like this because the parity bits aren't 1379 * counted when telling the size of the key in bits. 1380 */ 1381 if (o->info.objectType == TEE_TYPE_DES || 1382 o->info.objectType == TEE_TYPE_DES3) { 1383 byte_size = (key_size + key_size / 7) / 8; 1384 } 1385 1386 key = (struct tee_cryp_obj_secret *)o->data; 1387 if (byte_size > (o->data_size - sizeof(*key))) 1388 return TEE_ERROR_EXCESS_DATA; 1389 1390 res = get_rng_array((void *)(key + 1), byte_size); 1391 if (res != TEE_SUCCESS) 1392 return res; 1393 1394 /* Force the last bit to have exactly a value on byte_size */ 1395 ((char *)key)[sizeof(key->key_size) + byte_size - 1] |= 0x80; 1396 key->key_size = byte_size; 1397 1398 /* Set bits for all known attributes for this object type */ 1399 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1400 1401 break; 1402 1403 case TEE_TYPE_RSA_KEYPAIR: 1404 res = tee_svc_obj_generate_key_rsa(o, type_props, key_size); 1405 if (res != TEE_SUCCESS) 1406 return res; 1407 break; 1408 1409 case TEE_TYPE_DSA_KEYPAIR: 1410 res = tee_svc_obj_generate_key_dsa(o, type_props, key_size); 1411 if (res != TEE_SUCCESS) 1412 return res; 1413 break; 1414 1415 case TEE_TYPE_DH_KEYPAIR: 1416 res = tee_svc_obj_generate_key_dh( 1417 sess, o, type_props, key_size, params, param_count); 1418 if (res != TEE_SUCCESS) 1419 return res; 1420 break; 1421 1422 default: 1423 return TEE_ERROR_BAD_FORMAT; 1424 } 1425 1426 o->info.objectSize = key_size; 1427 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1428 return TEE_SUCCESS; 1429 } 1430 1431 static TEE_Result tee_svc_cryp_get_state(struct tee_ta_session *sess, 1432 uint32_t state_id, 1433 struct tee_cryp_state **state) 1434 { 1435 struct tee_cryp_state *s; 1436 1437 TAILQ_FOREACH(s, &sess->ctx->cryp_states, link) { 1438 if (state_id == (uint32_t) s) { 1439 *state = s; 1440 return TEE_SUCCESS; 1441 } 1442 } 1443 return TEE_ERROR_BAD_PARAMETERS; 1444 } 1445 1446 static void cryp_state_free(struct tee_ta_ctx *ctx, struct tee_cryp_state *cs) 1447 { 1448 struct tee_obj *o; 1449 1450 if (tee_obj_get(ctx, cs->key1, &o) == TEE_SUCCESS) 1451 tee_obj_close(ctx, o); 1452 if (tee_obj_get(ctx, cs->key2, &o) == TEE_SUCCESS) 1453 tee_obj_close(ctx, o); 1454 1455 TAILQ_REMOVE(&ctx->cryp_states, cs, link); 1456 if (cs->ctx_finalize != NULL) 1457 cs->ctx_finalize(cs->ctx, cs->algo); 1458 free(cs->ctx); 1459 free(cs); 1460 } 1461 1462 static TEE_Result tee_svc_cryp_check_key_type(const struct tee_obj *o, 1463 uint32_t algo, 1464 TEE_OperationMode mode) 1465 { 1466 uint32_t req_key_type; 1467 1468 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 1469 case TEE_MAIN_ALGO_MD5: 1470 req_key_type = TEE_TYPE_HMAC_MD5; 1471 break; 1472 case TEE_MAIN_ALGO_SHA1: 1473 req_key_type = TEE_TYPE_HMAC_SHA1; 1474 break; 1475 case TEE_MAIN_ALGO_SHA224: 1476 req_key_type = TEE_TYPE_HMAC_SHA224; 1477 break; 1478 case TEE_MAIN_ALGO_SHA256: 1479 req_key_type = TEE_TYPE_HMAC_SHA256; 1480 break; 1481 case TEE_MAIN_ALGO_SHA384: 1482 req_key_type = TEE_TYPE_HMAC_SHA384; 1483 break; 1484 case TEE_MAIN_ALGO_SHA512: 1485 req_key_type = TEE_TYPE_HMAC_SHA512; 1486 break; 1487 case TEE_MAIN_ALGO_AES: 1488 req_key_type = TEE_TYPE_AES; 1489 break; 1490 case TEE_MAIN_ALGO_DES: 1491 req_key_type = TEE_TYPE_DES; 1492 break; 1493 case TEE_MAIN_ALGO_DES3: 1494 req_key_type = TEE_TYPE_DES3; 1495 break; 1496 case TEE_MAIN_ALGO_RSA: 1497 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 1498 req_key_type = TEE_TYPE_RSA_PUBLIC_KEY; 1499 else 1500 req_key_type = TEE_TYPE_RSA_KEYPAIR; 1501 break; 1502 case TEE_MAIN_ALGO_DSA: 1503 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 1504 req_key_type = TEE_TYPE_DSA_PUBLIC_KEY; 1505 else 1506 req_key_type = TEE_TYPE_DSA_KEYPAIR; 1507 break; 1508 case TEE_MAIN_ALGO_DH: 1509 req_key_type = TEE_TYPE_DH_KEYPAIR; 1510 break; 1511 default: 1512 return TEE_ERROR_BAD_PARAMETERS; 1513 } 1514 1515 if (req_key_type != o->info.objectType) 1516 return TEE_ERROR_BAD_PARAMETERS; 1517 return TEE_SUCCESS; 1518 } 1519 1520 TEE_Result tee_svc_cryp_state_alloc(uint32_t algo, uint32_t mode, 1521 uint32_t key1, uint32_t key2, 1522 uint32_t *state) 1523 { 1524 TEE_Result res; 1525 struct tee_cryp_state *cs; 1526 struct tee_ta_session *sess; 1527 struct tee_obj *o1 = NULL; 1528 struct tee_obj *o2 = NULL; 1529 1530 res = tee_ta_get_current_session(&sess); 1531 if (res != TEE_SUCCESS) 1532 return res; 1533 1534 if (key1 != 0) { 1535 res = tee_obj_get(sess->ctx, key1, &o1); 1536 if (res != TEE_SUCCESS) 1537 return res; 1538 if (o1->busy) 1539 return TEE_ERROR_BAD_PARAMETERS; 1540 res = tee_svc_cryp_check_key_type(o1, algo, mode); 1541 if (res != TEE_SUCCESS) 1542 return res; 1543 } 1544 if (key2 != 0) { 1545 res = tee_obj_get(sess->ctx, key2, &o2); 1546 if (res != TEE_SUCCESS) 1547 return res; 1548 if (o2->busy) 1549 return TEE_ERROR_BAD_PARAMETERS; 1550 res = tee_svc_cryp_check_key_type(o2, algo, mode); 1551 if (res != TEE_SUCCESS) 1552 return res; 1553 } 1554 1555 cs = calloc(1, sizeof(struct tee_cryp_state)); 1556 if (!cs) 1557 return TEE_ERROR_OUT_OF_MEMORY; 1558 TAILQ_INSERT_TAIL(&sess->ctx->cryp_states, cs, link); 1559 cs->algo = algo; 1560 cs->mode = mode; 1561 1562 switch (TEE_ALG_GET_CLASS(algo)) { 1563 case TEE_OPERATION_CIPHER: 1564 if ((algo == TEE_ALG_AES_XTS && (key1 == 0 || key2 == 0)) || 1565 (algo != TEE_ALG_AES_XTS && (key1 == 0 || key2 != 0))) { 1566 res = TEE_ERROR_BAD_PARAMETERS; 1567 } else { 1568 if (crypto_ops.cipher.get_ctx_size) 1569 res = crypto_ops.cipher.get_ctx_size(algo, 1570 &cs->ctx_size); 1571 else 1572 res = TEE_ERROR_NOT_IMPLEMENTED; 1573 if (res != TEE_SUCCESS) 1574 break; 1575 cs->ctx = calloc(1, cs->ctx_size); 1576 if (!cs->ctx) 1577 res = TEE_ERROR_OUT_OF_MEMORY; 1578 } 1579 break; 1580 case TEE_OPERATION_AE: 1581 if (key1 == 0 || key2 != 0) { 1582 res = TEE_ERROR_BAD_PARAMETERS; 1583 } else { 1584 if (crypto_ops.authenc.get_ctx_size) 1585 res = crypto_ops.authenc.get_ctx_size(algo, 1586 &cs->ctx_size); 1587 else 1588 res = TEE_ERROR_NOT_IMPLEMENTED; 1589 if (res != TEE_SUCCESS) 1590 break; 1591 cs->ctx = calloc(1, cs->ctx_size); 1592 if (!cs->ctx) 1593 res = TEE_ERROR_OUT_OF_MEMORY; 1594 } 1595 break; 1596 case TEE_OPERATION_MAC: 1597 if (key1 == 0 || key2 != 0) { 1598 res = TEE_ERROR_BAD_PARAMETERS; 1599 } else { 1600 if (crypto_ops.mac.get_ctx_size) 1601 res = crypto_ops.mac.get_ctx_size(algo, 1602 &cs->ctx_size); 1603 else 1604 res = TEE_ERROR_NOT_IMPLEMENTED; 1605 if (res != TEE_SUCCESS) 1606 break; 1607 cs->ctx = calloc(1, cs->ctx_size); 1608 if (!cs->ctx) 1609 res = TEE_ERROR_OUT_OF_MEMORY; 1610 } 1611 break; 1612 case TEE_OPERATION_DIGEST: 1613 if (key1 != 0 || key2 != 0) { 1614 res = TEE_ERROR_BAD_PARAMETERS; 1615 } else { 1616 if (crypto_ops.hash.get_ctx_size) 1617 res = crypto_ops.hash.get_ctx_size(algo, 1618 &cs->ctx_size); 1619 else 1620 res = TEE_ERROR_NOT_IMPLEMENTED; 1621 if (res != TEE_SUCCESS) 1622 break; 1623 cs->ctx = calloc(1, cs->ctx_size); 1624 if (!cs->ctx) 1625 res = TEE_ERROR_OUT_OF_MEMORY; 1626 } 1627 break; 1628 case TEE_OPERATION_ASYMMETRIC_CIPHER: 1629 case TEE_OPERATION_ASYMMETRIC_SIGNATURE: 1630 if (key1 == 0 || key2 != 0) 1631 res = TEE_ERROR_BAD_PARAMETERS; 1632 break; 1633 case TEE_OPERATION_KEY_DERIVATION: 1634 if (key1 == 0 || key2 != 0) 1635 res = TEE_ERROR_BAD_PARAMETERS; 1636 break; 1637 default: 1638 res = TEE_ERROR_NOT_SUPPORTED; 1639 break; 1640 } 1641 if (res != TEE_SUCCESS) 1642 goto out; 1643 1644 res = tee_svc_copy_to_user(sess, state, &cs, sizeof(uint32_t)); 1645 if (res != TEE_SUCCESS) 1646 goto out; 1647 1648 /* Register keys */ 1649 if (o1 != NULL) { 1650 o1->busy = true; 1651 cs->key1 = key1; 1652 } 1653 if (o2 != NULL) { 1654 o2->busy = true; 1655 cs->key2 = key2; 1656 } 1657 1658 out: 1659 if (res != TEE_SUCCESS) 1660 cryp_state_free(sess->ctx, cs); 1661 return res; 1662 } 1663 1664 TEE_Result tee_svc_cryp_state_copy(uint32_t dst, uint32_t src) 1665 { 1666 TEE_Result res; 1667 struct tee_cryp_state *cs_dst; 1668 struct tee_cryp_state *cs_src; 1669 struct tee_ta_session *sess; 1670 1671 res = tee_ta_get_current_session(&sess); 1672 if (res != TEE_SUCCESS) 1673 return res; 1674 1675 res = tee_svc_cryp_get_state(sess, dst, &cs_dst); 1676 if (res != TEE_SUCCESS) 1677 return res; 1678 res = tee_svc_cryp_get_state(sess, src, &cs_src); 1679 if (res != TEE_SUCCESS) 1680 return res; 1681 if (cs_dst->algo != cs_src->algo || cs_dst->mode != cs_src->mode) 1682 return TEE_ERROR_BAD_PARAMETERS; 1683 /* "Can't happen" */ 1684 if (cs_dst->ctx_size != cs_src->ctx_size) 1685 return TEE_ERROR_BAD_STATE; 1686 1687 memcpy(cs_dst->ctx, cs_src->ctx, cs_src->ctx_size); 1688 return TEE_SUCCESS; 1689 } 1690 1691 void tee_svc_cryp_free_states(struct tee_ta_ctx *ctx) 1692 { 1693 struct tee_cryp_state_head *states = &ctx->cryp_states; 1694 1695 while (!TAILQ_EMPTY(states)) 1696 cryp_state_free(ctx, TAILQ_FIRST(states)); 1697 } 1698 1699 TEE_Result tee_svc_cryp_state_free(uint32_t state) 1700 { 1701 TEE_Result res; 1702 struct tee_cryp_state *cs; 1703 struct tee_ta_session *sess; 1704 1705 res = tee_ta_get_current_session(&sess); 1706 if (res != TEE_SUCCESS) 1707 return res; 1708 1709 res = tee_svc_cryp_get_state(sess, state, &cs); 1710 if (res != TEE_SUCCESS) 1711 return res; 1712 cryp_state_free(sess->ctx, cs); 1713 return TEE_SUCCESS; 1714 } 1715 1716 /* iv and iv_len are ignored for some algorithms */ 1717 TEE_Result tee_svc_hash_init(uint32_t state, const void *iv __unused, 1718 size_t iv_len __unused) 1719 { 1720 TEE_Result res; 1721 struct tee_cryp_state *cs; 1722 struct tee_ta_session *sess; 1723 1724 res = tee_ta_get_current_session(&sess); 1725 if (res != TEE_SUCCESS) 1726 return res; 1727 1728 res = tee_svc_cryp_get_state(sess, state, &cs); 1729 if (res != TEE_SUCCESS) 1730 return res; 1731 1732 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1733 case TEE_OPERATION_DIGEST: 1734 if (!crypto_ops.hash.init) 1735 return TEE_ERROR_NOT_IMPLEMENTED; 1736 res = crypto_ops.hash.init(cs->ctx, cs->algo); 1737 if (res != TEE_SUCCESS) 1738 return res; 1739 break; 1740 case TEE_OPERATION_MAC: 1741 { 1742 struct tee_obj *o; 1743 struct tee_cryp_obj_secret *key; 1744 1745 res = tee_obj_get(sess->ctx, cs->key1, &o); 1746 if (res != TEE_SUCCESS) 1747 return res; 1748 if ((o->info.handleFlags & 1749 TEE_HANDLE_FLAG_INITIALIZED) == 0) 1750 return TEE_ERROR_BAD_PARAMETERS; 1751 1752 key = (struct tee_cryp_obj_secret *)o->data; 1753 if (!crypto_ops.mac.init) 1754 return TEE_ERROR_NOT_IMPLEMENTED; 1755 res = crypto_ops.mac.init(cs->ctx, cs->algo, 1756 (void *)(key + 1), 1757 key->key_size); 1758 if (res != TEE_SUCCESS) 1759 return res; 1760 break; 1761 } 1762 default: 1763 return TEE_ERROR_BAD_PARAMETERS; 1764 } 1765 1766 return TEE_SUCCESS; 1767 } 1768 1769 TEE_Result tee_svc_hash_update(uint32_t state, const void *chunk, 1770 size_t chunk_size) 1771 { 1772 TEE_Result res; 1773 struct tee_cryp_state *cs; 1774 struct tee_ta_session *sess; 1775 1776 /* No data, but size provided isn't valid parameters. */ 1777 if (!chunk && chunk_size) 1778 return TEE_ERROR_BAD_PARAMETERS; 1779 1780 /* Zero length hash is valid, but nothing we need to do. */ 1781 if (!chunk_size) 1782 return TEE_SUCCESS; 1783 1784 res = tee_ta_get_current_session(&sess); 1785 if (res != TEE_SUCCESS) 1786 return res; 1787 1788 res = tee_mmu_check_access_rights(sess->ctx, 1789 TEE_MEMORY_ACCESS_READ | 1790 TEE_MEMORY_ACCESS_ANY_OWNER, 1791 (tee_uaddr_t)chunk, chunk_size); 1792 if (res != TEE_SUCCESS) 1793 return res; 1794 1795 res = tee_svc_cryp_get_state(sess, state, &cs); 1796 if (res != TEE_SUCCESS) 1797 return res; 1798 1799 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1800 case TEE_OPERATION_DIGEST: 1801 if (!crypto_ops.hash.update) 1802 return TEE_ERROR_NOT_IMPLEMENTED; 1803 res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, 1804 chunk_size); 1805 if (res != TEE_SUCCESS) 1806 return res; 1807 break; 1808 case TEE_OPERATION_MAC: 1809 if (!crypto_ops.mac.update) 1810 return TEE_ERROR_NOT_IMPLEMENTED; 1811 res = crypto_ops.mac.update(cs->ctx, cs->algo, chunk, 1812 chunk_size); 1813 if (res != TEE_SUCCESS) 1814 return res; 1815 break; 1816 default: 1817 return TEE_ERROR_BAD_PARAMETERS; 1818 } 1819 1820 return TEE_SUCCESS; 1821 } 1822 1823 TEE_Result tee_svc_hash_final(uint32_t state, const void *chunk, 1824 size_t chunk_size, void *hash, size_t *hash_len) 1825 { 1826 TEE_Result res, res2; 1827 size_t hash_size; 1828 size_t hlen; 1829 struct tee_cryp_state *cs; 1830 struct tee_ta_session *sess; 1831 1832 /* No data, but size provided isn't valid parameters. */ 1833 if (!chunk && chunk_size) 1834 return TEE_ERROR_BAD_PARAMETERS; 1835 1836 res = tee_ta_get_current_session(&sess); 1837 if (res != TEE_SUCCESS) 1838 return res; 1839 1840 res = tee_mmu_check_access_rights(sess->ctx, 1841 TEE_MEMORY_ACCESS_READ | 1842 TEE_MEMORY_ACCESS_ANY_OWNER, 1843 (tee_uaddr_t)chunk, chunk_size); 1844 if (res != TEE_SUCCESS) 1845 return res; 1846 1847 res = tee_svc_copy_from_user(sess, &hlen, hash_len, sizeof(size_t)); 1848 if (res != TEE_SUCCESS) 1849 return res; 1850 1851 res = tee_mmu_check_access_rights(sess->ctx, 1852 TEE_MEMORY_ACCESS_READ | 1853 TEE_MEMORY_ACCESS_WRITE | 1854 TEE_MEMORY_ACCESS_ANY_OWNER, 1855 (tee_uaddr_t)hash, hlen); 1856 if (res != TEE_SUCCESS) 1857 return res; 1858 1859 res = tee_svc_cryp_get_state(sess, state, &cs); 1860 if (res != TEE_SUCCESS) 1861 return res; 1862 1863 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1864 case TEE_OPERATION_DIGEST: 1865 if (!crypto_ops.hash.update || !crypto_ops.hash.final) 1866 return TEE_ERROR_NOT_IMPLEMENTED; 1867 res = tee_hash_get_digest_size(cs->algo, &hash_size); 1868 if (res != TEE_SUCCESS) 1869 return res; 1870 if (*hash_len < hash_size) { 1871 res = TEE_ERROR_SHORT_BUFFER; 1872 goto out; 1873 } 1874 1875 if (chunk_size) { 1876 res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, 1877 chunk_size); 1878 if (res != TEE_SUCCESS) 1879 return res; 1880 } 1881 1882 res = crypto_ops.hash.final(cs->ctx, cs->algo, hash, 1883 hash_size); 1884 if (res != TEE_SUCCESS) 1885 return res; 1886 break; 1887 1888 case TEE_OPERATION_MAC: 1889 if (!crypto_ops.mac.final) 1890 return TEE_ERROR_NOT_IMPLEMENTED; 1891 res = tee_mac_get_digest_size(cs->algo, &hash_size); 1892 if (res != TEE_SUCCESS) 1893 return res; 1894 if (*hash_len < hash_size) { 1895 res = TEE_ERROR_SHORT_BUFFER; 1896 goto out; 1897 } 1898 1899 res = crypto_ops.mac.final(cs->ctx, cs->algo, chunk, 1900 chunk_size, hash, hash_size); 1901 if (res != TEE_SUCCESS) 1902 return res; 1903 break; 1904 1905 default: 1906 return TEE_ERROR_BAD_PARAMETERS; 1907 } 1908 out: 1909 res2 = 1910 tee_svc_copy_to_user(sess, hash_len, &hash_size, sizeof(*hash_len)); 1911 if (res2 != TEE_SUCCESS) 1912 return res2; 1913 return res; 1914 } 1915 1916 TEE_Result tee_svc_cipher_init(uint32_t state, const void *iv, size_t iv_len) 1917 { 1918 TEE_Result res; 1919 struct tee_cryp_state *cs; 1920 struct tee_ta_session *sess; 1921 struct tee_obj *o; 1922 struct tee_cryp_obj_secret *key1; 1923 1924 res = tee_ta_get_current_session(&sess); 1925 if (res != TEE_SUCCESS) 1926 return res; 1927 1928 res = tee_svc_cryp_get_state(sess, state, &cs); 1929 if (res != TEE_SUCCESS) 1930 return res; 1931 1932 res = tee_mmu_check_access_rights(sess->ctx, 1933 TEE_MEMORY_ACCESS_READ | 1934 TEE_MEMORY_ACCESS_ANY_OWNER, 1935 (tee_uaddr_t) iv, iv_len); 1936 if (res != TEE_SUCCESS) 1937 return res; 1938 1939 res = tee_obj_get(sess->ctx, cs->key1, &o); 1940 if (res != TEE_SUCCESS) 1941 return res; 1942 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1943 return TEE_ERROR_BAD_PARAMETERS; 1944 1945 key1 = (struct tee_cryp_obj_secret *)o->data; 1946 1947 if (!crypto_ops.cipher.init) 1948 return TEE_ERROR_NOT_IMPLEMENTED; 1949 1950 if (tee_obj_get(sess->ctx, cs->key2, &o) == TEE_SUCCESS) { 1951 struct tee_cryp_obj_secret *key2 = 1952 (struct tee_cryp_obj_secret *)o->data; 1953 1954 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1955 return TEE_ERROR_BAD_PARAMETERS; 1956 1957 res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, 1958 (uint8_t *)(key1 + 1), 1959 key1->key_size, 1960 (uint8_t *)(key2 + 1), 1961 key2->key_size, 1962 iv, iv_len); 1963 } else { 1964 res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, 1965 (uint8_t *)(key1 + 1), 1966 key1->key_size, 1967 NULL, 1968 0, 1969 iv, iv_len); 1970 } 1971 if (res != TEE_SUCCESS) 1972 return res; 1973 1974 cs->ctx_finalize = crypto_ops.cipher.final; 1975 return TEE_SUCCESS; 1976 } 1977 1978 static TEE_Result tee_svc_cipher_update_helper(uint32_t state, bool last_block, 1979 const void *src, size_t src_len, 1980 void *dst, size_t *dst_len) 1981 { 1982 TEE_Result res; 1983 struct tee_cryp_state *cs; 1984 struct tee_ta_session *sess; 1985 size_t dlen; 1986 1987 res = tee_ta_get_current_session(&sess); 1988 if (res != TEE_SUCCESS) 1989 return res; 1990 1991 res = tee_svc_cryp_get_state(sess, state, &cs); 1992 if (res != TEE_SUCCESS) 1993 return res; 1994 1995 res = tee_mmu_check_access_rights(sess->ctx, 1996 TEE_MEMORY_ACCESS_READ | 1997 TEE_MEMORY_ACCESS_ANY_OWNER, 1998 (tee_uaddr_t)src, src_len); 1999 if (res != TEE_SUCCESS) 2000 return res; 2001 2002 if (!dst_len) { 2003 dlen = 0; 2004 } else { 2005 res = 2006 tee_svc_copy_from_user(sess, &dlen, dst_len, 2007 sizeof(size_t)); 2008 if (res != TEE_SUCCESS) 2009 return res; 2010 2011 res = tee_mmu_check_access_rights(sess->ctx, 2012 TEE_MEMORY_ACCESS_READ | 2013 TEE_MEMORY_ACCESS_WRITE | 2014 TEE_MEMORY_ACCESS_ANY_OWNER, 2015 (tee_uaddr_t)dst, dlen); 2016 if (res != TEE_SUCCESS) 2017 return res; 2018 } 2019 2020 if (dlen < src_len) { 2021 res = TEE_ERROR_SHORT_BUFFER; 2022 goto out; 2023 } 2024 2025 if (src_len > 0) { 2026 /* Permit src_len == 0 to finalize the operation */ 2027 res = tee_do_cipher_update(cs->ctx, cs->algo, cs->mode, 2028 last_block, src, src_len, dst); 2029 } 2030 2031 if (last_block && cs->ctx_finalize != NULL) { 2032 cs->ctx_finalize(cs->ctx, cs->mode); 2033 cs->ctx_finalize = NULL; 2034 } 2035 2036 out: 2037 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 2038 dst_len != NULL) { 2039 TEE_Result res2 = tee_svc_copy_to_user(sess, dst_len, &src_len, 2040 sizeof(size_t)); 2041 if (res2 != TEE_SUCCESS) 2042 res = res2; 2043 } 2044 2045 return res; 2046 } 2047 2048 TEE_Result tee_svc_cipher_update(uint32_t state, const void *src, 2049 size_t src_len, void *dst, size_t *dst_len) 2050 { 2051 return tee_svc_cipher_update_helper(state, false /* last_block */, 2052 src, src_len, dst, dst_len); 2053 } 2054 2055 TEE_Result tee_svc_cipher_final(uint32_t state, const void *src, 2056 size_t src_len, void *dst, size_t *dst_len) 2057 { 2058 return tee_svc_cipher_update_helper(state, true /* last_block */, 2059 src, src_len, dst, dst_len); 2060 } 2061 2062 TEE_Result tee_svc_cryp_derive_key(uint32_t state, const TEE_Attribute *params, 2063 uint32_t param_count, uint32_t derived_key) 2064 { 2065 TEE_Result res; 2066 struct tee_ta_session *sess; 2067 struct tee_obj *ko; 2068 struct tee_obj *so; 2069 struct tee_cryp_state *cs; 2070 struct tee_cryp_obj_secret *sk; 2071 const struct tee_cryp_obj_type_props *type_props; 2072 struct bignum *publicvalue; 2073 struct bignum *sharedsecret; 2074 size_t alloc_size; 2075 2076 res = tee_ta_get_current_session(&sess); 2077 if (res != TEE_SUCCESS) 2078 return res; 2079 2080 res = tee_svc_cryp_get_state(sess, state, &cs); 2081 if (res != TEE_SUCCESS) 2082 return res; 2083 2084 if ((param_count != 1) || 2085 (params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE)) 2086 return TEE_ERROR_BAD_PARAMETERS; 2087 2088 /* get key set in operation */ 2089 res = tee_obj_get(sess->ctx, cs->key1, &ko); 2090 if (res != TEE_SUCCESS) 2091 return res; 2092 2093 res = tee_obj_get(sess->ctx, derived_key, &so); 2094 if (res != TEE_SUCCESS) 2095 return res; 2096 2097 /* find information needed about the object to initialize */ 2098 sk = (struct tee_cryp_obj_secret *)so->data; 2099 2100 /* Find description of object */ 2101 type_props = tee_svc_find_type_props(so->info.objectType); 2102 if (!type_props) 2103 return TEE_ERROR_NOT_SUPPORTED; 2104 2105 /* extract information from the attributes passed to the function */ 2106 alloc_size = params[0].content.ref.length * 8; 2107 publicvalue = crypto_ops.bignum.allocate(alloc_size); 2108 sharedsecret = crypto_ops.bignum.allocate(alloc_size); 2109 if (!publicvalue || !sharedsecret) 2110 return TEE_ERROR_OUT_OF_MEMORY; 2111 if (!crypto_ops.bignum.bin2bn || 2112 !crypto_ops.acipher.dh_shared_secret || 2113 !crypto_ops.bignum.num_bytes || 2114 !crypto_ops.bignum.bn2bin) 2115 return TEE_ERROR_NOT_IMPLEMENTED; 2116 crypto_ops.bignum.bin2bn(params[0].content.ref.buffer, 2117 params[0].content.ref.length, 2118 publicvalue); 2119 res = crypto_ops.acipher.dh_shared_secret(ko->data, publicvalue, 2120 sharedsecret); 2121 if (res == TEE_SUCCESS) { 2122 sk->key_size = crypto_ops.bignum.num_bytes(sharedsecret); 2123 crypto_ops.bignum.bn2bin(sharedsecret, (uint8_t *)(sk + 1)); 2124 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 2125 SET_ATTRIBUTE(so, type_props, TEE_ATTR_SECRET_VALUE); 2126 } 2127 return res; 2128 } 2129 2130 TEE_Result tee_svc_cryp_random_number_generate(void *buf, size_t blen) 2131 { 2132 TEE_Result res; 2133 struct tee_ta_session *sess; 2134 2135 res = tee_ta_get_current_session(&sess); 2136 if (res != TEE_SUCCESS) 2137 return res; 2138 2139 res = tee_mmu_check_access_rights(sess->ctx, 2140 TEE_MEMORY_ACCESS_WRITE | 2141 TEE_MEMORY_ACCESS_ANY_OWNER, 2142 (tee_uaddr_t)buf, blen); 2143 if (res != TEE_SUCCESS) 2144 return res; 2145 2146 res = get_rng_array(buf, blen); 2147 if (res != TEE_SUCCESS) 2148 return res; 2149 2150 return res; 2151 } 2152 2153 TEE_Result tee_svc_authenc_init(uint32_t state, const void *nonce, 2154 size_t nonce_len, size_t tag_len, 2155 size_t aad_len, size_t payload_len) 2156 { 2157 TEE_Result res; 2158 struct tee_cryp_state *cs; 2159 struct tee_ta_session *sess; 2160 struct tee_obj *o; 2161 struct tee_cryp_obj_secret *key; 2162 2163 res = tee_ta_get_current_session(&sess); 2164 if (res != TEE_SUCCESS) 2165 return res; 2166 2167 res = tee_svc_cryp_get_state(sess, state, &cs); 2168 if (res != TEE_SUCCESS) 2169 return res; 2170 2171 res = tee_obj_get(sess->ctx, cs->key1, &o); 2172 if (res != TEE_SUCCESS) 2173 return res; 2174 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2175 return TEE_ERROR_BAD_PARAMETERS; 2176 2177 if (!crypto_ops.authenc.init) 2178 return TEE_ERROR_NOT_IMPLEMENTED; 2179 key = (struct tee_cryp_obj_secret *)o->data; 2180 res = crypto_ops.authenc.init(cs->ctx, cs->algo, cs->mode, 2181 (uint8_t *)(key + 1), key->key_size, 2182 nonce, nonce_len, tag_len, aad_len, 2183 payload_len); 2184 if (res != TEE_SUCCESS) 2185 return res; 2186 2187 cs->ctx_finalize = (tee_cryp_ctx_finalize_func_t) 2188 crypto_ops.authenc.final; 2189 return TEE_SUCCESS; 2190 } 2191 2192 TEE_Result tee_svc_authenc_update_aad(uint32_t state, const void *aad_data, 2193 size_t aad_data_len) 2194 { 2195 TEE_Result res; 2196 struct tee_cryp_state *cs; 2197 struct tee_ta_session *sess; 2198 2199 res = tee_ta_get_current_session(&sess); 2200 if (res != TEE_SUCCESS) 2201 return res; 2202 2203 res = tee_mmu_check_access_rights(sess->ctx, 2204 TEE_MEMORY_ACCESS_READ | 2205 TEE_MEMORY_ACCESS_ANY_OWNER, 2206 (tee_uaddr_t) aad_data, 2207 aad_data_len); 2208 if (res != TEE_SUCCESS) 2209 return res; 2210 2211 res = tee_svc_cryp_get_state(sess, state, &cs); 2212 if (res != TEE_SUCCESS) 2213 return res; 2214 2215 if (!crypto_ops.authenc.update_aad) 2216 return TEE_ERROR_NOT_IMPLEMENTED; 2217 res = crypto_ops.authenc.update_aad(cs->ctx, cs->algo, cs->mode, 2218 aad_data, aad_data_len); 2219 if (res != TEE_SUCCESS) 2220 return res; 2221 2222 return TEE_SUCCESS; 2223 } 2224 2225 TEE_Result tee_svc_authenc_update_payload(uint32_t state, const void *src_data, 2226 size_t src_len, void *dst_data, 2227 size_t *dst_len) 2228 { 2229 TEE_Result res; 2230 struct tee_cryp_state *cs; 2231 struct tee_ta_session *sess; 2232 size_t dlen; 2233 2234 res = tee_ta_get_current_session(&sess); 2235 if (res != TEE_SUCCESS) 2236 return res; 2237 2238 res = tee_svc_cryp_get_state(sess, state, &cs); 2239 if (res != TEE_SUCCESS) 2240 return res; 2241 2242 res = tee_mmu_check_access_rights(sess->ctx, 2243 TEE_MEMORY_ACCESS_READ | 2244 TEE_MEMORY_ACCESS_ANY_OWNER, 2245 (tee_uaddr_t) src_data, src_len); 2246 if (res != TEE_SUCCESS) 2247 return res; 2248 2249 res = tee_svc_copy_from_user(sess, &dlen, dst_len, sizeof(size_t)); 2250 if (res != TEE_SUCCESS) 2251 return res; 2252 2253 res = tee_mmu_check_access_rights(sess->ctx, 2254 TEE_MEMORY_ACCESS_READ | 2255 TEE_MEMORY_ACCESS_WRITE | 2256 TEE_MEMORY_ACCESS_ANY_OWNER, 2257 (tee_uaddr_t)dst_data, dlen); 2258 if (res != TEE_SUCCESS) 2259 return res; 2260 2261 if (dlen < src_len) { 2262 res = TEE_ERROR_SHORT_BUFFER; 2263 goto out; 2264 } 2265 2266 if (!crypto_ops.authenc.update_payload) 2267 return TEE_ERROR_NOT_IMPLEMENTED; 2268 res = crypto_ops.authenc.update_payload(cs->ctx, cs->algo, cs->mode, 2269 src_data, src_len, dst_data, 2270 &dlen); 2271 2272 out: 2273 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2274 TEE_Result res2 = tee_svc_copy_to_user(sess, dst_len, &dlen, 2275 sizeof(size_t)); 2276 if (res2 != TEE_SUCCESS) 2277 res = res2; 2278 } 2279 2280 return res; 2281 } 2282 2283 TEE_Result tee_svc_authenc_enc_final(uint32_t state, const void *src_data, 2284 size_t src_len, void *dst_data, 2285 size_t *dst_len, void *tag, 2286 size_t *tag_len) 2287 { 2288 TEE_Result res; 2289 struct tee_cryp_state *cs; 2290 struct tee_ta_session *sess; 2291 size_t dlen; 2292 size_t tlen; 2293 2294 res = tee_ta_get_current_session(&sess); 2295 if (res != TEE_SUCCESS) 2296 return res; 2297 2298 res = tee_svc_cryp_get_state(sess, state, &cs); 2299 if (res != TEE_SUCCESS) 2300 return res; 2301 2302 if (cs->mode != TEE_MODE_ENCRYPT) 2303 return TEE_ERROR_BAD_PARAMETERS; 2304 2305 res = tee_mmu_check_access_rights(sess->ctx, 2306 TEE_MEMORY_ACCESS_READ | 2307 TEE_MEMORY_ACCESS_ANY_OWNER, 2308 (tee_uaddr_t)src_data, src_len); 2309 if (res != TEE_SUCCESS) 2310 return res; 2311 2312 if (!dst_len) { 2313 dlen = 0; 2314 } else { 2315 res = 2316 tee_svc_copy_from_user(sess, &dlen, dst_len, 2317 sizeof(size_t)); 2318 if (res != TEE_SUCCESS) 2319 return res; 2320 2321 res = tee_mmu_check_access_rights(sess->ctx, 2322 TEE_MEMORY_ACCESS_READ | 2323 TEE_MEMORY_ACCESS_WRITE | 2324 TEE_MEMORY_ACCESS_ANY_OWNER, 2325 (tee_uaddr_t)dst_data, dlen); 2326 if (res != TEE_SUCCESS) 2327 return res; 2328 } 2329 2330 if (dlen < src_len) { 2331 res = TEE_ERROR_SHORT_BUFFER; 2332 goto out; 2333 } 2334 2335 res = tee_svc_copy_from_user(sess, &tlen, tag_len, sizeof(size_t)); 2336 if (res != TEE_SUCCESS) 2337 return res; 2338 2339 res = tee_mmu_check_access_rights(sess->ctx, 2340 TEE_MEMORY_ACCESS_READ | 2341 TEE_MEMORY_ACCESS_WRITE | 2342 TEE_MEMORY_ACCESS_ANY_OWNER, 2343 (tee_uaddr_t)tag, tlen); 2344 if (res != TEE_SUCCESS) 2345 return res; 2346 2347 if (!crypto_ops.authenc.enc_final) 2348 return TEE_ERROR_NOT_IMPLEMENTED; 2349 res = crypto_ops.authenc.enc_final(cs->ctx, cs->algo, src_data, 2350 src_len, dst_data, &dlen, tag, 2351 &tlen); 2352 2353 out: 2354 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2355 TEE_Result res2; 2356 2357 if (dst_len != NULL) { 2358 res2 = tee_svc_copy_to_user(sess, dst_len, &dlen, 2359 sizeof(size_t)); 2360 if (res2 != TEE_SUCCESS) 2361 return res2; 2362 } 2363 2364 res2 = 2365 tee_svc_copy_to_user(sess, tag_len, &tlen, sizeof(size_t)); 2366 if (res2 != TEE_SUCCESS) 2367 return res2; 2368 } 2369 2370 return res; 2371 } 2372 2373 TEE_Result tee_svc_authenc_dec_final(uint32_t state, const void *src_data, 2374 size_t src_len, void *dst_data, 2375 size_t *dst_len, const void *tag, 2376 size_t tag_len) 2377 { 2378 TEE_Result res; 2379 struct tee_cryp_state *cs; 2380 struct tee_ta_session *sess; 2381 size_t dlen; 2382 2383 res = tee_ta_get_current_session(&sess); 2384 if (res != TEE_SUCCESS) 2385 return res; 2386 2387 res = tee_svc_cryp_get_state(sess, state, &cs); 2388 if (res != TEE_SUCCESS) 2389 return res; 2390 2391 if (cs->mode != TEE_MODE_DECRYPT) 2392 return TEE_ERROR_BAD_PARAMETERS; 2393 2394 res = tee_mmu_check_access_rights(sess->ctx, 2395 TEE_MEMORY_ACCESS_READ | 2396 TEE_MEMORY_ACCESS_ANY_OWNER, 2397 (tee_uaddr_t)src_data, src_len); 2398 if (res != TEE_SUCCESS) 2399 return res; 2400 2401 if (!dst_len) { 2402 dlen = 0; 2403 } else { 2404 res = 2405 tee_svc_copy_from_user(sess, &dlen, dst_len, 2406 sizeof(size_t)); 2407 if (res != TEE_SUCCESS) 2408 return res; 2409 2410 res = tee_mmu_check_access_rights(sess->ctx, 2411 TEE_MEMORY_ACCESS_READ | 2412 TEE_MEMORY_ACCESS_WRITE | 2413 TEE_MEMORY_ACCESS_ANY_OWNER, 2414 (tee_uaddr_t)dst_data, dlen); 2415 if (res != TEE_SUCCESS) 2416 return res; 2417 } 2418 2419 if (dlen < src_len) { 2420 res = TEE_ERROR_SHORT_BUFFER; 2421 goto out; 2422 } 2423 2424 res = tee_mmu_check_access_rights(sess->ctx, 2425 TEE_MEMORY_ACCESS_READ | 2426 TEE_MEMORY_ACCESS_ANY_OWNER, 2427 (tee_uaddr_t)tag, tag_len); 2428 if (res != TEE_SUCCESS) 2429 return res; 2430 2431 if (!crypto_ops.authenc.dec_final) 2432 return TEE_ERROR_NOT_IMPLEMENTED; 2433 res = crypto_ops.authenc.dec_final(cs->ctx, cs->algo, src_data, 2434 src_len, dst_data, &dlen, tag, 2435 tag_len); 2436 2437 out: 2438 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 2439 dst_len != NULL) { 2440 TEE_Result res2; 2441 2442 res2 = 2443 tee_svc_copy_to_user(sess, dst_len, &dlen, 2444 sizeof(size_t)); 2445 if (res2 != TEE_SUCCESS) 2446 return res2; 2447 } 2448 2449 return res; 2450 } 2451 2452 static void tee_svc_asymm_pkcs1_get_salt_len(const TEE_Attribute *params, 2453 uint32_t num_params, int *salt_len) 2454 { 2455 size_t n; 2456 2457 for (n = 0; n < num_params; n++) { 2458 if (params[n].attributeID == TEE_ATTR_RSA_PSS_SALT_LENGTH) { 2459 *salt_len = params[n].content.value.a; 2460 return; 2461 } 2462 } 2463 *salt_len = -1; 2464 } 2465 2466 TEE_Result tee_svc_asymm_operate(uint32_t state, const TEE_Attribute *params, 2467 uint32_t num_params, const void *src_data, 2468 size_t src_len, void *dst_data, 2469 size_t *dst_len) 2470 { 2471 TEE_Result res; 2472 struct tee_cryp_state *cs; 2473 struct tee_ta_session *sess; 2474 size_t dlen; 2475 struct tee_obj *o; 2476 void *label = NULL; 2477 size_t label_len = 0; 2478 size_t n; 2479 int salt_len; 2480 2481 res = tee_ta_get_current_session(&sess); 2482 if (res != TEE_SUCCESS) 2483 return res; 2484 2485 res = tee_svc_cryp_get_state(sess, state, &cs); 2486 if (res != TEE_SUCCESS) 2487 return res; 2488 2489 res = tee_mmu_check_access_rights( 2490 sess->ctx, 2491 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, 2492 (tee_uaddr_t) src_data, src_len); 2493 if (res != TEE_SUCCESS) 2494 return res; 2495 2496 res = tee_svc_copy_from_user(sess, &dlen, dst_len, sizeof(size_t)); 2497 if (res != TEE_SUCCESS) 2498 return res; 2499 2500 res = tee_mmu_check_access_rights( 2501 sess->ctx, 2502 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_WRITE | 2503 TEE_MEMORY_ACCESS_ANY_OWNER, 2504 (tee_uaddr_t) dst_data, dlen); 2505 if (res != TEE_SUCCESS) 2506 return res; 2507 2508 res = tee_obj_get(sess->ctx, cs->key1, &o); 2509 if (res != TEE_SUCCESS) 2510 return res; 2511 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2512 return TEE_ERROR_GENERIC; 2513 2514 switch (cs->algo) { 2515 case TEE_ALG_RSA_NOPAD: 2516 if (cs->mode == TEE_MODE_ENCRYPT) { 2517 if (crypto_ops.acipher.rsanopad_encrypt) 2518 res = crypto_ops.acipher.rsanopad_encrypt( 2519 o->data, src_data, src_len, 2520 dst_data, &dlen); 2521 else 2522 res = TEE_ERROR_NOT_IMPLEMENTED; 2523 } else if (cs->mode == TEE_MODE_DECRYPT) { 2524 if (crypto_ops.acipher.rsanopad_decrypt) 2525 res = crypto_ops.acipher.rsanopad_decrypt( 2526 o->data, src_data, src_len, dst_data, 2527 &dlen); 2528 else 2529 res = TEE_ERROR_NOT_IMPLEMENTED; 2530 } else { 2531 /* 2532 * We will panic because "the mode is not compatible 2533 * with the function" 2534 */ 2535 return TEE_ERROR_GENERIC; 2536 } 2537 break; 2538 2539 case TEE_ALG_RSAES_PKCS1_V1_5: 2540 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 2541 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 2542 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 2543 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 2544 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 2545 for (n = 0; n < num_params; n++) { 2546 if (params[n].attributeID == TEE_ATTR_RSA_OAEP_LABEL) { 2547 label = params[n].content.ref.buffer; 2548 label_len = params[n].content.ref.length; 2549 break; 2550 } 2551 } 2552 2553 if (cs->mode == TEE_MODE_ENCRYPT) { 2554 if (crypto_ops.acipher.rsaes_encrypt) 2555 res = crypto_ops.acipher.rsaes_encrypt( 2556 cs->algo, o->data, label, label_len, 2557 src_data, src_len, dst_data, &dlen); 2558 else 2559 res = TEE_ERROR_NOT_IMPLEMENTED; 2560 } else if (cs->mode == TEE_MODE_DECRYPT) { 2561 if (crypto_ops.acipher.rsaes_decrypt) 2562 res = crypto_ops.acipher.rsaes_decrypt( 2563 cs->algo, o->data, 2564 label, label_len, 2565 src_data, src_len, dst_data, &dlen); 2566 else 2567 res = TEE_ERROR_NOT_IMPLEMENTED; 2568 } else { 2569 res = TEE_ERROR_BAD_PARAMETERS; 2570 } 2571 break; 2572 2573 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 2574 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 2575 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 2576 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 2577 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 2578 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 2579 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 2580 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 2581 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 2582 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 2583 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 2584 if (cs->mode != TEE_MODE_SIGN) { 2585 res = TEE_ERROR_BAD_PARAMETERS; 2586 break; 2587 } 2588 tee_svc_asymm_pkcs1_get_salt_len(params, num_params, &salt_len); 2589 2590 if (!crypto_ops.acipher.rsassa_sign) { 2591 res = TEE_ERROR_NOT_IMPLEMENTED; 2592 break; 2593 } 2594 res = crypto_ops.acipher.rsassa_sign(cs->algo, o->data, 2595 salt_len, src_data, 2596 src_len, dst_data, &dlen); 2597 break; 2598 2599 case TEE_ALG_DSA_SHA1: 2600 if (!crypto_ops.acipher.dsa_sign) { 2601 res = TEE_ERROR_NOT_IMPLEMENTED; 2602 break; 2603 } 2604 res = crypto_ops.acipher.dsa_sign(cs->algo, o->data, src_data, 2605 src_len, dst_data, &dlen); 2606 break; 2607 2608 default: 2609 res = TEE_ERROR_BAD_PARAMETERS; 2610 break; 2611 } 2612 2613 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2614 TEE_Result res2; 2615 2616 res2 = 2617 tee_svc_copy_to_user(sess, dst_len, &dlen, sizeof(size_t)); 2618 if (res2 != TEE_SUCCESS) 2619 return res2; 2620 } 2621 2622 return res; 2623 } 2624 2625 TEE_Result tee_svc_asymm_verify(uint32_t state, const TEE_Attribute *params, 2626 uint32_t num_params, const void *data, 2627 size_t data_len, const void *sig, 2628 size_t sig_len) 2629 { 2630 TEE_Result res; 2631 struct tee_cryp_state *cs; 2632 struct tee_ta_session *sess; 2633 struct tee_obj *o; 2634 size_t hash_size; 2635 int salt_len; 2636 2637 res = tee_ta_get_current_session(&sess); 2638 if (res != TEE_SUCCESS) 2639 return res; 2640 2641 res = tee_svc_cryp_get_state(sess, state, &cs); 2642 if (res != TEE_SUCCESS) 2643 return res; 2644 2645 if (cs->mode != TEE_MODE_VERIFY) 2646 return TEE_ERROR_BAD_PARAMETERS; 2647 2648 res = tee_mmu_check_access_rights(sess->ctx, 2649 TEE_MEMORY_ACCESS_READ | 2650 TEE_MEMORY_ACCESS_ANY_OWNER, 2651 (tee_uaddr_t)data, data_len); 2652 if (res != TEE_SUCCESS) 2653 return res; 2654 2655 res = tee_mmu_check_access_rights(sess->ctx, 2656 TEE_MEMORY_ACCESS_READ | 2657 TEE_MEMORY_ACCESS_ANY_OWNER, 2658 (tee_uaddr_t)sig, sig_len); 2659 if (res != TEE_SUCCESS) 2660 return res; 2661 2662 res = tee_obj_get(sess->ctx, cs->key1, &o); 2663 if (res != TEE_SUCCESS) 2664 return res; 2665 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2666 return TEE_ERROR_BAD_PARAMETERS; 2667 2668 res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(cs->algo), 2669 &hash_size); 2670 if (res != TEE_SUCCESS) 2671 return res; 2672 2673 if (data_len != hash_size) 2674 return TEE_ERROR_BAD_PARAMETERS; 2675 2676 switch (TEE_ALG_GET_MAIN_ALG(cs->algo)) { 2677 case TEE_MAIN_ALGO_RSA: 2678 tee_svc_asymm_pkcs1_get_salt_len(params, num_params, &salt_len); 2679 if (!crypto_ops.acipher.rsassa_verify) { 2680 res = TEE_ERROR_NOT_IMPLEMENTED; 2681 break; 2682 } 2683 res = crypto_ops.acipher.rsassa_verify(cs->algo, o->data, 2684 salt_len, data, 2685 data_len, sig, sig_len); 2686 break; 2687 2688 case TEE_MAIN_ALGO_DSA: 2689 if (!crypto_ops.acipher.dsa_verify) { 2690 res = TEE_ERROR_NOT_IMPLEMENTED; 2691 break; 2692 } 2693 res = crypto_ops.acipher.dsa_verify(cs->algo, o->data, data, 2694 data_len, sig, sig_len); 2695 break; 2696 2697 default: 2698 res = TEE_ERROR_NOT_SUPPORTED; 2699 } 2700 2701 return res; 2702 } 2703