1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2020, 2022 Linaro Limited 5 * Copyright (c) 2022, Technology Innovation Institute (TII) 6 */ 7 8 #include <assert.h> 9 #include <bitstring.h> 10 #include <compiler.h> 11 #include <config.h> 12 #include <crypto/crypto.h> 13 #include <kernel/tee_ta_manager.h> 14 #include <kernel/user_access.h> 15 #include <memtag.h> 16 #include <mm/vm.h> 17 #include <stdlib_ext.h> 18 #include <string_ext.h> 19 #include <string.h> 20 #include <sys/queue.h> 21 #include <tee_api_defines_extensions.h> 22 #include <tee_api_types.h> 23 #include <tee/tee_cryp_utl.h> 24 #include <tee/tee_obj.h> 25 #include <tee/tee_svc_cryp.h> 26 #include <tee/tee_svc.h> 27 #include <trace.h> 28 #include <utee_defines.h> 29 #include <util.h> 30 #if defined(CFG_CRYPTO_HKDF) 31 #include <tee/tee_cryp_hkdf.h> 32 #endif 33 #if defined(CFG_CRYPTO_CONCAT_KDF) 34 #include <tee/tee_cryp_concat_kdf.h> 35 #endif 36 #if defined(CFG_CRYPTO_PBKDF2) 37 #include <tee/tee_cryp_pbkdf2.h> 38 #endif 39 40 enum cryp_state { 41 CRYP_STATE_INITIALIZED = 0, 42 CRYP_STATE_UNINITIALIZED 43 }; 44 45 typedef void (*tee_cryp_ctx_finalize_func_t) (void *ctx); 46 struct tee_cryp_state { 47 TAILQ_ENTRY(tee_cryp_state) link; 48 uint32_t algo; 49 uint32_t mode; 50 vaddr_t key1; 51 vaddr_t key2; 52 void *ctx; 53 tee_cryp_ctx_finalize_func_t ctx_finalize; 54 enum cryp_state state; 55 }; 56 57 struct tee_cryp_obj_secret { 58 uint32_t key_size; 59 uint32_t alloc_size; 60 61 /* 62 * Pseudo code visualize layout of structure 63 * Next follows data, such as: 64 * uint8_t data[alloc_size] 65 * key_size must never exceed alloc_size 66 */ 67 }; 68 69 #define TEE_TYPE_ATTR_OPTIONAL BIT(0) 70 #define TEE_TYPE_ATTR_REQUIRED BIT(1) 71 #define TEE_TYPE_ATTR_OPTIONAL_GROUP BIT(2) 72 #define TEE_TYPE_ATTR_SIZE_INDICATOR BIT(3) 73 #define TEE_TYPE_ATTR_GEN_KEY_OPT BIT(4) 74 #define TEE_TYPE_ATTR_GEN_KEY_REQ BIT(5) 75 #define TEE_TYPE_ATTR_BIGNUM_MAXBITS BIT(6) 76 77 /* Handle storing of generic secret keys of varying lengths */ 78 #define ATTR_OPS_INDEX_SECRET 0 79 /* Convert to/from big-endian byte array and provider-specific bignum */ 80 #define ATTR_OPS_INDEX_BIGNUM 1 81 /* Convert to/from value attribute depending on direction */ 82 #define ATTR_OPS_INDEX_VALUE 2 83 /* Convert to/from curve25519 attribute depending on direction */ 84 #define ATTR_OPS_INDEX_25519 3 85 86 /* Curve25519 key bytes size is always 32 bytes*/ 87 #define KEY_SIZE_BYTES_25519 UL(32) 88 /* TEE Internal Core API v1.3.1, Table 6-8 */ 89 #define TEE_ED25519_CTX_MAX_LENGTH 255 90 91 struct tee_cryp_obj_type_attrs { 92 uint32_t attr_id; 93 uint16_t flags; 94 uint16_t ops_index; 95 uint16_t raw_offs; 96 uint16_t raw_size; 97 }; 98 99 #define RAW_DATA(_x, _y) \ 100 .raw_offs = offsetof(_x, _y), .raw_size = MEMBER_SIZE(_x, _y) 101 102 static const struct tee_cryp_obj_type_attrs 103 tee_cryp_obj_secret_value_attrs[] = { 104 { 105 .attr_id = TEE_ATTR_SECRET_VALUE, 106 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 107 .ops_index = ATTR_OPS_INDEX_SECRET, 108 .raw_offs = 0, 109 .raw_size = 0 110 }, 111 }; 112 113 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_pub_key_attrs[] = { 114 { 115 .attr_id = TEE_ATTR_RSA_MODULUS, 116 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 117 .ops_index = ATTR_OPS_INDEX_BIGNUM, 118 RAW_DATA(struct rsa_public_key, n) 119 }, 120 121 { 122 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 123 .flags = TEE_TYPE_ATTR_REQUIRED, 124 .ops_index = ATTR_OPS_INDEX_BIGNUM, 125 RAW_DATA(struct rsa_public_key, e) 126 }, 127 }; 128 129 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_keypair_attrs[] = { 130 { 131 .attr_id = TEE_ATTR_RSA_MODULUS, 132 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 133 .ops_index = ATTR_OPS_INDEX_BIGNUM, 134 RAW_DATA(struct rsa_keypair, n) 135 }, 136 137 { 138 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 139 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_OPT, 140 .ops_index = ATTR_OPS_INDEX_BIGNUM, 141 RAW_DATA(struct rsa_keypair, e) 142 }, 143 144 { 145 .attr_id = TEE_ATTR_RSA_PRIVATE_EXPONENT, 146 .flags = TEE_TYPE_ATTR_REQUIRED, 147 .ops_index = ATTR_OPS_INDEX_BIGNUM, 148 RAW_DATA(struct rsa_keypair, d) 149 }, 150 151 { 152 .attr_id = TEE_ATTR_RSA_PRIME1, 153 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 154 .ops_index = ATTR_OPS_INDEX_BIGNUM, 155 RAW_DATA(struct rsa_keypair, p) 156 }, 157 158 { 159 .attr_id = TEE_ATTR_RSA_PRIME2, 160 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 161 .ops_index = ATTR_OPS_INDEX_BIGNUM, 162 RAW_DATA(struct rsa_keypair, q) 163 }, 164 165 { 166 .attr_id = TEE_ATTR_RSA_EXPONENT1, 167 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 168 .ops_index = ATTR_OPS_INDEX_BIGNUM, 169 RAW_DATA(struct rsa_keypair, dp) 170 }, 171 172 { 173 .attr_id = TEE_ATTR_RSA_EXPONENT2, 174 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 175 .ops_index = ATTR_OPS_INDEX_BIGNUM, 176 RAW_DATA(struct rsa_keypair, dq) 177 }, 178 179 { 180 .attr_id = TEE_ATTR_RSA_COEFFICIENT, 181 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 182 .ops_index = ATTR_OPS_INDEX_BIGNUM, 183 RAW_DATA(struct rsa_keypair, qp) 184 }, 185 }; 186 187 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_pub_key_attrs[] = { 188 { 189 .attr_id = TEE_ATTR_DSA_PRIME, 190 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_BIGNUM_MAXBITS | 191 TEE_TYPE_ATTR_SIZE_INDICATOR, 192 .ops_index = ATTR_OPS_INDEX_BIGNUM, 193 RAW_DATA(struct dsa_public_key, p) 194 }, 195 196 { 197 .attr_id = TEE_ATTR_DSA_SUBPRIME, 198 .flags = TEE_TYPE_ATTR_REQUIRED, 199 .ops_index = ATTR_OPS_INDEX_BIGNUM, 200 RAW_DATA(struct dsa_public_key, q) 201 }, 202 203 { 204 .attr_id = TEE_ATTR_DSA_BASE, 205 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_BIGNUM_MAXBITS, 206 .ops_index = ATTR_OPS_INDEX_BIGNUM, 207 RAW_DATA(struct dsa_public_key, g) 208 }, 209 210 { 211 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 212 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_BIGNUM_MAXBITS, 213 .ops_index = ATTR_OPS_INDEX_BIGNUM, 214 RAW_DATA(struct dsa_public_key, y) 215 }, 216 }; 217 218 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_keypair_attrs[] = { 219 { 220 .attr_id = TEE_ATTR_DSA_PRIME, 221 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ | 222 TEE_TYPE_ATTR_BIGNUM_MAXBITS | TEE_TYPE_ATTR_SIZE_INDICATOR, 223 .ops_index = ATTR_OPS_INDEX_BIGNUM, 224 RAW_DATA(struct dsa_keypair, p) 225 }, 226 227 { 228 .attr_id = TEE_ATTR_DSA_SUBPRIME, 229 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 230 .ops_index = ATTR_OPS_INDEX_BIGNUM, 231 RAW_DATA(struct dsa_keypair, q) 232 }, 233 234 { 235 .attr_id = TEE_ATTR_DSA_BASE, 236 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ | 237 TEE_TYPE_ATTR_BIGNUM_MAXBITS, 238 .ops_index = ATTR_OPS_INDEX_BIGNUM, 239 RAW_DATA(struct dsa_keypair, g) 240 }, 241 242 { 243 .attr_id = TEE_ATTR_DSA_PRIVATE_VALUE, 244 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_BIGNUM_MAXBITS, 245 .ops_index = ATTR_OPS_INDEX_BIGNUM, 246 RAW_DATA(struct dsa_keypair, x) 247 }, 248 249 { 250 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 251 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_BIGNUM_MAXBITS, 252 .ops_index = ATTR_OPS_INDEX_BIGNUM, 253 RAW_DATA(struct dsa_keypair, y) 254 }, 255 }; 256 257 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dh_keypair_attrs[] = { 258 { 259 .attr_id = TEE_ATTR_DH_PRIME, 260 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 261 TEE_TYPE_ATTR_GEN_KEY_REQ, 262 .ops_index = ATTR_OPS_INDEX_BIGNUM, 263 RAW_DATA(struct dh_keypair, p) 264 }, 265 266 { 267 .attr_id = TEE_ATTR_DH_BASE, 268 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 269 .ops_index = ATTR_OPS_INDEX_BIGNUM, 270 RAW_DATA(struct dh_keypair, g) 271 }, 272 273 { 274 .attr_id = TEE_ATTR_DH_PUBLIC_VALUE, 275 .flags = TEE_TYPE_ATTR_REQUIRED, 276 .ops_index = ATTR_OPS_INDEX_BIGNUM, 277 RAW_DATA(struct dh_keypair, y) 278 }, 279 280 { 281 .attr_id = TEE_ATTR_DH_PRIVATE_VALUE, 282 .flags = TEE_TYPE_ATTR_REQUIRED, 283 .ops_index = ATTR_OPS_INDEX_BIGNUM, 284 RAW_DATA(struct dh_keypair, x) 285 }, 286 287 { 288 .attr_id = TEE_ATTR_DH_SUBPRIME, 289 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP | TEE_TYPE_ATTR_GEN_KEY_OPT, 290 .ops_index = ATTR_OPS_INDEX_BIGNUM, 291 RAW_DATA(struct dh_keypair, q) 292 }, 293 294 { 295 .attr_id = TEE_ATTR_DH_X_BITS, 296 .flags = TEE_TYPE_ATTR_GEN_KEY_OPT, 297 .ops_index = ATTR_OPS_INDEX_VALUE, 298 RAW_DATA(struct dh_keypair, xbits) 299 }, 300 }; 301 302 #if defined(CFG_CRYPTO_HKDF) 303 static const struct tee_cryp_obj_type_attrs 304 tee_cryp_obj_hkdf_ikm_attrs[] = { 305 { 306 .attr_id = TEE_ATTR_HKDF_IKM, 307 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 308 .ops_index = ATTR_OPS_INDEX_SECRET, 309 .raw_offs = 0, 310 .raw_size = 0 311 }, 312 }; 313 #endif 314 315 #if defined(CFG_CRYPTO_CONCAT_KDF) 316 static const struct tee_cryp_obj_type_attrs 317 tee_cryp_obj_concat_kdf_z_attrs[] = { 318 { 319 .attr_id = TEE_ATTR_CONCAT_KDF_Z, 320 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 321 .ops_index = ATTR_OPS_INDEX_SECRET, 322 .raw_offs = 0, 323 .raw_size = 0 324 }, 325 }; 326 #endif 327 328 #if defined(CFG_CRYPTO_PBKDF2) 329 static const struct tee_cryp_obj_type_attrs 330 tee_cryp_obj_pbkdf2_passwd_attrs[] = { 331 { 332 .attr_id = TEE_ATTR_PBKDF2_PASSWORD, 333 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 334 .ops_index = ATTR_OPS_INDEX_SECRET, 335 .raw_offs = 0, 336 .raw_size = 0 337 }, 338 }; 339 #endif 340 341 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_ecc_pub_key_attrs[] = { 342 { 343 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_X, 344 .flags = TEE_TYPE_ATTR_REQUIRED, 345 .ops_index = ATTR_OPS_INDEX_BIGNUM, 346 RAW_DATA(struct ecc_public_key, x) 347 }, 348 349 { 350 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_Y, 351 .flags = TEE_TYPE_ATTR_REQUIRED, 352 .ops_index = ATTR_OPS_INDEX_BIGNUM, 353 RAW_DATA(struct ecc_public_key, y) 354 }, 355 356 { 357 .attr_id = TEE_ATTR_ECC_CURVE, 358 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 359 .ops_index = ATTR_OPS_INDEX_VALUE, 360 RAW_DATA(struct ecc_public_key, curve) 361 }, 362 }; 363 364 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_ecc_keypair_attrs[] = { 365 { 366 .attr_id = TEE_ATTR_ECC_PRIVATE_VALUE, 367 .flags = TEE_TYPE_ATTR_REQUIRED, 368 .ops_index = ATTR_OPS_INDEX_BIGNUM, 369 RAW_DATA(struct ecc_keypair, d) 370 }, 371 372 { 373 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_X, 374 .flags = TEE_TYPE_ATTR_REQUIRED, 375 .ops_index = ATTR_OPS_INDEX_BIGNUM, 376 RAW_DATA(struct ecc_keypair, x) 377 }, 378 379 { 380 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_Y, 381 .flags = TEE_TYPE_ATTR_REQUIRED, 382 .ops_index = ATTR_OPS_INDEX_BIGNUM, 383 RAW_DATA(struct ecc_keypair, y) 384 }, 385 386 { 387 .attr_id = TEE_ATTR_ECC_CURVE, 388 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 389 TEE_TYPE_ATTR_GEN_KEY_REQ, 390 .ops_index = ATTR_OPS_INDEX_VALUE, 391 RAW_DATA(struct ecc_keypair, curve) 392 }, 393 }; 394 395 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_sm2_pub_key_attrs[] = { 396 { 397 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_X, 398 .flags = TEE_TYPE_ATTR_REQUIRED, 399 .ops_index = ATTR_OPS_INDEX_BIGNUM, 400 RAW_DATA(struct ecc_public_key, x) 401 }, 402 403 { 404 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_Y, 405 .flags = TEE_TYPE_ATTR_REQUIRED, 406 .ops_index = ATTR_OPS_INDEX_BIGNUM, 407 RAW_DATA(struct ecc_public_key, y) 408 }, 409 }; 410 411 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_sm2_keypair_attrs[] = { 412 { 413 .attr_id = TEE_ATTR_ECC_PRIVATE_VALUE, 414 .flags = TEE_TYPE_ATTR_REQUIRED, 415 .ops_index = ATTR_OPS_INDEX_BIGNUM, 416 RAW_DATA(struct ecc_keypair, d) 417 }, 418 419 { 420 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_X, 421 .flags = TEE_TYPE_ATTR_REQUIRED, 422 .ops_index = ATTR_OPS_INDEX_BIGNUM, 423 RAW_DATA(struct ecc_keypair, x) 424 }, 425 426 { 427 .attr_id = TEE_ATTR_ECC_PUBLIC_VALUE_Y, 428 .flags = TEE_TYPE_ATTR_REQUIRED, 429 .ops_index = ATTR_OPS_INDEX_BIGNUM, 430 RAW_DATA(struct ecc_keypair, y) 431 }, 432 }; 433 434 static 435 const struct tee_cryp_obj_type_attrs tee_cryp_obj_x25519_keypair_attrs[] = { 436 { 437 .attr_id = TEE_ATTR_X25519_PRIVATE_VALUE, 438 .flags = TEE_TYPE_ATTR_REQUIRED, 439 .ops_index = ATTR_OPS_INDEX_25519, 440 RAW_DATA(struct x25519_keypair, priv) 441 }, 442 443 { 444 .attr_id = TEE_ATTR_X25519_PUBLIC_VALUE, 445 .flags = TEE_TYPE_ATTR_REQUIRED, 446 .ops_index = ATTR_OPS_INDEX_25519, 447 RAW_DATA(struct x25519_keypair, pub) 448 }, 449 }; 450 451 static 452 const struct tee_cryp_obj_type_attrs tee_cryp_obj_ed25519_pub_key_attrs[] = { 453 { 454 .attr_id = TEE_ATTR_ED25519_PUBLIC_VALUE, 455 .flags = TEE_TYPE_ATTR_REQUIRED, 456 .ops_index = ATTR_OPS_INDEX_25519, 457 RAW_DATA(struct ed25519_public_key, pub) 458 }, 459 }; 460 461 static 462 const struct tee_cryp_obj_type_attrs tee_cryp_obj_ed25519_keypair_attrs[] = { 463 { 464 .attr_id = TEE_ATTR_ED25519_PRIVATE_VALUE, 465 .flags = TEE_TYPE_ATTR_REQUIRED, 466 .ops_index = ATTR_OPS_INDEX_25519, 467 RAW_DATA(struct ed25519_keypair, priv) 468 }, 469 470 { 471 .attr_id = TEE_ATTR_ED25519_PUBLIC_VALUE, 472 .flags = TEE_TYPE_ATTR_REQUIRED, 473 .ops_index = ATTR_OPS_INDEX_25519, 474 RAW_DATA(struct ed25519_keypair, pub) 475 }, 476 }; 477 478 struct tee_cryp_obj_type_props { 479 TEE_ObjectType obj_type; 480 uint16_t min_size; /* may not be smaller than this */ 481 uint16_t max_size; /* may not be larger than this */ 482 uint16_t alloc_size; /* this many bytes are allocated to hold data */ 483 uint8_t quanta; /* may only be an multiple of this */ 484 485 uint8_t num_type_attrs; 486 const struct tee_cryp_obj_type_attrs *type_attrs; 487 }; 488 489 #define PROP(obj_type, quanta, min_size, max_size, alloc_size, type_attrs) \ 490 { (obj_type), (min_size), (max_size), (alloc_size), (quanta), \ 491 ARRAY_SIZE(type_attrs), (type_attrs) } 492 493 static const struct tee_cryp_obj_type_props tee_cryp_obj_props[] = { 494 PROP(TEE_TYPE_AES, 64, 128, 256, /* valid sizes 128, 192, 256 */ 495 256 / 8 + sizeof(struct tee_cryp_obj_secret), 496 tee_cryp_obj_secret_value_attrs), 497 PROP(TEE_TYPE_DES, 64, 64, 64, 498 /* Valid size 64 with parity */ 499 64 / 8 + sizeof(struct tee_cryp_obj_secret), 500 tee_cryp_obj_secret_value_attrs), 501 PROP(TEE_TYPE_DES3, 64, 128, 192, 502 /* Valid sizes 128, 192 with parity */ 503 192 / 8 + sizeof(struct tee_cryp_obj_secret), 504 tee_cryp_obj_secret_value_attrs), 505 PROP(TEE_TYPE_SM4, 128, 128, 128, 506 128 / 8 + sizeof(struct tee_cryp_obj_secret), 507 tee_cryp_obj_secret_value_attrs), 508 PROP(TEE_TYPE_HMAC_MD5, 8, 64, 512, 509 512 / 8 + sizeof(struct tee_cryp_obj_secret), 510 tee_cryp_obj_secret_value_attrs), 511 #if defined(CFG_HMAC_64_1024_RANGE) 512 PROP(TEE_TYPE_HMAC_SHA1, 8, 64, 1024, 513 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 514 tee_cryp_obj_secret_value_attrs), 515 PROP(TEE_TYPE_HMAC_SHA224, 8, 64, 1024, 516 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 517 tee_cryp_obj_secret_value_attrs), 518 PROP(TEE_TYPE_HMAC_SHA256, 8, 64, 1024, 519 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 520 tee_cryp_obj_secret_value_attrs), 521 PROP(TEE_TYPE_HMAC_SHA384, 8, 64, 1024, 522 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 523 tee_cryp_obj_secret_value_attrs), 524 PROP(TEE_TYPE_HMAC_SHA512, 8, 64, 1024, 525 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 526 tee_cryp_obj_secret_value_attrs), 527 #else 528 PROP(TEE_TYPE_HMAC_SHA1, 8, 80, 512, 529 512 / 8 + sizeof(struct tee_cryp_obj_secret), 530 tee_cryp_obj_secret_value_attrs), 531 PROP(TEE_TYPE_HMAC_SHA224, 8, 112, 512, 532 512 / 8 + sizeof(struct tee_cryp_obj_secret), 533 tee_cryp_obj_secret_value_attrs), 534 PROP(TEE_TYPE_HMAC_SHA256, 8, 192, 1024, 535 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 536 tee_cryp_obj_secret_value_attrs), 537 PROP(TEE_TYPE_HMAC_SHA384, 8, 256, 1024, 538 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 539 tee_cryp_obj_secret_value_attrs), 540 PROP(TEE_TYPE_HMAC_SHA512, 8, 256, 1024, 541 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 542 tee_cryp_obj_secret_value_attrs), 543 #endif 544 PROP(TEE_TYPE_HMAC_SHA3_224, 8, 192, 1024, 545 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 546 tee_cryp_obj_secret_value_attrs), 547 PROP(TEE_TYPE_HMAC_SHA3_256, 8, 256, 1024, 548 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 549 tee_cryp_obj_secret_value_attrs), 550 PROP(TEE_TYPE_HMAC_SHA3_384, 8, 256, 1024, 551 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 552 tee_cryp_obj_secret_value_attrs), 553 PROP(TEE_TYPE_HMAC_SHA3_512, 8, 256, 1024, 554 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 555 tee_cryp_obj_secret_value_attrs), 556 PROP(TEE_TYPE_HMAC_SM3, 8, 80, 1024, 557 512 / 8 + sizeof(struct tee_cryp_obj_secret), 558 tee_cryp_obj_secret_value_attrs), 559 PROP(TEE_TYPE_GENERIC_SECRET, 8, 0, 4096, 560 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 561 tee_cryp_obj_secret_value_attrs), 562 #if defined(CFG_CRYPTO_HKDF) 563 PROP(TEE_TYPE_HKDF_IKM, 8, 0, 4096, 564 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 565 tee_cryp_obj_hkdf_ikm_attrs), 566 #endif 567 #if defined(CFG_CRYPTO_CONCAT_KDF) 568 PROP(TEE_TYPE_CONCAT_KDF_Z, 8, 0, 4096, 569 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 570 tee_cryp_obj_concat_kdf_z_attrs), 571 #endif 572 #if defined(CFG_CRYPTO_PBKDF2) 573 PROP(TEE_TYPE_PBKDF2_PASSWORD, 8, 0, 4096, 574 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 575 tee_cryp_obj_pbkdf2_passwd_attrs), 576 #endif 577 PROP(TEE_TYPE_RSA_PUBLIC_KEY, 1, 256, CFG_CORE_BIGNUM_MAX_BITS, 578 sizeof(struct rsa_public_key), 579 tee_cryp_obj_rsa_pub_key_attrs), 580 581 PROP(TEE_TYPE_RSA_KEYPAIR, 1, 256, CFG_CORE_BIGNUM_MAX_BITS, 582 sizeof(struct rsa_keypair), 583 tee_cryp_obj_rsa_keypair_attrs), 584 585 PROP(TEE_TYPE_DSA_PUBLIC_KEY, 64, 512, 3072, 586 sizeof(struct dsa_public_key), 587 tee_cryp_obj_dsa_pub_key_attrs), 588 589 PROP(TEE_TYPE_DSA_KEYPAIR, 64, 512, 3072, 590 sizeof(struct dsa_keypair), 591 tee_cryp_obj_dsa_keypair_attrs), 592 593 PROP(TEE_TYPE_DH_KEYPAIR, 1, 256, 2048, 594 sizeof(struct dh_keypair), 595 tee_cryp_obj_dh_keypair_attrs), 596 597 PROP(TEE_TYPE_ECDSA_PUBLIC_KEY, 1, 192, 521, 598 sizeof(struct ecc_public_key), 599 tee_cryp_obj_ecc_pub_key_attrs), 600 601 PROP(TEE_TYPE_ECDSA_KEYPAIR, 1, 192, 521, 602 sizeof(struct ecc_keypair), 603 tee_cryp_obj_ecc_keypair_attrs), 604 605 PROP(TEE_TYPE_ECDH_PUBLIC_KEY, 1, 192, 521, 606 sizeof(struct ecc_public_key), 607 tee_cryp_obj_ecc_pub_key_attrs), 608 609 PROP(TEE_TYPE_ECDH_KEYPAIR, 1, 192, 521, 610 sizeof(struct ecc_keypair), 611 tee_cryp_obj_ecc_keypair_attrs), 612 613 PROP(TEE_TYPE_SM2_DSA_PUBLIC_KEY, 1, 256, 256, 614 sizeof(struct ecc_public_key), 615 tee_cryp_obj_sm2_pub_key_attrs), 616 617 PROP(TEE_TYPE_SM2_DSA_KEYPAIR, 1, 256, 256, 618 sizeof(struct ecc_keypair), 619 tee_cryp_obj_sm2_keypair_attrs), 620 621 PROP(TEE_TYPE_SM2_PKE_PUBLIC_KEY, 1, 256, 256, 622 sizeof(struct ecc_public_key), 623 tee_cryp_obj_sm2_pub_key_attrs), 624 625 PROP(TEE_TYPE_SM2_PKE_KEYPAIR, 1, 256, 256, 626 sizeof(struct ecc_keypair), 627 tee_cryp_obj_sm2_keypair_attrs), 628 629 PROP(TEE_TYPE_SM2_KEP_PUBLIC_KEY, 1, 256, 256, 630 sizeof(struct ecc_public_key), 631 tee_cryp_obj_sm2_pub_key_attrs), 632 633 PROP(TEE_TYPE_SM2_KEP_KEYPAIR, 1, 256, 256, 634 sizeof(struct ecc_keypair), 635 tee_cryp_obj_sm2_keypair_attrs), 636 637 PROP(TEE_TYPE_X25519_KEYPAIR, 1, 256, 256, 638 sizeof(struct x25519_keypair), 639 tee_cryp_obj_x25519_keypair_attrs), 640 641 PROP(TEE_TYPE_ED25519_PUBLIC_KEY, 1, 256, 256, 642 sizeof(struct ed25519_public_key), 643 tee_cryp_obj_ed25519_pub_key_attrs), 644 645 PROP(TEE_TYPE_ED25519_KEYPAIR, 1, 256, 256, 646 sizeof(struct ed25519_keypair), 647 tee_cryp_obj_ed25519_keypair_attrs), 648 }; 649 650 struct attr_ops { 651 TEE_Result (*from_user)(void *attr, const void *buffer, size_t size); 652 TEE_Result (*to_user)(void *attr, struct ts_session *sess, 653 void *buffer, uint64_t *size); 654 TEE_Result (*to_binary)(void *attr, void *data, size_t data_len, 655 size_t *offs); 656 bool (*from_binary)(void *attr, const void *data, size_t data_len, 657 size_t *offs); 658 TEE_Result (*from_obj)(void *attr, void *src_attr); 659 void (*free)(void *attr); 660 void (*clear)(void *attr); 661 }; 662 663 static TEE_Result op_u32_to_binary_helper(uint32_t v, uint8_t *data, 664 size_t data_len, size_t *offs) 665 { 666 uint32_t field; 667 size_t next_offs; 668 669 if (ADD_OVERFLOW(*offs, sizeof(field), &next_offs)) 670 return TEE_ERROR_OVERFLOW; 671 672 if (data && next_offs <= data_len) { 673 field = TEE_U32_TO_BIG_ENDIAN(v); 674 memcpy(data + *offs, &field, sizeof(field)); 675 } 676 (*offs) = next_offs; 677 678 return TEE_SUCCESS; 679 } 680 681 static bool op_u32_from_binary_helper(uint32_t *v, const uint8_t *data, 682 size_t data_len, size_t *offs) 683 { 684 uint32_t field; 685 686 if (!data || (*offs + sizeof(field)) > data_len) 687 return false; 688 689 memcpy(&field, data + *offs, sizeof(field)); 690 *v = TEE_U32_FROM_BIG_ENDIAN(field); 691 (*offs) += sizeof(field); 692 return true; 693 } 694 695 static TEE_Result op_attr_secret_value_from_user(void *attr, const void *buffer, 696 size_t size) 697 { 698 TEE_Result res = TEE_SUCCESS; 699 struct tee_cryp_obj_secret *key = attr; 700 701 /* Data size has to fit in allocated buffer */ 702 if (size > key->alloc_size) 703 return TEE_ERROR_SECURITY; 704 res = copy_from_user(key + 1, buffer, size); 705 if (!res) 706 key->key_size = size; 707 708 return res; 709 } 710 711 static TEE_Result op_attr_secret_value_to_user(void *attr, 712 struct ts_session *sess __unused, 713 void *buffer, uint64_t *size) 714 { 715 TEE_Result res; 716 struct tee_cryp_obj_secret *key = attr; 717 uint64_t s; 718 uint64_t key_size; 719 720 res = copy_from_user(&s, size, sizeof(s)); 721 if (res != TEE_SUCCESS) 722 return res; 723 724 key_size = key->key_size; 725 res = copy_to_user(size, &key_size, sizeof(key_size)); 726 if (res != TEE_SUCCESS) 727 return res; 728 729 if (s < key->key_size || !buffer) 730 return TEE_ERROR_SHORT_BUFFER; 731 732 return copy_to_user(buffer, key + 1, key->key_size); 733 } 734 735 static TEE_Result op_attr_secret_value_to_binary(void *attr, void *data, 736 size_t data_len, size_t *offs) 737 { 738 TEE_Result res; 739 struct tee_cryp_obj_secret *key = attr; 740 size_t next_offs; 741 742 res = op_u32_to_binary_helper(key->key_size, data, data_len, offs); 743 if (res != TEE_SUCCESS) 744 return res; 745 746 if (ADD_OVERFLOW(*offs, key->key_size, &next_offs)) 747 return TEE_ERROR_OVERFLOW; 748 749 if (data && next_offs <= data_len) 750 memcpy((uint8_t *)data + *offs, key + 1, key->key_size); 751 (*offs) = next_offs; 752 753 return TEE_SUCCESS; 754 } 755 756 static bool op_attr_secret_value_from_binary(void *attr, const void *data, 757 size_t data_len, size_t *offs) 758 { 759 struct tee_cryp_obj_secret *key = attr; 760 uint32_t s; 761 762 if (!op_u32_from_binary_helper(&s, data, data_len, offs)) 763 return false; 764 765 if ((*offs + s) > data_len) 766 return false; 767 768 /* Data size has to fit in allocated buffer */ 769 if (s > key->alloc_size) 770 return false; 771 key->key_size = s; 772 memcpy(key + 1, (const uint8_t *)data + *offs, s); 773 (*offs) += s; 774 return true; 775 } 776 777 778 static TEE_Result op_attr_secret_value_from_obj(void *attr, void *src_attr) 779 { 780 struct tee_cryp_obj_secret *key = attr; 781 struct tee_cryp_obj_secret *src_key = src_attr; 782 783 if (src_key->key_size > key->alloc_size) 784 return TEE_ERROR_BAD_STATE; 785 memcpy(key + 1, src_key + 1, src_key->key_size); 786 key->key_size = src_key->key_size; 787 return TEE_SUCCESS; 788 } 789 790 static void op_attr_secret_value_clear(void *attr) 791 { 792 struct tee_cryp_obj_secret *key = attr; 793 794 key->key_size = 0; 795 memzero_explicit(key + 1, key->alloc_size); 796 } 797 798 static TEE_Result op_attr_bignum_from_user(void *attr, const void *buffer, 799 size_t size) 800 { 801 TEE_Result res = TEE_SUCCESS; 802 struct bignum **bn = attr; 803 void *bbuf = NULL; 804 805 res = bb_memdup_user(buffer, size, &bbuf); 806 if (res) 807 return res; 808 809 res = crypto_bignum_bin2bn(bbuf, size, *bn); 810 811 bb_free(bbuf, size); 812 813 return res; 814 } 815 816 static TEE_Result op_attr_bignum_to_user(void *attr, 817 struct ts_session *sess __unused, 818 void *buffer, uint64_t *size) 819 { 820 TEE_Result res = TEE_SUCCESS; 821 struct bignum **bn = attr; 822 uint64_t req_size = 0; 823 uint64_t s = 0; 824 void *bbuf = NULL; 825 826 res = copy_from_user(&s, size, sizeof(s)); 827 if (res != TEE_SUCCESS) 828 return res; 829 830 req_size = crypto_bignum_num_bytes(*bn); 831 res = copy_to_user(size, &req_size, sizeof(req_size)); 832 if (res != TEE_SUCCESS) 833 return res; 834 if (!req_size) 835 return TEE_SUCCESS; 836 if (s < req_size || !buffer) 837 return TEE_ERROR_SHORT_BUFFER; 838 839 bbuf = bb_alloc(req_size); 840 if (!bbuf) 841 return TEE_ERROR_OUT_OF_MEMORY; 842 843 /* 844 * Write the bignum (wich raw data points to) into an array of 845 * bytes (stored in buffer) 846 */ 847 crypto_bignum_bn2bin(*bn, bbuf); 848 res = copy_to_user(buffer, bbuf, req_size); 849 850 bb_free(bbuf, req_size); 851 return res; 852 } 853 854 static TEE_Result op_attr_bignum_to_binary(void *attr, void *data, 855 size_t data_len, size_t *offs) 856 { 857 TEE_Result res; 858 struct bignum **bn = attr; 859 uint32_t n = crypto_bignum_num_bytes(*bn); 860 size_t next_offs; 861 862 res = op_u32_to_binary_helper(n, data, data_len, offs); 863 if (res != TEE_SUCCESS) 864 return res; 865 866 if (ADD_OVERFLOW(*offs, n, &next_offs)) 867 return TEE_ERROR_OVERFLOW; 868 869 if (data && next_offs <= data_len) 870 crypto_bignum_bn2bin(*bn, (uint8_t *)data + *offs); 871 (*offs) = next_offs; 872 873 return TEE_SUCCESS; 874 } 875 876 static bool op_attr_bignum_from_binary(void *attr, const void *data, 877 size_t data_len, size_t *offs) 878 { 879 struct bignum **bn = attr; 880 uint32_t n; 881 882 if (!op_u32_from_binary_helper(&n, data, data_len, offs)) 883 return false; 884 885 if ((*offs + n) > data_len) 886 return false; 887 if (crypto_bignum_bin2bn((const uint8_t *)data + *offs, n, *bn)) 888 return false; 889 (*offs) += n; 890 return true; 891 } 892 893 static TEE_Result op_attr_bignum_from_obj(void *attr, void *src_attr) 894 { 895 struct bignum **bn = attr; 896 struct bignum **src_bn = src_attr; 897 898 crypto_bignum_copy(*bn, *src_bn); 899 return TEE_SUCCESS; 900 } 901 902 static void op_attr_bignum_clear(void *attr) 903 { 904 struct bignum **bn = attr; 905 906 crypto_bignum_clear(*bn); 907 } 908 909 static void op_attr_bignum_free(void *attr) 910 { 911 struct bignum **bn = attr; 912 913 crypto_bignum_free(bn); 914 } 915 916 static TEE_Result op_attr_value_from_user(void *attr, const void *buffer, 917 size_t size) 918 { 919 uint32_t *v = attr; 920 921 if (size != sizeof(uint32_t) * 2) 922 return TEE_ERROR_GENERIC; /* "can't happen */ 923 924 /* Note that only the first value is copied */ 925 memcpy(v, buffer, sizeof(uint32_t)); 926 return TEE_SUCCESS; 927 } 928 929 static TEE_Result op_attr_value_to_user(void *attr, 930 struct ts_session *sess __unused, 931 void *buffer, uint64_t *size) 932 { 933 TEE_Result res; 934 uint32_t *v = attr; 935 uint64_t s; 936 uint32_t value[2] = { *v }; 937 uint64_t req_size = sizeof(value); 938 939 res = copy_from_user(&s, size, sizeof(s)); 940 if (res != TEE_SUCCESS) 941 return res; 942 943 if (s < req_size || !buffer) 944 return TEE_ERROR_SHORT_BUFFER; 945 946 return copy_to_user(buffer, value, req_size); 947 } 948 949 static TEE_Result op_attr_value_to_binary(void *attr, void *data, 950 size_t data_len, size_t *offs) 951 { 952 uint32_t *v = attr; 953 954 return op_u32_to_binary_helper(*v, data, data_len, offs); 955 } 956 957 static bool op_attr_value_from_binary(void *attr, const void *data, 958 size_t data_len, size_t *offs) 959 { 960 uint32_t *v = attr; 961 962 return op_u32_from_binary_helper(v, data, data_len, offs); 963 } 964 965 static TEE_Result op_attr_value_from_obj(void *attr, void *src_attr) 966 { 967 uint32_t *v = attr; 968 uint32_t *src_v = src_attr; 969 970 *v = *src_v; 971 return TEE_SUCCESS; 972 } 973 974 static void op_attr_value_clear(void *attr) 975 { 976 uint32_t *v = attr; 977 978 *v = 0; 979 } 980 981 static TEE_Result op_attr_25519_from_user(void *attr, const void *buffer, 982 size_t size) 983 { 984 uint8_t **key = attr; 985 986 if (size != KEY_SIZE_BYTES_25519 || !*key) 987 return TEE_ERROR_SECURITY; 988 989 return copy_from_user(*key, buffer, size); 990 } 991 992 static TEE_Result op_attr_25519_to_user(void *attr, 993 struct ts_session *sess __unused, 994 void *buffer, uint64_t *size) 995 { 996 TEE_Result res = TEE_ERROR_GENERIC; 997 uint8_t **key = attr; 998 uint64_t s = 0; 999 uint64_t key_size = (uint64_t)KEY_SIZE_BYTES_25519; 1000 1001 res = copy_from_user(&s, size, sizeof(s)); 1002 if (res != TEE_SUCCESS) 1003 return res; 1004 1005 res = copy_to_user(size, &key_size, sizeof(key_size)); 1006 if (res != TEE_SUCCESS) 1007 return res; 1008 1009 if (s < key_size || !buffer) 1010 return TEE_ERROR_SHORT_BUFFER; 1011 1012 return copy_to_user(buffer, *key, key_size); 1013 } 1014 1015 static TEE_Result op_attr_25519_to_binary(void *attr, void *data, 1016 size_t data_len, size_t *offs) 1017 { 1018 TEE_Result res = TEE_ERROR_GENERIC; 1019 uint8_t **key = attr; 1020 size_t next_offs = 0; 1021 uint64_t key_size = (uint64_t)KEY_SIZE_BYTES_25519; 1022 1023 res = op_u32_to_binary_helper(key_size, data, data_len, offs); 1024 if (res != TEE_SUCCESS) 1025 return res; 1026 1027 if (ADD_OVERFLOW(*offs, key_size, &next_offs)) 1028 return TEE_ERROR_OVERFLOW; 1029 1030 if (data && next_offs <= data_len) 1031 memcpy((uint8_t *)data + *offs, *key, key_size); 1032 *offs = next_offs; 1033 1034 return TEE_SUCCESS; 1035 } 1036 1037 static bool op_attr_25519_from_binary(void *attr, const void *data, 1038 size_t data_len, size_t *offs) 1039 { 1040 uint8_t **key = attr; 1041 uint32_t s = 0; 1042 1043 if (!op_u32_from_binary_helper(&s, data, data_len, offs)) 1044 return false; 1045 1046 if (*offs + s > data_len) 1047 return false; 1048 1049 if (s > (uint32_t)KEY_SIZE_BYTES_25519) 1050 return false; 1051 1052 memcpy(*key, (const uint8_t *)data + *offs, s); 1053 *offs += s; 1054 return true; 1055 } 1056 1057 static TEE_Result op_attr_25519_from_obj(void *attr, void *src_attr) 1058 { 1059 uint8_t **key = attr; 1060 uint8_t **src_key = src_attr; 1061 1062 if (!*key || !*src_key) 1063 return TEE_ERROR_SECURITY; 1064 1065 memcpy(*key, *src_key, KEY_SIZE_BYTES_25519); 1066 1067 return TEE_SUCCESS; 1068 } 1069 1070 static void op_attr_25519_clear(void *attr) 1071 { 1072 uint8_t **key = attr; 1073 1074 assert(*key); 1075 1076 memzero_explicit(*key, KEY_SIZE_BYTES_25519); 1077 } 1078 1079 static void op_attr_25519_free(void *attr) 1080 { 1081 uint8_t **key = attr; 1082 1083 op_attr_25519_clear(attr); 1084 free(*key); 1085 } 1086 1087 static const struct attr_ops attr_ops[] = { 1088 [ATTR_OPS_INDEX_SECRET] = { 1089 .from_user = op_attr_secret_value_from_user, 1090 .to_user = op_attr_secret_value_to_user, 1091 .to_binary = op_attr_secret_value_to_binary, 1092 .from_binary = op_attr_secret_value_from_binary, 1093 .from_obj = op_attr_secret_value_from_obj, 1094 .free = op_attr_secret_value_clear, /* not a typo */ 1095 .clear = op_attr_secret_value_clear, 1096 }, 1097 [ATTR_OPS_INDEX_BIGNUM] = { 1098 .from_user = op_attr_bignum_from_user, 1099 .to_user = op_attr_bignum_to_user, 1100 .to_binary = op_attr_bignum_to_binary, 1101 .from_binary = op_attr_bignum_from_binary, 1102 .from_obj = op_attr_bignum_from_obj, 1103 .free = op_attr_bignum_free, 1104 .clear = op_attr_bignum_clear, 1105 }, 1106 [ATTR_OPS_INDEX_VALUE] = { 1107 .from_user = op_attr_value_from_user, 1108 .to_user = op_attr_value_to_user, 1109 .to_binary = op_attr_value_to_binary, 1110 .from_binary = op_attr_value_from_binary, 1111 .from_obj = op_attr_value_from_obj, 1112 .free = op_attr_value_clear, /* not a typo */ 1113 .clear = op_attr_value_clear, 1114 }, 1115 [ATTR_OPS_INDEX_25519] = { 1116 .from_user = op_attr_25519_from_user, 1117 .to_user = op_attr_25519_to_user, 1118 .to_binary = op_attr_25519_to_binary, 1119 .from_binary = op_attr_25519_from_binary, 1120 .from_obj = op_attr_25519_from_obj, 1121 .free = op_attr_25519_free, 1122 .clear = op_attr_25519_clear, 1123 }, 1124 }; 1125 1126 static TEE_Result get_user_u64_as_size_t(size_t *dst, uint64_t *src) 1127 { 1128 uint64_t d = 0; 1129 TEE_Result res = copy_from_user(&d, src, sizeof(d)); 1130 1131 /* 1132 * On 32-bit systems a size_t can't hold a uint64_t so we need to 1133 * check that the value isn't too large. 1134 */ 1135 if (!res && ADD_OVERFLOW(0, d, dst)) 1136 return TEE_ERROR_OVERFLOW; 1137 1138 return res; 1139 } 1140 1141 static TEE_Result put_user_u64(uint64_t *dst, size_t value) 1142 { 1143 uint64_t v = value; 1144 1145 return copy_to_user(dst, &v, sizeof(v)); 1146 } 1147 1148 TEE_Result syscall_cryp_obj_get_info(unsigned long obj, 1149 struct utee_object_info *info) 1150 { 1151 struct ts_session *sess = ts_get_current_session(); 1152 struct utee_object_info o_info = { }; 1153 TEE_Result res = TEE_SUCCESS; 1154 struct tee_obj *o = NULL; 1155 1156 res = tee_obj_get(to_user_ta_ctx(sess->ctx), 1157 uref_to_vaddr(obj), &o); 1158 if (res != TEE_SUCCESS) 1159 goto exit; 1160 1161 o_info.obj_type = o->info.objectType; 1162 o_info.obj_size = o->info.objectSize; 1163 o_info.max_obj_size = o->info.maxObjectSize; 1164 o_info.obj_usage = o->info.objectUsage; 1165 o_info.data_size = o->info.dataSize; 1166 o_info.data_pos = o->info.dataPosition; 1167 o_info.handle_flags = o->info.handleFlags; 1168 res = copy_to_user_private(info, &o_info, sizeof(o_info)); 1169 1170 exit: 1171 return res; 1172 } 1173 1174 TEE_Result syscall_cryp_obj_restrict_usage(unsigned long obj, 1175 unsigned long usage) 1176 { 1177 struct ts_session *sess = ts_get_current_session(); 1178 TEE_Result res = TEE_SUCCESS; 1179 struct tee_obj *o = NULL; 1180 1181 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 1182 if (res != TEE_SUCCESS) 1183 goto exit; 1184 1185 o->info.objectUsage &= usage; 1186 1187 exit: 1188 return res; 1189 } 1190 1191 static int tee_svc_cryp_obj_find_type_attr_idx( 1192 uint32_t attr_id, 1193 const struct tee_cryp_obj_type_props *type_props) 1194 { 1195 size_t n; 1196 1197 for (n = 0; n < type_props->num_type_attrs; n++) { 1198 if (attr_id == type_props->type_attrs[n].attr_id) 1199 return n; 1200 } 1201 return -1; 1202 } 1203 1204 static const struct tee_cryp_obj_type_props *tee_svc_find_type_props( 1205 TEE_ObjectType obj_type) 1206 { 1207 size_t n; 1208 1209 for (n = 0; n < ARRAY_SIZE(tee_cryp_obj_props); n++) { 1210 if (tee_cryp_obj_props[n].obj_type == obj_type) 1211 return tee_cryp_obj_props + n; 1212 } 1213 1214 return NULL; 1215 } 1216 1217 /* Set an attribute on an object */ 1218 static void set_attribute(struct tee_obj *o, 1219 const struct tee_cryp_obj_type_props *props, 1220 uint32_t attr) 1221 { 1222 int idx = tee_svc_cryp_obj_find_type_attr_idx(attr, props); 1223 1224 if (idx < 0) 1225 return; 1226 o->have_attrs |= BIT(idx); 1227 } 1228 1229 /* Get an attribute on an object */ 1230 static uint32_t get_attribute(const struct tee_obj *o, 1231 const struct tee_cryp_obj_type_props *props, 1232 uint32_t attr) 1233 { 1234 int idx = tee_svc_cryp_obj_find_type_attr_idx(attr, props); 1235 1236 if (idx < 0) 1237 return 0; 1238 return o->have_attrs & BIT(idx); 1239 } 1240 1241 TEE_Result syscall_cryp_obj_get_attr(unsigned long obj, unsigned long attr_id, 1242 void *buffer, uint64_t *size) 1243 { 1244 struct ts_session *sess = ts_get_current_session(); 1245 TEE_Result res = TEE_SUCCESS; 1246 struct tee_obj *o = NULL; 1247 const struct tee_cryp_obj_type_props *type_props = NULL; 1248 int idx = 0; 1249 const struct attr_ops *ops = NULL; 1250 void *attr = NULL; 1251 1252 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 1253 if (res != TEE_SUCCESS) 1254 return TEE_ERROR_ITEM_NOT_FOUND; 1255 1256 /* Check that the object is initialized */ 1257 if (!(o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED)) 1258 return TEE_ERROR_BAD_PARAMETERS; 1259 1260 /* Check that getting the attribute is allowed */ 1261 if (!(attr_id & TEE_ATTR_FLAG_PUBLIC) && 1262 !(o->info.objectUsage & TEE_USAGE_EXTRACTABLE)) 1263 return TEE_ERROR_BAD_PARAMETERS; 1264 1265 type_props = tee_svc_find_type_props(o->info.objectType); 1266 if (!type_props) { 1267 /* Unknown object type, "can't happen" */ 1268 return TEE_ERROR_BAD_STATE; 1269 } 1270 1271 idx = tee_svc_cryp_obj_find_type_attr_idx(attr_id, type_props); 1272 if ((idx < 0) || ((o->have_attrs & (1 << idx)) == 0)) 1273 return TEE_ERROR_ITEM_NOT_FOUND; 1274 1275 ops = attr_ops + type_props->type_attrs[idx].ops_index; 1276 attr = (uint8_t *)o->attr + type_props->type_attrs[idx].raw_offs; 1277 return ops->to_user(attr, sess, buffer, size); 1278 } 1279 1280 void tee_obj_attr_free(struct tee_obj *o) 1281 { 1282 const struct tee_cryp_obj_type_props *tp; 1283 size_t n; 1284 1285 if (!o->attr) 1286 return; 1287 tp = tee_svc_find_type_props(o->info.objectType); 1288 if (!tp) 1289 return; 1290 1291 for (n = 0; n < tp->num_type_attrs; n++) { 1292 const struct tee_cryp_obj_type_attrs *ta = tp->type_attrs + n; 1293 1294 attr_ops[ta->ops_index].free((uint8_t *)o->attr + ta->raw_offs); 1295 } 1296 } 1297 1298 void tee_obj_attr_clear(struct tee_obj *o) 1299 { 1300 const struct tee_cryp_obj_type_props *tp; 1301 size_t n; 1302 1303 if (!o->attr) 1304 return; 1305 tp = tee_svc_find_type_props(o->info.objectType); 1306 if (!tp) 1307 return; 1308 1309 for (n = 0; n < tp->num_type_attrs; n++) { 1310 const struct tee_cryp_obj_type_attrs *ta = tp->type_attrs + n; 1311 1312 attr_ops[ta->ops_index].clear((uint8_t *)o->attr + 1313 ta->raw_offs); 1314 } 1315 } 1316 1317 TEE_Result tee_obj_attr_to_binary(struct tee_obj *o, void *data, 1318 size_t *data_len) 1319 { 1320 const struct tee_cryp_obj_type_props *tp; 1321 size_t n; 1322 size_t offs = 0; 1323 size_t len = data ? *data_len : 0; 1324 TEE_Result res; 1325 1326 if (o->info.objectType == TEE_TYPE_DATA) { 1327 *data_len = 0; 1328 return TEE_SUCCESS; /* pure data object */ 1329 } 1330 if (!o->attr) 1331 return TEE_ERROR_BAD_STATE; 1332 tp = tee_svc_find_type_props(o->info.objectType); 1333 if (!tp) 1334 return TEE_ERROR_BAD_STATE; 1335 1336 for (n = 0; n < tp->num_type_attrs; n++) { 1337 const struct tee_cryp_obj_type_attrs *ta = tp->type_attrs + n; 1338 void *attr = (uint8_t *)o->attr + ta->raw_offs; 1339 1340 res = attr_ops[ta->ops_index].to_binary(attr, data, len, &offs); 1341 if (res != TEE_SUCCESS) 1342 return res; 1343 } 1344 1345 *data_len = offs; 1346 if (data && offs > len) 1347 return TEE_ERROR_SHORT_BUFFER; 1348 return TEE_SUCCESS; 1349 } 1350 1351 TEE_Result tee_obj_attr_from_binary(struct tee_obj *o, const void *data, 1352 size_t data_len) 1353 { 1354 const struct tee_cryp_obj_type_props *tp; 1355 size_t n; 1356 size_t offs = 0; 1357 1358 if (o->info.objectType == TEE_TYPE_DATA) 1359 return TEE_SUCCESS; /* pure data object */ 1360 if (!o->attr) 1361 return TEE_ERROR_BAD_STATE; 1362 tp = tee_svc_find_type_props(o->info.objectType); 1363 if (!tp) 1364 return TEE_ERROR_BAD_STATE; 1365 1366 for (n = 0; n < tp->num_type_attrs; n++) { 1367 const struct tee_cryp_obj_type_attrs *ta = tp->type_attrs + n; 1368 void *attr = (uint8_t *)o->attr + ta->raw_offs; 1369 1370 if (!attr_ops[ta->ops_index].from_binary(attr, data, data_len, 1371 &offs)) 1372 return TEE_ERROR_CORRUPT_OBJECT; 1373 } 1374 return TEE_SUCCESS; 1375 } 1376 1377 TEE_Result tee_obj_attr_copy_from(struct tee_obj *o, const struct tee_obj *src) 1378 { 1379 TEE_Result res; 1380 const struct tee_cryp_obj_type_props *tp; 1381 const struct tee_cryp_obj_type_attrs *ta; 1382 size_t n; 1383 uint32_t have_attrs = 0; 1384 void *attr; 1385 void *src_attr; 1386 1387 if (o->info.objectType == TEE_TYPE_DATA) 1388 return TEE_SUCCESS; /* pure data object */ 1389 if (!o->attr) 1390 return TEE_ERROR_BAD_STATE; 1391 tp = tee_svc_find_type_props(o->info.objectType); 1392 if (!tp) 1393 return TEE_ERROR_BAD_STATE; 1394 1395 if (o->info.objectType == src->info.objectType) { 1396 have_attrs = src->have_attrs; 1397 for (n = 0; n < tp->num_type_attrs; n++) { 1398 ta = tp->type_attrs + n; 1399 attr = (uint8_t *)o->attr + ta->raw_offs; 1400 src_attr = (uint8_t *)src->attr + ta->raw_offs; 1401 res = attr_ops[ta->ops_index].from_obj(attr, src_attr); 1402 if (res != TEE_SUCCESS) 1403 return res; 1404 } 1405 } else { 1406 const struct tee_cryp_obj_type_props *tp_src; 1407 int idx; 1408 1409 if (o->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY) { 1410 if (src->info.objectType != TEE_TYPE_RSA_KEYPAIR) 1411 return TEE_ERROR_BAD_PARAMETERS; 1412 } else if (o->info.objectType == TEE_TYPE_DSA_PUBLIC_KEY) { 1413 if (src->info.objectType != TEE_TYPE_DSA_KEYPAIR) 1414 return TEE_ERROR_BAD_PARAMETERS; 1415 } else if (o->info.objectType == TEE_TYPE_ECDSA_PUBLIC_KEY) { 1416 if (src->info.objectType != TEE_TYPE_ECDSA_KEYPAIR) 1417 return TEE_ERROR_BAD_PARAMETERS; 1418 } else if (o->info.objectType == TEE_TYPE_ECDH_PUBLIC_KEY) { 1419 if (src->info.objectType != TEE_TYPE_ECDH_KEYPAIR) 1420 return TEE_ERROR_BAD_PARAMETERS; 1421 } else if (o->info.objectType == TEE_TYPE_SM2_DSA_PUBLIC_KEY) { 1422 if (src->info.objectType != TEE_TYPE_SM2_DSA_KEYPAIR) 1423 return TEE_ERROR_BAD_PARAMETERS; 1424 } else if (o->info.objectType == TEE_TYPE_SM2_PKE_PUBLIC_KEY) { 1425 if (src->info.objectType != TEE_TYPE_SM2_PKE_KEYPAIR) 1426 return TEE_ERROR_BAD_PARAMETERS; 1427 } else if (o->info.objectType == TEE_TYPE_SM2_KEP_PUBLIC_KEY) { 1428 if (src->info.objectType != TEE_TYPE_SM2_KEP_KEYPAIR) 1429 return TEE_ERROR_BAD_PARAMETERS; 1430 } else if (o->info.objectType == TEE_TYPE_ED25519_PUBLIC_KEY) { 1431 if (src->info.objectType != TEE_TYPE_ED25519_KEYPAIR) 1432 return TEE_ERROR_BAD_PARAMETERS; 1433 } else if (o->info.objectType == TEE_TYPE_X25519_PUBLIC_KEY) { 1434 if (src->info.objectType != TEE_TYPE_X25519_KEYPAIR) 1435 return TEE_ERROR_BAD_PARAMETERS; 1436 } else { 1437 return TEE_ERROR_BAD_PARAMETERS; 1438 } 1439 1440 tp_src = tee_svc_find_type_props(src->info.objectType); 1441 if (!tp_src) 1442 return TEE_ERROR_BAD_STATE; 1443 1444 have_attrs = BIT32(tp->num_type_attrs) - 1; 1445 for (n = 0; n < tp->num_type_attrs; n++) { 1446 ta = tp->type_attrs + n; 1447 1448 idx = tee_svc_cryp_obj_find_type_attr_idx(ta->attr_id, 1449 tp_src); 1450 if (idx < 0) 1451 return TEE_ERROR_BAD_STATE; 1452 1453 attr = (uint8_t *)o->attr + ta->raw_offs; 1454 src_attr = (uint8_t *)src->attr + 1455 tp_src->type_attrs[idx].raw_offs; 1456 res = attr_ops[ta->ops_index].from_obj(attr, src_attr); 1457 if (res != TEE_SUCCESS) 1458 return res; 1459 } 1460 } 1461 1462 o->have_attrs = have_attrs; 1463 return TEE_SUCCESS; 1464 } 1465 1466 static bool is_gp_legacy_des_key_size(TEE_ObjectType type, size_t sz) 1467 { 1468 return IS_ENABLED(CFG_COMPAT_GP10_DES) && 1469 ((type == TEE_TYPE_DES && sz == 56) || 1470 (type == TEE_TYPE_DES3 && (sz == 112 || sz == 168))); 1471 } 1472 1473 static TEE_Result check_key_size(const struct tee_cryp_obj_type_props *props, 1474 size_t key_size) 1475 { 1476 size_t sz = key_size; 1477 1478 /* 1479 * In GP Internal API Specification 1.0 the partity bits aren't 1480 * counted when telling the size of the key in bits so add them 1481 * here if missing. 1482 */ 1483 if (is_gp_legacy_des_key_size(props->obj_type, sz)) 1484 sz += sz / 7; 1485 1486 if (sz % props->quanta != 0) 1487 return TEE_ERROR_NOT_SUPPORTED; 1488 if (sz < props->min_size) 1489 return TEE_ERROR_NOT_SUPPORTED; 1490 if (sz > props->max_size) 1491 return TEE_ERROR_NOT_SUPPORTED; 1492 1493 return TEE_SUCCESS; 1494 } 1495 1496 TEE_Result tee_obj_set_type(struct tee_obj *o, uint32_t obj_type, 1497 size_t max_key_size) 1498 { 1499 TEE_Result res = TEE_SUCCESS; 1500 const struct tee_cryp_obj_type_props *type_props; 1501 1502 /* Can only set type for newly allocated objs */ 1503 if (o->attr) 1504 return TEE_ERROR_BAD_STATE; 1505 1506 /* 1507 * Verify that maxObjectSize is supported and find out how 1508 * much should be allocated. 1509 */ 1510 1511 if (obj_type == TEE_TYPE_DATA) { 1512 if (max_key_size) 1513 return TEE_ERROR_NOT_SUPPORTED; 1514 } else { 1515 /* Find description of object */ 1516 type_props = tee_svc_find_type_props(obj_type); 1517 if (!type_props) 1518 return TEE_ERROR_NOT_SUPPORTED; 1519 1520 /* Check that max_key_size follows restrictions */ 1521 res = check_key_size(type_props, max_key_size); 1522 if (res) 1523 return res; 1524 1525 o->attr = calloc(1, type_props->alloc_size); 1526 if (!o->attr) 1527 return TEE_ERROR_OUT_OF_MEMORY; 1528 } 1529 1530 /* If we have a key structure, pre-allocate the bignums inside */ 1531 switch (obj_type) { 1532 case TEE_TYPE_RSA_PUBLIC_KEY: 1533 res = crypto_acipher_alloc_rsa_public_key(o->attr, 1534 max_key_size); 1535 break; 1536 case TEE_TYPE_RSA_KEYPAIR: 1537 res = crypto_acipher_alloc_rsa_keypair(o->attr, max_key_size); 1538 break; 1539 case TEE_TYPE_DSA_PUBLIC_KEY: 1540 res = crypto_acipher_alloc_dsa_public_key(o->attr, 1541 max_key_size); 1542 break; 1543 case TEE_TYPE_DSA_KEYPAIR: 1544 res = crypto_acipher_alloc_dsa_keypair(o->attr, max_key_size); 1545 break; 1546 case TEE_TYPE_DH_KEYPAIR: 1547 res = crypto_acipher_alloc_dh_keypair(o->attr, max_key_size); 1548 break; 1549 case TEE_TYPE_ECDSA_PUBLIC_KEY: 1550 case TEE_TYPE_ECDH_PUBLIC_KEY: 1551 case TEE_TYPE_SM2_DSA_PUBLIC_KEY: 1552 case TEE_TYPE_SM2_PKE_PUBLIC_KEY: 1553 case TEE_TYPE_SM2_KEP_PUBLIC_KEY: 1554 res = crypto_acipher_alloc_ecc_public_key(o->attr, obj_type, 1555 max_key_size); 1556 break; 1557 case TEE_TYPE_ECDSA_KEYPAIR: 1558 case TEE_TYPE_ECDH_KEYPAIR: 1559 case TEE_TYPE_SM2_DSA_KEYPAIR: 1560 case TEE_TYPE_SM2_PKE_KEYPAIR: 1561 case TEE_TYPE_SM2_KEP_KEYPAIR: 1562 res = crypto_acipher_alloc_ecc_keypair(o->attr, obj_type, 1563 max_key_size); 1564 break; 1565 case TEE_TYPE_X25519_KEYPAIR: 1566 res = crypto_acipher_alloc_x25519_keypair(o->attr, 1567 max_key_size); 1568 break; 1569 case TEE_TYPE_ED25519_KEYPAIR: 1570 res = crypto_acipher_alloc_ed25519_keypair(o->attr, 1571 max_key_size); 1572 break; 1573 case TEE_TYPE_ED25519_PUBLIC_KEY: 1574 res = crypto_acipher_alloc_ed25519_public_key(o->attr, 1575 max_key_size); 1576 break; 1577 default: 1578 if (obj_type != TEE_TYPE_DATA) { 1579 struct tee_cryp_obj_secret *key = o->attr; 1580 1581 key->alloc_size = type_props->alloc_size - 1582 sizeof(*key); 1583 } 1584 break; 1585 } 1586 1587 if (res != TEE_SUCCESS) 1588 return res; 1589 1590 o->info.objectType = obj_type; 1591 o->info.maxObjectSize = max_key_size; 1592 o->info.objectUsage = TEE_USAGE_DEFAULT; 1593 1594 return TEE_SUCCESS; 1595 } 1596 1597 TEE_Result syscall_cryp_obj_alloc(unsigned long obj_type, 1598 unsigned long max_key_size, uint32_t *obj) 1599 { 1600 struct ts_session *sess = ts_get_current_session(); 1601 TEE_Result res = TEE_SUCCESS; 1602 struct tee_obj *o = NULL; 1603 1604 1605 o = tee_obj_alloc(); 1606 if (!o) 1607 return TEE_ERROR_OUT_OF_MEMORY; 1608 1609 res = tee_obj_set_type(o, obj_type, max_key_size); 1610 if (res != TEE_SUCCESS) { 1611 tee_obj_free(o); 1612 return res; 1613 } 1614 1615 tee_obj_add(to_user_ta_ctx(sess->ctx), o); 1616 1617 res = copy_kaddr_to_uref(obj, o); 1618 if (res != TEE_SUCCESS) 1619 tee_obj_close(to_user_ta_ctx(sess->ctx), o); 1620 return res; 1621 } 1622 1623 TEE_Result syscall_cryp_obj_close(unsigned long obj) 1624 { 1625 struct ts_session *sess = ts_get_current_session(); 1626 TEE_Result res = TEE_SUCCESS; 1627 struct tee_obj *o = NULL; 1628 1629 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 1630 if (res != TEE_SUCCESS) 1631 return res; 1632 1633 /* 1634 * If it's busy it's used by an operation, a client should never have 1635 * this handle. 1636 */ 1637 if (o->busy) 1638 return TEE_ERROR_ITEM_NOT_FOUND; 1639 1640 tee_obj_close(to_user_ta_ctx(sess->ctx), o); 1641 return TEE_SUCCESS; 1642 } 1643 1644 TEE_Result syscall_cryp_obj_reset(unsigned long obj) 1645 { 1646 struct ts_session *sess = ts_get_current_session(); 1647 TEE_Result res = TEE_SUCCESS; 1648 struct tee_obj *o = NULL; 1649 1650 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 1651 if (res != TEE_SUCCESS) 1652 return res; 1653 1654 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) == 0) { 1655 tee_obj_attr_clear(o); 1656 o->info.objectSize = 0; 1657 o->info.objectUsage = TEE_USAGE_DEFAULT; 1658 } else { 1659 return TEE_ERROR_BAD_PARAMETERS; 1660 } 1661 1662 /* the object is no more initialized */ 1663 o->info.handleFlags &= ~TEE_HANDLE_FLAG_INITIALIZED; 1664 1665 return TEE_SUCCESS; 1666 } 1667 1668 static TEE_Result copy_in_attrs(struct user_ta_ctx *utc, 1669 const struct utee_attribute *usr_attrs, 1670 uint32_t attr_count, TEE_Attribute *attrs) 1671 { 1672 TEE_Result res = TEE_SUCCESS; 1673 size_t size = 0; 1674 uint32_t n = 0; 1675 struct utee_attribute *usr_attrs_bbuf = NULL; 1676 1677 if (MUL_OVERFLOW(sizeof(struct utee_attribute), attr_count, &size)) 1678 return TEE_ERROR_OVERFLOW; 1679 1680 usr_attrs_bbuf = bb_alloc(size); 1681 if (!usr_attrs_bbuf) 1682 return TEE_ERROR_OUT_OF_MEMORY; 1683 1684 res = copy_from_user(usr_attrs_bbuf, usr_attrs, size); 1685 if (res) 1686 goto out; 1687 1688 for (n = 0; n < attr_count; n++) { 1689 attrs[n].attributeID = usr_attrs_bbuf[n].attribute_id; 1690 if (attrs[n].attributeID & TEE_ATTR_FLAG_VALUE) { 1691 attrs[n].content.value.a = usr_attrs_bbuf[n].a; 1692 attrs[n].content.value.b = usr_attrs_bbuf[n].b; 1693 } else { 1694 uintptr_t buf = usr_attrs_bbuf[n].a; 1695 size_t len = usr_attrs_bbuf[n].b; 1696 uint32_t flags = TEE_MEMORY_ACCESS_READ | 1697 TEE_MEMORY_ACCESS_ANY_OWNER; 1698 1699 buf = memtag_strip_tag_vaddr((void *)buf); 1700 1701 res = vm_check_access_rights(&utc->uctx, flags, buf, 1702 len); 1703 if (res != TEE_SUCCESS) 1704 goto out; 1705 attrs[n].content.ref.buffer = (void *)buf; 1706 attrs[n].content.ref.length = len; 1707 } 1708 } 1709 1710 out: 1711 bb_free(usr_attrs_bbuf, size); 1712 return res; 1713 } 1714 1715 enum attr_usage { 1716 ATTR_USAGE_POPULATE, 1717 ATTR_USAGE_GENERATE_KEY 1718 }; 1719 1720 static TEE_Result tee_svc_cryp_check_attr(enum attr_usage usage, 1721 const struct tee_cryp_obj_type_props 1722 *type_props, 1723 const TEE_Attribute *attrs, 1724 uint32_t attr_count) 1725 { 1726 uint32_t required_flag = 0; 1727 uint32_t opt_flag = 0; 1728 bool all_opt_needed = false; 1729 uint32_t req_attrs = 0; 1730 uint32_t opt_grp_attrs = 0; 1731 uint32_t attrs_found = 0; 1732 size_t n = 0; 1733 uint32_t bit = 0; 1734 uint32_t flags = 0; 1735 int idx = 0; 1736 1737 if (usage == ATTR_USAGE_POPULATE) { 1738 required_flag = TEE_TYPE_ATTR_REQUIRED; 1739 opt_flag = TEE_TYPE_ATTR_OPTIONAL_GROUP; 1740 all_opt_needed = true; 1741 } else { 1742 required_flag = TEE_TYPE_ATTR_GEN_KEY_REQ; 1743 opt_flag = TEE_TYPE_ATTR_GEN_KEY_OPT; 1744 all_opt_needed = false; 1745 } 1746 1747 /* 1748 * First find out which attributes are required and which belong to 1749 * the optional group 1750 */ 1751 for (n = 0; n < type_props->num_type_attrs; n++) { 1752 bit = 1 << n; 1753 flags = type_props->type_attrs[n].flags; 1754 1755 if (flags & required_flag) 1756 req_attrs |= bit; 1757 else if (flags & opt_flag) 1758 opt_grp_attrs |= bit; 1759 } 1760 1761 /* 1762 * Verify that all required attributes are in place and 1763 * that the same attribute isn't repeated. 1764 */ 1765 for (n = 0; n < attr_count; n++) { 1766 idx = tee_svc_cryp_obj_find_type_attr_idx( 1767 attrs[n].attributeID, 1768 type_props); 1769 1770 /* attribute not defined in current object type */ 1771 if (idx < 0) 1772 return TEE_ERROR_ITEM_NOT_FOUND; 1773 1774 bit = 1 << idx; 1775 1776 /* attribute not repeated */ 1777 if ((attrs_found & bit) != 0) 1778 return TEE_ERROR_ITEM_NOT_FOUND; 1779 1780 /* 1781 * Attribute not defined in current object type for this 1782 * usage. 1783 */ 1784 if (!(bit & (req_attrs | opt_grp_attrs))) 1785 return TEE_ERROR_ITEM_NOT_FOUND; 1786 1787 attrs_found |= bit; 1788 } 1789 /* Required attribute missing */ 1790 if ((attrs_found & req_attrs) != req_attrs) 1791 return TEE_ERROR_ITEM_NOT_FOUND; 1792 1793 /* 1794 * If the flag says that "if one of the optional attributes are included 1795 * all of them has to be included" this must be checked. 1796 */ 1797 if (all_opt_needed && (attrs_found & opt_grp_attrs) != 0 && 1798 (attrs_found & opt_grp_attrs) != opt_grp_attrs) 1799 return TEE_ERROR_ITEM_NOT_FOUND; 1800 1801 return TEE_SUCCESS; 1802 } 1803 1804 static TEE_Result get_ec_key_size(uint32_t curve, size_t *key_size) 1805 { 1806 switch (curve) { 1807 case TEE_ECC_CURVE_NIST_P192: 1808 *key_size = 192; 1809 break; 1810 case TEE_ECC_CURVE_NIST_P224: 1811 *key_size = 224; 1812 break; 1813 case TEE_ECC_CURVE_NIST_P256: 1814 *key_size = 256; 1815 break; 1816 case TEE_ECC_CURVE_NIST_P384: 1817 *key_size = 384; 1818 break; 1819 case TEE_ECC_CURVE_NIST_P521: 1820 *key_size = 521; 1821 break; 1822 case TEE_ECC_CURVE_SM2: 1823 case TEE_ECC_CURVE_25519: 1824 *key_size = 256; 1825 break; 1826 default: 1827 return TEE_ERROR_NOT_SUPPORTED; 1828 } 1829 1830 return TEE_SUCCESS; 1831 } 1832 1833 static size_t get_used_bits(const TEE_Attribute *a) 1834 { 1835 TEE_Result res = TEE_SUCCESS; 1836 int nbits = a->content.ref.length * 8; 1837 int v = 0; 1838 void *bbuf = NULL; 1839 1840 res = bb_memdup_user(a->content.ref.buffer, a->content.ref.length, 1841 &bbuf); 1842 if (res) 1843 return 0; 1844 1845 bit_ffs(bbuf, nbits, &v); 1846 1847 bb_free(bbuf, a->content.ref.length); 1848 return nbits - v; 1849 } 1850 1851 static TEE_Result tee_svc_cryp_obj_populate_type( 1852 struct tee_obj *o, 1853 const struct tee_cryp_obj_type_props *type_props, 1854 const TEE_Attribute *attrs, 1855 uint32_t attr_count) 1856 { 1857 TEE_Result res = TEE_SUCCESS; 1858 uint32_t have_attrs = 0; 1859 size_t obj_size = 0; 1860 size_t n = 0; 1861 int idx = 0; 1862 const struct attr_ops *ops = NULL; 1863 void *attr = NULL; 1864 1865 for (n = 0; n < attr_count; n++) { 1866 idx = tee_svc_cryp_obj_find_type_attr_idx( 1867 attrs[n].attributeID, 1868 type_props); 1869 /* attribute not defined in current object type */ 1870 if (idx < 0) 1871 return TEE_ERROR_ITEM_NOT_FOUND; 1872 1873 have_attrs |= BIT32(idx); 1874 ops = attr_ops + type_props->type_attrs[idx].ops_index; 1875 attr = (uint8_t *)o->attr + 1876 type_props->type_attrs[idx].raw_offs; 1877 if (attrs[n].attributeID & TEE_ATTR_FLAG_VALUE) 1878 res = ops->from_user(attr, &attrs[n].content.value, 1879 sizeof(attrs[n].content.value)); 1880 else 1881 res = ops->from_user(attr, attrs[n].content.ref.buffer, 1882 attrs[n].content.ref.length); 1883 if (res != TEE_SUCCESS) 1884 return res; 1885 1886 /* 1887 * The attribute that gives the size of the object is 1888 * flagged with TEE_TYPE_ATTR_SIZE_INDICATOR. 1889 */ 1890 if (type_props->type_attrs[idx].flags & 1891 TEE_TYPE_ATTR_SIZE_INDICATOR) { 1892 /* There should be only one */ 1893 if (obj_size) 1894 return TEE_ERROR_BAD_STATE; 1895 1896 /* 1897 * For ECDSA/ECDH we need to translate curve into 1898 * object size 1899 */ 1900 if (attrs[n].attributeID == TEE_ATTR_ECC_CURVE) { 1901 res = get_ec_key_size(attrs[n].content.value.a, 1902 &obj_size); 1903 if (res != TEE_SUCCESS) 1904 return res; 1905 } else { 1906 TEE_ObjectType obj_type = o->info.objectType; 1907 size_t sz = o->info.maxObjectSize; 1908 1909 obj_size = attrs[n].content.ref.length * 8; 1910 /* Drop the parity bits for legacy objects */ 1911 if (is_gp_legacy_des_key_size(obj_type, sz)) 1912 obj_size -= obj_size / 8; 1913 } 1914 if (obj_size > o->info.maxObjectSize) 1915 return TEE_ERROR_BAD_STATE; 1916 res = check_key_size(type_props, obj_size); 1917 if (res != TEE_SUCCESS) 1918 return TEE_ERROR_BAD_PARAMETERS; 1919 } 1920 1921 /* 1922 * Bignum attributes limited by the number of bits in 1923 * o->info.objectSize are flagged with 1924 * TEE_TYPE_ATTR_BIGNUM_MAXBITS. 1925 */ 1926 if (type_props->type_attrs[idx].flags & 1927 TEE_TYPE_ATTR_BIGNUM_MAXBITS) { 1928 if (get_used_bits(attrs + n) > o->info.maxObjectSize) 1929 return TEE_ERROR_BAD_STATE; 1930 } 1931 } 1932 1933 o->have_attrs = have_attrs; 1934 o->info.objectSize = obj_size; 1935 /* 1936 * In GP Internal API Specification 1.0 the partity bits aren't 1937 * counted when telling the size of the key in bits so remove the 1938 * parity bits here. 1939 */ 1940 if (is_gp_legacy_des_key_size(o->info.objectType, 1941 o->info.maxObjectSize)) 1942 o->info.objectSize -= o->info.objectSize / 8; 1943 1944 return TEE_SUCCESS; 1945 } 1946 1947 TEE_Result syscall_cryp_obj_populate(unsigned long obj, 1948 struct utee_attribute *usr_attrs, 1949 unsigned long attr_count) 1950 { 1951 struct ts_session *sess = ts_get_current_session(); 1952 TEE_Result res = TEE_SUCCESS; 1953 struct tee_obj *o = NULL; 1954 const struct tee_cryp_obj_type_props *type_props = NULL; 1955 TEE_Attribute *attrs = NULL; 1956 size_t alloc_size = 0; 1957 1958 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 1959 if (res != TEE_SUCCESS) 1960 return res; 1961 1962 /* Must be a transient object */ 1963 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1964 return TEE_ERROR_BAD_PARAMETERS; 1965 1966 /* Must not be initialized already */ 1967 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1968 return TEE_ERROR_BAD_PARAMETERS; 1969 1970 type_props = tee_svc_find_type_props(o->info.objectType); 1971 if (!type_props) 1972 return TEE_ERROR_NOT_IMPLEMENTED; 1973 1974 if (MUL_OVERFLOW(sizeof(TEE_Attribute), attr_count, &alloc_size)) 1975 return TEE_ERROR_OVERFLOW; 1976 1977 attrs = malloc(alloc_size); 1978 if (!attrs) 1979 return TEE_ERROR_OUT_OF_MEMORY; 1980 1981 res = copy_in_attrs(to_user_ta_ctx(sess->ctx), usr_attrs, attr_count, 1982 attrs); 1983 if (res != TEE_SUCCESS) 1984 goto out; 1985 1986 res = tee_svc_cryp_check_attr(ATTR_USAGE_POPULATE, type_props, 1987 attrs, attr_count); 1988 if (res != TEE_SUCCESS) 1989 goto out; 1990 1991 res = tee_svc_cryp_obj_populate_type(o, type_props, attrs, attr_count); 1992 if (res == TEE_SUCCESS) 1993 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1994 1995 out: 1996 free_wipe(attrs); 1997 return res; 1998 } 1999 2000 TEE_Result syscall_cryp_obj_copy(unsigned long dst, unsigned long src) 2001 { 2002 struct ts_session *sess = ts_get_current_session(); 2003 TEE_Result res = TEE_SUCCESS; 2004 struct tee_obj *dst_o = NULL; 2005 struct tee_obj *src_o = NULL; 2006 2007 res = tee_obj_get(to_user_ta_ctx(sess->ctx), 2008 uref_to_vaddr(dst), &dst_o); 2009 if (res != TEE_SUCCESS) 2010 return res; 2011 2012 res = tee_obj_get(to_user_ta_ctx(sess->ctx), 2013 uref_to_vaddr(src), &src_o); 2014 if (res != TEE_SUCCESS) 2015 return res; 2016 2017 if ((src_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2018 return TEE_ERROR_BAD_PARAMETERS; 2019 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 2020 return TEE_ERROR_BAD_PARAMETERS; 2021 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2022 return TEE_ERROR_BAD_PARAMETERS; 2023 2024 res = tee_obj_attr_copy_from(dst_o, src_o); 2025 if (res != TEE_SUCCESS) 2026 return res; 2027 2028 dst_o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 2029 dst_o->info.objectSize = src_o->info.objectSize; 2030 dst_o->info.objectUsage = src_o->info.objectUsage; 2031 return TEE_SUCCESS; 2032 } 2033 2034 static TEE_Result check_pub_rsa_key(struct bignum *e) 2035 { 2036 size_t n = crypto_bignum_num_bytes(e); 2037 uint8_t bin_key[256 / 8] = { 0 }; 2038 2039 /* 2040 * NIST SP800-56B requires public RSA key to be an odd integer in 2041 * the range 65537 <= e < 2^256. 2042 */ 2043 2044 if (n > sizeof(bin_key) || n < 3) 2045 return TEE_ERROR_BAD_PARAMETERS; 2046 2047 crypto_bignum_bn2bin(e, bin_key); 2048 2049 if (!(bin_key[n - 1] & 1)) /* key must be odd */ 2050 return TEE_ERROR_BAD_PARAMETERS; 2051 2052 if (n == 3) { 2053 uint32_t key = 0; 2054 2055 for (n = 0; n < 3; n++) { 2056 key <<= 8; 2057 key |= bin_key[n]; 2058 } 2059 2060 if (key < 65537) 2061 return TEE_ERROR_BAD_PARAMETERS; 2062 } 2063 2064 /* key is larger than 65537 */ 2065 return TEE_SUCCESS; 2066 } 2067 2068 static TEE_Result tee_svc_obj_generate_key_rsa( 2069 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 2070 uint32_t key_size, 2071 const TEE_Attribute *params, uint32_t param_count) 2072 { 2073 TEE_Result res = TEE_SUCCESS; 2074 struct rsa_keypair *key = o->attr; 2075 uint32_t e = TEE_U32_TO_BIG_ENDIAN(65537); 2076 2077 /* Copy the present attributes into the obj before starting */ 2078 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2079 param_count); 2080 if (res != TEE_SUCCESS) 2081 return res; 2082 if (get_attribute(o, type_props, TEE_ATTR_RSA_PUBLIC_EXPONENT)) { 2083 res = check_pub_rsa_key(key->e); 2084 if (res) 2085 return res; 2086 } else { 2087 crypto_bignum_bin2bn((const uint8_t *)&e, sizeof(e), key->e); 2088 } 2089 res = crypto_acipher_gen_rsa_key(key, key_size); 2090 if (res != TEE_SUCCESS) 2091 return res; 2092 2093 /* Set bits for all known attributes for this object type */ 2094 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 2095 2096 return TEE_SUCCESS; 2097 } 2098 2099 static TEE_Result tee_svc_obj_generate_key_dsa( 2100 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 2101 uint32_t key_size, const TEE_Attribute *params, uint32_t param_count) 2102 { 2103 TEE_Result res; 2104 2105 /* Copy the present attributes into the obj before starting */ 2106 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2107 param_count); 2108 if (res != TEE_SUCCESS) 2109 return res; 2110 2111 res = crypto_acipher_gen_dsa_key(o->attr, key_size); 2112 if (res != TEE_SUCCESS) 2113 return res; 2114 2115 /* Set bits for all known attributes for this object type */ 2116 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 2117 2118 return TEE_SUCCESS; 2119 } 2120 2121 static TEE_Result tee_svc_obj_generate_key_dh( 2122 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 2123 uint32_t key_size, const TEE_Attribute *params, uint32_t param_count) 2124 { 2125 TEE_Result res; 2126 struct dh_keypair *tee_dh_key; 2127 struct bignum *dh_q = NULL; 2128 uint32_t dh_xbits = 0; 2129 2130 /* Copy the present attributes into the obj before starting */ 2131 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2132 param_count); 2133 if (res != TEE_SUCCESS) 2134 return res; 2135 2136 tee_dh_key = (struct dh_keypair *)o->attr; 2137 2138 if (get_attribute(o, type_props, TEE_ATTR_DH_SUBPRIME)) 2139 dh_q = tee_dh_key->q; 2140 if (get_attribute(o, type_props, TEE_ATTR_DH_X_BITS)) 2141 dh_xbits = tee_dh_key->xbits; 2142 res = crypto_acipher_gen_dh_key(tee_dh_key, dh_q, dh_xbits, key_size); 2143 if (res != TEE_SUCCESS) 2144 return res; 2145 2146 /* Set bits for the generated public and private key */ 2147 set_attribute(o, type_props, TEE_ATTR_DH_PUBLIC_VALUE); 2148 set_attribute(o, type_props, TEE_ATTR_DH_PRIVATE_VALUE); 2149 set_attribute(o, type_props, TEE_ATTR_DH_X_BITS); 2150 return TEE_SUCCESS; 2151 } 2152 2153 static TEE_Result tee_svc_obj_generate_key_ecc( 2154 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 2155 uint32_t key_size, const TEE_Attribute *params, uint32_t param_count) 2156 { 2157 TEE_Result res; 2158 struct ecc_keypair *tee_ecc_key; 2159 2160 /* Copy the present attributes into the obj before starting */ 2161 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2162 param_count); 2163 if (res != TEE_SUCCESS) 2164 return res; 2165 2166 tee_ecc_key = (struct ecc_keypair *)o->attr; 2167 2168 res = crypto_acipher_gen_ecc_key(tee_ecc_key, key_size); 2169 if (res != TEE_SUCCESS) 2170 return res; 2171 2172 /* Set bits for the generated public and private key */ 2173 set_attribute(o, type_props, TEE_ATTR_ECC_PRIVATE_VALUE); 2174 set_attribute(o, type_props, TEE_ATTR_ECC_PUBLIC_VALUE_X); 2175 set_attribute(o, type_props, TEE_ATTR_ECC_PUBLIC_VALUE_Y); 2176 set_attribute(o, type_props, TEE_ATTR_ECC_CURVE); 2177 return TEE_SUCCESS; 2178 } 2179 2180 static TEE_Result 2181 tee_svc_obj_generate_key_x25519(struct tee_obj *o, 2182 const struct tee_cryp_obj_type_props 2183 *type_props, 2184 uint32_t key_size, 2185 const TEE_Attribute *params, 2186 uint32_t param_count) 2187 { 2188 TEE_Result res = TEE_ERROR_GENERIC; 2189 struct x25519_keypair *tee_x25519_key = NULL; 2190 2191 /* Copy the present attributes into the obj before starting */ 2192 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2193 param_count); 2194 if (res != TEE_SUCCESS) 2195 return res; 2196 2197 tee_x25519_key = (struct x25519_keypair *)o->attr; 2198 2199 res = crypto_acipher_gen_x25519_key(tee_x25519_key, key_size); 2200 if (res != TEE_SUCCESS) 2201 return res; 2202 2203 /* Set bits for the generated public and private key */ 2204 set_attribute(o, type_props, TEE_ATTR_X25519_PRIVATE_VALUE); 2205 set_attribute(o, type_props, TEE_ATTR_X25519_PUBLIC_VALUE); 2206 return TEE_SUCCESS; 2207 } 2208 2209 static TEE_Result 2210 tee_svc_obj_generate_key_ed25519(struct tee_obj *o, 2211 const struct tee_cryp_obj_type_props 2212 *type_props, 2213 uint32_t key_size, 2214 const TEE_Attribute *params, 2215 uint32_t param_count) 2216 { 2217 TEE_Result res = TEE_ERROR_GENERIC; 2218 struct ed25519_keypair *key = NULL; 2219 2220 /* Copy the present attributes into the obj before starting */ 2221 res = tee_svc_cryp_obj_populate_type(o, type_props, params, 2222 param_count); 2223 if (res != TEE_SUCCESS) 2224 return res; 2225 2226 key = o->attr; 2227 2228 res = crypto_acipher_gen_ed25519_key(key, key_size); 2229 if (res != TEE_SUCCESS) 2230 return res; 2231 2232 /* Set bits for the generated public and private key */ 2233 set_attribute(o, type_props, TEE_ATTR_ED25519_PRIVATE_VALUE); 2234 set_attribute(o, type_props, TEE_ATTR_ED25519_PUBLIC_VALUE); 2235 return TEE_SUCCESS; 2236 } 2237 2238 static TEE_Result 2239 tee_svc_obj_ed25519_parse_params(const TEE_Attribute *params, size_t num_params, 2240 bool *ph_flag, const uint8_t **ctx, 2241 size_t *ctx_len) 2242 { 2243 size_t n = 0; 2244 2245 *ctx = NULL; 2246 2247 for (n = 0; n < num_params; n++) { 2248 switch (params[n].attributeID) { 2249 case TEE_ATTR_EDDSA_PREHASH: 2250 if (params[n].content.value.b) 2251 return TEE_ERROR_BAD_PARAMETERS; 2252 if (!params[n].content.value.a) 2253 *ph_flag = false; 2254 else if (params[n].content.value.a == 1) 2255 *ph_flag = true; 2256 else 2257 return TEE_ERROR_BAD_PARAMETERS; 2258 break; 2259 2260 case TEE_ATTR_EDDSA_CTX: 2261 /* several provided contexts are treated as error */ 2262 if (*ctx) 2263 return TEE_ERROR_BAD_PARAMETERS; 2264 2265 *ctx_len = params[n].content.ref.length; 2266 if (*ctx_len > TEE_ED25519_CTX_MAX_LENGTH) 2267 return TEE_ERROR_BAD_PARAMETERS; 2268 2269 if (!*ctx_len) 2270 break; 2271 2272 *ctx = params[n].content.ref.buffer; 2273 if (!*ctx) 2274 return TEE_ERROR_BAD_PARAMETERS; 2275 break; 2276 2277 default: 2278 return TEE_ERROR_BAD_PARAMETERS; 2279 } 2280 } 2281 2282 return TEE_SUCCESS; 2283 } 2284 2285 static TEE_Result 2286 tee_svc_obj_ed25519_sign(struct ed25519_keypair *key, 2287 const uint8_t *msg, size_t msg_len, 2288 uint8_t *sig, size_t *sig_len, 2289 const TEE_Attribute *params, size_t num_params) 2290 { 2291 TEE_Result err = TEE_ERROR_GENERIC; 2292 size_t ctx_len = 0; 2293 const uint8_t *ctx = NULL; 2294 bool ph_flag = false; 2295 2296 err = tee_svc_obj_ed25519_parse_params(params, num_params, &ph_flag, 2297 &ctx, &ctx_len); 2298 if (err != TEE_SUCCESS) 2299 return err; 2300 2301 if (ph_flag || ctx) { 2302 return crypto_acipher_ed25519ctx_sign(key, msg, msg_len, sig, 2303 sig_len, ph_flag, 2304 ctx, ctx_len); 2305 } 2306 2307 return crypto_acipher_ed25519_sign(key, msg, msg_len, sig, sig_len); 2308 } 2309 2310 static TEE_Result 2311 tee_svc_obj_ed25519_verify(struct ed25519_public_key *key, 2312 const uint8_t *msg, size_t msg_len, 2313 const uint8_t *sig, size_t sig_len, 2314 const TEE_Attribute *params, size_t num_params) 2315 { 2316 TEE_Result err = TEE_ERROR_GENERIC; 2317 size_t ctx_len = 0; 2318 const uint8_t *ctx = NULL; 2319 bool ph_flag = false; 2320 2321 err = tee_svc_obj_ed25519_parse_params(params, num_params, &ph_flag, 2322 &ctx, &ctx_len); 2323 if (err) 2324 return err; 2325 2326 if (ph_flag || ctx) { 2327 return crypto_acipher_ed25519ctx_verify(key, msg, msg_len, sig, 2328 sig_len, ph_flag, 2329 ctx, ctx_len); 2330 } 2331 2332 return crypto_acipher_ed25519_verify(key, msg, msg_len, sig, sig_len); 2333 } 2334 2335 TEE_Result syscall_obj_generate_key(unsigned long obj, unsigned long key_size, 2336 const struct utee_attribute *usr_params, 2337 unsigned long param_count) 2338 { 2339 struct ts_session *sess = ts_get_current_session(); 2340 TEE_Result res = TEE_SUCCESS; 2341 const struct tee_cryp_obj_type_props *type_props = NULL; 2342 struct tee_obj *o = NULL; 2343 struct tee_cryp_obj_secret *key = NULL; 2344 size_t byte_size = 0; 2345 TEE_Attribute *params = NULL; 2346 size_t alloc_size = 0; 2347 2348 res = tee_obj_get(to_user_ta_ctx(sess->ctx), uref_to_vaddr(obj), &o); 2349 if (res != TEE_SUCCESS) 2350 return res; 2351 2352 /* Must be a transient object */ 2353 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 2354 return TEE_ERROR_BAD_STATE; 2355 2356 /* Must not be initialized already */ 2357 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2358 return TEE_ERROR_BAD_STATE; 2359 2360 /* Find description of object */ 2361 type_props = tee_svc_find_type_props(o->info.objectType); 2362 if (!type_props) 2363 return TEE_ERROR_NOT_SUPPORTED; 2364 2365 /* Check that key_size follows restrictions */ 2366 res = check_key_size(type_props, key_size); 2367 if (res) 2368 return res; 2369 2370 if (MUL_OVERFLOW(sizeof(TEE_Attribute), param_count, &alloc_size)) 2371 return TEE_ERROR_OVERFLOW; 2372 2373 params = malloc(alloc_size); 2374 if (!params) 2375 return TEE_ERROR_OUT_OF_MEMORY; 2376 res = copy_in_attrs(to_user_ta_ctx(sess->ctx), usr_params, param_count, 2377 params); 2378 if (res != TEE_SUCCESS) 2379 goto out; 2380 2381 res = tee_svc_cryp_check_attr(ATTR_USAGE_GENERATE_KEY, type_props, 2382 params, param_count); 2383 if (res != TEE_SUCCESS) 2384 goto out; 2385 2386 switch (o->info.objectType) { 2387 case TEE_TYPE_AES: 2388 case TEE_TYPE_DES: 2389 case TEE_TYPE_DES3: 2390 case TEE_TYPE_SM4: 2391 case TEE_TYPE_HMAC_MD5: 2392 case TEE_TYPE_HMAC_SHA1: 2393 case TEE_TYPE_HMAC_SHA224: 2394 case TEE_TYPE_HMAC_SHA256: 2395 case TEE_TYPE_HMAC_SHA384: 2396 case TEE_TYPE_HMAC_SHA512: 2397 case TEE_TYPE_HMAC_SHA3_224: 2398 case TEE_TYPE_HMAC_SHA3_256: 2399 case TEE_TYPE_HMAC_SHA3_384: 2400 case TEE_TYPE_HMAC_SHA3_512: 2401 case TEE_TYPE_HMAC_SM3: 2402 case TEE_TYPE_GENERIC_SECRET: 2403 byte_size = key_size / 8; 2404 2405 /* 2406 * In GP Internal API Specification 1.0 the partity bits 2407 * aren't counted when telling the size of the key in bits. 2408 */ 2409 if (is_gp_legacy_des_key_size(o->info.objectType, key_size)) 2410 byte_size = (key_size + key_size / 7) / 8; 2411 2412 key = (struct tee_cryp_obj_secret *)o->attr; 2413 if (byte_size > key->alloc_size) { 2414 res = TEE_ERROR_EXCESS_DATA; 2415 goto out; 2416 } 2417 2418 res = crypto_rng_read((void *)(key + 1), byte_size); 2419 if (res != TEE_SUCCESS) 2420 goto out; 2421 2422 key->key_size = byte_size; 2423 2424 /* Set bits for all known attributes for this object type */ 2425 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 2426 2427 break; 2428 2429 case TEE_TYPE_RSA_KEYPAIR: 2430 res = tee_svc_obj_generate_key_rsa(o, type_props, key_size, 2431 params, param_count); 2432 if (res != TEE_SUCCESS) 2433 goto out; 2434 break; 2435 2436 case TEE_TYPE_DSA_KEYPAIR: 2437 res = tee_svc_obj_generate_key_dsa(o, type_props, key_size, 2438 params, param_count); 2439 if (res != TEE_SUCCESS) 2440 goto out; 2441 break; 2442 2443 case TEE_TYPE_DH_KEYPAIR: 2444 res = tee_svc_obj_generate_key_dh(o, type_props, key_size, 2445 params, param_count); 2446 if (res != TEE_SUCCESS) 2447 goto out; 2448 break; 2449 2450 case TEE_TYPE_ECDSA_KEYPAIR: 2451 case TEE_TYPE_ECDH_KEYPAIR: 2452 case TEE_TYPE_SM2_DSA_KEYPAIR: 2453 case TEE_TYPE_SM2_KEP_KEYPAIR: 2454 case TEE_TYPE_SM2_PKE_KEYPAIR: 2455 res = tee_svc_obj_generate_key_ecc(o, type_props, key_size, 2456 params, param_count); 2457 if (res != TEE_SUCCESS) 2458 goto out; 2459 break; 2460 2461 case TEE_TYPE_X25519_KEYPAIR: 2462 res = tee_svc_obj_generate_key_x25519(o, type_props, key_size, 2463 params, param_count); 2464 if (res != TEE_SUCCESS) 2465 goto out; 2466 break; 2467 2468 case TEE_TYPE_ED25519_KEYPAIR: 2469 res = tee_svc_obj_generate_key_ed25519(o, type_props, key_size, 2470 params, param_count); 2471 if (res != TEE_SUCCESS) 2472 goto out; 2473 break; 2474 2475 default: 2476 res = TEE_ERROR_BAD_FORMAT; 2477 } 2478 2479 out: 2480 free_wipe(params); 2481 if (res == TEE_SUCCESS) { 2482 o->info.objectSize = key_size; 2483 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 2484 } 2485 return res; 2486 } 2487 2488 static TEE_Result tee_svc_cryp_get_state(struct ts_session *sess, 2489 vaddr_t state_id, 2490 struct tee_cryp_state **state) 2491 { 2492 struct tee_cryp_state *s; 2493 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 2494 2495 TAILQ_FOREACH(s, &utc->cryp_states, link) { 2496 if (state_id == (vaddr_t)s) { 2497 *state = s; 2498 return TEE_SUCCESS; 2499 } 2500 } 2501 return TEE_ERROR_BAD_PARAMETERS; 2502 } 2503 2504 static void cryp_state_free(struct user_ta_ctx *utc, struct tee_cryp_state *cs) 2505 { 2506 struct tee_obj *o; 2507 2508 if (tee_obj_get(utc, cs->key1, &o) == TEE_SUCCESS) 2509 tee_obj_close(utc, o); 2510 if (tee_obj_get(utc, cs->key2, &o) == TEE_SUCCESS) 2511 tee_obj_close(utc, o); 2512 2513 TAILQ_REMOVE(&utc->cryp_states, cs, link); 2514 if (cs->ctx_finalize != NULL) 2515 cs->ctx_finalize(cs->ctx); 2516 2517 switch (TEE_ALG_GET_CLASS(cs->algo)) { 2518 case TEE_OPERATION_CIPHER: 2519 crypto_cipher_free_ctx(cs->ctx); 2520 break; 2521 case TEE_OPERATION_AE: 2522 crypto_authenc_free_ctx(cs->ctx); 2523 break; 2524 case TEE_OPERATION_DIGEST: 2525 crypto_hash_free_ctx(cs->ctx); 2526 break; 2527 case TEE_OPERATION_MAC: 2528 crypto_mac_free_ctx(cs->ctx); 2529 break; 2530 default: 2531 assert(!cs->ctx); 2532 } 2533 2534 free(cs); 2535 } 2536 2537 static TEE_Result tee_svc_cryp_check_key_type(const struct tee_obj *o, 2538 uint32_t algo, 2539 TEE_OperationMode mode) 2540 { 2541 uint32_t req_key_type; 2542 uint32_t req_key_type2 = 0; 2543 2544 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 2545 case TEE_MAIN_ALGO_MD5: 2546 req_key_type = TEE_TYPE_HMAC_MD5; 2547 break; 2548 case TEE_MAIN_ALGO_SHA1: 2549 req_key_type = TEE_TYPE_HMAC_SHA1; 2550 break; 2551 case TEE_MAIN_ALGO_SHA224: 2552 req_key_type = TEE_TYPE_HMAC_SHA224; 2553 break; 2554 case TEE_MAIN_ALGO_SHA256: 2555 req_key_type = TEE_TYPE_HMAC_SHA256; 2556 break; 2557 case TEE_MAIN_ALGO_SHA384: 2558 req_key_type = TEE_TYPE_HMAC_SHA384; 2559 break; 2560 case TEE_MAIN_ALGO_SHA512: 2561 req_key_type = TEE_TYPE_HMAC_SHA512; 2562 break; 2563 case TEE_MAIN_ALGO_SHA3_224: 2564 req_key_type = TEE_TYPE_HMAC_SHA3_224; 2565 break; 2566 case TEE_MAIN_ALGO_SHA3_256: 2567 req_key_type = TEE_TYPE_HMAC_SHA3_256; 2568 break; 2569 case TEE_MAIN_ALGO_SHA3_384: 2570 req_key_type = TEE_TYPE_HMAC_SHA3_384; 2571 break; 2572 case TEE_MAIN_ALGO_SHA3_512: 2573 req_key_type = TEE_TYPE_HMAC_SHA3_512; 2574 break; 2575 case TEE_MAIN_ALGO_SM3: 2576 req_key_type = TEE_TYPE_HMAC_SM3; 2577 break; 2578 case TEE_MAIN_ALGO_AES: 2579 req_key_type = TEE_TYPE_AES; 2580 break; 2581 case TEE_MAIN_ALGO_DES: 2582 req_key_type = TEE_TYPE_DES; 2583 break; 2584 case TEE_MAIN_ALGO_DES3: 2585 req_key_type = TEE_TYPE_DES3; 2586 break; 2587 case TEE_MAIN_ALGO_SM4: 2588 req_key_type = TEE_TYPE_SM4; 2589 break; 2590 case TEE_MAIN_ALGO_RSA: 2591 req_key_type = TEE_TYPE_RSA_KEYPAIR; 2592 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 2593 req_key_type2 = TEE_TYPE_RSA_PUBLIC_KEY; 2594 break; 2595 case TEE_MAIN_ALGO_DSA: 2596 req_key_type = TEE_TYPE_DSA_KEYPAIR; 2597 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 2598 req_key_type2 = TEE_TYPE_DSA_PUBLIC_KEY; 2599 break; 2600 case TEE_MAIN_ALGO_DH: 2601 req_key_type = TEE_TYPE_DH_KEYPAIR; 2602 break; 2603 case TEE_MAIN_ALGO_ECDSA: 2604 req_key_type = TEE_TYPE_ECDSA_KEYPAIR; 2605 if (mode == TEE_MODE_VERIFY) 2606 req_key_type2 = TEE_TYPE_ECDSA_PUBLIC_KEY; 2607 break; 2608 case TEE_MAIN_ALGO_ECDH: 2609 req_key_type = TEE_TYPE_ECDH_KEYPAIR; 2610 break; 2611 case TEE_MAIN_ALGO_ED25519: 2612 req_key_type = TEE_TYPE_ED25519_KEYPAIR; 2613 if (mode == TEE_MODE_VERIFY) 2614 req_key_type2 = TEE_TYPE_ED25519_PUBLIC_KEY; 2615 break; 2616 case TEE_MAIN_ALGO_SM2_PKE: 2617 if (mode == TEE_MODE_ENCRYPT) 2618 req_key_type = TEE_TYPE_SM2_PKE_PUBLIC_KEY; 2619 else 2620 req_key_type = TEE_TYPE_SM2_PKE_KEYPAIR; 2621 break; 2622 case TEE_MAIN_ALGO_SM2_DSA_SM3: 2623 if (mode == TEE_MODE_VERIFY) 2624 req_key_type = TEE_TYPE_SM2_DSA_PUBLIC_KEY; 2625 else 2626 req_key_type = TEE_TYPE_SM2_DSA_KEYPAIR; 2627 break; 2628 #if defined(CFG_CRYPTO_SM2_KEP) 2629 case TEE_MAIN_ALGO_SM2_KEP: 2630 req_key_type = TEE_TYPE_SM2_KEP_KEYPAIR; 2631 req_key_type2 = TEE_TYPE_SM2_KEP_PUBLIC_KEY; 2632 break; 2633 #endif 2634 #if defined(CFG_CRYPTO_HKDF) 2635 case TEE_MAIN_ALGO_HKDF: 2636 req_key_type = TEE_TYPE_HKDF_IKM; 2637 break; 2638 #endif 2639 #if defined(CFG_CRYPTO_CONCAT_KDF) 2640 case TEE_MAIN_ALGO_CONCAT_KDF: 2641 req_key_type = TEE_TYPE_CONCAT_KDF_Z; 2642 break; 2643 #endif 2644 #if defined(CFG_CRYPTO_PBKDF2) 2645 case TEE_MAIN_ALGO_PBKDF2: 2646 req_key_type = TEE_TYPE_PBKDF2_PASSWORD; 2647 break; 2648 #endif 2649 case TEE_MAIN_ALGO_X25519: 2650 req_key_type = TEE_TYPE_X25519_KEYPAIR; 2651 break; 2652 default: 2653 return TEE_ERROR_BAD_PARAMETERS; 2654 } 2655 2656 if (req_key_type != o->info.objectType && 2657 req_key_type2 != o->info.objectType) 2658 return TEE_ERROR_BAD_PARAMETERS; 2659 return TEE_SUCCESS; 2660 } 2661 2662 static uint32_t translate_compat_algo(uint32_t algo) 2663 { 2664 switch (algo) { 2665 case __OPTEE_ALG_ECDSA_P192: 2666 return TEE_ALG_ECDSA_SHA1; 2667 case __OPTEE_ALG_ECDSA_P224: 2668 return TEE_ALG_ECDSA_SHA224; 2669 case __OPTEE_ALG_ECDSA_P256: 2670 return TEE_ALG_ECDSA_SHA256; 2671 case __OPTEE_ALG_ECDSA_P384: 2672 return TEE_ALG_ECDSA_SHA384; 2673 case __OPTEE_ALG_ECDSA_P521: 2674 return TEE_ALG_ECDSA_SHA512; 2675 case __OPTEE_ALG_ECDH_P192: 2676 case __OPTEE_ALG_ECDH_P224: 2677 case __OPTEE_ALG_ECDH_P256: 2678 case __OPTEE_ALG_ECDH_P384: 2679 case __OPTEE_ALG_ECDH_P521: 2680 return TEE_ALG_ECDH_DERIVE_SHARED_SECRET; 2681 default: 2682 return algo; 2683 } 2684 } 2685 2686 TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode, 2687 unsigned long key1, unsigned long key2, 2688 uint32_t *state) 2689 { 2690 struct ts_session *sess = ts_get_current_session(); 2691 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 2692 TEE_Result res = TEE_SUCCESS; 2693 struct tee_cryp_state *cs = NULL; 2694 struct tee_obj *o1 = NULL; 2695 struct tee_obj *o2 = NULL; 2696 2697 algo = translate_compat_algo(algo); 2698 2699 if (key1 != 0) { 2700 res = tee_obj_get(utc, uref_to_vaddr(key1), &o1); 2701 if (res != TEE_SUCCESS) 2702 return res; 2703 if (o1->busy) 2704 return TEE_ERROR_BAD_PARAMETERS; 2705 res = tee_svc_cryp_check_key_type(o1, algo, mode); 2706 if (res != TEE_SUCCESS) 2707 return res; 2708 } 2709 if (key2 != 0) { 2710 res = tee_obj_get(utc, uref_to_vaddr(key2), &o2); 2711 if (res != TEE_SUCCESS) 2712 return res; 2713 if (o2->busy) 2714 return TEE_ERROR_BAD_PARAMETERS; 2715 res = tee_svc_cryp_check_key_type(o2, algo, mode); 2716 if (res != TEE_SUCCESS) 2717 return res; 2718 } 2719 2720 cs = calloc(1, sizeof(struct tee_cryp_state)); 2721 if (!cs) 2722 return TEE_ERROR_OUT_OF_MEMORY; 2723 TAILQ_INSERT_TAIL(&utc->cryp_states, cs, link); 2724 cs->algo = algo; 2725 cs->mode = mode; 2726 cs->state = CRYP_STATE_UNINITIALIZED; 2727 2728 switch (TEE_ALG_GET_CLASS(algo)) { 2729 case TEE_OPERATION_CIPHER: 2730 if ((TEE_ALG_GET_CHAIN_MODE(algo) == TEE_CHAIN_MODE_XTS && 2731 (key1 == 0 || key2 == 0)) || 2732 (TEE_ALG_GET_CHAIN_MODE(algo) != TEE_CHAIN_MODE_XTS && 2733 (key1 == 0 || key2 != 0))) { 2734 res = TEE_ERROR_BAD_PARAMETERS; 2735 } else { 2736 res = crypto_cipher_alloc_ctx(&cs->ctx, algo); 2737 if (res != TEE_SUCCESS) 2738 break; 2739 } 2740 break; 2741 case TEE_OPERATION_AE: 2742 if (key1 == 0 || key2 != 0) { 2743 res = TEE_ERROR_BAD_PARAMETERS; 2744 } else { 2745 res = crypto_authenc_alloc_ctx(&cs->ctx, algo); 2746 if (res != TEE_SUCCESS) 2747 break; 2748 } 2749 break; 2750 case TEE_OPERATION_MAC: 2751 if (key1 == 0 || key2 != 0) { 2752 res = TEE_ERROR_BAD_PARAMETERS; 2753 } else { 2754 res = crypto_mac_alloc_ctx(&cs->ctx, algo); 2755 if (res != TEE_SUCCESS) 2756 break; 2757 } 2758 break; 2759 case TEE_OPERATION_DIGEST: 2760 if (key1 != 0 || key2 != 0) { 2761 res = TEE_ERROR_BAD_PARAMETERS; 2762 } else { 2763 res = crypto_hash_alloc_ctx(&cs->ctx, algo); 2764 if (res != TEE_SUCCESS) 2765 break; 2766 } 2767 break; 2768 case TEE_OPERATION_ASYMMETRIC_CIPHER: 2769 case TEE_OPERATION_ASYMMETRIC_SIGNATURE: 2770 if (algo == TEE_ALG_RSASSA_PKCS1_V1_5 && 2771 !IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2772 res = TEE_ERROR_NOT_SUPPORTED; 2773 break; 2774 } 2775 if (key1 == 0 || key2 != 0) 2776 res = TEE_ERROR_BAD_PARAMETERS; 2777 break; 2778 case TEE_OPERATION_KEY_DERIVATION: 2779 if (algo == TEE_ALG_SM2_KEP) { 2780 if (key1 == 0 || key2 == 0) 2781 res = TEE_ERROR_BAD_PARAMETERS; 2782 } else { 2783 if (key1 == 0 || key2 != 0) 2784 res = TEE_ERROR_BAD_PARAMETERS; 2785 } 2786 break; 2787 default: 2788 res = TEE_ERROR_NOT_SUPPORTED; 2789 break; 2790 } 2791 if (res != TEE_SUCCESS) 2792 goto out; 2793 2794 res = copy_kaddr_to_uref(state, cs); 2795 if (res != TEE_SUCCESS) 2796 goto out; 2797 2798 /* Register keys */ 2799 if (o1 != NULL) { 2800 o1->busy = true; 2801 cs->key1 = (vaddr_t)o1; 2802 } 2803 if (o2 != NULL) { 2804 o2->busy = true; 2805 cs->key2 = (vaddr_t)o2; 2806 } 2807 2808 out: 2809 if (res != TEE_SUCCESS) 2810 cryp_state_free(utc, cs); 2811 return res; 2812 } 2813 2814 TEE_Result syscall_cryp_state_copy(unsigned long dst, unsigned long src) 2815 { 2816 struct ts_session *sess = ts_get_current_session(); 2817 TEE_Result res = TEE_SUCCESS; 2818 struct tee_cryp_state *cs_dst = NULL; 2819 struct tee_cryp_state *cs_src = NULL; 2820 2821 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(dst), &cs_dst); 2822 if (res != TEE_SUCCESS) 2823 return res; 2824 2825 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(src), &cs_src); 2826 if (res != TEE_SUCCESS) 2827 return res; 2828 if (cs_dst->algo != cs_src->algo || cs_dst->mode != cs_src->mode) 2829 return TEE_ERROR_BAD_PARAMETERS; 2830 2831 switch (TEE_ALG_GET_CLASS(cs_src->algo)) { 2832 case TEE_OPERATION_CIPHER: 2833 crypto_cipher_copy_state(cs_dst->ctx, cs_src->ctx); 2834 break; 2835 case TEE_OPERATION_AE: 2836 crypto_authenc_copy_state(cs_dst->ctx, cs_src->ctx); 2837 break; 2838 case TEE_OPERATION_DIGEST: 2839 crypto_hash_copy_state(cs_dst->ctx, cs_src->ctx); 2840 break; 2841 case TEE_OPERATION_MAC: 2842 crypto_mac_copy_state(cs_dst->ctx, cs_src->ctx); 2843 break; 2844 default: 2845 return TEE_ERROR_BAD_STATE; 2846 } 2847 2848 cs_dst->state = cs_src->state; 2849 cs_dst->ctx_finalize = cs_src->ctx_finalize; 2850 2851 return TEE_SUCCESS; 2852 } 2853 2854 void tee_svc_cryp_free_states(struct user_ta_ctx *utc) 2855 { 2856 struct tee_cryp_state_head *states = &utc->cryp_states; 2857 2858 while (!TAILQ_EMPTY(states)) 2859 cryp_state_free(utc, TAILQ_FIRST(states)); 2860 } 2861 2862 TEE_Result syscall_cryp_state_free(unsigned long state) 2863 { 2864 struct ts_session *sess = ts_get_current_session(); 2865 TEE_Result res = TEE_SUCCESS; 2866 struct tee_cryp_state *cs = NULL; 2867 2868 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 2869 if (res != TEE_SUCCESS) 2870 return res; 2871 cryp_state_free(to_user_ta_ctx(sess->ctx), cs); 2872 return TEE_SUCCESS; 2873 } 2874 2875 TEE_Result syscall_hash_init(unsigned long state, 2876 const void *iv __maybe_unused, 2877 size_t iv_len __maybe_unused) 2878 { 2879 struct ts_session *sess = ts_get_current_session(); 2880 TEE_Result res = TEE_SUCCESS; 2881 struct tee_cryp_state *cs = NULL; 2882 2883 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 2884 if (res != TEE_SUCCESS) 2885 return res; 2886 2887 switch (TEE_ALG_GET_CLASS(cs->algo)) { 2888 case TEE_OPERATION_DIGEST: 2889 res = crypto_hash_init(cs->ctx); 2890 if (res != TEE_SUCCESS) 2891 return res; 2892 break; 2893 case TEE_OPERATION_MAC: 2894 { 2895 struct tee_obj *o; 2896 struct tee_cryp_obj_secret *key; 2897 2898 res = tee_obj_get(to_user_ta_ctx(sess->ctx), 2899 cs->key1, &o); 2900 if (res != TEE_SUCCESS) 2901 return res; 2902 if ((o->info.handleFlags & 2903 TEE_HANDLE_FLAG_INITIALIZED) == 0) 2904 return TEE_ERROR_BAD_PARAMETERS; 2905 2906 key = (struct tee_cryp_obj_secret *)o->attr; 2907 res = crypto_mac_init(cs->ctx, (void *)(key + 1), 2908 key->key_size); 2909 if (res != TEE_SUCCESS) 2910 return res; 2911 break; 2912 } 2913 default: 2914 return TEE_ERROR_BAD_PARAMETERS; 2915 } 2916 2917 cs->state = CRYP_STATE_INITIALIZED; 2918 2919 return TEE_SUCCESS; 2920 } 2921 2922 TEE_Result syscall_hash_update(unsigned long state, const void *chunk, 2923 size_t chunk_size) 2924 { 2925 struct ts_session *sess = ts_get_current_session(); 2926 struct tee_cryp_state *cs = NULL; 2927 TEE_Result res = TEE_SUCCESS; 2928 2929 /* No data, but size provided isn't valid parameters. */ 2930 if (!chunk && chunk_size) 2931 return TEE_ERROR_BAD_PARAMETERS; 2932 2933 /* Zero length hash is valid, but nothing we need to do. */ 2934 if (!chunk_size) 2935 return TEE_SUCCESS; 2936 2937 chunk = memtag_strip_tag_const(chunk); 2938 2939 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 2940 TEE_MEMORY_ACCESS_READ | 2941 TEE_MEMORY_ACCESS_ANY_OWNER, 2942 (uaddr_t)chunk, chunk_size); 2943 if (res != TEE_SUCCESS) 2944 return res; 2945 2946 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 2947 if (res != TEE_SUCCESS) 2948 return res; 2949 2950 if (cs->state != CRYP_STATE_INITIALIZED) 2951 return TEE_ERROR_BAD_STATE; 2952 2953 switch (TEE_ALG_GET_CLASS(cs->algo)) { 2954 case TEE_OPERATION_DIGEST: 2955 res = crypto_hash_update(cs->ctx, chunk, chunk_size); 2956 if (res != TEE_SUCCESS) 2957 return res; 2958 break; 2959 case TEE_OPERATION_MAC: 2960 res = crypto_mac_update(cs->ctx, chunk, chunk_size); 2961 if (res != TEE_SUCCESS) 2962 return res; 2963 break; 2964 default: 2965 return TEE_ERROR_BAD_PARAMETERS; 2966 } 2967 2968 return TEE_SUCCESS; 2969 } 2970 2971 static bool is_xof_algo(uint32_t algo) 2972 { 2973 return algo == TEE_ALG_SHAKE128 || algo == TEE_ALG_SHAKE256; 2974 } 2975 2976 TEE_Result syscall_hash_final(unsigned long state, const void *chunk, 2977 size_t chunk_size, void *hash, uint64_t *hash_len) 2978 { 2979 struct ts_session *sess = ts_get_current_session(); 2980 struct tee_cryp_state *cs = NULL; 2981 TEE_Result res2 = TEE_SUCCESS; 2982 TEE_Result res = TEE_SUCCESS; 2983 size_t hash_size = 0; 2984 size_t hlen = 0; 2985 2986 /* No data, but size provided isn't valid parameters. */ 2987 if (!chunk && chunk_size) 2988 return TEE_ERROR_BAD_PARAMETERS; 2989 2990 chunk = memtag_strip_tag_const(chunk); 2991 hash = memtag_strip_tag(hash); 2992 2993 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 2994 TEE_MEMORY_ACCESS_READ | 2995 TEE_MEMORY_ACCESS_ANY_OWNER, 2996 (uaddr_t)chunk, chunk_size); 2997 if (res != TEE_SUCCESS) 2998 return res; 2999 3000 res = get_user_u64_as_size_t(&hlen, hash_len); 3001 if (res != TEE_SUCCESS) 3002 return res; 3003 3004 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 3005 TEE_MEMORY_ACCESS_READ | 3006 TEE_MEMORY_ACCESS_WRITE | 3007 TEE_MEMORY_ACCESS_ANY_OWNER, 3008 (uaddr_t)hash, hlen); 3009 if (res != TEE_SUCCESS) 3010 return res; 3011 3012 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3013 if (res != TEE_SUCCESS) 3014 return res; 3015 3016 if (cs->state != CRYP_STATE_INITIALIZED) 3017 return TEE_ERROR_BAD_STATE; 3018 3019 switch (TEE_ALG_GET_CLASS(cs->algo)) { 3020 case TEE_OPERATION_DIGEST: 3021 if (is_xof_algo(cs->algo)) { 3022 if (chunk_size) { 3023 res = crypto_hash_update(cs->ctx, chunk, 3024 chunk_size); 3025 if (res) 3026 return res; 3027 } 3028 3029 /* 3030 * hash_size is supposed to be unchanged for XOF 3031 * algorithms so return directly. 3032 */ 3033 return crypto_hash_final(cs->ctx, hash, hlen); 3034 } 3035 3036 res = tee_alg_get_digest_size(cs->algo, &hash_size); 3037 if (res != TEE_SUCCESS) 3038 return res; 3039 if (hlen < hash_size) { 3040 res = TEE_ERROR_SHORT_BUFFER; 3041 goto out; 3042 } 3043 3044 if (chunk_size) { 3045 res = crypto_hash_update(cs->ctx, chunk, chunk_size); 3046 if (res != TEE_SUCCESS) 3047 return res; 3048 } 3049 3050 res = crypto_hash_final(cs->ctx, hash, hash_size); 3051 if (res != TEE_SUCCESS) 3052 return res; 3053 break; 3054 3055 case TEE_OPERATION_MAC: 3056 res = tee_alg_get_digest_size(cs->algo, &hash_size); 3057 if (res != TEE_SUCCESS) 3058 return res; 3059 if (hlen < hash_size) { 3060 res = TEE_ERROR_SHORT_BUFFER; 3061 goto out; 3062 } 3063 3064 if (chunk_size) { 3065 res = crypto_mac_update(cs->ctx, chunk, chunk_size); 3066 if (res != TEE_SUCCESS) 3067 return res; 3068 } 3069 3070 res = crypto_mac_final(cs->ctx, hash, hash_size); 3071 if (res != TEE_SUCCESS) 3072 return res; 3073 break; 3074 3075 default: 3076 return TEE_ERROR_BAD_PARAMETERS; 3077 } 3078 out: 3079 res2 = put_user_u64(hash_len, hash_size); 3080 if (res2 != TEE_SUCCESS) 3081 return res2; 3082 return res; 3083 } 3084 3085 TEE_Result syscall_cipher_init(unsigned long state, const void *iv, 3086 size_t iv_len) 3087 { 3088 struct ts_session *sess = ts_get_current_session(); 3089 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 3090 struct tee_cryp_obj_secret *key1 = NULL; 3091 struct tee_cryp_state *cs = NULL; 3092 TEE_Result res = TEE_SUCCESS; 3093 struct tee_obj *o = NULL; 3094 void *iv_bbuf = NULL; 3095 3096 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3097 if (res != TEE_SUCCESS) 3098 return res; 3099 3100 if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_CIPHER) 3101 return TEE_ERROR_BAD_STATE; 3102 3103 res = tee_obj_get(utc, cs->key1, &o); 3104 if (res != TEE_SUCCESS) 3105 return res; 3106 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 3107 return TEE_ERROR_BAD_PARAMETERS; 3108 3109 key1 = o->attr; 3110 3111 res = bb_memdup_user(iv, iv_len, &iv_bbuf); 3112 if (res) 3113 return res; 3114 3115 if (tee_obj_get(utc, cs->key2, &o) == TEE_SUCCESS) { 3116 struct tee_cryp_obj_secret *key2 = o->attr; 3117 3118 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 3119 return TEE_ERROR_BAD_PARAMETERS; 3120 3121 res = crypto_cipher_init(cs->ctx, cs->mode, 3122 (uint8_t *)(key1 + 1), key1->key_size, 3123 (uint8_t *)(key2 + 1), key2->key_size, 3124 iv_bbuf, iv_len); 3125 } else { 3126 res = crypto_cipher_init(cs->ctx, cs->mode, 3127 (uint8_t *)(key1 + 1), key1->key_size, 3128 NULL, 0, iv_bbuf, iv_len); 3129 } 3130 if (res != TEE_SUCCESS) 3131 return res; 3132 3133 cs->ctx_finalize = crypto_cipher_final; 3134 cs->state = CRYP_STATE_INITIALIZED; 3135 3136 return TEE_SUCCESS; 3137 } 3138 3139 static TEE_Result tee_svc_cipher_update_helper(unsigned long state, 3140 bool last_block, const void *src, size_t src_len, 3141 void *dst, uint64_t *dst_len) 3142 { 3143 struct ts_session *sess = ts_get_current_session(); 3144 struct tee_cryp_state *cs = NULL; 3145 TEE_Result res = TEE_SUCCESS; 3146 size_t dlen = 0; 3147 3148 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3149 if (res != TEE_SUCCESS) 3150 return res; 3151 3152 if (cs->state != CRYP_STATE_INITIALIZED) 3153 return TEE_ERROR_BAD_STATE; 3154 3155 src = memtag_strip_tag_const(src); 3156 dst = memtag_strip_tag(dst); 3157 3158 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 3159 TEE_MEMORY_ACCESS_READ | 3160 TEE_MEMORY_ACCESS_ANY_OWNER, 3161 (uaddr_t)src, src_len); 3162 if (res != TEE_SUCCESS) 3163 return res; 3164 3165 if (!dst_len) { 3166 dlen = 0; 3167 } else { 3168 struct user_mode_ctx *uctx = &to_user_ta_ctx(sess->ctx)->uctx; 3169 uint32_t flags = TEE_MEMORY_ACCESS_READ | 3170 TEE_MEMORY_ACCESS_WRITE | 3171 TEE_MEMORY_ACCESS_ANY_OWNER; 3172 3173 res = get_user_u64_as_size_t(&dlen, dst_len); 3174 if (res != TEE_SUCCESS) 3175 return res; 3176 3177 res = vm_check_access_rights(uctx, flags, (uaddr_t)dst, dlen); 3178 if (res != TEE_SUCCESS) 3179 return res; 3180 } 3181 3182 if (dlen < src_len) { 3183 res = TEE_ERROR_SHORT_BUFFER; 3184 goto out; 3185 } 3186 3187 if (src_len > 0) { 3188 /* Permit src_len == 0 to finalize the operation */ 3189 res = tee_do_cipher_update(cs->ctx, cs->algo, cs->mode, 3190 last_block, src, src_len, dst); 3191 } 3192 3193 if (last_block && cs->ctx_finalize != NULL) { 3194 cs->ctx_finalize(cs->ctx); 3195 cs->ctx_finalize = NULL; 3196 } 3197 3198 out: 3199 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 3200 dst_len != NULL) { 3201 TEE_Result res2; 3202 3203 res2 = put_user_u64(dst_len, src_len); 3204 if (res2 != TEE_SUCCESS) 3205 res = res2; 3206 } 3207 3208 return res; 3209 } 3210 3211 TEE_Result syscall_cipher_update(unsigned long state, const void *src, 3212 size_t src_len, void *dst, uint64_t *dst_len) 3213 { 3214 return tee_svc_cipher_update_helper(state, false /* last_block */, 3215 src, src_len, dst, dst_len); 3216 } 3217 3218 TEE_Result syscall_cipher_final(unsigned long state, const void *src, 3219 size_t src_len, void *dst, uint64_t *dst_len) 3220 { 3221 return tee_svc_cipher_update_helper(state, true /* last_block */, 3222 src, src_len, dst, dst_len); 3223 } 3224 3225 #if defined(CFG_CRYPTO_HKDF) 3226 static TEE_Result get_hkdf_params(uint32_t algo, const TEE_Attribute *params, 3227 uint32_t param_count, 3228 void **salt, size_t *salt_len, void **info, 3229 size_t *info_len, size_t *okm_len, 3230 uint32_t *hash_id) 3231 { 3232 TEE_Result res = TEE_SUCCESS; 3233 size_t n; 3234 enum { SALT = 0x1, LENGTH = 0x2, INFO = 0x4, HASH = 0x8 }; 3235 uint8_t found = 0; 3236 3237 *salt = *info = NULL; 3238 *salt_len = *info_len = *okm_len = 0; 3239 3240 if (algo == TEE_ALG_HKDF) { 3241 *hash_id = TEE_ALG_SHA256; 3242 } else { 3243 *hash_id = TEE_ALG_GET_DIGEST_HASH(algo); 3244 found |= HASH; 3245 } 3246 3247 for (n = 0; n < param_count; n++) { 3248 const TEE_Attribute *p = ¶ms[n]; 3249 3250 switch (p->attributeID) { 3251 case __OPTEE_TEE_ATTR_HKDF_SALT: 3252 case TEE_ATTR_HKDF_SALT: 3253 if (!(found & SALT)) { 3254 *salt_len = p->content.ref.length; 3255 res = bb_memdup_user(p->content.ref.buffer, 3256 *salt_len, salt); 3257 if (res) 3258 return res; 3259 3260 found |= SALT; 3261 } 3262 break; 3263 case TEE_ATTR_KDF_KEY_SIZE: 3264 case TEE_ATTR_HKDF_OKM_LENGTH: 3265 if (!(found & LENGTH)) { 3266 *okm_len = p->content.value.a; 3267 found |= LENGTH; 3268 } 3269 break; 3270 case __OPTEE_ATTR_HKDF_INFO: 3271 case TEE_ATTR_HKDF_INFO: 3272 if (!(found & INFO)) { 3273 *info_len = p->content.ref.length; 3274 res = bb_memdup_user(p->content.ref.buffer, 3275 *info_len, info); 3276 if (res) 3277 return res; 3278 3279 found |= INFO; 3280 } 3281 break; 3282 case TEE_ATTR_HKDF_HASH_ALGORITHM: 3283 if (!(found & HASH)) { 3284 *hash_id = p->content.value.a; 3285 found |= HASH; 3286 } 3287 break; 3288 default: 3289 /* Unexpected attribute */ 3290 return TEE_ERROR_BAD_PARAMETERS; 3291 } 3292 3293 } 3294 3295 if (!(found & LENGTH)) 3296 return TEE_ERROR_BAD_PARAMETERS; 3297 3298 return TEE_SUCCESS; 3299 } 3300 #endif 3301 3302 #if defined(CFG_CRYPTO_CONCAT_KDF) 3303 static TEE_Result get_concat_kdf_params(const TEE_Attribute *params, 3304 uint32_t param_count, 3305 void **other_info, 3306 size_t *other_info_len, 3307 size_t *derived_key_len) 3308 { 3309 size_t n; 3310 enum { LENGTH = 0x1, INFO = 0x2 }; 3311 uint8_t found = 0; 3312 3313 *other_info = NULL; 3314 *other_info_len = *derived_key_len = 0; 3315 3316 for (n = 0; n < param_count; n++) { 3317 const TEE_Attribute *p = ¶ms[n]; 3318 3319 switch (p->attributeID) { 3320 case TEE_ATTR_CONCAT_KDF_OTHER_INFO: 3321 if (!(found & INFO)) { 3322 TEE_Result res = TEE_SUCCESS; 3323 3324 *other_info_len = p->content.ref.length; 3325 res = bb_memdup_user(p->content.ref.buffer, 3326 *other_info_len, 3327 other_info); 3328 if (res) 3329 return res; 3330 3331 found |= INFO; 3332 } 3333 break; 3334 case TEE_ATTR_CONCAT_KDF_DKM_LENGTH: 3335 if (!(found & LENGTH)) { 3336 *derived_key_len = p->content.value.a; 3337 found |= LENGTH; 3338 } 3339 break; 3340 default: 3341 /* Unexpected attribute */ 3342 return TEE_ERROR_BAD_PARAMETERS; 3343 } 3344 } 3345 3346 if (!(found & LENGTH)) 3347 return TEE_ERROR_BAD_PARAMETERS; 3348 3349 return TEE_SUCCESS; 3350 } 3351 #endif 3352 3353 #if defined(CFG_CRYPTO_PBKDF2) 3354 static TEE_Result get_pbkdf2_params(const TEE_Attribute *params, 3355 uint32_t param_count, void **salt, 3356 size_t *salt_len, size_t *derived_key_len, 3357 size_t *iteration_count) 3358 { 3359 size_t n; 3360 enum { SALT = 0x1, LENGTH = 0x2, COUNT = 0x4 }; 3361 uint8_t found = 0; 3362 3363 *salt = NULL; 3364 *salt_len = *derived_key_len = *iteration_count = 0; 3365 3366 for (n = 0; n < param_count; n++) { 3367 const TEE_Attribute *p = ¶ms[n]; 3368 3369 switch (p->attributeID) { 3370 case TEE_ATTR_PBKDF2_SALT: 3371 if (!(found & SALT)) { 3372 TEE_Result res = TEE_SUCCESS; 3373 3374 *salt_len = p->content.ref.length; 3375 res = bb_memdup_user(p->content.ref.buffer, 3376 *salt_len, salt); 3377 if (res) 3378 return res; 3379 3380 found |= SALT; 3381 } 3382 break; 3383 case TEE_ATTR_PBKDF2_DKM_LENGTH: 3384 if (!(found & LENGTH)) { 3385 *derived_key_len = p->content.value.a; 3386 found |= LENGTH; 3387 } 3388 break; 3389 case TEE_ATTR_PBKDF2_ITERATION_COUNT: 3390 if (!(found & COUNT)) { 3391 *iteration_count = p->content.value.a; 3392 found |= COUNT; 3393 } 3394 break; 3395 default: 3396 /* Unexpected attribute */ 3397 return TEE_ERROR_BAD_PARAMETERS; 3398 } 3399 } 3400 3401 if ((found & (LENGTH|COUNT)) != (LENGTH|COUNT)) 3402 return TEE_ERROR_BAD_PARAMETERS; 3403 3404 return TEE_SUCCESS; 3405 } 3406 #endif 3407 3408 #if defined(CFG_CRYPTO_SM2_KEP) 3409 static TEE_Result get_sm2_kep_params(const TEE_Attribute *params, 3410 uint32_t param_count, 3411 struct ecc_public_key *peer_key, 3412 struct ecc_public_key *peer_eph_key, 3413 struct sm2_kep_parms *kep_parms) 3414 { 3415 TEE_Result res = TEE_ERROR_GENERIC; 3416 size_t n; 3417 enum { 3418 IS_INITIATOR, 3419 PEER_KEY_X, 3420 PEER_KEY_Y, 3421 PEER_EPH_KEY_X, 3422 PEER_EPH_KEY_Y, 3423 INITIATOR_ID, 3424 RESPONDER_ID, 3425 }; 3426 uint8_t mandatory = BIT(IS_INITIATOR) | BIT(PEER_KEY_X) | 3427 BIT(PEER_KEY_Y) | BIT(PEER_EPH_KEY_X) | BIT(PEER_EPH_KEY_Y) | 3428 BIT(INITIATOR_ID) | BIT(RESPONDER_ID); 3429 uint8_t found = 0; 3430 3431 res = crypto_acipher_alloc_ecc_public_key(peer_key, 3432 TEE_TYPE_SM2_KEP_PUBLIC_KEY, 3433 256); 3434 if (res) 3435 return res; 3436 3437 res = crypto_acipher_alloc_ecc_public_key(peer_eph_key, 3438 TEE_TYPE_SM2_KEP_PUBLIC_KEY, 3439 256); 3440 if (res) 3441 goto out_p; 3442 3443 peer_key->curve = TEE_ECC_CURVE_SM2; 3444 peer_eph_key->curve = TEE_ECC_CURVE_SM2; 3445 3446 for (n = 0; n < param_count; n++) { 3447 const TEE_Attribute *p = ¶ms[n]; 3448 void *bbuf = NULL; 3449 3450 switch (p->attributeID) { 3451 case TEE_ATTR_SM2_KEP_USER: 3452 kep_parms->is_initiator = !p->content.value.a; 3453 found |= BIT(IS_INITIATOR); 3454 break; 3455 case TEE_ATTR_ECC_PUBLIC_VALUE_X: 3456 res = bb_memdup_user(p->content.ref.buffer, 3457 p->content.ref.length, 3458 &bbuf); 3459 if (res) 3460 return res; 3461 3462 crypto_bignum_bin2bn(bbuf, 3463 p->content.ref.length, 3464 peer_key->x); 3465 found |= BIT(PEER_KEY_X); 3466 bb_free(bbuf, p->content.ref.length); 3467 break; 3468 case TEE_ATTR_ECC_PUBLIC_VALUE_Y: 3469 res = bb_memdup_user(p->content.ref.buffer, 3470 p->content.ref.length, 3471 &bbuf); 3472 if (res) 3473 return res; 3474 3475 crypto_bignum_bin2bn(bbuf, 3476 p->content.ref.length, 3477 peer_key->y); 3478 found |= BIT(PEER_KEY_Y); 3479 bb_free(bbuf, p->content.ref.length); 3480 break; 3481 case __OPTEE_SM2_KEP_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X: 3482 case TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X: 3483 res = bb_memdup_user(p->content.ref.buffer, 3484 p->content.ref.length, 3485 &bbuf); 3486 if (res) 3487 return res; 3488 3489 crypto_bignum_bin2bn(bbuf, 3490 p->content.ref.length, 3491 peer_eph_key->x); 3492 found |= BIT(PEER_EPH_KEY_X); 3493 bb_free(bbuf, p->content.ref.length); 3494 break; 3495 case __OPTEE_SM2_KEP_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y: 3496 case TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y: 3497 res = bb_memdup_user(p->content.ref.buffer, 3498 p->content.ref.length, 3499 &bbuf); 3500 if (res) 3501 return res; 3502 3503 crypto_bignum_bin2bn(bbuf, 3504 p->content.ref.length, 3505 peer_eph_key->y); 3506 found |= BIT(PEER_EPH_KEY_Y); 3507 bb_free(bbuf, p->content.ref.length); 3508 break; 3509 case TEE_ATTR_SM2_ID_INITIATOR: 3510 res = bb_memdup_user(p->content.ref.buffer, 3511 p->content.ref.length, 3512 &bbuf); 3513 if (res) 3514 return res; 3515 3516 kep_parms->initiator_id = bbuf; 3517 kep_parms->initiator_id_len = p->content.ref.length; 3518 found |= BIT(INITIATOR_ID); 3519 break; 3520 case TEE_ATTR_SM2_ID_RESPONDER: 3521 res = bb_memdup_user(p->content.ref.buffer, 3522 p->content.ref.length, 3523 &bbuf); 3524 if (res) 3525 return res; 3526 3527 kep_parms->responder_id = bbuf; 3528 kep_parms->responder_id_len = p->content.ref.length; 3529 found |= BIT(RESPONDER_ID); 3530 break; 3531 case TEE_ATTR_SM2_KEP_CONFIRMATION_IN: 3532 res = bb_memdup_user(p->content.ref.buffer, 3533 p->content.ref.length, 3534 &bbuf); 3535 if (res) 3536 return res; 3537 3538 kep_parms->conf_in = bbuf; 3539 kep_parms->conf_in_len = p->content.ref.length; 3540 break; 3541 case TEE_ATTR_SM2_KEP_CONFIRMATION_OUT: 3542 res = bb_memdup_user(p->content.ref.buffer, 3543 p->content.ref.length, 3544 &bbuf); 3545 if (res) 3546 return res; 3547 3548 kep_parms->conf_out = bbuf; 3549 kep_parms->conf_out_len = p->content.ref.length; 3550 break; 3551 default: 3552 /* Unexpected attribute */ 3553 res = TEE_ERROR_BAD_PARAMETERS; 3554 goto out; 3555 } 3556 } 3557 3558 if ((found & mandatory) != mandatory) { 3559 res = TEE_ERROR_BAD_PARAMETERS; 3560 goto out; 3561 } 3562 3563 return TEE_SUCCESS; 3564 out: 3565 crypto_acipher_free_ecc_public_key(peer_eph_key); 3566 out_p: 3567 crypto_acipher_free_ecc_public_key(peer_key); 3568 return res; 3569 } 3570 #endif 3571 3572 TEE_Result syscall_cryp_derive_key(unsigned long state, 3573 const struct utee_attribute *usr_params, 3574 unsigned long param_count, unsigned long derived_key) 3575 { 3576 struct ts_session *sess = ts_get_current_session(); 3577 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 3578 TEE_Result res = TEE_ERROR_NOT_SUPPORTED; 3579 struct tee_obj *ko = NULL; 3580 struct tee_obj *so = NULL; 3581 struct tee_cryp_state *cs = NULL; 3582 struct tee_cryp_obj_secret *sk = NULL; 3583 const struct tee_cryp_obj_type_props *type_props = NULL; 3584 TEE_Attribute *params = NULL; 3585 size_t alloc_size = 0; 3586 3587 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3588 if (res != TEE_SUCCESS) 3589 return res; 3590 3591 if (MUL_OVERFLOW(sizeof(TEE_Attribute), param_count, &alloc_size)) 3592 return TEE_ERROR_OVERFLOW; 3593 3594 params = malloc(alloc_size); 3595 if (!params) 3596 return TEE_ERROR_OUT_OF_MEMORY; 3597 res = copy_in_attrs(utc, usr_params, param_count, params); 3598 if (res != TEE_SUCCESS) 3599 goto out; 3600 3601 /* Get key set in operation */ 3602 res = tee_obj_get(utc, cs->key1, &ko); 3603 if (res != TEE_SUCCESS) 3604 goto out; 3605 3606 res = tee_obj_get(utc, uref_to_vaddr(derived_key), &so); 3607 if (res != TEE_SUCCESS) 3608 goto out; 3609 3610 /* Find information needed about the object to initialize */ 3611 sk = so->attr; 3612 3613 /* Find description of object */ 3614 type_props = tee_svc_find_type_props(so->info.objectType); 3615 if (!type_props) { 3616 res = TEE_ERROR_NOT_SUPPORTED; 3617 goto out; 3618 } 3619 3620 if (cs->algo == TEE_ALG_DH_DERIVE_SHARED_SECRET) { 3621 struct bignum *pub = NULL; 3622 struct bignum *ss = NULL; 3623 size_t bin_size = 0; 3624 void *bbuf = NULL; 3625 3626 if (param_count != 1 || 3627 params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE) { 3628 res = TEE_ERROR_BAD_PARAMETERS; 3629 goto out; 3630 } 3631 3632 bin_size = params[0].content.ref.length; 3633 3634 if (MUL_OVERFLOW(bin_size, 8, &alloc_size)) { 3635 res = TEE_ERROR_OVERFLOW; 3636 goto out; 3637 } 3638 3639 res = bb_memdup_user(params[0].content.ref.buffer, bin_size, 3640 &bbuf); 3641 if (res) 3642 goto out; 3643 3644 pub = crypto_bignum_allocate(alloc_size); 3645 ss = crypto_bignum_allocate(alloc_size); 3646 if (pub && ss) { 3647 crypto_bignum_bin2bn(bbuf, bin_size, pub); 3648 res = crypto_acipher_dh_shared_secret(ko->attr, 3649 pub, ss); 3650 if (res == TEE_SUCCESS) { 3651 sk->key_size = crypto_bignum_num_bytes(ss); 3652 crypto_bignum_bn2bin(ss, (uint8_t *)(sk + 1)); 3653 so->info.handleFlags |= 3654 TEE_HANDLE_FLAG_INITIALIZED; 3655 set_attribute(so, type_props, 3656 TEE_ATTR_SECRET_VALUE); 3657 } 3658 } else { 3659 res = TEE_ERROR_OUT_OF_MEMORY; 3660 } 3661 crypto_bignum_free(&pub); 3662 crypto_bignum_free(&ss); 3663 } else if (cs->algo == TEE_ALG_ECDH_DERIVE_SHARED_SECRET) { 3664 uint32_t curve = ((struct ecc_keypair *)ko->attr)->curve; 3665 struct ecc_public_key key_public = { }; 3666 uint8_t *pt_secret = NULL; 3667 unsigned long pt_secret_len = 0; 3668 uint32_t key_type = TEE_TYPE_ECDH_PUBLIC_KEY; 3669 void *x_bbuf = NULL; 3670 void *y_bbuf = NULL; 3671 3672 if (param_count != 2 || 3673 params[0].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_X || 3674 params[1].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_Y) { 3675 res = TEE_ERROR_BAD_PARAMETERS; 3676 goto out; 3677 } 3678 3679 switch (curve) { 3680 case TEE_ECC_CURVE_NIST_P192: 3681 alloc_size = 192; 3682 break; 3683 case TEE_ECC_CURVE_NIST_P224: 3684 alloc_size = 224; 3685 break; 3686 case TEE_ECC_CURVE_NIST_P256: 3687 alloc_size = 256; 3688 break; 3689 case TEE_ECC_CURVE_NIST_P384: 3690 alloc_size = 384; 3691 break; 3692 case TEE_ECC_CURVE_NIST_P521: 3693 alloc_size = 521; 3694 break; 3695 default: 3696 res = TEE_ERROR_NOT_IMPLEMENTED; 3697 goto out; 3698 } 3699 3700 res = bb_memdup_user(params[0].content.ref.buffer, 3701 params[0].content.ref.length, 3702 &x_bbuf); 3703 if (res) 3704 goto out; 3705 3706 res = bb_memdup_user(params[1].content.ref.buffer, 3707 params[1].content.ref.length, 3708 &y_bbuf); 3709 if (res) 3710 goto out; 3711 3712 /* Create the public key */ 3713 res = crypto_acipher_alloc_ecc_public_key(&key_public, key_type, 3714 alloc_size); 3715 if (res != TEE_SUCCESS) 3716 goto out; 3717 key_public.curve = curve; 3718 crypto_bignum_bin2bn(x_bbuf, params[0].content.ref.length, 3719 key_public.x); 3720 crypto_bignum_bin2bn(y_bbuf, params[1].content.ref.length, 3721 key_public.y); 3722 3723 pt_secret = (uint8_t *)(sk + 1); 3724 pt_secret_len = sk->alloc_size; 3725 res = crypto_acipher_ecc_shared_secret(ko->attr, &key_public, 3726 pt_secret, 3727 &pt_secret_len); 3728 3729 if (res == TEE_SUCCESS) { 3730 sk->key_size = pt_secret_len; 3731 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3732 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3733 } 3734 3735 /* free the public key */ 3736 crypto_acipher_free_ecc_public_key(&key_public); 3737 } 3738 #if defined(CFG_CRYPTO_HKDF) 3739 else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_HKDF) { 3740 void *salt, *info; 3741 size_t salt_len, info_len, okm_len; 3742 uint32_t hash_id = 0; 3743 struct tee_cryp_obj_secret *ik = ko->attr; 3744 const uint8_t *ikm = (const uint8_t *)(ik + 1); 3745 3746 res = get_hkdf_params(cs->algo, params, param_count, &salt, 3747 &salt_len, &info, &info_len, &okm_len, 3748 &hash_id); 3749 if (res != TEE_SUCCESS) 3750 goto out; 3751 3752 /* Requested size must fit into the output object's buffer */ 3753 if (okm_len > ik->alloc_size) { 3754 res = TEE_ERROR_BAD_PARAMETERS; 3755 goto out; 3756 } 3757 3758 res = tee_cryp_hkdf(hash_id, ikm, ik->key_size, salt, salt_len, 3759 info, info_len, (uint8_t *)(sk + 1), 3760 okm_len); 3761 if (res == TEE_SUCCESS) { 3762 sk->key_size = okm_len; 3763 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3764 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3765 } 3766 } 3767 #endif 3768 #if defined(CFG_CRYPTO_CONCAT_KDF) 3769 else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_CONCAT_KDF) { 3770 void *info; 3771 size_t info_len, derived_key_len; 3772 uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); 3773 struct tee_cryp_obj_secret *ss = ko->attr; 3774 const uint8_t *shared_secret = (const uint8_t *)(ss + 1); 3775 3776 res = get_concat_kdf_params(params, param_count, &info, 3777 &info_len, &derived_key_len); 3778 if (res != TEE_SUCCESS) 3779 goto out; 3780 3781 /* Requested size must fit into the output object's buffer */ 3782 if (derived_key_len > ss->alloc_size) { 3783 res = TEE_ERROR_BAD_PARAMETERS; 3784 goto out; 3785 } 3786 3787 res = tee_cryp_concat_kdf(hash_id, shared_secret, ss->key_size, 3788 info, info_len, (uint8_t *)(sk + 1), 3789 derived_key_len); 3790 if (res == TEE_SUCCESS) { 3791 sk->key_size = derived_key_len; 3792 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3793 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3794 } 3795 } 3796 #endif 3797 #if defined(CFG_CRYPTO_PBKDF2) 3798 else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_PBKDF2) { 3799 void *salt; 3800 size_t salt_len, iteration_count, derived_key_len; 3801 uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); 3802 struct tee_cryp_obj_secret *ss = ko->attr; 3803 const uint8_t *password = (const uint8_t *)(ss + 1); 3804 3805 res = get_pbkdf2_params(params, param_count, &salt, &salt_len, 3806 &derived_key_len, &iteration_count); 3807 if (res != TEE_SUCCESS) 3808 goto out; 3809 3810 /* Requested size must fit into the output object's buffer */ 3811 if (derived_key_len > ss->alloc_size) { 3812 res = TEE_ERROR_BAD_PARAMETERS; 3813 goto out; 3814 } 3815 3816 res = tee_cryp_pbkdf2(hash_id, password, ss->key_size, salt, 3817 salt_len, iteration_count, 3818 (uint8_t *)(sk + 1), derived_key_len); 3819 if (res == TEE_SUCCESS) { 3820 sk->key_size = derived_key_len; 3821 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3822 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3823 } 3824 } 3825 #endif 3826 #if defined(CFG_CRYPTO_SM2_KEP) 3827 else if (cs->algo == TEE_ALG_SM2_KEP) { 3828 struct ecc_public_key peer_eph_key = { }; 3829 struct ecc_public_key peer_key = { }; 3830 struct sm2_kep_parms kep_parms = { 3831 .out = (uint8_t *)(sk + 1), 3832 .out_len = so->info.maxObjectSize, 3833 }; 3834 struct tee_obj *ko2 = NULL; 3835 3836 res = tee_obj_get(utc, cs->key2, &ko2); 3837 if (res != TEE_SUCCESS) 3838 goto out; 3839 3840 res = get_sm2_kep_params(params, param_count, &peer_key, 3841 &peer_eph_key, &kep_parms); 3842 if (res != TEE_SUCCESS) 3843 goto out; 3844 3845 /* 3846 * key1 is our private keypair, key2 is our ephemeral public key 3847 */ 3848 res = crypto_acipher_sm2_kep_derive(ko->attr, /* key1 */ 3849 ko2->attr, /* key2 */ 3850 &peer_key, &peer_eph_key, 3851 &kep_parms); 3852 3853 if (res == TEE_SUCCESS) { 3854 sk->key_size = kep_parms.out_len; 3855 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3856 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3857 } 3858 crypto_acipher_free_ecc_public_key(&peer_key); 3859 crypto_acipher_free_ecc_public_key(&peer_eph_key); 3860 } 3861 #endif 3862 #if defined(CFG_CRYPTO_X25519) 3863 else if (cs->algo == TEE_ALG_X25519) { 3864 uint8_t *x25519_pub_key = NULL; 3865 uint8_t *pt_secret = NULL; 3866 unsigned long pt_secret_len = 0; 3867 void *bbuf = NULL; 3868 3869 if (param_count != 1 || 3870 params[0].attributeID != TEE_ATTR_X25519_PUBLIC_VALUE) { 3871 res = TEE_ERROR_BAD_PARAMETERS; 3872 goto out; 3873 } 3874 3875 /* X25519 public key size is 32 bytes */ 3876 if (params[0].content.ref.length != KEY_SIZE_BYTES_25519) { 3877 res = TEE_ERROR_BAD_PARAMETERS; 3878 goto out; 3879 } 3880 3881 res = bb_memdup_user(params[0].content.ref.buffer, 3882 params[0].content.ref.length, 3883 &bbuf); 3884 if (res) 3885 goto out; 3886 3887 /* Set the public key */ 3888 x25519_pub_key = bbuf; 3889 3890 pt_secret = (uint8_t *)(sk + 1); 3891 pt_secret_len = sk->alloc_size; 3892 res = crypto_acipher_x25519_shared_secret(ko->attr, 3893 x25519_pub_key, 3894 pt_secret, 3895 &pt_secret_len); 3896 3897 if (res == TEE_SUCCESS) { 3898 sk->key_size = pt_secret_len; 3899 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 3900 set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); 3901 } 3902 } 3903 #endif 3904 else 3905 res = TEE_ERROR_NOT_SUPPORTED; 3906 3907 out: 3908 free_wipe(params); 3909 return res; 3910 } 3911 3912 TEE_Result syscall_cryp_random_number_generate(void *buf, size_t blen) 3913 { 3914 TEE_Result res = TEE_SUCCESS; 3915 void *bbuf = NULL; 3916 3917 bbuf = bb_alloc(blen); 3918 if (!bbuf) 3919 return TEE_ERROR_OUT_OF_MEMORY; 3920 3921 res = crypto_rng_read(bbuf, blen); 3922 if (res != TEE_SUCCESS) 3923 return res; 3924 3925 res = copy_to_user(buf, bbuf, blen); 3926 return res; 3927 } 3928 3929 TEE_Result syscall_authenc_init(unsigned long state, const void *nonce, 3930 size_t nonce_len, size_t tag_len, 3931 size_t aad_len, size_t payload_len) 3932 { 3933 struct ts_session *sess = ts_get_current_session(); 3934 struct tee_cryp_obj_secret *key = NULL; 3935 struct tee_cryp_state *cs = NULL; 3936 TEE_Result res = TEE_SUCCESS; 3937 struct tee_obj *o = NULL; 3938 void *nonce_bbuf = NULL; 3939 3940 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3941 if (res != TEE_SUCCESS) 3942 return res; 3943 3944 res = tee_obj_get(to_user_ta_ctx(sess->ctx), cs->key1, &o); 3945 if (res != TEE_SUCCESS) 3946 return res; 3947 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 3948 return TEE_ERROR_BAD_PARAMETERS; 3949 3950 key = o->attr; 3951 3952 res = bb_memdup_user(nonce, nonce_len, &nonce_bbuf); 3953 if (res) 3954 return res; 3955 3956 res = crypto_authenc_init(cs->ctx, cs->mode, (uint8_t *)(key + 1), 3957 key->key_size, nonce_bbuf, nonce_len, tag_len, 3958 aad_len, payload_len); 3959 if (res != TEE_SUCCESS) 3960 return res; 3961 3962 cs->ctx_finalize = crypto_authenc_final; 3963 cs->state = CRYP_STATE_INITIALIZED; 3964 3965 return TEE_SUCCESS; 3966 } 3967 3968 TEE_Result syscall_authenc_update_aad(unsigned long state, 3969 const void *aad_data, size_t aad_data_len) 3970 { 3971 struct ts_session *sess = ts_get_current_session(); 3972 TEE_Result res = TEE_SUCCESS; 3973 struct tee_cryp_state *cs = NULL; 3974 3975 aad_data = memtag_strip_tag_const(aad_data); 3976 3977 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 3978 TEE_MEMORY_ACCESS_READ | 3979 TEE_MEMORY_ACCESS_ANY_OWNER, 3980 (uaddr_t)aad_data, aad_data_len); 3981 if (res != TEE_SUCCESS) 3982 return res; 3983 3984 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 3985 if (res != TEE_SUCCESS) 3986 return res; 3987 3988 if (cs->state != CRYP_STATE_INITIALIZED) 3989 return TEE_ERROR_BAD_STATE; 3990 3991 if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_AE) 3992 return TEE_ERROR_BAD_STATE; 3993 3994 res = crypto_authenc_update_aad(cs->ctx, cs->mode, aad_data, 3995 aad_data_len); 3996 if (res != TEE_SUCCESS) 3997 return res; 3998 3999 return TEE_SUCCESS; 4000 } 4001 4002 TEE_Result syscall_authenc_update_payload(unsigned long state, 4003 const void *src_data, 4004 size_t src_len, void *dst_data, 4005 uint64_t *dst_len) 4006 { 4007 struct ts_session *sess = ts_get_current_session(); 4008 struct tee_cryp_state *cs = NULL; 4009 TEE_Result res = TEE_SUCCESS; 4010 size_t dlen = 0; 4011 4012 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 4013 if (res != TEE_SUCCESS) 4014 return res; 4015 4016 if (cs->state != CRYP_STATE_INITIALIZED) 4017 return TEE_ERROR_BAD_STATE; 4018 4019 if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_AE) 4020 return TEE_ERROR_BAD_STATE; 4021 4022 src_data = memtag_strip_tag_const(src_data); 4023 dst_data = memtag_strip_tag(dst_data); 4024 4025 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 4026 TEE_MEMORY_ACCESS_READ | 4027 TEE_MEMORY_ACCESS_ANY_OWNER, 4028 (uaddr_t)src_data, src_len); 4029 if (res != TEE_SUCCESS) 4030 return res; 4031 4032 res = get_user_u64_as_size_t(&dlen, dst_len); 4033 if (res != TEE_SUCCESS) 4034 return res; 4035 4036 res = vm_check_access_rights(&to_user_ta_ctx(sess->ctx)->uctx, 4037 TEE_MEMORY_ACCESS_READ | 4038 TEE_MEMORY_ACCESS_WRITE | 4039 TEE_MEMORY_ACCESS_ANY_OWNER, 4040 (uaddr_t)dst_data, dlen); 4041 if (res != TEE_SUCCESS) 4042 return res; 4043 4044 if (dlen < src_len) { 4045 res = TEE_ERROR_SHORT_BUFFER; 4046 goto out; 4047 } 4048 4049 res = crypto_authenc_update_payload(cs->ctx, cs->mode, src_data, 4050 src_len, dst_data, &dlen); 4051 out: 4052 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 4053 TEE_Result res2 = put_user_u64(dst_len, dlen); 4054 4055 if (res2 != TEE_SUCCESS) 4056 res = res2; 4057 } 4058 4059 return res; 4060 } 4061 4062 TEE_Result syscall_authenc_enc_final(unsigned long state, const void *src_data, 4063 size_t src_len, void *dst_data, 4064 uint64_t *dst_len, void *tag, 4065 uint64_t *tag_len) 4066 { 4067 struct ts_session *sess = ts_get_current_session(); 4068 struct user_mode_ctx *uctx = &to_user_ta_ctx(sess->ctx)->uctx; 4069 struct tee_cryp_state *cs = NULL; 4070 TEE_Result res = TEE_SUCCESS; 4071 size_t dlen = 0; 4072 size_t tlen = 0; 4073 4074 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 4075 if (res != TEE_SUCCESS) 4076 return res; 4077 4078 if (cs->state != CRYP_STATE_INITIALIZED) 4079 return TEE_ERROR_BAD_STATE; 4080 4081 if (cs->mode != TEE_MODE_ENCRYPT) 4082 return TEE_ERROR_BAD_PARAMETERS; 4083 4084 if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_AE) 4085 return TEE_ERROR_BAD_STATE; 4086 4087 src_data = memtag_strip_tag_const(src_data); 4088 dst_data = memtag_strip_tag(dst_data); 4089 tag = memtag_strip_tag(tag); 4090 4091 res = vm_check_access_rights(uctx, 4092 TEE_MEMORY_ACCESS_READ | 4093 TEE_MEMORY_ACCESS_ANY_OWNER, 4094 (uaddr_t)src_data, src_len); 4095 if (res != TEE_SUCCESS) 4096 return res; 4097 4098 if (!dst_len) { 4099 dlen = 0; 4100 } else { 4101 res = get_user_u64_as_size_t(&dlen, dst_len); 4102 if (res != TEE_SUCCESS) 4103 return res; 4104 4105 res = vm_check_access_rights(uctx, 4106 TEE_MEMORY_ACCESS_READ | 4107 TEE_MEMORY_ACCESS_WRITE | 4108 TEE_MEMORY_ACCESS_ANY_OWNER, 4109 (uaddr_t)dst_data, dlen); 4110 if (res != TEE_SUCCESS) 4111 return res; 4112 } 4113 4114 if (dlen < src_len) { 4115 res = TEE_ERROR_SHORT_BUFFER; 4116 goto out; 4117 } 4118 4119 res = get_user_u64_as_size_t(&tlen, tag_len); 4120 if (res != TEE_SUCCESS) 4121 return res; 4122 4123 res = vm_check_access_rights(uctx, 4124 TEE_MEMORY_ACCESS_READ | 4125 TEE_MEMORY_ACCESS_WRITE | 4126 TEE_MEMORY_ACCESS_ANY_OWNER, 4127 (uaddr_t)tag, tlen); 4128 if (res != TEE_SUCCESS) 4129 return res; 4130 4131 res = crypto_authenc_enc_final(cs->ctx, src_data, src_len, dst_data, 4132 &dlen, tag, &tlen); 4133 4134 out: 4135 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 4136 TEE_Result res2 = TEE_SUCCESS; 4137 4138 if (dst_len != NULL) { 4139 res2 = put_user_u64(dst_len, dlen); 4140 if (res2 != TEE_SUCCESS) 4141 return res2; 4142 } 4143 4144 res2 = put_user_u64(tag_len, tlen); 4145 if (res2 != TEE_SUCCESS) 4146 return res2; 4147 } 4148 4149 return res; 4150 } 4151 4152 TEE_Result syscall_authenc_dec_final(unsigned long state, 4153 const void *src_data, size_t src_len, void *dst_data, 4154 uint64_t *dst_len, const void *tag, size_t tag_len) 4155 { 4156 struct ts_session *sess = ts_get_current_session(); 4157 struct user_mode_ctx *uctx = &to_user_ta_ctx(sess->ctx)->uctx; 4158 struct tee_cryp_state *cs = NULL; 4159 TEE_Result res = TEE_SUCCESS; 4160 size_t dlen = 0; 4161 4162 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 4163 if (res != TEE_SUCCESS) 4164 return res; 4165 4166 if (cs->state != CRYP_STATE_INITIALIZED) 4167 return TEE_ERROR_BAD_STATE; 4168 4169 if (cs->mode != TEE_MODE_DECRYPT) 4170 return TEE_ERROR_BAD_PARAMETERS; 4171 4172 if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_AE) 4173 return TEE_ERROR_BAD_STATE; 4174 4175 src_data = memtag_strip_tag_const(src_data); 4176 dst_data = memtag_strip_tag(dst_data); 4177 tag = memtag_strip_tag_const(tag); 4178 4179 res = vm_check_access_rights(uctx, 4180 TEE_MEMORY_ACCESS_READ | 4181 TEE_MEMORY_ACCESS_ANY_OWNER, 4182 (uaddr_t)src_data, src_len); 4183 if (res != TEE_SUCCESS) 4184 return res; 4185 4186 if (!dst_len) { 4187 dlen = 0; 4188 } else { 4189 res = get_user_u64_as_size_t(&dlen, dst_len); 4190 if (res != TEE_SUCCESS) 4191 return res; 4192 4193 res = vm_check_access_rights(uctx, 4194 TEE_MEMORY_ACCESS_READ | 4195 TEE_MEMORY_ACCESS_WRITE | 4196 TEE_MEMORY_ACCESS_ANY_OWNER, 4197 (uaddr_t)dst_data, dlen); 4198 if (res != TEE_SUCCESS) 4199 return res; 4200 } 4201 4202 if (dlen < src_len) { 4203 res = TEE_ERROR_SHORT_BUFFER; 4204 goto out; 4205 } 4206 4207 /* Despite TEE Internal Core API up to v1.3, tag is [inbuf], not [in] */ 4208 res = vm_check_access_rights(uctx, 4209 TEE_MEMORY_ACCESS_READ | 4210 TEE_MEMORY_ACCESS_ANY_OWNER, 4211 (uaddr_t)tag, tag_len); 4212 if (res != TEE_SUCCESS) 4213 return res; 4214 4215 res = crypto_authenc_dec_final(cs->ctx, src_data, src_len, dst_data, 4216 &dlen, tag, tag_len); 4217 4218 out: 4219 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 4220 dst_len != NULL) { 4221 TEE_Result res2 = put_user_u64(dst_len, dlen); 4222 4223 if (res2 != TEE_SUCCESS) 4224 return res2; 4225 } 4226 4227 return res; 4228 } 4229 4230 static int pkcs1_get_salt_len(const TEE_Attribute *params, uint32_t num_params, 4231 size_t default_len) 4232 { 4233 size_t n; 4234 4235 assert(default_len < INT_MAX); 4236 4237 for (n = 0; n < num_params; n++) { 4238 if (params[n].attributeID == TEE_ATTR_RSA_PSS_SALT_LENGTH) { 4239 if (params[n].content.value.a < INT_MAX) 4240 return params[n].content.value.a; 4241 break; 4242 } 4243 } 4244 /* 4245 * If salt length isn't provided use the default value which is 4246 * the length of the digest. 4247 */ 4248 return default_len; 4249 } 4250 4251 TEE_Result syscall_asymm_operate(unsigned long state, 4252 const struct utee_attribute *usr_params, 4253 size_t num_params, const void *src_data, size_t src_len, 4254 void *dst_data, uint64_t *dst_len) 4255 { 4256 struct ts_session *sess = ts_get_current_session(); 4257 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 4258 TEE_Result res = TEE_SUCCESS; 4259 struct tee_cryp_state *cs = NULL; 4260 size_t dlen = 0; 4261 struct tee_obj *o = NULL; 4262 void *label = NULL; 4263 size_t label_len = 0; 4264 size_t n = 0; 4265 int salt_len = 0; 4266 TEE_Attribute *params = NULL; 4267 size_t alloc_size = 0; 4268 4269 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 4270 if (res != TEE_SUCCESS) 4271 return res; 4272 4273 src_data = memtag_strip_tag_const(src_data); 4274 dst_data = memtag_strip_tag(dst_data); 4275 4276 res = vm_check_access_rights(&utc->uctx, 4277 TEE_MEMORY_ACCESS_READ | 4278 TEE_MEMORY_ACCESS_ANY_OWNER, 4279 (uaddr_t)src_data, src_len); 4280 if (res != TEE_SUCCESS) 4281 return res; 4282 4283 res = get_user_u64_as_size_t(&dlen, dst_len); 4284 if (res != TEE_SUCCESS) 4285 return res; 4286 4287 res = vm_check_access_rights(&utc->uctx, 4288 TEE_MEMORY_ACCESS_READ | 4289 TEE_MEMORY_ACCESS_WRITE | 4290 TEE_MEMORY_ACCESS_ANY_OWNER, 4291 (uaddr_t)dst_data, dlen); 4292 if (res != TEE_SUCCESS) 4293 return res; 4294 4295 if (MUL_OVERFLOW(sizeof(TEE_Attribute), num_params, &alloc_size)) 4296 return TEE_ERROR_OVERFLOW; 4297 4298 params = malloc(alloc_size); 4299 if (!params) 4300 return TEE_ERROR_OUT_OF_MEMORY; 4301 res = copy_in_attrs(utc, usr_params, num_params, params); 4302 if (res != TEE_SUCCESS) 4303 goto out; 4304 4305 res = tee_obj_get(utc, cs->key1, &o); 4306 if (res != TEE_SUCCESS) 4307 goto out; 4308 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 4309 res = TEE_ERROR_GENERIC; 4310 goto out; 4311 } 4312 4313 switch (cs->algo) { 4314 case TEE_ALG_RSA_NOPAD: 4315 if (cs->mode == TEE_MODE_ENCRYPT) { 4316 res = crypto_acipher_rsanopad_encrypt(o->attr, src_data, 4317 src_len, dst_data, 4318 &dlen); 4319 } else if (cs->mode == TEE_MODE_DECRYPT) { 4320 res = crypto_acipher_rsanopad_decrypt(o->attr, src_data, 4321 src_len, dst_data, 4322 &dlen); 4323 } else { 4324 /* 4325 * We will panic because "the mode is not compatible 4326 * with the function" 4327 */ 4328 res = TEE_ERROR_GENERIC; 4329 } 4330 break; 4331 4332 case TEE_ALG_SM2_PKE: 4333 if (cs->mode == TEE_MODE_ENCRYPT) { 4334 res = crypto_acipher_sm2_pke_encrypt(o->attr, src_data, 4335 src_len, dst_data, 4336 &dlen); 4337 } else if (cs->mode == TEE_MODE_DECRYPT) { 4338 res = crypto_acipher_sm2_pke_decrypt(o->attr, src_data, 4339 src_len, dst_data, 4340 &dlen); 4341 } else { 4342 res = TEE_ERROR_GENERIC; 4343 } 4344 break; 4345 4346 case TEE_ALG_RSAES_PKCS1_V1_5: 4347 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5: 4348 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 4349 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 4350 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 4351 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 4352 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 4353 for (n = 0; n < num_params; n++) { 4354 if (params[n].attributeID == TEE_ATTR_RSA_OAEP_LABEL) { 4355 label = params[n].content.ref.buffer; 4356 label_len = params[n].content.ref.length; 4357 break; 4358 } 4359 /* 4360 * If the optional TEE_ATTR_RSA_OAEP_MGF_HASH is 4361 * provided for algorithm 4362 * TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x it must match 4363 * the internal hash x since we don't support using 4364 * a different hash for MGF1 yet. 4365 */ 4366 if (cs->algo != TEE_ALG_RSAES_PKCS1_V1_5 && 4367 params[n].attributeID == 4368 TEE_ATTR_RSA_OAEP_MGF_HASH) { 4369 uint32_t hash = 0; 4370 void *buf = params[n].content.ref.buffer; 4371 4372 if (params[n].content.ref.length != 4373 sizeof(hash)) { 4374 res = TEE_ERROR_BAD_PARAMETERS; 4375 goto out; 4376 } 4377 4378 res = copy_from_user(&hash, buf, sizeof(hash)); 4379 if (res) 4380 goto out; 4381 4382 if (hash != 4383 TEE_INTERNAL_HASH_TO_ALGO(cs->algo)) { 4384 res = TEE_ERROR_NOT_SUPPORTED; 4385 goto out; 4386 } 4387 } 4388 } 4389 4390 if (cs->mode == TEE_MODE_ENCRYPT) { 4391 res = crypto_acipher_rsaes_encrypt(cs->algo, o->attr, 4392 label, label_len, 4393 src_data, src_len, 4394 dst_data, &dlen); 4395 } else if (cs->mode == TEE_MODE_DECRYPT) { 4396 res = crypto_acipher_rsaes_decrypt( 4397 cs->algo, o->attr, label, label_len, 4398 src_data, src_len, dst_data, &dlen); 4399 } else { 4400 res = TEE_ERROR_BAD_PARAMETERS; 4401 } 4402 break; 4403 4404 #if defined(CFG_CRYPTO_RSASSA_NA1) 4405 case TEE_ALG_RSASSA_PKCS1_V1_5: 4406 #endif 4407 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 4408 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 4409 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 4410 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 4411 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 4412 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 4413 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5: 4414 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 4415 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 4416 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 4417 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 4418 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 4419 if (cs->mode != TEE_MODE_SIGN) { 4420 res = TEE_ERROR_BAD_PARAMETERS; 4421 break; 4422 } 4423 salt_len = pkcs1_get_salt_len(params, num_params, src_len); 4424 res = crypto_acipher_rsassa_sign(cs->algo, o->attr, salt_len, 4425 src_data, src_len, dst_data, 4426 &dlen); 4427 break; 4428 4429 case TEE_ALG_DSA_SHA1: 4430 case TEE_ALG_DSA_SHA224: 4431 case TEE_ALG_DSA_SHA256: 4432 res = crypto_acipher_dsa_sign(cs->algo, o->attr, src_data, 4433 src_len, dst_data, &dlen); 4434 break; 4435 4436 case TEE_ALG_ED25519: 4437 res = tee_svc_obj_ed25519_sign(o->attr, src_data, src_len, 4438 dst_data, &dlen, params, 4439 num_params); 4440 break; 4441 4442 case TEE_ALG_ECDSA_SHA1: 4443 case TEE_ALG_ECDSA_SHA224: 4444 case TEE_ALG_ECDSA_SHA256: 4445 case TEE_ALG_ECDSA_SHA384: 4446 case TEE_ALG_ECDSA_SHA512: 4447 case TEE_ALG_SM2_DSA_SM3: 4448 res = crypto_acipher_ecc_sign(cs->algo, o->attr, src_data, 4449 src_len, dst_data, &dlen); 4450 break; 4451 default: 4452 res = TEE_ERROR_BAD_PARAMETERS; 4453 break; 4454 } 4455 4456 out: 4457 free_wipe(params); 4458 4459 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 4460 TEE_Result res2 = put_user_u64(dst_len, dlen); 4461 4462 if (res2 != TEE_SUCCESS) 4463 return res2; 4464 } 4465 4466 return res; 4467 } 4468 4469 TEE_Result syscall_asymm_verify(unsigned long state, 4470 const struct utee_attribute *usr_params, 4471 size_t num_params, const void *data, size_t data_len, 4472 const void *sig, size_t sig_len) 4473 { 4474 struct ts_session *sess = ts_get_current_session(); 4475 struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); 4476 struct tee_cryp_state *cs = NULL; 4477 TEE_Result res = TEE_SUCCESS; 4478 TEE_Attribute *params = NULL; 4479 struct tee_obj *o = NULL; 4480 size_t hash_size = 0; 4481 uint32_t hash_algo = 0; 4482 int salt_len = 0; 4483 size_t alloc_size = 0; 4484 4485 res = tee_svc_cryp_get_state(sess, uref_to_vaddr(state), &cs); 4486 if (res != TEE_SUCCESS) 4487 return res; 4488 4489 if (cs->mode != TEE_MODE_VERIFY) 4490 return TEE_ERROR_BAD_PARAMETERS; 4491 4492 data = memtag_strip_tag_const(data); 4493 sig = memtag_strip_tag_const(sig); 4494 4495 res = vm_check_access_rights(&utc->uctx, 4496 TEE_MEMORY_ACCESS_READ | 4497 TEE_MEMORY_ACCESS_ANY_OWNER, 4498 (uaddr_t)data, data_len); 4499 if (res != TEE_SUCCESS) 4500 return res; 4501 4502 res = vm_check_access_rights(&utc->uctx, 4503 TEE_MEMORY_ACCESS_READ | 4504 TEE_MEMORY_ACCESS_ANY_OWNER, 4505 (uaddr_t)sig, sig_len); 4506 if (res != TEE_SUCCESS) 4507 return res; 4508 4509 if (MUL_OVERFLOW(sizeof(TEE_Attribute), num_params, &alloc_size)) 4510 return TEE_ERROR_OVERFLOW; 4511 4512 params = malloc(alloc_size); 4513 if (!params) 4514 return TEE_ERROR_OUT_OF_MEMORY; 4515 res = copy_in_attrs(utc, usr_params, num_params, params); 4516 if (res != TEE_SUCCESS) 4517 goto out; 4518 4519 res = tee_obj_get(utc, cs->key1, &o); 4520 if (res != TEE_SUCCESS) 4521 goto out; 4522 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 4523 res = TEE_ERROR_BAD_PARAMETERS; 4524 goto out; 4525 } 4526 4527 switch (TEE_ALG_GET_MAIN_ALG(cs->algo)) { 4528 case TEE_MAIN_ALGO_RSA: 4529 if (cs->algo != TEE_ALG_RSASSA_PKCS1_V1_5) { 4530 hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); 4531 res = tee_alg_get_digest_size(hash_algo, &hash_size); 4532 if (res != TEE_SUCCESS) 4533 break; 4534 if (data_len != hash_size) { 4535 res = TEE_ERROR_BAD_PARAMETERS; 4536 break; 4537 } 4538 salt_len = pkcs1_get_salt_len(params, num_params, 4539 hash_size); 4540 } 4541 res = crypto_acipher_rsassa_verify(cs->algo, o->attr, salt_len, 4542 data, data_len, sig, 4543 sig_len); 4544 break; 4545 4546 case TEE_MAIN_ALGO_DSA: 4547 hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); 4548 res = tee_alg_get_digest_size(hash_algo, &hash_size); 4549 if (res != TEE_SUCCESS) 4550 break; 4551 4552 if (data_len != hash_size) { 4553 struct dsa_public_key *key = o->attr; 4554 4555 /* 4556 * Depending on the DSA algorithm (NIST), the 4557 * digital signature output size may be truncated 4558 * to the size of a key pair (Q prime size). Q 4559 * prime size must be less or equal than the hash 4560 * output length of the hash algorithm involved. 4561 * 4562 * We're checking here in order to be able to 4563 * return this particular error code, which will 4564 * cause TEE_AsymmetricVerifyDigest() to panic as 4565 * required by GP. crypto_acipher_dsa_verify() is 4566 * implemented in the glue layer of the crypto 4567 * library and it might be a bit harder to catch 4568 * this particular case there or lead to duplicated 4569 * code in different crypto glue layers. 4570 * 4571 * The GP spec says that we SHOULD panic if 4572 * data_len != hash_size, but that would break a 4573 * few of the DSA tests in xtest where the 4574 * hash_size is larger than possible data_len. So 4575 * the compromise is in case data_len != hash_size 4576 * check that it's not smaller than what makes 4577 * sense. 4578 */ 4579 if (data_len != crypto_bignum_num_bytes(key->q)) { 4580 res = TEE_ERROR_BAD_PARAMETERS; 4581 break; 4582 } 4583 } 4584 res = crypto_acipher_dsa_verify(cs->algo, o->attr, data, 4585 data_len, sig, sig_len); 4586 break; 4587 4588 case TEE_MAIN_ALGO_ED25519: 4589 res = tee_svc_obj_ed25519_verify(o->attr, data, 4590 data_len, sig, sig_len, 4591 params, num_params); 4592 break; 4593 4594 case TEE_MAIN_ALGO_ECDSA: 4595 case TEE_MAIN_ALGO_SM2_DSA_SM3: 4596 res = crypto_acipher_ecc_verify(cs->algo, o->attr, data, 4597 data_len, sig, sig_len); 4598 break; 4599 4600 default: 4601 res = TEE_ERROR_NOT_SUPPORTED; 4602 } 4603 4604 out: 4605 free_wipe(params); 4606 return res; 4607 } 4608