1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <tee_api_types.h> 28 #include <kernel/tee_ta_manager.h> 29 #include <utee_defines.h> 30 #include <mm/tee_mmu.h> 31 #include <tee/tee_svc.h> 32 #include <tee/tee_svc_cryp.h> 33 #include <tee/tee_cryp_utl.h> 34 #include <sys/queue.h> 35 #include <tee/tee_obj.h> 36 #include <tee/tee_cryp_provider.h> 37 #include <trace.h> 38 #include <string_ext.h> 39 40 /* Set an attribute on an object */ 41 #define SET_ATTRIBUTE(_object, _props, _attr) \ 42 ((_object)->have_attrs |= \ 43 (1 << (tee_svc_cryp_obj_find_type_attr_idx((_attr), (_props))))) 44 45 /* Get an attribute on an object */ 46 #define GET_ATTRIBUTE(_object, _props, _attr) \ 47 ((_object)->have_attrs & \ 48 (1 << (tee_svc_cryp_obj_find_type_attr_idx((_attr), (_props))))) 49 50 #define TEE_USAGE_DEFAULT 0xffffffff 51 #define TEE_ATTR_BIT_PROTECTED (1 << 28) 52 53 typedef void (*tee_cryp_ctx_finalize_func_t) (void *ctx, uint32_t algo); 54 struct tee_cryp_state { 55 TAILQ_ENTRY(tee_cryp_state) link; 56 uint32_t algo; 57 uint32_t mode; 58 uint32_t key1; 59 uint32_t key2; 60 size_t ctx_size; 61 void *ctx; 62 tee_cryp_ctx_finalize_func_t ctx_finalize; 63 }; 64 65 struct tee_cryp_obj_secret { 66 uint32_t key_size; 67 68 /* 69 * Pseudo code visualize layout of structure 70 * Next follows data, such as: 71 * uint8_t data[key_size] 72 * key_size must never exceed 73 * (obj->data_size - sizeof(struct tee_cryp_obj_secret)). 74 */ 75 }; 76 77 #define TEE_TYPE_ATTR_OPTIONAL 0x0 78 #define TEE_TYPE_ATTR_REQUIRED 0x1 79 #define TEE_TYPE_ATTR_OPTIONAL_GROUP 0x2 80 #define TEE_TYPE_ATTR_SIZE_INDICATOR 0x4 81 #define TEE_TYPE_ATTR_GEN_KEY_OPT 0x8 82 #define TEE_TYPE_ATTR_GEN_KEY_REQ 0x10 83 84 #define TEE_TYPE_CONV_FUNC_NONE 0 85 /* Handle storing of generic secret keys of varying lengths */ 86 #define TEE_TYPE_CONV_FUNC_SECRET 1 87 /* Convert to/from big-endian byte array and provider-specific bignum */ 88 #define TEE_TYPE_CONV_FUNC_BIGNUM 2 89 /* Convert to/from value attribute depending on direction */ 90 #define TEE_TYPE_CONV_FUNC_VALUE 4 91 92 struct tee_cryp_obj_type_attrs { 93 uint32_t attr_id; 94 uint16_t flags; 95 uint16_t conv_func; 96 uint16_t raw_offs; 97 uint16_t raw_size; 98 }; 99 100 #define RAW_DATA(_x, _y) \ 101 .raw_offs = offsetof(_x, _y), .raw_size = TEE_MEMBER_SIZE(_x, _y) 102 103 static const struct tee_cryp_obj_type_attrs 104 tee_cryp_obj_secret_value_attrs[] = { 105 { 106 .attr_id = TEE_ATTR_SECRET_VALUE, 107 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 108 .conv_func = TEE_TYPE_CONV_FUNC_SECRET, 109 .raw_offs = 0, 110 .raw_size = 0 111 }, 112 }; 113 114 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_pub_key_attrs[] = { 115 { 116 .attr_id = TEE_ATTR_RSA_MODULUS, 117 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 118 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 119 RAW_DATA(struct rsa_public_key, n) 120 }, 121 122 { 123 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 124 .flags = TEE_TYPE_ATTR_REQUIRED, 125 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 126 RAW_DATA(struct rsa_public_key, e) 127 }, 128 }; 129 130 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_rsa_keypair_attrs[] = { 131 { 132 .attr_id = TEE_ATTR_RSA_MODULUS, 133 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 134 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 135 RAW_DATA(struct rsa_keypair, n) 136 }, 137 138 { 139 .attr_id = TEE_ATTR_RSA_PUBLIC_EXPONENT, 140 .flags = TEE_TYPE_ATTR_REQUIRED, 141 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 142 RAW_DATA(struct rsa_keypair, e) 143 }, 144 145 { 146 .attr_id = TEE_ATTR_RSA_PRIVATE_EXPONENT, 147 .flags = TEE_TYPE_ATTR_REQUIRED, 148 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 149 RAW_DATA(struct rsa_keypair, d) 150 }, 151 152 { 153 .attr_id = TEE_ATTR_RSA_PRIME1, 154 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 155 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 156 RAW_DATA(struct rsa_keypair, p) 157 }, 158 159 { 160 .attr_id = TEE_ATTR_RSA_PRIME2, 161 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 162 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 163 RAW_DATA(struct rsa_keypair, q) 164 }, 165 166 { 167 .attr_id = TEE_ATTR_RSA_EXPONENT1, 168 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 169 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 170 RAW_DATA(struct rsa_keypair, dp) 171 }, 172 173 { 174 .attr_id = TEE_ATTR_RSA_EXPONENT2, 175 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 176 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 177 RAW_DATA(struct rsa_keypair, dq) 178 }, 179 180 { 181 .attr_id = TEE_ATTR_RSA_COEFFICIENT, 182 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP, 183 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 184 RAW_DATA(struct rsa_keypair, qp) 185 }, 186 }; 187 188 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_pub_key_attrs[] = { 189 { 190 .attr_id = TEE_ATTR_DSA_PRIME, 191 .flags = TEE_TYPE_ATTR_REQUIRED, 192 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 193 RAW_DATA(struct dsa_public_key, p) 194 }, 195 196 { 197 .attr_id = TEE_ATTR_DSA_SUBPRIME, 198 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR, 199 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 200 RAW_DATA(struct dsa_public_key, q) 201 }, 202 203 { 204 .attr_id = TEE_ATTR_DSA_BASE, 205 .flags = TEE_TYPE_ATTR_REQUIRED, 206 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 207 RAW_DATA(struct dsa_public_key, g) 208 }, 209 210 { 211 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 212 .flags = TEE_TYPE_ATTR_REQUIRED, 213 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 214 RAW_DATA(struct dsa_public_key, y) 215 }, 216 }; 217 218 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dsa_keypair_attrs[] = { 219 { 220 .attr_id = TEE_ATTR_DSA_PRIME, 221 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 222 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 223 RAW_DATA(struct dsa_keypair, p) 224 }, 225 226 { 227 .attr_id = TEE_ATTR_DSA_SUBPRIME, 228 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 229 TEE_TYPE_ATTR_GEN_KEY_REQ, 230 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 231 RAW_DATA(struct dsa_keypair, q) 232 }, 233 234 { 235 .attr_id = TEE_ATTR_DSA_BASE, 236 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 237 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 238 RAW_DATA(struct dsa_keypair, g) 239 }, 240 241 { 242 .attr_id = TEE_ATTR_DSA_PRIVATE_VALUE, 243 .flags = TEE_TYPE_ATTR_REQUIRED, 244 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 245 RAW_DATA(struct dsa_keypair, x) 246 }, 247 248 { 249 .attr_id = TEE_ATTR_DSA_PUBLIC_VALUE, 250 .flags = TEE_TYPE_ATTR_REQUIRED, 251 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 252 RAW_DATA(struct dsa_keypair, y) 253 }, 254 }; 255 256 static const struct tee_cryp_obj_type_attrs tee_cryp_obj_dh_keypair_attrs[] = { 257 { 258 .attr_id = TEE_ATTR_DH_PRIME, 259 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_SIZE_INDICATOR | 260 TEE_TYPE_ATTR_GEN_KEY_REQ, 261 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 262 RAW_DATA(struct dh_keypair, p) 263 }, 264 265 { 266 .attr_id = TEE_ATTR_DH_BASE, 267 .flags = TEE_TYPE_ATTR_REQUIRED | TEE_TYPE_ATTR_GEN_KEY_REQ, 268 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 269 RAW_DATA(struct dh_keypair, g) 270 }, 271 272 { 273 .attr_id = TEE_ATTR_DH_PUBLIC_VALUE, 274 .flags = TEE_TYPE_ATTR_REQUIRED, 275 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 276 RAW_DATA(struct dh_keypair, y) 277 }, 278 279 { 280 .attr_id = TEE_ATTR_DH_PRIVATE_VALUE, 281 .flags = TEE_TYPE_ATTR_REQUIRED, 282 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 283 RAW_DATA(struct dh_keypair, x) 284 }, 285 286 { 287 .attr_id = TEE_ATTR_DH_SUBPRIME, 288 .flags = TEE_TYPE_ATTR_OPTIONAL_GROUP | TEE_TYPE_ATTR_GEN_KEY_OPT, 289 .conv_func = TEE_TYPE_CONV_FUNC_BIGNUM, 290 RAW_DATA(struct dh_keypair, q) 291 }, 292 293 { 294 .attr_id = TEE_ATTR_DH_X_BITS, 295 .flags = TEE_TYPE_ATTR_GEN_KEY_OPT, 296 .conv_func = TEE_TYPE_CONV_FUNC_VALUE, 297 RAW_DATA(struct dh_keypair, xbits) 298 }, 299 }; 300 301 struct tee_cryp_obj_type_props { 302 TEE_ObjectType obj_type; 303 uint16_t min_size; /* may not be smaller than this */ 304 uint16_t max_size; /* may not be larger than this */ 305 uint16_t alloc_size; /* this many bytes are allocated to hold data */ 306 uint8_t quanta; /* may only be an multiple of this */ 307 308 uint8_t num_type_attrs; 309 const struct tee_cryp_obj_type_attrs *type_attrs; 310 }; 311 312 #define PROP(obj_type, quanta, min_size, max_size, alloc_size, type_attrs) \ 313 { (obj_type), (min_size), (max_size), (alloc_size), (quanta), \ 314 TEE_ARRAY_SIZE(type_attrs), (type_attrs) } 315 316 static const struct tee_cryp_obj_type_props tee_cryp_obj_props[] = { 317 PROP(TEE_TYPE_AES, 64, 128, 256, /* valid sizes 128, 192, 256 */ 318 256 / 8 + sizeof(struct tee_cryp_obj_secret), 319 tee_cryp_obj_secret_value_attrs), 320 PROP(TEE_TYPE_DES, 56, 56, 56, 321 /* 322 * Valid size 56 without parity, note that we still allocate 323 * for 64 bits since the key is supplied with parity. 324 */ 325 64 / 8 + sizeof(struct tee_cryp_obj_secret), 326 tee_cryp_obj_secret_value_attrs), 327 PROP(TEE_TYPE_DES3, 56, 112, 168, 328 /* 329 * Valid sizes 112, 168 without parity, note that we still 330 * allocate for with space for the parity since the key is 331 * supplied with parity. 332 */ 333 192 / 8 + sizeof(struct tee_cryp_obj_secret), 334 tee_cryp_obj_secret_value_attrs), 335 PROP(TEE_TYPE_HMAC_MD5, 8, 64, 512, 336 512 / 8 + sizeof(struct tee_cryp_obj_secret), 337 tee_cryp_obj_secret_value_attrs), 338 PROP(TEE_TYPE_HMAC_SHA1, 8, 80, 512, 339 512 / 8 + sizeof(struct tee_cryp_obj_secret), 340 tee_cryp_obj_secret_value_attrs), 341 PROP(TEE_TYPE_HMAC_SHA224, 8, 112, 512, 342 512 / 8 + sizeof(struct tee_cryp_obj_secret), 343 tee_cryp_obj_secret_value_attrs), 344 PROP(TEE_TYPE_HMAC_SHA256, 8, 192, 1024, 345 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 346 tee_cryp_obj_secret_value_attrs), 347 PROP(TEE_TYPE_HMAC_SHA384, 8, 256, 1024, 348 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 349 tee_cryp_obj_secret_value_attrs), 350 PROP(TEE_TYPE_HMAC_SHA512, 8, 256, 1024, 351 1024 / 8 + sizeof(struct tee_cryp_obj_secret), 352 tee_cryp_obj_secret_value_attrs), 353 PROP(TEE_TYPE_GENERIC_SECRET, 8, 0, 4096, 354 4096 / 8 + sizeof(struct tee_cryp_obj_secret), 355 tee_cryp_obj_secret_value_attrs), 356 357 PROP(TEE_TYPE_RSA_PUBLIC_KEY, 1, 256, 2048, 358 sizeof(struct rsa_public_key), 359 tee_cryp_obj_rsa_pub_key_attrs), 360 361 PROP(TEE_TYPE_RSA_KEYPAIR, 1, 256, 2048, 362 sizeof(struct rsa_keypair), 363 tee_cryp_obj_rsa_keypair_attrs), 364 365 PROP(TEE_TYPE_DSA_PUBLIC_KEY, 64, 512, 1024, 366 sizeof(struct dsa_public_key), 367 tee_cryp_obj_dsa_pub_key_attrs), 368 369 PROP(TEE_TYPE_DSA_KEYPAIR, 64, 512, 1024, 370 sizeof(struct dsa_keypair), 371 tee_cryp_obj_dsa_keypair_attrs), 372 373 PROP(TEE_TYPE_DH_KEYPAIR, 1, 256, 2048, 374 sizeof(struct dh_keypair), 375 tee_cryp_obj_dh_keypair_attrs), 376 }; 377 378 TEE_Result tee_svc_cryp_obj_get_info(uint32_t obj, TEE_ObjectInfo *info) 379 { 380 TEE_Result res; 381 struct tee_ta_session *sess; 382 struct tee_obj *o; 383 384 res = tee_ta_get_current_session(&sess); 385 if (res != TEE_SUCCESS) 386 return res; 387 388 res = tee_obj_get(sess->ctx, obj, &o); 389 if (res != TEE_SUCCESS) 390 return res; 391 392 return tee_svc_copy_to_user(sess, info, &o->info, sizeof(o->info)); 393 } 394 395 TEE_Result tee_svc_cryp_obj_restrict_usage(uint32_t obj, uint32_t usage) 396 { 397 TEE_Result res; 398 struct tee_ta_session *sess; 399 struct tee_obj *o; 400 401 res = tee_ta_get_current_session(&sess); 402 if (res != TEE_SUCCESS) 403 return res; 404 405 res = tee_obj_get(sess->ctx, obj, &o); 406 if (res != TEE_SUCCESS) 407 return res; 408 409 o->info.objectUsage &= usage; 410 411 return TEE_SUCCESS; 412 } 413 414 static TEE_Result tee_svc_cryp_obj_get_raw_data( 415 struct tee_obj *o, 416 const struct tee_cryp_obj_type_props *type_props, 417 size_t idx, void **data, size_t *size) 418 { 419 const struct tee_cryp_obj_type_attrs *type_attr = 420 type_props->type_attrs + idx; 421 if (type_attr->raw_size == 0) { 422 struct tee_cryp_obj_secret *key = 423 (struct tee_cryp_obj_secret *)o->data; 424 425 /* Handle generic secret */ 426 if (type_attr->raw_offs != 0) 427 return TEE_ERROR_BAD_STATE; 428 *size = key->key_size; 429 } else { 430 *size = type_attr->raw_size; 431 } 432 *data = (uint8_t *)o->data + type_attr->raw_offs; 433 return TEE_SUCCESS; 434 } 435 436 static int tee_svc_cryp_obj_find_type_attr_idx( 437 uint32_t attr_id, 438 const struct tee_cryp_obj_type_props *type_props) 439 { 440 size_t n; 441 442 for (n = 0; n < type_props->num_type_attrs; n++) { 443 if (attr_id == type_props->type_attrs[n].attr_id) 444 return n; 445 } 446 return -1; 447 } 448 449 static const struct tee_cryp_obj_type_props *tee_svc_find_type_props( 450 TEE_ObjectType obj_type) 451 { 452 size_t n; 453 454 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_props); n++) { 455 if (tee_cryp_obj_props[n].obj_type == obj_type) 456 return tee_cryp_obj_props + n; 457 } 458 459 return NULL; 460 } 461 462 static TEE_Result tee_svc_cryp_obj_copy_out(struct tee_ta_session *sess, 463 void *buffer, size_t *size, 464 uint16_t conv_func, 465 void *raw_data, 466 size_t raw_data_size) 467 { 468 TEE_Result res; 469 size_t s, key_size, req_size, n; 470 struct tee_cryp_obj_secret *obj; 471 struct bignum *bn; 472 uint32_t value[2] = { 0, 0 }; 473 474 res = tee_svc_copy_from_user(sess, &s, size, sizeof(size_t)); 475 if (res != TEE_SUCCESS) 476 return res; 477 478 switch (conv_func) { 479 case TEE_TYPE_CONV_FUNC_NONE: 480 481 res = tee_svc_copy_to_user(sess, size, &raw_data_size, 482 sizeof(size_t)); 483 if (res != TEE_SUCCESS) 484 return res; 485 if (s < raw_data_size) 486 return TEE_ERROR_SHORT_BUFFER; 487 return tee_svc_copy_to_user(sess, buffer, raw_data, 488 raw_data_size); 489 case TEE_TYPE_CONV_FUNC_SECRET: 490 491 if (!TEE_ALIGNMENT_IS_OK(raw_data, struct tee_cryp_obj_secret)) 492 return TEE_ERROR_BAD_STATE; 493 obj = (struct tee_cryp_obj_secret *)(void *)raw_data; 494 key_size = obj->key_size; 495 res = tee_svc_copy_to_user(sess, size, &key_size, 496 sizeof(size_t)); 497 if (res != TEE_SUCCESS) 498 return res; 499 if (s < key_size) 500 return TEE_ERROR_SHORT_BUFFER; 501 return tee_svc_copy_to_user(sess, buffer, obj + 1, 502 key_size); 503 504 case TEE_TYPE_CONV_FUNC_BIGNUM: 505 506 bn = *(struct bignum **)raw_data; 507 req_size = crypto_ops.bignum.num_bytes(bn); 508 if (req_size == 0) 509 return TEE_SUCCESS; 510 res = tee_svc_copy_to_user( 511 sess, size, &req_size, sizeof(size_t)); 512 if (res != TEE_SUCCESS) 513 return res; 514 /* Check that the converted result fits the user buffer. */ 515 if (s < req_size) 516 return TEE_ERROR_SHORT_BUFFER; 517 /* Check we can access data using supplied user mode pointer */ 518 res = tee_mmu_check_access_rights(sess->ctx, 519 TEE_MEMORY_ACCESS_READ | 520 TEE_MEMORY_ACCESS_WRITE | 521 TEE_MEMORY_ACCESS_ANY_OWNER, 522 (tee_uaddr_t)buffer, 523 req_size); 524 if (res != TEE_SUCCESS) 525 return res; 526 /* 527 * Write the bignum (wich raw data points to) into an array of 528 * bytes (stored in buffer) 529 */ 530 crypto_ops.bignum.bn2bin(bn, buffer); 531 return TEE_SUCCESS; 532 533 case TEE_TYPE_CONV_FUNC_VALUE: 534 n = sizeof(value); 535 /* 536 * a value attribute consists of two uint32 but have not 537 * seen anything that actaully would need that so this 538 * fills in one with data and the other with zero 539 */ 540 TEE_ASSERT(raw_data_size == sizeof(uint32_t)); 541 value[0] = *(uint32_t *)raw_data; 542 res = tee_svc_copy_to_user(sess, size, &n, sizeof(size_t)); 543 if (res != TEE_SUCCESS) 544 return res; 545 /* Check that the converted result fits the user buf */ 546 if (s < n) 547 return TEE_ERROR_SHORT_BUFFER; 548 return tee_svc_copy_to_user(sess, buffer, &value, n); 549 550 default: 551 return TEE_ERROR_BAD_STATE; 552 } 553 } 554 555 TEE_Result tee_svc_cryp_obj_get_attr(uint32_t obj, uint32_t attr_id, 556 void *buffer, size_t *size) 557 { 558 TEE_Result res; 559 struct tee_ta_session *sess; 560 struct tee_obj *o; 561 const struct tee_cryp_obj_type_props *type_props; 562 int idx; 563 size_t raw_size; 564 void *raw_data; 565 566 res = tee_ta_get_current_session(&sess); 567 if (res != TEE_SUCCESS) 568 return res; 569 570 res = tee_obj_get(sess->ctx, obj, &o); 571 if (res != TEE_SUCCESS) 572 return TEE_ERROR_ITEM_NOT_FOUND; 573 574 /* Check that the object is initialized */ 575 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 576 return TEE_ERROR_ITEM_NOT_FOUND; 577 578 /* Check that getting the attribute is allowed */ 579 if ((attr_id & TEE_ATTR_BIT_PROTECTED) == 0 && 580 (o->info.objectUsage & TEE_USAGE_EXTRACTABLE) == 0) 581 return TEE_ERROR_ACCESS_DENIED; 582 583 type_props = tee_svc_find_type_props(o->info.objectType); 584 if (!type_props) { 585 /* Unknown object type, "can't happen" */ 586 return TEE_ERROR_BAD_STATE; 587 } 588 589 idx = tee_svc_cryp_obj_find_type_attr_idx(attr_id, type_props); 590 if ((idx < 0) || ((o->have_attrs & (1 << idx)) == 0)) 591 return TEE_ERROR_ITEM_NOT_FOUND; 592 593 res = tee_svc_cryp_obj_get_raw_data(o, type_props, idx, 594 &raw_data, &raw_size); 595 if (res != TEE_SUCCESS) 596 return res; 597 598 return tee_svc_cryp_obj_copy_out(sess, buffer, size, 599 type_props->type_attrs[idx].conv_func, 600 raw_data, raw_size); 601 } 602 603 static void bn_cleanup(struct bignum *bn, bool del) 604 { 605 if (del) 606 crypto_ops.bignum.free(bn); 607 else 608 crypto_ops.bignum.clear(bn); 609 } 610 611 static void cleanup_rsa_keypair(void *p, bool del) 612 { 613 struct rsa_keypair *s = (struct rsa_keypair *)p; 614 615 bn_cleanup(s->e, del); 616 bn_cleanup(s->d, del); 617 bn_cleanup(s->n, del); 618 bn_cleanup(s->p, del); 619 bn_cleanup(s->q, del); 620 bn_cleanup(s->qp, del); 621 bn_cleanup(s->dp, del); 622 bn_cleanup(s->dq, del); 623 } 624 625 static void cleanup_dsa_keypair(void *p, bool del) 626 { 627 struct dsa_keypair *s = (struct dsa_keypair *)p; 628 629 bn_cleanup(s->g, del); 630 bn_cleanup(s->p, del); 631 bn_cleanup(s->q, del); 632 bn_cleanup(s->y, del); 633 bn_cleanup(s->x, del); 634 } 635 636 static void cleanup_rsa_public_key(void *p, bool del) 637 { 638 struct rsa_public_key *s = (struct rsa_public_key *)p; 639 640 bn_cleanup(s->e, del); 641 bn_cleanup(s->n, del); 642 } 643 644 static void cleanup_dsa_public_key(void *p, bool del) 645 { 646 struct dsa_public_key *s = (struct dsa_public_key *)p; 647 648 bn_cleanup(s->g, del); 649 bn_cleanup(s->p, del); 650 bn_cleanup(s->q, del); 651 bn_cleanup(s->y, del); 652 } 653 654 static void cleanup_dh_keypair(void *p, bool del) 655 { 656 struct dh_keypair *s = (struct dh_keypair *)p; 657 658 bn_cleanup(s->g, del); 659 bn_cleanup(s->p, del); 660 bn_cleanup(s->x, del); 661 bn_cleanup(s->y, del); 662 bn_cleanup(s->q, del); 663 s->xbits = 0; 664 } 665 666 static void copy_rsa_public_key(struct rsa_public_key *to, 667 const struct rsa_public_key *from) 668 { 669 crypto_ops.bignum.copy(to->e, from->e); 670 crypto_ops.bignum.copy(to->n, from->n); 671 } 672 673 static void copy_rsa_keypair(struct rsa_keypair *to, 674 const struct rsa_keypair *from) 675 { 676 crypto_ops.bignum.copy(to->e, from->e); 677 crypto_ops.bignum.copy(to->d, from->d); 678 crypto_ops.bignum.copy(to->n, from->n); 679 crypto_ops.bignum.copy(to->p, from->p); 680 crypto_ops.bignum.copy(to->q, from->q); 681 crypto_ops.bignum.copy(to->qp, from->qp); 682 crypto_ops.bignum.copy(to->dp, from->dp); 683 crypto_ops.bignum.copy(to->dq, from->dq); 684 } 685 686 static void copy_dsa_public_key(struct dsa_public_key *to, 687 const struct dsa_public_key *from) 688 { 689 crypto_ops.bignum.copy(to->g, from->g); 690 crypto_ops.bignum.copy(to->p, from->p); 691 crypto_ops.bignum.copy(to->q, from->q); 692 crypto_ops.bignum.copy(to->y, from->y); 693 } 694 695 696 static void copy_dsa_keypair(struct dsa_keypair *to, 697 const struct dsa_keypair *from) 698 { 699 crypto_ops.bignum.copy(to->g, from->g); 700 crypto_ops.bignum.copy(to->p, from->p); 701 crypto_ops.bignum.copy(to->q, from->q); 702 crypto_ops.bignum.copy(to->y, from->y); 703 crypto_ops.bignum.copy(to->x, from->x); 704 } 705 706 static void copy_dh_keypair(struct dh_keypair *to, 707 const struct dh_keypair *from) 708 { 709 crypto_ops.bignum.copy(to->g, from->g); 710 crypto_ops.bignum.copy(to->p, from->p); 711 crypto_ops.bignum.copy(to->y, from->y); 712 crypto_ops.bignum.copy(to->x, from->x); 713 crypto_ops.bignum.copy(to->q, from->q); 714 to->xbits = from->xbits; 715 } 716 717 static void extract_rsa_public_key(struct rsa_public_key *to, 718 const struct rsa_keypair *from) 719 { 720 crypto_ops.bignum.copy(to->e, from->e); 721 crypto_ops.bignum.copy(to->n, from->n); 722 } 723 724 static void extract_dsa_public_key(struct dsa_public_key *to, 725 const struct dsa_keypair *from) 726 { 727 crypto_ops.bignum.copy(to->g, from->g); 728 crypto_ops.bignum.copy(to->p, from->p); 729 crypto_ops.bignum.copy(to->q, from->q); 730 crypto_ops.bignum.copy(to->y, from->y); 731 } 732 733 TEE_Result tee_svc_cryp_obj_alloc(TEE_ObjectType obj_type, 734 uint32_t max_obj_size, uint32_t *obj) 735 { 736 TEE_Result res; 737 struct tee_ta_session *sess; 738 const struct tee_cryp_obj_type_props *type_props; 739 struct tee_obj *o; 740 741 res = tee_ta_get_current_session(&sess); 742 if (res != TEE_SUCCESS) 743 return res; 744 745 /* 746 * Verify that maxObjectSize is supported and find out how 747 * much should be allocated. 748 */ 749 750 /* Find description of object */ 751 type_props = tee_svc_find_type_props(obj_type); 752 if (!type_props) 753 return TEE_ERROR_NOT_SUPPORTED; 754 755 /* Check that maxObjectSize follows restrictions */ 756 if (max_obj_size % type_props->quanta != 0) 757 return TEE_ERROR_NOT_SUPPORTED; 758 if (max_obj_size < type_props->min_size) 759 return TEE_ERROR_NOT_SUPPORTED; 760 if (max_obj_size > type_props->max_size) 761 return TEE_ERROR_NOT_SUPPORTED; 762 763 o = calloc(1, sizeof(*o)); 764 if (!o) 765 return TEE_ERROR_OUT_OF_MEMORY; 766 o->data = calloc(1, type_props->alloc_size); 767 if (!o->data) { 768 free(o); 769 return TEE_ERROR_OUT_OF_MEMORY; 770 } 771 o->data_size = type_props->alloc_size; 772 773 /* If we have a key structure, pre-allocate the bignums inside */ 774 switch (obj_type) { 775 case TEE_TYPE_RSA_PUBLIC_KEY: 776 if (!crypto_ops.acipher.alloc_rsa_public_key) 777 goto notimpl; 778 if (crypto_ops.acipher.alloc_rsa_public_key(o->data, 779 max_obj_size) 780 != TEE_SUCCESS) 781 goto alloc_err; 782 o->cleanup = cleanup_rsa_public_key; 783 break; 784 case TEE_TYPE_RSA_KEYPAIR: 785 if (!crypto_ops.acipher.alloc_rsa_keypair) 786 goto notimpl; 787 if (crypto_ops.acipher.alloc_rsa_keypair(o->data, 788 max_obj_size) 789 != TEE_SUCCESS) 790 goto alloc_err; 791 o->cleanup = cleanup_rsa_keypair; 792 break; 793 case TEE_TYPE_DSA_PUBLIC_KEY: 794 if (!crypto_ops.acipher.alloc_dsa_public_key) 795 goto notimpl; 796 if (crypto_ops.acipher.alloc_dsa_public_key(o->data, 797 max_obj_size) 798 != TEE_SUCCESS) 799 goto alloc_err; 800 o->cleanup = cleanup_dsa_public_key; 801 break; 802 case TEE_TYPE_DSA_KEYPAIR: 803 if (!crypto_ops.acipher.alloc_dsa_keypair) 804 goto notimpl; 805 if (crypto_ops.acipher.alloc_dsa_keypair(o->data, max_obj_size) 806 != TEE_SUCCESS) 807 goto alloc_err; 808 o->cleanup = cleanup_dsa_keypair; 809 break; 810 case TEE_TYPE_DH_KEYPAIR: 811 if (!crypto_ops.acipher.alloc_dh_keypair) 812 goto notimpl; 813 if (crypto_ops.acipher.alloc_dh_keypair(o->data, max_obj_size) 814 != TEE_SUCCESS) 815 goto alloc_err; 816 o->cleanup = cleanup_dh_keypair; 817 break; 818 default: 819 break; 820 } 821 822 o->info.objectType = obj_type; 823 o->info.maxObjectSize = max_obj_size; 824 o->info.objectUsage = TEE_USAGE_DEFAULT; 825 o->info.handleFlags = 0; 826 827 o->fd = -1; 828 829 tee_obj_add(sess->ctx, o); 830 831 res = tee_svc_copy_to_user(sess, obj, &o, sizeof(o)); 832 if (res != TEE_SUCCESS) 833 tee_obj_close(sess->ctx, o); 834 return res; 835 836 alloc_err: 837 free(o->data); 838 free(o); 839 return TEE_ERROR_OUT_OF_MEMORY; 840 notimpl: 841 free(o->data); 842 free(o); 843 return TEE_ERROR_NOT_IMPLEMENTED; 844 } 845 846 TEE_Result tee_svc_cryp_obj_close(uint32_t obj) 847 { 848 TEE_Result res; 849 struct tee_ta_session *sess; 850 struct tee_obj *o; 851 852 res = tee_ta_get_current_session(&sess); 853 if (res != TEE_SUCCESS) 854 return res; 855 856 res = tee_obj_get(sess->ctx, obj, &o); 857 if (res != TEE_SUCCESS) 858 return res; 859 860 /* 861 * If it's busy it's used by an operation, a client should never have 862 * this handle. 863 */ 864 if (o->busy) 865 return TEE_ERROR_ITEM_NOT_FOUND; 866 867 tee_obj_close(sess->ctx, o); 868 return TEE_SUCCESS; 869 } 870 871 TEE_Result tee_svc_cryp_obj_reset(uint32_t obj) 872 { 873 TEE_Result res; 874 struct tee_ta_session *sess; 875 struct tee_obj *o; 876 877 res = tee_ta_get_current_session(&sess); 878 if (res != TEE_SUCCESS) 879 return res; 880 881 res = tee_obj_get(sess->ctx, obj, &o); 882 if (res != TEE_SUCCESS) 883 return res; 884 885 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) == 0) { 886 if (o->cleanup) { 887 /* 888 * o->data contains pointers to key data. 889 * Clear key data, but keep the pointers. 890 */ 891 o->cleanup(o->data, false); 892 } else { 893 memset(o->data, 0, o->data_size); 894 } 895 o->info.objectSize = 0; 896 o->info.objectUsage = TEE_USAGE_DEFAULT; 897 } else { 898 return TEE_ERROR_BAD_PARAMETERS; 899 } 900 901 return TEE_SUCCESS; 902 } 903 904 static TEE_Result tee_svc_cryp_obj_store_attr_raw(struct tee_ta_session *sess, 905 uint16_t conv_func, 906 const TEE_Attribute *attr, 907 void *data, size_t data_size) 908 { 909 TEE_Result res; 910 struct tee_cryp_obj_secret *obj; 911 struct bignum *bn; 912 913 if (!attr) 914 return TEE_ERROR_BAD_STATE; 915 916 if (conv_func != TEE_TYPE_CONV_FUNC_VALUE && !attr->content.ref.buffer) 917 return TEE_ERROR_BAD_PARAMETERS; 918 919 switch (conv_func) { 920 case TEE_TYPE_CONV_FUNC_NONE: 921 /* No conversion data size has to match exactly */ 922 if (attr->content.ref.length != data_size) 923 return TEE_ERROR_BAD_PARAMETERS; 924 return tee_svc_copy_from_user(sess, data, 925 attr->content.ref.buffer, 926 data_size); 927 case TEE_TYPE_CONV_FUNC_SECRET: 928 if (!TEE_ALIGNMENT_IS_OK(data, struct tee_cryp_obj_secret)) 929 return TEE_ERROR_BAD_STATE; 930 obj = (struct tee_cryp_obj_secret *)(void *)data; 931 932 /* Data size has to fit in allocated buffer */ 933 if (attr->content.ref.length > 934 (data_size - sizeof(struct tee_cryp_obj_secret))) 935 return TEE_ERROR_BAD_PARAMETERS; 936 937 res = tee_svc_copy_from_user(sess, obj + 1, 938 attr->content.ref.buffer, 939 attr->content.ref.length); 940 if (res == TEE_SUCCESS) 941 obj->key_size = attr->content.ref.length; 942 return res; 943 944 case TEE_TYPE_CONV_FUNC_BIGNUM: 945 /* Check data can be accessed */ 946 res = tee_mmu_check_access_rights( 947 sess->ctx, 948 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, 949 (tee_uaddr_t)attr->content.ref.buffer, 950 attr->content.ref.length); 951 if (res != TEE_SUCCESS) 952 return res; 953 954 /* 955 * Read the array of bytes (stored in attr->content.ref.buffer) 956 * and convert it to a bignum (pointed to by data) 957 */ 958 bn = *(struct bignum **)data; 959 if (!crypto_ops.bignum.bin2bn) 960 return TEE_ERROR_NOT_IMPLEMENTED; 961 res = crypto_ops.bignum.bin2bn(attr->content.ref.buffer, 962 attr->content.ref.length, 963 bn); 964 return res; 965 966 case TEE_TYPE_CONV_FUNC_VALUE: 967 /* 968 * a value attribute consists of two uint32 but have not 969 * seen anything that actaully would need that so this fills 970 * the data from the first value and discards the second value 971 */ 972 *(uint32_t *)data = attr->content.value.a; 973 974 return TEE_SUCCESS; 975 976 default: 977 return TEE_ERROR_BAD_STATE; 978 } 979 } 980 981 enum attr_usage { 982 ATTR_USAGE_POPULATE, 983 ATTR_USAGE_GENERATE_KEY 984 }; 985 986 static TEE_Result tee_svc_cryp_check_attr( 987 enum attr_usage usage, 988 const struct tee_cryp_obj_type_props *type_props, 989 TEE_Attribute *attrs, 990 uint32_t attr_count) 991 { 992 uint32_t required_flag; 993 uint32_t opt_flag; 994 bool all_opt_needed; 995 uint32_t req_attrs = 0; 996 uint32_t opt_grp_attrs = 0; 997 uint32_t attrs_found = 0; 998 size_t n; 999 1000 if (usage == ATTR_USAGE_POPULATE) { 1001 required_flag = TEE_TYPE_ATTR_REQUIRED; 1002 opt_flag = TEE_TYPE_ATTR_OPTIONAL_GROUP; 1003 all_opt_needed = true; 1004 } else { 1005 required_flag = TEE_TYPE_ATTR_GEN_KEY_REQ; 1006 opt_flag = TEE_TYPE_ATTR_GEN_KEY_OPT; 1007 all_opt_needed = false; 1008 } 1009 1010 /* 1011 * First find out which attributes are required and which belong to 1012 * the optional group 1013 */ 1014 for (n = 0; n < type_props->num_type_attrs; n++) { 1015 uint32_t bit = 1 << n; 1016 uint32_t flags = type_props->type_attrs[n].flags; 1017 1018 if (flags & required_flag) 1019 req_attrs |= bit; 1020 else if (flags & opt_flag) 1021 opt_grp_attrs |= bit; 1022 } 1023 1024 /* 1025 * Verify that all required attributes are in place and 1026 * that the same attribute isn't repeated. 1027 */ 1028 for (n = 0; n < attr_count; n++) { 1029 int idx = 1030 tee_svc_cryp_obj_find_type_attr_idx(attrs[n].attributeID, 1031 type_props); 1032 if (idx >= 0) { 1033 uint32_t bit = 1 << idx; 1034 1035 if ((attrs_found & bit) != 0) 1036 return TEE_ERROR_ITEM_NOT_FOUND; 1037 1038 attrs_found |= bit; 1039 } 1040 } 1041 /* Required attribute missing */ 1042 if ((attrs_found & req_attrs) != req_attrs) 1043 return TEE_ERROR_ITEM_NOT_FOUND; 1044 1045 /* 1046 * If the flag says that "if one of the optional attributes are included 1047 * all of them has to be included" this must be checked. 1048 */ 1049 if (all_opt_needed && (attrs_found & opt_grp_attrs) != 0 && 1050 (attrs_found & opt_grp_attrs) != opt_grp_attrs) 1051 return TEE_ERROR_ITEM_NOT_FOUND; 1052 1053 return TEE_SUCCESS; 1054 } 1055 1056 static TEE_Result tee_svc_cryp_obj_populate_type( 1057 struct tee_ta_session *sess, 1058 struct tee_obj *o, 1059 const struct tee_cryp_obj_type_props *type_props, 1060 const TEE_Attribute *attrs, 1061 uint32_t attr_count) 1062 { 1063 TEE_Result res; 1064 uint32_t have_attrs = 0; 1065 size_t obj_size = 0; 1066 size_t n; 1067 1068 for (n = 0; n < attr_count; n++) { 1069 size_t raw_size; 1070 void *raw_data; 1071 int idx = 1072 tee_svc_cryp_obj_find_type_attr_idx(attrs[n].attributeID, 1073 type_props); 1074 if (idx < 0) 1075 continue; 1076 1077 have_attrs |= 1 << idx; 1078 1079 res = tee_svc_cryp_obj_get_raw_data(o, type_props, idx, 1080 &raw_data, &raw_size); 1081 if (res != TEE_SUCCESS) 1082 return res; 1083 1084 res = 1085 tee_svc_cryp_obj_store_attr_raw( 1086 sess, type_props->type_attrs[idx].conv_func, 1087 attrs + n, raw_data, raw_size); 1088 if (res != TEE_SUCCESS) 1089 return res; 1090 1091 /* 1092 * First attr_idx signifies the attribute that gives the size 1093 * of the object 1094 */ 1095 if (type_props->type_attrs[idx].flags & 1096 TEE_TYPE_ATTR_SIZE_INDICATOR) { 1097 obj_size += attrs[n].content.ref.length * 8; 1098 } 1099 } 1100 1101 /* 1102 * We have to do it like this because the parity bits aren't counted 1103 * when telling the size of the key in bits. 1104 */ 1105 if (o->info.objectType == TEE_TYPE_DES || 1106 o->info.objectType == TEE_TYPE_DES3) 1107 obj_size -= obj_size / 8; /* Exclude parity in size of key */ 1108 1109 o->have_attrs = have_attrs; 1110 o->info.objectSize = obj_size; 1111 return TEE_SUCCESS; 1112 } 1113 1114 TEE_Result tee_svc_cryp_obj_populate(uint32_t obj, TEE_Attribute *attrs, 1115 uint32_t attr_count) 1116 { 1117 TEE_Result res; 1118 struct tee_ta_session *sess; 1119 struct tee_obj *o; 1120 const struct tee_cryp_obj_type_props *type_props; 1121 1122 res = tee_ta_get_current_session(&sess); 1123 if (res != TEE_SUCCESS) 1124 return res; 1125 1126 res = tee_obj_get(sess->ctx, obj, &o); 1127 if (res != TEE_SUCCESS) 1128 return res; 1129 1130 /* Must be a transient object */ 1131 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1132 return TEE_ERROR_BAD_PARAMETERS; 1133 1134 /* Must not be initialized already */ 1135 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1136 return TEE_ERROR_BAD_PARAMETERS; 1137 1138 type_props = tee_svc_find_type_props(o->info.objectType); 1139 if (!type_props) 1140 return TEE_ERROR_NOT_IMPLEMENTED; 1141 1142 res = tee_svc_cryp_check_attr(ATTR_USAGE_POPULATE, type_props, attrs, 1143 attr_count); 1144 if (res != TEE_SUCCESS) 1145 return res; 1146 1147 res = tee_svc_cryp_obj_populate_type(sess, o, type_props, attrs, 1148 attr_count); 1149 if (res == TEE_SUCCESS) 1150 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1151 1152 return res; 1153 } 1154 1155 TEE_Result tee_svc_cryp_obj_copy(uint32_t dst, uint32_t src) 1156 { 1157 TEE_Result res; 1158 struct tee_ta_session *sess; 1159 struct tee_obj *dst_o; 1160 struct tee_obj *src_o; 1161 1162 res = tee_ta_get_current_session(&sess); 1163 if (res != TEE_SUCCESS) 1164 return res; 1165 1166 res = tee_obj_get(sess->ctx, dst, &dst_o); 1167 if (res != TEE_SUCCESS) 1168 return res; 1169 1170 res = tee_obj_get(sess->ctx, src, &src_o); 1171 if (res != TEE_SUCCESS) 1172 return res; 1173 1174 if ((src_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1175 return TEE_ERROR_BAD_PARAMETERS; 1176 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1177 return TEE_ERROR_BAD_PARAMETERS; 1178 if ((dst_o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1179 return TEE_ERROR_BAD_PARAMETERS; 1180 1181 if (dst_o->info.objectType == src_o->info.objectType) { 1182 /* Copy whole data */ 1183 1184 if (dst_o->data_size != src_o->data_size) 1185 return TEE_ERROR_BAD_STATE; 1186 if (dst_o->cleanup != src_o->cleanup) 1187 return TEE_ERROR_BAD_STATE; 1188 1189 dst_o->have_attrs = src_o->have_attrs; 1190 1191 switch (src_o->info.objectType) { 1192 case TEE_TYPE_RSA_PUBLIC_KEY: 1193 copy_rsa_public_key(dst_o->data, src_o->data); 1194 break; 1195 case TEE_TYPE_RSA_KEYPAIR: 1196 copy_rsa_keypair(dst_o->data, src_o->data); 1197 break; 1198 case TEE_TYPE_DSA_PUBLIC_KEY: 1199 copy_dsa_public_key(dst_o->data, src_o->data); 1200 break; 1201 case TEE_TYPE_DSA_KEYPAIR: 1202 copy_dsa_keypair(dst_o->data, src_o->data); 1203 break; 1204 case TEE_TYPE_DH_KEYPAIR: 1205 copy_dh_keypair(dst_o->data, src_o->data); 1206 break; 1207 default: 1208 /* Generic case */ 1209 memcpy(dst_o->data, src_o->data, src_o->data_size); 1210 } 1211 } else if (dst_o->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY && 1212 src_o->info.objectType == TEE_TYPE_RSA_KEYPAIR) { 1213 /* Extract public key from RSA key pair */ 1214 size_t n; 1215 1216 extract_rsa_public_key(dst_o->data, src_o->data); 1217 dst_o->have_attrs = 0; 1218 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_rsa_pub_key_attrs); 1219 n++) 1220 dst_o->have_attrs |= 1 << n; 1221 1222 } else if (dst_o->info.objectType == TEE_TYPE_DSA_PUBLIC_KEY && 1223 src_o->info.objectType == TEE_TYPE_DSA_KEYPAIR) { 1224 /* Extract public key from DSA key pair */ 1225 size_t n; 1226 1227 extract_dsa_public_key(dst_o->data, src_o->data); 1228 dst_o->have_attrs = 0; 1229 for (n = 0; n < TEE_ARRAY_SIZE(tee_cryp_obj_dsa_pub_key_attrs); 1230 n++) 1231 dst_o->have_attrs |= 1 << n; 1232 1233 } else { 1234 return TEE_ERROR_BAD_PARAMETERS; 1235 } 1236 1237 dst_o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1238 dst_o->info.objectSize = src_o->info.objectSize; 1239 dst_o->info.objectUsage = src_o->info.objectUsage; 1240 return TEE_SUCCESS; 1241 } 1242 1243 static TEE_Result tee_svc_obj_generate_key_rsa( 1244 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1245 uint32_t key_size) 1246 { 1247 TEE_Result res; 1248 1249 TEE_ASSERT(sizeof(struct rsa_keypair) == o->data_size); 1250 if (!crypto_ops.acipher.gen_rsa_key) 1251 return TEE_ERROR_NOT_IMPLEMENTED; 1252 res = crypto_ops.acipher.gen_rsa_key(o->data, key_size); 1253 if (res != TEE_SUCCESS) 1254 return res; 1255 1256 /* Set bits for all known attributes for this object type */ 1257 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1258 1259 return TEE_SUCCESS; 1260 } 1261 1262 static TEE_Result tee_svc_obj_generate_key_dsa( 1263 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1264 uint32_t key_size) 1265 { 1266 TEE_Result res; 1267 1268 TEE_ASSERT(sizeof(struct dsa_keypair) == o->data_size); 1269 if (!crypto_ops.acipher.gen_dsa_key) 1270 return TEE_ERROR_NOT_IMPLEMENTED; 1271 res = crypto_ops.acipher.gen_dsa_key(o->data, key_size); 1272 if (res != TEE_SUCCESS) 1273 return res; 1274 1275 /* Set bits for all known attributes for this object type */ 1276 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1277 1278 return TEE_SUCCESS; 1279 } 1280 1281 static TEE_Result tee_svc_obj_generate_key_dh( 1282 struct tee_ta_session *sess, 1283 struct tee_obj *o, const struct tee_cryp_obj_type_props *type_props, 1284 uint32_t key_size __unused, 1285 const TEE_Attribute *params, uint32_t param_count) 1286 { 1287 TEE_Result res; 1288 struct dh_keypair *tee_dh_key; 1289 struct bignum *dh_q = NULL; 1290 uint32_t dh_xbits = 0; 1291 1292 TEE_ASSERT(sizeof(struct dh_keypair) == o->data_size); 1293 1294 /* Copy the present attributes into the obj before starting */ 1295 res = tee_svc_cryp_obj_populate_type( 1296 sess, o, type_props, params, param_count); 1297 if (res != TEE_SUCCESS) 1298 return res; 1299 1300 tee_dh_key = (struct dh_keypair *)o->data; 1301 1302 if (GET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_SUBPRIME)) 1303 dh_q = tee_dh_key->q; 1304 if (GET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_X_BITS)) 1305 dh_xbits = tee_dh_key->xbits; 1306 if (!crypto_ops.acipher.gen_dh_key) 1307 return TEE_ERROR_NOT_IMPLEMENTED; 1308 res = crypto_ops.acipher.gen_dh_key(tee_dh_key, dh_q, dh_xbits); 1309 if (res != TEE_SUCCESS) 1310 return res; 1311 1312 /* Set bits for the generated public and private key */ 1313 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_PUBLIC_VALUE); 1314 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_PRIVATE_VALUE); 1315 SET_ATTRIBUTE(o, type_props, TEE_ATTR_DH_X_BITS); 1316 return TEE_SUCCESS; 1317 } 1318 1319 TEE_Result tee_svc_obj_generate_key( 1320 uint32_t obj, uint32_t key_size, 1321 const TEE_Attribute *params, uint32_t param_count) 1322 { 1323 TEE_Result res; 1324 struct tee_ta_session *sess; 1325 const struct tee_cryp_obj_type_props *type_props; 1326 struct tee_obj *o; 1327 struct tee_cryp_obj_secret *key; 1328 size_t byte_size; 1329 1330 res = tee_ta_get_current_session(&sess); 1331 if (res != TEE_SUCCESS) 1332 return res; 1333 1334 res = tee_obj_get(sess->ctx, obj, &o); 1335 if (res != TEE_SUCCESS) 1336 return res; 1337 1338 /* Must be a transient object */ 1339 if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) 1340 return TEE_ERROR_BAD_STATE; 1341 1342 /* Must not be initialized already */ 1343 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1344 return TEE_ERROR_BAD_STATE; 1345 1346 /* Find description of object */ 1347 type_props = tee_svc_find_type_props(o->info.objectType); 1348 if (!type_props) 1349 return TEE_ERROR_NOT_SUPPORTED; 1350 1351 /* Check that maxObjectSize follows restrictions */ 1352 if (key_size % type_props->quanta != 0) 1353 return TEE_ERROR_NOT_SUPPORTED; 1354 if (key_size < type_props->min_size) 1355 return TEE_ERROR_NOT_SUPPORTED; 1356 if (key_size > type_props->max_size) 1357 return TEE_ERROR_NOT_SUPPORTED; 1358 1359 res = tee_svc_cryp_check_attr(ATTR_USAGE_GENERATE_KEY, type_props, 1360 (TEE_Attribute *)params, param_count); 1361 if (res != TEE_SUCCESS) 1362 return res; 1363 1364 switch (o->info.objectType) { 1365 case TEE_TYPE_AES: 1366 case TEE_TYPE_DES: 1367 case TEE_TYPE_DES3: 1368 case TEE_TYPE_HMAC_MD5: 1369 case TEE_TYPE_HMAC_SHA1: 1370 case TEE_TYPE_HMAC_SHA224: 1371 case TEE_TYPE_HMAC_SHA256: 1372 case TEE_TYPE_HMAC_SHA384: 1373 case TEE_TYPE_HMAC_SHA512: 1374 case TEE_TYPE_GENERIC_SECRET: 1375 byte_size = key_size / 8; 1376 1377 /* 1378 * We have to do it like this because the parity bits aren't 1379 * counted when telling the size of the key in bits. 1380 */ 1381 if (o->info.objectType == TEE_TYPE_DES || 1382 o->info.objectType == TEE_TYPE_DES3) { 1383 byte_size = (key_size + key_size / 7) / 8; 1384 } 1385 1386 key = (struct tee_cryp_obj_secret *)o->data; 1387 if (byte_size > (o->data_size - sizeof(*key))) 1388 return TEE_ERROR_EXCESS_DATA; 1389 1390 res = get_rng_array((void *)(key + 1), byte_size); 1391 if (res != TEE_SUCCESS) 1392 return res; 1393 1394 /* Force the last bit to have exactly a value on byte_size */ 1395 ((char *)key)[sizeof(key->key_size) + byte_size - 1] |= 0x80; 1396 key->key_size = byte_size; 1397 1398 /* Set bits for all known attributes for this object type */ 1399 o->have_attrs = (1 << type_props->num_type_attrs) - 1; 1400 1401 break; 1402 1403 case TEE_TYPE_RSA_KEYPAIR: 1404 res = tee_svc_obj_generate_key_rsa(o, type_props, key_size); 1405 if (res != TEE_SUCCESS) 1406 return res; 1407 break; 1408 1409 case TEE_TYPE_DSA_KEYPAIR: 1410 res = tee_svc_obj_generate_key_dsa(o, type_props, key_size); 1411 if (res != TEE_SUCCESS) 1412 return res; 1413 break; 1414 1415 case TEE_TYPE_DH_KEYPAIR: 1416 res = tee_svc_obj_generate_key_dh( 1417 sess, o, type_props, key_size, params, param_count); 1418 if (res != TEE_SUCCESS) 1419 return res; 1420 break; 1421 1422 default: 1423 return TEE_ERROR_BAD_FORMAT; 1424 } 1425 1426 o->info.objectSize = key_size; 1427 o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 1428 return TEE_SUCCESS; 1429 } 1430 1431 static TEE_Result tee_svc_cryp_get_state(struct tee_ta_session *sess, 1432 uint32_t state_id, 1433 struct tee_cryp_state **state) 1434 { 1435 struct tee_cryp_state *s; 1436 1437 TAILQ_FOREACH(s, &sess->ctx->cryp_states, link) { 1438 if (state_id == (uint32_t) s) { 1439 *state = s; 1440 return TEE_SUCCESS; 1441 } 1442 } 1443 return TEE_ERROR_BAD_PARAMETERS; 1444 } 1445 1446 static void cryp_state_free(struct tee_ta_ctx *ctx, struct tee_cryp_state *cs) 1447 { 1448 struct tee_obj *o; 1449 1450 if (tee_obj_get(ctx, cs->key1, &o) == TEE_SUCCESS) 1451 tee_obj_close(ctx, o); 1452 if (tee_obj_get(ctx, cs->key2, &o) == TEE_SUCCESS) 1453 tee_obj_close(ctx, o); 1454 1455 TAILQ_REMOVE(&ctx->cryp_states, cs, link); 1456 if (cs->ctx_finalize != NULL) 1457 cs->ctx_finalize(cs->ctx, cs->algo); 1458 free(cs->ctx); 1459 free(cs); 1460 } 1461 1462 static TEE_Result tee_svc_cryp_check_key_type(const struct tee_obj *o, 1463 uint32_t algo, 1464 TEE_OperationMode mode) 1465 { 1466 uint32_t req_key_type; 1467 1468 switch (TEE_ALG_GET_MAIN_ALG(algo)) { 1469 case TEE_MAIN_ALGO_MD5: 1470 req_key_type = TEE_TYPE_HMAC_MD5; 1471 break; 1472 case TEE_MAIN_ALGO_SHA1: 1473 req_key_type = TEE_TYPE_HMAC_SHA1; 1474 break; 1475 case TEE_MAIN_ALGO_SHA224: 1476 req_key_type = TEE_TYPE_HMAC_SHA224; 1477 break; 1478 case TEE_MAIN_ALGO_SHA256: 1479 req_key_type = TEE_TYPE_HMAC_SHA256; 1480 break; 1481 case TEE_MAIN_ALGO_SHA384: 1482 req_key_type = TEE_TYPE_HMAC_SHA384; 1483 break; 1484 case TEE_MAIN_ALGO_SHA512: 1485 req_key_type = TEE_TYPE_HMAC_SHA512; 1486 break; 1487 case TEE_MAIN_ALGO_AES: 1488 req_key_type = TEE_TYPE_AES; 1489 break; 1490 case TEE_MAIN_ALGO_DES: 1491 req_key_type = TEE_TYPE_DES; 1492 break; 1493 case TEE_MAIN_ALGO_DES3: 1494 req_key_type = TEE_TYPE_DES3; 1495 break; 1496 case TEE_MAIN_ALGO_RSA: 1497 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 1498 req_key_type = TEE_TYPE_RSA_PUBLIC_KEY; 1499 else 1500 req_key_type = TEE_TYPE_RSA_KEYPAIR; 1501 break; 1502 case TEE_MAIN_ALGO_DSA: 1503 if (mode == TEE_MODE_ENCRYPT || mode == TEE_MODE_VERIFY) 1504 req_key_type = TEE_TYPE_DSA_PUBLIC_KEY; 1505 else 1506 req_key_type = TEE_TYPE_DSA_KEYPAIR; 1507 break; 1508 case TEE_MAIN_ALGO_DH: 1509 req_key_type = TEE_TYPE_DH_KEYPAIR; 1510 break; 1511 default: 1512 return TEE_ERROR_BAD_PARAMETERS; 1513 } 1514 1515 if (req_key_type != o->info.objectType) 1516 return TEE_ERROR_BAD_PARAMETERS; 1517 return TEE_SUCCESS; 1518 } 1519 1520 TEE_Result tee_svc_cryp_state_alloc(uint32_t algo, uint32_t mode, 1521 uint32_t key1, uint32_t key2, 1522 uint32_t *state) 1523 { 1524 TEE_Result res; 1525 struct tee_cryp_state *cs; 1526 struct tee_ta_session *sess; 1527 struct tee_obj *o1 = NULL; 1528 struct tee_obj *o2 = NULL; 1529 1530 res = tee_ta_get_current_session(&sess); 1531 if (res != TEE_SUCCESS) 1532 return res; 1533 1534 if (key1 != 0) { 1535 res = tee_obj_get(sess->ctx, key1, &o1); 1536 if (res != TEE_SUCCESS) 1537 return res; 1538 if (o1->busy) 1539 return TEE_ERROR_BAD_PARAMETERS; 1540 res = tee_svc_cryp_check_key_type(o1, algo, mode); 1541 if (res != TEE_SUCCESS) 1542 return res; 1543 } 1544 if (key2 != 0) { 1545 res = tee_obj_get(sess->ctx, key2, &o2); 1546 if (res != TEE_SUCCESS) 1547 return res; 1548 if (o2->busy) 1549 return TEE_ERROR_BAD_PARAMETERS; 1550 res = tee_svc_cryp_check_key_type(o2, algo, mode); 1551 if (res != TEE_SUCCESS) 1552 return res; 1553 } 1554 1555 cs = calloc(1, sizeof(struct tee_cryp_state)); 1556 if (!cs) 1557 return TEE_ERROR_OUT_OF_MEMORY; 1558 TAILQ_INSERT_TAIL(&sess->ctx->cryp_states, cs, link); 1559 cs->algo = algo; 1560 cs->mode = mode; 1561 1562 switch (TEE_ALG_GET_CLASS(algo)) { 1563 case TEE_OPERATION_CIPHER: 1564 if ((algo == TEE_ALG_AES_XTS && (key1 == 0 || key2 == 0)) || 1565 (algo != TEE_ALG_AES_XTS && (key1 == 0 || key2 != 0))) { 1566 res = TEE_ERROR_BAD_PARAMETERS; 1567 } else { 1568 if (crypto_ops.cipher.get_ctx_size) 1569 res = crypto_ops.cipher.get_ctx_size(algo, 1570 &cs->ctx_size); 1571 else 1572 res = TEE_ERROR_NOT_IMPLEMENTED; 1573 if (res != TEE_SUCCESS) 1574 break; 1575 cs->ctx = calloc(1, cs->ctx_size); 1576 if (!cs->ctx) 1577 res = TEE_ERROR_OUT_OF_MEMORY; 1578 } 1579 break; 1580 case TEE_OPERATION_AE: 1581 if (key1 == 0 || key2 != 0) { 1582 res = TEE_ERROR_BAD_PARAMETERS; 1583 } else { 1584 if (crypto_ops.authenc.get_ctx_size) 1585 res = crypto_ops.authenc.get_ctx_size(algo, 1586 &cs->ctx_size); 1587 else 1588 res = TEE_ERROR_NOT_IMPLEMENTED; 1589 if (res != TEE_SUCCESS) 1590 break; 1591 cs->ctx = calloc(1, cs->ctx_size); 1592 if (!cs->ctx) 1593 res = TEE_ERROR_OUT_OF_MEMORY; 1594 } 1595 break; 1596 case TEE_OPERATION_MAC: 1597 if (key1 == 0 || key2 != 0) { 1598 res = TEE_ERROR_BAD_PARAMETERS; 1599 } else { 1600 if (crypto_ops.mac.get_ctx_size) 1601 res = crypto_ops.mac.get_ctx_size(algo, 1602 &cs->ctx_size); 1603 else 1604 res = TEE_ERROR_NOT_IMPLEMENTED; 1605 if (res != TEE_SUCCESS) 1606 break; 1607 cs->ctx = calloc(1, cs->ctx_size); 1608 if (!cs->ctx) 1609 res = TEE_ERROR_OUT_OF_MEMORY; 1610 } 1611 break; 1612 case TEE_OPERATION_DIGEST: 1613 if (key1 != 0 || key2 != 0) { 1614 res = TEE_ERROR_BAD_PARAMETERS; 1615 } else { 1616 if (crypto_ops.hash.get_ctx_size) 1617 res = crypto_ops.hash.get_ctx_size(algo, 1618 &cs->ctx_size); 1619 else 1620 res = TEE_ERROR_NOT_IMPLEMENTED; 1621 if (res != TEE_SUCCESS) 1622 break; 1623 cs->ctx = calloc(1, cs->ctx_size); 1624 if (!cs->ctx) 1625 res = TEE_ERROR_OUT_OF_MEMORY; 1626 } 1627 break; 1628 case TEE_OPERATION_ASYMMETRIC_CIPHER: 1629 case TEE_OPERATION_ASYMMETRIC_SIGNATURE: 1630 if (key1 == 0 || key2 != 0) 1631 res = TEE_ERROR_BAD_PARAMETERS; 1632 break; 1633 case TEE_OPERATION_KEY_DERIVATION: 1634 if (key1 == 0 || key2 != 0) 1635 res = TEE_ERROR_BAD_PARAMETERS; 1636 break; 1637 default: 1638 res = TEE_ERROR_NOT_SUPPORTED; 1639 break; 1640 } 1641 if (res != TEE_SUCCESS) 1642 goto out; 1643 1644 res = tee_svc_copy_to_user(sess, state, &cs, sizeof(uint32_t)); 1645 if (res != TEE_SUCCESS) 1646 goto out; 1647 1648 /* Register keys */ 1649 if (o1 != NULL) { 1650 o1->busy = true; 1651 cs->key1 = key1; 1652 } 1653 if (o2 != NULL) { 1654 o2->busy = true; 1655 cs->key2 = key2; 1656 } 1657 1658 out: 1659 if (res != TEE_SUCCESS) 1660 cryp_state_free(sess->ctx, cs); 1661 return res; 1662 } 1663 1664 TEE_Result tee_svc_cryp_state_copy(uint32_t dst, uint32_t src) 1665 { 1666 TEE_Result res; 1667 struct tee_cryp_state *cs_dst; 1668 struct tee_cryp_state *cs_src; 1669 struct tee_ta_session *sess; 1670 1671 res = tee_ta_get_current_session(&sess); 1672 if (res != TEE_SUCCESS) 1673 return res; 1674 1675 res = tee_svc_cryp_get_state(sess, dst, &cs_dst); 1676 if (res != TEE_SUCCESS) 1677 return res; 1678 res = tee_svc_cryp_get_state(sess, src, &cs_src); 1679 if (res != TEE_SUCCESS) 1680 return res; 1681 if (cs_dst->algo != cs_src->algo || cs_dst->mode != cs_src->mode) 1682 return TEE_ERROR_BAD_PARAMETERS; 1683 /* "Can't happen" */ 1684 if (cs_dst->ctx_size != cs_src->ctx_size) 1685 return TEE_ERROR_BAD_STATE; 1686 1687 memcpy(cs_dst->ctx, cs_src->ctx, cs_src->ctx_size); 1688 return TEE_SUCCESS; 1689 } 1690 1691 void tee_svc_cryp_free_states(struct tee_ta_ctx *ctx) 1692 { 1693 struct tee_cryp_state_head *states = &ctx->cryp_states; 1694 1695 while (!TAILQ_EMPTY(states)) 1696 cryp_state_free(ctx, TAILQ_FIRST(states)); 1697 } 1698 1699 TEE_Result tee_svc_cryp_state_free(uint32_t state) 1700 { 1701 TEE_Result res; 1702 struct tee_cryp_state *cs; 1703 struct tee_ta_session *sess; 1704 1705 res = tee_ta_get_current_session(&sess); 1706 if (res != TEE_SUCCESS) 1707 return res; 1708 1709 res = tee_svc_cryp_get_state(sess, state, &cs); 1710 if (res != TEE_SUCCESS) 1711 return res; 1712 cryp_state_free(sess->ctx, cs); 1713 return TEE_SUCCESS; 1714 } 1715 1716 /* iv and iv_len are ignored for some algorithms */ 1717 TEE_Result tee_svc_hash_init(uint32_t state, const void *iv __unused, 1718 size_t iv_len __unused) 1719 { 1720 TEE_Result res; 1721 struct tee_cryp_state *cs; 1722 struct tee_ta_session *sess; 1723 1724 res = tee_ta_get_current_session(&sess); 1725 if (res != TEE_SUCCESS) 1726 return res; 1727 1728 res = tee_svc_cryp_get_state(sess, state, &cs); 1729 if (res != TEE_SUCCESS) 1730 return res; 1731 1732 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1733 case TEE_OPERATION_DIGEST: 1734 if (!crypto_ops.hash.init) 1735 return TEE_ERROR_NOT_IMPLEMENTED; 1736 res = crypto_ops.hash.init(cs->ctx, cs->algo); 1737 if (res != TEE_SUCCESS) 1738 return res; 1739 break; 1740 case TEE_OPERATION_MAC: 1741 { 1742 struct tee_obj *o; 1743 struct tee_cryp_obj_secret *key; 1744 1745 res = tee_obj_get(sess->ctx, cs->key1, &o); 1746 if (res != TEE_SUCCESS) 1747 return res; 1748 if ((o->info.handleFlags & 1749 TEE_HANDLE_FLAG_INITIALIZED) == 0) 1750 return TEE_ERROR_BAD_PARAMETERS; 1751 1752 key = (struct tee_cryp_obj_secret *)o->data; 1753 if (!crypto_ops.mac.init) 1754 return TEE_ERROR_NOT_IMPLEMENTED; 1755 res = crypto_ops.mac.init(cs->ctx, cs->algo, 1756 (void *)(key + 1), 1757 key->key_size); 1758 if (res != TEE_SUCCESS) 1759 return res; 1760 break; 1761 } 1762 default: 1763 return TEE_ERROR_BAD_PARAMETERS; 1764 } 1765 1766 return TEE_SUCCESS; 1767 } 1768 1769 TEE_Result tee_svc_hash_update(uint32_t state, const void *chunk, 1770 size_t chunk_size) 1771 { 1772 TEE_Result res; 1773 struct tee_cryp_state *cs; 1774 struct tee_ta_session *sess; 1775 1776 /* No data, but size provided isn't valid parameters. */ 1777 if (!chunk && chunk_size) 1778 return TEE_ERROR_BAD_PARAMETERS; 1779 1780 /* Zero length hash is valid, but nothing we need to do. */ 1781 if (!chunk_size) 1782 return TEE_SUCCESS; 1783 1784 res = tee_ta_get_current_session(&sess); 1785 if (res != TEE_SUCCESS) 1786 return res; 1787 1788 res = tee_mmu_check_access_rights(sess->ctx, 1789 TEE_MEMORY_ACCESS_READ | 1790 TEE_MEMORY_ACCESS_ANY_OWNER, 1791 (tee_uaddr_t)chunk, chunk_size); 1792 if (res != TEE_SUCCESS) 1793 return res; 1794 1795 res = tee_svc_cryp_get_state(sess, state, &cs); 1796 if (res != TEE_SUCCESS) 1797 return res; 1798 1799 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1800 case TEE_OPERATION_DIGEST: 1801 if (!crypto_ops.hash.update) 1802 return TEE_ERROR_NOT_IMPLEMENTED; 1803 res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, 1804 chunk_size); 1805 if (res != TEE_SUCCESS) 1806 return res; 1807 break; 1808 case TEE_OPERATION_MAC: 1809 if (!crypto_ops.mac.update) 1810 return TEE_ERROR_NOT_IMPLEMENTED; 1811 res = crypto_ops.mac.update(cs->ctx, cs->algo, chunk, 1812 chunk_size); 1813 if (res != TEE_SUCCESS) 1814 return res; 1815 break; 1816 default: 1817 return TEE_ERROR_BAD_PARAMETERS; 1818 } 1819 1820 return TEE_SUCCESS; 1821 } 1822 1823 TEE_Result tee_svc_hash_final(uint32_t state, const void *chunk, 1824 size_t chunk_size, void *hash, size_t *hash_len) 1825 { 1826 TEE_Result res, res2; 1827 size_t hash_size; 1828 size_t hlen; 1829 struct tee_cryp_state *cs; 1830 struct tee_ta_session *sess; 1831 1832 /* No data, but size provided isn't valid parameters. */ 1833 if (!chunk && chunk_size) 1834 return TEE_ERROR_BAD_PARAMETERS; 1835 1836 res = tee_ta_get_current_session(&sess); 1837 if (res != TEE_SUCCESS) 1838 return res; 1839 1840 res = tee_mmu_check_access_rights(sess->ctx, 1841 TEE_MEMORY_ACCESS_READ | 1842 TEE_MEMORY_ACCESS_ANY_OWNER, 1843 (tee_uaddr_t)chunk, chunk_size); 1844 if (res != TEE_SUCCESS) 1845 return res; 1846 1847 res = tee_svc_copy_from_user(sess, &hlen, hash_len, sizeof(size_t)); 1848 if (res != TEE_SUCCESS) 1849 return res; 1850 1851 res = tee_mmu_check_access_rights(sess->ctx, 1852 TEE_MEMORY_ACCESS_READ | 1853 TEE_MEMORY_ACCESS_WRITE | 1854 TEE_MEMORY_ACCESS_ANY_OWNER, 1855 (tee_uaddr_t)hash, hlen); 1856 if (res != TEE_SUCCESS) 1857 return res; 1858 1859 res = tee_svc_cryp_get_state(sess, state, &cs); 1860 if (res != TEE_SUCCESS) 1861 return res; 1862 1863 switch (TEE_ALG_GET_CLASS(cs->algo)) { 1864 case TEE_OPERATION_DIGEST: 1865 if (!crypto_ops.hash.update || !crypto_ops.hash.final) 1866 return TEE_ERROR_NOT_IMPLEMENTED; 1867 res = tee_hash_get_digest_size(cs->algo, &hash_size); 1868 if (res != TEE_SUCCESS) 1869 return res; 1870 if (*hash_len < hash_size) { 1871 res = TEE_ERROR_SHORT_BUFFER; 1872 goto out; 1873 } 1874 1875 if (chunk_size) { 1876 res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, 1877 chunk_size); 1878 if (res != TEE_SUCCESS) 1879 return res; 1880 } 1881 1882 res = crypto_ops.hash.final(cs->ctx, cs->algo, hash, 1883 hash_size); 1884 if (res != TEE_SUCCESS) 1885 return res; 1886 break; 1887 1888 case TEE_OPERATION_MAC: 1889 if (!crypto_ops.mac.update || !crypto_ops.mac.final) 1890 return TEE_ERROR_NOT_IMPLEMENTED; 1891 res = tee_mac_get_digest_size(cs->algo, &hash_size); 1892 if (res != TEE_SUCCESS) 1893 return res; 1894 if (*hash_len < hash_size) { 1895 res = TEE_ERROR_SHORT_BUFFER; 1896 goto out; 1897 } 1898 1899 if (chunk_size) { 1900 res = crypto_ops.mac.update(cs->ctx, cs->algo, chunk, 1901 chunk_size); 1902 if (res != TEE_SUCCESS) 1903 return res; 1904 } 1905 1906 res = crypto_ops.mac.final(cs->ctx, cs->algo, hash, hash_size); 1907 if (res != TEE_SUCCESS) 1908 return res; 1909 break; 1910 1911 default: 1912 return TEE_ERROR_BAD_PARAMETERS; 1913 } 1914 out: 1915 res2 = 1916 tee_svc_copy_to_user(sess, hash_len, &hash_size, sizeof(*hash_len)); 1917 if (res2 != TEE_SUCCESS) 1918 return res2; 1919 return res; 1920 } 1921 1922 TEE_Result tee_svc_cipher_init(uint32_t state, const void *iv, size_t iv_len) 1923 { 1924 TEE_Result res; 1925 struct tee_cryp_state *cs; 1926 struct tee_ta_session *sess; 1927 struct tee_obj *o; 1928 struct tee_cryp_obj_secret *key1; 1929 1930 res = tee_ta_get_current_session(&sess); 1931 if (res != TEE_SUCCESS) 1932 return res; 1933 1934 res = tee_svc_cryp_get_state(sess, state, &cs); 1935 if (res != TEE_SUCCESS) 1936 return res; 1937 1938 res = tee_mmu_check_access_rights(sess->ctx, 1939 TEE_MEMORY_ACCESS_READ | 1940 TEE_MEMORY_ACCESS_ANY_OWNER, 1941 (tee_uaddr_t) iv, iv_len); 1942 if (res != TEE_SUCCESS) 1943 return res; 1944 1945 res = tee_obj_get(sess->ctx, cs->key1, &o); 1946 if (res != TEE_SUCCESS) 1947 return res; 1948 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1949 return TEE_ERROR_BAD_PARAMETERS; 1950 1951 key1 = (struct tee_cryp_obj_secret *)o->data; 1952 1953 if (!crypto_ops.cipher.init) 1954 return TEE_ERROR_NOT_IMPLEMENTED; 1955 1956 if (tee_obj_get(sess->ctx, cs->key2, &o) == TEE_SUCCESS) { 1957 struct tee_cryp_obj_secret *key2 = 1958 (struct tee_cryp_obj_secret *)o->data; 1959 1960 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1961 return TEE_ERROR_BAD_PARAMETERS; 1962 1963 res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, 1964 (uint8_t *)(key1 + 1), 1965 key1->key_size, 1966 (uint8_t *)(key2 + 1), 1967 key2->key_size, 1968 iv, iv_len); 1969 } else { 1970 res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, 1971 (uint8_t *)(key1 + 1), 1972 key1->key_size, 1973 NULL, 1974 0, 1975 iv, iv_len); 1976 } 1977 if (res != TEE_SUCCESS) 1978 return res; 1979 1980 cs->ctx_finalize = crypto_ops.cipher.final; 1981 return TEE_SUCCESS; 1982 } 1983 1984 static TEE_Result tee_svc_cipher_update_helper(uint32_t state, bool last_block, 1985 const void *src, size_t src_len, 1986 void *dst, size_t *dst_len) 1987 { 1988 TEE_Result res; 1989 struct tee_cryp_state *cs; 1990 struct tee_ta_session *sess; 1991 size_t dlen; 1992 1993 res = tee_ta_get_current_session(&sess); 1994 if (res != TEE_SUCCESS) 1995 return res; 1996 1997 res = tee_svc_cryp_get_state(sess, state, &cs); 1998 if (res != TEE_SUCCESS) 1999 return res; 2000 2001 res = tee_mmu_check_access_rights(sess->ctx, 2002 TEE_MEMORY_ACCESS_READ | 2003 TEE_MEMORY_ACCESS_ANY_OWNER, 2004 (tee_uaddr_t)src, src_len); 2005 if (res != TEE_SUCCESS) 2006 return res; 2007 2008 if (!dst_len) { 2009 dlen = 0; 2010 } else { 2011 res = 2012 tee_svc_copy_from_user(sess, &dlen, dst_len, 2013 sizeof(size_t)); 2014 if (res != TEE_SUCCESS) 2015 return res; 2016 2017 res = tee_mmu_check_access_rights(sess->ctx, 2018 TEE_MEMORY_ACCESS_READ | 2019 TEE_MEMORY_ACCESS_WRITE | 2020 TEE_MEMORY_ACCESS_ANY_OWNER, 2021 (tee_uaddr_t)dst, dlen); 2022 if (res != TEE_SUCCESS) 2023 return res; 2024 } 2025 2026 if (dlen < src_len) { 2027 res = TEE_ERROR_SHORT_BUFFER; 2028 goto out; 2029 } 2030 2031 if (src_len > 0) { 2032 /* Permit src_len == 0 to finalize the operation */ 2033 res = tee_do_cipher_update(cs->ctx, cs->algo, cs->mode, 2034 last_block, src, src_len, dst); 2035 } 2036 2037 if (last_block && cs->ctx_finalize != NULL) { 2038 cs->ctx_finalize(cs->ctx, cs->mode); 2039 cs->ctx_finalize = NULL; 2040 } 2041 2042 out: 2043 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 2044 dst_len != NULL) { 2045 TEE_Result res2 = tee_svc_copy_to_user(sess, dst_len, &src_len, 2046 sizeof(size_t)); 2047 if (res2 != TEE_SUCCESS) 2048 res = res2; 2049 } 2050 2051 return res; 2052 } 2053 2054 TEE_Result tee_svc_cipher_update(uint32_t state, const void *src, 2055 size_t src_len, void *dst, size_t *dst_len) 2056 { 2057 return tee_svc_cipher_update_helper(state, false /* last_block */, 2058 src, src_len, dst, dst_len); 2059 } 2060 2061 TEE_Result tee_svc_cipher_final(uint32_t state, const void *src, 2062 size_t src_len, void *dst, size_t *dst_len) 2063 { 2064 return tee_svc_cipher_update_helper(state, true /* last_block */, 2065 src, src_len, dst, dst_len); 2066 } 2067 2068 TEE_Result tee_svc_cryp_derive_key(uint32_t state, const TEE_Attribute *params, 2069 uint32_t param_count, uint32_t derived_key) 2070 { 2071 TEE_Result res; 2072 struct tee_ta_session *sess; 2073 struct tee_obj *ko; 2074 struct tee_obj *so; 2075 struct tee_cryp_state *cs; 2076 struct tee_cryp_obj_secret *sk; 2077 const struct tee_cryp_obj_type_props *type_props; 2078 struct bignum *publicvalue; 2079 struct bignum *sharedsecret; 2080 size_t alloc_size; 2081 2082 res = tee_ta_get_current_session(&sess); 2083 if (res != TEE_SUCCESS) 2084 return res; 2085 2086 res = tee_svc_cryp_get_state(sess, state, &cs); 2087 if (res != TEE_SUCCESS) 2088 return res; 2089 2090 if ((param_count != 1) || 2091 (params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE)) 2092 return TEE_ERROR_BAD_PARAMETERS; 2093 2094 /* get key set in operation */ 2095 res = tee_obj_get(sess->ctx, cs->key1, &ko); 2096 if (res != TEE_SUCCESS) 2097 return res; 2098 2099 res = tee_obj_get(sess->ctx, derived_key, &so); 2100 if (res != TEE_SUCCESS) 2101 return res; 2102 2103 /* find information needed about the object to initialize */ 2104 sk = (struct tee_cryp_obj_secret *)so->data; 2105 2106 /* Find description of object */ 2107 type_props = tee_svc_find_type_props(so->info.objectType); 2108 if (!type_props) 2109 return TEE_ERROR_NOT_SUPPORTED; 2110 2111 /* extract information from the attributes passed to the function */ 2112 alloc_size = params[0].content.ref.length * 8; 2113 publicvalue = crypto_ops.bignum.allocate(alloc_size); 2114 sharedsecret = crypto_ops.bignum.allocate(alloc_size); 2115 if (!publicvalue || !sharedsecret) 2116 return TEE_ERROR_OUT_OF_MEMORY; 2117 if (!crypto_ops.bignum.bin2bn || 2118 !crypto_ops.acipher.dh_shared_secret || 2119 !crypto_ops.bignum.num_bytes || 2120 !crypto_ops.bignum.bn2bin) 2121 return TEE_ERROR_NOT_IMPLEMENTED; 2122 crypto_ops.bignum.bin2bn(params[0].content.ref.buffer, 2123 params[0].content.ref.length, 2124 publicvalue); 2125 res = crypto_ops.acipher.dh_shared_secret(ko->data, publicvalue, 2126 sharedsecret); 2127 if (res == TEE_SUCCESS) { 2128 sk->key_size = crypto_ops.bignum.num_bytes(sharedsecret); 2129 crypto_ops.bignum.bn2bin(sharedsecret, (uint8_t *)(sk + 1)); 2130 so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; 2131 SET_ATTRIBUTE(so, type_props, TEE_ATTR_SECRET_VALUE); 2132 } 2133 return res; 2134 } 2135 2136 TEE_Result tee_svc_cryp_random_number_generate(void *buf, size_t blen) 2137 { 2138 TEE_Result res; 2139 struct tee_ta_session *sess; 2140 2141 res = tee_ta_get_current_session(&sess); 2142 if (res != TEE_SUCCESS) 2143 return res; 2144 2145 res = tee_mmu_check_access_rights(sess->ctx, 2146 TEE_MEMORY_ACCESS_WRITE | 2147 TEE_MEMORY_ACCESS_ANY_OWNER, 2148 (tee_uaddr_t)buf, blen); 2149 if (res != TEE_SUCCESS) 2150 return res; 2151 2152 res = get_rng_array(buf, blen); 2153 if (res != TEE_SUCCESS) 2154 return res; 2155 2156 return res; 2157 } 2158 2159 TEE_Result tee_svc_authenc_init(uint32_t state, const void *nonce, 2160 size_t nonce_len, size_t tag_len, 2161 size_t aad_len, size_t payload_len) 2162 { 2163 TEE_Result res; 2164 struct tee_cryp_state *cs; 2165 struct tee_ta_session *sess; 2166 struct tee_obj *o; 2167 struct tee_cryp_obj_secret *key; 2168 2169 res = tee_ta_get_current_session(&sess); 2170 if (res != TEE_SUCCESS) 2171 return res; 2172 2173 res = tee_svc_cryp_get_state(sess, state, &cs); 2174 if (res != TEE_SUCCESS) 2175 return res; 2176 2177 res = tee_obj_get(sess->ctx, cs->key1, &o); 2178 if (res != TEE_SUCCESS) 2179 return res; 2180 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2181 return TEE_ERROR_BAD_PARAMETERS; 2182 2183 if (!crypto_ops.authenc.init) 2184 return TEE_ERROR_NOT_IMPLEMENTED; 2185 key = (struct tee_cryp_obj_secret *)o->data; 2186 res = crypto_ops.authenc.init(cs->ctx, cs->algo, cs->mode, 2187 (uint8_t *)(key + 1), key->key_size, 2188 nonce, nonce_len, tag_len, aad_len, 2189 payload_len); 2190 if (res != TEE_SUCCESS) 2191 return res; 2192 2193 cs->ctx_finalize = (tee_cryp_ctx_finalize_func_t) 2194 crypto_ops.authenc.final; 2195 return TEE_SUCCESS; 2196 } 2197 2198 TEE_Result tee_svc_authenc_update_aad(uint32_t state, const void *aad_data, 2199 size_t aad_data_len) 2200 { 2201 TEE_Result res; 2202 struct tee_cryp_state *cs; 2203 struct tee_ta_session *sess; 2204 2205 res = tee_ta_get_current_session(&sess); 2206 if (res != TEE_SUCCESS) 2207 return res; 2208 2209 res = tee_mmu_check_access_rights(sess->ctx, 2210 TEE_MEMORY_ACCESS_READ | 2211 TEE_MEMORY_ACCESS_ANY_OWNER, 2212 (tee_uaddr_t) aad_data, 2213 aad_data_len); 2214 if (res != TEE_SUCCESS) 2215 return res; 2216 2217 res = tee_svc_cryp_get_state(sess, state, &cs); 2218 if (res != TEE_SUCCESS) 2219 return res; 2220 2221 if (!crypto_ops.authenc.update_aad) 2222 return TEE_ERROR_NOT_IMPLEMENTED; 2223 res = crypto_ops.authenc.update_aad(cs->ctx, cs->algo, cs->mode, 2224 aad_data, aad_data_len); 2225 if (res != TEE_SUCCESS) 2226 return res; 2227 2228 return TEE_SUCCESS; 2229 } 2230 2231 TEE_Result tee_svc_authenc_update_payload(uint32_t state, const void *src_data, 2232 size_t src_len, void *dst_data, 2233 size_t *dst_len) 2234 { 2235 TEE_Result res; 2236 struct tee_cryp_state *cs; 2237 struct tee_ta_session *sess; 2238 size_t dlen; 2239 2240 res = tee_ta_get_current_session(&sess); 2241 if (res != TEE_SUCCESS) 2242 return res; 2243 2244 res = tee_svc_cryp_get_state(sess, state, &cs); 2245 if (res != TEE_SUCCESS) 2246 return res; 2247 2248 res = tee_mmu_check_access_rights(sess->ctx, 2249 TEE_MEMORY_ACCESS_READ | 2250 TEE_MEMORY_ACCESS_ANY_OWNER, 2251 (tee_uaddr_t) src_data, src_len); 2252 if (res != TEE_SUCCESS) 2253 return res; 2254 2255 res = tee_svc_copy_from_user(sess, &dlen, dst_len, sizeof(size_t)); 2256 if (res != TEE_SUCCESS) 2257 return res; 2258 2259 res = tee_mmu_check_access_rights(sess->ctx, 2260 TEE_MEMORY_ACCESS_READ | 2261 TEE_MEMORY_ACCESS_WRITE | 2262 TEE_MEMORY_ACCESS_ANY_OWNER, 2263 (tee_uaddr_t)dst_data, dlen); 2264 if (res != TEE_SUCCESS) 2265 return res; 2266 2267 if (dlen < src_len) { 2268 res = TEE_ERROR_SHORT_BUFFER; 2269 goto out; 2270 } 2271 2272 if (!crypto_ops.authenc.update_payload) 2273 return TEE_ERROR_NOT_IMPLEMENTED; 2274 res = crypto_ops.authenc.update_payload(cs->ctx, cs->algo, cs->mode, 2275 src_data, src_len, dst_data, 2276 &dlen); 2277 2278 out: 2279 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2280 TEE_Result res2 = tee_svc_copy_to_user(sess, dst_len, &dlen, 2281 sizeof(size_t)); 2282 if (res2 != TEE_SUCCESS) 2283 res = res2; 2284 } 2285 2286 return res; 2287 } 2288 2289 TEE_Result tee_svc_authenc_enc_final(uint32_t state, const void *src_data, 2290 size_t src_len, void *dst_data, 2291 size_t *dst_len, void *tag, 2292 size_t *tag_len) 2293 { 2294 TEE_Result res; 2295 struct tee_cryp_state *cs; 2296 struct tee_ta_session *sess; 2297 size_t dlen; 2298 size_t tlen; 2299 2300 res = tee_ta_get_current_session(&sess); 2301 if (res != TEE_SUCCESS) 2302 return res; 2303 2304 res = tee_svc_cryp_get_state(sess, state, &cs); 2305 if (res != TEE_SUCCESS) 2306 return res; 2307 2308 if (cs->mode != TEE_MODE_ENCRYPT) 2309 return TEE_ERROR_BAD_PARAMETERS; 2310 2311 res = tee_mmu_check_access_rights(sess->ctx, 2312 TEE_MEMORY_ACCESS_READ | 2313 TEE_MEMORY_ACCESS_ANY_OWNER, 2314 (tee_uaddr_t)src_data, src_len); 2315 if (res != TEE_SUCCESS) 2316 return res; 2317 2318 if (!dst_len) { 2319 dlen = 0; 2320 } else { 2321 res = 2322 tee_svc_copy_from_user(sess, &dlen, dst_len, 2323 sizeof(size_t)); 2324 if (res != TEE_SUCCESS) 2325 return res; 2326 2327 res = tee_mmu_check_access_rights(sess->ctx, 2328 TEE_MEMORY_ACCESS_READ | 2329 TEE_MEMORY_ACCESS_WRITE | 2330 TEE_MEMORY_ACCESS_ANY_OWNER, 2331 (tee_uaddr_t)dst_data, dlen); 2332 if (res != TEE_SUCCESS) 2333 return res; 2334 } 2335 2336 if (dlen < src_len) { 2337 res = TEE_ERROR_SHORT_BUFFER; 2338 goto out; 2339 } 2340 2341 res = tee_svc_copy_from_user(sess, &tlen, tag_len, sizeof(size_t)); 2342 if (res != TEE_SUCCESS) 2343 return res; 2344 2345 res = tee_mmu_check_access_rights(sess->ctx, 2346 TEE_MEMORY_ACCESS_READ | 2347 TEE_MEMORY_ACCESS_WRITE | 2348 TEE_MEMORY_ACCESS_ANY_OWNER, 2349 (tee_uaddr_t)tag, tlen); 2350 if (res != TEE_SUCCESS) 2351 return res; 2352 2353 if (!crypto_ops.authenc.enc_final) 2354 return TEE_ERROR_NOT_IMPLEMENTED; 2355 res = crypto_ops.authenc.enc_final(cs->ctx, cs->algo, src_data, 2356 src_len, dst_data, &dlen, tag, 2357 &tlen); 2358 2359 out: 2360 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2361 TEE_Result res2; 2362 2363 if (dst_len != NULL) { 2364 res2 = tee_svc_copy_to_user(sess, dst_len, &dlen, 2365 sizeof(size_t)); 2366 if (res2 != TEE_SUCCESS) 2367 return res2; 2368 } 2369 2370 res2 = 2371 tee_svc_copy_to_user(sess, tag_len, &tlen, sizeof(size_t)); 2372 if (res2 != TEE_SUCCESS) 2373 return res2; 2374 } 2375 2376 return res; 2377 } 2378 2379 TEE_Result tee_svc_authenc_dec_final(uint32_t state, const void *src_data, 2380 size_t src_len, void *dst_data, 2381 size_t *dst_len, const void *tag, 2382 size_t tag_len) 2383 { 2384 TEE_Result res; 2385 struct tee_cryp_state *cs; 2386 struct tee_ta_session *sess; 2387 size_t dlen; 2388 2389 res = tee_ta_get_current_session(&sess); 2390 if (res != TEE_SUCCESS) 2391 return res; 2392 2393 res = tee_svc_cryp_get_state(sess, state, &cs); 2394 if (res != TEE_SUCCESS) 2395 return res; 2396 2397 if (cs->mode != TEE_MODE_DECRYPT) 2398 return TEE_ERROR_BAD_PARAMETERS; 2399 2400 res = tee_mmu_check_access_rights(sess->ctx, 2401 TEE_MEMORY_ACCESS_READ | 2402 TEE_MEMORY_ACCESS_ANY_OWNER, 2403 (tee_uaddr_t)src_data, src_len); 2404 if (res != TEE_SUCCESS) 2405 return res; 2406 2407 if (!dst_len) { 2408 dlen = 0; 2409 } else { 2410 res = 2411 tee_svc_copy_from_user(sess, &dlen, dst_len, 2412 sizeof(size_t)); 2413 if (res != TEE_SUCCESS) 2414 return res; 2415 2416 res = tee_mmu_check_access_rights(sess->ctx, 2417 TEE_MEMORY_ACCESS_READ | 2418 TEE_MEMORY_ACCESS_WRITE | 2419 TEE_MEMORY_ACCESS_ANY_OWNER, 2420 (tee_uaddr_t)dst_data, dlen); 2421 if (res != TEE_SUCCESS) 2422 return res; 2423 } 2424 2425 if (dlen < src_len) { 2426 res = TEE_ERROR_SHORT_BUFFER; 2427 goto out; 2428 } 2429 2430 res = tee_mmu_check_access_rights(sess->ctx, 2431 TEE_MEMORY_ACCESS_READ | 2432 TEE_MEMORY_ACCESS_ANY_OWNER, 2433 (tee_uaddr_t)tag, tag_len); 2434 if (res != TEE_SUCCESS) 2435 return res; 2436 2437 if (!crypto_ops.authenc.dec_final) 2438 return TEE_ERROR_NOT_IMPLEMENTED; 2439 res = crypto_ops.authenc.dec_final(cs->ctx, cs->algo, src_data, 2440 src_len, dst_data, &dlen, tag, 2441 tag_len); 2442 2443 out: 2444 if ((res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) && 2445 dst_len != NULL) { 2446 TEE_Result res2; 2447 2448 res2 = 2449 tee_svc_copy_to_user(sess, dst_len, &dlen, 2450 sizeof(size_t)); 2451 if (res2 != TEE_SUCCESS) 2452 return res2; 2453 } 2454 2455 return res; 2456 } 2457 2458 static void tee_svc_asymm_pkcs1_get_salt_len(const TEE_Attribute *params, 2459 uint32_t num_params, int *salt_len) 2460 { 2461 size_t n; 2462 2463 for (n = 0; n < num_params; n++) { 2464 if (params[n].attributeID == TEE_ATTR_RSA_PSS_SALT_LENGTH) { 2465 *salt_len = params[n].content.value.a; 2466 return; 2467 } 2468 } 2469 *salt_len = -1; 2470 } 2471 2472 TEE_Result tee_svc_asymm_operate(uint32_t state, const TEE_Attribute *params, 2473 uint32_t num_params, const void *src_data, 2474 size_t src_len, void *dst_data, 2475 size_t *dst_len) 2476 { 2477 TEE_Result res; 2478 struct tee_cryp_state *cs; 2479 struct tee_ta_session *sess; 2480 size_t dlen; 2481 struct tee_obj *o; 2482 void *label = NULL; 2483 size_t label_len = 0; 2484 size_t n; 2485 int salt_len; 2486 2487 res = tee_ta_get_current_session(&sess); 2488 if (res != TEE_SUCCESS) 2489 return res; 2490 2491 res = tee_svc_cryp_get_state(sess, state, &cs); 2492 if (res != TEE_SUCCESS) 2493 return res; 2494 2495 res = tee_mmu_check_access_rights( 2496 sess->ctx, 2497 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, 2498 (tee_uaddr_t) src_data, src_len); 2499 if (res != TEE_SUCCESS) 2500 return res; 2501 2502 res = tee_svc_copy_from_user(sess, &dlen, dst_len, sizeof(size_t)); 2503 if (res != TEE_SUCCESS) 2504 return res; 2505 2506 res = tee_mmu_check_access_rights( 2507 sess->ctx, 2508 TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_WRITE | 2509 TEE_MEMORY_ACCESS_ANY_OWNER, 2510 (tee_uaddr_t) dst_data, dlen); 2511 if (res != TEE_SUCCESS) 2512 return res; 2513 2514 res = tee_obj_get(sess->ctx, cs->key1, &o); 2515 if (res != TEE_SUCCESS) 2516 return res; 2517 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2518 return TEE_ERROR_GENERIC; 2519 2520 switch (cs->algo) { 2521 case TEE_ALG_RSA_NOPAD: 2522 if (cs->mode == TEE_MODE_ENCRYPT) { 2523 if (crypto_ops.acipher.rsanopad_encrypt) 2524 res = crypto_ops.acipher.rsanopad_encrypt( 2525 o->data, src_data, src_len, 2526 dst_data, &dlen); 2527 else 2528 res = TEE_ERROR_NOT_IMPLEMENTED; 2529 } else if (cs->mode == TEE_MODE_DECRYPT) { 2530 if (crypto_ops.acipher.rsanopad_decrypt) 2531 res = crypto_ops.acipher.rsanopad_decrypt( 2532 o->data, src_data, src_len, dst_data, 2533 &dlen); 2534 else 2535 res = TEE_ERROR_NOT_IMPLEMENTED; 2536 } else { 2537 /* 2538 * We will panic because "the mode is not compatible 2539 * with the function" 2540 */ 2541 return TEE_ERROR_GENERIC; 2542 } 2543 break; 2544 2545 case TEE_ALG_RSAES_PKCS1_V1_5: 2546 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 2547 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 2548 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 2549 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 2550 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 2551 for (n = 0; n < num_params; n++) { 2552 if (params[n].attributeID == TEE_ATTR_RSA_OAEP_LABEL) { 2553 label = params[n].content.ref.buffer; 2554 label_len = params[n].content.ref.length; 2555 break; 2556 } 2557 } 2558 2559 if (cs->mode == TEE_MODE_ENCRYPT) { 2560 if (crypto_ops.acipher.rsaes_encrypt) 2561 res = crypto_ops.acipher.rsaes_encrypt( 2562 cs->algo, o->data, label, label_len, 2563 src_data, src_len, dst_data, &dlen); 2564 else 2565 res = TEE_ERROR_NOT_IMPLEMENTED; 2566 } else if (cs->mode == TEE_MODE_DECRYPT) { 2567 if (crypto_ops.acipher.rsaes_decrypt) 2568 res = crypto_ops.acipher.rsaes_decrypt( 2569 cs->algo, o->data, 2570 label, label_len, 2571 src_data, src_len, dst_data, &dlen); 2572 else 2573 res = TEE_ERROR_NOT_IMPLEMENTED; 2574 } else { 2575 res = TEE_ERROR_BAD_PARAMETERS; 2576 } 2577 break; 2578 2579 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 2580 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 2581 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 2582 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 2583 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 2584 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 2585 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 2586 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 2587 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 2588 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 2589 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 2590 if (cs->mode != TEE_MODE_SIGN) { 2591 res = TEE_ERROR_BAD_PARAMETERS; 2592 break; 2593 } 2594 tee_svc_asymm_pkcs1_get_salt_len(params, num_params, &salt_len); 2595 2596 if (!crypto_ops.acipher.rsassa_sign) { 2597 res = TEE_ERROR_NOT_IMPLEMENTED; 2598 break; 2599 } 2600 res = crypto_ops.acipher.rsassa_sign(cs->algo, o->data, 2601 salt_len, src_data, 2602 src_len, dst_data, &dlen); 2603 break; 2604 2605 case TEE_ALG_DSA_SHA1: 2606 if (!crypto_ops.acipher.dsa_sign) { 2607 res = TEE_ERROR_NOT_IMPLEMENTED; 2608 break; 2609 } 2610 res = crypto_ops.acipher.dsa_sign(cs->algo, o->data, src_data, 2611 src_len, dst_data, &dlen); 2612 break; 2613 2614 default: 2615 res = TEE_ERROR_BAD_PARAMETERS; 2616 break; 2617 } 2618 2619 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 2620 TEE_Result res2; 2621 2622 res2 = 2623 tee_svc_copy_to_user(sess, dst_len, &dlen, sizeof(size_t)); 2624 if (res2 != TEE_SUCCESS) 2625 return res2; 2626 } 2627 2628 return res; 2629 } 2630 2631 TEE_Result tee_svc_asymm_verify(uint32_t state, const TEE_Attribute *params, 2632 uint32_t num_params, const void *data, 2633 size_t data_len, const void *sig, 2634 size_t sig_len) 2635 { 2636 TEE_Result res; 2637 struct tee_cryp_state *cs; 2638 struct tee_ta_session *sess; 2639 struct tee_obj *o; 2640 size_t hash_size; 2641 int salt_len; 2642 2643 res = tee_ta_get_current_session(&sess); 2644 if (res != TEE_SUCCESS) 2645 return res; 2646 2647 res = tee_svc_cryp_get_state(sess, state, &cs); 2648 if (res != TEE_SUCCESS) 2649 return res; 2650 2651 if (cs->mode != TEE_MODE_VERIFY) 2652 return TEE_ERROR_BAD_PARAMETERS; 2653 2654 res = tee_mmu_check_access_rights(sess->ctx, 2655 TEE_MEMORY_ACCESS_READ | 2656 TEE_MEMORY_ACCESS_ANY_OWNER, 2657 (tee_uaddr_t)data, data_len); 2658 if (res != TEE_SUCCESS) 2659 return res; 2660 2661 res = tee_mmu_check_access_rights(sess->ctx, 2662 TEE_MEMORY_ACCESS_READ | 2663 TEE_MEMORY_ACCESS_ANY_OWNER, 2664 (tee_uaddr_t)sig, sig_len); 2665 if (res != TEE_SUCCESS) 2666 return res; 2667 2668 res = tee_obj_get(sess->ctx, cs->key1, &o); 2669 if (res != TEE_SUCCESS) 2670 return res; 2671 if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) 2672 return TEE_ERROR_BAD_PARAMETERS; 2673 2674 res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(cs->algo), 2675 &hash_size); 2676 if (res != TEE_SUCCESS) 2677 return res; 2678 2679 if (data_len != hash_size) 2680 return TEE_ERROR_BAD_PARAMETERS; 2681 2682 switch (TEE_ALG_GET_MAIN_ALG(cs->algo)) { 2683 case TEE_MAIN_ALGO_RSA: 2684 tee_svc_asymm_pkcs1_get_salt_len(params, num_params, &salt_len); 2685 if (!crypto_ops.acipher.rsassa_verify) { 2686 res = TEE_ERROR_NOT_IMPLEMENTED; 2687 break; 2688 } 2689 res = crypto_ops.acipher.rsassa_verify(cs->algo, o->data, 2690 salt_len, data, 2691 data_len, sig, sig_len); 2692 break; 2693 2694 case TEE_MAIN_ALGO_DSA: 2695 if (!crypto_ops.acipher.dsa_verify) { 2696 res = TEE_ERROR_NOT_IMPLEMENTED; 2697 break; 2698 } 2699 res = crypto_ops.acipher.dsa_verify(cs->algo, o->data, data, 2700 data_len, sig, sig_len); 2701 break; 2702 2703 default: 2704 res = TEE_ERROR_NOT_SUPPORTED; 2705 } 2706 2707 return res; 2708 } 2709