1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2014, STMicroelectronics International N.V.
4 * Copyright (c) 2021, SumUp Services GmbH
5 */
6 #include <assert.h>
7 #include <config.h>
8 #include <stdlib.h>
9 #include <string.h>
10 #include <string_ext.h>
11 #include <tee_api.h>
12 #include <tee_api_defines_extensions.h>
13 #include <tee_internal_api_extensions.h>
14 #include <utee_syscalls.h>
15 #include <utee_defines.h>
16 #include <util.h>
17 #include "tee_api_private.h"
18
19 struct __TEE_OperationHandle {
20 TEE_OperationInfo info;
21 TEE_ObjectHandle key1;
22 TEE_ObjectHandle key2;
23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */
24
25 /*
26 * buffer to collect complete blocks or to keep a complete digest
27 * for TEE_DigestExtract().
28 */
29 uint8_t *buffer;
30 bool buffer_two_blocks; /* True if two blocks need to be buffered */
31 size_t block_size; /* Block size of cipher */
32 size_t buffer_offs; /* Offset in buffer */
33 uint32_t state; /* Handle to state in TEE Core */
34 };
35
36 /* Cryptographic Operations API - Generic Operation Functions */
37
TEE_AllocateOperation(TEE_OperationHandle * operation,uint32_t algorithm,uint32_t mode,uint32_t maxKeySize)38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation,
39 uint32_t algorithm, uint32_t mode,
40 uint32_t maxKeySize)
41 {
42 TEE_Result res;
43 TEE_OperationHandle op = TEE_HANDLE_NULL;
44 uint32_t handle_state = 0;
45 size_t block_size = 1;
46 uint32_t req_key_usage;
47 bool with_private_key = false;
48 bool buffer_two_blocks = false;
49
50 if (!operation)
51 TEE_Panic(0);
52
53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP ||
54 algorithm == TEE_ALG_SM4_XTS)
55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
56
57 /* Check algorithm max key size */
58 switch (algorithm) {
59 case TEE_ALG_DSA_SHA1:
60 if (maxKeySize < 512)
61 return TEE_ERROR_NOT_SUPPORTED;
62 if (maxKeySize > 1024)
63 return TEE_ERROR_NOT_SUPPORTED;
64 if (maxKeySize % 64 != 0)
65 return TEE_ERROR_NOT_SUPPORTED;
66 break;
67
68 case TEE_ALG_DSA_SHA224:
69 if (maxKeySize != 2048)
70 return TEE_ERROR_NOT_SUPPORTED;
71 break;
72
73 case TEE_ALG_DSA_SHA256:
74 if (maxKeySize != 2048 && maxKeySize != 3072)
75 return TEE_ERROR_NOT_SUPPORTED;
76 break;
77
78 case TEE_ALG_ECDSA_SHA1:
79 case __OPTEE_ALG_ECDSA_P192:
80 case __OPTEE_ALG_ECDH_P192:
81 if (maxKeySize != 192)
82 return TEE_ERROR_NOT_SUPPORTED;
83 break;
84
85 case TEE_ALG_ECDSA_SHA224:
86 case __OPTEE_ALG_ECDSA_P224:
87 case __OPTEE_ALG_ECDH_P224:
88 if (maxKeySize != 224)
89 return TEE_ERROR_NOT_SUPPORTED;
90 break;
91
92 case TEE_ALG_ECDSA_SHA256:
93 case __OPTEE_ALG_ECDSA_P256:
94 case __OPTEE_ALG_ECDH_P256:
95 case TEE_ALG_SM2_PKE:
96 case TEE_ALG_SM2_DSA_SM3:
97 if (maxKeySize != 256)
98 return TEE_ERROR_NOT_SUPPORTED;
99 break;
100
101 case TEE_ALG_SM2_KEP:
102 /* Two 256-bit keys */
103 if (maxKeySize != 512)
104 return TEE_ERROR_NOT_SUPPORTED;
105 break;
106
107 case TEE_ALG_ECDSA_SHA384:
108 case __OPTEE_ALG_ECDSA_P384:
109 case __OPTEE_ALG_ECDH_P384:
110 if (maxKeySize != 384)
111 return TEE_ERROR_NOT_SUPPORTED;
112 break;
113
114 case TEE_ALG_ECDSA_SHA512:
115 case __OPTEE_ALG_ECDSA_P521:
116 case __OPTEE_ALG_ECDH_P521:
117 if (maxKeySize != 521)
118 return TEE_ERROR_NOT_SUPPORTED;
119 break;
120
121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
122 if (maxKeySize > 521)
123 return TEE_ERROR_NOT_SUPPORTED;
124 break;
125
126 case TEE_ALG_ED25519:
127 case TEE_ALG_X25519:
128 if (maxKeySize != 256)
129 return TEE_ERROR_NOT_SUPPORTED;
130 break;
131 default:
132 break;
133 }
134
135 /* Check algorithm mode */
136 switch (algorithm) {
137 case TEE_ALG_AES_CTS:
138 case TEE_ALG_AES_XTS:
139 case TEE_ALG_SM4_XTS:
140 buffer_two_blocks = true;
141 fallthrough;
142 case TEE_ALG_AES_ECB_NOPAD:
143 case TEE_ALG_AES_CBC_NOPAD:
144 case TEE_ALG_AES_CCM:
145 case TEE_ALG_DES_ECB_NOPAD:
146 case TEE_ALG_DES_CBC_NOPAD:
147 case TEE_ALG_DES3_ECB_NOPAD:
148 case TEE_ALG_DES3_CBC_NOPAD:
149 case TEE_ALG_SM4_ECB_NOPAD:
150 case TEE_ALG_SM4_CBC_NOPAD:
151 case TEE_ALG_SM4_CTR:
152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES)
153 block_size = TEE_AES_BLOCK_SIZE;
154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4)
155 block_size = TEE_SM4_BLOCK_SIZE;
156 else
157 block_size = TEE_DES_BLOCK_SIZE;
158 fallthrough;
159 case TEE_ALG_AES_CTR:
160 case TEE_ALG_AES_GCM:
161 if (mode == TEE_MODE_ENCRYPT)
162 req_key_usage = TEE_USAGE_ENCRYPT;
163 else if (mode == TEE_MODE_DECRYPT)
164 req_key_usage = TEE_USAGE_DECRYPT;
165 else
166 return TEE_ERROR_NOT_SUPPORTED;
167 break;
168
169 #if defined(CFG_CRYPTO_RSASSA_NA1)
170 case TEE_ALG_RSASSA_PKCS1_V1_5:
171 #endif
172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5:
179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
183 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
184 case TEE_ALG_DSA_SHA1:
185 case TEE_ALG_DSA_SHA224:
186 case TEE_ALG_DSA_SHA256:
187 case TEE_ALG_ECDSA_SHA1:
188 case TEE_ALG_ECDSA_SHA224:
189 case TEE_ALG_ECDSA_SHA256:
190 case TEE_ALG_ECDSA_SHA384:
191 case TEE_ALG_ECDSA_SHA512:
192 case __OPTEE_ALG_ECDSA_P192:
193 case __OPTEE_ALG_ECDSA_P224:
194 case __OPTEE_ALG_ECDSA_P256:
195 case __OPTEE_ALG_ECDSA_P384:
196 case __OPTEE_ALG_ECDSA_P521:
197 case TEE_ALG_SM2_DSA_SM3:
198 case TEE_ALG_ED25519:
199 if (mode == TEE_MODE_SIGN) {
200 with_private_key = true;
201 req_key_usage = TEE_USAGE_SIGN;
202 } else if (mode == TEE_MODE_VERIFY) {
203 req_key_usage = TEE_USAGE_VERIFY;
204 } else {
205 return TEE_ERROR_NOT_SUPPORTED;
206 }
207 break;
208
209 case TEE_ALG_RSAES_PKCS1_V1_5:
210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5:
211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
214 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
215 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
216 case TEE_ALG_SM2_PKE:
217 if (mode == TEE_MODE_ENCRYPT) {
218 req_key_usage = TEE_USAGE_ENCRYPT;
219 } else if (mode == TEE_MODE_DECRYPT) {
220 with_private_key = true;
221 req_key_usage = TEE_USAGE_DECRYPT;
222 } else {
223 return TEE_ERROR_NOT_SUPPORTED;
224 }
225 break;
226
227 case TEE_ALG_RSA_NOPAD:
228 if (mode == TEE_MODE_ENCRYPT) {
229 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY;
230 } else if (mode == TEE_MODE_DECRYPT) {
231 with_private_key = true;
232 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN;
233 } else {
234 return TEE_ERROR_NOT_SUPPORTED;
235 }
236 break;
237
238 case TEE_ALG_DH_DERIVE_SHARED_SECRET:
239 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
240 case __OPTEE_ALG_ECDH_P192:
241 case __OPTEE_ALG_ECDH_P224:
242 case __OPTEE_ALG_ECDH_P256:
243 case __OPTEE_ALG_ECDH_P384:
244 case __OPTEE_ALG_ECDH_P521:
245 case TEE_ALG_HKDF_MD5_DERIVE_KEY:
246 case TEE_ALG_HKDF_SHA1_DERIVE_KEY:
247 case TEE_ALG_HKDF_SHA224_DERIVE_KEY:
248 case TEE_ALG_HKDF_SHA256_DERIVE_KEY:
249 case TEE_ALG_HKDF_SHA384_DERIVE_KEY:
250 case TEE_ALG_HKDF_SHA512_DERIVE_KEY:
251 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY:
252 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY:
253 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY:
254 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY:
255 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY:
256 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY:
257 case TEE_ALG_SM2_KEP:
258 case TEE_ALG_X25519:
259 if (mode != TEE_MODE_DERIVE)
260 return TEE_ERROR_NOT_SUPPORTED;
261 with_private_key = true;
262 req_key_usage = TEE_USAGE_DERIVE;
263 break;
264
265 case TEE_ALG_MD5:
266 case TEE_ALG_SHA1:
267 case TEE_ALG_SHA224:
268 case TEE_ALG_SHA256:
269 case TEE_ALG_SHA384:
270 case TEE_ALG_SHA512:
271 case TEE_ALG_SHA3_224:
272 case TEE_ALG_SHA3_256:
273 case TEE_ALG_SHA3_384:
274 case TEE_ALG_SHA3_512:
275 case TEE_ALG_SHAKE128:
276 case TEE_ALG_SHAKE256:
277 case TEE_ALG_SM3:
278 if (mode != TEE_MODE_DIGEST)
279 return TEE_ERROR_NOT_SUPPORTED;
280 /* v1.1: flags always set for digest operations */
281 handle_state |= TEE_HANDLE_FLAG_KEY_SET;
282 req_key_usage = 0;
283 break;
284
285 case TEE_ALG_DES_CBC_MAC_NOPAD:
286 case TEE_ALG_AES_CBC_MAC_NOPAD:
287 case TEE_ALG_AES_CBC_MAC_PKCS5:
288 case TEE_ALG_AES_CMAC:
289 case TEE_ALG_DES_CBC_MAC_PKCS5:
290 case TEE_ALG_DES3_CBC_MAC_NOPAD:
291 case TEE_ALG_DES3_CBC_MAC_PKCS5:
292 case TEE_ALG_DES3_CMAC:
293 case TEE_ALG_HMAC_MD5:
294 case TEE_ALG_HMAC_SHA1:
295 case TEE_ALG_HMAC_SHA224:
296 case TEE_ALG_HMAC_SHA256:
297 case TEE_ALG_HMAC_SHA384:
298 case TEE_ALG_HMAC_SHA512:
299 case TEE_ALG_HMAC_SHA3_224:
300 case TEE_ALG_HMAC_SHA3_256:
301 case TEE_ALG_HMAC_SHA3_384:
302 case TEE_ALG_HMAC_SHA3_512:
303 case TEE_ALG_HMAC_SM3:
304 if (mode != TEE_MODE_MAC)
305 return TEE_ERROR_NOT_SUPPORTED;
306 req_key_usage = TEE_USAGE_MAC;
307 break;
308
309 default:
310 return TEE_ERROR_NOT_SUPPORTED;
311 }
312
313 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO);
314 if (!op)
315 return TEE_ERROR_OUT_OF_MEMORY;
316
317 op->info.algorithm = algorithm;
318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm);
319 #ifdef CFG_CRYPTO_RSASSA_NA1
320 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5)
321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE;
322 #endif
323 op->info.mode = mode;
324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm);
325 op->info.maxKeySize = maxKeySize;
326 op->info.requiredKeyUsage = req_key_usage;
327 op->info.handleState = handle_state;
328
329 /*
330 * Needed to buffer the digest if TEE_DigestExtract() doesn't
331 * retrieve the entire digest in one go.
332 */
333 if (op->info.operationClass == TEE_OPERATION_DIGEST)
334 block_size = op->info.digestLength;
335
336 if (block_size > 1) {
337 size_t buffer_size = block_size;
338
339 if (buffer_two_blocks)
340 buffer_size *= 2;
341
342 op->buffer = TEE_Malloc(buffer_size,
343 TEE_USER_MEM_HINT_NO_FILL_ZERO);
344 if (op->buffer == NULL) {
345 res = TEE_ERROR_OUT_OF_MEMORY;
346 goto out;
347 }
348 }
349 op->block_size = block_size;
350 op->buffer_two_blocks = buffer_two_blocks;
351
352 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) {
353 uint32_t mks = maxKeySize;
354 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm,
355 with_private_key);
356
357 /*
358 * If two keys are expected the max key size is the sum of
359 * the size of both keys.
360 */
361 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS)
362 mks /= 2;
363
364 res = TEE_AllocateTransientObject(key_type, mks, &op->key1);
365 if (res != TEE_SUCCESS)
366 goto out;
367
368 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
369 res = TEE_AllocateTransientObject(key_type, mks,
370 &op->key2);
371 if (res != TEE_SUCCESS)
372 goto out;
373 }
374 }
375
376 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1,
377 (unsigned long)op->key2, &op->state);
378 if (res != TEE_SUCCESS)
379 goto out;
380
381 /*
382 * Initialize digest operations
383 * Other multi-stage operations initialized w/ TEE_xxxInit functions
384 * Non-applicable on asymmetric operations
385 */
386 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) {
387 res = _utee_hash_init(op->state, NULL, 0);
388 if (res != TEE_SUCCESS)
389 goto out;
390 /* v1.1: flags always set for digest operations */
391 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
392 }
393
394 op->operationState = TEE_OPERATION_STATE_INITIAL;
395
396 *operation = op;
397
398 out:
399 if (res != TEE_SUCCESS) {
400 if (res != TEE_ERROR_OUT_OF_MEMORY &&
401 res != TEE_ERROR_NOT_SUPPORTED)
402 TEE_Panic(res);
403 if (op) {
404 if (op->state) {
405 TEE_FreeOperation(op);
406 } else {
407 TEE_Free(op->buffer);
408 TEE_FreeTransientObject(op->key1);
409 TEE_FreeTransientObject(op->key2);
410 TEE_Free(op);
411 }
412 }
413 }
414
415 return res;
416 }
417
TEE_FreeOperation(TEE_OperationHandle operation)418 void TEE_FreeOperation(TEE_OperationHandle operation)
419 {
420 TEE_Result res;
421
422 if (operation == TEE_HANDLE_NULL)
423 return;
424
425 /*
426 * Note that keys should not be freed here, since they are
427 * claimed by the operation they will be freed by
428 * utee_cryp_state_free().
429 */
430 res = _utee_cryp_state_free(operation->state);
431 if (res != TEE_SUCCESS)
432 TEE_Panic(res);
433
434 TEE_Free(operation->buffer);
435 TEE_Free(operation);
436 }
437
__GP11_TEE_FreeOperation(TEE_OperationHandle operation)438 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation)
439 {
440 if (operation == TEE_HANDLE_NULL)
441 TEE_Panic(0);
442 TEE_FreeOperation(operation);
443 }
444
TEE_GetOperationInfo(TEE_OperationHandle operation,TEE_OperationInfo * operationInfo)445 void TEE_GetOperationInfo(TEE_OperationHandle operation,
446 TEE_OperationInfo *operationInfo)
447 {
448 if (operation == TEE_HANDLE_NULL)
449 TEE_Panic(0);
450
451 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo));
452
453 *operationInfo = operation->info;
454 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
455 operationInfo->keySize = 0;
456 operationInfo->requiredKeyUsage = 0;
457 }
458 }
459
TEE_GetOperationInfoMultiple(TEE_OperationHandle op,TEE_OperationInfoMultiple * op_info,size_t * size)460 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op,
461 TEE_OperationInfoMultiple *op_info,
462 size_t *size)
463 {
464 TEE_Result res = TEE_SUCCESS;
465 TEE_ObjectInfo kinfo = { };
466 size_t max_key_count = 0;
467 bool two_keys = false;
468
469 if (op == TEE_HANDLE_NULL) {
470 res = TEE_ERROR_BAD_PARAMETERS;
471 goto out;
472 }
473
474 __utee_check_outbuf_annotation(op_info, size);
475
476 if (*size < sizeof(*op_info)) {
477 res = TEE_ERROR_BAD_PARAMETERS;
478 goto out;
479 }
480 max_key_count = (*size - sizeof(*op_info)) /
481 sizeof(TEE_OperationInfoKey);
482
483 TEE_MemFill(op_info, 0, *size);
484
485 /* Two keys flag (TEE_ALG_AES_XTS only) */
486 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
487
488 if (op->info.mode == TEE_MODE_DIGEST) {
489 op_info->numberOfKeys = 0;
490 } else if (!two_keys) {
491 if (max_key_count < 1) {
492 res = TEE_ERROR_SHORT_BUFFER;
493 goto out;
494 }
495
496 res = TEE_GetObjectInfo1(op->key1, &kinfo);
497 /* Key1 is not a valid handle, "can't happen". */
498 if (res)
499 goto out;
500
501 op_info->keyInformation[0].keySize = kinfo.objectSize;
502 op_info->keyInformation[0].requiredKeyUsage =
503 op->info.requiredKeyUsage;
504 op_info->numberOfKeys = 1;
505 } else {
506 if (max_key_count < 2) {
507 res = TEE_ERROR_SHORT_BUFFER;
508 goto out;
509 }
510
511 res = TEE_GetObjectInfo1(op->key1, &kinfo);
512 /* Key1 is not a valid handle, "can't happen". */
513 if (res)
514 goto out;
515
516 op_info->keyInformation[0].keySize = kinfo.objectSize;
517 op_info->keyInformation[0].requiredKeyUsage =
518 op->info.requiredKeyUsage;
519
520 res = TEE_GetObjectInfo1(op->key2, &kinfo);
521 /* Key2 is not a valid handle, "can't happen". */
522 if (res)
523 goto out;
524
525 op_info->keyInformation[1].keySize = kinfo.objectSize;
526 op_info->keyInformation[1].requiredKeyUsage =
527 op->info.requiredKeyUsage;
528
529 op_info->numberOfKeys = 2;
530 }
531
532 op_info->algorithm = op->info.algorithm;
533 op_info->operationClass = op->info.operationClass;
534 op_info->mode = op->info.mode;
535 op_info->digestLength = op->info.digestLength;
536 op_info->maxKeySize = op->info.maxKeySize;
537 op_info->handleState = op->info.handleState;
538 op_info->operationState = op->operationState;
539
540 out:
541 if (res != TEE_SUCCESS &&
542 res != TEE_ERROR_SHORT_BUFFER)
543 TEE_Panic(res);
544
545 return res;
546 }
547
548 TEE_Result
__GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation,TEE_OperationInfoMultiple * info,uint32_t * operationSize)549 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation,
550 TEE_OperationInfoMultiple *info,
551 uint32_t *operationSize)
552 {
553 TEE_Result res = TEE_SUCCESS;
554 size_t s = 0;
555
556 __utee_check_gp11_outbuf_annotation(info, operationSize);
557 s = *operationSize;
558 res = TEE_GetOperationInfoMultiple(operation, info, &s);
559 *operationSize = s;
560 return res;
561 }
562
reset_operation_state(TEE_OperationHandle op)563 static void reset_operation_state(TEE_OperationHandle op)
564 {
565 op->operationState = TEE_OPERATION_STATE_INITIAL;
566
567 if (op->info.operationClass == TEE_OPERATION_DIGEST) {
568 TEE_Result res = _utee_hash_init(op->state, NULL, 0);
569
570 if (res != TEE_SUCCESS)
571 TEE_Panic(res);
572 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
573 } else {
574 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
575 }
576 }
577
TEE_ResetOperation(TEE_OperationHandle operation)578 void TEE_ResetOperation(TEE_OperationHandle operation)
579 {
580 if (operation == TEE_HANDLE_NULL)
581 TEE_Panic(0);
582
583 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET))
584 TEE_Panic(0);
585
586 reset_operation_state(operation);
587 }
588
TEE_SetOperationKey(TEE_OperationHandle operation,TEE_ObjectHandle key)589 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation,
590 TEE_ObjectHandle key)
591 {
592 TEE_Result res;
593 uint32_t key_size = 0;
594 TEE_ObjectInfo key_info;
595
596 if (operation == TEE_HANDLE_NULL) {
597 res = TEE_ERROR_BAD_PARAMETERS;
598 goto out;
599 }
600
601 if (key == TEE_HANDLE_NULL) {
602 /* Operation key cleared */
603 TEE_ResetTransientObject(operation->key1);
604 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
605 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
606 reset_operation_state(operation);
607 return TEE_SUCCESS;
608 }
609
610 /* No key for digest operation */
611 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
612 res = TEE_ERROR_BAD_PARAMETERS;
613 goto out;
614 }
615
616 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */
617 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) !=
618 0) {
619 res = TEE_ERROR_BAD_PARAMETERS;
620 goto out;
621 }
622
623 res = TEE_GetObjectInfo1(key, &key_info);
624 /* Key is not a valid handle */
625 if (res != TEE_SUCCESS)
626 goto out;
627
628 /* Supplied key has to meet required usage */
629 if ((key_info.objectUsage & operation->info.requiredKeyUsage) !=
630 operation->info.requiredKeyUsage) {
631 res = TEE_ERROR_BAD_PARAMETERS;
632 goto out;
633 }
634
635 if (operation->info.maxKeySize < key_info.objectSize) {
636 res = TEE_ERROR_BAD_PARAMETERS;
637 goto out;
638 }
639
640 key_size = key_info.objectSize;
641
642 TEE_ResetTransientObject(operation->key1);
643 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
644
645 res = TEE_CopyObjectAttributes1(operation->key1, key);
646 if (res != TEE_SUCCESS)
647 goto out;
648
649 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
650
651 operation->info.keySize = key_size;
652
653 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
654 reset_operation_state(operation);
655
656 out:
657 if (res != TEE_SUCCESS &&
658 res != TEE_ERROR_CORRUPT_OBJECT &&
659 res != TEE_ERROR_STORAGE_NOT_AVAILABLE)
660 TEE_Panic(res);
661
662 return res;
663 }
664
__GP11_TEE_SetOperationKey(TEE_OperationHandle operation,TEE_ObjectHandle key)665 TEE_Result __GP11_TEE_SetOperationKey(TEE_OperationHandle operation,
666 TEE_ObjectHandle key)
667 {
668 if (operation == TEE_HANDLE_NULL ||
669 operation->operationState != TEE_OPERATION_STATE_INITIAL)
670 TEE_Panic(0);
671
672 return TEE_SetOperationKey(operation, key);
673 }
674
set_operation_key2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)675 static TEE_Result set_operation_key2(TEE_OperationHandle operation,
676 TEE_ObjectHandle key1,
677 TEE_ObjectHandle key2)
678 {
679 TEE_Result res;
680 uint32_t key_size = 0;
681 TEE_ObjectInfo key_info1;
682 TEE_ObjectInfo key_info2;
683
684 if (operation == TEE_HANDLE_NULL) {
685 res = TEE_ERROR_BAD_PARAMETERS;
686 goto out;
687 }
688
689 /*
690 * Key1/Key2 and/or are not initialized and
691 * Either both keys are NULL or both are not NULL
692 */
693 if (!key1 && !key2) {
694 /* Clear the keys */
695 TEE_ResetTransientObject(operation->key1);
696 TEE_ResetTransientObject(operation->key2);
697 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
698 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
699 reset_operation_state(operation);
700 return TEE_SUCCESS;
701 } else if (!key1 || !key2) {
702 /* Both keys are obviously not valid. */
703 res = TEE_ERROR_BAD_PARAMETERS;
704 goto out;
705 }
706
707 /* No key for digest operation */
708 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
709 res = TEE_ERROR_BAD_PARAMETERS;
710 goto out;
711 }
712
713 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */
714 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) ==
715 0) {
716 res = TEE_ERROR_BAD_PARAMETERS;
717 goto out;
718 }
719
720 res = TEE_GetObjectInfo1(key1, &key_info1);
721 /* Key1 is not a valid handle */
722 if (res != TEE_SUCCESS)
723 goto out;
724
725 /* Supplied key has to meet required usage */
726 if ((key_info1.objectUsage & operation->info.
727 requiredKeyUsage) != operation->info.requiredKeyUsage) {
728 res = TEE_ERROR_BAD_PARAMETERS;
729 goto out;
730 }
731
732 res = TEE_GetObjectInfo1(key2, &key_info2);
733 /* Key2 is not a valid handle */
734 if (res != TEE_SUCCESS) {
735 if (res == TEE_ERROR_CORRUPT_OBJECT)
736 res = TEE_ERROR_CORRUPT_OBJECT_2;
737 goto out;
738 }
739
740 /* Supplied key has to meet required usage */
741 if ((key_info2.objectUsage & operation->info.
742 requiredKeyUsage) != operation->info.requiredKeyUsage) {
743 res = TEE_ERROR_BAD_PARAMETERS;
744 goto out;
745 }
746
747 /*
748 * All the multi key algorithm currently supported requires the keys to
749 * be of equal size.
750 */
751 if (key_info1.objectSize != key_info2.objectSize) {
752 res = TEE_ERROR_BAD_PARAMETERS;
753 goto out;
754
755 }
756
757 if (operation->info.maxKeySize < key_info1.objectSize) {
758 res = TEE_ERROR_BAD_PARAMETERS;
759 goto out;
760 }
761
762 /*
763 * Odd that only the size of one key should be reported while
764 * size of two key are used when allocating the operation.
765 */
766 key_size = key_info1.objectSize;
767
768 TEE_ResetTransientObject(operation->key1);
769 TEE_ResetTransientObject(operation->key2);
770 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
771
772 res = TEE_CopyObjectAttributes1(operation->key1, key1);
773 if (res != TEE_SUCCESS)
774 goto out;
775 res = TEE_CopyObjectAttributes1(operation->key2, key2);
776 if (res != TEE_SUCCESS) {
777 if (res == TEE_ERROR_CORRUPT_OBJECT)
778 res = TEE_ERROR_CORRUPT_OBJECT_2;
779 goto out;
780 }
781
782 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
783
784 operation->info.keySize = key_size;
785
786 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
787 reset_operation_state(operation);
788 out:
789 if (res != TEE_SUCCESS &&
790 res != TEE_ERROR_CORRUPT_OBJECT &&
791 res != TEE_ERROR_CORRUPT_OBJECT_2 &&
792 res != TEE_ERROR_STORAGE_NOT_AVAILABLE &&
793 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2)
794 TEE_Panic(res);
795
796 return res;
797 }
798
TEE_SetOperationKey2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)799 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation,
800 TEE_ObjectHandle key1, TEE_ObjectHandle key2)
801 {
802 if (operation != TEE_HANDLE_NULL && key1 && key1 == key2)
803 return TEE_ERROR_SECURITY;
804
805 return set_operation_key2(operation, key1, key2);
806 }
807
__GP11_TEE_SetOperationKey2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)808 TEE_Result __GP11_TEE_SetOperationKey2(TEE_OperationHandle operation,
809 TEE_ObjectHandle key1,
810 TEE_ObjectHandle key2)
811 {
812 if (operation == TEE_HANDLE_NULL ||
813 operation->operationState != TEE_OPERATION_STATE_INITIAL)
814 TEE_Panic(0);
815
816 return set_operation_key2(operation, key1, key2);
817 }
818
TEE_CopyOperation(TEE_OperationHandle dst_op,TEE_OperationHandle src_op)819 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op)
820 {
821 TEE_Result res;
822
823 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL)
824 TEE_Panic(0);
825 if (dst_op->info.algorithm != src_op->info.algorithm)
826 TEE_Panic(0);
827 if (dst_op->info.mode != src_op->info.mode)
828 TEE_Panic(0);
829 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) {
830 TEE_ObjectHandle key1 = TEE_HANDLE_NULL;
831 TEE_ObjectHandle key2 = TEE_HANDLE_NULL;
832
833 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) {
834 key1 = src_op->key1;
835 key2 = src_op->key2;
836 }
837
838 if ((src_op->info.handleState &
839 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) {
840 TEE_SetOperationKey(dst_op, key1);
841 } else {
842 TEE_SetOperationKey2(dst_op, key1, key2);
843 }
844 }
845 dst_op->info.handleState = src_op->info.handleState;
846 dst_op->info.keySize = src_op->info.keySize;
847 dst_op->info.digestLength = src_op->info.digestLength;
848 dst_op->operationState = src_op->operationState;
849
850 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks ||
851 dst_op->block_size != src_op->block_size)
852 TEE_Panic(0);
853
854 if (dst_op->buffer != NULL) {
855 size_t sz = src_op->block_size;
856
857 if (src_op->buffer == NULL)
858 TEE_Panic(0);
859
860 if (src_op->buffer_two_blocks)
861 sz *= 2;
862 memcpy(dst_op->buffer, src_op->buffer, sz);
863 dst_op->buffer_offs = src_op->buffer_offs;
864 } else if (src_op->buffer != NULL) {
865 TEE_Panic(0);
866 }
867
868 res = _utee_cryp_state_copy(dst_op->state, src_op->state);
869 if (res != TEE_SUCCESS)
870 TEE_Panic(res);
871 }
872
873 /* Cryptographic Operations API - Message Digest Functions */
874
init_hash_operation(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)875 static void init_hash_operation(TEE_OperationHandle operation, const void *IV,
876 uint32_t IVLen)
877 {
878 TEE_Result res;
879
880 /*
881 * Note : IV and IVLen are never used in current implementation
882 * This is why coherent values of IV and IVLen are not checked
883 */
884 res = _utee_hash_init(operation->state, IV, IVLen);
885 if (res != TEE_SUCCESS)
886 TEE_Panic(res);
887 operation->buffer_offs = 0;
888 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
889 }
890
TEE_DigestUpdate(TEE_OperationHandle operation,const void * chunk,size_t chunkSize)891 void TEE_DigestUpdate(TEE_OperationHandle operation,
892 const void *chunk, size_t chunkSize)
893 {
894 TEE_Result res = TEE_ERROR_GENERIC;
895
896 if (operation == TEE_HANDLE_NULL ||
897 operation->info.operationClass != TEE_OPERATION_DIGEST)
898 TEE_Panic(0);
899
900 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
901
902 res = _utee_hash_update(operation->state, chunk, chunkSize);
903 if (res != TEE_SUCCESS)
904 TEE_Panic(res);
905 }
906
__GP11_TEE_DigestUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)907 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation,
908 const void *chunk, uint32_t chunkSize)
909 {
910 return TEE_DigestUpdate(operation, chunk, chunkSize);
911 }
912
TEE_DigestDoFinal(TEE_OperationHandle operation,const void * chunk,size_t chunkLen,void * hash,size_t * hashLen)913 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk,
914 size_t chunkLen, void *hash, size_t *hashLen)
915 {
916 TEE_Result res = TEE_SUCCESS;
917 uint64_t hl = 0;
918 size_t len = 0;
919
920 if ((operation == TEE_HANDLE_NULL) ||
921 (!chunk && chunkLen) ||
922 (operation->info.operationClass != TEE_OPERATION_DIGEST)) {
923 res = TEE_ERROR_BAD_PARAMETERS;
924 goto out;
925 }
926 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING &&
927 chunkLen) {
928 res = TEE_ERROR_BAD_PARAMETERS;
929 goto out;
930 }
931 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
932
933 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING &&
934 operation->buffer) {
935 /*
936 * This is not an Extendable-Output Function and we have
937 * already started extracting
938 */
939 len = MIN(operation->block_size - operation->buffer_offs,
940 *hashLen);
941 memcpy(hash, operation->buffer + operation->buffer_offs, len);
942 *hashLen = len;
943 } else {
944 hl = *hashLen;
945 res = _utee_hash_final(operation->state, chunk, chunkLen, hash,
946 &hl);
947 *hashLen = hl;
948 if (res)
949 goto out;
950 }
951
952 /* Reset operation state */
953 init_hash_operation(operation, NULL, 0);
954
955 operation->operationState = TEE_OPERATION_STATE_INITIAL;
956
957 out:
958 if (res != TEE_SUCCESS &&
959 res != TEE_ERROR_SHORT_BUFFER)
960 TEE_Panic(res);
961
962 return res;
963 }
964
__GP11_TEE_DigestDoFinal(TEE_OperationHandle operation,const void * chunk,uint32_t chunkLen,void * hash,uint32_t * hashLen)965 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation,
966 const void *chunk, uint32_t chunkLen,
967 void *hash, uint32_t *hashLen)
968 {
969 TEE_Result res = TEE_SUCCESS;
970 size_t l = 0;
971
972 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
973 l = *hashLen;
974 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l);
975 *hashLen = l;
976 return res;
977 }
978
TEE_DigestExtract(TEE_OperationHandle operation,void * hash,size_t * hashLen)979 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash,
980 size_t *hashLen)
981 {
982 TEE_Result res = TEE_SUCCESS;
983 uint64_t hl = 0;
984 size_t len = 0;
985
986 if (operation == TEE_HANDLE_NULL ||
987 operation->info.operationClass != TEE_OPERATION_DIGEST)
988 TEE_Panic(0);
989 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
990
991 if (!operation->buffer) {
992 /* This is an Extendable-Output Function */
993 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING;
994 operation->operationState = TEE_OPERATION_STATE_EXTRACTING;
995 hl = *hashLen;
996 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl);
997 if (res)
998 TEE_Panic(0);
999 *hashLen = hl;
1000
1001 return TEE_SUCCESS;
1002 }
1003
1004 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) {
1005 hl = operation->block_size;
1006 res = _utee_hash_final(operation->state, NULL, 0,
1007 operation->buffer, &hl);
1008 if (res)
1009 TEE_Panic(0);
1010 if (hl != operation->block_size)
1011 TEE_Panic(0);
1012 assert(!operation->buffer_offs);
1013 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING;
1014 operation->operationState = TEE_OPERATION_STATE_EXTRACTING;
1015 }
1016
1017 len = MIN(operation->block_size - operation->buffer_offs, *hashLen);
1018 memcpy(hash, operation->buffer + operation->buffer_offs, len);
1019 *hashLen = len;
1020 operation->buffer_offs += len;
1021
1022 return TEE_SUCCESS;
1023 }
1024
1025 /* Cryptographic Operations API - Symmetric Cipher Functions */
1026
TEE_CipherInit(TEE_OperationHandle operation,const void * IV,size_t IVLen)1027 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV,
1028 size_t IVLen)
1029 {
1030 TEE_Result res;
1031
1032 if (operation == TEE_HANDLE_NULL)
1033 TEE_Panic(0);
1034
1035 if (operation->info.operationClass != TEE_OPERATION_CIPHER)
1036 TEE_Panic(0);
1037
1038 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
1039 !(operation->key1))
1040 TEE_Panic(0);
1041
1042 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1043 TEE_ResetOperation(operation);
1044
1045 if (IV && IVLen) {
1046 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
1047 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
1048 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
1049 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD)
1050 TEE_Panic(0);
1051 }
1052
1053 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1054
1055 res = _utee_cipher_init(operation->state, IV, IVLen);
1056 if (res != TEE_SUCCESS)
1057 TEE_Panic(res);
1058
1059 operation->buffer_offs = 0;
1060 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
1061 }
1062
__GP11_TEE_CipherInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)1063 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV,
1064 uint32_t IVLen)
1065 {
1066 return TEE_CipherInit(operation, IV, IVLen);
1067 }
1068
tee_buffer_update(TEE_OperationHandle op,TEE_Result (* update_func)(unsigned long state,const void * src,size_t slen,void * dst,uint64_t * dlen),const void * src_data,size_t src_len,void * dest_data,uint64_t * dest_len)1069 static TEE_Result tee_buffer_update(
1070 TEE_OperationHandle op,
1071 TEE_Result(*update_func)(unsigned long state, const void *src,
1072 size_t slen, void *dst, uint64_t *dlen),
1073 const void *src_data, size_t src_len,
1074 void *dest_data, uint64_t *dest_len)
1075 {
1076 TEE_Result res;
1077 const uint8_t *src = src_data;
1078 size_t slen = src_len;
1079 uint8_t *dst = dest_data;
1080 size_t dlen = *dest_len;
1081 size_t acc_dlen = 0;
1082 uint64_t tmp_dlen;
1083 size_t l;
1084 size_t buffer_size;
1085 size_t buffer_left;
1086
1087 if (!src) {
1088 if (slen)
1089 TEE_Panic(0);
1090 goto out;
1091 }
1092
1093 if (op->buffer_two_blocks) {
1094 buffer_size = op->block_size * 2;
1095 buffer_left = 1;
1096 } else {
1097 buffer_size = op->block_size;
1098 buffer_left = 0;
1099 }
1100
1101 if (op->buffer_offs > 0) {
1102 /* Fill up complete block */
1103 if (op->buffer_offs < op->block_size)
1104 l = MIN(slen, op->block_size - op->buffer_offs);
1105 else
1106 l = MIN(slen, buffer_size - op->buffer_offs);
1107 memcpy(op->buffer + op->buffer_offs, src, l);
1108 op->buffer_offs += l;
1109 src += l;
1110 slen -= l;
1111 if ((op->buffer_offs % op->block_size) != 0)
1112 goto out; /* Nothing left to do */
1113 }
1114
1115 /* If we can feed from buffer */
1116 if ((op->buffer_offs > 0) &&
1117 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) {
1118 l = ROUNDUP2(op->buffer_offs + slen - buffer_size,
1119 op->block_size);
1120 l = MIN(op->buffer_offs, l);
1121 /*
1122 * If we're buffering only a single block, process it
1123 * immediately.
1124 */
1125 if (!op->buffer_two_blocks)
1126 l = op->block_size;
1127 tmp_dlen = dlen;
1128 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen);
1129 if (res != TEE_SUCCESS)
1130 TEE_Panic(res);
1131 dst += tmp_dlen;
1132 dlen -= tmp_dlen;
1133 acc_dlen += tmp_dlen;
1134 op->buffer_offs -= l;
1135 if (op->buffer_offs > 0) {
1136 /*
1137 * Slen is small enough to be contained in rest buffer.
1138 */
1139 memcpy(op->buffer, op->buffer + l, buffer_size - l);
1140 memcpy(op->buffer + op->buffer_offs, src, slen);
1141 op->buffer_offs += slen;
1142 goto out; /* Nothing left to do */
1143 }
1144 }
1145
1146 if (slen >= (buffer_size + buffer_left)) {
1147 /* Buffer is empty, feed as much as possible from src */
1148 if (op->buffer_two_blocks)
1149 l = ROUNDUP2(slen - buffer_size, op->block_size);
1150 else
1151 l = ROUNDUP2(slen - buffer_size + 1, op->block_size);
1152
1153 tmp_dlen = dlen;
1154 res = update_func(op->state, src, l, dst, &tmp_dlen);
1155 if (res != TEE_SUCCESS)
1156 TEE_Panic(res);
1157 src += l;
1158 slen -= l;
1159 dst += tmp_dlen;
1160 dlen -= tmp_dlen;
1161 acc_dlen += tmp_dlen;
1162 }
1163
1164 /* Slen is small enough to be contained in buffer. */
1165 memcpy(op->buffer + op->buffer_offs, src, slen);
1166 op->buffer_offs += slen;
1167
1168 out:
1169 *dest_len = acc_dlen;
1170 return TEE_SUCCESS;
1171 }
1172
TEE_CipherUpdate(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1173 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData,
1174 size_t srcLen, void *destData, size_t *destLen)
1175 {
1176 TEE_Result res;
1177 size_t req_dlen;
1178 uint64_t dl;
1179
1180 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1181 res = TEE_ERROR_BAD_PARAMETERS;
1182 goto out;
1183 }
1184 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1185
1186 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
1187 res = TEE_ERROR_BAD_PARAMETERS;
1188 goto out;
1189 }
1190
1191 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1192 res = TEE_ERROR_BAD_PARAMETERS;
1193 goto out;
1194 }
1195
1196 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1197 res = TEE_ERROR_BAD_PARAMETERS;
1198 goto out;
1199 }
1200
1201 if (!srcData && !srcLen) {
1202 *destLen = 0;
1203 res = TEE_SUCCESS;
1204 goto out;
1205 }
1206
1207 /* Calculate required dlen */
1208 if (operation->block_size > 1) {
1209 req_dlen = ((operation->buffer_offs + srcLen) /
1210 operation->block_size) * operation->block_size;
1211 } else {
1212 req_dlen = srcLen;
1213 }
1214 if (operation->buffer_two_blocks) {
1215 if (operation->buffer_offs + srcLen >
1216 operation->block_size * 2) {
1217 req_dlen = operation->buffer_offs + srcLen -
1218 operation->block_size * 2;
1219 req_dlen = ROUNDUP2(req_dlen, operation->block_size);
1220 } else {
1221 req_dlen = 0;
1222 }
1223 }
1224 /*
1225 * Check that required destLen is big enough before starting to feed
1226 * data to the algorithm. Errors during feeding of data are fatal as we
1227 * can't restore sync with this API.
1228 */
1229 if (*destLen < req_dlen) {
1230 *destLen = req_dlen;
1231 res = TEE_ERROR_SHORT_BUFFER;
1232 goto out;
1233 }
1234
1235 dl = *destLen;
1236 if (operation->block_size > 1) {
1237 res = tee_buffer_update(operation, _utee_cipher_update, srcData,
1238 srcLen, destData, &dl);
1239 } else {
1240 if (srcLen > 0) {
1241 res = _utee_cipher_update(operation->state, srcData,
1242 srcLen, destData, &dl);
1243 } else {
1244 res = TEE_SUCCESS;
1245 dl = 0;
1246 }
1247 }
1248 *destLen = dl;
1249
1250 out:
1251 if (res != TEE_SUCCESS &&
1252 res != TEE_ERROR_SHORT_BUFFER)
1253 TEE_Panic(res);
1254
1255 return res;
1256 }
1257
__GP11_TEE_CipherUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1258 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation,
1259 const void *srcData, uint32_t srcLen,
1260 void *destData, uint32_t *destLen)
1261 {
1262 TEE_Result res = TEE_SUCCESS;
1263 size_t dl = 0;
1264
1265 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1266 dl = *destLen;
1267 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl);
1268 *destLen = dl;
1269 return res;
1270 }
1271
TEE_CipherDoFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1272 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation,
1273 const void *srcData, size_t srcLen,
1274 void *destData, size_t *destLen)
1275 {
1276 TEE_Result res = TEE_SUCCESS;
1277 uint8_t *dst = destData;
1278 size_t acc_dlen = 0;
1279 uint64_t tmp_dlen = 0;
1280 size_t req_dlen = 0;
1281
1282 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1283 res = TEE_ERROR_BAD_PARAMETERS;
1284 goto out;
1285 }
1286 if (destLen)
1287 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1288
1289 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
1290 res = TEE_ERROR_BAD_PARAMETERS;
1291 goto out;
1292 }
1293
1294 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1295 res = TEE_ERROR_BAD_PARAMETERS;
1296 goto out;
1297 }
1298
1299 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1300 res = TEE_ERROR_BAD_PARAMETERS;
1301 goto out;
1302 }
1303
1304 /*
1305 * Check that the final block doesn't require padding for those
1306 * algorithms that requires client to supply padding.
1307 */
1308 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
1309 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD ||
1310 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
1311 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD ||
1312 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
1313 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD ||
1314 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD ||
1315 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) {
1316 if (((operation->buffer_offs + srcLen) % operation->block_size)
1317 != 0) {
1318 res = TEE_ERROR_BAD_PARAMETERS;
1319 goto out;
1320 }
1321 }
1322
1323 /*
1324 * Check that required destLen is big enough before starting to feed
1325 * data to the algorithm. Errors during feeding of data are fatal as we
1326 * can't restore sync with this API.
1327 */
1328 if (operation->block_size > 1) {
1329 req_dlen = operation->buffer_offs + srcLen;
1330 } else {
1331 req_dlen = srcLen;
1332 }
1333 if (destLen)
1334 tmp_dlen = *destLen;
1335 if (tmp_dlen < req_dlen) {
1336 if (destLen)
1337 *destLen = req_dlen;
1338 res = TEE_ERROR_SHORT_BUFFER;
1339 goto out;
1340 }
1341
1342 if (operation->block_size > 1) {
1343 if (srcLen) {
1344 res = tee_buffer_update(operation, _utee_cipher_update,
1345 srcData, srcLen, dst,
1346 &tmp_dlen);
1347 if (res != TEE_SUCCESS)
1348 goto out;
1349
1350 dst += tmp_dlen;
1351 acc_dlen += tmp_dlen;
1352
1353 tmp_dlen = *destLen - acc_dlen;
1354 }
1355 res = _utee_cipher_final(operation->state, operation->buffer,
1356 operation->buffer_offs, dst,
1357 &tmp_dlen);
1358 } else {
1359 res = _utee_cipher_final(operation->state, srcData, srcLen, dst,
1360 &tmp_dlen);
1361 }
1362 if (res != TEE_SUCCESS)
1363 goto out;
1364
1365 acc_dlen += tmp_dlen;
1366 if (destLen)
1367 *destLen = acc_dlen;
1368
1369 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1370
1371 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1372
1373 out:
1374 if (res != TEE_SUCCESS &&
1375 res != TEE_ERROR_SHORT_BUFFER)
1376 TEE_Panic(res);
1377
1378 return res;
1379 }
1380
__GP11_TEE_CipherDoFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1381 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation,
1382 const void *srcData, uint32_t srcLen,
1383 void *destData, uint32_t *destLen)
1384 {
1385 TEE_Result res = TEE_SUCCESS;
1386 size_t dl = 0;
1387
1388 if (destLen) {
1389 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1390 dl = *destLen;
1391 }
1392 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl);
1393 if (destLen)
1394 *destLen = dl;
1395 return res;
1396 }
1397
1398 /* Cryptographic Operations API - MAC Functions */
1399
TEE_MACInit(TEE_OperationHandle operation,const void * IV,size_t IVLen)1400 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen)
1401 {
1402 if (operation == TEE_HANDLE_NULL)
1403 TEE_Panic(0);
1404
1405 if (operation->info.operationClass != TEE_OPERATION_MAC)
1406 TEE_Panic(0);
1407
1408 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
1409 !(operation->key1))
1410 TEE_Panic(0);
1411
1412 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1413 TEE_ResetOperation(operation);
1414
1415 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1416
1417 init_hash_operation(operation, IV, IVLen);
1418 }
1419
__GP11_TEE_MACInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)1420 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV,
1421 uint32_t IVLen)
1422 {
1423 return TEE_MACInit(operation, IV, IVLen);
1424 }
1425
TEE_MACUpdate(TEE_OperationHandle operation,const void * chunk,size_t chunkSize)1426 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk,
1427 size_t chunkSize)
1428 {
1429 TEE_Result res;
1430
1431 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0))
1432 TEE_Panic(0);
1433
1434 if (operation->info.operationClass != TEE_OPERATION_MAC)
1435 TEE_Panic(0);
1436
1437 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1438 TEE_Panic(0);
1439
1440 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE)
1441 TEE_Panic(0);
1442
1443 res = _utee_hash_update(operation->state, chunk, chunkSize);
1444 if (res != TEE_SUCCESS)
1445 TEE_Panic(res);
1446 }
1447
__GP11_TEE_MACUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)1448 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk,
1449 uint32_t chunkSize)
1450 {
1451 return TEE_MACUpdate(operation, chunk, chunkSize);
1452 }
1453
TEE_MACComputeFinal(TEE_OperationHandle operation,const void * message,size_t messageLen,void * mac,size_t * macLen)1454 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation,
1455 const void *message, size_t messageLen,
1456 void *mac, size_t *macLen)
1457 {
1458 TEE_Result res;
1459 uint64_t ml;
1460
1461 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) {
1462 res = TEE_ERROR_BAD_PARAMETERS;
1463 goto out;
1464 }
1465 __utee_check_inout_annotation(macLen, sizeof(*macLen));
1466
1467 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1468 res = TEE_ERROR_BAD_PARAMETERS;
1469 goto out;
1470 }
1471
1472 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1473 res = TEE_ERROR_BAD_PARAMETERS;
1474 goto out;
1475 }
1476
1477 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1478 res = TEE_ERROR_BAD_PARAMETERS;
1479 goto out;
1480 }
1481
1482 ml = *macLen;
1483 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml);
1484 *macLen = ml;
1485 if (res != TEE_SUCCESS)
1486 goto out;
1487
1488 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1489
1490 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1491
1492 out:
1493 if (res != TEE_SUCCESS &&
1494 res != TEE_ERROR_SHORT_BUFFER)
1495 TEE_Panic(res);
1496
1497 return res;
1498 }
1499
__GP11_TEE_MACComputeFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,void * mac,uint32_t * macLen)1500 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation,
1501 const void *message, uint32_t messageLen,
1502 void *mac, uint32_t *macLen)
1503 {
1504 TEE_Result res = TEE_SUCCESS;
1505 size_t ml = 0;
1506
1507 __utee_check_inout_annotation(macLen, sizeof(*macLen));
1508 ml = *macLen;
1509 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml);
1510 *macLen = ml;
1511 return res;
1512 }
1513
TEE_MACCompareFinal(TEE_OperationHandle operation,const void * message,size_t messageLen,const void * mac,size_t macLen)1514 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation,
1515 const void *message, size_t messageLen,
1516 const void *mac, size_t macLen)
1517 {
1518 TEE_Result res;
1519 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 };
1520 size_t computed_mac_size = TEE_MAX_HASH_SIZE;
1521
1522 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1523 res = TEE_ERROR_BAD_PARAMETERS;
1524 goto out;
1525 }
1526
1527 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1528 res = TEE_ERROR_BAD_PARAMETERS;
1529 goto out;
1530 }
1531
1532 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1533 res = TEE_ERROR_BAD_PARAMETERS;
1534 goto out;
1535 }
1536
1537 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac,
1538 &computed_mac_size);
1539 if (res != TEE_SUCCESS)
1540 goto out;
1541
1542 if (computed_mac_size != macLen) {
1543 res = TEE_ERROR_MAC_INVALID;
1544 goto out;
1545 }
1546
1547 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) {
1548 res = TEE_ERROR_MAC_INVALID;
1549 goto out;
1550 }
1551
1552 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1553
1554 out:
1555 if (res != TEE_SUCCESS &&
1556 res != TEE_ERROR_MAC_INVALID)
1557 TEE_Panic(res);
1558
1559 return res;
1560 }
1561
__GP11_TEE_MACCompareFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,const void * mac,uint32_t macLen)1562 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation,
1563 const void *message, uint32_t messageLen,
1564 const void *mac, uint32_t macLen)
1565 {
1566 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen);
1567 }
1568
1569 /* Cryptographic Operations API - Authenticated Encryption Functions */
1570
TEE_AEInit(TEE_OperationHandle operation,const void * nonce,size_t nonceLen,uint32_t tagLen,size_t AADLen,size_t payloadLen)1571 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce,
1572 size_t nonceLen, uint32_t tagLen, size_t AADLen,
1573 size_t payloadLen)
1574 {
1575 TEE_Result res;
1576
1577 if (operation == TEE_HANDLE_NULL || nonce == NULL) {
1578 res = TEE_ERROR_BAD_PARAMETERS;
1579 goto out;
1580 }
1581
1582 if (operation->info.operationClass != TEE_OPERATION_AE) {
1583 res = TEE_ERROR_BAD_PARAMETERS;
1584 goto out;
1585 }
1586
1587 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) {
1588 res = TEE_ERROR_BAD_PARAMETERS;
1589 goto out;
1590 }
1591
1592 /*
1593 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core
1594 * in the implementation. But AES-GCM spec doesn't specify the tag len
1595 * according to the same principle so we have to check here instead to
1596 * be GP compliant.
1597 */
1598 if (operation->info.algorithm == TEE_ALG_AES_GCM) {
1599 /*
1600 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96
1601 */
1602 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) {
1603 res = TEE_ERROR_NOT_SUPPORTED;
1604 goto out;
1605 }
1606 }
1607
1608 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8,
1609 AADLen, payloadLen);
1610 if (res != TEE_SUCCESS)
1611 goto out;
1612
1613 operation->info.digestLength = tagLen / 8;
1614 operation->buffer_offs = 0;
1615 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
1616
1617 out:
1618 if (res != TEE_SUCCESS &&
1619 res != TEE_ERROR_NOT_SUPPORTED)
1620 TEE_Panic(res);
1621
1622 return res;
1623 }
1624
__GP11_TEE_AEInit(TEE_OperationHandle operation,const void * nonce,uint32_t nonceLen,uint32_t tagLen,uint32_t AADLen,uint32_t payloadLen)1625 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce,
1626 uint32_t nonceLen, uint32_t tagLen,
1627 uint32_t AADLen, uint32_t payloadLen)
1628 {
1629 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen,
1630 payloadLen);
1631 }
1632
TEE_AEUpdateAAD(TEE_OperationHandle operation,const void * AADdata,size_t AADdataLen)1633 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata,
1634 size_t AADdataLen)
1635 {
1636 TEE_Result res = TEE_SUCCESS;
1637
1638 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen))
1639 TEE_Panic(0);
1640
1641 if (operation->info.operationClass != TEE_OPERATION_AE)
1642 TEE_Panic(0);
1643
1644 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1645 TEE_Panic(0);
1646
1647 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1648 TEE_Panic(0);
1649
1650 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen);
1651 if (res != TEE_SUCCESS)
1652 TEE_Panic(res);
1653 }
1654
__GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation,const void * AADdata,uint32_t AADdataLen)1655 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata,
1656 uint32_t AADdataLen)
1657 {
1658 TEE_Result res = TEE_SUCCESS;
1659
1660 if (operation == TEE_HANDLE_NULL ||
1661 (AADdata == NULL && AADdataLen != 0))
1662 TEE_Panic(0);
1663
1664 if (operation->info.operationClass != TEE_OPERATION_AE)
1665 TEE_Panic(0);
1666
1667 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1668 TEE_Panic(0);
1669
1670 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen);
1671
1672 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1673
1674 if (res != TEE_SUCCESS)
1675 TEE_Panic(res);
1676 }
1677
ae_update_helper(TEE_OperationHandle operation,const void * src,size_t slen,void * dst,size_t * dlen)1678 static TEE_Result ae_update_helper(TEE_OperationHandle operation,
1679 const void *src, size_t slen, void *dst,
1680 size_t *dlen)
1681 {
1682 TEE_Result res = TEE_SUCCESS;
1683 size_t req_dlen = 0;
1684 uint64_t dl = 0;
1685
1686 if (!src && !slen) {
1687 *dlen = 0;
1688 return TEE_SUCCESS;
1689 }
1690
1691 /*
1692 * Check that required destLen is big enough before starting to feed
1693 * data to the algorithm. Errors during feeding of data are fatal as we
1694 * can't restore sync with this API.
1695 */
1696 if (operation->block_size > 1) {
1697 req_dlen = ROUNDDOWN2(operation->buffer_offs + slen,
1698 operation->block_size);
1699 } else {
1700 req_dlen = slen;
1701 }
1702
1703 dl = *dlen;
1704 if (dl < req_dlen) {
1705 *dlen = req_dlen;
1706 return TEE_ERROR_SHORT_BUFFER;
1707 }
1708
1709 if (operation->block_size > 1) {
1710 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1711 src, slen, dst, &dl);
1712 } else {
1713 if (slen > 0) {
1714 res = _utee_authenc_update_payload(operation->state,
1715 src, slen, dst, &dl);
1716 } else {
1717 dl = 0;
1718 res = TEE_SUCCESS;
1719 }
1720 }
1721
1722 if (!res)
1723 *dlen = dl;
1724
1725 return res;
1726 }
1727
TEE_AEUpdate(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen)1728 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData,
1729 size_t srcLen, void *destData, size_t *destLen)
1730 {
1731 TEE_Result res = TEE_SUCCESS;
1732
1733 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1734 res = TEE_ERROR_BAD_PARAMETERS;
1735 goto out;
1736 }
1737 __utee_check_outbuf_annotation(destData, destLen);
1738
1739 if (operation->info.operationClass != TEE_OPERATION_AE) {
1740 res = TEE_ERROR_BAD_PARAMETERS;
1741 goto out;
1742 }
1743
1744 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1745 res = TEE_ERROR_BAD_PARAMETERS;
1746 goto out;
1747 }
1748
1749 res = ae_update_helper(operation, srcData, srcLen, destData, destLen);
1750 if (res != TEE_ERROR_SHORT_BUFFER && srcLen)
1751 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1752
1753 out:
1754 if (res != TEE_SUCCESS &&
1755 res != TEE_ERROR_SHORT_BUFFER)
1756 TEE_Panic(res);
1757
1758 return res;
1759 }
1760
__GP11_TEE_AEUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1761 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation,
1762 const void *srcData, uint32_t srcLen,
1763 void *destData, uint32_t *destLen)
1764 {
1765 TEE_Result res = TEE_SUCCESS;
1766 size_t dl = 0;
1767
1768 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1769 res = TEE_ERROR_BAD_PARAMETERS;
1770 goto out;
1771 }
1772 __utee_check_gp11_outbuf_annotation(destData, destLen);
1773
1774 if (operation->info.operationClass != TEE_OPERATION_AE) {
1775 res = TEE_ERROR_BAD_PARAMETERS;
1776 goto out;
1777 }
1778
1779 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1780 res = TEE_ERROR_BAD_PARAMETERS;
1781 goto out;
1782 }
1783
1784 dl = *destLen;
1785 res = ae_update_helper(operation, srcData, srcLen, destData, &dl);
1786 *destLen = dl;
1787
1788 if (res != TEE_SUCCESS)
1789 goto out;
1790
1791 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1792
1793 out:
1794 if (res != TEE_SUCCESS &&
1795 res != TEE_ERROR_SHORT_BUFFER)
1796 TEE_Panic(res);
1797
1798 return res;
1799 }
1800
TEE_AEEncryptFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen,void * tag,size_t * tagLen)1801 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation,
1802 const void *srcData, size_t srcLen,
1803 void *destData, size_t *destLen, void *tag,
1804 size_t *tagLen)
1805 {
1806 TEE_Result res = TEE_SUCCESS;
1807 uint8_t *dst = destData;
1808 size_t acc_dlen = 0;
1809 uint64_t tmp_dlen = 0;
1810 size_t req_dlen = 0;
1811 uint64_t tl = 0;
1812
1813 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1814 res = TEE_ERROR_BAD_PARAMETERS;
1815 goto out;
1816 }
1817 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1818 __utee_check_inout_annotation(tagLen, sizeof(*tagLen));
1819
1820 if (operation->info.operationClass != TEE_OPERATION_AE) {
1821 res = TEE_ERROR_BAD_PARAMETERS;
1822 goto out;
1823 }
1824
1825 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1826 res = TEE_ERROR_BAD_PARAMETERS;
1827 goto out;
1828 }
1829
1830 /*
1831 * Check that required destLen is big enough before starting to feed
1832 * data to the algorithm. Errors during feeding of data are fatal as we
1833 * can't restore sync with this API.
1834 *
1835 * Need to check this before update_payload since sync would be lost if
1836 * we return short buffer after that.
1837 */
1838 res = TEE_ERROR_GENERIC;
1839
1840 req_dlen = operation->buffer_offs + srcLen;
1841 if (*destLen < req_dlen) {
1842 *destLen = req_dlen;
1843 res = TEE_ERROR_SHORT_BUFFER;
1844 }
1845
1846 if (*tagLen < operation->info.digestLength) {
1847 *tagLen = operation->info.digestLength;
1848 res = TEE_ERROR_SHORT_BUFFER;
1849 }
1850
1851 if (res == TEE_ERROR_SHORT_BUFFER)
1852 goto out;
1853
1854 tl = *tagLen;
1855 tmp_dlen = *destLen - acc_dlen;
1856 if (operation->block_size > 1) {
1857 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1858 srcData, srcLen, dst, &tmp_dlen);
1859 if (res != TEE_SUCCESS)
1860 goto out;
1861
1862 dst += tmp_dlen;
1863 acc_dlen += tmp_dlen;
1864
1865 tmp_dlen = *destLen - acc_dlen;
1866 res = _utee_authenc_enc_final(operation->state,
1867 operation->buffer,
1868 operation->buffer_offs, dst,
1869 &tmp_dlen, tag, &tl);
1870 } else {
1871 res = _utee_authenc_enc_final(operation->state, srcData,
1872 srcLen, dst, &tmp_dlen,
1873 tag, &tl);
1874 }
1875 *tagLen = tl;
1876 if (res != TEE_SUCCESS)
1877 goto out;
1878
1879 acc_dlen += tmp_dlen;
1880 *destLen = acc_dlen;
1881
1882 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1883
1884 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1885
1886 out:
1887 if (res != TEE_SUCCESS &&
1888 res != TEE_ERROR_SHORT_BUFFER)
1889 TEE_Panic(res);
1890
1891 return res;
1892 }
1893
__GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t * tagLen)1894 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation,
1895 const void *srcData, uint32_t srcLen,
1896 void *destData, uint32_t *destLen,
1897 void *tag, uint32_t *tagLen)
1898 {
1899 TEE_Result res = TEE_SUCCESS;
1900 size_t dl = 0;
1901 size_t tl = 0;
1902
1903 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1904 __utee_check_inout_annotation(tagLen, sizeof(*tagLen));
1905 dl = *destLen;
1906 tl = *tagLen;
1907 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl,
1908 tag, &tl);
1909 *destLen = dl;
1910 *tagLen = tl;
1911 return res;
1912 }
1913
TEE_AEDecryptFinal(TEE_OperationHandle operation,const void * srcData,size_t srcLen,void * destData,size_t * destLen,void * tag,size_t tagLen)1914 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation,
1915 const void *srcData, size_t srcLen,
1916 void *destData, size_t *destLen, void *tag,
1917 size_t tagLen)
1918 {
1919 TEE_Result res = TEE_SUCCESS;
1920 uint8_t *dst = destData;
1921 size_t acc_dlen = 0;
1922 uint64_t tmp_dlen = 0;
1923 size_t req_dlen = 0;
1924
1925 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1926 res = TEE_ERROR_BAD_PARAMETERS;
1927 goto out;
1928 }
1929 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1930
1931 if (operation->info.operationClass != TEE_OPERATION_AE) {
1932 res = TEE_ERROR_BAD_PARAMETERS;
1933 goto out;
1934 }
1935
1936 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1937 res = TEE_ERROR_BAD_PARAMETERS;
1938 goto out;
1939 }
1940
1941 /*
1942 * Check that required destLen is big enough before starting to feed
1943 * data to the algorithm. Errors during feeding of data are fatal as we
1944 * can't restore sync with this API.
1945 */
1946 req_dlen = operation->buffer_offs + srcLen;
1947 if (*destLen < req_dlen) {
1948 *destLen = req_dlen;
1949 res = TEE_ERROR_SHORT_BUFFER;
1950 goto out;
1951 }
1952
1953 tmp_dlen = *destLen - acc_dlen;
1954 if (operation->block_size > 1) {
1955 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1956 srcData, srcLen, dst, &tmp_dlen);
1957 if (res != TEE_SUCCESS)
1958 goto out;
1959
1960 dst += tmp_dlen;
1961 acc_dlen += tmp_dlen;
1962
1963 tmp_dlen = *destLen - acc_dlen;
1964 res = _utee_authenc_dec_final(operation->state,
1965 operation->buffer,
1966 operation->buffer_offs, dst,
1967 &tmp_dlen, tag, tagLen);
1968 } else {
1969 res = _utee_authenc_dec_final(operation->state, srcData,
1970 srcLen, dst, &tmp_dlen,
1971 tag, tagLen);
1972 }
1973 if (res != TEE_SUCCESS)
1974 goto out;
1975
1976 /* Supplied tagLen should match what we initiated with */
1977 if (tagLen != operation->info.digestLength)
1978 res = TEE_ERROR_MAC_INVALID;
1979
1980 acc_dlen += tmp_dlen;
1981 *destLen = acc_dlen;
1982
1983 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1984
1985 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1986
1987 out:
1988 if (res != TEE_SUCCESS &&
1989 res != TEE_ERROR_SHORT_BUFFER &&
1990 res != TEE_ERROR_MAC_INVALID)
1991 TEE_Panic(res);
1992
1993 return res;
1994 }
1995
__GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t tagLen)1996 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation,
1997 const void *srcData, uint32_t srcLen,
1998 void *destData, uint32_t *destLen,
1999 void *tag, uint32_t tagLen)
2000 {
2001 TEE_Result res = TEE_SUCCESS;
2002 size_t dl = 0;
2003
2004 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2005 dl = *destLen;
2006 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl,
2007 tag, tagLen);
2008 *destLen = dl;
2009 return res;
2010 }
2011
2012 /* Cryptographic Operations API - Asymmetric Functions */
2013
TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,size_t srcLen,void * destData,size_t * destLen)2014 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation,
2015 const TEE_Attribute *params,
2016 uint32_t paramCount, const void *srcData,
2017 size_t srcLen, void *destData,
2018 size_t *destLen)
2019 {
2020 TEE_Result res = TEE_SUCCESS;
2021 struct utee_attribute ua[paramCount];
2022 uint64_t dl = 0;
2023
2024 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2025 TEE_Panic(0);
2026
2027 __utee_check_attr_in_annotation(params, paramCount);
2028 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2029
2030 if (!operation->key1)
2031 TEE_Panic(0);
2032 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2033 TEE_Panic(0);
2034 if (operation->info.mode != TEE_MODE_ENCRYPT)
2035 TEE_Panic(0);
2036
2037 __utee_from_attr(ua, params, paramCount);
2038 dl = *destLen;
2039 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2040 srcLen, destData, &dl);
2041 *destLen = dl;
2042
2043 if (res != TEE_SUCCESS &&
2044 res != TEE_ERROR_SHORT_BUFFER &&
2045 res != TEE_ERROR_BAD_PARAMETERS &&
2046 res != TEE_ERROR_CIPHERTEXT_INVALID &&
2047 res != TEE_ERROR_NOT_SUPPORTED)
2048 TEE_Panic(res);
2049
2050 return res;
2051 }
2052
__GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)2053 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation,
2054 const __GP11_TEE_Attribute *params,
2055 uint32_t paramCount,
2056 const void *srcData, uint32_t srcLen,
2057 void *destData, uint32_t *destLen)
2058 {
2059 TEE_Result res = TEE_SUCCESS;
2060 struct utee_attribute ua[paramCount];
2061 uint64_t dl = 0;
2062
2063 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2064 TEE_Panic(0);
2065
2066 __utee_check_gp11_attr_in_annotation(params, paramCount);
2067 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2068
2069 if (!operation->key1)
2070 TEE_Panic(0);
2071 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2072 TEE_Panic(0);
2073 if (operation->info.mode != TEE_MODE_ENCRYPT)
2074 TEE_Panic(0);
2075
2076 __utee_from_gp11_attr(ua, params, paramCount);
2077 dl = *destLen;
2078 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2079 srcLen, destData, &dl);
2080 *destLen = dl;
2081
2082 if (res != TEE_SUCCESS &&
2083 res != TEE_ERROR_SHORT_BUFFER &&
2084 res != TEE_ERROR_BAD_PARAMETERS)
2085 TEE_Panic(res);
2086
2087 return res;
2088 }
2089
TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,size_t srcLen,void * destData,size_t * destLen)2090 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation,
2091 const TEE_Attribute *params,
2092 uint32_t paramCount, const void *srcData,
2093 size_t srcLen, void *destData,
2094 size_t *destLen)
2095 {
2096 TEE_Result res = TEE_SUCCESS;
2097 struct utee_attribute ua[paramCount];
2098 uint64_t dl = 0;
2099
2100 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2101 TEE_Panic(0);
2102
2103 __utee_check_attr_in_annotation(params, paramCount);
2104 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2105
2106 if (!operation->key1)
2107 TEE_Panic(0);
2108 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2109 TEE_Panic(0);
2110 if (operation->info.mode != TEE_MODE_DECRYPT)
2111 TEE_Panic(0);
2112
2113 __utee_from_attr(ua, params, paramCount);
2114 dl = *destLen;
2115 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2116 srcLen, destData, &dl);
2117 *destLen = dl;
2118
2119 if (res != TEE_SUCCESS &&
2120 res != TEE_ERROR_SHORT_BUFFER &&
2121 res != TEE_ERROR_BAD_PARAMETERS &&
2122 res != TEE_ERROR_CIPHERTEXT_INVALID &&
2123 res != TEE_ERROR_NOT_SUPPORTED)
2124 TEE_Panic(res);
2125
2126 return res;
2127 }
2128
__GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)2129 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation,
2130 const __GP11_TEE_Attribute *params,
2131 uint32_t paramCount,
2132 const void *srcData, uint32_t srcLen,
2133 void *destData, uint32_t *destLen)
2134 {
2135 TEE_Result res = TEE_SUCCESS;
2136 struct utee_attribute ua[paramCount];
2137 uint64_t dl = 0;
2138
2139 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
2140 TEE_Panic(0);
2141
2142 __utee_check_gp11_attr_in_annotation(params, paramCount);
2143 __utee_check_inout_annotation(destLen, sizeof(*destLen));
2144
2145 if (!operation->key1)
2146 TEE_Panic(0);
2147 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
2148 TEE_Panic(0);
2149 if (operation->info.mode != TEE_MODE_DECRYPT)
2150 TEE_Panic(0);
2151
2152 __utee_from_gp11_attr(ua, params, paramCount);
2153 dl = *destLen;
2154 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
2155 srcLen, destData, &dl);
2156 *destLen = dl;
2157
2158 if (res != TEE_SUCCESS &&
2159 res != TEE_ERROR_SHORT_BUFFER &&
2160 res != TEE_ERROR_BAD_PARAMETERS)
2161 TEE_Panic(res);
2162
2163 return res;
2164 }
2165
TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,size_t digestLen,void * signature,size_t * signatureLen)2166 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation,
2167 const TEE_Attribute *params,
2168 uint32_t paramCount, const void *digest,
2169 size_t digestLen, void *signature,
2170 size_t *signatureLen)
2171 {
2172 TEE_Result res = TEE_SUCCESS;
2173 struct utee_attribute ua[paramCount];
2174 uint64_t sl = 0;
2175
2176 if (operation == TEE_HANDLE_NULL || (!digest && digestLen))
2177 TEE_Panic(0);
2178
2179 __utee_check_attr_in_annotation(params, paramCount);
2180 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen));
2181
2182 if (!operation->key1)
2183 TEE_Panic(0);
2184 if (operation->info.operationClass !=
2185 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2186 TEE_Panic(0);
2187 if (operation->info.mode != TEE_MODE_SIGN)
2188 TEE_Panic(0);
2189
2190 __utee_from_attr(ua, params, paramCount);
2191 sl = *signatureLen;
2192 res = _utee_asymm_operate(operation->state, ua, paramCount, digest,
2193 digestLen, signature, &sl);
2194 *signatureLen = sl;
2195
2196 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER)
2197 TEE_Panic(res);
2198
2199 return res;
2200 }
2201
__GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,void * signature,uint32_t * signatureLen)2202 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation,
2203 const __GP11_TEE_Attribute *params,
2204 uint32_t paramCount,
2205 const void *digest,
2206 uint32_t digestLen, void *signature,
2207 uint32_t *signatureLen)
2208 {
2209 TEE_Result res = TEE_SUCCESS;
2210 struct utee_attribute ua[paramCount];
2211 uint64_t sl = 0;
2212
2213 if (operation == TEE_HANDLE_NULL || (!digest && digestLen))
2214 TEE_Panic(0);
2215
2216 __utee_check_gp11_attr_in_annotation(params, paramCount);
2217 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen));
2218
2219 if (!operation->key1)
2220 TEE_Panic(0);
2221 if (operation->info.operationClass !=
2222 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2223 TEE_Panic(0);
2224 if (operation->info.mode != TEE_MODE_SIGN)
2225 TEE_Panic(0);
2226
2227 __utee_from_gp11_attr(ua, params, paramCount);
2228 sl = *signatureLen;
2229 res = _utee_asymm_operate(operation->state, ua, paramCount, digest,
2230 digestLen, signature, &sl);
2231 *signatureLen = sl;
2232
2233 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER)
2234 TEE_Panic(res);
2235
2236 return res;
2237 }
2238
TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,size_t digestLen,const void * signature,size_t signatureLen)2239 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,
2240 const TEE_Attribute *params,
2241 uint32_t paramCount, const void *digest,
2242 size_t digestLen,
2243 const void *signature,
2244 size_t signatureLen)
2245 {
2246 TEE_Result res;
2247 struct utee_attribute ua[paramCount];
2248
2249 if (operation == TEE_HANDLE_NULL ||
2250 (digest == NULL && digestLen != 0) ||
2251 (signature == NULL && signatureLen != 0))
2252 TEE_Panic(0);
2253
2254 __utee_check_attr_in_annotation(params, paramCount);
2255
2256 if (!operation->key1)
2257 TEE_Panic(0);
2258 if (operation->info.operationClass !=
2259 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2260 TEE_Panic(0);
2261 if (operation->info.mode != TEE_MODE_VERIFY)
2262 TEE_Panic(0);
2263
2264 __utee_from_attr(ua, params, paramCount);
2265 res = _utee_asymm_verify(operation->state, ua, paramCount, digest,
2266 digestLen, signature, signatureLen);
2267
2268 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID)
2269 TEE_Panic(res);
2270
2271 return res;
2272 }
2273
__GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,const void * signature,uint32_t signatureLen)2274 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,
2275 const __GP11_TEE_Attribute *params,
2276 uint32_t paramCount,
2277 const void *digest,
2278 uint32_t digestLen,
2279 const void *signature,
2280 uint32_t signatureLen)
2281 {
2282 TEE_Result res = TEE_SUCCESS;
2283 struct utee_attribute ua[paramCount];
2284
2285 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) ||
2286 (!signature && signatureLen))
2287 TEE_Panic(0);
2288
2289 __utee_check_gp11_attr_in_annotation(params, paramCount);
2290
2291 if (!operation->key1)
2292 TEE_Panic(0);
2293 if (operation->info.operationClass !=
2294 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
2295 TEE_Panic(0);
2296 if (operation->info.mode != TEE_MODE_VERIFY)
2297 TEE_Panic(0);
2298
2299 __utee_from_gp11_attr(ua, params, paramCount);
2300 res = _utee_asymm_verify(operation->state, ua, paramCount, digest,
2301 digestLen, signature, signatureLen);
2302
2303 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID)
2304 TEE_Panic(res);
2305
2306 return res;
2307 }
2308
2309 /* Cryptographic Operations API - Key Derivation Functions */
2310
TEE_DeriveKey(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,TEE_ObjectHandle derivedKey)2311 void TEE_DeriveKey(TEE_OperationHandle operation,
2312 const TEE_Attribute *params, uint32_t paramCount,
2313 TEE_ObjectHandle derivedKey)
2314 {
2315 struct utee_attribute ua[paramCount];
2316 struct utee_object_info key_info = { };
2317 TEE_Result res = TEE_SUCCESS;
2318
2319 if (operation == TEE_HANDLE_NULL || derivedKey == 0)
2320 TEE_Panic(0);
2321
2322 __utee_check_attr_in_annotation(params, paramCount);
2323
2324 if (TEE_ALG_GET_CLASS(operation->info.algorithm) !=
2325 TEE_OPERATION_KEY_DERIVATION)
2326 TEE_Panic(0);
2327
2328 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION)
2329 TEE_Panic(0);
2330 if (!operation->key1)
2331 TEE_Panic(0);
2332 if (operation->info.mode != TEE_MODE_DERIVE)
2333 TEE_Panic(0);
2334 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0)
2335 TEE_Panic(0);
2336
2337 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info);
2338 if (res != TEE_SUCCESS)
2339 TEE_Panic(res);
2340
2341 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET)
2342 TEE_Panic(0);
2343 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0)
2344 TEE_Panic(0);
2345
2346 __utee_from_attr(ua, params, paramCount);
2347 res = _utee_cryp_derive_key(operation->state, ua, paramCount,
2348 (unsigned long)derivedKey);
2349 if (res != TEE_SUCCESS)
2350 TEE_Panic(res);
2351 }
2352
__GP11_TEE_DeriveKey(TEE_OperationHandle operation,const __GP11_TEE_Attribute * params,uint32_t paramCount,TEE_ObjectHandle derivedKey)2353 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation,
2354 const __GP11_TEE_Attribute *params,
2355 uint32_t paramCount, TEE_ObjectHandle derivedKey)
2356 {
2357 struct utee_attribute ua[paramCount];
2358 struct utee_object_info key_info = { };
2359 TEE_Result res = TEE_SUCCESS;
2360
2361 if (operation == TEE_HANDLE_NULL || derivedKey == 0)
2362 TEE_Panic(0);
2363
2364 __utee_check_gp11_attr_in_annotation(params, paramCount);
2365
2366 if (TEE_ALG_GET_CLASS(operation->info.algorithm) !=
2367 TEE_OPERATION_KEY_DERIVATION)
2368 TEE_Panic(0);
2369
2370 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION)
2371 TEE_Panic(0);
2372 if (!operation->key1)
2373 TEE_Panic(0);
2374 if (operation->info.mode != TEE_MODE_DERIVE)
2375 TEE_Panic(0);
2376 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0)
2377 TEE_Panic(0);
2378
2379 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info);
2380 if (res != TEE_SUCCESS)
2381 TEE_Panic(res);
2382
2383 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET)
2384 TEE_Panic(0);
2385 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0)
2386 TEE_Panic(0);
2387
2388 __utee_from_gp11_attr(ua, params, paramCount);
2389 res = _utee_cryp_derive_key(operation->state, ua, paramCount,
2390 (unsigned long)derivedKey);
2391 if (res != TEE_SUCCESS)
2392 TEE_Panic(res);
2393 }
2394
2395 /* Cryptographic Operations API - Random Number Generation Functions */
2396
TEE_GenerateRandom(void * randomBuffer,size_t randomBufferLen)2397 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen)
2398 {
2399 TEE_Result res;
2400
2401 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen);
2402 if (res != TEE_SUCCESS)
2403 TEE_Panic(res);
2404 }
2405
__GP11_TEE_GenerateRandom(void * randomBuffer,uint32_t randomBufferLen)2406 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen)
2407 {
2408 TEE_GenerateRandom(randomBuffer, randomBufferLen);
2409 }
2410
rand(void)2411 int rand(void)
2412 {
2413 int rc;
2414
2415 TEE_GenerateRandom(&rc, sizeof(rc));
2416
2417 /*
2418 * RAND_MAX is the larges int, INT_MAX which is all bits but the
2419 * highest bit set.
2420 */
2421 return rc & RAND_MAX;
2422 }
2423
TEE_IsAlgorithmSupported(uint32_t alg,uint32_t element)2424 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element)
2425 {
2426 if (IS_ENABLED(CFG_CRYPTO_AES)) {
2427 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2428 if (alg == TEE_ALG_AES_ECB_NOPAD)
2429 goto check_element_none;
2430 }
2431 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2432 if (alg == TEE_ALG_AES_CBC_NOPAD)
2433 goto check_element_none;
2434 }
2435 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
2436 if (alg == TEE_ALG_AES_CTR)
2437 goto check_element_none;
2438 }
2439 if (IS_ENABLED(CFG_CRYPTO_CTS)) {
2440 if (alg == TEE_ALG_AES_CTS)
2441 goto check_element_none;
2442 }
2443 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
2444 if (alg == TEE_ALG_AES_XTS)
2445 goto check_element_none;
2446 }
2447 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
2448 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD ||
2449 alg == TEE_ALG_AES_CBC_MAC_PKCS5)
2450 goto check_element_none;
2451 }
2452 if (IS_ENABLED(CFG_CRYPTO_CMAC)) {
2453 if (alg == TEE_ALG_AES_CMAC)
2454 goto check_element_none;
2455 }
2456 if (IS_ENABLED(CFG_CRYPTO_CCM)) {
2457 if (alg == TEE_ALG_AES_CCM)
2458 goto check_element_none;
2459 }
2460 if (IS_ENABLED(CFG_CRYPTO_GCM)) {
2461 if (alg == TEE_ALG_AES_GCM)
2462 goto check_element_none;
2463 }
2464 }
2465 if (IS_ENABLED(CFG_CRYPTO_DES)) {
2466 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2467 if (alg == TEE_ALG_DES_ECB_NOPAD ||
2468 alg == TEE_ALG_DES3_ECB_NOPAD)
2469 goto check_element_none;
2470 }
2471 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2472 if (alg == TEE_ALG_DES_CBC_NOPAD ||
2473 alg == TEE_ALG_DES3_CBC_NOPAD)
2474 goto check_element_none;
2475 }
2476 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
2477 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD ||
2478 alg == TEE_ALG_DES_CBC_MAC_PKCS5 ||
2479 alg == TEE_ALG_DES3_CBC_MAC_NOPAD ||
2480 alg == TEE_ALG_DES3_CBC_MAC_PKCS5)
2481 goto check_element_none;
2482 }
2483 }
2484 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2485 if (alg == TEE_ALG_MD5)
2486 goto check_element_none;
2487 }
2488 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2489 if (alg == TEE_ALG_SHA1)
2490 goto check_element_none;
2491 }
2492 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2493 if (alg == TEE_ALG_SHA224)
2494 goto check_element_none;
2495 }
2496 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2497 if (alg == TEE_ALG_SHA256)
2498 goto check_element_none;
2499 }
2500 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2501 if (alg == TEE_ALG_SHA384)
2502 goto check_element_none;
2503 }
2504 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2505 if (alg == TEE_ALG_SHA512)
2506 goto check_element_none;
2507 }
2508 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) {
2509 if (alg == TEE_ALG_SHA3_224)
2510 goto check_element_none;
2511 }
2512 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) {
2513 if (alg == TEE_ALG_SHA3_256)
2514 goto check_element_none;
2515 }
2516 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) {
2517 if (alg == TEE_ALG_SHA3_384)
2518 goto check_element_none;
2519 }
2520 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) {
2521 if (alg == TEE_ALG_SHA3_512)
2522 goto check_element_none;
2523 }
2524 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
2525 if (alg == TEE_ALG_MD5SHA1)
2526 goto check_element_none;
2527 }
2528 if (IS_ENABLED(CFG_CRYPTO_HMAC)) {
2529 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2530 if (alg == TEE_ALG_HMAC_MD5)
2531 goto check_element_none;
2532 }
2533 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2534 if (alg == TEE_ALG_HMAC_SHA1)
2535 goto check_element_none;
2536 }
2537 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2538 if (alg == TEE_ALG_HMAC_SHA224)
2539 goto check_element_none;
2540 }
2541 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2542 if (alg == TEE_ALG_HMAC_SHA256)
2543 goto check_element_none;
2544 }
2545 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2546 if (alg == TEE_ALG_HMAC_SHA384)
2547 goto check_element_none;
2548 }
2549 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2550 if (alg == TEE_ALG_HMAC_SHA512)
2551 goto check_element_none;
2552 }
2553 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) {
2554 if (alg == TEE_ALG_HMAC_SHA3_224)
2555 goto check_element_none;
2556 }
2557 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) {
2558 if (alg == TEE_ALG_HMAC_SHA3_256)
2559 goto check_element_none;
2560 }
2561 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) {
2562 if (alg == TEE_ALG_HMAC_SHA3_384)
2563 goto check_element_none;
2564 }
2565 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) {
2566 if (alg == TEE_ALG_HMAC_SHA3_512)
2567 goto check_element_none;
2568 }
2569 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
2570 if (alg == TEE_ALG_HMAC_SM3)
2571 goto check_element_none;
2572 }
2573 }
2574 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
2575 if (alg == TEE_ALG_SM3)
2576 goto check_element_none;
2577 }
2578 if (IS_ENABLED(CFG_CRYPTO_SM4)) {
2579 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
2580 if (alg == TEE_ALG_SM4_ECB_NOPAD)
2581 goto check_element_none;
2582 }
2583 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
2584 if (alg == TEE_ALG_SM4_CBC_NOPAD)
2585 goto check_element_none;
2586 }
2587 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
2588 if (alg == TEE_ALG_SM4_CTR)
2589 goto check_element_none;
2590 }
2591 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
2592 if (alg == TEE_ALG_SM4_XTS)
2593 goto check_element_none;
2594 }
2595 }
2596 if (IS_ENABLED(CFG_CRYPTO_RSA)) {
2597 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
2598 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5 ||
2599 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 ||
2600 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5)
2601 goto check_element_none;
2602 }
2603 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2604 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 ||
2605 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 ||
2606 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1)
2607 goto check_element_none;
2608 }
2609 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
2610 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1)
2611 goto check_element_none;
2612 }
2613 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2614 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 ||
2615 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 ||
2616 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224)
2617 goto check_element_none;
2618 }
2619 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2620 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 ||
2621 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 ||
2622 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256)
2623 goto check_element_none;
2624 }
2625 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2626 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 ||
2627 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 ||
2628 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384)
2629 goto check_element_none;
2630 }
2631 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2632 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 ||
2633 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 ||
2634 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512)
2635 goto check_element_none;
2636 }
2637 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) {
2638 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5)
2639 goto check_element_none;
2640 }
2641 if (alg == TEE_ALG_RSA_NOPAD)
2642 goto check_element_none;
2643 }
2644 if (IS_ENABLED(CFG_CRYPTO_DSA)) {
2645 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2646 if (alg == TEE_ALG_DSA_SHA1)
2647 goto check_element_none;
2648 }
2649 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2650 if (alg == TEE_ALG_DSA_SHA224)
2651 goto check_element_none;
2652 }
2653 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2654 if (alg == TEE_ALG_DSA_SHA256)
2655 goto check_element_none;
2656 }
2657 }
2658 if (IS_ENABLED(CFG_CRYPTO_DH)) {
2659 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET)
2660 goto check_element_none;
2661 }
2662 if (IS_ENABLED(CFG_CRYPTO_ECC)) {
2663 if ((alg == __OPTEE_ALG_ECDH_P192 ||
2664 alg == __OPTEE_ALG_ECDSA_P192 ||
2665 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2666 alg == TEE_ALG_ECDSA_SHA1) &&
2667 element == TEE_ECC_CURVE_NIST_P192)
2668 return TEE_SUCCESS;
2669 if ((alg == __OPTEE_ALG_ECDH_P224 ||
2670 alg == __OPTEE_ALG_ECDSA_P224 ||
2671 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2672 alg == TEE_ALG_ECDSA_SHA224) &&
2673 element == TEE_ECC_CURVE_NIST_P224)
2674 return TEE_SUCCESS;
2675 if ((alg == __OPTEE_ALG_ECDH_P256 ||
2676 alg == __OPTEE_ALG_ECDSA_P256 ||
2677 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2678 alg == TEE_ALG_ECDSA_SHA256) &&
2679 element == TEE_ECC_CURVE_NIST_P256)
2680 return TEE_SUCCESS;
2681 if ((alg == __OPTEE_ALG_ECDH_P384 ||
2682 alg == __OPTEE_ALG_ECDSA_P384 ||
2683 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2684 alg == TEE_ALG_ECDSA_SHA384) &&
2685 element == TEE_ECC_CURVE_NIST_P384)
2686 return TEE_SUCCESS;
2687 if ((alg == __OPTEE_ALG_ECDH_P521 ||
2688 alg == __OPTEE_ALG_ECDSA_P521 ||
2689 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
2690 alg == TEE_ALG_ECDSA_SHA512) &&
2691 element == TEE_ECC_CURVE_NIST_P521)
2692 return TEE_SUCCESS;
2693 }
2694 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) {
2695 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2)
2696 return TEE_SUCCESS;
2697 }
2698 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) {
2699 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2)
2700 return TEE_SUCCESS;
2701 }
2702 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) {
2703 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2)
2704 return TEE_SUCCESS;
2705 }
2706 if (IS_ENABLED(CFG_CRYPTO_X25519)) {
2707 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519)
2708 return TEE_SUCCESS;
2709 }
2710 if (IS_ENABLED(CFG_CRYPTO_ED25519)) {
2711 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519)
2712 return TEE_SUCCESS;
2713 }
2714
2715 return TEE_ERROR_NOT_SUPPORTED;
2716 check_element_none:
2717 if (element == TEE_CRYPTO_ELEMENT_NONE)
2718 return TEE_SUCCESS;
2719 return TEE_ERROR_NOT_SUPPORTED;
2720 }
2721