1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <config.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <string_ext.h> 10 #include <tee_api.h> 11 #include <tee_api_defines_extensions.h> 12 #include <tee_internal_api_extensions.h> 13 #include <utee_syscalls.h> 14 #include <utee_defines.h> 15 #include <util.h> 16 #include "tee_api_private.h" 17 18 struct __TEE_OperationHandle { 19 TEE_OperationInfo info; 20 TEE_ObjectHandle key1; 21 TEE_ObjectHandle key2; 22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 23 uint8_t *buffer; /* buffer to collect complete blocks */ 24 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 25 size_t block_size; /* Block size of cipher */ 26 size_t buffer_offs; /* Offset in buffer */ 27 uint32_t state; /* Handle to state in TEE Core */ 28 }; 29 30 /* Cryptographic Operations API - Generic Operation Functions */ 31 32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 33 uint32_t algorithm, uint32_t mode, 34 uint32_t maxKeySize) 35 { 36 TEE_Result res; 37 TEE_OperationHandle op = TEE_HANDLE_NULL; 38 uint32_t handle_state = 0; 39 size_t block_size = 1; 40 uint32_t req_key_usage; 41 bool with_private_key = false; 42 bool buffer_two_blocks = false; 43 44 if (!operation) 45 TEE_Panic(0); 46 47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP) 48 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 49 50 /* Check algorithm max key size */ 51 switch (algorithm) { 52 case TEE_ALG_DSA_SHA1: 53 if (maxKeySize < 512) 54 return TEE_ERROR_NOT_SUPPORTED; 55 if (maxKeySize > 1024) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize % 64 != 0) 58 return TEE_ERROR_NOT_SUPPORTED; 59 break; 60 61 case TEE_ALG_DSA_SHA224: 62 if (maxKeySize != 2048) 63 return TEE_ERROR_NOT_SUPPORTED; 64 break; 65 66 case TEE_ALG_DSA_SHA256: 67 if (maxKeySize != 2048 && maxKeySize != 3072) 68 return TEE_ERROR_NOT_SUPPORTED; 69 break; 70 71 case TEE_ALG_ECDSA_P192: 72 case TEE_ALG_ECDH_P192: 73 if (maxKeySize != 192) 74 return TEE_ERROR_NOT_SUPPORTED; 75 break; 76 77 case TEE_ALG_ECDSA_P224: 78 case TEE_ALG_ECDH_P224: 79 if (maxKeySize != 224) 80 return TEE_ERROR_NOT_SUPPORTED; 81 break; 82 83 case TEE_ALG_ECDSA_P256: 84 case TEE_ALG_ECDH_P256: 85 case TEE_ALG_SM2_PKE: 86 case TEE_ALG_SM2_DSA_SM3: 87 if (maxKeySize != 256) 88 return TEE_ERROR_NOT_SUPPORTED; 89 break; 90 91 case TEE_ALG_SM2_KEP: 92 /* Two 256-bit keys */ 93 if (maxKeySize != 512) 94 return TEE_ERROR_NOT_SUPPORTED; 95 break; 96 97 case TEE_ALG_ECDSA_P384: 98 case TEE_ALG_ECDH_P384: 99 if (maxKeySize != 384) 100 return TEE_ERROR_NOT_SUPPORTED; 101 break; 102 103 case TEE_ALG_ECDSA_P521: 104 case TEE_ALG_ECDH_P521: 105 if (maxKeySize != 521) 106 return TEE_ERROR_NOT_SUPPORTED; 107 break; 108 case TEE_ALG_X25519: 109 if (maxKeySize != 256) 110 return TEE_ERROR_NOT_SUPPORTED; 111 break; 112 default: 113 break; 114 } 115 116 /* Check algorithm mode (and maxKeySize for digests) */ 117 switch (algorithm) { 118 case TEE_ALG_AES_CTS: 119 case TEE_ALG_AES_XTS: 120 buffer_two_blocks = true; 121 fallthrough; 122 case TEE_ALG_AES_ECB_NOPAD: 123 case TEE_ALG_AES_CBC_NOPAD: 124 case TEE_ALG_AES_CCM: 125 case TEE_ALG_DES_ECB_NOPAD: 126 case TEE_ALG_DES_CBC_NOPAD: 127 case TEE_ALG_DES3_ECB_NOPAD: 128 case TEE_ALG_DES3_CBC_NOPAD: 129 case TEE_ALG_SM4_ECB_NOPAD: 130 case TEE_ALG_SM4_CBC_NOPAD: 131 case TEE_ALG_SM4_CTR: 132 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 133 block_size = TEE_AES_BLOCK_SIZE; 134 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 135 block_size = TEE_SM4_BLOCK_SIZE; 136 else 137 block_size = TEE_DES_BLOCK_SIZE; 138 fallthrough; 139 case TEE_ALG_AES_CTR: 140 case TEE_ALG_AES_GCM: 141 if (mode == TEE_MODE_ENCRYPT) 142 req_key_usage = TEE_USAGE_ENCRYPT; 143 else if (mode == TEE_MODE_DECRYPT) 144 req_key_usage = TEE_USAGE_DECRYPT; 145 else 146 return TEE_ERROR_NOT_SUPPORTED; 147 break; 148 149 #if defined(CFG_CRYPTO_RSASSA_NA1) 150 case TEE_ALG_RSASSA_PKCS1_V1_5: 151 #endif 152 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 153 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 154 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 158 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 159 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 163 case TEE_ALG_DSA_SHA1: 164 case TEE_ALG_DSA_SHA224: 165 case TEE_ALG_DSA_SHA256: 166 case TEE_ALG_ECDSA_P192: 167 case TEE_ALG_ECDSA_P224: 168 case TEE_ALG_ECDSA_P256: 169 case TEE_ALG_ECDSA_P384: 170 case TEE_ALG_ECDSA_P521: 171 case TEE_ALG_SM2_DSA_SM3: 172 if (mode == TEE_MODE_SIGN) { 173 with_private_key = true; 174 req_key_usage = TEE_USAGE_SIGN; 175 } else if (mode == TEE_MODE_VERIFY) { 176 req_key_usage = TEE_USAGE_VERIFY; 177 } else { 178 return TEE_ERROR_NOT_SUPPORTED; 179 } 180 break; 181 182 case TEE_ALG_RSAES_PKCS1_V1_5: 183 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 184 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 188 case TEE_ALG_SM2_PKE: 189 if (mode == TEE_MODE_ENCRYPT) { 190 req_key_usage = TEE_USAGE_ENCRYPT; 191 } else if (mode == TEE_MODE_DECRYPT) { 192 with_private_key = true; 193 req_key_usage = TEE_USAGE_DECRYPT; 194 } else { 195 return TEE_ERROR_NOT_SUPPORTED; 196 } 197 break; 198 199 case TEE_ALG_RSA_NOPAD: 200 if (mode == TEE_MODE_ENCRYPT) { 201 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 202 } else if (mode == TEE_MODE_DECRYPT) { 203 with_private_key = true; 204 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 205 } else { 206 return TEE_ERROR_NOT_SUPPORTED; 207 } 208 break; 209 210 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 211 case TEE_ALG_ECDH_P192: 212 case TEE_ALG_ECDH_P224: 213 case TEE_ALG_ECDH_P256: 214 case TEE_ALG_ECDH_P384: 215 case TEE_ALG_ECDH_P521: 216 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 227 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 228 case TEE_ALG_SM2_KEP: 229 case TEE_ALG_X25519: 230 if (mode != TEE_MODE_DERIVE) 231 return TEE_ERROR_NOT_SUPPORTED; 232 with_private_key = true; 233 req_key_usage = TEE_USAGE_DERIVE; 234 break; 235 236 case TEE_ALG_MD5: 237 case TEE_ALG_SHA1: 238 case TEE_ALG_SHA224: 239 case TEE_ALG_SHA256: 240 case TEE_ALG_SHA384: 241 case TEE_ALG_SHA512: 242 case TEE_ALG_SM3: 243 if (mode != TEE_MODE_DIGEST) 244 return TEE_ERROR_NOT_SUPPORTED; 245 if (maxKeySize) 246 return TEE_ERROR_NOT_SUPPORTED; 247 /* v1.1: flags always set for digest operations */ 248 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 249 req_key_usage = 0; 250 break; 251 252 case TEE_ALG_DES_CBC_MAC_NOPAD: 253 case TEE_ALG_AES_CBC_MAC_NOPAD: 254 case TEE_ALG_AES_CBC_MAC_PKCS5: 255 case TEE_ALG_AES_CMAC: 256 case TEE_ALG_DES_CBC_MAC_PKCS5: 257 case TEE_ALG_DES3_CBC_MAC_NOPAD: 258 case TEE_ALG_DES3_CBC_MAC_PKCS5: 259 case TEE_ALG_DES3_CMAC: 260 case TEE_ALG_HMAC_MD5: 261 case TEE_ALG_HMAC_SHA1: 262 case TEE_ALG_HMAC_SHA224: 263 case TEE_ALG_HMAC_SHA256: 264 case TEE_ALG_HMAC_SHA384: 265 case TEE_ALG_HMAC_SHA512: 266 case TEE_ALG_HMAC_SM3: 267 if (mode != TEE_MODE_MAC) 268 return TEE_ERROR_NOT_SUPPORTED; 269 req_key_usage = TEE_USAGE_MAC; 270 break; 271 272 default: 273 return TEE_ERROR_NOT_SUPPORTED; 274 } 275 276 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 277 if (!op) 278 return TEE_ERROR_OUT_OF_MEMORY; 279 280 op->info.algorithm = algorithm; 281 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 282 #ifdef CFG_CRYPTO_RSASSA_NA1 283 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 284 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 285 #endif 286 op->info.mode = mode; 287 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 288 op->info.maxKeySize = maxKeySize; 289 op->info.requiredKeyUsage = req_key_usage; 290 op->info.handleState = handle_state; 291 292 if (block_size > 1) { 293 size_t buffer_size = block_size; 294 295 if (buffer_two_blocks) 296 buffer_size *= 2; 297 298 op->buffer = TEE_Malloc(buffer_size, 299 TEE_USER_MEM_HINT_NO_FILL_ZERO); 300 if (op->buffer == NULL) { 301 res = TEE_ERROR_OUT_OF_MEMORY; 302 goto out; 303 } 304 } 305 op->block_size = block_size; 306 op->buffer_two_blocks = buffer_two_blocks; 307 308 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 309 uint32_t mks = maxKeySize; 310 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 311 with_private_key); 312 313 /* 314 * If two keys are expected the max key size is the sum of 315 * the size of both keys. 316 */ 317 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 318 mks /= 2; 319 320 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 321 if (res != TEE_SUCCESS) 322 goto out; 323 324 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 325 res = TEE_AllocateTransientObject(key_type, mks, 326 &op->key2); 327 if (res != TEE_SUCCESS) 328 goto out; 329 } 330 } 331 332 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 333 (unsigned long)op->key2, &op->state); 334 if (res != TEE_SUCCESS) 335 goto out; 336 337 /* 338 * Initialize digest operations 339 * Other multi-stage operations initialized w/ TEE_xxxInit functions 340 * Non-applicable on asymmetric operations 341 */ 342 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 343 res = _utee_hash_init(op->state, NULL, 0); 344 if (res != TEE_SUCCESS) 345 goto out; 346 /* v1.1: flags always set for digest operations */ 347 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 348 } 349 350 op->operationState = TEE_OPERATION_STATE_INITIAL; 351 352 *operation = op; 353 354 out: 355 if (res != TEE_SUCCESS) { 356 if (res != TEE_ERROR_OUT_OF_MEMORY && 357 res != TEE_ERROR_NOT_SUPPORTED) 358 TEE_Panic(res); 359 if (op) { 360 if (op->state) { 361 TEE_FreeOperation(op); 362 } else { 363 TEE_Free(op->buffer); 364 TEE_FreeTransientObject(op->key1); 365 TEE_FreeTransientObject(op->key2); 366 TEE_Free(op); 367 } 368 } 369 } 370 371 return res; 372 } 373 374 void TEE_FreeOperation(TEE_OperationHandle operation) 375 { 376 TEE_Result res; 377 378 if (operation == TEE_HANDLE_NULL) 379 TEE_Panic(0); 380 381 /* 382 * Note that keys should not be freed here, since they are 383 * claimed by the operation they will be freed by 384 * utee_cryp_state_free(). 385 */ 386 res = _utee_cryp_state_free(operation->state); 387 if (res != TEE_SUCCESS) 388 TEE_Panic(res); 389 390 TEE_Free(operation->buffer); 391 TEE_Free(operation); 392 } 393 394 void TEE_GetOperationInfo(TEE_OperationHandle operation, 395 TEE_OperationInfo *operationInfo) 396 { 397 if (operation == TEE_HANDLE_NULL) 398 TEE_Panic(0); 399 400 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 401 402 *operationInfo = operation->info; 403 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 404 operationInfo->keySize = 0; 405 operationInfo->requiredKeyUsage = 0; 406 } 407 } 408 409 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 410 TEE_OperationInfoMultiple *op_info, 411 uint32_t *size) 412 { 413 TEE_Result res = TEE_SUCCESS; 414 TEE_ObjectInfo kinfo = { }; 415 size_t max_key_count = 0; 416 bool two_keys = false; 417 418 if (op == TEE_HANDLE_NULL) { 419 res = TEE_ERROR_BAD_PARAMETERS; 420 goto out; 421 } 422 423 __utee_check_outbuf_annotation(op_info, size); 424 425 if (*size < sizeof(*op_info)) { 426 res = TEE_ERROR_BAD_PARAMETERS; 427 goto out; 428 } 429 max_key_count = (*size - sizeof(*op_info)) / 430 sizeof(TEE_OperationInfoKey); 431 432 TEE_MemFill(op_info, 0, *size); 433 434 /* Two keys flag (TEE_ALG_AES_XTS only) */ 435 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 436 437 if (op->info.mode == TEE_MODE_DIGEST) { 438 op_info->numberOfKeys = 0; 439 } else if (!two_keys) { 440 if (max_key_count < 1) { 441 res = TEE_ERROR_SHORT_BUFFER; 442 goto out; 443 } 444 445 res = TEE_GetObjectInfo1(op->key1, &kinfo); 446 /* Key1 is not a valid handle, "can't happen". */ 447 if (res) 448 goto out; 449 450 op_info->keyInformation[0].keySize = kinfo.keySize; 451 op_info->keyInformation[0].requiredKeyUsage = 452 op->info.requiredKeyUsage; 453 op_info->numberOfKeys = 1; 454 } else { 455 if (max_key_count < 2) { 456 res = TEE_ERROR_SHORT_BUFFER; 457 goto out; 458 } 459 460 res = TEE_GetObjectInfo1(op->key1, &kinfo); 461 /* Key1 is not a valid handle, "can't happen". */ 462 if (res) 463 goto out; 464 465 op_info->keyInformation[0].keySize = kinfo.keySize; 466 op_info->keyInformation[0].requiredKeyUsage = 467 op->info.requiredKeyUsage; 468 469 res = TEE_GetObjectInfo1(op->key2, &kinfo); 470 /* Key2 is not a valid handle, "can't happen". */ 471 if (res) 472 goto out; 473 474 op_info->keyInformation[1].keySize = kinfo.keySize; 475 op_info->keyInformation[1].requiredKeyUsage = 476 op->info.requiredKeyUsage; 477 478 op_info->numberOfKeys = 2; 479 } 480 481 op_info->algorithm = op->info.algorithm; 482 op_info->operationClass = op->info.operationClass; 483 op_info->mode = op->info.mode; 484 op_info->digestLength = op->info.digestLength; 485 op_info->maxKeySize = op->info.maxKeySize; 486 op_info->handleState = op->info.handleState; 487 op_info->operationState = op->operationState; 488 489 out: 490 if (res != TEE_SUCCESS && 491 res != TEE_ERROR_SHORT_BUFFER) 492 TEE_Panic(res); 493 494 return res; 495 } 496 497 void TEE_ResetOperation(TEE_OperationHandle operation) 498 { 499 TEE_Result res; 500 501 if (operation == TEE_HANDLE_NULL) 502 TEE_Panic(0); 503 504 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 505 TEE_Panic(0); 506 507 operation->operationState = TEE_OPERATION_STATE_INITIAL; 508 509 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 510 res = _utee_hash_init(operation->state, NULL, 0); 511 if (res != TEE_SUCCESS) 512 TEE_Panic(res); 513 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 514 } else { 515 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 516 } 517 } 518 519 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 520 TEE_ObjectHandle key) 521 { 522 TEE_Result res; 523 uint32_t key_size = 0; 524 TEE_ObjectInfo key_info; 525 526 if (operation == TEE_HANDLE_NULL) { 527 res = TEE_ERROR_BAD_PARAMETERS; 528 goto out; 529 } 530 531 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 532 res = TEE_ERROR_BAD_PARAMETERS; 533 goto out; 534 } 535 536 if (key == TEE_HANDLE_NULL) { 537 /* Operation key cleared */ 538 TEE_ResetTransientObject(operation->key1); 539 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 540 return TEE_SUCCESS; 541 } 542 543 /* No key for digest operation */ 544 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 545 res = TEE_ERROR_BAD_PARAMETERS; 546 goto out; 547 } 548 549 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 550 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 551 0) { 552 res = TEE_ERROR_BAD_PARAMETERS; 553 goto out; 554 } 555 556 res = TEE_GetObjectInfo1(key, &key_info); 557 /* Key is not a valid handle */ 558 if (res != TEE_SUCCESS) 559 goto out; 560 561 /* Supplied key has to meet required usage */ 562 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 563 operation->info.requiredKeyUsage) { 564 res = TEE_ERROR_BAD_PARAMETERS; 565 goto out; 566 } 567 568 if (operation->info.maxKeySize < key_info.keySize) { 569 res = TEE_ERROR_BAD_PARAMETERS; 570 goto out; 571 } 572 573 key_size = key_info.keySize; 574 575 TEE_ResetTransientObject(operation->key1); 576 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 577 578 res = TEE_CopyObjectAttributes1(operation->key1, key); 579 if (res != TEE_SUCCESS) 580 goto out; 581 582 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 583 584 operation->info.keySize = key_size; 585 586 out: 587 if (res != TEE_SUCCESS && 588 res != TEE_ERROR_CORRUPT_OBJECT && 589 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 590 TEE_Panic(res); 591 592 return res; 593 } 594 595 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 596 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 597 { 598 TEE_Result res; 599 uint32_t key_size = 0; 600 TEE_ObjectInfo key_info1; 601 TEE_ObjectInfo key_info2; 602 603 if (operation == TEE_HANDLE_NULL) { 604 res = TEE_ERROR_BAD_PARAMETERS; 605 goto out; 606 } 607 608 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 609 res = TEE_ERROR_BAD_PARAMETERS; 610 goto out; 611 } 612 613 /* 614 * Key1/Key2 and/or are not initialized and 615 * Either both keys are NULL or both are not NULL 616 */ 617 if (!key1 && !key2) { 618 /* Clear the keys */ 619 TEE_ResetTransientObject(operation->key1); 620 TEE_ResetTransientObject(operation->key2); 621 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 622 return TEE_SUCCESS; 623 } else if (!key1 || !key2) { 624 /* Both keys are obviously not valid. */ 625 res = TEE_ERROR_BAD_PARAMETERS; 626 goto out; 627 } 628 629 /* No key for digest operation */ 630 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 631 res = TEE_ERROR_BAD_PARAMETERS; 632 goto out; 633 } 634 635 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 636 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 637 0) { 638 res = TEE_ERROR_BAD_PARAMETERS; 639 goto out; 640 } 641 642 res = TEE_GetObjectInfo1(key1, &key_info1); 643 /* Key1 is not a valid handle */ 644 if (res != TEE_SUCCESS) 645 goto out; 646 647 /* Supplied key has to meet required usage */ 648 if ((key_info1.objectUsage & operation->info. 649 requiredKeyUsage) != operation->info.requiredKeyUsage) { 650 res = TEE_ERROR_BAD_PARAMETERS; 651 goto out; 652 } 653 654 res = TEE_GetObjectInfo1(key2, &key_info2); 655 /* Key2 is not a valid handle */ 656 if (res != TEE_SUCCESS) { 657 if (res == TEE_ERROR_CORRUPT_OBJECT) 658 res = TEE_ERROR_CORRUPT_OBJECT_2; 659 goto out; 660 } 661 662 /* Supplied key has to meet required usage */ 663 if ((key_info2.objectUsage & operation->info. 664 requiredKeyUsage) != operation->info.requiredKeyUsage) { 665 res = TEE_ERROR_BAD_PARAMETERS; 666 goto out; 667 } 668 669 /* 670 * All the multi key algorithm currently supported requires the keys to 671 * be of equal size. 672 */ 673 if (key_info1.keySize != key_info2.keySize) { 674 res = TEE_ERROR_BAD_PARAMETERS; 675 goto out; 676 677 } 678 679 if (operation->info.maxKeySize < key_info1.keySize) { 680 res = TEE_ERROR_BAD_PARAMETERS; 681 goto out; 682 } 683 684 /* 685 * Odd that only the size of one key should be reported while 686 * size of two key are used when allocating the operation. 687 */ 688 key_size = key_info1.keySize; 689 690 TEE_ResetTransientObject(operation->key1); 691 TEE_ResetTransientObject(operation->key2); 692 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 693 694 res = TEE_CopyObjectAttributes1(operation->key1, key1); 695 if (res != TEE_SUCCESS) 696 goto out; 697 res = TEE_CopyObjectAttributes1(operation->key2, key2); 698 if (res != TEE_SUCCESS) { 699 if (res == TEE_ERROR_CORRUPT_OBJECT) 700 res = TEE_ERROR_CORRUPT_OBJECT_2; 701 goto out; 702 } 703 704 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 705 706 operation->info.keySize = key_size; 707 708 out: 709 if (res != TEE_SUCCESS && 710 res != TEE_ERROR_CORRUPT_OBJECT && 711 res != TEE_ERROR_CORRUPT_OBJECT_2 && 712 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 713 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 714 TEE_Panic(res); 715 716 return res; 717 } 718 719 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 720 { 721 TEE_Result res; 722 723 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 724 TEE_Panic(0); 725 if (dst_op->info.algorithm != src_op->info.algorithm) 726 TEE_Panic(0); 727 if (dst_op->info.mode != src_op->info.mode) 728 TEE_Panic(0); 729 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 730 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 731 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 732 733 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 734 key1 = src_op->key1; 735 key2 = src_op->key2; 736 } 737 738 if ((src_op->info.handleState & 739 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 740 TEE_SetOperationKey(dst_op, key1); 741 } else { 742 TEE_SetOperationKey2(dst_op, key1, key2); 743 } 744 } 745 dst_op->info.handleState = src_op->info.handleState; 746 dst_op->info.keySize = src_op->info.keySize; 747 dst_op->info.digestLength = src_op->info.digestLength; 748 dst_op->operationState = src_op->operationState; 749 750 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 751 dst_op->block_size != src_op->block_size) 752 TEE_Panic(0); 753 754 if (dst_op->buffer != NULL) { 755 if (src_op->buffer == NULL) 756 TEE_Panic(0); 757 758 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 759 dst_op->buffer_offs = src_op->buffer_offs; 760 } else if (src_op->buffer != NULL) { 761 TEE_Panic(0); 762 } 763 764 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 765 if (res != TEE_SUCCESS) 766 TEE_Panic(res); 767 } 768 769 /* Cryptographic Operations API - Message Digest Functions */ 770 771 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 772 uint32_t IVLen) 773 { 774 TEE_Result res; 775 776 /* 777 * Note : IV and IVLen are never used in current implementation 778 * This is why coherent values of IV and IVLen are not checked 779 */ 780 res = _utee_hash_init(operation->state, IV, IVLen); 781 if (res != TEE_SUCCESS) 782 TEE_Panic(res); 783 operation->buffer_offs = 0; 784 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 785 } 786 787 void TEE_DigestUpdate(TEE_OperationHandle operation, 788 const void *chunk, uint32_t chunkSize) 789 { 790 TEE_Result res = TEE_ERROR_GENERIC; 791 792 if (operation == TEE_HANDLE_NULL || 793 operation->info.operationClass != TEE_OPERATION_DIGEST) 794 TEE_Panic(0); 795 796 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 797 798 res = _utee_hash_update(operation->state, chunk, chunkSize); 799 if (res != TEE_SUCCESS) 800 TEE_Panic(res); 801 } 802 803 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 804 uint32_t chunkLen, void *hash, uint32_t *hashLen) 805 { 806 TEE_Result res; 807 uint64_t hl; 808 809 if ((operation == TEE_HANDLE_NULL) || 810 (!chunk && chunkLen) || 811 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 812 res = TEE_ERROR_BAD_PARAMETERS; 813 goto out; 814 } 815 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 816 817 hl = *hashLen; 818 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 819 *hashLen = hl; 820 if (res != TEE_SUCCESS) 821 goto out; 822 823 /* Reset operation state */ 824 init_hash_operation(operation, NULL, 0); 825 826 operation->operationState = TEE_OPERATION_STATE_INITIAL; 827 828 out: 829 if (res != TEE_SUCCESS && 830 res != TEE_ERROR_SHORT_BUFFER) 831 TEE_Panic(res); 832 833 return res; 834 } 835 836 /* Cryptographic Operations API - Symmetric Cipher Functions */ 837 838 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 839 uint32_t IVLen) 840 { 841 TEE_Result res; 842 843 if (operation == TEE_HANDLE_NULL) 844 TEE_Panic(0); 845 846 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 847 TEE_Panic(0); 848 849 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 850 !(operation->key1)) 851 TEE_Panic(0); 852 853 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 854 TEE_ResetOperation(operation); 855 856 if (IV && IVLen) { 857 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 858 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 859 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 860 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 861 TEE_Panic(0); 862 } 863 864 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 865 866 res = _utee_cipher_init(operation->state, IV, IVLen); 867 if (res != TEE_SUCCESS) 868 TEE_Panic(res); 869 870 operation->buffer_offs = 0; 871 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 872 } 873 874 static TEE_Result tee_buffer_update( 875 TEE_OperationHandle op, 876 TEE_Result(*update_func)(unsigned long state, const void *src, 877 size_t slen, void *dst, uint64_t *dlen), 878 const void *src_data, size_t src_len, 879 void *dest_data, uint64_t *dest_len) 880 { 881 TEE_Result res; 882 const uint8_t *src = src_data; 883 size_t slen = src_len; 884 uint8_t *dst = dest_data; 885 size_t dlen = *dest_len; 886 size_t acc_dlen = 0; 887 uint64_t tmp_dlen; 888 size_t l; 889 size_t buffer_size; 890 size_t buffer_left; 891 892 if (!src) { 893 if (slen) 894 TEE_Panic(0); 895 goto out; 896 } 897 898 if (op->buffer_two_blocks) { 899 buffer_size = op->block_size * 2; 900 buffer_left = 1; 901 } else { 902 buffer_size = op->block_size; 903 buffer_left = 0; 904 } 905 906 if (op->buffer_offs > 0) { 907 /* Fill up complete block */ 908 if (op->buffer_offs < op->block_size) 909 l = MIN(slen, op->block_size - op->buffer_offs); 910 else 911 l = MIN(slen, buffer_size - op->buffer_offs); 912 memcpy(op->buffer + op->buffer_offs, src, l); 913 op->buffer_offs += l; 914 src += l; 915 slen -= l; 916 if ((op->buffer_offs % op->block_size) != 0) 917 goto out; /* Nothing left to do */ 918 } 919 920 /* If we can feed from buffer */ 921 if ((op->buffer_offs > 0) && 922 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 923 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 924 op->block_size); 925 l = MIN(op->buffer_offs, l); 926 tmp_dlen = dlen; 927 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 928 if (res != TEE_SUCCESS) 929 TEE_Panic(res); 930 dst += tmp_dlen; 931 dlen -= tmp_dlen; 932 acc_dlen += tmp_dlen; 933 op->buffer_offs -= l; 934 if (op->buffer_offs > 0) { 935 /* 936 * Slen is small enough to be contained in rest buffer. 937 */ 938 memcpy(op->buffer, op->buffer + l, buffer_size - l); 939 memcpy(op->buffer + op->buffer_offs, src, slen); 940 op->buffer_offs += slen; 941 goto out; /* Nothing left to do */ 942 } 943 } 944 945 if (slen >= (buffer_size + buffer_left)) { 946 /* Buffer is empty, feed as much as possible from src */ 947 if (op->info.algorithm == TEE_ALG_AES_CTS) 948 l = ROUNDUP(slen - buffer_size, op->block_size); 949 else 950 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 951 952 tmp_dlen = dlen; 953 res = update_func(op->state, src, l, dst, &tmp_dlen); 954 if (res != TEE_SUCCESS) 955 TEE_Panic(res); 956 src += l; 957 slen -= l; 958 dst += tmp_dlen; 959 dlen -= tmp_dlen; 960 acc_dlen += tmp_dlen; 961 } 962 963 /* Slen is small enough to be contained in buffer. */ 964 memcpy(op->buffer + op->buffer_offs, src, slen); 965 op->buffer_offs += slen; 966 967 out: 968 *dest_len = acc_dlen; 969 return TEE_SUCCESS; 970 } 971 972 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 973 uint32_t srcLen, void *destData, uint32_t *destLen) 974 { 975 TEE_Result res; 976 size_t req_dlen; 977 uint64_t dl; 978 979 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 980 res = TEE_ERROR_BAD_PARAMETERS; 981 goto out; 982 } 983 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 984 985 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 986 res = TEE_ERROR_BAD_PARAMETERS; 987 goto out; 988 } 989 990 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 991 res = TEE_ERROR_BAD_PARAMETERS; 992 goto out; 993 } 994 995 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 996 res = TEE_ERROR_BAD_PARAMETERS; 997 goto out; 998 } 999 1000 if (!srcData && !srcLen) { 1001 *destLen = 0; 1002 res = TEE_SUCCESS; 1003 goto out; 1004 } 1005 1006 /* Calculate required dlen */ 1007 if (operation->block_size > 1) { 1008 req_dlen = ((operation->buffer_offs + srcLen) / 1009 operation->block_size) * operation->block_size; 1010 } else { 1011 req_dlen = srcLen; 1012 } 1013 if (operation->buffer_two_blocks) { 1014 if (req_dlen > operation->block_size * 2) 1015 req_dlen -= operation->block_size * 2; 1016 else 1017 req_dlen = 0; 1018 } 1019 /* 1020 * Check that required destLen is big enough before starting to feed 1021 * data to the algorithm. Errors during feeding of data are fatal as we 1022 * can't restore sync with this API. 1023 */ 1024 if (*destLen < req_dlen) { 1025 *destLen = req_dlen; 1026 res = TEE_ERROR_SHORT_BUFFER; 1027 goto out; 1028 } 1029 1030 dl = *destLen; 1031 if (operation->block_size > 1) { 1032 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1033 srcLen, destData, &dl); 1034 } else { 1035 if (srcLen > 0) { 1036 res = _utee_cipher_update(operation->state, srcData, 1037 srcLen, destData, &dl); 1038 } else { 1039 res = TEE_SUCCESS; 1040 dl = 0; 1041 } 1042 } 1043 *destLen = dl; 1044 1045 out: 1046 if (res != TEE_SUCCESS && 1047 res != TEE_ERROR_SHORT_BUFFER) 1048 TEE_Panic(res); 1049 1050 return res; 1051 } 1052 1053 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1054 const void *srcData, uint32_t srcLen, 1055 void *destData, uint32_t *destLen) 1056 { 1057 TEE_Result res = TEE_SUCCESS; 1058 uint8_t *dst = destData; 1059 size_t acc_dlen = 0; 1060 uint64_t tmp_dlen = 0; 1061 size_t req_dlen = 0; 1062 1063 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1064 res = TEE_ERROR_BAD_PARAMETERS; 1065 goto out; 1066 } 1067 if (destLen) 1068 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1069 1070 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1071 res = TEE_ERROR_BAD_PARAMETERS; 1072 goto out; 1073 } 1074 1075 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1076 res = TEE_ERROR_BAD_PARAMETERS; 1077 goto out; 1078 } 1079 1080 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1081 res = TEE_ERROR_BAD_PARAMETERS; 1082 goto out; 1083 } 1084 1085 /* 1086 * Check that the final block doesn't require padding for those 1087 * algorithms that requires client to supply padding. 1088 */ 1089 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1090 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1091 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1092 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1093 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1094 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1095 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1096 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1097 if (((operation->buffer_offs + srcLen) % operation->block_size) 1098 != 0) { 1099 res = TEE_ERROR_BAD_PARAMETERS; 1100 goto out; 1101 } 1102 } 1103 1104 /* 1105 * Check that required destLen is big enough before starting to feed 1106 * data to the algorithm. Errors during feeding of data are fatal as we 1107 * can't restore sync with this API. 1108 */ 1109 if (operation->block_size > 1) { 1110 req_dlen = operation->buffer_offs + srcLen; 1111 } else { 1112 req_dlen = srcLen; 1113 } 1114 if (destLen) 1115 tmp_dlen = *destLen; 1116 if (tmp_dlen < req_dlen) { 1117 if (destLen) 1118 *destLen = req_dlen; 1119 res = TEE_ERROR_SHORT_BUFFER; 1120 goto out; 1121 } 1122 1123 if (operation->block_size > 1) { 1124 if (srcLen) { 1125 res = tee_buffer_update(operation, _utee_cipher_update, 1126 srcData, srcLen, dst, 1127 &tmp_dlen); 1128 if (res != TEE_SUCCESS) 1129 goto out; 1130 1131 dst += tmp_dlen; 1132 acc_dlen += tmp_dlen; 1133 1134 tmp_dlen = *destLen - acc_dlen; 1135 } 1136 res = _utee_cipher_final(operation->state, operation->buffer, 1137 operation->buffer_offs, dst, 1138 &tmp_dlen); 1139 } else { 1140 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1141 &tmp_dlen); 1142 } 1143 if (res != TEE_SUCCESS) 1144 goto out; 1145 1146 acc_dlen += tmp_dlen; 1147 if (destLen) 1148 *destLen = acc_dlen; 1149 1150 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1151 1152 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1153 1154 out: 1155 if (res != TEE_SUCCESS && 1156 res != TEE_ERROR_SHORT_BUFFER) 1157 TEE_Panic(res); 1158 1159 return res; 1160 } 1161 1162 /* Cryptographic Operations API - MAC Functions */ 1163 1164 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1165 { 1166 if (operation == TEE_HANDLE_NULL) 1167 TEE_Panic(0); 1168 1169 if (operation->info.operationClass != TEE_OPERATION_MAC) 1170 TEE_Panic(0); 1171 1172 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1173 !(operation->key1)) 1174 TEE_Panic(0); 1175 1176 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1177 TEE_ResetOperation(operation); 1178 1179 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1180 1181 init_hash_operation(operation, IV, IVLen); 1182 } 1183 1184 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1185 uint32_t chunkSize) 1186 { 1187 TEE_Result res; 1188 1189 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1190 TEE_Panic(0); 1191 1192 if (operation->info.operationClass != TEE_OPERATION_MAC) 1193 TEE_Panic(0); 1194 1195 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1196 TEE_Panic(0); 1197 1198 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1199 TEE_Panic(0); 1200 1201 res = _utee_hash_update(operation->state, chunk, chunkSize); 1202 if (res != TEE_SUCCESS) 1203 TEE_Panic(res); 1204 } 1205 1206 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1207 const void *message, uint32_t messageLen, 1208 void *mac, uint32_t *macLen) 1209 { 1210 TEE_Result res; 1211 uint64_t ml; 1212 1213 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1214 res = TEE_ERROR_BAD_PARAMETERS; 1215 goto out; 1216 } 1217 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1218 1219 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1220 res = TEE_ERROR_BAD_PARAMETERS; 1221 goto out; 1222 } 1223 1224 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1225 res = TEE_ERROR_BAD_PARAMETERS; 1226 goto out; 1227 } 1228 1229 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1230 res = TEE_ERROR_BAD_PARAMETERS; 1231 goto out; 1232 } 1233 1234 ml = *macLen; 1235 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1236 *macLen = ml; 1237 if (res != TEE_SUCCESS) 1238 goto out; 1239 1240 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1241 1242 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1243 1244 out: 1245 if (res != TEE_SUCCESS && 1246 res != TEE_ERROR_SHORT_BUFFER) 1247 TEE_Panic(res); 1248 1249 return res; 1250 } 1251 1252 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1253 const void *message, uint32_t messageLen, 1254 const void *mac, uint32_t macLen) 1255 { 1256 TEE_Result res; 1257 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1258 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1259 1260 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1261 res = TEE_ERROR_BAD_PARAMETERS; 1262 goto out; 1263 } 1264 1265 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1266 res = TEE_ERROR_BAD_PARAMETERS; 1267 goto out; 1268 } 1269 1270 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1271 res = TEE_ERROR_BAD_PARAMETERS; 1272 goto out; 1273 } 1274 1275 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1276 &computed_mac_size); 1277 if (res != TEE_SUCCESS) 1278 goto out; 1279 1280 if (computed_mac_size != macLen) { 1281 res = TEE_ERROR_MAC_INVALID; 1282 goto out; 1283 } 1284 1285 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1286 res = TEE_ERROR_MAC_INVALID; 1287 goto out; 1288 } 1289 1290 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1291 1292 out: 1293 if (res != TEE_SUCCESS && 1294 res != TEE_ERROR_MAC_INVALID) 1295 TEE_Panic(res); 1296 1297 return res; 1298 } 1299 1300 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1301 1302 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1303 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1304 uint32_t payloadLen) 1305 { 1306 TEE_Result res; 1307 1308 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1309 res = TEE_ERROR_BAD_PARAMETERS; 1310 goto out; 1311 } 1312 1313 if (operation->info.operationClass != TEE_OPERATION_AE) { 1314 res = TEE_ERROR_BAD_PARAMETERS; 1315 goto out; 1316 } 1317 1318 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1319 res = TEE_ERROR_BAD_PARAMETERS; 1320 goto out; 1321 } 1322 1323 /* 1324 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1325 * in the implementation. But AES-GCM spec doesn't specify the tag len 1326 * according to the same principle so we have to check here instead to 1327 * be GP compliant. 1328 */ 1329 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1330 /* 1331 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1332 */ 1333 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1334 res = TEE_ERROR_NOT_SUPPORTED; 1335 goto out; 1336 } 1337 } 1338 1339 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1340 AADLen, payloadLen); 1341 if (res != TEE_SUCCESS) 1342 goto out; 1343 1344 operation->info.digestLength = tagLen / 8; 1345 operation->buffer_offs = 0; 1346 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1347 1348 out: 1349 if (res != TEE_SUCCESS && 1350 res != TEE_ERROR_NOT_SUPPORTED) 1351 TEE_Panic(res); 1352 1353 return res; 1354 } 1355 1356 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1357 uint32_t AADdataLen) 1358 { 1359 TEE_Result res; 1360 1361 if (operation == TEE_HANDLE_NULL || 1362 (AADdata == NULL && AADdataLen != 0)) 1363 TEE_Panic(0); 1364 1365 if (operation->info.operationClass != TEE_OPERATION_AE) 1366 TEE_Panic(0); 1367 1368 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1369 TEE_Panic(0); 1370 1371 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1372 1373 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1374 1375 if (res != TEE_SUCCESS) 1376 TEE_Panic(res); 1377 } 1378 1379 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1380 uint32_t srcLen, void *destData, uint32_t *destLen) 1381 { 1382 TEE_Result res = TEE_SUCCESS; 1383 size_t req_dlen = 0; 1384 uint64_t dl = 0; 1385 1386 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1387 res = TEE_ERROR_BAD_PARAMETERS; 1388 goto out; 1389 } 1390 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1391 1392 if (operation->info.operationClass != TEE_OPERATION_AE) { 1393 res = TEE_ERROR_BAD_PARAMETERS; 1394 goto out; 1395 } 1396 1397 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1398 res = TEE_ERROR_BAD_PARAMETERS; 1399 goto out; 1400 } 1401 1402 if (!srcData && !srcLen) { 1403 *destLen = 0; 1404 res = TEE_SUCCESS; 1405 goto out; 1406 } 1407 1408 /* 1409 * Check that required destLen is big enough before starting to feed 1410 * data to the algorithm. Errors during feeding of data are fatal as we 1411 * can't restore sync with this API. 1412 */ 1413 if (operation->block_size > 1) { 1414 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1415 operation->block_size); 1416 } else { 1417 req_dlen = srcLen; 1418 } 1419 1420 dl = *destLen; 1421 if (dl < req_dlen) { 1422 *destLen = req_dlen; 1423 res = TEE_ERROR_SHORT_BUFFER; 1424 goto out; 1425 } 1426 1427 if (operation->block_size > 1) { 1428 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1429 srcData, srcLen, destData, &dl); 1430 } else { 1431 if (srcLen > 0) { 1432 res = _utee_authenc_update_payload(operation->state, 1433 srcData, srcLen, 1434 destData, &dl); 1435 } else { 1436 dl = 0; 1437 res = TEE_SUCCESS; 1438 } 1439 } 1440 if (res != TEE_SUCCESS) 1441 goto out; 1442 1443 *destLen = dl; 1444 1445 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1446 1447 out: 1448 if (res != TEE_SUCCESS && 1449 res != TEE_ERROR_SHORT_BUFFER) 1450 TEE_Panic(res); 1451 1452 return res; 1453 } 1454 1455 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1456 const void *srcData, uint32_t srcLen, 1457 void *destData, uint32_t *destLen, void *tag, 1458 uint32_t *tagLen) 1459 { 1460 TEE_Result res; 1461 uint8_t *dst = destData; 1462 size_t acc_dlen = 0; 1463 uint64_t tmp_dlen; 1464 size_t req_dlen; 1465 uint64_t tl; 1466 1467 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1468 res = TEE_ERROR_BAD_PARAMETERS; 1469 goto out; 1470 } 1471 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1472 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1473 1474 if (operation->info.operationClass != TEE_OPERATION_AE) { 1475 res = TEE_ERROR_BAD_PARAMETERS; 1476 goto out; 1477 } 1478 1479 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1480 res = TEE_ERROR_BAD_PARAMETERS; 1481 goto out; 1482 } 1483 1484 /* 1485 * Check that required destLen is big enough before starting to feed 1486 * data to the algorithm. Errors during feeding of data are fatal as we 1487 * can't restore sync with this API. 1488 * 1489 * Need to check this before update_payload since sync would be lost if 1490 * we return short buffer after that. 1491 */ 1492 res = TEE_ERROR_GENERIC; 1493 1494 req_dlen = operation->buffer_offs + srcLen; 1495 if (*destLen < req_dlen) { 1496 *destLen = req_dlen; 1497 res = TEE_ERROR_SHORT_BUFFER; 1498 } 1499 1500 if (*tagLen < operation->info.digestLength) { 1501 *tagLen = operation->info.digestLength; 1502 res = TEE_ERROR_SHORT_BUFFER; 1503 } 1504 1505 if (res == TEE_ERROR_SHORT_BUFFER) 1506 goto out; 1507 1508 tl = *tagLen; 1509 tmp_dlen = *destLen - acc_dlen; 1510 if (operation->block_size > 1) { 1511 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1512 srcData, srcLen, dst, &tmp_dlen); 1513 if (res != TEE_SUCCESS) 1514 goto out; 1515 1516 dst += tmp_dlen; 1517 acc_dlen += tmp_dlen; 1518 1519 tmp_dlen = *destLen - acc_dlen; 1520 res = _utee_authenc_enc_final(operation->state, 1521 operation->buffer, 1522 operation->buffer_offs, dst, 1523 &tmp_dlen, tag, &tl); 1524 } else { 1525 res = _utee_authenc_enc_final(operation->state, srcData, 1526 srcLen, dst, &tmp_dlen, 1527 tag, &tl); 1528 } 1529 *tagLen = tl; 1530 if (res != TEE_SUCCESS) 1531 goto out; 1532 1533 acc_dlen += tmp_dlen; 1534 *destLen = acc_dlen; 1535 1536 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1537 1538 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1539 1540 out: 1541 if (res != TEE_SUCCESS && 1542 res != TEE_ERROR_SHORT_BUFFER) 1543 TEE_Panic(res); 1544 1545 return res; 1546 } 1547 1548 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1549 const void *srcData, uint32_t srcLen, 1550 void *destData, uint32_t *destLen, void *tag, 1551 uint32_t tagLen) 1552 { 1553 TEE_Result res; 1554 uint8_t *dst = destData; 1555 size_t acc_dlen = 0; 1556 uint64_t tmp_dlen; 1557 size_t req_dlen; 1558 1559 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1560 res = TEE_ERROR_BAD_PARAMETERS; 1561 goto out; 1562 } 1563 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1564 1565 if (operation->info.operationClass != TEE_OPERATION_AE) { 1566 res = TEE_ERROR_BAD_PARAMETERS; 1567 goto out; 1568 } 1569 1570 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1571 res = TEE_ERROR_BAD_PARAMETERS; 1572 goto out; 1573 } 1574 1575 /* 1576 * Check that required destLen is big enough before starting to feed 1577 * data to the algorithm. Errors during feeding of data are fatal as we 1578 * can't restore sync with this API. 1579 */ 1580 req_dlen = operation->buffer_offs + srcLen; 1581 if (*destLen < req_dlen) { 1582 *destLen = req_dlen; 1583 res = TEE_ERROR_SHORT_BUFFER; 1584 goto out; 1585 } 1586 1587 tmp_dlen = *destLen - acc_dlen; 1588 if (operation->block_size > 1) { 1589 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1590 srcData, srcLen, dst, &tmp_dlen); 1591 if (res != TEE_SUCCESS) 1592 goto out; 1593 1594 dst += tmp_dlen; 1595 acc_dlen += tmp_dlen; 1596 1597 tmp_dlen = *destLen - acc_dlen; 1598 res = _utee_authenc_dec_final(operation->state, 1599 operation->buffer, 1600 operation->buffer_offs, dst, 1601 &tmp_dlen, tag, tagLen); 1602 } else { 1603 res = _utee_authenc_dec_final(operation->state, srcData, 1604 srcLen, dst, &tmp_dlen, 1605 tag, tagLen); 1606 } 1607 if (res != TEE_SUCCESS) 1608 goto out; 1609 1610 /* Supplied tagLen should match what we initiated with */ 1611 if (tagLen != operation->info.digestLength) 1612 res = TEE_ERROR_MAC_INVALID; 1613 1614 acc_dlen += tmp_dlen; 1615 *destLen = acc_dlen; 1616 1617 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1618 1619 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1620 1621 out: 1622 if (res != TEE_SUCCESS && 1623 res != TEE_ERROR_SHORT_BUFFER && 1624 res != TEE_ERROR_MAC_INVALID) 1625 TEE_Panic(res); 1626 1627 return res; 1628 } 1629 1630 /* Cryptographic Operations API - Asymmetric Functions */ 1631 1632 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1633 const TEE_Attribute *params, 1634 uint32_t paramCount, const void *srcData, 1635 uint32_t srcLen, void *destData, 1636 uint32_t *destLen) 1637 { 1638 TEE_Result res = TEE_SUCCESS; 1639 struct utee_attribute ua[paramCount]; 1640 uint64_t dl = 0; 1641 1642 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1643 TEE_Panic(0); 1644 1645 __utee_check_attr_in_annotation(params, paramCount); 1646 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1647 1648 if (!operation->key1) 1649 TEE_Panic(0); 1650 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1651 TEE_Panic(0); 1652 if (operation->info.mode != TEE_MODE_ENCRYPT) 1653 TEE_Panic(0); 1654 1655 __utee_from_attr(ua, params, paramCount); 1656 dl = *destLen; 1657 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1658 srcLen, destData, &dl); 1659 *destLen = dl; 1660 1661 if (res != TEE_SUCCESS && 1662 res != TEE_ERROR_SHORT_BUFFER && 1663 res != TEE_ERROR_BAD_PARAMETERS) 1664 TEE_Panic(res); 1665 1666 return res; 1667 } 1668 1669 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1670 const TEE_Attribute *params, 1671 uint32_t paramCount, const void *srcData, 1672 uint32_t srcLen, void *destData, 1673 uint32_t *destLen) 1674 { 1675 TEE_Result res = TEE_SUCCESS; 1676 struct utee_attribute ua[paramCount]; 1677 uint64_t dl = 0; 1678 1679 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1680 TEE_Panic(0); 1681 1682 __utee_check_attr_in_annotation(params, paramCount); 1683 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1684 1685 if (!operation->key1) 1686 TEE_Panic(0); 1687 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1688 TEE_Panic(0); 1689 if (operation->info.mode != TEE_MODE_DECRYPT) 1690 TEE_Panic(0); 1691 1692 __utee_from_attr(ua, params, paramCount); 1693 dl = *destLen; 1694 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1695 srcLen, destData, &dl); 1696 *destLen = dl; 1697 1698 if (res != TEE_SUCCESS && 1699 res != TEE_ERROR_SHORT_BUFFER && 1700 res != TEE_ERROR_BAD_PARAMETERS) 1701 TEE_Panic(res); 1702 1703 return res; 1704 } 1705 1706 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1707 const TEE_Attribute *params, 1708 uint32_t paramCount, const void *digest, 1709 uint32_t digestLen, void *signature, 1710 uint32_t *signatureLen) 1711 { 1712 TEE_Result res = TEE_SUCCESS; 1713 struct utee_attribute ua[paramCount]; 1714 uint64_t sl = 0; 1715 1716 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1717 TEE_Panic(0); 1718 1719 __utee_check_attr_in_annotation(params, paramCount); 1720 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1721 1722 if (!operation->key1) 1723 TEE_Panic(0); 1724 if (operation->info.operationClass != 1725 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1726 TEE_Panic(0); 1727 if (operation->info.mode != TEE_MODE_SIGN) 1728 TEE_Panic(0); 1729 1730 __utee_from_attr(ua, params, paramCount); 1731 sl = *signatureLen; 1732 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1733 digestLen, signature, &sl); 1734 *signatureLen = sl; 1735 1736 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1737 TEE_Panic(res); 1738 1739 return res; 1740 } 1741 1742 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1743 const TEE_Attribute *params, 1744 uint32_t paramCount, const void *digest, 1745 uint32_t digestLen, 1746 const void *signature, 1747 uint32_t signatureLen) 1748 { 1749 TEE_Result res; 1750 struct utee_attribute ua[paramCount]; 1751 1752 if (operation == TEE_HANDLE_NULL || 1753 (digest == NULL && digestLen != 0) || 1754 (signature == NULL && signatureLen != 0)) 1755 TEE_Panic(0); 1756 1757 __utee_check_attr_in_annotation(params, paramCount); 1758 1759 if (!operation->key1) 1760 TEE_Panic(0); 1761 if (operation->info.operationClass != 1762 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1763 TEE_Panic(0); 1764 if (operation->info.mode != TEE_MODE_VERIFY) 1765 TEE_Panic(0); 1766 1767 __utee_from_attr(ua, params, paramCount); 1768 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1769 digestLen, signature, signatureLen); 1770 1771 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1772 TEE_Panic(res); 1773 1774 return res; 1775 } 1776 1777 /* Cryptographic Operations API - Key Derivation Functions */ 1778 1779 void TEE_DeriveKey(TEE_OperationHandle operation, 1780 const TEE_Attribute *params, uint32_t paramCount, 1781 TEE_ObjectHandle derivedKey) 1782 { 1783 TEE_Result res; 1784 TEE_ObjectInfo key_info; 1785 struct utee_attribute ua[paramCount]; 1786 1787 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1788 TEE_Panic(0); 1789 1790 __utee_check_attr_in_annotation(params, paramCount); 1791 1792 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1793 TEE_OPERATION_KEY_DERIVATION) 1794 TEE_Panic(0); 1795 1796 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1797 TEE_Panic(0); 1798 if (!operation->key1) 1799 TEE_Panic(0); 1800 if (operation->info.mode != TEE_MODE_DERIVE) 1801 TEE_Panic(0); 1802 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1803 TEE_Panic(0); 1804 1805 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1806 if (res != TEE_SUCCESS) 1807 TEE_Panic(res); 1808 1809 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1810 TEE_Panic(0); 1811 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1812 TEE_Panic(0); 1813 1814 __utee_from_attr(ua, params, paramCount); 1815 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1816 (unsigned long)derivedKey); 1817 if (res != TEE_SUCCESS) 1818 TEE_Panic(res); 1819 } 1820 1821 /* Cryptographic Operations API - Random Number Generation Functions */ 1822 1823 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1824 { 1825 TEE_Result res; 1826 1827 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1828 if (res != TEE_SUCCESS) 1829 TEE_Panic(res); 1830 } 1831 1832 int rand(void) 1833 { 1834 int rc; 1835 1836 TEE_GenerateRandom(&rc, sizeof(rc)); 1837 1838 /* 1839 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1840 * highest bit set. 1841 */ 1842 return rc & RAND_MAX; 1843 } 1844 1845 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1846 { 1847 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1848 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1849 if (alg == TEE_ALG_AES_ECB_NOPAD) 1850 goto check_element_none; 1851 } 1852 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1853 if (alg == TEE_ALG_AES_CBC_NOPAD) 1854 goto check_element_none; 1855 } 1856 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1857 if (alg == TEE_ALG_AES_CTR) 1858 goto check_element_none; 1859 } 1860 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1861 if (alg == TEE_ALG_AES_CTS) 1862 goto check_element_none; 1863 } 1864 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1865 if (alg == TEE_ALG_AES_XTS) 1866 goto check_element_none; 1867 } 1868 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1869 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1870 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1871 goto check_element_none; 1872 } 1873 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1874 if (alg == TEE_ALG_AES_CMAC) 1875 goto check_element_none; 1876 } 1877 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1878 if (alg == TEE_ALG_AES_CCM) 1879 goto check_element_none; 1880 } 1881 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1882 if (alg == TEE_ALG_AES_GCM) 1883 goto check_element_none; 1884 } 1885 } 1886 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1887 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1888 if (alg == TEE_ALG_DES_ECB_NOPAD || 1889 alg == TEE_ALG_DES3_ECB_NOPAD) 1890 goto check_element_none; 1891 } 1892 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1893 if (alg == TEE_ALG_DES_CBC_NOPAD || 1894 alg == TEE_ALG_DES3_CBC_NOPAD) 1895 goto check_element_none; 1896 } 1897 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1898 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1899 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1900 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1901 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1902 goto check_element_none; 1903 } 1904 } 1905 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1906 if (alg == TEE_ALG_MD5) 1907 goto check_element_none; 1908 } 1909 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1910 if (alg == TEE_ALG_SHA1) 1911 goto check_element_none; 1912 } 1913 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1914 if (alg == TEE_ALG_SHA224) 1915 goto check_element_none; 1916 } 1917 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1918 if (alg == TEE_ALG_SHA256) 1919 goto check_element_none; 1920 } 1921 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1922 if (alg == TEE_ALG_SHA384) 1923 goto check_element_none; 1924 } 1925 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1926 if (alg == TEE_ALG_SHA512) 1927 goto check_element_none; 1928 } 1929 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1930 if (alg == TEE_ALG_MD5SHA1) 1931 goto check_element_none; 1932 } 1933 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1934 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1935 if (alg == TEE_ALG_HMAC_MD5) 1936 goto check_element_none; 1937 } 1938 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1939 if (alg == TEE_ALG_HMAC_SHA1) 1940 goto check_element_none; 1941 } 1942 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1943 if (alg == TEE_ALG_HMAC_SHA224) 1944 goto check_element_none; 1945 } 1946 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1947 if (alg == TEE_ALG_HMAC_SHA256) 1948 goto check_element_none; 1949 } 1950 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1951 if (alg == TEE_ALG_HMAC_SHA384) 1952 goto check_element_none; 1953 } 1954 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1955 if (alg == TEE_ALG_HMAC_SHA512) 1956 goto check_element_none; 1957 } 1958 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1959 if (alg == TEE_ALG_HMAC_SM3) 1960 goto check_element_none; 1961 } 1962 } 1963 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1964 if (alg == TEE_ALG_SM3) 1965 goto check_element_none; 1966 } 1967 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1968 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1969 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1970 goto check_element_none; 1971 } 1972 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1973 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1974 goto check_element_none; 1975 } 1976 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1977 if (alg == TEE_ALG_SM4_CTR) 1978 goto check_element_none; 1979 } 1980 } 1981 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1982 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1983 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1984 goto check_element_none; 1985 } 1986 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1987 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1988 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1989 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1990 goto check_element_none; 1991 } 1992 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1993 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 1994 goto check_element_none; 1995 } 1996 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1997 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 1998 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 1999 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2000 goto check_element_none; 2001 } 2002 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2003 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2004 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2005 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2006 goto check_element_none; 2007 } 2008 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2009 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2010 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2011 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2012 goto check_element_none; 2013 } 2014 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2015 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2016 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2017 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2018 goto check_element_none; 2019 } 2020 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2021 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2022 goto check_element_none; 2023 } 2024 if (alg == TEE_ALG_RSA_NOPAD) 2025 goto check_element_none; 2026 } 2027 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2028 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2029 if (alg == TEE_ALG_DSA_SHA1) 2030 goto check_element_none; 2031 } 2032 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2033 if (alg == TEE_ALG_DSA_SHA224) 2034 goto check_element_none; 2035 } 2036 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2037 if (alg == TEE_ALG_DSA_SHA256) 2038 goto check_element_none; 2039 } 2040 } 2041 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2042 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2043 goto check_element_none; 2044 } 2045 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2046 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2047 element == TEE_ECC_CURVE_NIST_P192) 2048 return TEE_SUCCESS; 2049 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2050 element == TEE_ECC_CURVE_NIST_P224) 2051 return TEE_SUCCESS; 2052 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2053 element == TEE_ECC_CURVE_NIST_P256) 2054 return TEE_SUCCESS; 2055 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2056 element == TEE_ECC_CURVE_NIST_P384) 2057 return TEE_SUCCESS; 2058 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2059 element == TEE_ECC_CURVE_NIST_P521) 2060 return TEE_SUCCESS; 2061 } 2062 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2063 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2064 return TEE_SUCCESS; 2065 } 2066 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2067 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2068 return TEE_SUCCESS; 2069 } 2070 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2071 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2072 return TEE_SUCCESS; 2073 } 2074 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2075 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2076 return TEE_SUCCESS; 2077 } 2078 2079 return TEE_ERROR_NOT_SUPPORTED; 2080 check_element_none: 2081 if (element == TEE_CRYPTO_ELEMENT_NONE) 2082 return TEE_SUCCESS; 2083 return TEE_ERROR_NOT_SUPPORTED; 2084 } 2085