1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 #include <string_ext.h> 30 31 #include <tee_api.h> 32 #include <tee_api_defines_extensions.h> 33 #include <tee_internal_api_extensions.h> 34 #include <utee_syscalls.h> 35 #include <utee_defines.h> 36 #include <util.h> 37 38 struct __TEE_OperationHandle { 39 TEE_OperationInfo info; 40 TEE_ObjectHandle key1; 41 TEE_ObjectHandle key2; 42 uint32_t operationState; 43 uint8_t *buffer; /* buffer to collect complete blocks */ 44 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 45 size_t block_size; /* Block size of cipher */ 46 size_t buffer_offs; /* Offset in buffer */ 47 uint32_t state; /* Handle to state in TEE Core */ 48 uint32_t ae_tag_len; /* 49 * tag_len in bytes for AE operation else unused 50 */ 51 }; 52 53 /* Cryptographic Operations API - Generic Operation Functions */ 54 55 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 56 uint32_t algorithm, uint32_t mode, 57 uint32_t maxKeySize) 58 { 59 TEE_Result res; 60 TEE_OperationHandle op = TEE_HANDLE_NULL; 61 uint32_t handle_state = 0; 62 size_t block_size = 1; 63 uint32_t req_key_usage; 64 bool with_private_key = false; 65 bool buffer_two_blocks = false; 66 67 if (!operation) 68 TEE_Panic(0); 69 70 if (algorithm == TEE_ALG_AES_XTS) 71 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 72 73 /* Check algorithm max key size */ 74 switch (algorithm) { 75 case TEE_ALG_DSA_SHA1: 76 if (maxKeySize < 512) 77 return TEE_ERROR_NOT_SUPPORTED; 78 if (maxKeySize > 1024) 79 return TEE_ERROR_NOT_SUPPORTED; 80 if (maxKeySize % 64 != 0) 81 return TEE_ERROR_NOT_SUPPORTED; 82 break; 83 84 case TEE_ALG_DSA_SHA224: 85 if (maxKeySize != 2048) 86 return TEE_ERROR_NOT_SUPPORTED; 87 break; 88 89 case TEE_ALG_DSA_SHA256: 90 if (maxKeySize != 2048 && maxKeySize != 3072) 91 return TEE_ERROR_NOT_SUPPORTED; 92 break; 93 94 case TEE_ALG_ECDSA_P192: 95 case TEE_ALG_ECDH_P192: 96 if (maxKeySize != 192) 97 return TEE_ERROR_NOT_SUPPORTED; 98 break; 99 100 case TEE_ALG_ECDSA_P224: 101 case TEE_ALG_ECDH_P224: 102 if (maxKeySize != 224) 103 return TEE_ERROR_NOT_SUPPORTED; 104 break; 105 106 case TEE_ALG_ECDSA_P256: 107 case TEE_ALG_ECDH_P256: 108 if (maxKeySize != 256) 109 return TEE_ERROR_NOT_SUPPORTED; 110 break; 111 112 case TEE_ALG_ECDSA_P384: 113 case TEE_ALG_ECDH_P384: 114 if (maxKeySize != 384) 115 return TEE_ERROR_NOT_SUPPORTED; 116 break; 117 118 case TEE_ALG_ECDSA_P521: 119 case TEE_ALG_ECDH_P521: 120 if (maxKeySize != 521) 121 return TEE_ERROR_NOT_SUPPORTED; 122 break; 123 124 default: 125 break; 126 } 127 128 /* Check algorithm mode */ 129 switch (algorithm) { 130 case TEE_ALG_AES_CTS: 131 case TEE_ALG_AES_XTS: 132 buffer_two_blocks = true; 133 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 134 case TEE_ALG_AES_CBC_NOPAD: 135 case TEE_ALG_AES_CTR: 136 case TEE_ALG_AES_CCM: 137 case TEE_ALG_AES_GCM: 138 case TEE_ALG_DES_ECB_NOPAD: 139 case TEE_ALG_DES_CBC_NOPAD: 140 case TEE_ALG_DES3_ECB_NOPAD: 141 case TEE_ALG_DES3_CBC_NOPAD: 142 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 143 block_size = TEE_AES_BLOCK_SIZE; 144 else 145 block_size = TEE_DES_BLOCK_SIZE; 146 147 if (mode == TEE_MODE_ENCRYPT) 148 req_key_usage = TEE_USAGE_ENCRYPT; 149 else if (mode == TEE_MODE_DECRYPT) 150 req_key_usage = TEE_USAGE_DECRYPT; 151 else 152 return TEE_ERROR_NOT_SUPPORTED; 153 break; 154 155 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 160 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 165 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 166 case TEE_ALG_DSA_SHA1: 167 case TEE_ALG_DSA_SHA224: 168 case TEE_ALG_DSA_SHA256: 169 case TEE_ALG_ECDSA_P192: 170 case TEE_ALG_ECDSA_P224: 171 case TEE_ALG_ECDSA_P256: 172 case TEE_ALG_ECDSA_P384: 173 case TEE_ALG_ECDSA_P521: 174 if (mode == TEE_MODE_SIGN) { 175 with_private_key = true; 176 req_key_usage = TEE_USAGE_SIGN; 177 } else if (mode == TEE_MODE_VERIFY) { 178 req_key_usage = TEE_USAGE_VERIFY; 179 } else { 180 return TEE_ERROR_NOT_SUPPORTED; 181 } 182 break; 183 184 case TEE_ALG_RSAES_PKCS1_V1_5: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 189 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 190 if (mode == TEE_MODE_ENCRYPT) { 191 req_key_usage = TEE_USAGE_ENCRYPT; 192 } else if (mode == TEE_MODE_DECRYPT) { 193 with_private_key = true; 194 req_key_usage = TEE_USAGE_DECRYPT; 195 } else { 196 return TEE_ERROR_NOT_SUPPORTED; 197 } 198 break; 199 200 case TEE_ALG_RSA_NOPAD: 201 if (mode == TEE_MODE_ENCRYPT) { 202 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 203 } else if (mode == TEE_MODE_DECRYPT) { 204 with_private_key = true; 205 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 206 } else { 207 return TEE_ERROR_NOT_SUPPORTED; 208 } 209 break; 210 211 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 212 case TEE_ALG_ECDH_P192: 213 case TEE_ALG_ECDH_P224: 214 case TEE_ALG_ECDH_P256: 215 case TEE_ALG_ECDH_P384: 216 case TEE_ALG_ECDH_P521: 217 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 222 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 227 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 228 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 229 if (mode != TEE_MODE_DERIVE) 230 return TEE_ERROR_NOT_SUPPORTED; 231 with_private_key = true; 232 req_key_usage = TEE_USAGE_DERIVE; 233 break; 234 235 case TEE_ALG_MD5: 236 case TEE_ALG_SHA1: 237 case TEE_ALG_SHA224: 238 case TEE_ALG_SHA256: 239 case TEE_ALG_SHA384: 240 case TEE_ALG_SHA512: 241 if (mode != TEE_MODE_DIGEST) 242 return TEE_ERROR_NOT_SUPPORTED; 243 /* v1.1: flags always set for digest operations */ 244 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 245 req_key_usage = 0; 246 break; 247 248 case TEE_ALG_DES_CBC_MAC_NOPAD: 249 case TEE_ALG_AES_CBC_MAC_NOPAD: 250 case TEE_ALG_AES_CBC_MAC_PKCS5: 251 case TEE_ALG_AES_CMAC: 252 case TEE_ALG_DES_CBC_MAC_PKCS5: 253 case TEE_ALG_DES3_CBC_MAC_NOPAD: 254 case TEE_ALG_DES3_CBC_MAC_PKCS5: 255 case TEE_ALG_HMAC_MD5: 256 case TEE_ALG_HMAC_SHA1: 257 case TEE_ALG_HMAC_SHA224: 258 case TEE_ALG_HMAC_SHA256: 259 case TEE_ALG_HMAC_SHA384: 260 case TEE_ALG_HMAC_SHA512: 261 if (mode != TEE_MODE_MAC) 262 return TEE_ERROR_NOT_SUPPORTED; 263 req_key_usage = TEE_USAGE_MAC; 264 break; 265 266 default: 267 return TEE_ERROR_NOT_SUPPORTED; 268 } 269 270 op = TEE_Malloc(sizeof(*op), 0); 271 if (!op) 272 return TEE_ERROR_OUT_OF_MEMORY; 273 274 op->info.algorithm = algorithm; 275 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 276 op->info.mode = mode; 277 op->info.maxKeySize = maxKeySize; 278 op->info.requiredKeyUsage = req_key_usage; 279 op->info.handleState = handle_state; 280 281 if (block_size > 1) { 282 size_t buffer_size = block_size; 283 284 if (buffer_two_blocks) 285 buffer_size *= 2; 286 287 op->buffer = TEE_Malloc(buffer_size, 288 TEE_USER_MEM_HINT_NO_FILL_ZERO); 289 if (op->buffer == NULL) { 290 res = TEE_ERROR_OUT_OF_MEMORY; 291 goto err0; 292 } 293 } 294 op->block_size = block_size; 295 op->buffer_two_blocks = buffer_two_blocks; 296 297 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 298 uint32_t mks = maxKeySize; 299 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 300 with_private_key); 301 302 /* 303 * If two keys are expected the max key size is the sum of 304 * the size of both keys. 305 */ 306 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 307 mks /= 2; 308 309 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 310 if (res != TEE_SUCCESS) 311 goto err1; 312 313 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 314 res = TEE_AllocateTransientObject(key_type, mks, 315 &op->key2); 316 if (res != TEE_SUCCESS) 317 goto err2; 318 } 319 } 320 321 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 322 (uint32_t) op->key2, &op->state); 323 if (res != TEE_SUCCESS) { 324 if ((op->info.handleState & 325 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 0) 326 goto err2; 327 goto err1; 328 } 329 330 /* 331 * Initialize digest operations 332 * Other multi-stage operations initialized w/ TEE_xxxInit functions 333 * Non-applicable on asymmetric operations 334 */ 335 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 336 res = utee_hash_init(op->state, NULL, 0); 337 if (res != TEE_SUCCESS) 338 goto err0; 339 /* v1.1: flags always set for digest operations */ 340 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 341 } 342 343 *operation = op; 344 goto out; 345 346 err2: 347 TEE_FreeTransientObject(op->key2); 348 err1: 349 TEE_FreeTransientObject(op->key1); 350 err0: 351 TEE_FreeOperation(op); 352 353 if (res != TEE_SUCCESS && 354 res != TEE_ERROR_OUT_OF_MEMORY && 355 res != TEE_ERROR_NOT_SUPPORTED) 356 TEE_Panic(0); 357 out: 358 return res; 359 } 360 361 void TEE_FreeOperation(TEE_OperationHandle operation) 362 { 363 TEE_Result res; 364 365 if (operation == TEE_HANDLE_NULL) 366 TEE_Panic(0); 367 368 /* 369 * Note that keys should not be freed here, since they are 370 * claimed by the operation they will be freed by 371 * utee_cryp_state_free(). 372 */ 373 res = utee_cryp_state_free(operation->state); 374 if (res != TEE_SUCCESS) 375 TEE_Panic(0); 376 377 TEE_Free(operation->buffer); 378 TEE_Free(operation); 379 } 380 381 void TEE_GetOperationInfo(TEE_OperationHandle operation, 382 TEE_OperationInfo *operationInfo) 383 { 384 if (operation == TEE_HANDLE_NULL) 385 TEE_Panic(0); 386 387 if (!operationInfo) 388 TEE_Panic(0); 389 390 *operationInfo = operation->info; 391 } 392 393 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 394 TEE_OperationInfoMultiple *operationInfoMultiple, 395 uint32_t *operationSize) 396 { 397 TEE_Result res = TEE_SUCCESS; 398 TEE_ObjectInfo key_info1; 399 TEE_ObjectInfo key_info2; 400 uint32_t num_of_keys; 401 size_t n; 402 403 if (operation == TEE_HANDLE_NULL) { 404 res = TEE_ERROR_BAD_PARAMETERS; 405 goto out; 406 } 407 408 if (!operationInfoMultiple) { 409 res = TEE_ERROR_BAD_PARAMETERS; 410 goto out; 411 } 412 413 if (!operationSize) { 414 res = TEE_ERROR_BAD_PARAMETERS; 415 goto out; 416 } 417 418 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 419 sizeof(TEE_OperationInfoKey); 420 421 if (num_of_keys > 2) { 422 res = TEE_ERROR_BAD_PARAMETERS; 423 goto out; 424 } 425 426 /* Two keys flag (TEE_ALG_AES_XTS only) */ 427 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 428 0 && 429 (num_of_keys != 2)) { 430 res = TEE_ERROR_SHORT_BUFFER; 431 goto out; 432 } 433 434 /* Clear */ 435 for (n = 0; n < num_of_keys; n++) { 436 operationInfoMultiple->keyInformation[n].keySize = 0; 437 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 438 } 439 440 if (num_of_keys == 2) { 441 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 442 /* Key2 is not a valid handle */ 443 if (res != TEE_SUCCESS) 444 goto out; 445 446 operationInfoMultiple->keyInformation[1].keySize = 447 key_info2.keySize; 448 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 449 operation->info.requiredKeyUsage; 450 } 451 452 if (num_of_keys >= 1) { 453 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 454 /* Key1 is not a valid handle */ 455 if (res != TEE_SUCCESS) { 456 if (num_of_keys == 2) { 457 operationInfoMultiple->keyInformation[1]. 458 keySize = 0; 459 operationInfoMultiple->keyInformation[1]. 460 requiredKeyUsage = 0; 461 } 462 goto out; 463 } 464 465 operationInfoMultiple->keyInformation[0].keySize = 466 key_info1.keySize; 467 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 468 operation->info.requiredKeyUsage; 469 } 470 471 /* No key */ 472 operationInfoMultiple->algorithm = operation->info.algorithm; 473 operationInfoMultiple->operationClass = operation->info.operationClass; 474 operationInfoMultiple->mode = operation->info.mode; 475 operationInfoMultiple->digestLength = operation->info.digestLength; 476 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 477 operationInfoMultiple->handleState = operation->info.handleState; 478 operationInfoMultiple->operationState = operation->operationState; 479 operationInfoMultiple->numberOfKeys = num_of_keys; 480 481 out: 482 if (res != TEE_SUCCESS && 483 res != TEE_ERROR_SHORT_BUFFER) 484 TEE_Panic(0); 485 486 return res; 487 } 488 489 void TEE_ResetOperation(TEE_OperationHandle operation) 490 { 491 TEE_Result res; 492 493 if (operation == TEE_HANDLE_NULL) 494 TEE_Panic(0); 495 496 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 497 TEE_Panic(0); 498 499 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 500 res = utee_hash_init(operation->state, NULL, 0); 501 if (res != TEE_SUCCESS) 502 TEE_Panic(res); 503 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 504 } else { 505 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 506 } 507 } 508 509 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 510 TEE_ObjectHandle key) 511 { 512 TEE_Result res; 513 uint32_t key_size = 0; 514 TEE_ObjectInfo key_info; 515 516 /* Operation is not a valid handle */ 517 if (operation == TEE_HANDLE_NULL) { 518 res = TEE_ERROR_BAD_PARAMETERS; 519 goto out; 520 } 521 522 /* Key is not initialized */ 523 if (key == TEE_HANDLE_NULL) { 524 /* Operation key cleared */ 525 TEE_ResetTransientObject(operation->key1); 526 res = TEE_ERROR_BAD_PARAMETERS; 527 goto out; 528 } 529 530 /* No key for digest operation */ 531 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 532 res = TEE_ERROR_BAD_PARAMETERS; 533 goto out; 534 } 535 536 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 537 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 538 0) { 539 res = TEE_ERROR_BAD_PARAMETERS; 540 goto out; 541 } 542 543 res = TEE_GetObjectInfo1(key, &key_info); 544 /* Key is not a valid handle */ 545 if (res != TEE_SUCCESS) 546 goto out; 547 548 /* Supplied key has to meet required usage */ 549 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 550 operation->info.requiredKeyUsage) { 551 res = TEE_ERROR_BAD_PARAMETERS; 552 goto out; 553 } 554 555 if (operation->info.maxKeySize < key_info.keySize) { 556 res = TEE_ERROR_BAD_PARAMETERS; 557 goto out; 558 } 559 560 key_size = key_info.keySize; 561 562 TEE_ResetTransientObject(operation->key1); 563 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 564 565 res = TEE_CopyObjectAttributes1(operation->key1, key); 566 if (res != TEE_SUCCESS) 567 goto out; 568 569 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 570 571 operation->info.keySize = key_size; 572 573 out: 574 if (res != TEE_SUCCESS && 575 res != TEE_ERROR_CORRUPT_OBJECT && 576 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 577 TEE_Panic(0); 578 579 return res; 580 } 581 582 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 583 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 584 { 585 TEE_Result res; 586 uint32_t key_size = 0; 587 TEE_ObjectInfo key_info1; 588 TEE_ObjectInfo key_info2; 589 590 /* Operation is not a valid handle */ 591 if (operation == TEE_HANDLE_NULL) { 592 res = TEE_ERROR_BAD_PARAMETERS; 593 goto out; 594 } 595 596 /* 597 * Key1/Key2 and/or are not initialized and 598 * Either both keys are NULL or both are not NULL 599 */ 600 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 601 /* Clear operation key1 (if needed) */ 602 if (key1 == TEE_HANDLE_NULL) 603 TEE_ResetTransientObject(operation->key1); 604 /* Clear operation key2 (if needed) */ 605 if (key2 == TEE_HANDLE_NULL) 606 TEE_ResetTransientObject(operation->key2); 607 res = TEE_ERROR_BAD_PARAMETERS; 608 goto out; 609 } 610 611 /* No key for digest operation */ 612 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 613 res = TEE_ERROR_BAD_PARAMETERS; 614 goto out; 615 } 616 617 /* Two keys flag expected (TEE_ALG_AES_XTS only) */ 618 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 619 0) { 620 res = TEE_ERROR_BAD_PARAMETERS; 621 goto out; 622 } 623 624 res = TEE_GetObjectInfo1(key1, &key_info1); 625 /* Key1 is not a valid handle */ 626 if (res != TEE_SUCCESS) 627 goto out; 628 629 /* Supplied key has to meet required usage */ 630 if ((key_info1.objectUsage & operation->info. 631 requiredKeyUsage) != operation->info.requiredKeyUsage) { 632 res = TEE_ERROR_BAD_PARAMETERS; 633 goto out; 634 } 635 636 res = TEE_GetObjectInfo1(key2, &key_info2); 637 /* Key2 is not a valid handle */ 638 if (res != TEE_SUCCESS) { 639 if (res == TEE_ERROR_CORRUPT_OBJECT) 640 res = TEE_ERROR_CORRUPT_OBJECT_2; 641 goto out; 642 } 643 644 /* Supplied key has to meet required usage */ 645 if ((key_info2.objectUsage & operation->info. 646 requiredKeyUsage) != operation->info.requiredKeyUsage) { 647 res = TEE_ERROR_BAD_PARAMETERS; 648 goto out; 649 } 650 651 /* 652 * AES-XTS (the only multi key algorithm supported, requires the 653 * keys to be of equal size. 654 */ 655 if (operation->info.algorithm == TEE_ALG_AES_XTS && 656 key_info1.keySize != key_info2.keySize) { 657 res = TEE_ERROR_BAD_PARAMETERS; 658 goto out; 659 660 } 661 662 if (operation->info.maxKeySize < key_info1.keySize) { 663 res = TEE_ERROR_BAD_PARAMETERS; 664 goto out; 665 } 666 667 /* 668 * Odd that only the size of one key should be reported while 669 * size of two key are used when allocating the operation. 670 */ 671 key_size = key_info1.keySize; 672 673 TEE_ResetTransientObject(operation->key1); 674 TEE_ResetTransientObject(operation->key2); 675 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 676 677 res = TEE_CopyObjectAttributes1(operation->key1, key1); 678 if (res != TEE_SUCCESS) 679 goto out; 680 681 res = TEE_CopyObjectAttributes1(operation->key2, key2); 682 if (res != TEE_SUCCESS) { 683 if (res == TEE_ERROR_CORRUPT_OBJECT) 684 res = TEE_ERROR_CORRUPT_OBJECT_2; 685 goto out; 686 } 687 688 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 689 690 operation->info.keySize = key_size; 691 692 out: 693 if (res != TEE_SUCCESS && 694 res != TEE_ERROR_CORRUPT_OBJECT && 695 res != TEE_ERROR_CORRUPT_OBJECT_2 && 696 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 697 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 698 TEE_Panic(0); 699 700 return res; 701 } 702 703 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 704 { 705 TEE_Result res; 706 707 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 708 TEE_Panic(0); 709 if (dst_op->info.algorithm != src_op->info.algorithm) 710 TEE_Panic(0); 711 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 712 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 713 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 714 715 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 716 key1 = src_op->key1; 717 key2 = src_op->key2; 718 } 719 720 if ((src_op->info.handleState & 721 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 722 TEE_SetOperationKey(dst_op, key1); 723 } else { 724 TEE_SetOperationKey2(dst_op, key1, key2); 725 } 726 } 727 dst_op->info.handleState = src_op->info.handleState; 728 dst_op->info.keySize = src_op->info.keySize; 729 730 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 731 dst_op->block_size != src_op->block_size) 732 TEE_Panic(0); 733 734 if (dst_op->buffer != NULL) { 735 if (src_op->buffer == NULL) 736 TEE_Panic(0); 737 738 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 739 dst_op->buffer_offs = src_op->buffer_offs; 740 } else if (src_op->buffer != NULL) { 741 TEE_Panic(0); 742 } 743 744 res = utee_cryp_state_copy(dst_op->state, src_op->state); 745 if (res != TEE_SUCCESS) 746 TEE_Panic(res); 747 } 748 749 /* Cryptographic Operations API - Message Digest Functions */ 750 751 void TEE_DigestUpdate(TEE_OperationHandle operation, 752 void *chunk, uint32_t chunkSize) 753 { 754 TEE_Result res = TEE_ERROR_GENERIC; 755 756 if (operation == TEE_HANDLE_NULL || 757 operation->info.operationClass != TEE_OPERATION_DIGEST) 758 TEE_Panic(0); 759 760 res = utee_hash_update(operation->state, chunk, chunkSize); 761 if (res != TEE_SUCCESS) 762 TEE_Panic(res); 763 } 764 765 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 766 uint32_t chunkLen, void *hash, uint32_t *hashLen) 767 { 768 TEE_Result res; 769 770 if ((operation == TEE_HANDLE_NULL) || 771 (!chunk && chunkLen) || 772 !hash || 773 !hashLen || 774 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 775 res = TEE_ERROR_BAD_PARAMETERS; 776 goto out; 777 } 778 779 res = utee_hash_final(operation->state, chunk, chunkLen, hash, 780 hashLen); 781 782 out: 783 if (res != TEE_SUCCESS && 784 res != TEE_ERROR_SHORT_BUFFER) 785 TEE_Panic(0); 786 787 return res; 788 } 789 790 /* Cryptographic Operations API - Symmetric Cipher Functions */ 791 792 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 793 { 794 TEE_Result res; 795 796 if (operation == TEE_HANDLE_NULL) 797 TEE_Panic(0); 798 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 799 TEE_Panic(0); 800 res = utee_cipher_init(operation->state, IV, IVLen); 801 if (res != TEE_SUCCESS) 802 TEE_Panic(res); 803 operation->buffer_offs = 0; 804 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 805 } 806 807 static TEE_Result tee_buffer_update( 808 TEE_OperationHandle op, 809 TEE_Result(*update_func) (uint32_t state, const void *src, 810 size_t slen, void *dst, uint32_t *dlen), 811 const void *src_data, size_t src_len, 812 void *dest_data, uint32_t *dest_len) 813 { 814 TEE_Result res; 815 const uint8_t *src = src_data; 816 size_t slen = src_len; 817 uint8_t *dst = dest_data; 818 size_t dlen = *dest_len; 819 size_t acc_dlen = 0; 820 uint32_t tmp_dlen; 821 size_t l; 822 size_t buffer_size; 823 size_t buffer_left; 824 825 if (op->buffer_two_blocks) { 826 buffer_size = op->block_size * 2; 827 buffer_left = 1; 828 } else { 829 buffer_size = op->block_size; 830 buffer_left = 0; 831 } 832 833 if (op->buffer_offs > 0) { 834 /* Fill up complete block */ 835 if (op->buffer_offs < op->block_size) 836 l = MIN(slen, op->block_size - op->buffer_offs); 837 else 838 l = MIN(slen, buffer_size - op->buffer_offs); 839 memcpy(op->buffer + op->buffer_offs, src, l); 840 op->buffer_offs += l; 841 src += l; 842 slen -= l; 843 if ((op->buffer_offs % op->block_size) != 0) 844 goto out; /* Nothing left to do */ 845 } 846 847 /* If we can feed from buffer */ 848 if ((op->buffer_offs > 0) && 849 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 850 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 851 op->block_size); 852 l = MIN(op->buffer_offs, l); 853 tmp_dlen = dlen; 854 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 855 if (res != TEE_SUCCESS) 856 TEE_Panic(res); 857 dst += tmp_dlen; 858 dlen -= tmp_dlen; 859 acc_dlen += tmp_dlen; 860 op->buffer_offs -= l; 861 if (op->buffer_offs > 0) { 862 /* 863 * Slen is small enough to be contained in rest buffer. 864 */ 865 memcpy(op->buffer, op->buffer + l, buffer_size - l); 866 memcpy(op->buffer + op->buffer_offs, src, slen); 867 op->buffer_offs += slen; 868 goto out; /* Nothing left to do */ 869 } 870 } 871 872 if (slen >= (buffer_size + buffer_left)) { 873 /* Buffer is empty, feed as much as possible from src */ 874 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 875 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 876 877 tmp_dlen = dlen; 878 res = update_func(op->state, src, l, dst, &tmp_dlen); 879 if (res != TEE_SUCCESS) 880 TEE_Panic(res); 881 src += l; 882 slen -= l; 883 dst += tmp_dlen; 884 dlen -= tmp_dlen; 885 acc_dlen += tmp_dlen; 886 } else { 887 /* 888 * Supplied data isn't well aligned, we're forced to 889 * feed through the buffer. 890 */ 891 while (slen >= op->block_size) { 892 memcpy(op->buffer, src, op->block_size); 893 894 tmp_dlen = dlen; 895 res = 896 update_func(op->state, op->buffer, 897 op->block_size, dst, &tmp_dlen); 898 if (res != TEE_SUCCESS) 899 TEE_Panic(res); 900 src += op->block_size; 901 slen -= op->block_size; 902 dst += tmp_dlen; 903 dlen -= tmp_dlen; 904 acc_dlen += tmp_dlen; 905 } 906 } 907 } 908 909 /* Slen is small enough to be contained in buffer. */ 910 memcpy(op->buffer + op->buffer_offs, src, slen); 911 op->buffer_offs += slen; 912 913 out: 914 *dest_len = acc_dlen; 915 return TEE_SUCCESS; 916 } 917 918 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 919 uint32_t srcLen, void *destData, uint32_t *destLen) 920 { 921 TEE_Result res; 922 size_t req_dlen; 923 924 if (op == TEE_HANDLE_NULL || 925 (srcData == NULL && srcLen != 0) || 926 destLen == NULL || 927 (destData == NULL && *destLen != 0)) { 928 res = TEE_ERROR_BAD_PARAMETERS; 929 goto out; 930 } 931 932 if (op->info.operationClass != TEE_OPERATION_CIPHER) { 933 res = TEE_ERROR_BAD_PARAMETERS; 934 goto out; 935 } 936 937 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 938 res = TEE_ERROR_BAD_PARAMETERS; 939 goto out; 940 } 941 942 /* Calculate required dlen */ 943 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 944 op->block_size; 945 if (op->buffer_two_blocks) { 946 if (req_dlen > op->block_size * 2) 947 req_dlen -= op->block_size * 2; 948 else 949 req_dlen = 0; 950 } 951 /* 952 * Check that required destLen is big enough before starting to feed 953 * data to the algorithm. Errors during feeding of data are fatal as we 954 * can't restore sync with this API. 955 */ 956 if (*destLen < req_dlen) { 957 *destLen = req_dlen; 958 res = TEE_ERROR_SHORT_BUFFER; 959 goto out; 960 } 961 962 res = tee_buffer_update(op, utee_cipher_update, srcData, srcLen, 963 destData, destLen); 964 965 out: 966 if (res != TEE_SUCCESS && 967 res != TEE_ERROR_SHORT_BUFFER) 968 TEE_Panic(0); 969 970 return res; 971 } 972 973 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 974 const void *srcData, uint32_t srcLen, void *destData, 975 uint32_t *destLen) 976 { 977 TEE_Result res; 978 uint8_t *dst = destData; 979 size_t acc_dlen = 0; 980 uint32_t tmp_dlen; 981 size_t req_dlen; 982 983 if (op == TEE_HANDLE_NULL || 984 (srcData == NULL && srcLen != 0) || 985 destLen == NULL || 986 (destData == NULL && *destLen != 0)) { 987 res = TEE_ERROR_BAD_PARAMETERS; 988 goto out; 989 } 990 991 if (op->info.operationClass != TEE_OPERATION_CIPHER) { 992 res = TEE_ERROR_BAD_PARAMETERS; 993 goto out; 994 } 995 996 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 997 res = TEE_ERROR_BAD_PARAMETERS; 998 goto out; 999 } 1000 1001 /* 1002 * Check that the final block doesn't require padding for those 1003 * algorithms that requires client to supply padding. 1004 */ 1005 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1006 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1007 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1008 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1009 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1010 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 1011 if (((op->buffer_offs + srcLen) % op->block_size) != 0) { 1012 res = TEE_ERROR_BAD_PARAMETERS; 1013 goto out; 1014 } 1015 } 1016 1017 /* 1018 * Check that required destLen is big enough before starting to feed 1019 * data to the algorithm. Errors during feeding of data are fatal as we 1020 * can't restore sync with this API. 1021 */ 1022 req_dlen = op->buffer_offs + srcLen; 1023 if (*destLen < req_dlen) { 1024 *destLen = req_dlen; 1025 res = TEE_ERROR_SHORT_BUFFER; 1026 goto out; 1027 } 1028 1029 tmp_dlen = *destLen - acc_dlen; 1030 res = tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 1031 &tmp_dlen); 1032 if (res != TEE_SUCCESS) 1033 goto out; 1034 1035 dst += tmp_dlen; 1036 acc_dlen += tmp_dlen; 1037 1038 tmp_dlen = *destLen - acc_dlen; 1039 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 1040 dst, &tmp_dlen); 1041 if (res != TEE_SUCCESS) 1042 goto out; 1043 1044 acc_dlen += tmp_dlen; 1045 1046 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1047 *destLen = acc_dlen; 1048 1049 out: 1050 if (res != TEE_SUCCESS && 1051 res != TEE_ERROR_SHORT_BUFFER) 1052 TEE_Panic(0); 1053 1054 return res; 1055 } 1056 1057 /* Cryptographic Operations API - MAC Functions */ 1058 1059 void TEE_MACInit(TEE_OperationHandle operation, void *IV, uint32_t IVLen) 1060 { 1061 TEE_Result res; 1062 1063 if (operation == TEE_HANDLE_NULL) 1064 TEE_Panic(0); 1065 if (!operation->key1) 1066 TEE_Panic(0); 1067 if (operation->info.operationClass != TEE_OPERATION_MAC) 1068 TEE_Panic(0); 1069 /* 1070 * Note : IV and IVLen are never used in current implementation 1071 * This is why coherent values of IV and IVLen are not checked 1072 */ 1073 res = utee_hash_init(operation->state, IV, IVLen); 1074 if (res != TEE_SUCCESS) 1075 TEE_Panic(res); 1076 operation->buffer_offs = 0; 1077 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1078 } 1079 1080 void TEE_MACUpdate(TEE_OperationHandle operation, void *chunk, 1081 uint32_t chunkSize) 1082 { 1083 TEE_Result res; 1084 1085 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1086 TEE_Panic(0); 1087 if (operation->info.operationClass != TEE_OPERATION_MAC) 1088 TEE_Panic(0); 1089 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1090 TEE_Panic(0); 1091 1092 res = utee_hash_update(operation->state, chunk, chunkSize); 1093 if (res != TEE_SUCCESS) 1094 TEE_Panic(res); 1095 } 1096 1097 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1098 void *message, uint32_t messageLen, 1099 void *mac, uint32_t *macLen) 1100 { 1101 TEE_Result res; 1102 1103 if (operation == TEE_HANDLE_NULL || 1104 (message == NULL && messageLen != 0) || 1105 mac == NULL || 1106 macLen == NULL) { 1107 res = TEE_ERROR_BAD_PARAMETERS; 1108 goto out; 1109 } 1110 1111 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1112 res = TEE_ERROR_BAD_PARAMETERS; 1113 goto out; 1114 } 1115 1116 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1117 res = TEE_ERROR_BAD_PARAMETERS; 1118 goto out; 1119 } 1120 1121 res = utee_hash_final(operation->state, message, messageLen, mac, 1122 macLen); 1123 if (res != TEE_SUCCESS) 1124 goto out; 1125 1126 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1127 1128 out: 1129 if (res != TEE_SUCCESS && 1130 res != TEE_ERROR_SHORT_BUFFER) 1131 TEE_Panic(res); 1132 1133 return res; 1134 } 1135 1136 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1137 void *message, uint32_t messageLen, 1138 void *mac, uint32_t macLen) 1139 { 1140 TEE_Result res; 1141 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1142 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1143 1144 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1145 res = TEE_ERROR_BAD_PARAMETERS; 1146 goto out; 1147 } 1148 1149 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1150 res = TEE_ERROR_BAD_PARAMETERS; 1151 goto out; 1152 } 1153 1154 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1155 &computed_mac_size); 1156 if (res != TEE_SUCCESS) 1157 goto out; 1158 1159 if (computed_mac_size != macLen) { 1160 res = TEE_ERROR_MAC_INVALID; 1161 goto out; 1162 } 1163 1164 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) { 1165 res = TEE_ERROR_MAC_INVALID; 1166 goto out; 1167 } 1168 1169 out: 1170 if (res != TEE_SUCCESS && 1171 res != TEE_ERROR_MAC_INVALID) 1172 TEE_Panic(res); 1173 1174 return res; 1175 } 1176 1177 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1178 1179 TEE_Result TEE_AEInit(TEE_OperationHandle operation, void *nonce, 1180 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1181 uint32_t payloadLen) 1182 { 1183 TEE_Result res; 1184 1185 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1186 res = TEE_ERROR_BAD_PARAMETERS; 1187 goto out; 1188 } 1189 1190 if (operation->info.operationClass != TEE_OPERATION_AE) { 1191 res = TEE_ERROR_BAD_PARAMETERS; 1192 goto out; 1193 } 1194 1195 /* 1196 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1197 * in the implementation. But AES-GCM spec doesn't specify the tag len 1198 * according to the same principle so we have to check here instead to 1199 * be GP compliant. 1200 */ 1201 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1202 /* 1203 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1204 */ 1205 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1206 res = TEE_ERROR_NOT_SUPPORTED; 1207 goto out; 1208 } 1209 } 1210 1211 res = utee_authenc_init(operation->state, nonce, nonceLen, 1212 tagLen / 8, AADLen, payloadLen); 1213 if (res != TEE_SUCCESS) 1214 goto out; 1215 1216 operation->ae_tag_len = tagLen / 8; 1217 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1218 1219 out: 1220 if (res != TEE_SUCCESS && 1221 res != TEE_ERROR_NOT_SUPPORTED) 1222 TEE_Panic(res); 1223 1224 return res; 1225 } 1226 1227 void TEE_AEUpdateAAD(TEE_OperationHandle operation, void *AADdata, 1228 uint32_t AADdataLen) 1229 { 1230 TEE_Result res; 1231 1232 if (operation == TEE_HANDLE_NULL || 1233 (AADdata == NULL && AADdataLen != 0)) 1234 TEE_Panic(0); 1235 if (operation->info.operationClass != TEE_OPERATION_AE) 1236 TEE_Panic(0); 1237 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1238 TEE_Panic(0); 1239 1240 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1241 if (res != TEE_SUCCESS) 1242 TEE_Panic(res); 1243 } 1244 1245 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, void *srcData, 1246 uint32_t srcLen, void *destData, uint32_t *destLen) 1247 { 1248 TEE_Result res; 1249 size_t req_dlen; 1250 1251 if (operation == TEE_HANDLE_NULL || 1252 (srcData == NULL && srcLen != 0) || 1253 destLen == NULL || 1254 (destData == NULL && *destLen != 0)) { 1255 res = TEE_ERROR_BAD_PARAMETERS; 1256 goto out; 1257 } 1258 1259 if (operation->info.operationClass != TEE_OPERATION_AE) { 1260 res = TEE_ERROR_BAD_PARAMETERS; 1261 goto out; 1262 } 1263 1264 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1265 res = TEE_ERROR_BAD_PARAMETERS; 1266 goto out; 1267 } 1268 1269 /* 1270 * Check that required destLen is big enough before starting to feed 1271 * data to the algorithm. Errors during feeding of data are fatal as we 1272 * can't restore sync with this API. 1273 */ 1274 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1275 operation->block_size); 1276 if (*destLen < req_dlen) { 1277 *destLen = req_dlen; 1278 res = TEE_ERROR_SHORT_BUFFER; 1279 goto out; 1280 } 1281 1282 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1283 srcLen, destData, destLen); 1284 1285 out: 1286 if (res != TEE_SUCCESS && 1287 res != TEE_ERROR_SHORT_BUFFER) 1288 TEE_Panic(res); 1289 1290 return res; 1291 } 1292 1293 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1294 void *srcData, uint32_t srcLen, 1295 void *destData, uint32_t *destLen, void *tag, 1296 uint32_t *tagLen) 1297 { 1298 TEE_Result res; 1299 uint8_t *dst = destData; 1300 size_t acc_dlen = 0; 1301 uint32_t tmp_dlen; 1302 size_t req_dlen; 1303 1304 if (operation == TEE_HANDLE_NULL || 1305 (srcData == NULL && srcLen != 0) || 1306 destLen == NULL || 1307 (destData == NULL && *destLen != 0) || 1308 tag == NULL || tagLen == NULL) { 1309 res = TEE_ERROR_BAD_PARAMETERS; 1310 goto out; 1311 } 1312 1313 if (operation->info.operationClass != TEE_OPERATION_AE) { 1314 res = TEE_ERROR_BAD_PARAMETERS; 1315 goto out; 1316 } 1317 1318 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1319 res = TEE_ERROR_BAD_PARAMETERS; 1320 goto out; 1321 } 1322 1323 /* 1324 * Check that required destLen is big enough before starting to feed 1325 * data to the algorithm. Errors during feeding of data are fatal as we 1326 * can't restore sync with this API. 1327 */ 1328 req_dlen = operation->buffer_offs + srcLen; 1329 if (*destLen < req_dlen) { 1330 *destLen = req_dlen; 1331 res = TEE_ERROR_SHORT_BUFFER; 1332 goto out; 1333 } 1334 1335 /* 1336 * Need to check this before update_payload since sync would be lost if 1337 * we return short buffer after that. 1338 */ 1339 if (*tagLen < operation->ae_tag_len) { 1340 *tagLen = operation->ae_tag_len; 1341 res = TEE_ERROR_SHORT_BUFFER; 1342 goto out; 1343 } 1344 1345 tmp_dlen = *destLen - acc_dlen; 1346 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1347 srcLen, dst, &tmp_dlen); 1348 if (res != TEE_SUCCESS) 1349 goto out; 1350 1351 dst += tmp_dlen; 1352 acc_dlen += tmp_dlen; 1353 1354 tmp_dlen = *destLen - acc_dlen; 1355 res = utee_authenc_enc_final(operation->state, operation->buffer, 1356 operation->buffer_offs, dst, &tmp_dlen, 1357 tag, tagLen); 1358 if (res != TEE_SUCCESS) 1359 goto out; 1360 1361 acc_dlen += tmp_dlen; 1362 *destLen = acc_dlen; 1363 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1364 1365 out: 1366 if (res != TEE_SUCCESS && 1367 res != TEE_ERROR_SHORT_BUFFER) 1368 TEE_Panic(res); 1369 1370 return res; 1371 } 1372 1373 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1374 void *srcData, uint32_t srcLen, 1375 void *destData, uint32_t *destLen, void *tag, 1376 uint32_t tagLen) 1377 { 1378 TEE_Result res; 1379 uint8_t *dst = destData; 1380 size_t acc_dlen = 0; 1381 uint32_t tmp_dlen; 1382 size_t req_dlen; 1383 1384 if (operation == TEE_HANDLE_NULL || 1385 (srcData == NULL && srcLen != 0) || 1386 destLen == NULL || 1387 (destData == NULL && *destLen != 0) || 1388 (tag == NULL && tagLen != 0)) { 1389 res = TEE_ERROR_BAD_PARAMETERS; 1390 goto out; 1391 } 1392 1393 if (operation->info.operationClass != TEE_OPERATION_AE) { 1394 res = TEE_ERROR_BAD_PARAMETERS; 1395 goto out; 1396 } 1397 1398 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1399 res = TEE_ERROR_BAD_PARAMETERS; 1400 goto out; 1401 } 1402 1403 /* 1404 * Check that required destLen is big enough before starting to feed 1405 * data to the algorithm. Errors during feeding of data are fatal as we 1406 * can't restore sync with this API. 1407 */ 1408 req_dlen = operation->buffer_offs + srcLen; 1409 if (*destLen < req_dlen) { 1410 *destLen = req_dlen; 1411 res = TEE_ERROR_SHORT_BUFFER; 1412 goto out; 1413 } 1414 1415 tmp_dlen = *destLen - acc_dlen; 1416 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1417 srcLen, dst, &tmp_dlen); 1418 if (res != TEE_SUCCESS) 1419 goto out; 1420 1421 dst += tmp_dlen; 1422 acc_dlen += tmp_dlen; 1423 1424 tmp_dlen = *destLen - acc_dlen; 1425 res = utee_authenc_dec_final(operation->state, operation->buffer, 1426 operation->buffer_offs, dst, &tmp_dlen, 1427 tag, tagLen); 1428 if (res != TEE_SUCCESS) 1429 goto out; 1430 1431 /* Supplied tagLen should match what we initiated with */ 1432 if (tagLen != operation->ae_tag_len) 1433 res = TEE_ERROR_MAC_INVALID; 1434 1435 acc_dlen += tmp_dlen; 1436 1437 *destLen = acc_dlen; 1438 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1439 1440 out: 1441 if (res != TEE_SUCCESS && 1442 res != TEE_ERROR_SHORT_BUFFER && 1443 res != TEE_ERROR_MAC_INVALID) 1444 TEE_Panic(res); 1445 1446 return res; 1447 } 1448 1449 /* Cryptographic Operations API - Asymmetric Functions */ 1450 1451 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1452 TEE_Attribute *params, 1453 uint32_t paramCount, void *srcData, 1454 uint32_t srcLen, void *destData, 1455 uint32_t *destLen) 1456 { 1457 TEE_Result res; 1458 1459 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1460 destLen == NULL || (destData == NULL && *destLen != 0)) 1461 TEE_Panic(0); 1462 if (params == NULL && paramCount != 0) 1463 TEE_Panic(0); 1464 if (!operation->key1) 1465 TEE_Panic(0); 1466 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1467 TEE_Panic(0); 1468 if (operation->info.mode != TEE_MODE_ENCRYPT) 1469 TEE_Panic(0); 1470 1471 res = utee_asymm_operate(operation->state, params, paramCount, srcData, 1472 srcLen, destData, destLen); 1473 1474 if (res != TEE_SUCCESS && 1475 res != TEE_ERROR_SHORT_BUFFER && 1476 res != TEE_ERROR_BAD_PARAMETERS) 1477 TEE_Panic(res); 1478 1479 return res; 1480 } 1481 1482 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1483 TEE_Attribute *params, 1484 uint32_t paramCount, void *srcData, 1485 uint32_t srcLen, void *destData, 1486 uint32_t *destLen) 1487 { 1488 TEE_Result res; 1489 1490 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1491 destLen == NULL || (destData == NULL && *destLen != 0)) 1492 TEE_Panic(0); 1493 if (params == NULL && paramCount != 0) 1494 TEE_Panic(0); 1495 if (!operation->key1) 1496 TEE_Panic(0); 1497 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1498 TEE_Panic(0); 1499 if (operation->info.mode != TEE_MODE_DECRYPT) 1500 TEE_Panic(0); 1501 1502 res = utee_asymm_operate(operation->state, params, paramCount, srcData, 1503 srcLen, destData, destLen); 1504 1505 if (res != TEE_SUCCESS && 1506 res != TEE_ERROR_SHORT_BUFFER && 1507 res != TEE_ERROR_BAD_PARAMETERS) 1508 TEE_Panic(res); 1509 1510 return res; 1511 } 1512 1513 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1514 TEE_Attribute *params, 1515 uint32_t paramCount, void *digest, 1516 uint32_t digestLen, void *signature, 1517 uint32_t *signatureLen) 1518 { 1519 TEE_Result res; 1520 1521 if (operation == TEE_HANDLE_NULL || 1522 (digest == NULL && digestLen != 0) || 1523 signature == NULL || signatureLen == NULL) 1524 TEE_Panic(0); 1525 if (params == NULL && paramCount != 0) 1526 TEE_Panic(0); 1527 if (!operation->key1) 1528 TEE_Panic(0); 1529 if (operation->info.operationClass != 1530 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1531 TEE_Panic(0); 1532 if (operation->info.mode != TEE_MODE_SIGN) 1533 TEE_Panic(0); 1534 1535 res = utee_asymm_operate(operation->state, params, paramCount, digest, 1536 digestLen, signature, signatureLen); 1537 1538 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1539 TEE_Panic(res); 1540 1541 return res; 1542 } 1543 1544 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1545 TEE_Attribute *params, 1546 uint32_t paramCount, void *digest, 1547 uint32_t digestLen, void *signature, 1548 uint32_t signatureLen) 1549 { 1550 TEE_Result res; 1551 1552 if (operation == TEE_HANDLE_NULL || 1553 (digest == NULL && digestLen != 0) || 1554 (signature == NULL && signatureLen != 0)) 1555 TEE_Panic(0); 1556 if (params == NULL && paramCount != 0) 1557 TEE_Panic(0); 1558 if (!operation->key1) 1559 TEE_Panic(0); 1560 if (operation->info.operationClass != 1561 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1562 TEE_Panic(0); 1563 if (operation->info.mode != TEE_MODE_VERIFY) 1564 TEE_Panic(0); 1565 1566 res = utee_asymm_verify(operation->state, params, paramCount, digest, 1567 digestLen, signature, signatureLen); 1568 1569 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1570 TEE_Panic(res); 1571 1572 return res; 1573 } 1574 1575 /* Cryptographic Operations API - Key Derivation Functions */ 1576 1577 void TEE_DeriveKey(TEE_OperationHandle operation, 1578 const TEE_Attribute *params, uint32_t paramCount, 1579 TEE_ObjectHandle derivedKey) 1580 { 1581 TEE_Result res; 1582 TEE_ObjectInfo key_info; 1583 1584 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1585 TEE_Panic(0); 1586 if (params == NULL && paramCount != 0) 1587 TEE_Panic(0); 1588 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1589 TEE_OPERATION_KEY_DERIVATION) 1590 TEE_Panic(0); 1591 1592 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1593 TEE_Panic(0); 1594 if (!operation->key1) 1595 TEE_Panic(0); 1596 if (operation->info.mode != TEE_MODE_DERIVE) 1597 TEE_Panic(0); 1598 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1599 TEE_Panic(0); 1600 1601 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1602 if (res != TEE_SUCCESS) 1603 TEE_Panic(0); 1604 1605 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1606 TEE_Panic(0); 1607 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1608 TEE_Panic(0); 1609 1610 res = utee_cryp_derive_key(operation->state, params, paramCount, 1611 (uint32_t) derivedKey); 1612 if (res != TEE_SUCCESS) 1613 TEE_Panic(res); 1614 } 1615 1616 /* Cryptographic Operations API - Random Number Generation Functions */ 1617 1618 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1619 { 1620 TEE_Result res; 1621 1622 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1623 if (res != TEE_SUCCESS) 1624 TEE_Panic(res); 1625 } 1626