1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <stdlib.h> 6 #include <string.h> 7 #include <string_ext.h> 8 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 uint32_t ae_tag_len; /* 28 * tag_len in bytes for AE operation else unused 29 */ 30 }; 31 32 /* Cryptographic Operations API - Generic Operation Functions */ 33 34 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 35 uint32_t algorithm, uint32_t mode, 36 uint32_t maxKeySize) 37 { 38 TEE_Result res; 39 TEE_OperationHandle op = TEE_HANDLE_NULL; 40 uint32_t handle_state = 0; 41 size_t block_size = 1; 42 uint32_t req_key_usage; 43 bool with_private_key = false; 44 bool buffer_two_blocks = false; 45 46 if (!operation) 47 TEE_Panic(0); 48 49 if (algorithm == TEE_ALG_AES_XTS) 50 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 51 52 /* Check algorithm max key size */ 53 switch (algorithm) { 54 case TEE_ALG_DSA_SHA1: 55 if (maxKeySize < 512) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize > 1024) 58 return TEE_ERROR_NOT_SUPPORTED; 59 if (maxKeySize % 64 != 0) 60 return TEE_ERROR_NOT_SUPPORTED; 61 break; 62 63 case TEE_ALG_DSA_SHA224: 64 if (maxKeySize != 2048) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA256: 69 if (maxKeySize != 2048 && maxKeySize != 3072) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_ECDSA_P192: 74 case TEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_P224: 80 case TEE_ALG_ECDH_P224: 81 if (maxKeySize != 224) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_P256: 86 case TEE_ALG_ECDH_P256: 87 case TEE_ALG_SM2_PKE: 88 case TEE_ALG_SM2_DSA_SM3: 89 if (maxKeySize != 256) 90 return TEE_ERROR_NOT_SUPPORTED; 91 break; 92 93 case TEE_ALG_ECDSA_P384: 94 case TEE_ALG_ECDH_P384: 95 if (maxKeySize != 384) 96 return TEE_ERROR_NOT_SUPPORTED; 97 break; 98 99 case TEE_ALG_ECDSA_P521: 100 case TEE_ALG_ECDH_P521: 101 if (maxKeySize != 521) 102 return TEE_ERROR_NOT_SUPPORTED; 103 break; 104 105 default: 106 break; 107 } 108 109 /* Check algorithm mode */ 110 switch (algorithm) { 111 case TEE_ALG_AES_CTS: 112 case TEE_ALG_AES_XTS: 113 buffer_two_blocks = true; 114 /* FALLTHROUGH */ 115 case TEE_ALG_AES_ECB_NOPAD: 116 case TEE_ALG_AES_CBC_NOPAD: 117 case TEE_ALG_AES_CCM: 118 case TEE_ALG_DES_ECB_NOPAD: 119 case TEE_ALG_DES_CBC_NOPAD: 120 case TEE_ALG_DES3_ECB_NOPAD: 121 case TEE_ALG_DES3_CBC_NOPAD: 122 case TEE_ALG_SM4_ECB_NOPAD: 123 case TEE_ALG_SM4_CBC_NOPAD: 124 case TEE_ALG_SM4_CTR: 125 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 126 block_size = TEE_AES_BLOCK_SIZE; 127 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 128 block_size = TEE_SM4_BLOCK_SIZE; 129 else 130 block_size = TEE_DES_BLOCK_SIZE; 131 /* FALLTHROUGH */ 132 case TEE_ALG_AES_CTR: 133 case TEE_ALG_AES_GCM: 134 if (mode == TEE_MODE_ENCRYPT) 135 req_key_usage = TEE_USAGE_ENCRYPT; 136 else if (mode == TEE_MODE_DECRYPT) 137 req_key_usage = TEE_USAGE_DECRYPT; 138 else 139 return TEE_ERROR_NOT_SUPPORTED; 140 break; 141 142 #if defined(CFG_CRYPTO_RSASSA_NA1) 143 case TEE_ALG_RSASSA_PKCS1_V1_5: 144 #endif 145 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 146 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 147 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 148 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 149 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 150 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 151 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 152 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 153 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 154 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 155 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 156 case TEE_ALG_DSA_SHA1: 157 case TEE_ALG_DSA_SHA224: 158 case TEE_ALG_DSA_SHA256: 159 case TEE_ALG_ECDSA_P192: 160 case TEE_ALG_ECDSA_P224: 161 case TEE_ALG_ECDSA_P256: 162 case TEE_ALG_ECDSA_P384: 163 case TEE_ALG_ECDSA_P521: 164 case TEE_ALG_SM2_DSA_SM3: 165 if (mode == TEE_MODE_SIGN) { 166 with_private_key = true; 167 req_key_usage = TEE_USAGE_SIGN; 168 } else if (mode == TEE_MODE_VERIFY) { 169 req_key_usage = TEE_USAGE_VERIFY; 170 } else { 171 return TEE_ERROR_NOT_SUPPORTED; 172 } 173 break; 174 175 case TEE_ALG_RSAES_PKCS1_V1_5: 176 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 177 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 178 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 179 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 180 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 181 case TEE_ALG_SM2_PKE: 182 if (mode == TEE_MODE_ENCRYPT) { 183 req_key_usage = TEE_USAGE_ENCRYPT; 184 } else if (mode == TEE_MODE_DECRYPT) { 185 with_private_key = true; 186 req_key_usage = TEE_USAGE_DECRYPT; 187 } else { 188 return TEE_ERROR_NOT_SUPPORTED; 189 } 190 break; 191 192 case TEE_ALG_RSA_NOPAD: 193 if (mode == TEE_MODE_ENCRYPT) { 194 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 195 } else if (mode == TEE_MODE_DECRYPT) { 196 with_private_key = true; 197 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 198 } else { 199 return TEE_ERROR_NOT_SUPPORTED; 200 } 201 break; 202 203 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 204 case TEE_ALG_ECDH_P192: 205 case TEE_ALG_ECDH_P224: 206 case TEE_ALG_ECDH_P256: 207 case TEE_ALG_ECDH_P384: 208 case TEE_ALG_ECDH_P521: 209 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 210 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 211 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 212 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 213 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 214 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 215 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 216 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 217 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 218 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 219 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 220 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 221 if (mode != TEE_MODE_DERIVE) 222 return TEE_ERROR_NOT_SUPPORTED; 223 with_private_key = true; 224 req_key_usage = TEE_USAGE_DERIVE; 225 break; 226 227 case TEE_ALG_MD5: 228 case TEE_ALG_SHA1: 229 case TEE_ALG_SHA224: 230 case TEE_ALG_SHA256: 231 case TEE_ALG_SHA384: 232 case TEE_ALG_SHA512: 233 case TEE_ALG_SM3: 234 if (mode != TEE_MODE_DIGEST) 235 return TEE_ERROR_NOT_SUPPORTED; 236 /* v1.1: flags always set for digest operations */ 237 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 238 req_key_usage = 0; 239 break; 240 241 case TEE_ALG_DES_CBC_MAC_NOPAD: 242 case TEE_ALG_AES_CBC_MAC_NOPAD: 243 case TEE_ALG_AES_CBC_MAC_PKCS5: 244 case TEE_ALG_AES_CMAC: 245 case TEE_ALG_DES_CBC_MAC_PKCS5: 246 case TEE_ALG_DES3_CBC_MAC_NOPAD: 247 case TEE_ALG_DES3_CBC_MAC_PKCS5: 248 case TEE_ALG_HMAC_MD5: 249 case TEE_ALG_HMAC_SHA1: 250 case TEE_ALG_HMAC_SHA224: 251 case TEE_ALG_HMAC_SHA256: 252 case TEE_ALG_HMAC_SHA384: 253 case TEE_ALG_HMAC_SHA512: 254 case TEE_ALG_HMAC_SM3: 255 if (mode != TEE_MODE_MAC) 256 return TEE_ERROR_NOT_SUPPORTED; 257 req_key_usage = TEE_USAGE_MAC; 258 break; 259 260 default: 261 return TEE_ERROR_NOT_SUPPORTED; 262 } 263 264 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 265 if (!op) 266 return TEE_ERROR_OUT_OF_MEMORY; 267 268 op->info.algorithm = algorithm; 269 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 270 #ifdef CFG_CRYPTO_RSASSA_NA1 271 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 272 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 273 #endif 274 op->info.mode = mode; 275 op->info.maxKeySize = maxKeySize; 276 op->info.requiredKeyUsage = req_key_usage; 277 op->info.handleState = handle_state; 278 279 if (block_size > 1) { 280 size_t buffer_size = block_size; 281 282 if (buffer_two_blocks) 283 buffer_size *= 2; 284 285 op->buffer = TEE_Malloc(buffer_size, 286 TEE_USER_MEM_HINT_NO_FILL_ZERO); 287 if (op->buffer == NULL) { 288 res = TEE_ERROR_OUT_OF_MEMORY; 289 goto out; 290 } 291 } 292 op->block_size = block_size; 293 op->buffer_two_blocks = buffer_two_blocks; 294 295 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 296 uint32_t mks = maxKeySize; 297 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 298 with_private_key); 299 300 /* 301 * If two keys are expected the max key size is the sum of 302 * the size of both keys. 303 */ 304 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 305 mks /= 2; 306 307 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 308 if (res != TEE_SUCCESS) 309 goto out; 310 311 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 312 res = TEE_AllocateTransientObject(key_type, mks, 313 &op->key2); 314 if (res != TEE_SUCCESS) 315 goto out; 316 } 317 } 318 319 res = utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 320 (unsigned long)op->key2, &op->state); 321 if (res != TEE_SUCCESS) 322 goto out; 323 324 /* 325 * Initialize digest operations 326 * Other multi-stage operations initialized w/ TEE_xxxInit functions 327 * Non-applicable on asymmetric operations 328 */ 329 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 330 res = utee_hash_init(op->state, NULL, 0); 331 if (res != TEE_SUCCESS) 332 goto out; 333 /* v1.1: flags always set for digest operations */ 334 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 335 } 336 337 op->operationState = TEE_OPERATION_STATE_INITIAL; 338 339 *operation = op; 340 341 out: 342 if (res != TEE_SUCCESS) { 343 if (res != TEE_ERROR_OUT_OF_MEMORY && 344 res != TEE_ERROR_NOT_SUPPORTED) 345 TEE_Panic(res); 346 if (op) { 347 if (op->state) { 348 TEE_FreeOperation(op); 349 } else { 350 TEE_Free(op->buffer); 351 TEE_FreeTransientObject(op->key1); 352 TEE_FreeTransientObject(op->key2); 353 TEE_Free(op); 354 } 355 } 356 } 357 358 return res; 359 } 360 361 void TEE_FreeOperation(TEE_OperationHandle operation) 362 { 363 TEE_Result res; 364 365 if (operation == TEE_HANDLE_NULL) 366 TEE_Panic(0); 367 368 /* 369 * Note that keys should not be freed here, since they are 370 * claimed by the operation they will be freed by 371 * utee_cryp_state_free(). 372 */ 373 res = utee_cryp_state_free(operation->state); 374 if (res != TEE_SUCCESS) 375 TEE_Panic(res); 376 377 TEE_Free(operation->buffer); 378 TEE_Free(operation); 379 } 380 381 void TEE_GetOperationInfo(TEE_OperationHandle operation, 382 TEE_OperationInfo *operationInfo) 383 { 384 if (operation == TEE_HANDLE_NULL) 385 TEE_Panic(0); 386 387 if (!operationInfo) 388 TEE_Panic(0); 389 390 *operationInfo = operation->info; 391 } 392 393 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 394 TEE_OperationInfoMultiple *operationInfoMultiple, 395 uint32_t *operationSize) 396 { 397 TEE_Result res = TEE_SUCCESS; 398 TEE_ObjectInfo key_info1; 399 TEE_ObjectInfo key_info2; 400 uint32_t num_of_keys; 401 size_t n; 402 403 if (operation == TEE_HANDLE_NULL) { 404 res = TEE_ERROR_BAD_PARAMETERS; 405 goto out; 406 } 407 408 if (!operationInfoMultiple) { 409 res = TEE_ERROR_BAD_PARAMETERS; 410 goto out; 411 } 412 413 if (!operationSize) { 414 res = TEE_ERROR_BAD_PARAMETERS; 415 goto out; 416 } 417 418 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 419 sizeof(TEE_OperationInfoKey); 420 421 if (num_of_keys > 2) { 422 res = TEE_ERROR_BAD_PARAMETERS; 423 goto out; 424 } 425 426 /* Two keys flag (TEE_ALG_AES_XTS only) */ 427 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 428 0 && 429 (num_of_keys != 2)) { 430 res = TEE_ERROR_SHORT_BUFFER; 431 goto out; 432 } 433 434 /* Clear */ 435 for (n = 0; n < num_of_keys; n++) { 436 operationInfoMultiple->keyInformation[n].keySize = 0; 437 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 438 } 439 440 if (num_of_keys == 2) { 441 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 442 /* Key2 is not a valid handle */ 443 if (res != TEE_SUCCESS) 444 goto out; 445 446 operationInfoMultiple->keyInformation[1].keySize = 447 key_info2.keySize; 448 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 449 operation->info.requiredKeyUsage; 450 } 451 452 if (num_of_keys >= 1) { 453 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 454 /* Key1 is not a valid handle */ 455 if (res != TEE_SUCCESS) { 456 if (num_of_keys == 2) { 457 operationInfoMultiple->keyInformation[1]. 458 keySize = 0; 459 operationInfoMultiple->keyInformation[1]. 460 requiredKeyUsage = 0; 461 } 462 goto out; 463 } 464 465 operationInfoMultiple->keyInformation[0].keySize = 466 key_info1.keySize; 467 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 468 operation->info.requiredKeyUsage; 469 } 470 471 /* No key */ 472 operationInfoMultiple->algorithm = operation->info.algorithm; 473 operationInfoMultiple->operationClass = operation->info.operationClass; 474 operationInfoMultiple->mode = operation->info.mode; 475 operationInfoMultiple->digestLength = operation->info.digestLength; 476 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 477 operationInfoMultiple->handleState = operation->info.handleState; 478 operationInfoMultiple->operationState = operation->operationState; 479 operationInfoMultiple->numberOfKeys = num_of_keys; 480 481 out: 482 if (res != TEE_SUCCESS && 483 res != TEE_ERROR_SHORT_BUFFER) 484 TEE_Panic(res); 485 486 return res; 487 } 488 489 void TEE_ResetOperation(TEE_OperationHandle operation) 490 { 491 TEE_Result res; 492 493 if (operation == TEE_HANDLE_NULL) 494 TEE_Panic(0); 495 496 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 497 TEE_Panic(0); 498 499 operation->operationState = TEE_OPERATION_STATE_INITIAL; 500 501 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 502 res = utee_hash_init(operation->state, NULL, 0); 503 if (res != TEE_SUCCESS) 504 TEE_Panic(res); 505 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 506 } else { 507 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 508 } 509 } 510 511 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 512 TEE_ObjectHandle key) 513 { 514 TEE_Result res; 515 uint32_t key_size = 0; 516 TEE_ObjectInfo key_info; 517 518 if (operation == TEE_HANDLE_NULL) { 519 res = TEE_ERROR_BAD_PARAMETERS; 520 goto out; 521 } 522 523 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 524 res = TEE_ERROR_BAD_PARAMETERS; 525 goto out; 526 } 527 528 if (key == TEE_HANDLE_NULL) { 529 /* Operation key cleared */ 530 TEE_ResetTransientObject(operation->key1); 531 res = TEE_ERROR_BAD_PARAMETERS; 532 goto out; 533 } 534 535 /* No key for digest operation */ 536 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 537 res = TEE_ERROR_BAD_PARAMETERS; 538 goto out; 539 } 540 541 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 542 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 543 0) { 544 res = TEE_ERROR_BAD_PARAMETERS; 545 goto out; 546 } 547 548 res = TEE_GetObjectInfo1(key, &key_info); 549 /* Key is not a valid handle */ 550 if (res != TEE_SUCCESS) 551 goto out; 552 553 /* Supplied key has to meet required usage */ 554 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 555 operation->info.requiredKeyUsage) { 556 res = TEE_ERROR_BAD_PARAMETERS; 557 goto out; 558 } 559 560 if (operation->info.maxKeySize < key_info.keySize) { 561 res = TEE_ERROR_BAD_PARAMETERS; 562 goto out; 563 } 564 565 key_size = key_info.keySize; 566 567 TEE_ResetTransientObject(operation->key1); 568 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 569 570 res = TEE_CopyObjectAttributes1(operation->key1, key); 571 if (res != TEE_SUCCESS) 572 goto out; 573 574 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 575 576 operation->info.keySize = key_size; 577 578 out: 579 if (res != TEE_SUCCESS && 580 res != TEE_ERROR_CORRUPT_OBJECT && 581 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 582 TEE_Panic(res); 583 584 return res; 585 } 586 587 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 588 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 589 { 590 TEE_Result res; 591 uint32_t key_size = 0; 592 TEE_ObjectInfo key_info1; 593 TEE_ObjectInfo key_info2; 594 595 if (operation == TEE_HANDLE_NULL) { 596 res = TEE_ERROR_BAD_PARAMETERS; 597 goto out; 598 } 599 600 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 601 res = TEE_ERROR_BAD_PARAMETERS; 602 goto out; 603 } 604 605 /* 606 * Key1/Key2 and/or are not initialized and 607 * Either both keys are NULL or both are not NULL 608 */ 609 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 610 /* Clear operation key1 (if needed) */ 611 if (key1 == TEE_HANDLE_NULL) 612 TEE_ResetTransientObject(operation->key1); 613 /* Clear operation key2 (if needed) */ 614 if (key2 == TEE_HANDLE_NULL) 615 TEE_ResetTransientObject(operation->key2); 616 res = TEE_ERROR_BAD_PARAMETERS; 617 goto out; 618 } 619 620 /* No key for digest operation */ 621 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 622 res = TEE_ERROR_BAD_PARAMETERS; 623 goto out; 624 } 625 626 /* Two keys flag expected (TEE_ALG_AES_XTS only) */ 627 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 628 0) { 629 res = TEE_ERROR_BAD_PARAMETERS; 630 goto out; 631 } 632 633 res = TEE_GetObjectInfo1(key1, &key_info1); 634 /* Key1 is not a valid handle */ 635 if (res != TEE_SUCCESS) 636 goto out; 637 638 /* Supplied key has to meet required usage */ 639 if ((key_info1.objectUsage & operation->info. 640 requiredKeyUsage) != operation->info.requiredKeyUsage) { 641 res = TEE_ERROR_BAD_PARAMETERS; 642 goto out; 643 } 644 645 res = TEE_GetObjectInfo1(key2, &key_info2); 646 /* Key2 is not a valid handle */ 647 if (res != TEE_SUCCESS) { 648 if (res == TEE_ERROR_CORRUPT_OBJECT) 649 res = TEE_ERROR_CORRUPT_OBJECT_2; 650 goto out; 651 } 652 653 /* Supplied key has to meet required usage */ 654 if ((key_info2.objectUsage & operation->info. 655 requiredKeyUsage) != operation->info.requiredKeyUsage) { 656 res = TEE_ERROR_BAD_PARAMETERS; 657 goto out; 658 } 659 660 /* 661 * AES-XTS (the only multi key algorithm supported, requires the 662 * keys to be of equal size. 663 */ 664 if (operation->info.algorithm == TEE_ALG_AES_XTS && 665 key_info1.keySize != key_info2.keySize) { 666 res = TEE_ERROR_BAD_PARAMETERS; 667 goto out; 668 669 } 670 671 if (operation->info.maxKeySize < key_info1.keySize) { 672 res = TEE_ERROR_BAD_PARAMETERS; 673 goto out; 674 } 675 676 /* 677 * Odd that only the size of one key should be reported while 678 * size of two key are used when allocating the operation. 679 */ 680 key_size = key_info1.keySize; 681 682 TEE_ResetTransientObject(operation->key1); 683 TEE_ResetTransientObject(operation->key2); 684 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 685 686 res = TEE_CopyObjectAttributes1(operation->key1, key1); 687 if (res != TEE_SUCCESS) 688 goto out; 689 690 res = TEE_CopyObjectAttributes1(operation->key2, key2); 691 if (res != TEE_SUCCESS) { 692 if (res == TEE_ERROR_CORRUPT_OBJECT) 693 res = TEE_ERROR_CORRUPT_OBJECT_2; 694 goto out; 695 } 696 697 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 698 699 operation->info.keySize = key_size; 700 701 out: 702 if (res != TEE_SUCCESS && 703 res != TEE_ERROR_CORRUPT_OBJECT && 704 res != TEE_ERROR_CORRUPT_OBJECT_2 && 705 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 706 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 707 TEE_Panic(res); 708 709 return res; 710 } 711 712 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 713 { 714 TEE_Result res; 715 716 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 717 TEE_Panic(0); 718 if (dst_op->info.algorithm != src_op->info.algorithm) 719 TEE_Panic(0); 720 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 721 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 722 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 723 724 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 725 key1 = src_op->key1; 726 key2 = src_op->key2; 727 } 728 729 if ((src_op->info.handleState & 730 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 731 TEE_SetOperationKey(dst_op, key1); 732 } else { 733 TEE_SetOperationKey2(dst_op, key1, key2); 734 } 735 } 736 dst_op->info.handleState = src_op->info.handleState; 737 dst_op->info.keySize = src_op->info.keySize; 738 dst_op->operationState = src_op->operationState; 739 740 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 741 dst_op->block_size != src_op->block_size) 742 TEE_Panic(0); 743 744 if (dst_op->buffer != NULL) { 745 if (src_op->buffer == NULL) 746 TEE_Panic(0); 747 748 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 749 dst_op->buffer_offs = src_op->buffer_offs; 750 } else if (src_op->buffer != NULL) { 751 TEE_Panic(0); 752 } 753 754 res = utee_cryp_state_copy(dst_op->state, src_op->state); 755 if (res != TEE_SUCCESS) 756 TEE_Panic(res); 757 } 758 759 /* Cryptographic Operations API - Message Digest Functions */ 760 761 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 762 uint32_t IVLen) 763 { 764 TEE_Result res; 765 766 /* 767 * Note : IV and IVLen are never used in current implementation 768 * This is why coherent values of IV and IVLen are not checked 769 */ 770 res = utee_hash_init(operation->state, IV, IVLen); 771 if (res != TEE_SUCCESS) 772 TEE_Panic(res); 773 operation->buffer_offs = 0; 774 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 775 } 776 777 void TEE_DigestUpdate(TEE_OperationHandle operation, 778 const void *chunk, uint32_t chunkSize) 779 { 780 TEE_Result res = TEE_ERROR_GENERIC; 781 782 if (operation == TEE_HANDLE_NULL || 783 operation->info.operationClass != TEE_OPERATION_DIGEST) 784 TEE_Panic(0); 785 786 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 787 788 res = utee_hash_update(operation->state, chunk, chunkSize); 789 if (res != TEE_SUCCESS) 790 TEE_Panic(res); 791 } 792 793 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 794 uint32_t chunkLen, void *hash, uint32_t *hashLen) 795 { 796 TEE_Result res; 797 uint64_t hl; 798 799 if ((operation == TEE_HANDLE_NULL) || 800 (!chunk && chunkLen) || 801 !hash || 802 !hashLen || 803 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 804 res = TEE_ERROR_BAD_PARAMETERS; 805 goto out; 806 } 807 808 hl = *hashLen; 809 res = utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 810 *hashLen = hl; 811 if (res != TEE_SUCCESS) 812 goto out; 813 814 /* Reset operation state */ 815 init_hash_operation(operation, NULL, 0); 816 817 operation->operationState = TEE_OPERATION_STATE_INITIAL; 818 819 out: 820 if (res != TEE_SUCCESS && 821 res != TEE_ERROR_SHORT_BUFFER) 822 TEE_Panic(res); 823 824 return res; 825 } 826 827 /* Cryptographic Operations API - Symmetric Cipher Functions */ 828 829 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 830 uint32_t IVLen) 831 { 832 TEE_Result res; 833 834 if (operation == TEE_HANDLE_NULL) 835 TEE_Panic(0); 836 837 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 838 TEE_Panic(0); 839 840 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 841 !(operation->key1)) 842 TEE_Panic(0); 843 844 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 845 TEE_ResetOperation(operation); 846 847 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 848 849 res = utee_cipher_init(operation->state, IV, IVLen); 850 if (res != TEE_SUCCESS) 851 TEE_Panic(res); 852 853 operation->buffer_offs = 0; 854 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 855 } 856 857 static TEE_Result tee_buffer_update( 858 TEE_OperationHandle op, 859 TEE_Result(*update_func)(unsigned long state, const void *src, 860 size_t slen, void *dst, uint64_t *dlen), 861 const void *src_data, size_t src_len, 862 void *dest_data, uint64_t *dest_len) 863 { 864 TEE_Result res; 865 const uint8_t *src = src_data; 866 size_t slen = src_len; 867 uint8_t *dst = dest_data; 868 size_t dlen = *dest_len; 869 size_t acc_dlen = 0; 870 uint64_t tmp_dlen; 871 size_t l; 872 size_t buffer_size; 873 size_t buffer_left; 874 875 if (!src) { 876 if (slen) 877 TEE_Panic(0); 878 goto out; 879 } 880 881 if (op->buffer_two_blocks) { 882 buffer_size = op->block_size * 2; 883 buffer_left = 1; 884 } else { 885 buffer_size = op->block_size; 886 buffer_left = 0; 887 } 888 889 if (op->buffer_offs > 0) { 890 /* Fill up complete block */ 891 if (op->buffer_offs < op->block_size) 892 l = MIN(slen, op->block_size - op->buffer_offs); 893 else 894 l = MIN(slen, buffer_size - op->buffer_offs); 895 memcpy(op->buffer + op->buffer_offs, src, l); 896 op->buffer_offs += l; 897 src += l; 898 slen -= l; 899 if ((op->buffer_offs % op->block_size) != 0) 900 goto out; /* Nothing left to do */ 901 } 902 903 /* If we can feed from buffer */ 904 if ((op->buffer_offs > 0) && 905 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 906 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 907 op->block_size); 908 l = MIN(op->buffer_offs, l); 909 tmp_dlen = dlen; 910 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 911 if (res != TEE_SUCCESS) 912 TEE_Panic(res); 913 dst += tmp_dlen; 914 dlen -= tmp_dlen; 915 acc_dlen += tmp_dlen; 916 op->buffer_offs -= l; 917 if (op->buffer_offs > 0) { 918 /* 919 * Slen is small enough to be contained in rest buffer. 920 */ 921 memcpy(op->buffer, op->buffer + l, buffer_size - l); 922 memcpy(op->buffer + op->buffer_offs, src, slen); 923 op->buffer_offs += slen; 924 goto out; /* Nothing left to do */ 925 } 926 } 927 928 if (slen >= (buffer_size + buffer_left)) { 929 /* Buffer is empty, feed as much as possible from src */ 930 if (op->info.algorithm == TEE_ALG_AES_CTS) 931 l = ROUNDUP(slen - buffer_size, op->block_size); 932 else 933 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 934 935 tmp_dlen = dlen; 936 res = update_func(op->state, src, l, dst, &tmp_dlen); 937 if (res != TEE_SUCCESS) 938 TEE_Panic(res); 939 src += l; 940 slen -= l; 941 dst += tmp_dlen; 942 dlen -= tmp_dlen; 943 acc_dlen += tmp_dlen; 944 } 945 946 /* Slen is small enough to be contained in buffer. */ 947 memcpy(op->buffer + op->buffer_offs, src, slen); 948 op->buffer_offs += slen; 949 950 out: 951 *dest_len = acc_dlen; 952 return TEE_SUCCESS; 953 } 954 955 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 956 uint32_t srcLen, void *destData, uint32_t *destLen) 957 { 958 TEE_Result res; 959 size_t req_dlen; 960 uint64_t dl; 961 962 if (operation == TEE_HANDLE_NULL || 963 (srcData == NULL && srcLen != 0) || 964 destLen == NULL || 965 (destData == NULL && *destLen != 0)) { 966 res = TEE_ERROR_BAD_PARAMETERS; 967 goto out; 968 } 969 970 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 971 res = TEE_ERROR_BAD_PARAMETERS; 972 goto out; 973 } 974 975 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 976 res = TEE_ERROR_BAD_PARAMETERS; 977 goto out; 978 } 979 980 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 981 res = TEE_ERROR_BAD_PARAMETERS; 982 goto out; 983 } 984 985 if (!srcData && !srcLen) { 986 *destLen = 0; 987 res = TEE_SUCCESS; 988 goto out; 989 } 990 991 /* Calculate required dlen */ 992 if (operation->block_size > 1) { 993 req_dlen = ((operation->buffer_offs + srcLen) / 994 operation->block_size) * operation->block_size; 995 } else { 996 req_dlen = srcLen; 997 } 998 if (operation->buffer_two_blocks) { 999 if (req_dlen > operation->block_size * 2) 1000 req_dlen -= operation->block_size * 2; 1001 else 1002 req_dlen = 0; 1003 } 1004 /* 1005 * Check that required destLen is big enough before starting to feed 1006 * data to the algorithm. Errors during feeding of data are fatal as we 1007 * can't restore sync with this API. 1008 */ 1009 if (*destLen < req_dlen) { 1010 *destLen = req_dlen; 1011 res = TEE_ERROR_SHORT_BUFFER; 1012 goto out; 1013 } 1014 1015 dl = *destLen; 1016 if (operation->block_size > 1) { 1017 res = tee_buffer_update(operation, utee_cipher_update, srcData, 1018 srcLen, destData, &dl); 1019 } else { 1020 if (srcLen > 0) { 1021 res = utee_cipher_update(operation->state, srcData, 1022 srcLen, destData, &dl); 1023 } else { 1024 res = TEE_SUCCESS; 1025 dl = 0; 1026 } 1027 } 1028 *destLen = dl; 1029 1030 out: 1031 if (res != TEE_SUCCESS && 1032 res != TEE_ERROR_SHORT_BUFFER) 1033 TEE_Panic(res); 1034 1035 return res; 1036 } 1037 1038 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1039 const void *srcData, uint32_t srcLen, 1040 void *destData, uint32_t *destLen) 1041 { 1042 TEE_Result res; 1043 uint8_t *dst = destData; 1044 size_t acc_dlen = 0; 1045 uint64_t tmp_dlen; 1046 size_t req_dlen; 1047 1048 if (operation == TEE_HANDLE_NULL || 1049 (srcData == NULL && srcLen != 0) || 1050 destLen == NULL || 1051 (destData == NULL && *destLen != 0)) { 1052 res = TEE_ERROR_BAD_PARAMETERS; 1053 goto out; 1054 } 1055 1056 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1057 res = TEE_ERROR_BAD_PARAMETERS; 1058 goto out; 1059 } 1060 1061 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1062 res = TEE_ERROR_BAD_PARAMETERS; 1063 goto out; 1064 } 1065 1066 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1067 res = TEE_ERROR_BAD_PARAMETERS; 1068 goto out; 1069 } 1070 1071 /* 1072 * Check that the final block doesn't require padding for those 1073 * algorithms that requires client to supply padding. 1074 */ 1075 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1076 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1077 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1078 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1079 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1080 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1081 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1082 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1083 if (((operation->buffer_offs + srcLen) % operation->block_size) 1084 != 0) { 1085 res = TEE_ERROR_BAD_PARAMETERS; 1086 goto out; 1087 } 1088 } 1089 1090 /* 1091 * Check that required destLen is big enough before starting to feed 1092 * data to the algorithm. Errors during feeding of data are fatal as we 1093 * can't restore sync with this API. 1094 */ 1095 if (operation->block_size > 1) { 1096 req_dlen = operation->buffer_offs + srcLen; 1097 } else { 1098 req_dlen = srcLen; 1099 } 1100 if (*destLen < req_dlen) { 1101 *destLen = req_dlen; 1102 res = TEE_ERROR_SHORT_BUFFER; 1103 goto out; 1104 } 1105 1106 tmp_dlen = *destLen - acc_dlen; 1107 if (operation->block_size > 1) { 1108 res = tee_buffer_update(operation, utee_cipher_update, 1109 srcData, srcLen, dst, &tmp_dlen); 1110 if (res != TEE_SUCCESS) 1111 goto out; 1112 1113 dst += tmp_dlen; 1114 acc_dlen += tmp_dlen; 1115 1116 tmp_dlen = *destLen - acc_dlen; 1117 res = utee_cipher_final(operation->state, operation->buffer, 1118 operation->buffer_offs, dst, &tmp_dlen); 1119 } else { 1120 res = utee_cipher_final(operation->state, srcData, 1121 srcLen, dst, &tmp_dlen); 1122 } 1123 if (res != TEE_SUCCESS) 1124 goto out; 1125 1126 acc_dlen += tmp_dlen; 1127 *destLen = acc_dlen; 1128 1129 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1130 1131 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1132 1133 out: 1134 if (res != TEE_SUCCESS && 1135 res != TEE_ERROR_SHORT_BUFFER) 1136 TEE_Panic(res); 1137 1138 return res; 1139 } 1140 1141 /* Cryptographic Operations API - MAC Functions */ 1142 1143 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1144 { 1145 if (operation == TEE_HANDLE_NULL) 1146 TEE_Panic(0); 1147 1148 if (operation->info.operationClass != TEE_OPERATION_MAC) 1149 TEE_Panic(0); 1150 1151 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1152 !(operation->key1)) 1153 TEE_Panic(0); 1154 1155 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1156 TEE_ResetOperation(operation); 1157 1158 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1159 1160 init_hash_operation(operation, IV, IVLen); 1161 } 1162 1163 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1164 uint32_t chunkSize) 1165 { 1166 TEE_Result res; 1167 1168 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1169 TEE_Panic(0); 1170 1171 if (operation->info.operationClass != TEE_OPERATION_MAC) 1172 TEE_Panic(0); 1173 1174 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1175 TEE_Panic(0); 1176 1177 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1178 TEE_Panic(0); 1179 1180 res = utee_hash_update(operation->state, chunk, chunkSize); 1181 if (res != TEE_SUCCESS) 1182 TEE_Panic(res); 1183 } 1184 1185 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1186 const void *message, uint32_t messageLen, 1187 void *mac, uint32_t *macLen) 1188 { 1189 TEE_Result res; 1190 uint64_t ml; 1191 1192 if (operation == TEE_HANDLE_NULL || 1193 (message == NULL && messageLen != 0) || 1194 mac == NULL || 1195 macLen == NULL) { 1196 res = TEE_ERROR_BAD_PARAMETERS; 1197 goto out; 1198 } 1199 1200 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1201 res = TEE_ERROR_BAD_PARAMETERS; 1202 goto out; 1203 } 1204 1205 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1206 res = TEE_ERROR_BAD_PARAMETERS; 1207 goto out; 1208 } 1209 1210 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1211 res = TEE_ERROR_BAD_PARAMETERS; 1212 goto out; 1213 } 1214 1215 ml = *macLen; 1216 res = utee_hash_final(operation->state, message, messageLen, mac, &ml); 1217 *macLen = ml; 1218 if (res != TEE_SUCCESS) 1219 goto out; 1220 1221 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1222 1223 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1224 1225 out: 1226 if (res != TEE_SUCCESS && 1227 res != TEE_ERROR_SHORT_BUFFER) 1228 TEE_Panic(res); 1229 1230 return res; 1231 } 1232 1233 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1234 const void *message, uint32_t messageLen, 1235 const void *mac, uint32_t macLen) 1236 { 1237 TEE_Result res; 1238 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1239 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1240 1241 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1242 res = TEE_ERROR_BAD_PARAMETERS; 1243 goto out; 1244 } 1245 1246 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1247 res = TEE_ERROR_BAD_PARAMETERS; 1248 goto out; 1249 } 1250 1251 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1252 res = TEE_ERROR_BAD_PARAMETERS; 1253 goto out; 1254 } 1255 1256 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1257 &computed_mac_size); 1258 if (res != TEE_SUCCESS) 1259 goto out; 1260 1261 if (computed_mac_size != macLen) { 1262 res = TEE_ERROR_MAC_INVALID; 1263 goto out; 1264 } 1265 1266 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1267 res = TEE_ERROR_MAC_INVALID; 1268 goto out; 1269 } 1270 1271 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1272 1273 out: 1274 if (res != TEE_SUCCESS && 1275 res != TEE_ERROR_MAC_INVALID) 1276 TEE_Panic(res); 1277 1278 return res; 1279 } 1280 1281 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1282 1283 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1284 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1285 uint32_t payloadLen) 1286 { 1287 TEE_Result res; 1288 1289 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1290 res = TEE_ERROR_BAD_PARAMETERS; 1291 goto out; 1292 } 1293 1294 if (operation->info.operationClass != TEE_OPERATION_AE) { 1295 res = TEE_ERROR_BAD_PARAMETERS; 1296 goto out; 1297 } 1298 1299 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1300 res = TEE_ERROR_BAD_PARAMETERS; 1301 goto out; 1302 } 1303 1304 /* 1305 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1306 * in the implementation. But AES-GCM spec doesn't specify the tag len 1307 * according to the same principle so we have to check here instead to 1308 * be GP compliant. 1309 */ 1310 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1311 /* 1312 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1313 */ 1314 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1315 res = TEE_ERROR_NOT_SUPPORTED; 1316 goto out; 1317 } 1318 } 1319 1320 res = utee_authenc_init(operation->state, nonce, nonceLen, 1321 tagLen / 8, AADLen, payloadLen); 1322 if (res != TEE_SUCCESS) 1323 goto out; 1324 1325 operation->ae_tag_len = tagLen / 8; 1326 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1327 1328 out: 1329 if (res != TEE_SUCCESS && 1330 res != TEE_ERROR_NOT_SUPPORTED) 1331 TEE_Panic(res); 1332 1333 return res; 1334 } 1335 1336 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1337 uint32_t AADdataLen) 1338 { 1339 TEE_Result res; 1340 1341 if (operation == TEE_HANDLE_NULL || 1342 (AADdata == NULL && AADdataLen != 0)) 1343 TEE_Panic(0); 1344 1345 if (operation->info.operationClass != TEE_OPERATION_AE) 1346 TEE_Panic(0); 1347 1348 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1349 TEE_Panic(0); 1350 1351 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1352 1353 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1354 1355 if (res != TEE_SUCCESS) 1356 TEE_Panic(res); 1357 } 1358 1359 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1360 uint32_t srcLen, void *destData, uint32_t *destLen) 1361 { 1362 TEE_Result res; 1363 size_t req_dlen; 1364 uint64_t dl; 1365 1366 if (operation == TEE_HANDLE_NULL || 1367 (srcData == NULL && srcLen != 0) || 1368 destLen == NULL || 1369 (destData == NULL && *destLen != 0)) { 1370 res = TEE_ERROR_BAD_PARAMETERS; 1371 goto out; 1372 } 1373 1374 if (operation->info.operationClass != TEE_OPERATION_AE) { 1375 res = TEE_ERROR_BAD_PARAMETERS; 1376 goto out; 1377 } 1378 1379 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1380 res = TEE_ERROR_BAD_PARAMETERS; 1381 goto out; 1382 } 1383 1384 if (!srcData && !srcLen) { 1385 *destLen = 0; 1386 res = TEE_SUCCESS; 1387 goto out; 1388 } 1389 1390 /* 1391 * Check that required destLen is big enough before starting to feed 1392 * data to the algorithm. Errors during feeding of data are fatal as we 1393 * can't restore sync with this API. 1394 */ 1395 if (operation->block_size > 1) { 1396 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1397 operation->block_size); 1398 } else { 1399 req_dlen = srcLen; 1400 } 1401 1402 if (*destLen < req_dlen) { 1403 *destLen = req_dlen; 1404 res = TEE_ERROR_SHORT_BUFFER; 1405 goto out; 1406 } 1407 1408 dl = *destLen; 1409 if (operation->block_size > 1) { 1410 res = tee_buffer_update(operation, utee_authenc_update_payload, 1411 srcData, srcLen, destData, &dl); 1412 } else { 1413 if (srcLen > 0) { 1414 res = utee_authenc_update_payload(operation->state, 1415 srcData, srcLen, 1416 destData, &dl); 1417 } else { 1418 dl = 0; 1419 res = TEE_SUCCESS; 1420 } 1421 } 1422 if (res != TEE_SUCCESS) 1423 goto out; 1424 1425 *destLen = dl; 1426 1427 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1428 1429 out: 1430 if (res != TEE_SUCCESS && 1431 res != TEE_ERROR_SHORT_BUFFER) 1432 TEE_Panic(res); 1433 1434 return res; 1435 } 1436 1437 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1438 const void *srcData, uint32_t srcLen, 1439 void *destData, uint32_t *destLen, void *tag, 1440 uint32_t *tagLen) 1441 { 1442 TEE_Result res; 1443 uint8_t *dst = destData; 1444 size_t acc_dlen = 0; 1445 uint64_t tmp_dlen; 1446 size_t req_dlen; 1447 uint64_t tl; 1448 1449 if (operation == TEE_HANDLE_NULL || 1450 (srcData == NULL && srcLen != 0) || 1451 destLen == NULL || 1452 (destData == NULL && *destLen != 0) || 1453 tag == NULL || tagLen == NULL) { 1454 res = TEE_ERROR_BAD_PARAMETERS; 1455 goto out; 1456 } 1457 1458 if (operation->info.operationClass != TEE_OPERATION_AE) { 1459 res = TEE_ERROR_BAD_PARAMETERS; 1460 goto out; 1461 } 1462 1463 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1464 res = TEE_ERROR_BAD_PARAMETERS; 1465 goto out; 1466 } 1467 1468 /* 1469 * Check that required destLen is big enough before starting to feed 1470 * data to the algorithm. Errors during feeding of data are fatal as we 1471 * can't restore sync with this API. 1472 * 1473 * Need to check this before update_payload since sync would be lost if 1474 * we return short buffer after that. 1475 */ 1476 res = TEE_ERROR_GENERIC; 1477 1478 req_dlen = operation->buffer_offs + srcLen; 1479 if (*destLen < req_dlen) { 1480 *destLen = req_dlen; 1481 res = TEE_ERROR_SHORT_BUFFER; 1482 } 1483 1484 if (*tagLen < operation->ae_tag_len) { 1485 *tagLen = operation->ae_tag_len; 1486 res = TEE_ERROR_SHORT_BUFFER; 1487 } 1488 1489 if (res == TEE_ERROR_SHORT_BUFFER) 1490 goto out; 1491 1492 tl = *tagLen; 1493 tmp_dlen = *destLen - acc_dlen; 1494 if (operation->block_size > 1) { 1495 res = tee_buffer_update(operation, utee_authenc_update_payload, 1496 srcData, srcLen, dst, &tmp_dlen); 1497 if (res != TEE_SUCCESS) 1498 goto out; 1499 1500 dst += tmp_dlen; 1501 acc_dlen += tmp_dlen; 1502 1503 tmp_dlen = *destLen - acc_dlen; 1504 res = utee_authenc_enc_final(operation->state, 1505 operation->buffer, 1506 operation->buffer_offs, dst, 1507 &tmp_dlen, tag, &tl); 1508 } else { 1509 res = utee_authenc_enc_final(operation->state, srcData, 1510 srcLen, dst, &tmp_dlen, 1511 tag, &tl); 1512 } 1513 *tagLen = tl; 1514 if (res != TEE_SUCCESS) 1515 goto out; 1516 1517 acc_dlen += tmp_dlen; 1518 *destLen = acc_dlen; 1519 1520 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1521 1522 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1523 1524 out: 1525 if (res != TEE_SUCCESS && 1526 res != TEE_ERROR_SHORT_BUFFER) 1527 TEE_Panic(res); 1528 1529 return res; 1530 } 1531 1532 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1533 const void *srcData, uint32_t srcLen, 1534 void *destData, uint32_t *destLen, void *tag, 1535 uint32_t tagLen) 1536 { 1537 TEE_Result res; 1538 uint8_t *dst = destData; 1539 size_t acc_dlen = 0; 1540 uint64_t tmp_dlen; 1541 size_t req_dlen; 1542 1543 if (operation == TEE_HANDLE_NULL || 1544 (srcData == NULL && srcLen != 0) || 1545 destLen == NULL || 1546 (destData == NULL && *destLen != 0) || 1547 (tag == NULL && tagLen != 0)) { 1548 res = TEE_ERROR_BAD_PARAMETERS; 1549 goto out; 1550 } 1551 1552 if (operation->info.operationClass != TEE_OPERATION_AE) { 1553 res = TEE_ERROR_BAD_PARAMETERS; 1554 goto out; 1555 } 1556 1557 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1558 res = TEE_ERROR_BAD_PARAMETERS; 1559 goto out; 1560 } 1561 1562 /* 1563 * Check that required destLen is big enough before starting to feed 1564 * data to the algorithm. Errors during feeding of data are fatal as we 1565 * can't restore sync with this API. 1566 */ 1567 req_dlen = operation->buffer_offs + srcLen; 1568 if (*destLen < req_dlen) { 1569 *destLen = req_dlen; 1570 res = TEE_ERROR_SHORT_BUFFER; 1571 goto out; 1572 } 1573 1574 tmp_dlen = *destLen - acc_dlen; 1575 if (operation->block_size > 1) { 1576 res = tee_buffer_update(operation, utee_authenc_update_payload, 1577 srcData, srcLen, dst, &tmp_dlen); 1578 if (res != TEE_SUCCESS) 1579 goto out; 1580 1581 dst += tmp_dlen; 1582 acc_dlen += tmp_dlen; 1583 1584 tmp_dlen = *destLen - acc_dlen; 1585 res = utee_authenc_dec_final(operation->state, 1586 operation->buffer, 1587 operation->buffer_offs, dst, 1588 &tmp_dlen, tag, tagLen); 1589 } else { 1590 res = utee_authenc_dec_final(operation->state, srcData, 1591 srcLen, dst, &tmp_dlen, 1592 tag, tagLen); 1593 } 1594 if (res != TEE_SUCCESS) 1595 goto out; 1596 1597 /* Supplied tagLen should match what we initiated with */ 1598 if (tagLen != operation->ae_tag_len) 1599 res = TEE_ERROR_MAC_INVALID; 1600 1601 acc_dlen += tmp_dlen; 1602 *destLen = acc_dlen; 1603 1604 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1605 1606 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1607 1608 out: 1609 if (res != TEE_SUCCESS && 1610 res != TEE_ERROR_SHORT_BUFFER && 1611 res != TEE_ERROR_MAC_INVALID) 1612 TEE_Panic(res); 1613 1614 return res; 1615 } 1616 1617 /* Cryptographic Operations API - Asymmetric Functions */ 1618 1619 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1620 const TEE_Attribute *params, 1621 uint32_t paramCount, const void *srcData, 1622 uint32_t srcLen, void *destData, 1623 uint32_t *destLen) 1624 { 1625 TEE_Result res; 1626 struct utee_attribute ua[paramCount]; 1627 uint64_t dl; 1628 1629 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1630 destLen == NULL || (destData == NULL && *destLen != 0)) 1631 TEE_Panic(0); 1632 if (params == NULL && paramCount != 0) 1633 TEE_Panic(0); 1634 if (!operation->key1) 1635 TEE_Panic(0); 1636 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1637 TEE_Panic(0); 1638 if (operation->info.mode != TEE_MODE_ENCRYPT) 1639 TEE_Panic(0); 1640 1641 __utee_from_attr(ua, params, paramCount); 1642 dl = *destLen; 1643 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1644 srcLen, destData, &dl); 1645 *destLen = dl; 1646 1647 if (res != TEE_SUCCESS && 1648 res != TEE_ERROR_SHORT_BUFFER && 1649 res != TEE_ERROR_BAD_PARAMETERS) 1650 TEE_Panic(res); 1651 1652 return res; 1653 } 1654 1655 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1656 const TEE_Attribute *params, 1657 uint32_t paramCount, const void *srcData, 1658 uint32_t srcLen, void *destData, 1659 uint32_t *destLen) 1660 { 1661 TEE_Result res; 1662 struct utee_attribute ua[paramCount]; 1663 uint64_t dl; 1664 1665 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1666 destLen == NULL || (destData == NULL && *destLen != 0)) 1667 TEE_Panic(0); 1668 if (params == NULL && paramCount != 0) 1669 TEE_Panic(0); 1670 if (!operation->key1) 1671 TEE_Panic(0); 1672 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1673 TEE_Panic(0); 1674 if (operation->info.mode != TEE_MODE_DECRYPT) 1675 TEE_Panic(0); 1676 1677 __utee_from_attr(ua, params, paramCount); 1678 dl = *destLen; 1679 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1680 srcLen, destData, &dl); 1681 *destLen = dl; 1682 1683 if (res != TEE_SUCCESS && 1684 res != TEE_ERROR_SHORT_BUFFER && 1685 res != TEE_ERROR_BAD_PARAMETERS) 1686 TEE_Panic(res); 1687 1688 return res; 1689 } 1690 1691 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1692 const TEE_Attribute *params, 1693 uint32_t paramCount, const void *digest, 1694 uint32_t digestLen, void *signature, 1695 uint32_t *signatureLen) 1696 { 1697 TEE_Result res; 1698 struct utee_attribute ua[paramCount]; 1699 uint64_t sl; 1700 1701 if (operation == TEE_HANDLE_NULL || 1702 (digest == NULL && digestLen != 0) || 1703 signature == NULL || signatureLen == NULL) 1704 TEE_Panic(0); 1705 if (params == NULL && paramCount != 0) 1706 TEE_Panic(0); 1707 if (!operation->key1) 1708 TEE_Panic(0); 1709 if (operation->info.operationClass != 1710 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1711 TEE_Panic(0); 1712 if (operation->info.mode != TEE_MODE_SIGN) 1713 TEE_Panic(0); 1714 1715 __utee_from_attr(ua, params, paramCount); 1716 sl = *signatureLen; 1717 res = utee_asymm_operate(operation->state, ua, paramCount, digest, 1718 digestLen, signature, &sl); 1719 *signatureLen = sl; 1720 1721 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1722 TEE_Panic(res); 1723 1724 return res; 1725 } 1726 1727 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1728 const TEE_Attribute *params, 1729 uint32_t paramCount, const void *digest, 1730 uint32_t digestLen, 1731 const void *signature, 1732 uint32_t signatureLen) 1733 { 1734 TEE_Result res; 1735 struct utee_attribute ua[paramCount]; 1736 1737 if (operation == TEE_HANDLE_NULL || 1738 (digest == NULL && digestLen != 0) || 1739 (signature == NULL && signatureLen != 0)) 1740 TEE_Panic(0); 1741 if (params == NULL && paramCount != 0) 1742 TEE_Panic(0); 1743 if (!operation->key1) 1744 TEE_Panic(0); 1745 if (operation->info.operationClass != 1746 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1747 TEE_Panic(0); 1748 if (operation->info.mode != TEE_MODE_VERIFY) 1749 TEE_Panic(0); 1750 1751 __utee_from_attr(ua, params, paramCount); 1752 res = utee_asymm_verify(operation->state, ua, paramCount, digest, 1753 digestLen, signature, signatureLen); 1754 1755 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1756 TEE_Panic(res); 1757 1758 return res; 1759 } 1760 1761 /* Cryptographic Operations API - Key Derivation Functions */ 1762 1763 void TEE_DeriveKey(TEE_OperationHandle operation, 1764 const TEE_Attribute *params, uint32_t paramCount, 1765 TEE_ObjectHandle derivedKey) 1766 { 1767 TEE_Result res; 1768 TEE_ObjectInfo key_info; 1769 struct utee_attribute ua[paramCount]; 1770 1771 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1772 TEE_Panic(0); 1773 if (params == NULL && paramCount != 0) 1774 TEE_Panic(0); 1775 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1776 TEE_OPERATION_KEY_DERIVATION) 1777 TEE_Panic(0); 1778 1779 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1780 TEE_Panic(0); 1781 if (!operation->key1) 1782 TEE_Panic(0); 1783 if (operation->info.mode != TEE_MODE_DERIVE) 1784 TEE_Panic(0); 1785 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1786 TEE_Panic(0); 1787 1788 res = utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1789 if (res != TEE_SUCCESS) 1790 TEE_Panic(res); 1791 1792 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1793 TEE_Panic(0); 1794 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1795 TEE_Panic(0); 1796 1797 __utee_from_attr(ua, params, paramCount); 1798 res = utee_cryp_derive_key(operation->state, ua, paramCount, 1799 (unsigned long)derivedKey); 1800 if (res != TEE_SUCCESS) 1801 TEE_Panic(res); 1802 } 1803 1804 /* Cryptographic Operations API - Random Number Generation Functions */ 1805 1806 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1807 { 1808 TEE_Result res; 1809 1810 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1811 if (res != TEE_SUCCESS) 1812 TEE_Panic(res); 1813 } 1814 1815 int rand(void) 1816 { 1817 int rc; 1818 1819 TEE_GenerateRandom(&rc, sizeof(rc)); 1820 1821 /* 1822 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1823 * highest bit set. 1824 */ 1825 return rc & RAND_MAX; 1826 } 1827