1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <stdlib.h> 6 #include <string.h> 7 #include <string_ext.h> 8 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 uint32_t ae_tag_len; /* 28 * tag_len in bytes for AE operation else unused 29 */ 30 }; 31 32 /* Cryptographic Operations API - Generic Operation Functions */ 33 34 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 35 uint32_t algorithm, uint32_t mode, 36 uint32_t maxKeySize) 37 { 38 TEE_Result res; 39 TEE_OperationHandle op = TEE_HANDLE_NULL; 40 uint32_t handle_state = 0; 41 size_t block_size = 1; 42 uint32_t req_key_usage; 43 bool with_private_key = false; 44 bool buffer_two_blocks = false; 45 46 if (!operation) 47 TEE_Panic(0); 48 49 if (algorithm == TEE_ALG_AES_XTS) 50 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 51 52 /* Check algorithm max key size */ 53 switch (algorithm) { 54 case TEE_ALG_DSA_SHA1: 55 if (maxKeySize < 512) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize > 1024) 58 return TEE_ERROR_NOT_SUPPORTED; 59 if (maxKeySize % 64 != 0) 60 return TEE_ERROR_NOT_SUPPORTED; 61 break; 62 63 case TEE_ALG_DSA_SHA224: 64 if (maxKeySize != 2048) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA256: 69 if (maxKeySize != 2048 && maxKeySize != 3072) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_ECDSA_P192: 74 case TEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_P224: 80 case TEE_ALG_ECDH_P224: 81 if (maxKeySize != 224) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_P256: 86 case TEE_ALG_ECDH_P256: 87 if (maxKeySize != 256) 88 return TEE_ERROR_NOT_SUPPORTED; 89 break; 90 91 case TEE_ALG_ECDSA_P384: 92 case TEE_ALG_ECDH_P384: 93 if (maxKeySize != 384) 94 return TEE_ERROR_NOT_SUPPORTED; 95 break; 96 97 case TEE_ALG_ECDSA_P521: 98 case TEE_ALG_ECDH_P521: 99 if (maxKeySize != 521) 100 return TEE_ERROR_NOT_SUPPORTED; 101 break; 102 103 default: 104 break; 105 } 106 107 /* Check algorithm mode */ 108 switch (algorithm) { 109 case TEE_ALG_AES_CTS: 110 case TEE_ALG_AES_XTS: 111 buffer_two_blocks = true; 112 /* FALLTHROUGH */ 113 case TEE_ALG_AES_ECB_NOPAD: 114 case TEE_ALG_AES_CBC_NOPAD: 115 case TEE_ALG_AES_CCM: 116 case TEE_ALG_DES_ECB_NOPAD: 117 case TEE_ALG_DES_CBC_NOPAD: 118 case TEE_ALG_DES3_ECB_NOPAD: 119 case TEE_ALG_DES3_CBC_NOPAD: 120 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 121 block_size = TEE_AES_BLOCK_SIZE; 122 else 123 block_size = TEE_DES_BLOCK_SIZE; 124 /* FALLTHROUGH */ 125 case TEE_ALG_AES_CTR: 126 case TEE_ALG_AES_GCM: 127 if (mode == TEE_MODE_ENCRYPT) 128 req_key_usage = TEE_USAGE_ENCRYPT; 129 else if (mode == TEE_MODE_DECRYPT) 130 req_key_usage = TEE_USAGE_DECRYPT; 131 else 132 return TEE_ERROR_NOT_SUPPORTED; 133 break; 134 135 #if defined(CFG_CRYPTO_RSASSA_NA1) 136 case TEE_ALG_RSASSA_PKCS1_V1_5: 137 #endif 138 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 139 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 140 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 141 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 142 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 143 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 144 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 145 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 146 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 147 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 148 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 149 case TEE_ALG_DSA_SHA1: 150 case TEE_ALG_DSA_SHA224: 151 case TEE_ALG_DSA_SHA256: 152 case TEE_ALG_ECDSA_P192: 153 case TEE_ALG_ECDSA_P224: 154 case TEE_ALG_ECDSA_P256: 155 case TEE_ALG_ECDSA_P384: 156 case TEE_ALG_ECDSA_P521: 157 if (mode == TEE_MODE_SIGN) { 158 with_private_key = true; 159 req_key_usage = TEE_USAGE_SIGN; 160 } else if (mode == TEE_MODE_VERIFY) { 161 req_key_usage = TEE_USAGE_VERIFY; 162 } else { 163 return TEE_ERROR_NOT_SUPPORTED; 164 } 165 break; 166 167 case TEE_ALG_RSAES_PKCS1_V1_5: 168 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 169 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 170 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 171 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 172 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 173 if (mode == TEE_MODE_ENCRYPT) { 174 req_key_usage = TEE_USAGE_ENCRYPT; 175 } else if (mode == TEE_MODE_DECRYPT) { 176 with_private_key = true; 177 req_key_usage = TEE_USAGE_DECRYPT; 178 } else { 179 return TEE_ERROR_NOT_SUPPORTED; 180 } 181 break; 182 183 case TEE_ALG_RSA_NOPAD: 184 if (mode == TEE_MODE_ENCRYPT) { 185 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 186 } else if (mode == TEE_MODE_DECRYPT) { 187 with_private_key = true; 188 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 189 } else { 190 return TEE_ERROR_NOT_SUPPORTED; 191 } 192 break; 193 194 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 195 case TEE_ALG_ECDH_P192: 196 case TEE_ALG_ECDH_P224: 197 case TEE_ALG_ECDH_P256: 198 case TEE_ALG_ECDH_P384: 199 case TEE_ALG_ECDH_P521: 200 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 201 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 202 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 203 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 204 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 205 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 206 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 207 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 208 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 209 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 210 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 211 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 212 if (mode != TEE_MODE_DERIVE) 213 return TEE_ERROR_NOT_SUPPORTED; 214 with_private_key = true; 215 req_key_usage = TEE_USAGE_DERIVE; 216 break; 217 218 case TEE_ALG_MD5: 219 case TEE_ALG_SHA1: 220 case TEE_ALG_SHA224: 221 case TEE_ALG_SHA256: 222 case TEE_ALG_SHA384: 223 case TEE_ALG_SHA512: 224 if (mode != TEE_MODE_DIGEST) 225 return TEE_ERROR_NOT_SUPPORTED; 226 /* v1.1: flags always set for digest operations */ 227 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 228 req_key_usage = 0; 229 break; 230 231 case TEE_ALG_DES_CBC_MAC_NOPAD: 232 case TEE_ALG_AES_CBC_MAC_NOPAD: 233 case TEE_ALG_AES_CBC_MAC_PKCS5: 234 case TEE_ALG_AES_CMAC: 235 case TEE_ALG_DES_CBC_MAC_PKCS5: 236 case TEE_ALG_DES3_CBC_MAC_NOPAD: 237 case TEE_ALG_DES3_CBC_MAC_PKCS5: 238 case TEE_ALG_HMAC_MD5: 239 case TEE_ALG_HMAC_SHA1: 240 case TEE_ALG_HMAC_SHA224: 241 case TEE_ALG_HMAC_SHA256: 242 case TEE_ALG_HMAC_SHA384: 243 case TEE_ALG_HMAC_SHA512: 244 if (mode != TEE_MODE_MAC) 245 return TEE_ERROR_NOT_SUPPORTED; 246 req_key_usage = TEE_USAGE_MAC; 247 break; 248 249 default: 250 return TEE_ERROR_NOT_SUPPORTED; 251 } 252 253 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 254 if (!op) 255 return TEE_ERROR_OUT_OF_MEMORY; 256 257 op->info.algorithm = algorithm; 258 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 259 #ifdef CFG_CRYPTO_RSASSA_NA1 260 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 261 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 262 #endif 263 op->info.mode = mode; 264 op->info.maxKeySize = maxKeySize; 265 op->info.requiredKeyUsage = req_key_usage; 266 op->info.handleState = handle_state; 267 268 if (block_size > 1) { 269 size_t buffer_size = block_size; 270 271 if (buffer_two_blocks) 272 buffer_size *= 2; 273 274 op->buffer = TEE_Malloc(buffer_size, 275 TEE_USER_MEM_HINT_NO_FILL_ZERO); 276 if (op->buffer == NULL) { 277 res = TEE_ERROR_OUT_OF_MEMORY; 278 goto out; 279 } 280 } 281 op->block_size = block_size; 282 op->buffer_two_blocks = buffer_two_blocks; 283 284 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 285 uint32_t mks = maxKeySize; 286 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 287 with_private_key); 288 289 /* 290 * If two keys are expected the max key size is the sum of 291 * the size of both keys. 292 */ 293 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 294 mks /= 2; 295 296 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 297 if (res != TEE_SUCCESS) 298 goto out; 299 300 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 301 res = TEE_AllocateTransientObject(key_type, mks, 302 &op->key2); 303 if (res != TEE_SUCCESS) 304 goto out; 305 } 306 } 307 308 res = utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 309 (unsigned long)op->key2, &op->state); 310 if (res != TEE_SUCCESS) 311 goto out; 312 313 /* 314 * Initialize digest operations 315 * Other multi-stage operations initialized w/ TEE_xxxInit functions 316 * Non-applicable on asymmetric operations 317 */ 318 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 319 res = utee_hash_init(op->state, NULL, 0); 320 if (res != TEE_SUCCESS) 321 goto out; 322 /* v1.1: flags always set for digest operations */ 323 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 324 } 325 326 op->operationState = TEE_OPERATION_STATE_INITIAL; 327 328 *operation = op; 329 330 out: 331 if (res != TEE_SUCCESS) { 332 if (res != TEE_ERROR_OUT_OF_MEMORY && 333 res != TEE_ERROR_NOT_SUPPORTED) 334 TEE_Panic(res); 335 if (op) { 336 if (op->state) { 337 TEE_FreeOperation(op); 338 } else { 339 TEE_Free(op->buffer); 340 TEE_FreeTransientObject(op->key1); 341 TEE_FreeTransientObject(op->key2); 342 TEE_Free(op); 343 } 344 } 345 } 346 347 return res; 348 } 349 350 void TEE_FreeOperation(TEE_OperationHandle operation) 351 { 352 TEE_Result res; 353 354 if (operation == TEE_HANDLE_NULL) 355 TEE_Panic(0); 356 357 /* 358 * Note that keys should not be freed here, since they are 359 * claimed by the operation they will be freed by 360 * utee_cryp_state_free(). 361 */ 362 res = utee_cryp_state_free(operation->state); 363 if (res != TEE_SUCCESS) 364 TEE_Panic(res); 365 366 TEE_Free(operation->buffer); 367 TEE_Free(operation); 368 } 369 370 void TEE_GetOperationInfo(TEE_OperationHandle operation, 371 TEE_OperationInfo *operationInfo) 372 { 373 if (operation == TEE_HANDLE_NULL) 374 TEE_Panic(0); 375 376 if (!operationInfo) 377 TEE_Panic(0); 378 379 *operationInfo = operation->info; 380 } 381 382 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 383 TEE_OperationInfoMultiple *operationInfoMultiple, 384 uint32_t *operationSize) 385 { 386 TEE_Result res = TEE_SUCCESS; 387 TEE_ObjectInfo key_info1; 388 TEE_ObjectInfo key_info2; 389 uint32_t num_of_keys; 390 size_t n; 391 392 if (operation == TEE_HANDLE_NULL) { 393 res = TEE_ERROR_BAD_PARAMETERS; 394 goto out; 395 } 396 397 if (!operationInfoMultiple) { 398 res = TEE_ERROR_BAD_PARAMETERS; 399 goto out; 400 } 401 402 if (!operationSize) { 403 res = TEE_ERROR_BAD_PARAMETERS; 404 goto out; 405 } 406 407 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 408 sizeof(TEE_OperationInfoKey); 409 410 if (num_of_keys > 2) { 411 res = TEE_ERROR_BAD_PARAMETERS; 412 goto out; 413 } 414 415 /* Two keys flag (TEE_ALG_AES_XTS only) */ 416 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 417 0 && 418 (num_of_keys != 2)) { 419 res = TEE_ERROR_SHORT_BUFFER; 420 goto out; 421 } 422 423 /* Clear */ 424 for (n = 0; n < num_of_keys; n++) { 425 operationInfoMultiple->keyInformation[n].keySize = 0; 426 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 427 } 428 429 if (num_of_keys == 2) { 430 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 431 /* Key2 is not a valid handle */ 432 if (res != TEE_SUCCESS) 433 goto out; 434 435 operationInfoMultiple->keyInformation[1].keySize = 436 key_info2.keySize; 437 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 438 operation->info.requiredKeyUsage; 439 } 440 441 if (num_of_keys >= 1) { 442 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 443 /* Key1 is not a valid handle */ 444 if (res != TEE_SUCCESS) { 445 if (num_of_keys == 2) { 446 operationInfoMultiple->keyInformation[1]. 447 keySize = 0; 448 operationInfoMultiple->keyInformation[1]. 449 requiredKeyUsage = 0; 450 } 451 goto out; 452 } 453 454 operationInfoMultiple->keyInformation[0].keySize = 455 key_info1.keySize; 456 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 457 operation->info.requiredKeyUsage; 458 } 459 460 /* No key */ 461 operationInfoMultiple->algorithm = operation->info.algorithm; 462 operationInfoMultiple->operationClass = operation->info.operationClass; 463 operationInfoMultiple->mode = operation->info.mode; 464 operationInfoMultiple->digestLength = operation->info.digestLength; 465 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 466 operationInfoMultiple->handleState = operation->info.handleState; 467 operationInfoMultiple->operationState = operation->operationState; 468 operationInfoMultiple->numberOfKeys = num_of_keys; 469 470 out: 471 if (res != TEE_SUCCESS && 472 res != TEE_ERROR_SHORT_BUFFER) 473 TEE_Panic(res); 474 475 return res; 476 } 477 478 void TEE_ResetOperation(TEE_OperationHandle operation) 479 { 480 TEE_Result res; 481 482 if (operation == TEE_HANDLE_NULL) 483 TEE_Panic(0); 484 485 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 486 TEE_Panic(0); 487 488 operation->operationState = TEE_OPERATION_STATE_INITIAL; 489 490 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 491 res = utee_hash_init(operation->state, NULL, 0); 492 if (res != TEE_SUCCESS) 493 TEE_Panic(res); 494 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 495 } else { 496 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 497 } 498 } 499 500 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 501 TEE_ObjectHandle key) 502 { 503 TEE_Result res; 504 uint32_t key_size = 0; 505 TEE_ObjectInfo key_info; 506 507 if (operation == TEE_HANDLE_NULL) { 508 res = TEE_ERROR_BAD_PARAMETERS; 509 goto out; 510 } 511 512 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 513 res = TEE_ERROR_BAD_PARAMETERS; 514 goto out; 515 } 516 517 if (key == TEE_HANDLE_NULL) { 518 /* Operation key cleared */ 519 TEE_ResetTransientObject(operation->key1); 520 res = TEE_ERROR_BAD_PARAMETERS; 521 goto out; 522 } 523 524 /* No key for digest operation */ 525 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 526 res = TEE_ERROR_BAD_PARAMETERS; 527 goto out; 528 } 529 530 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 531 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 532 0) { 533 res = TEE_ERROR_BAD_PARAMETERS; 534 goto out; 535 } 536 537 res = TEE_GetObjectInfo1(key, &key_info); 538 /* Key is not a valid handle */ 539 if (res != TEE_SUCCESS) 540 goto out; 541 542 /* Supplied key has to meet required usage */ 543 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 544 operation->info.requiredKeyUsage) { 545 res = TEE_ERROR_BAD_PARAMETERS; 546 goto out; 547 } 548 549 if (operation->info.maxKeySize < key_info.keySize) { 550 res = TEE_ERROR_BAD_PARAMETERS; 551 goto out; 552 } 553 554 key_size = key_info.keySize; 555 556 TEE_ResetTransientObject(operation->key1); 557 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 558 559 res = TEE_CopyObjectAttributes1(operation->key1, key); 560 if (res != TEE_SUCCESS) 561 goto out; 562 563 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 564 565 operation->info.keySize = key_size; 566 567 out: 568 if (res != TEE_SUCCESS && 569 res != TEE_ERROR_CORRUPT_OBJECT && 570 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 571 TEE_Panic(res); 572 573 return res; 574 } 575 576 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 577 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 578 { 579 TEE_Result res; 580 uint32_t key_size = 0; 581 TEE_ObjectInfo key_info1; 582 TEE_ObjectInfo key_info2; 583 584 if (operation == TEE_HANDLE_NULL) { 585 res = TEE_ERROR_BAD_PARAMETERS; 586 goto out; 587 } 588 589 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 590 res = TEE_ERROR_BAD_PARAMETERS; 591 goto out; 592 } 593 594 /* 595 * Key1/Key2 and/or are not initialized and 596 * Either both keys are NULL or both are not NULL 597 */ 598 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 599 /* Clear operation key1 (if needed) */ 600 if (key1 == TEE_HANDLE_NULL) 601 TEE_ResetTransientObject(operation->key1); 602 /* Clear operation key2 (if needed) */ 603 if (key2 == TEE_HANDLE_NULL) 604 TEE_ResetTransientObject(operation->key2); 605 res = TEE_ERROR_BAD_PARAMETERS; 606 goto out; 607 } 608 609 /* No key for digest operation */ 610 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 611 res = TEE_ERROR_BAD_PARAMETERS; 612 goto out; 613 } 614 615 /* Two keys flag expected (TEE_ALG_AES_XTS only) */ 616 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 617 0) { 618 res = TEE_ERROR_BAD_PARAMETERS; 619 goto out; 620 } 621 622 res = TEE_GetObjectInfo1(key1, &key_info1); 623 /* Key1 is not a valid handle */ 624 if (res != TEE_SUCCESS) 625 goto out; 626 627 /* Supplied key has to meet required usage */ 628 if ((key_info1.objectUsage & operation->info. 629 requiredKeyUsage) != operation->info.requiredKeyUsage) { 630 res = TEE_ERROR_BAD_PARAMETERS; 631 goto out; 632 } 633 634 res = TEE_GetObjectInfo1(key2, &key_info2); 635 /* Key2 is not a valid handle */ 636 if (res != TEE_SUCCESS) { 637 if (res == TEE_ERROR_CORRUPT_OBJECT) 638 res = TEE_ERROR_CORRUPT_OBJECT_2; 639 goto out; 640 } 641 642 /* Supplied key has to meet required usage */ 643 if ((key_info2.objectUsage & operation->info. 644 requiredKeyUsage) != operation->info.requiredKeyUsage) { 645 res = TEE_ERROR_BAD_PARAMETERS; 646 goto out; 647 } 648 649 /* 650 * AES-XTS (the only multi key algorithm supported, requires the 651 * keys to be of equal size. 652 */ 653 if (operation->info.algorithm == TEE_ALG_AES_XTS && 654 key_info1.keySize != key_info2.keySize) { 655 res = TEE_ERROR_BAD_PARAMETERS; 656 goto out; 657 658 } 659 660 if (operation->info.maxKeySize < key_info1.keySize) { 661 res = TEE_ERROR_BAD_PARAMETERS; 662 goto out; 663 } 664 665 /* 666 * Odd that only the size of one key should be reported while 667 * size of two key are used when allocating the operation. 668 */ 669 key_size = key_info1.keySize; 670 671 TEE_ResetTransientObject(operation->key1); 672 TEE_ResetTransientObject(operation->key2); 673 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 674 675 res = TEE_CopyObjectAttributes1(operation->key1, key1); 676 if (res != TEE_SUCCESS) 677 goto out; 678 679 res = TEE_CopyObjectAttributes1(operation->key2, key2); 680 if (res != TEE_SUCCESS) { 681 if (res == TEE_ERROR_CORRUPT_OBJECT) 682 res = TEE_ERROR_CORRUPT_OBJECT_2; 683 goto out; 684 } 685 686 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 687 688 operation->info.keySize = key_size; 689 690 out: 691 if (res != TEE_SUCCESS && 692 res != TEE_ERROR_CORRUPT_OBJECT && 693 res != TEE_ERROR_CORRUPT_OBJECT_2 && 694 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 695 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 696 TEE_Panic(res); 697 698 return res; 699 } 700 701 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 702 { 703 TEE_Result res; 704 705 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 706 TEE_Panic(0); 707 if (dst_op->info.algorithm != src_op->info.algorithm) 708 TEE_Panic(0); 709 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 710 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 711 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 712 713 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 714 key1 = src_op->key1; 715 key2 = src_op->key2; 716 } 717 718 if ((src_op->info.handleState & 719 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 720 TEE_SetOperationKey(dst_op, key1); 721 } else { 722 TEE_SetOperationKey2(dst_op, key1, key2); 723 } 724 } 725 dst_op->info.handleState = src_op->info.handleState; 726 dst_op->info.keySize = src_op->info.keySize; 727 dst_op->operationState = src_op->operationState; 728 729 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 730 dst_op->block_size != src_op->block_size) 731 TEE_Panic(0); 732 733 if (dst_op->buffer != NULL) { 734 if (src_op->buffer == NULL) 735 TEE_Panic(0); 736 737 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 738 dst_op->buffer_offs = src_op->buffer_offs; 739 } else if (src_op->buffer != NULL) { 740 TEE_Panic(0); 741 } 742 743 res = utee_cryp_state_copy(dst_op->state, src_op->state); 744 if (res != TEE_SUCCESS) 745 TEE_Panic(res); 746 } 747 748 /* Cryptographic Operations API - Message Digest Functions */ 749 750 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 751 uint32_t IVLen) 752 { 753 TEE_Result res; 754 755 /* 756 * Note : IV and IVLen are never used in current implementation 757 * This is why coherent values of IV and IVLen are not checked 758 */ 759 res = utee_hash_init(operation->state, IV, IVLen); 760 if (res != TEE_SUCCESS) 761 TEE_Panic(res); 762 operation->buffer_offs = 0; 763 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 764 } 765 766 void TEE_DigestUpdate(TEE_OperationHandle operation, 767 const void *chunk, uint32_t chunkSize) 768 { 769 TEE_Result res = TEE_ERROR_GENERIC; 770 771 if (operation == TEE_HANDLE_NULL || 772 operation->info.operationClass != TEE_OPERATION_DIGEST) 773 TEE_Panic(0); 774 775 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 776 777 res = utee_hash_update(operation->state, chunk, chunkSize); 778 if (res != TEE_SUCCESS) 779 TEE_Panic(res); 780 } 781 782 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 783 uint32_t chunkLen, void *hash, uint32_t *hashLen) 784 { 785 TEE_Result res; 786 uint64_t hl; 787 788 if ((operation == TEE_HANDLE_NULL) || 789 (!chunk && chunkLen) || 790 !hash || 791 !hashLen || 792 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 793 res = TEE_ERROR_BAD_PARAMETERS; 794 goto out; 795 } 796 797 hl = *hashLen; 798 res = utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 799 *hashLen = hl; 800 if (res != TEE_SUCCESS) 801 goto out; 802 803 /* Reset operation state */ 804 init_hash_operation(operation, NULL, 0); 805 806 operation->operationState = TEE_OPERATION_STATE_INITIAL; 807 808 out: 809 if (res != TEE_SUCCESS && 810 res != TEE_ERROR_SHORT_BUFFER) 811 TEE_Panic(res); 812 813 return res; 814 } 815 816 /* Cryptographic Operations API - Symmetric Cipher Functions */ 817 818 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 819 uint32_t IVLen) 820 { 821 TEE_Result res; 822 823 if (operation == TEE_HANDLE_NULL) 824 TEE_Panic(0); 825 826 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 827 TEE_Panic(0); 828 829 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 830 !(operation->key1)) 831 TEE_Panic(0); 832 833 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 834 TEE_ResetOperation(operation); 835 836 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 837 838 res = utee_cipher_init(operation->state, IV, IVLen); 839 if (res != TEE_SUCCESS) 840 TEE_Panic(res); 841 842 operation->buffer_offs = 0; 843 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 844 } 845 846 static TEE_Result tee_buffer_update( 847 TEE_OperationHandle op, 848 TEE_Result(*update_func)(unsigned long state, const void *src, 849 size_t slen, void *dst, uint64_t *dlen), 850 const void *src_data, size_t src_len, 851 void *dest_data, uint64_t *dest_len) 852 { 853 TEE_Result res; 854 const uint8_t *src = src_data; 855 size_t slen = src_len; 856 uint8_t *dst = dest_data; 857 size_t dlen = *dest_len; 858 size_t acc_dlen = 0; 859 uint64_t tmp_dlen; 860 size_t l; 861 size_t buffer_size; 862 size_t buffer_left; 863 864 if (!src) { 865 if (slen) 866 TEE_Panic(0); 867 goto out; 868 } 869 870 if (op->buffer_two_blocks) { 871 buffer_size = op->block_size * 2; 872 buffer_left = 1; 873 } else { 874 buffer_size = op->block_size; 875 buffer_left = 0; 876 } 877 878 if (op->buffer_offs > 0) { 879 /* Fill up complete block */ 880 if (op->buffer_offs < op->block_size) 881 l = MIN(slen, op->block_size - op->buffer_offs); 882 else 883 l = MIN(slen, buffer_size - op->buffer_offs); 884 memcpy(op->buffer + op->buffer_offs, src, l); 885 op->buffer_offs += l; 886 src += l; 887 slen -= l; 888 if ((op->buffer_offs % op->block_size) != 0) 889 goto out; /* Nothing left to do */ 890 } 891 892 /* If we can feed from buffer */ 893 if ((op->buffer_offs > 0) && 894 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 895 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 896 op->block_size); 897 l = MIN(op->buffer_offs, l); 898 tmp_dlen = dlen; 899 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 900 if (res != TEE_SUCCESS) 901 TEE_Panic(res); 902 dst += tmp_dlen; 903 dlen -= tmp_dlen; 904 acc_dlen += tmp_dlen; 905 op->buffer_offs -= l; 906 if (op->buffer_offs > 0) { 907 /* 908 * Slen is small enough to be contained in rest buffer. 909 */ 910 memcpy(op->buffer, op->buffer + l, buffer_size - l); 911 memcpy(op->buffer + op->buffer_offs, src, slen); 912 op->buffer_offs += slen; 913 goto out; /* Nothing left to do */ 914 } 915 } 916 917 if (slen >= (buffer_size + buffer_left)) { 918 /* Buffer is empty, feed as much as possible from src */ 919 if (op->info.algorithm == TEE_ALG_AES_CTS) 920 l = ROUNDUP(slen - buffer_size, op->block_size); 921 else 922 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 923 924 tmp_dlen = dlen; 925 res = update_func(op->state, src, l, dst, &tmp_dlen); 926 if (res != TEE_SUCCESS) 927 TEE_Panic(res); 928 src += l; 929 slen -= l; 930 dst += tmp_dlen; 931 dlen -= tmp_dlen; 932 acc_dlen += tmp_dlen; 933 } 934 935 /* Slen is small enough to be contained in buffer. */ 936 memcpy(op->buffer + op->buffer_offs, src, slen); 937 op->buffer_offs += slen; 938 939 out: 940 *dest_len = acc_dlen; 941 return TEE_SUCCESS; 942 } 943 944 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 945 uint32_t srcLen, void *destData, uint32_t *destLen) 946 { 947 TEE_Result res; 948 size_t req_dlen; 949 uint64_t dl; 950 951 if (operation == TEE_HANDLE_NULL || 952 (srcData == NULL && srcLen != 0) || 953 destLen == NULL || 954 (destData == NULL && *destLen != 0)) { 955 res = TEE_ERROR_BAD_PARAMETERS; 956 goto out; 957 } 958 959 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 960 res = TEE_ERROR_BAD_PARAMETERS; 961 goto out; 962 } 963 964 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 965 res = TEE_ERROR_BAD_PARAMETERS; 966 goto out; 967 } 968 969 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 970 res = TEE_ERROR_BAD_PARAMETERS; 971 goto out; 972 } 973 974 if (!srcData && !srcLen) { 975 *destLen = 0; 976 res = TEE_SUCCESS; 977 goto out; 978 } 979 980 /* Calculate required dlen */ 981 if (operation->block_size > 1) { 982 req_dlen = ((operation->buffer_offs + srcLen) / 983 operation->block_size) * operation->block_size; 984 } else { 985 req_dlen = srcLen; 986 } 987 if (operation->buffer_two_blocks) { 988 if (req_dlen > operation->block_size * 2) 989 req_dlen -= operation->block_size * 2; 990 else 991 req_dlen = 0; 992 } 993 /* 994 * Check that required destLen is big enough before starting to feed 995 * data to the algorithm. Errors during feeding of data are fatal as we 996 * can't restore sync with this API. 997 */ 998 if (*destLen < req_dlen) { 999 *destLen = req_dlen; 1000 res = TEE_ERROR_SHORT_BUFFER; 1001 goto out; 1002 } 1003 1004 dl = *destLen; 1005 if (operation->block_size > 1) { 1006 res = tee_buffer_update(operation, utee_cipher_update, srcData, 1007 srcLen, destData, &dl); 1008 } else { 1009 if (srcLen > 0) { 1010 res = utee_cipher_update(operation->state, srcData, 1011 srcLen, destData, &dl); 1012 } else { 1013 res = TEE_SUCCESS; 1014 dl = 0; 1015 } 1016 } 1017 *destLen = dl; 1018 1019 out: 1020 if (res != TEE_SUCCESS && 1021 res != TEE_ERROR_SHORT_BUFFER) 1022 TEE_Panic(res); 1023 1024 return res; 1025 } 1026 1027 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1028 const void *srcData, uint32_t srcLen, 1029 void *destData, uint32_t *destLen) 1030 { 1031 TEE_Result res; 1032 uint8_t *dst = destData; 1033 size_t acc_dlen = 0; 1034 uint64_t tmp_dlen; 1035 size_t req_dlen; 1036 1037 if (operation == TEE_HANDLE_NULL || 1038 (srcData == NULL && srcLen != 0) || 1039 destLen == NULL || 1040 (destData == NULL && *destLen != 0)) { 1041 res = TEE_ERROR_BAD_PARAMETERS; 1042 goto out; 1043 } 1044 1045 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1046 res = TEE_ERROR_BAD_PARAMETERS; 1047 goto out; 1048 } 1049 1050 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1051 res = TEE_ERROR_BAD_PARAMETERS; 1052 goto out; 1053 } 1054 1055 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1056 res = TEE_ERROR_BAD_PARAMETERS; 1057 goto out; 1058 } 1059 1060 /* 1061 * Check that the final block doesn't require padding for those 1062 * algorithms that requires client to supply padding. 1063 */ 1064 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1065 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1066 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1067 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1068 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1069 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 1070 if (((operation->buffer_offs + srcLen) % operation->block_size) 1071 != 0) { 1072 res = TEE_ERROR_BAD_PARAMETERS; 1073 goto out; 1074 } 1075 } 1076 1077 /* 1078 * Check that required destLen is big enough before starting to feed 1079 * data to the algorithm. Errors during feeding of data are fatal as we 1080 * can't restore sync with this API. 1081 */ 1082 if (operation->block_size > 1) { 1083 req_dlen = operation->buffer_offs + srcLen; 1084 } else { 1085 req_dlen = srcLen; 1086 } 1087 if (*destLen < req_dlen) { 1088 *destLen = req_dlen; 1089 res = TEE_ERROR_SHORT_BUFFER; 1090 goto out; 1091 } 1092 1093 tmp_dlen = *destLen - acc_dlen; 1094 if (operation->block_size > 1) { 1095 res = tee_buffer_update(operation, utee_cipher_update, 1096 srcData, srcLen, dst, &tmp_dlen); 1097 if (res != TEE_SUCCESS) 1098 goto out; 1099 1100 dst += tmp_dlen; 1101 acc_dlen += tmp_dlen; 1102 1103 tmp_dlen = *destLen - acc_dlen; 1104 res = utee_cipher_final(operation->state, operation->buffer, 1105 operation->buffer_offs, dst, &tmp_dlen); 1106 } else { 1107 res = utee_cipher_final(operation->state, srcData, 1108 srcLen, dst, &tmp_dlen); 1109 } 1110 if (res != TEE_SUCCESS) 1111 goto out; 1112 1113 acc_dlen += tmp_dlen; 1114 *destLen = acc_dlen; 1115 1116 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1117 1118 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1119 1120 out: 1121 if (res != TEE_SUCCESS && 1122 res != TEE_ERROR_SHORT_BUFFER) 1123 TEE_Panic(res); 1124 1125 return res; 1126 } 1127 1128 /* Cryptographic Operations API - MAC Functions */ 1129 1130 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1131 { 1132 if (operation == TEE_HANDLE_NULL) 1133 TEE_Panic(0); 1134 1135 if (operation->info.operationClass != TEE_OPERATION_MAC) 1136 TEE_Panic(0); 1137 1138 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1139 !(operation->key1)) 1140 TEE_Panic(0); 1141 1142 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1143 TEE_ResetOperation(operation); 1144 1145 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1146 1147 init_hash_operation(operation, IV, IVLen); 1148 } 1149 1150 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1151 uint32_t chunkSize) 1152 { 1153 TEE_Result res; 1154 1155 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1156 TEE_Panic(0); 1157 1158 if (operation->info.operationClass != TEE_OPERATION_MAC) 1159 TEE_Panic(0); 1160 1161 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1162 TEE_Panic(0); 1163 1164 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1165 TEE_Panic(0); 1166 1167 res = utee_hash_update(operation->state, chunk, chunkSize); 1168 if (res != TEE_SUCCESS) 1169 TEE_Panic(res); 1170 } 1171 1172 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1173 const void *message, uint32_t messageLen, 1174 void *mac, uint32_t *macLen) 1175 { 1176 TEE_Result res; 1177 uint64_t ml; 1178 1179 if (operation == TEE_HANDLE_NULL || 1180 (message == NULL && messageLen != 0) || 1181 mac == NULL || 1182 macLen == NULL) { 1183 res = TEE_ERROR_BAD_PARAMETERS; 1184 goto out; 1185 } 1186 1187 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1188 res = TEE_ERROR_BAD_PARAMETERS; 1189 goto out; 1190 } 1191 1192 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1193 res = TEE_ERROR_BAD_PARAMETERS; 1194 goto out; 1195 } 1196 1197 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1198 res = TEE_ERROR_BAD_PARAMETERS; 1199 goto out; 1200 } 1201 1202 ml = *macLen; 1203 res = utee_hash_final(operation->state, message, messageLen, mac, &ml); 1204 *macLen = ml; 1205 if (res != TEE_SUCCESS) 1206 goto out; 1207 1208 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1209 1210 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1211 1212 out: 1213 if (res != TEE_SUCCESS && 1214 res != TEE_ERROR_SHORT_BUFFER) 1215 TEE_Panic(res); 1216 1217 return res; 1218 } 1219 1220 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1221 const void *message, uint32_t messageLen, 1222 const void *mac, uint32_t macLen) 1223 { 1224 TEE_Result res; 1225 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1226 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1227 1228 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1229 res = TEE_ERROR_BAD_PARAMETERS; 1230 goto out; 1231 } 1232 1233 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1234 res = TEE_ERROR_BAD_PARAMETERS; 1235 goto out; 1236 } 1237 1238 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1239 res = TEE_ERROR_BAD_PARAMETERS; 1240 goto out; 1241 } 1242 1243 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1244 &computed_mac_size); 1245 if (res != TEE_SUCCESS) 1246 goto out; 1247 1248 if (computed_mac_size != macLen) { 1249 res = TEE_ERROR_MAC_INVALID; 1250 goto out; 1251 } 1252 1253 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) { 1254 res = TEE_ERROR_MAC_INVALID; 1255 goto out; 1256 } 1257 1258 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1259 1260 out: 1261 if (res != TEE_SUCCESS && 1262 res != TEE_ERROR_MAC_INVALID) 1263 TEE_Panic(res); 1264 1265 return res; 1266 } 1267 1268 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1269 1270 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1271 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1272 uint32_t payloadLen) 1273 { 1274 TEE_Result res; 1275 1276 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1277 res = TEE_ERROR_BAD_PARAMETERS; 1278 goto out; 1279 } 1280 1281 if (operation->info.operationClass != TEE_OPERATION_AE) { 1282 res = TEE_ERROR_BAD_PARAMETERS; 1283 goto out; 1284 } 1285 1286 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1287 res = TEE_ERROR_BAD_PARAMETERS; 1288 goto out; 1289 } 1290 1291 /* 1292 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1293 * in the implementation. But AES-GCM spec doesn't specify the tag len 1294 * according to the same principle so we have to check here instead to 1295 * be GP compliant. 1296 */ 1297 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1298 /* 1299 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1300 */ 1301 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1302 res = TEE_ERROR_NOT_SUPPORTED; 1303 goto out; 1304 } 1305 } 1306 1307 res = utee_authenc_init(operation->state, nonce, nonceLen, 1308 tagLen / 8, AADLen, payloadLen); 1309 if (res != TEE_SUCCESS) 1310 goto out; 1311 1312 operation->ae_tag_len = tagLen / 8; 1313 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1314 1315 out: 1316 if (res != TEE_SUCCESS && 1317 res != TEE_ERROR_NOT_SUPPORTED) 1318 TEE_Panic(res); 1319 1320 return res; 1321 } 1322 1323 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1324 uint32_t AADdataLen) 1325 { 1326 TEE_Result res; 1327 1328 if (operation == TEE_HANDLE_NULL || 1329 (AADdata == NULL && AADdataLen != 0)) 1330 TEE_Panic(0); 1331 1332 if (operation->info.operationClass != TEE_OPERATION_AE) 1333 TEE_Panic(0); 1334 1335 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1336 TEE_Panic(0); 1337 1338 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1339 1340 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1341 1342 if (res != TEE_SUCCESS) 1343 TEE_Panic(res); 1344 } 1345 1346 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1347 uint32_t srcLen, void *destData, uint32_t *destLen) 1348 { 1349 TEE_Result res; 1350 size_t req_dlen; 1351 uint64_t dl; 1352 1353 if (operation == TEE_HANDLE_NULL || 1354 (srcData == NULL && srcLen != 0) || 1355 destLen == NULL || 1356 (destData == NULL && *destLen != 0)) { 1357 res = TEE_ERROR_BAD_PARAMETERS; 1358 goto out; 1359 } 1360 1361 if (operation->info.operationClass != TEE_OPERATION_AE) { 1362 res = TEE_ERROR_BAD_PARAMETERS; 1363 goto out; 1364 } 1365 1366 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1367 res = TEE_ERROR_BAD_PARAMETERS; 1368 goto out; 1369 } 1370 1371 if (!srcData && !srcLen) { 1372 *destLen = 0; 1373 res = TEE_SUCCESS; 1374 goto out; 1375 } 1376 1377 /* 1378 * Check that required destLen is big enough before starting to feed 1379 * data to the algorithm. Errors during feeding of data are fatal as we 1380 * can't restore sync with this API. 1381 */ 1382 if (operation->block_size > 1) { 1383 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1384 operation->block_size); 1385 } else { 1386 req_dlen = srcLen; 1387 } 1388 1389 if (*destLen < req_dlen) { 1390 *destLen = req_dlen; 1391 res = TEE_ERROR_SHORT_BUFFER; 1392 goto out; 1393 } 1394 1395 dl = *destLen; 1396 if (operation->block_size > 1) { 1397 res = tee_buffer_update(operation, utee_authenc_update_payload, 1398 srcData, srcLen, destData, &dl); 1399 } else { 1400 if (srcLen > 0) { 1401 res = utee_authenc_update_payload(operation->state, 1402 srcData, srcLen, 1403 destData, &dl); 1404 } else { 1405 dl = 0; 1406 res = TEE_SUCCESS; 1407 } 1408 } 1409 if (res != TEE_SUCCESS) 1410 goto out; 1411 1412 *destLen = dl; 1413 1414 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1415 1416 out: 1417 if (res != TEE_SUCCESS && 1418 res != TEE_ERROR_SHORT_BUFFER) 1419 TEE_Panic(res); 1420 1421 return res; 1422 } 1423 1424 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1425 const void *srcData, uint32_t srcLen, 1426 void *destData, uint32_t *destLen, void *tag, 1427 uint32_t *tagLen) 1428 { 1429 TEE_Result res; 1430 uint8_t *dst = destData; 1431 size_t acc_dlen = 0; 1432 uint64_t tmp_dlen; 1433 size_t req_dlen; 1434 uint64_t tl; 1435 1436 if (operation == TEE_HANDLE_NULL || 1437 (srcData == NULL && srcLen != 0) || 1438 destLen == NULL || 1439 (destData == NULL && *destLen != 0) || 1440 tag == NULL || tagLen == NULL) { 1441 res = TEE_ERROR_BAD_PARAMETERS; 1442 goto out; 1443 } 1444 1445 if (operation->info.operationClass != TEE_OPERATION_AE) { 1446 res = TEE_ERROR_BAD_PARAMETERS; 1447 goto out; 1448 } 1449 1450 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1451 res = TEE_ERROR_BAD_PARAMETERS; 1452 goto out; 1453 } 1454 1455 /* 1456 * Check that required destLen is big enough before starting to feed 1457 * data to the algorithm. Errors during feeding of data are fatal as we 1458 * can't restore sync with this API. 1459 * 1460 * Need to check this before update_payload since sync would be lost if 1461 * we return short buffer after that. 1462 */ 1463 res = TEE_ERROR_GENERIC; 1464 1465 req_dlen = operation->buffer_offs + srcLen; 1466 if (*destLen < req_dlen) { 1467 *destLen = req_dlen; 1468 res = TEE_ERROR_SHORT_BUFFER; 1469 } 1470 1471 if (*tagLen < operation->ae_tag_len) { 1472 *tagLen = operation->ae_tag_len; 1473 res = TEE_ERROR_SHORT_BUFFER; 1474 } 1475 1476 if (res == TEE_ERROR_SHORT_BUFFER) 1477 goto out; 1478 1479 tl = *tagLen; 1480 tmp_dlen = *destLen - acc_dlen; 1481 if (operation->block_size > 1) { 1482 res = tee_buffer_update(operation, utee_authenc_update_payload, 1483 srcData, srcLen, dst, &tmp_dlen); 1484 if (res != TEE_SUCCESS) 1485 goto out; 1486 1487 dst += tmp_dlen; 1488 acc_dlen += tmp_dlen; 1489 1490 tmp_dlen = *destLen - acc_dlen; 1491 res = utee_authenc_enc_final(operation->state, 1492 operation->buffer, 1493 operation->buffer_offs, dst, 1494 &tmp_dlen, tag, &tl); 1495 } else { 1496 res = utee_authenc_enc_final(operation->state, srcData, 1497 srcLen, dst, &tmp_dlen, 1498 tag, &tl); 1499 } 1500 *tagLen = tl; 1501 if (res != TEE_SUCCESS) 1502 goto out; 1503 1504 acc_dlen += tmp_dlen; 1505 *destLen = acc_dlen; 1506 1507 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1508 1509 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1510 1511 out: 1512 if (res != TEE_SUCCESS && 1513 res != TEE_ERROR_SHORT_BUFFER) 1514 TEE_Panic(res); 1515 1516 return res; 1517 } 1518 1519 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1520 const void *srcData, uint32_t srcLen, 1521 void *destData, uint32_t *destLen, void *tag, 1522 uint32_t tagLen) 1523 { 1524 TEE_Result res; 1525 uint8_t *dst = destData; 1526 size_t acc_dlen = 0; 1527 uint64_t tmp_dlen; 1528 size_t req_dlen; 1529 1530 if (operation == TEE_HANDLE_NULL || 1531 (srcData == NULL && srcLen != 0) || 1532 destLen == NULL || 1533 (destData == NULL && *destLen != 0) || 1534 (tag == NULL && tagLen != 0)) { 1535 res = TEE_ERROR_BAD_PARAMETERS; 1536 goto out; 1537 } 1538 1539 if (operation->info.operationClass != TEE_OPERATION_AE) { 1540 res = TEE_ERROR_BAD_PARAMETERS; 1541 goto out; 1542 } 1543 1544 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1545 res = TEE_ERROR_BAD_PARAMETERS; 1546 goto out; 1547 } 1548 1549 /* 1550 * Check that required destLen is big enough before starting to feed 1551 * data to the algorithm. Errors during feeding of data are fatal as we 1552 * can't restore sync with this API. 1553 */ 1554 req_dlen = operation->buffer_offs + srcLen; 1555 if (*destLen < req_dlen) { 1556 *destLen = req_dlen; 1557 res = TEE_ERROR_SHORT_BUFFER; 1558 goto out; 1559 } 1560 1561 tmp_dlen = *destLen - acc_dlen; 1562 if (operation->block_size > 1) { 1563 res = tee_buffer_update(operation, utee_authenc_update_payload, 1564 srcData, srcLen, dst, &tmp_dlen); 1565 if (res != TEE_SUCCESS) 1566 goto out; 1567 1568 dst += tmp_dlen; 1569 acc_dlen += tmp_dlen; 1570 1571 tmp_dlen = *destLen - acc_dlen; 1572 res = utee_authenc_dec_final(operation->state, 1573 operation->buffer, 1574 operation->buffer_offs, dst, 1575 &tmp_dlen, tag, tagLen); 1576 } else { 1577 res = utee_authenc_dec_final(operation->state, srcData, 1578 srcLen, dst, &tmp_dlen, 1579 tag, tagLen); 1580 } 1581 if (res != TEE_SUCCESS) 1582 goto out; 1583 1584 /* Supplied tagLen should match what we initiated with */ 1585 if (tagLen != operation->ae_tag_len) 1586 res = TEE_ERROR_MAC_INVALID; 1587 1588 acc_dlen += tmp_dlen; 1589 *destLen = acc_dlen; 1590 1591 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1592 1593 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1594 1595 out: 1596 if (res != TEE_SUCCESS && 1597 res != TEE_ERROR_SHORT_BUFFER && 1598 res != TEE_ERROR_MAC_INVALID) 1599 TEE_Panic(res); 1600 1601 return res; 1602 } 1603 1604 /* Cryptographic Operations API - Asymmetric Functions */ 1605 1606 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1607 const TEE_Attribute *params, 1608 uint32_t paramCount, const void *srcData, 1609 uint32_t srcLen, void *destData, 1610 uint32_t *destLen) 1611 { 1612 TEE_Result res; 1613 struct utee_attribute ua[paramCount]; 1614 uint64_t dl; 1615 1616 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1617 destLen == NULL || (destData == NULL && *destLen != 0)) 1618 TEE_Panic(0); 1619 if (params == NULL && paramCount != 0) 1620 TEE_Panic(0); 1621 if (!operation->key1) 1622 TEE_Panic(0); 1623 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1624 TEE_Panic(0); 1625 if (operation->info.mode != TEE_MODE_ENCRYPT) 1626 TEE_Panic(0); 1627 1628 __utee_from_attr(ua, params, paramCount); 1629 dl = *destLen; 1630 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1631 srcLen, destData, &dl); 1632 *destLen = dl; 1633 1634 if (res != TEE_SUCCESS && 1635 res != TEE_ERROR_SHORT_BUFFER && 1636 res != TEE_ERROR_BAD_PARAMETERS) 1637 TEE_Panic(res); 1638 1639 return res; 1640 } 1641 1642 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1643 const TEE_Attribute *params, 1644 uint32_t paramCount, const void *srcData, 1645 uint32_t srcLen, void *destData, 1646 uint32_t *destLen) 1647 { 1648 TEE_Result res; 1649 struct utee_attribute ua[paramCount]; 1650 uint64_t dl; 1651 1652 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1653 destLen == NULL || (destData == NULL && *destLen != 0)) 1654 TEE_Panic(0); 1655 if (params == NULL && paramCount != 0) 1656 TEE_Panic(0); 1657 if (!operation->key1) 1658 TEE_Panic(0); 1659 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1660 TEE_Panic(0); 1661 if (operation->info.mode != TEE_MODE_DECRYPT) 1662 TEE_Panic(0); 1663 1664 __utee_from_attr(ua, params, paramCount); 1665 dl = *destLen; 1666 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1667 srcLen, destData, &dl); 1668 *destLen = dl; 1669 1670 if (res != TEE_SUCCESS && 1671 res != TEE_ERROR_SHORT_BUFFER && 1672 res != TEE_ERROR_BAD_PARAMETERS) 1673 TEE_Panic(res); 1674 1675 return res; 1676 } 1677 1678 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1679 const TEE_Attribute *params, 1680 uint32_t paramCount, const void *digest, 1681 uint32_t digestLen, void *signature, 1682 uint32_t *signatureLen) 1683 { 1684 TEE_Result res; 1685 struct utee_attribute ua[paramCount]; 1686 uint64_t sl; 1687 1688 if (operation == TEE_HANDLE_NULL || 1689 (digest == NULL && digestLen != 0) || 1690 signature == NULL || signatureLen == NULL) 1691 TEE_Panic(0); 1692 if (params == NULL && paramCount != 0) 1693 TEE_Panic(0); 1694 if (!operation->key1) 1695 TEE_Panic(0); 1696 if (operation->info.operationClass != 1697 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1698 TEE_Panic(0); 1699 if (operation->info.mode != TEE_MODE_SIGN) 1700 TEE_Panic(0); 1701 1702 __utee_from_attr(ua, params, paramCount); 1703 sl = *signatureLen; 1704 res = utee_asymm_operate(operation->state, ua, paramCount, digest, 1705 digestLen, signature, &sl); 1706 *signatureLen = sl; 1707 1708 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1709 TEE_Panic(res); 1710 1711 return res; 1712 } 1713 1714 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1715 const TEE_Attribute *params, 1716 uint32_t paramCount, const void *digest, 1717 uint32_t digestLen, 1718 const void *signature, 1719 uint32_t signatureLen) 1720 { 1721 TEE_Result res; 1722 struct utee_attribute ua[paramCount]; 1723 1724 if (operation == TEE_HANDLE_NULL || 1725 (digest == NULL && digestLen != 0) || 1726 (signature == NULL && signatureLen != 0)) 1727 TEE_Panic(0); 1728 if (params == NULL && paramCount != 0) 1729 TEE_Panic(0); 1730 if (!operation->key1) 1731 TEE_Panic(0); 1732 if (operation->info.operationClass != 1733 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1734 TEE_Panic(0); 1735 if (operation->info.mode != TEE_MODE_VERIFY) 1736 TEE_Panic(0); 1737 1738 __utee_from_attr(ua, params, paramCount); 1739 res = utee_asymm_verify(operation->state, ua, paramCount, digest, 1740 digestLen, signature, signatureLen); 1741 1742 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1743 TEE_Panic(res); 1744 1745 return res; 1746 } 1747 1748 /* Cryptographic Operations API - Key Derivation Functions */ 1749 1750 void TEE_DeriveKey(TEE_OperationHandle operation, 1751 const TEE_Attribute *params, uint32_t paramCount, 1752 TEE_ObjectHandle derivedKey) 1753 { 1754 TEE_Result res; 1755 TEE_ObjectInfo key_info; 1756 struct utee_attribute ua[paramCount]; 1757 1758 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1759 TEE_Panic(0); 1760 if (params == NULL && paramCount != 0) 1761 TEE_Panic(0); 1762 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1763 TEE_OPERATION_KEY_DERIVATION) 1764 TEE_Panic(0); 1765 1766 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1767 TEE_Panic(0); 1768 if (!operation->key1) 1769 TEE_Panic(0); 1770 if (operation->info.mode != TEE_MODE_DERIVE) 1771 TEE_Panic(0); 1772 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1773 TEE_Panic(0); 1774 1775 res = utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1776 if (res != TEE_SUCCESS) 1777 TEE_Panic(res); 1778 1779 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1780 TEE_Panic(0); 1781 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1782 TEE_Panic(0); 1783 1784 __utee_from_attr(ua, params, paramCount); 1785 res = utee_cryp_derive_key(operation->state, ua, paramCount, 1786 (unsigned long)derivedKey); 1787 if (res != TEE_SUCCESS) 1788 TEE_Panic(res); 1789 } 1790 1791 /* Cryptographic Operations API - Random Number Generation Functions */ 1792 1793 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1794 { 1795 TEE_Result res; 1796 1797 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1798 if (res != TEE_SUCCESS) 1799 TEE_Panic(res); 1800 } 1801 1802 int rand(void) 1803 { 1804 int rc; 1805 1806 TEE_GenerateRandom(&rc, sizeof(rc)); 1807 1808 /* 1809 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1810 * highest bit set. 1811 */ 1812 return rc & RAND_MAX; 1813 } 1814