1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 #include <string_ext.h> 30 31 #include <tee_api.h> 32 #include <tee_api_defines_extensions.h> 33 #include <tee_internal_api_extensions.h> 34 #include <utee_syscalls.h> 35 #include <utee_defines.h> 36 #include <util.h> 37 38 struct __TEE_OperationHandle { 39 TEE_OperationInfo info; 40 TEE_ObjectHandle key1; 41 TEE_ObjectHandle key2; 42 uint8_t *buffer; /* buffer to collect complete blocks */ 43 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 44 size_t block_size; /* Block size of cipher */ 45 size_t buffer_offs; /* Offset in buffer */ 46 uint32_t state; /* Handle to state in TEE Core */ 47 uint32_t ae_tag_len; /* 48 * tag_len in bytes for AE operation else unused 49 */ 50 }; 51 52 /* Cryptographic Operations API - Generic Operation Functions */ 53 54 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 55 uint32_t algorithm, uint32_t mode, 56 uint32_t maxKeySize) 57 { 58 TEE_Result res; 59 TEE_OperationHandle op = TEE_HANDLE_NULL; 60 uint32_t handle_state = 0; 61 size_t block_size = 1; 62 uint32_t req_key_usage; 63 bool with_private_key = false; 64 bool buffer_two_blocks = false; 65 66 if (!operation) 67 TEE_Panic(0); 68 69 if (algorithm == TEE_ALG_AES_XTS) 70 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 71 72 /* Check algorithm max key size */ 73 switch (algorithm) { 74 case TEE_ALG_DSA_SHA1: 75 if (maxKeySize < 512) 76 return TEE_ERROR_NOT_SUPPORTED; 77 if (maxKeySize > 1024) 78 return TEE_ERROR_NOT_SUPPORTED; 79 if (maxKeySize % 64 != 0) 80 return TEE_ERROR_NOT_SUPPORTED; 81 break; 82 83 case TEE_ALG_DSA_SHA224: 84 if (maxKeySize != 2048) 85 return TEE_ERROR_NOT_SUPPORTED; 86 break; 87 88 case TEE_ALG_DSA_SHA256: 89 if (maxKeySize != 2048 && maxKeySize != 3072) 90 return TEE_ERROR_NOT_SUPPORTED; 91 break; 92 93 case TEE_ALG_ECDSA_P192: 94 case TEE_ALG_ECDH_P192: 95 if (maxKeySize != 192) 96 return TEE_ERROR_NOT_SUPPORTED; 97 break; 98 99 case TEE_ALG_ECDSA_P224: 100 case TEE_ALG_ECDH_P224: 101 if (maxKeySize != 224) 102 return TEE_ERROR_NOT_SUPPORTED; 103 break; 104 105 case TEE_ALG_ECDSA_P256: 106 case TEE_ALG_ECDH_P256: 107 if (maxKeySize != 256) 108 return TEE_ERROR_NOT_SUPPORTED; 109 break; 110 111 case TEE_ALG_ECDSA_P384: 112 case TEE_ALG_ECDH_P384: 113 if (maxKeySize != 384) 114 return TEE_ERROR_NOT_SUPPORTED; 115 break; 116 117 case TEE_ALG_ECDSA_P521: 118 case TEE_ALG_ECDH_P521: 119 if (maxKeySize != 521) 120 return TEE_ERROR_NOT_SUPPORTED; 121 break; 122 123 default: 124 break; 125 } 126 127 /* Check algorithm mode */ 128 switch (algorithm) { 129 case TEE_ALG_AES_CTS: 130 case TEE_ALG_AES_XTS: 131 buffer_two_blocks = true; 132 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 133 case TEE_ALG_AES_CBC_NOPAD: 134 case TEE_ALG_AES_CTR: 135 case TEE_ALG_AES_CCM: 136 case TEE_ALG_AES_GCM: 137 case TEE_ALG_DES_ECB_NOPAD: 138 case TEE_ALG_DES_CBC_NOPAD: 139 case TEE_ALG_DES3_ECB_NOPAD: 140 case TEE_ALG_DES3_CBC_NOPAD: 141 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 142 block_size = TEE_AES_BLOCK_SIZE; 143 else 144 block_size = TEE_DES_BLOCK_SIZE; 145 146 if (mode == TEE_MODE_ENCRYPT) 147 req_key_usage = TEE_USAGE_ENCRYPT; 148 else if (mode == TEE_MODE_DECRYPT) 149 req_key_usage = TEE_USAGE_DECRYPT; 150 else 151 return TEE_ERROR_NOT_SUPPORTED; 152 break; 153 154 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 165 case TEE_ALG_DSA_SHA1: 166 case TEE_ALG_DSA_SHA224: 167 case TEE_ALG_DSA_SHA256: 168 case TEE_ALG_ECDSA_P192: 169 case TEE_ALG_ECDSA_P224: 170 case TEE_ALG_ECDSA_P256: 171 case TEE_ALG_ECDSA_P384: 172 case TEE_ALG_ECDSA_P521: 173 if (mode == TEE_MODE_SIGN) { 174 with_private_key = true; 175 req_key_usage = TEE_USAGE_SIGN; 176 } else if (mode == TEE_MODE_VERIFY) { 177 req_key_usage = TEE_USAGE_VERIFY; 178 } else { 179 return TEE_ERROR_NOT_SUPPORTED; 180 } 181 break; 182 183 case TEE_ALG_RSAES_PKCS1_V1_5: 184 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 189 if (mode == TEE_MODE_ENCRYPT) { 190 req_key_usage = TEE_USAGE_ENCRYPT; 191 } else if (mode == TEE_MODE_DECRYPT) { 192 with_private_key = true; 193 req_key_usage = TEE_USAGE_DECRYPT; 194 } else { 195 return TEE_ERROR_NOT_SUPPORTED; 196 } 197 break; 198 199 case TEE_ALG_RSA_NOPAD: 200 if (mode == TEE_MODE_ENCRYPT) { 201 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 202 } else if (mode == TEE_MODE_DECRYPT) { 203 with_private_key = true; 204 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 205 } else { 206 return TEE_ERROR_NOT_SUPPORTED; 207 } 208 break; 209 210 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 211 case TEE_ALG_ECDH_P192: 212 case TEE_ALG_ECDH_P224: 213 case TEE_ALG_ECDH_P256: 214 case TEE_ALG_ECDH_P384: 215 case TEE_ALG_ECDH_P521: 216 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 227 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 228 if (mode != TEE_MODE_DERIVE) 229 return TEE_ERROR_NOT_SUPPORTED; 230 with_private_key = true; 231 req_key_usage = TEE_USAGE_DERIVE; 232 break; 233 234 case TEE_ALG_MD5: 235 case TEE_ALG_SHA1: 236 case TEE_ALG_SHA224: 237 case TEE_ALG_SHA256: 238 case TEE_ALG_SHA384: 239 case TEE_ALG_SHA512: 240 if (mode != TEE_MODE_DIGEST) 241 return TEE_ERROR_NOT_SUPPORTED; 242 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 243 req_key_usage = 0; 244 break; 245 246 case TEE_ALG_DES_CBC_MAC_NOPAD: 247 case TEE_ALG_AES_CBC_MAC_NOPAD: 248 case TEE_ALG_AES_CBC_MAC_PKCS5: 249 case TEE_ALG_AES_CMAC: 250 case TEE_ALG_DES_CBC_MAC_PKCS5: 251 case TEE_ALG_DES3_CBC_MAC_NOPAD: 252 case TEE_ALG_DES3_CBC_MAC_PKCS5: 253 case TEE_ALG_HMAC_MD5: 254 case TEE_ALG_HMAC_SHA1: 255 case TEE_ALG_HMAC_SHA224: 256 case TEE_ALG_HMAC_SHA256: 257 case TEE_ALG_HMAC_SHA384: 258 case TEE_ALG_HMAC_SHA512: 259 if (mode != TEE_MODE_MAC) 260 return TEE_ERROR_NOT_SUPPORTED; 261 req_key_usage = TEE_USAGE_MAC; 262 break; 263 264 default: 265 return TEE_ERROR_NOT_SUPPORTED; 266 } 267 268 op = TEE_Malloc(sizeof(*op), 0); 269 if (!op) 270 return TEE_ERROR_OUT_OF_MEMORY; 271 272 op->info.algorithm = algorithm; 273 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 274 op->info.mode = mode; 275 op->info.maxKeySize = maxKeySize; 276 op->info.requiredKeyUsage = req_key_usage; 277 op->info.handleState = handle_state; 278 279 if (block_size > 1) { 280 size_t buffer_size = block_size; 281 282 if (buffer_two_blocks) 283 buffer_size *= 2; 284 285 op->buffer = TEE_Malloc(buffer_size, 286 TEE_USER_MEM_HINT_NO_FILL_ZERO); 287 if (op->buffer == NULL) { 288 res = TEE_ERROR_OUT_OF_MEMORY; 289 goto err0; 290 } 291 } 292 op->block_size = block_size; 293 op->buffer_two_blocks = buffer_two_blocks; 294 295 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 296 uint32_t mks = maxKeySize; 297 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 298 with_private_key); 299 300 /* 301 * If two keys are expected the max key size is the sum of 302 * the size of both keys. 303 */ 304 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 305 mks /= 2; 306 307 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 308 if (res != TEE_SUCCESS) 309 goto err1; 310 311 if ((op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 312 0) { 313 res = TEE_AllocateTransientObject(key_type, mks, 314 &op->key2); 315 if (res != TEE_SUCCESS) 316 goto err2; 317 } 318 } 319 320 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 321 (uint32_t) op->key2, &op->state); 322 if (res != TEE_SUCCESS) { 323 if ((op->info.handleState & 324 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 0) 325 goto err2; 326 goto err1; 327 } 328 329 /* For multi-stage operation do an "init". */ 330 TEE_ResetOperation(op); 331 *operation = op; 332 goto out; 333 334 err2: 335 TEE_FreeTransientObject(op->key2); 336 err1: 337 TEE_FreeTransientObject(op->key1); 338 err0: 339 TEE_FreeOperation(op); 340 341 if (res != TEE_SUCCESS && 342 res != TEE_ERROR_OUT_OF_MEMORY && 343 res != TEE_ERROR_NOT_SUPPORTED) 344 TEE_Panic(0); 345 out: 346 return res; 347 } 348 349 void TEE_FreeOperation(TEE_OperationHandle operation) 350 { 351 TEE_Result res; 352 353 if (operation == TEE_HANDLE_NULL) 354 TEE_Panic(0); 355 356 /* 357 * Note that keys should not be freed here, since they are 358 * claimed by the operation they will be freed by 359 * utee_cryp_state_free(). 360 */ 361 res = utee_cryp_state_free(operation->state); 362 if (res != TEE_SUCCESS) 363 TEE_Panic(0); 364 365 TEE_Free(operation->buffer); 366 TEE_Free(operation); 367 } 368 369 void TEE_GetOperationInfo(TEE_OperationHandle operation, 370 TEE_OperationInfo *operationInfo) 371 { 372 if (operation == TEE_HANDLE_NULL) 373 TEE_Panic(0); 374 375 if (operationInfo == NULL) 376 TEE_Panic(0); 377 378 *operationInfo = operation->info; 379 } 380 381 void TEE_ResetOperation(TEE_OperationHandle operation) 382 { 383 TEE_Result res; 384 385 if (operation == TEE_HANDLE_NULL) 386 TEE_Panic(0); 387 388 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) != 0) { 389 if (operation->info.keySize == 0) 390 TEE_Panic(0); 391 } 392 393 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 394 res = utee_hash_init(operation->state, NULL, 0); 395 if (res != TEE_SUCCESS) 396 TEE_Panic(res); 397 } 398 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 399 } 400 401 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 402 TEE_ObjectHandle key) 403 { 404 TEE_Result res; 405 uint32_t key_size = 0; 406 TEE_ObjectInfo key_info; 407 408 /* Operation is not a valid handle */ 409 if (operation == TEE_HANDLE_NULL) { 410 res = TEE_ERROR_BAD_PARAMETERS; 411 goto out; 412 } 413 414 /* Key is not initialized */ 415 if (key == TEE_HANDLE_NULL) { 416 /* Operation key cleared */ 417 TEE_ResetTransientObject(operation->key1); 418 res = TEE_ERROR_BAD_PARAMETERS; 419 goto out; 420 } 421 422 /* No key for digest operation */ 423 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 424 res = TEE_ERROR_BAD_PARAMETERS; 425 goto out; 426 } 427 428 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 429 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 430 0) { 431 res = TEE_ERROR_BAD_PARAMETERS; 432 goto out; 433 } 434 435 res = TEE_GetObjectInfo1(key, &key_info); 436 /* Key is not a valid handle */ 437 if (res != TEE_SUCCESS) 438 goto out; 439 440 /* Supplied key has to meet required usage */ 441 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 442 operation->info.requiredKeyUsage) { 443 res = TEE_ERROR_BAD_PARAMETERS; 444 goto out; 445 } 446 447 if (operation->info.maxKeySize < key_info.keySize) { 448 res = TEE_ERROR_BAD_PARAMETERS; 449 goto out; 450 } 451 452 key_size = key_info.keySize; 453 454 TEE_ResetTransientObject(operation->key1); 455 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 456 457 res = TEE_CopyObjectAttributes1(operation->key1, key); 458 if (res != TEE_SUCCESS) 459 goto out; 460 461 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 462 463 operation->info.keySize = key_size; 464 465 out: 466 if (res != TEE_SUCCESS && 467 res != TEE_ERROR_CORRUPT_OBJECT && 468 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 469 TEE_Panic(0); 470 471 return res; 472 } 473 474 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 475 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 476 { 477 TEE_Result res; 478 uint32_t key_size = 0; 479 TEE_ObjectInfo key_info1; 480 TEE_ObjectInfo key_info2; 481 482 /* Operation is not a valid handle */ 483 if (operation == TEE_HANDLE_NULL) { 484 res = TEE_ERROR_BAD_PARAMETERS; 485 goto out; 486 } 487 488 /* 489 * Key1/Key2 and/or are not initialized and 490 * Either both keys are NULL or both are not NULL 491 */ 492 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 493 /* Clear operation key1 (if needed) */ 494 if (key1 == TEE_HANDLE_NULL) 495 TEE_ResetTransientObject(operation->key1); 496 /* Clear operation key2 (if needed) */ 497 if (key2 == TEE_HANDLE_NULL) 498 TEE_ResetTransientObject(operation->key2); 499 res = TEE_ERROR_BAD_PARAMETERS; 500 goto out; 501 } 502 503 /* No key for digest operation */ 504 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 505 res = TEE_ERROR_BAD_PARAMETERS; 506 goto out; 507 } 508 509 /* Two keys flag expected (TEE_ALG_AES_XTS only) */ 510 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 511 0) { 512 res = TEE_ERROR_BAD_PARAMETERS; 513 goto out; 514 } 515 516 res = TEE_GetObjectInfo1(key1, &key_info1); 517 /* Key1 is not a valid handle */ 518 if (res != TEE_SUCCESS) 519 goto out; 520 521 /* Supplied key has to meet required usage */ 522 if ((key_info1.objectUsage & operation->info. 523 requiredKeyUsage) != operation->info.requiredKeyUsage) { 524 res = TEE_ERROR_BAD_PARAMETERS; 525 goto out; 526 } 527 528 res = TEE_GetObjectInfo1(key2, &key_info2); 529 /* Key2 is not a valid handle */ 530 if (res != TEE_SUCCESS) { 531 if (res == TEE_ERROR_CORRUPT_OBJECT) 532 res = TEE_ERROR_CORRUPT_OBJECT_2; 533 goto out; 534 } 535 536 /* Supplied key has to meet required usage */ 537 if ((key_info2.objectUsage & operation->info. 538 requiredKeyUsage) != operation->info.requiredKeyUsage) { 539 res = TEE_ERROR_BAD_PARAMETERS; 540 goto out; 541 } 542 543 /* 544 * AES-XTS (the only multi key algorithm supported, requires the 545 * keys to be of equal size. 546 */ 547 if (operation->info.algorithm == TEE_ALG_AES_XTS && 548 key_info1.keySize != key_info2.keySize) { 549 res = TEE_ERROR_BAD_PARAMETERS; 550 goto out; 551 552 } 553 554 if (operation->info.maxKeySize < key_info1.keySize) { 555 res = TEE_ERROR_BAD_PARAMETERS; 556 goto out; 557 } 558 559 /* 560 * Odd that only the size of one key should be reported while 561 * size of two key are used when allocating the operation. 562 */ 563 key_size = key_info1.keySize; 564 565 TEE_ResetTransientObject(operation->key1); 566 TEE_ResetTransientObject(operation->key2); 567 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 568 569 res = TEE_CopyObjectAttributes1(operation->key1, key1); 570 if (res != TEE_SUCCESS) 571 goto out; 572 573 res = TEE_CopyObjectAttributes1(operation->key2, key2); 574 if (res != TEE_SUCCESS) { 575 if (res == TEE_ERROR_CORRUPT_OBJECT) 576 res = TEE_ERROR_CORRUPT_OBJECT_2; 577 goto out; 578 } 579 580 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 581 582 operation->info.keySize = key_size; 583 584 out: 585 if (res != TEE_SUCCESS && 586 res != TEE_ERROR_CORRUPT_OBJECT && 587 res != TEE_ERROR_CORRUPT_OBJECT_2 && 588 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 589 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 590 TEE_Panic(0); 591 592 return res; 593 } 594 595 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 596 { 597 TEE_Result res; 598 599 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 600 TEE_Panic(0); 601 if (dst_op->info.algorithm != src_op->info.algorithm) 602 TEE_Panic(0); 603 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 604 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 605 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 606 607 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 608 key1 = src_op->key1; 609 key2 = src_op->key2; 610 } 611 612 if ((src_op->info.handleState & 613 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 614 TEE_SetOperationKey(dst_op, key1); 615 } else { 616 TEE_SetOperationKey2(dst_op, key1, key2); 617 } 618 } 619 dst_op->info.handleState = src_op->info.handleState; 620 dst_op->info.keySize = src_op->info.keySize; 621 622 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 623 dst_op->block_size != src_op->block_size) 624 TEE_Panic(0); 625 626 if (dst_op->buffer != NULL) { 627 if (src_op->buffer == NULL) 628 TEE_Panic(0); 629 630 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 631 dst_op->buffer_offs = src_op->buffer_offs; 632 } else if (src_op->buffer != NULL) { 633 TEE_Panic(0); 634 } 635 636 res = utee_cryp_state_copy(dst_op->state, src_op->state); 637 if (res != TEE_SUCCESS) 638 TEE_Panic(res); 639 } 640 641 /* Cryptographic Operations API - Message Digest Functions */ 642 643 void TEE_DigestUpdate(TEE_OperationHandle operation, 644 void *chunk, uint32_t chunkSize) 645 { 646 TEE_Result res = TEE_ERROR_GENERIC; 647 648 if (operation == TEE_HANDLE_NULL || 649 operation->info.operationClass != TEE_OPERATION_DIGEST) 650 TEE_Panic(0); 651 652 res = utee_hash_update(operation->state, chunk, chunkSize); 653 if (res != TEE_SUCCESS) 654 TEE_Panic(res); 655 } 656 657 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 658 uint32_t chunkLen, void *hash, uint32_t *hashLen) 659 { 660 TEE_Result res; 661 662 if ((operation == TEE_HANDLE_NULL) || 663 (!chunk && chunkLen) || 664 !hash || 665 !hashLen || 666 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 667 res = TEE_ERROR_BAD_PARAMETERS; 668 goto out; 669 } 670 671 res = utee_hash_final(operation->state, chunk, chunkLen, hash, 672 hashLen); 673 674 out: 675 if (res != TEE_SUCCESS && 676 res != TEE_ERROR_SHORT_BUFFER) 677 TEE_Panic(0); 678 679 return res; 680 } 681 682 /* Cryptographic Operations API - Symmetric Cipher Functions */ 683 684 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 685 { 686 TEE_Result res; 687 688 if (operation == TEE_HANDLE_NULL) 689 TEE_Panic(0); 690 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 691 TEE_Panic(0); 692 res = utee_cipher_init(operation->state, IV, IVLen); 693 if (res != TEE_SUCCESS) 694 TEE_Panic(res); 695 operation->buffer_offs = 0; 696 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 697 } 698 699 static TEE_Result tee_buffer_update( 700 TEE_OperationHandle op, 701 TEE_Result(*update_func) (uint32_t state, const void *src, 702 size_t slen, void *dst, uint32_t *dlen), 703 const void *src_data, size_t src_len, 704 void *dest_data, uint32_t *dest_len) 705 { 706 TEE_Result res; 707 const uint8_t *src = src_data; 708 size_t slen = src_len; 709 uint8_t *dst = dest_data; 710 size_t dlen = *dest_len; 711 size_t acc_dlen = 0; 712 uint32_t tmp_dlen; 713 size_t l; 714 size_t buffer_size; 715 size_t buffer_left; 716 717 if (op->buffer_two_blocks) { 718 buffer_size = op->block_size * 2; 719 buffer_left = 1; 720 } else { 721 buffer_size = op->block_size; 722 buffer_left = 0; 723 } 724 725 if (op->buffer_offs > 0) { 726 /* Fill up complete block */ 727 if (op->buffer_offs < op->block_size) 728 l = MIN(slen, op->block_size - op->buffer_offs); 729 else 730 l = MIN(slen, buffer_size - op->buffer_offs); 731 memcpy(op->buffer + op->buffer_offs, src, l); 732 op->buffer_offs += l; 733 src += l; 734 slen -= l; 735 if ((op->buffer_offs % op->block_size) != 0) 736 goto out; /* Nothing left to do */ 737 } 738 739 /* If we can feed from buffer */ 740 if ((op->buffer_offs > 0) && 741 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 742 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 743 op->block_size); 744 l = MIN(op->buffer_offs, l); 745 tmp_dlen = dlen; 746 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 747 if (res != TEE_SUCCESS) 748 TEE_Panic(res); 749 dst += tmp_dlen; 750 dlen -= tmp_dlen; 751 acc_dlen += tmp_dlen; 752 op->buffer_offs -= l; 753 if (op->buffer_offs > 0) { 754 /* 755 * Slen is small enough to be contained in rest buffer. 756 */ 757 memcpy(op->buffer, op->buffer + l, buffer_size - l); 758 memcpy(op->buffer + op->buffer_offs, src, slen); 759 op->buffer_offs += slen; 760 goto out; /* Nothing left to do */ 761 } 762 } 763 764 if (slen >= (buffer_size + buffer_left)) { 765 /* Buffer is empty, feed as much as possible from src */ 766 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 767 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 768 769 tmp_dlen = dlen; 770 res = update_func(op->state, src, l, dst, &tmp_dlen); 771 if (res != TEE_SUCCESS) 772 TEE_Panic(res); 773 src += l; 774 slen -= l; 775 dst += tmp_dlen; 776 dlen -= tmp_dlen; 777 acc_dlen += tmp_dlen; 778 } else { 779 /* 780 * Supplied data isn't well aligned, we're forced to 781 * feed through the buffer. 782 */ 783 while (slen >= op->block_size) { 784 memcpy(op->buffer, src, op->block_size); 785 786 tmp_dlen = dlen; 787 res = 788 update_func(op->state, op->buffer, 789 op->block_size, dst, &tmp_dlen); 790 if (res != TEE_SUCCESS) 791 TEE_Panic(res); 792 src += op->block_size; 793 slen -= op->block_size; 794 dst += tmp_dlen; 795 dlen -= tmp_dlen; 796 acc_dlen += tmp_dlen; 797 } 798 } 799 } 800 801 /* Slen is small enough to be contained in buffer. */ 802 memcpy(op->buffer + op->buffer_offs, src, slen); 803 op->buffer_offs += slen; 804 805 out: 806 *dest_len = acc_dlen; 807 return TEE_SUCCESS; 808 } 809 810 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 811 uint32_t srcLen, void *destData, uint32_t *destLen) 812 { 813 TEE_Result res; 814 size_t req_dlen; 815 816 if (op == TEE_HANDLE_NULL || 817 (srcData == NULL && srcLen != 0) || 818 destLen == NULL || 819 (destData == NULL && *destLen != 0)) { 820 res = TEE_ERROR_BAD_PARAMETERS; 821 goto out; 822 } 823 824 if (op->info.operationClass != TEE_OPERATION_CIPHER) { 825 res = TEE_ERROR_BAD_PARAMETERS; 826 goto out; 827 } 828 829 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 830 res = TEE_ERROR_BAD_PARAMETERS; 831 goto out; 832 } 833 834 /* Calculate required dlen */ 835 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 836 op->block_size; 837 if (op->buffer_two_blocks) { 838 if (req_dlen > op->block_size * 2) 839 req_dlen -= op->block_size * 2; 840 else 841 req_dlen = 0; 842 } 843 /* 844 * Check that required destLen is big enough before starting to feed 845 * data to the algorithm. Errors during feeding of data are fatal as we 846 * can't restore sync with this API. 847 */ 848 if (*destLen < req_dlen) { 849 *destLen = req_dlen; 850 res = TEE_ERROR_SHORT_BUFFER; 851 goto out; 852 } 853 854 res = tee_buffer_update(op, utee_cipher_update, srcData, srcLen, 855 destData, destLen); 856 857 out: 858 if (res != TEE_SUCCESS && 859 res != TEE_ERROR_SHORT_BUFFER) 860 TEE_Panic(0); 861 862 return res; 863 } 864 865 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 866 const void *srcData, uint32_t srcLen, void *destData, 867 uint32_t *destLen) 868 { 869 TEE_Result res; 870 uint8_t *dst = destData; 871 size_t acc_dlen = 0; 872 uint32_t tmp_dlen; 873 size_t req_dlen; 874 875 if (op == TEE_HANDLE_NULL || 876 (srcData == NULL && srcLen != 0) || 877 destLen == NULL || 878 (destData == NULL && *destLen != 0)) { 879 res = TEE_ERROR_BAD_PARAMETERS; 880 goto out; 881 } 882 883 if (op->info.operationClass != TEE_OPERATION_CIPHER) { 884 res = TEE_ERROR_BAD_PARAMETERS; 885 goto out; 886 } 887 888 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 889 res = TEE_ERROR_BAD_PARAMETERS; 890 goto out; 891 } 892 893 /* 894 * Check that the final block doesn't require padding for those 895 * algorithms that requires client to supply padding. 896 */ 897 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 898 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 899 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 900 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 901 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 902 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 903 if (((op->buffer_offs + srcLen) % op->block_size) != 0) { 904 res = TEE_ERROR_BAD_PARAMETERS; 905 goto out; 906 } 907 } 908 909 /* 910 * Check that required destLen is big enough before starting to feed 911 * data to the algorithm. Errors during feeding of data are fatal as we 912 * can't restore sync with this API. 913 */ 914 req_dlen = op->buffer_offs + srcLen; 915 if (*destLen < req_dlen) { 916 *destLen = req_dlen; 917 res = TEE_ERROR_SHORT_BUFFER; 918 goto out; 919 } 920 921 tmp_dlen = *destLen - acc_dlen; 922 res = tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 923 &tmp_dlen); 924 if (res != TEE_SUCCESS) 925 goto out; 926 927 dst += tmp_dlen; 928 acc_dlen += tmp_dlen; 929 930 tmp_dlen = *destLen - acc_dlen; 931 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 932 dst, &tmp_dlen); 933 if (res != TEE_SUCCESS) 934 goto out; 935 936 acc_dlen += tmp_dlen; 937 938 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 939 *destLen = acc_dlen; 940 941 out: 942 if (res != TEE_SUCCESS && 943 res != TEE_ERROR_SHORT_BUFFER) 944 TEE_Panic(0); 945 946 return res; 947 } 948 949 /* Cryptographic Operations API - MAC Functions */ 950 951 void TEE_MACInit(TEE_OperationHandle operation, void *IV, uint32_t IVLen) 952 { 953 TEE_Result res; 954 955 if (operation == TEE_HANDLE_NULL) 956 TEE_Panic(0); 957 if (!operation->key1) 958 TEE_Panic(0); 959 if (operation->info.operationClass != TEE_OPERATION_MAC) 960 TEE_Panic(0); 961 /* 962 * Note : IV and IVLen are never used in current implementation 963 * This is why coherent values of IV and IVLen are not checked 964 */ 965 res = utee_hash_init(operation->state, IV, IVLen); 966 if (res != TEE_SUCCESS) 967 TEE_Panic(res); 968 operation->buffer_offs = 0; 969 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 970 } 971 972 void TEE_MACUpdate(TEE_OperationHandle operation, void *chunk, 973 uint32_t chunkSize) 974 { 975 TEE_Result res; 976 977 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 978 TEE_Panic(0); 979 if (operation->info.operationClass != TEE_OPERATION_MAC) 980 TEE_Panic(0); 981 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 982 TEE_Panic(0); 983 984 res = utee_hash_update(operation->state, chunk, chunkSize); 985 if (res != TEE_SUCCESS) 986 TEE_Panic(res); 987 } 988 989 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 990 void *message, uint32_t messageLen, 991 void *mac, uint32_t *macLen) 992 { 993 TEE_Result res; 994 995 if (operation == TEE_HANDLE_NULL || 996 (message == NULL && messageLen != 0) || 997 mac == NULL || 998 macLen == NULL) { 999 res = TEE_ERROR_BAD_PARAMETERS; 1000 goto out; 1001 } 1002 1003 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1004 res = TEE_ERROR_BAD_PARAMETERS; 1005 goto out; 1006 } 1007 1008 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1009 res = TEE_ERROR_BAD_PARAMETERS; 1010 goto out; 1011 } 1012 1013 res = utee_hash_final(operation->state, message, messageLen, mac, 1014 macLen); 1015 if (res != TEE_SUCCESS) 1016 goto out; 1017 1018 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1019 1020 out: 1021 if (res != TEE_SUCCESS && 1022 res != TEE_ERROR_SHORT_BUFFER) 1023 TEE_Panic(res); 1024 1025 return res; 1026 } 1027 1028 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1029 void *message, uint32_t messageLen, 1030 void *mac, uint32_t macLen) 1031 { 1032 TEE_Result res; 1033 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1034 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1035 1036 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1037 res = TEE_ERROR_BAD_PARAMETERS; 1038 goto out; 1039 } 1040 1041 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1042 res = TEE_ERROR_BAD_PARAMETERS; 1043 goto out; 1044 } 1045 1046 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1047 &computed_mac_size); 1048 if (res != TEE_SUCCESS) 1049 goto out; 1050 1051 if (computed_mac_size != macLen) { 1052 res = TEE_ERROR_MAC_INVALID; 1053 goto out; 1054 } 1055 1056 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) { 1057 res = TEE_ERROR_MAC_INVALID; 1058 goto out; 1059 } 1060 1061 out: 1062 if (res != TEE_SUCCESS && 1063 res != TEE_ERROR_MAC_INVALID) 1064 TEE_Panic(res); 1065 1066 return res; 1067 } 1068 1069 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1070 1071 TEE_Result TEE_AEInit(TEE_OperationHandle operation, void *nonce, 1072 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1073 uint32_t payloadLen) 1074 { 1075 TEE_Result res; 1076 1077 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1078 res = TEE_ERROR_BAD_PARAMETERS; 1079 goto out; 1080 } 1081 1082 if (operation->info.operationClass != TEE_OPERATION_AE) { 1083 res = TEE_ERROR_BAD_PARAMETERS; 1084 goto out; 1085 } 1086 1087 /* 1088 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1089 * in the implementation. But AES-GCM spec doesn't specify the tag len 1090 * according to the same principle so we have to check here instead to 1091 * be GP compliant. 1092 */ 1093 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1094 /* 1095 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1096 */ 1097 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1098 res = TEE_ERROR_NOT_SUPPORTED; 1099 goto out; 1100 } 1101 } 1102 1103 res = utee_authenc_init(operation->state, nonce, nonceLen, 1104 tagLen / 8, AADLen, payloadLen); 1105 if (res != TEE_SUCCESS) 1106 goto out; 1107 1108 operation->ae_tag_len = tagLen / 8; 1109 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1110 1111 out: 1112 if (res != TEE_SUCCESS && 1113 res != TEE_ERROR_NOT_SUPPORTED) 1114 TEE_Panic(res); 1115 1116 return res; 1117 } 1118 1119 void TEE_AEUpdateAAD(TEE_OperationHandle operation, void *AADdata, 1120 uint32_t AADdataLen) 1121 { 1122 TEE_Result res; 1123 1124 if (operation == TEE_HANDLE_NULL || 1125 (AADdata == NULL && AADdataLen != 0)) 1126 TEE_Panic(0); 1127 if (operation->info.operationClass != TEE_OPERATION_AE) 1128 TEE_Panic(0); 1129 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1130 TEE_Panic(0); 1131 1132 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1133 if (res != TEE_SUCCESS) 1134 TEE_Panic(res); 1135 } 1136 1137 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, void *srcData, 1138 uint32_t srcLen, void *destData, uint32_t *destLen) 1139 { 1140 TEE_Result res; 1141 size_t req_dlen; 1142 1143 if (operation == TEE_HANDLE_NULL || 1144 (srcData == NULL && srcLen != 0) || 1145 destLen == NULL || 1146 (destData == NULL && *destLen != 0)) { 1147 res = TEE_ERROR_BAD_PARAMETERS; 1148 goto out; 1149 } 1150 1151 if (operation->info.operationClass != TEE_OPERATION_AE) { 1152 res = TEE_ERROR_BAD_PARAMETERS; 1153 goto out; 1154 } 1155 1156 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1157 res = TEE_ERROR_BAD_PARAMETERS; 1158 goto out; 1159 } 1160 1161 /* 1162 * Check that required destLen is big enough before starting to feed 1163 * data to the algorithm. Errors during feeding of data are fatal as we 1164 * can't restore sync with this API. 1165 */ 1166 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1167 operation->block_size); 1168 if (*destLen < req_dlen) { 1169 *destLen = req_dlen; 1170 res = TEE_ERROR_SHORT_BUFFER; 1171 goto out; 1172 } 1173 1174 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1175 srcLen, destData, destLen); 1176 1177 out: 1178 if (res != TEE_SUCCESS && 1179 res != TEE_ERROR_SHORT_BUFFER) 1180 TEE_Panic(res); 1181 1182 return res; 1183 } 1184 1185 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1186 void *srcData, uint32_t srcLen, 1187 void *destData, uint32_t *destLen, void *tag, 1188 uint32_t *tagLen) 1189 { 1190 TEE_Result res; 1191 uint8_t *dst = destData; 1192 size_t acc_dlen = 0; 1193 uint32_t tmp_dlen; 1194 size_t req_dlen; 1195 1196 if (operation == TEE_HANDLE_NULL || 1197 (srcData == NULL && srcLen != 0) || 1198 destLen == NULL || 1199 (destData == NULL && *destLen != 0) || 1200 tag == NULL || tagLen == NULL) { 1201 res = TEE_ERROR_BAD_PARAMETERS; 1202 goto out; 1203 } 1204 1205 if (operation->info.operationClass != TEE_OPERATION_AE) { 1206 res = TEE_ERROR_BAD_PARAMETERS; 1207 goto out; 1208 } 1209 1210 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1211 res = TEE_ERROR_BAD_PARAMETERS; 1212 goto out; 1213 } 1214 1215 /* 1216 * Check that required destLen is big enough before starting to feed 1217 * data to the algorithm. Errors during feeding of data are fatal as we 1218 * can't restore sync with this API. 1219 */ 1220 req_dlen = operation->buffer_offs + srcLen; 1221 if (*destLen < req_dlen) { 1222 *destLen = req_dlen; 1223 res = TEE_ERROR_SHORT_BUFFER; 1224 goto out; 1225 } 1226 1227 /* 1228 * Need to check this before update_payload since sync would be lost if 1229 * we return short buffer after that. 1230 */ 1231 if (*tagLen < operation->ae_tag_len) { 1232 *tagLen = operation->ae_tag_len; 1233 res = TEE_ERROR_SHORT_BUFFER; 1234 goto out; 1235 } 1236 1237 tmp_dlen = *destLen - acc_dlen; 1238 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1239 srcLen, dst, &tmp_dlen); 1240 if (res != TEE_SUCCESS) 1241 goto out; 1242 1243 dst += tmp_dlen; 1244 acc_dlen += tmp_dlen; 1245 1246 tmp_dlen = *destLen - acc_dlen; 1247 res = utee_authenc_enc_final(operation->state, operation->buffer, 1248 operation->buffer_offs, dst, &tmp_dlen, 1249 tag, tagLen); 1250 if (res != TEE_SUCCESS) 1251 goto out; 1252 1253 acc_dlen += tmp_dlen; 1254 *destLen = acc_dlen; 1255 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1256 1257 out: 1258 if (res != TEE_SUCCESS && 1259 res != TEE_ERROR_SHORT_BUFFER) 1260 TEE_Panic(res); 1261 1262 return res; 1263 } 1264 1265 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1266 void *srcData, uint32_t srcLen, 1267 void *destData, uint32_t *destLen, void *tag, 1268 uint32_t tagLen) 1269 { 1270 TEE_Result res; 1271 uint8_t *dst = destData; 1272 size_t acc_dlen = 0; 1273 uint32_t tmp_dlen; 1274 size_t req_dlen; 1275 1276 if (operation == TEE_HANDLE_NULL || 1277 (srcData == NULL && srcLen != 0) || 1278 destLen == NULL || 1279 (destData == NULL && *destLen != 0) || 1280 (tag == NULL && tagLen != 0)) { 1281 res = TEE_ERROR_BAD_PARAMETERS; 1282 goto out; 1283 } 1284 1285 if (operation->info.operationClass != TEE_OPERATION_AE) { 1286 res = TEE_ERROR_BAD_PARAMETERS; 1287 goto out; 1288 } 1289 1290 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1291 res = TEE_ERROR_BAD_PARAMETERS; 1292 goto out; 1293 } 1294 1295 /* 1296 * Check that required destLen is big enough before starting to feed 1297 * data to the algorithm. Errors during feeding of data are fatal as we 1298 * can't restore sync with this API. 1299 */ 1300 req_dlen = operation->buffer_offs + srcLen; 1301 if (*destLen < req_dlen) { 1302 *destLen = req_dlen; 1303 res = TEE_ERROR_SHORT_BUFFER; 1304 goto out; 1305 } 1306 1307 tmp_dlen = *destLen - acc_dlen; 1308 res = tee_buffer_update(operation, utee_authenc_update_payload, srcData, 1309 srcLen, dst, &tmp_dlen); 1310 if (res != TEE_SUCCESS) 1311 goto out; 1312 1313 dst += tmp_dlen; 1314 acc_dlen += tmp_dlen; 1315 1316 tmp_dlen = *destLen - acc_dlen; 1317 res = utee_authenc_dec_final(operation->state, operation->buffer, 1318 operation->buffer_offs, dst, &tmp_dlen, 1319 tag, tagLen); 1320 if (res != TEE_SUCCESS) 1321 goto out; 1322 1323 /* Supplied tagLen should match what we initiated with */ 1324 if (tagLen != operation->ae_tag_len) 1325 res = TEE_ERROR_MAC_INVALID; 1326 1327 acc_dlen += tmp_dlen; 1328 1329 *destLen = acc_dlen; 1330 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1331 1332 out: 1333 if (res != TEE_SUCCESS && 1334 res != TEE_ERROR_SHORT_BUFFER && 1335 res != TEE_ERROR_MAC_INVALID) 1336 TEE_Panic(res); 1337 1338 return res; 1339 } 1340 1341 /* Cryptographic Operations API - Asymmetric Functions */ 1342 1343 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1344 TEE_Attribute *params, 1345 uint32_t paramCount, void *srcData, 1346 uint32_t srcLen, void *destData, 1347 uint32_t *destLen) 1348 { 1349 TEE_Result res; 1350 1351 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1352 destLen == NULL || (destData == NULL && *destLen != 0)) 1353 TEE_Panic(0); 1354 if (params == NULL && paramCount != 0) 1355 TEE_Panic(0); 1356 if (!operation->key1) 1357 TEE_Panic(0); 1358 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1359 TEE_Panic(0); 1360 if (operation->info.mode != TEE_MODE_ENCRYPT) 1361 TEE_Panic(0); 1362 1363 res = utee_asymm_operate(operation->state, params, paramCount, srcData, 1364 srcLen, destData, destLen); 1365 1366 if (res != TEE_SUCCESS && 1367 res != TEE_ERROR_SHORT_BUFFER && 1368 res != TEE_ERROR_BAD_PARAMETERS) 1369 TEE_Panic(res); 1370 1371 return res; 1372 } 1373 1374 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1375 TEE_Attribute *params, 1376 uint32_t paramCount, void *srcData, 1377 uint32_t srcLen, void *destData, 1378 uint32_t *destLen) 1379 { 1380 TEE_Result res; 1381 1382 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1383 destLen == NULL || (destData == NULL && *destLen != 0)) 1384 TEE_Panic(0); 1385 if (params == NULL && paramCount != 0) 1386 TEE_Panic(0); 1387 if (!operation->key1) 1388 TEE_Panic(0); 1389 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1390 TEE_Panic(0); 1391 if (operation->info.mode != TEE_MODE_DECRYPT) 1392 TEE_Panic(0); 1393 1394 res = utee_asymm_operate(operation->state, params, paramCount, srcData, 1395 srcLen, destData, destLen); 1396 1397 if (res != TEE_SUCCESS && 1398 res != TEE_ERROR_SHORT_BUFFER && 1399 res != TEE_ERROR_BAD_PARAMETERS) 1400 TEE_Panic(res); 1401 1402 return res; 1403 } 1404 1405 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1406 TEE_Attribute *params, 1407 uint32_t paramCount, void *digest, 1408 uint32_t digestLen, void *signature, 1409 uint32_t *signatureLen) 1410 { 1411 TEE_Result res; 1412 1413 if (operation == TEE_HANDLE_NULL || 1414 (digest == NULL && digestLen != 0) || 1415 signature == NULL || signatureLen == NULL) 1416 TEE_Panic(0); 1417 if (params == NULL && paramCount != 0) 1418 TEE_Panic(0); 1419 if (!operation->key1) 1420 TEE_Panic(0); 1421 if (operation->info.operationClass != 1422 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1423 TEE_Panic(0); 1424 if (operation->info.mode != TEE_MODE_SIGN) 1425 TEE_Panic(0); 1426 1427 res = utee_asymm_operate(operation->state, params, paramCount, digest, 1428 digestLen, signature, signatureLen); 1429 1430 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1431 TEE_Panic(res); 1432 1433 return res; 1434 } 1435 1436 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1437 TEE_Attribute *params, 1438 uint32_t paramCount, void *digest, 1439 uint32_t digestLen, void *signature, 1440 uint32_t signatureLen) 1441 { 1442 TEE_Result res; 1443 1444 if (operation == TEE_HANDLE_NULL || 1445 (digest == NULL && digestLen != 0) || 1446 (signature == NULL && signatureLen != 0)) 1447 TEE_Panic(0); 1448 if (params == NULL && paramCount != 0) 1449 TEE_Panic(0); 1450 if (!operation->key1) 1451 TEE_Panic(0); 1452 if (operation->info.operationClass != 1453 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1454 TEE_Panic(0); 1455 if (operation->info.mode != TEE_MODE_VERIFY) 1456 TEE_Panic(0); 1457 1458 res = utee_asymm_verify(operation->state, params, paramCount, digest, 1459 digestLen, signature, signatureLen); 1460 1461 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1462 TEE_Panic(res); 1463 1464 return res; 1465 } 1466 1467 /* Cryptographic Operations API - Key Derivation Functions */ 1468 1469 void TEE_DeriveKey(TEE_OperationHandle operation, 1470 const TEE_Attribute *params, uint32_t paramCount, 1471 TEE_ObjectHandle derivedKey) 1472 { 1473 TEE_Result res; 1474 TEE_ObjectInfo key_info; 1475 1476 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1477 TEE_Panic(0); 1478 if (paramCount != 0 && params == NULL) 1479 TEE_Panic(0); 1480 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1481 TEE_OPERATION_KEY_DERIVATION) 1482 TEE_Panic(0); 1483 1484 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1485 TEE_Panic(0); 1486 if (operation->info.mode != TEE_MODE_DERIVE) 1487 TEE_Panic(0); 1488 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1489 TEE_Panic(0); 1490 1491 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1492 if (res != TEE_SUCCESS) 1493 TEE_Panic(0); 1494 1495 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1496 TEE_Panic(0); 1497 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1498 TEE_Panic(0); 1499 1500 res = utee_cryp_derive_key(operation->state, params, paramCount, 1501 (uint32_t) derivedKey); 1502 if (res != TEE_SUCCESS) 1503 TEE_Panic(res); 1504 } 1505 1506 /* Cryptographic Operations API - Random Number Generation Functions */ 1507 1508 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1509 { 1510 TEE_Result res; 1511 1512 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1513 if (res != TEE_SUCCESS) 1514 TEE_Panic(res); 1515 } 1516