1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <config.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <string_ext.h> 10 #include <tee_api.h> 11 #include <tee_api_defines_extensions.h> 12 #include <tee_internal_api_extensions.h> 13 #include <utee_syscalls.h> 14 #include <utee_defines.h> 15 #include <util.h> 16 #include "tee_api_private.h" 17 18 struct __TEE_OperationHandle { 19 TEE_OperationInfo info; 20 TEE_ObjectHandle key1; 21 TEE_ObjectHandle key2; 22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 23 uint8_t *buffer; /* buffer to collect complete blocks */ 24 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 25 size_t block_size; /* Block size of cipher */ 26 size_t buffer_offs; /* Offset in buffer */ 27 uint32_t state; /* Handle to state in TEE Core */ 28 }; 29 30 /* Cryptographic Operations API - Generic Operation Functions */ 31 32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 33 uint32_t algorithm, uint32_t mode, 34 uint32_t maxKeySize) 35 { 36 TEE_Result res; 37 TEE_OperationHandle op = TEE_HANDLE_NULL; 38 uint32_t handle_state = 0; 39 size_t block_size = 1; 40 uint32_t req_key_usage; 41 bool with_private_key = false; 42 bool buffer_two_blocks = false; 43 44 if (!operation) 45 TEE_Panic(0); 46 47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP) 48 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 49 50 /* Check algorithm max key size */ 51 switch (algorithm) { 52 case TEE_ALG_DSA_SHA1: 53 if (maxKeySize < 512) 54 return TEE_ERROR_NOT_SUPPORTED; 55 if (maxKeySize > 1024) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize % 64 != 0) 58 return TEE_ERROR_NOT_SUPPORTED; 59 break; 60 61 case TEE_ALG_DSA_SHA224: 62 if (maxKeySize != 2048) 63 return TEE_ERROR_NOT_SUPPORTED; 64 break; 65 66 case TEE_ALG_DSA_SHA256: 67 if (maxKeySize != 2048 && maxKeySize != 3072) 68 return TEE_ERROR_NOT_SUPPORTED; 69 break; 70 71 case TEE_ALG_ECDSA_P192: 72 case TEE_ALG_ECDH_P192: 73 if (maxKeySize != 192) 74 return TEE_ERROR_NOT_SUPPORTED; 75 break; 76 77 case TEE_ALG_ECDSA_P224: 78 case TEE_ALG_ECDH_P224: 79 if (maxKeySize != 224) 80 return TEE_ERROR_NOT_SUPPORTED; 81 break; 82 83 case TEE_ALG_ECDSA_P256: 84 case TEE_ALG_ECDH_P256: 85 case TEE_ALG_SM2_PKE: 86 case TEE_ALG_SM2_DSA_SM3: 87 if (maxKeySize != 256) 88 return TEE_ERROR_NOT_SUPPORTED; 89 break; 90 91 case TEE_ALG_SM2_KEP: 92 /* Two 256-bit keys */ 93 if (maxKeySize != 512) 94 return TEE_ERROR_NOT_SUPPORTED; 95 break; 96 97 case TEE_ALG_ECDSA_P384: 98 case TEE_ALG_ECDH_P384: 99 if (maxKeySize != 384) 100 return TEE_ERROR_NOT_SUPPORTED; 101 break; 102 103 case TEE_ALG_ECDSA_P521: 104 case TEE_ALG_ECDH_P521: 105 if (maxKeySize != 521) 106 return TEE_ERROR_NOT_SUPPORTED; 107 break; 108 case TEE_ALG_ED25519: 109 case TEE_ALG_X25519: 110 if (maxKeySize != 256) 111 return TEE_ERROR_NOT_SUPPORTED; 112 break; 113 default: 114 break; 115 } 116 117 /* Check algorithm mode (and maxKeySize for digests) */ 118 switch (algorithm) { 119 case TEE_ALG_AES_CTS: 120 case TEE_ALG_AES_XTS: 121 buffer_two_blocks = true; 122 fallthrough; 123 case TEE_ALG_AES_ECB_NOPAD: 124 case TEE_ALG_AES_CBC_NOPAD: 125 case TEE_ALG_AES_CCM: 126 case TEE_ALG_DES_ECB_NOPAD: 127 case TEE_ALG_DES_CBC_NOPAD: 128 case TEE_ALG_DES3_ECB_NOPAD: 129 case TEE_ALG_DES3_CBC_NOPAD: 130 case TEE_ALG_SM4_ECB_NOPAD: 131 case TEE_ALG_SM4_CBC_NOPAD: 132 case TEE_ALG_SM4_CTR: 133 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 134 block_size = TEE_AES_BLOCK_SIZE; 135 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 136 block_size = TEE_SM4_BLOCK_SIZE; 137 else 138 block_size = TEE_DES_BLOCK_SIZE; 139 fallthrough; 140 case TEE_ALG_AES_CTR: 141 case TEE_ALG_AES_GCM: 142 if (mode == TEE_MODE_ENCRYPT) 143 req_key_usage = TEE_USAGE_ENCRYPT; 144 else if (mode == TEE_MODE_DECRYPT) 145 req_key_usage = TEE_USAGE_DECRYPT; 146 else 147 return TEE_ERROR_NOT_SUPPORTED; 148 break; 149 150 #if defined(CFG_CRYPTO_RSASSA_NA1) 151 case TEE_ALG_RSASSA_PKCS1_V1_5: 152 #endif 153 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 154 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 159 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 164 case TEE_ALG_DSA_SHA1: 165 case TEE_ALG_DSA_SHA224: 166 case TEE_ALG_DSA_SHA256: 167 case TEE_ALG_ECDSA_P192: 168 case TEE_ALG_ECDSA_P224: 169 case TEE_ALG_ECDSA_P256: 170 case TEE_ALG_ECDSA_P384: 171 case TEE_ALG_ECDSA_P521: 172 case TEE_ALG_SM2_DSA_SM3: 173 case TEE_ALG_ED25519: 174 if (mode == TEE_MODE_SIGN) { 175 with_private_key = true; 176 req_key_usage = TEE_USAGE_SIGN; 177 } else if (mode == TEE_MODE_VERIFY) { 178 req_key_usage = TEE_USAGE_VERIFY; 179 } else { 180 return TEE_ERROR_NOT_SUPPORTED; 181 } 182 break; 183 184 case TEE_ALG_RSAES_PKCS1_V1_5: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 189 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 190 case TEE_ALG_SM2_PKE: 191 if (mode == TEE_MODE_ENCRYPT) { 192 req_key_usage = TEE_USAGE_ENCRYPT; 193 } else if (mode == TEE_MODE_DECRYPT) { 194 with_private_key = true; 195 req_key_usage = TEE_USAGE_DECRYPT; 196 } else { 197 return TEE_ERROR_NOT_SUPPORTED; 198 } 199 break; 200 201 case TEE_ALG_RSA_NOPAD: 202 if (mode == TEE_MODE_ENCRYPT) { 203 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 204 } else if (mode == TEE_MODE_DECRYPT) { 205 with_private_key = true; 206 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 207 } else { 208 return TEE_ERROR_NOT_SUPPORTED; 209 } 210 break; 211 212 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 213 case TEE_ALG_ECDH_P192: 214 case TEE_ALG_ECDH_P224: 215 case TEE_ALG_ECDH_P256: 216 case TEE_ALG_ECDH_P384: 217 case TEE_ALG_ECDH_P521: 218 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 222 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 223 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 227 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 228 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 229 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 230 case TEE_ALG_SM2_KEP: 231 case TEE_ALG_X25519: 232 if (mode != TEE_MODE_DERIVE) 233 return TEE_ERROR_NOT_SUPPORTED; 234 with_private_key = true; 235 req_key_usage = TEE_USAGE_DERIVE; 236 break; 237 238 case TEE_ALG_MD5: 239 case TEE_ALG_SHA1: 240 case TEE_ALG_SHA224: 241 case TEE_ALG_SHA256: 242 case TEE_ALG_SHA384: 243 case TEE_ALG_SHA512: 244 case TEE_ALG_SM3: 245 if (mode != TEE_MODE_DIGEST) 246 return TEE_ERROR_NOT_SUPPORTED; 247 if (maxKeySize) 248 return TEE_ERROR_NOT_SUPPORTED; 249 /* v1.1: flags always set for digest operations */ 250 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 251 req_key_usage = 0; 252 break; 253 254 case TEE_ALG_DES_CBC_MAC_NOPAD: 255 case TEE_ALG_AES_CBC_MAC_NOPAD: 256 case TEE_ALG_AES_CBC_MAC_PKCS5: 257 case TEE_ALG_AES_CMAC: 258 case TEE_ALG_DES_CBC_MAC_PKCS5: 259 case TEE_ALG_DES3_CBC_MAC_NOPAD: 260 case TEE_ALG_DES3_CBC_MAC_PKCS5: 261 case TEE_ALG_DES3_CMAC: 262 case TEE_ALG_HMAC_MD5: 263 case TEE_ALG_HMAC_SHA1: 264 case TEE_ALG_HMAC_SHA224: 265 case TEE_ALG_HMAC_SHA256: 266 case TEE_ALG_HMAC_SHA384: 267 case TEE_ALG_HMAC_SHA512: 268 case TEE_ALG_HMAC_SM3: 269 if (mode != TEE_MODE_MAC) 270 return TEE_ERROR_NOT_SUPPORTED; 271 req_key_usage = TEE_USAGE_MAC; 272 break; 273 274 default: 275 return TEE_ERROR_NOT_SUPPORTED; 276 } 277 278 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 279 if (!op) 280 return TEE_ERROR_OUT_OF_MEMORY; 281 282 op->info.algorithm = algorithm; 283 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 284 #ifdef CFG_CRYPTO_RSASSA_NA1 285 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 286 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 287 #endif 288 op->info.mode = mode; 289 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 290 op->info.maxKeySize = maxKeySize; 291 op->info.requiredKeyUsage = req_key_usage; 292 op->info.handleState = handle_state; 293 294 if (block_size > 1) { 295 size_t buffer_size = block_size; 296 297 if (buffer_two_blocks) 298 buffer_size *= 2; 299 300 op->buffer = TEE_Malloc(buffer_size, 301 TEE_USER_MEM_HINT_NO_FILL_ZERO); 302 if (op->buffer == NULL) { 303 res = TEE_ERROR_OUT_OF_MEMORY; 304 goto out; 305 } 306 } 307 op->block_size = block_size; 308 op->buffer_two_blocks = buffer_two_blocks; 309 310 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 311 uint32_t mks = maxKeySize; 312 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 313 with_private_key); 314 315 /* 316 * If two keys are expected the max key size is the sum of 317 * the size of both keys. 318 */ 319 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 320 mks /= 2; 321 322 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 323 if (res != TEE_SUCCESS) 324 goto out; 325 326 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 327 res = TEE_AllocateTransientObject(key_type, mks, 328 &op->key2); 329 if (res != TEE_SUCCESS) 330 goto out; 331 } 332 } 333 334 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 335 (unsigned long)op->key2, &op->state); 336 if (res != TEE_SUCCESS) 337 goto out; 338 339 /* 340 * Initialize digest operations 341 * Other multi-stage operations initialized w/ TEE_xxxInit functions 342 * Non-applicable on asymmetric operations 343 */ 344 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 345 res = _utee_hash_init(op->state, NULL, 0); 346 if (res != TEE_SUCCESS) 347 goto out; 348 /* v1.1: flags always set for digest operations */ 349 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 350 } 351 352 op->operationState = TEE_OPERATION_STATE_INITIAL; 353 354 *operation = op; 355 356 out: 357 if (res != TEE_SUCCESS) { 358 if (res != TEE_ERROR_OUT_OF_MEMORY && 359 res != TEE_ERROR_NOT_SUPPORTED) 360 TEE_Panic(res); 361 if (op) { 362 if (op->state) { 363 TEE_FreeOperation(op); 364 } else { 365 TEE_Free(op->buffer); 366 TEE_FreeTransientObject(op->key1); 367 TEE_FreeTransientObject(op->key2); 368 TEE_Free(op); 369 } 370 } 371 } 372 373 return res; 374 } 375 376 void TEE_FreeOperation(TEE_OperationHandle operation) 377 { 378 TEE_Result res; 379 380 if (operation == TEE_HANDLE_NULL) 381 TEE_Panic(0); 382 383 /* 384 * Note that keys should not be freed here, since they are 385 * claimed by the operation they will be freed by 386 * utee_cryp_state_free(). 387 */ 388 res = _utee_cryp_state_free(operation->state); 389 if (res != TEE_SUCCESS) 390 TEE_Panic(res); 391 392 TEE_Free(operation->buffer); 393 TEE_Free(operation); 394 } 395 396 void TEE_GetOperationInfo(TEE_OperationHandle operation, 397 TEE_OperationInfo *operationInfo) 398 { 399 if (operation == TEE_HANDLE_NULL) 400 TEE_Panic(0); 401 402 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 403 404 *operationInfo = operation->info; 405 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 406 operationInfo->keySize = 0; 407 operationInfo->requiredKeyUsage = 0; 408 } 409 } 410 411 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 412 TEE_OperationInfoMultiple *op_info, 413 uint32_t *size) 414 { 415 TEE_Result res = TEE_SUCCESS; 416 TEE_ObjectInfo kinfo = { }; 417 size_t max_key_count = 0; 418 bool two_keys = false; 419 420 if (op == TEE_HANDLE_NULL) { 421 res = TEE_ERROR_BAD_PARAMETERS; 422 goto out; 423 } 424 425 __utee_check_outbuf_annotation(op_info, size); 426 427 if (*size < sizeof(*op_info)) { 428 res = TEE_ERROR_BAD_PARAMETERS; 429 goto out; 430 } 431 max_key_count = (*size - sizeof(*op_info)) / 432 sizeof(TEE_OperationInfoKey); 433 434 TEE_MemFill(op_info, 0, *size); 435 436 /* Two keys flag (TEE_ALG_AES_XTS only) */ 437 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 438 439 if (op->info.mode == TEE_MODE_DIGEST) { 440 op_info->numberOfKeys = 0; 441 } else if (!two_keys) { 442 if (max_key_count < 1) { 443 res = TEE_ERROR_SHORT_BUFFER; 444 goto out; 445 } 446 447 res = TEE_GetObjectInfo1(op->key1, &kinfo); 448 /* Key1 is not a valid handle, "can't happen". */ 449 if (res) 450 goto out; 451 452 op_info->keyInformation[0].keySize = kinfo.keySize; 453 op_info->keyInformation[0].requiredKeyUsage = 454 op->info.requiredKeyUsage; 455 op_info->numberOfKeys = 1; 456 } else { 457 if (max_key_count < 2) { 458 res = TEE_ERROR_SHORT_BUFFER; 459 goto out; 460 } 461 462 res = TEE_GetObjectInfo1(op->key1, &kinfo); 463 /* Key1 is not a valid handle, "can't happen". */ 464 if (res) 465 goto out; 466 467 op_info->keyInformation[0].keySize = kinfo.keySize; 468 op_info->keyInformation[0].requiredKeyUsage = 469 op->info.requiredKeyUsage; 470 471 res = TEE_GetObjectInfo1(op->key2, &kinfo); 472 /* Key2 is not a valid handle, "can't happen". */ 473 if (res) 474 goto out; 475 476 op_info->keyInformation[1].keySize = kinfo.keySize; 477 op_info->keyInformation[1].requiredKeyUsage = 478 op->info.requiredKeyUsage; 479 480 op_info->numberOfKeys = 2; 481 } 482 483 op_info->algorithm = op->info.algorithm; 484 op_info->operationClass = op->info.operationClass; 485 op_info->mode = op->info.mode; 486 op_info->digestLength = op->info.digestLength; 487 op_info->maxKeySize = op->info.maxKeySize; 488 op_info->handleState = op->info.handleState; 489 op_info->operationState = op->operationState; 490 491 out: 492 if (res != TEE_SUCCESS && 493 res != TEE_ERROR_SHORT_BUFFER) 494 TEE_Panic(res); 495 496 return res; 497 } 498 499 void TEE_ResetOperation(TEE_OperationHandle operation) 500 { 501 TEE_Result res; 502 503 if (operation == TEE_HANDLE_NULL) 504 TEE_Panic(0); 505 506 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 507 TEE_Panic(0); 508 509 operation->operationState = TEE_OPERATION_STATE_INITIAL; 510 511 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 512 res = _utee_hash_init(operation->state, NULL, 0); 513 if (res != TEE_SUCCESS) 514 TEE_Panic(res); 515 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 516 } else { 517 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 518 } 519 } 520 521 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 522 TEE_ObjectHandle key) 523 { 524 TEE_Result res; 525 uint32_t key_size = 0; 526 TEE_ObjectInfo key_info; 527 528 if (operation == TEE_HANDLE_NULL) { 529 res = TEE_ERROR_BAD_PARAMETERS; 530 goto out; 531 } 532 533 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 534 res = TEE_ERROR_BAD_PARAMETERS; 535 goto out; 536 } 537 538 if (key == TEE_HANDLE_NULL) { 539 /* Operation key cleared */ 540 TEE_ResetTransientObject(operation->key1); 541 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 542 return TEE_SUCCESS; 543 } 544 545 /* No key for digest operation */ 546 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 547 res = TEE_ERROR_BAD_PARAMETERS; 548 goto out; 549 } 550 551 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 552 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 553 0) { 554 res = TEE_ERROR_BAD_PARAMETERS; 555 goto out; 556 } 557 558 res = TEE_GetObjectInfo1(key, &key_info); 559 /* Key is not a valid handle */ 560 if (res != TEE_SUCCESS) 561 goto out; 562 563 /* Supplied key has to meet required usage */ 564 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 565 operation->info.requiredKeyUsage) { 566 res = TEE_ERROR_BAD_PARAMETERS; 567 goto out; 568 } 569 570 if (operation->info.maxKeySize < key_info.keySize) { 571 res = TEE_ERROR_BAD_PARAMETERS; 572 goto out; 573 } 574 575 key_size = key_info.keySize; 576 577 TEE_ResetTransientObject(operation->key1); 578 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 579 580 res = TEE_CopyObjectAttributes1(operation->key1, key); 581 if (res != TEE_SUCCESS) 582 goto out; 583 584 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 585 586 operation->info.keySize = key_size; 587 588 out: 589 if (res != TEE_SUCCESS && 590 res != TEE_ERROR_CORRUPT_OBJECT && 591 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 592 TEE_Panic(res); 593 594 return res; 595 } 596 597 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 598 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 599 { 600 TEE_Result res; 601 uint32_t key_size = 0; 602 TEE_ObjectInfo key_info1; 603 TEE_ObjectInfo key_info2; 604 605 if (operation == TEE_HANDLE_NULL) { 606 res = TEE_ERROR_BAD_PARAMETERS; 607 goto out; 608 } 609 610 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 611 res = TEE_ERROR_BAD_PARAMETERS; 612 goto out; 613 } 614 615 /* 616 * Key1/Key2 and/or are not initialized and 617 * Either both keys are NULL or both are not NULL 618 */ 619 if (!key1 && !key2) { 620 /* Clear the keys */ 621 TEE_ResetTransientObject(operation->key1); 622 TEE_ResetTransientObject(operation->key2); 623 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 624 return TEE_SUCCESS; 625 } else if (!key1 || !key2) { 626 /* Both keys are obviously not valid. */ 627 res = TEE_ERROR_BAD_PARAMETERS; 628 goto out; 629 } 630 631 /* No key for digest operation */ 632 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 633 res = TEE_ERROR_BAD_PARAMETERS; 634 goto out; 635 } 636 637 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 638 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 639 0) { 640 res = TEE_ERROR_BAD_PARAMETERS; 641 goto out; 642 } 643 644 res = TEE_GetObjectInfo1(key1, &key_info1); 645 /* Key1 is not a valid handle */ 646 if (res != TEE_SUCCESS) 647 goto out; 648 649 /* Supplied key has to meet required usage */ 650 if ((key_info1.objectUsage & operation->info. 651 requiredKeyUsage) != operation->info.requiredKeyUsage) { 652 res = TEE_ERROR_BAD_PARAMETERS; 653 goto out; 654 } 655 656 res = TEE_GetObjectInfo1(key2, &key_info2); 657 /* Key2 is not a valid handle */ 658 if (res != TEE_SUCCESS) { 659 if (res == TEE_ERROR_CORRUPT_OBJECT) 660 res = TEE_ERROR_CORRUPT_OBJECT_2; 661 goto out; 662 } 663 664 /* Supplied key has to meet required usage */ 665 if ((key_info2.objectUsage & operation->info. 666 requiredKeyUsage) != operation->info.requiredKeyUsage) { 667 res = TEE_ERROR_BAD_PARAMETERS; 668 goto out; 669 } 670 671 /* 672 * All the multi key algorithm currently supported requires the keys to 673 * be of equal size. 674 */ 675 if (key_info1.keySize != key_info2.keySize) { 676 res = TEE_ERROR_BAD_PARAMETERS; 677 goto out; 678 679 } 680 681 if (operation->info.maxKeySize < key_info1.keySize) { 682 res = TEE_ERROR_BAD_PARAMETERS; 683 goto out; 684 } 685 686 /* 687 * Odd that only the size of one key should be reported while 688 * size of two key are used when allocating the operation. 689 */ 690 key_size = key_info1.keySize; 691 692 TEE_ResetTransientObject(operation->key1); 693 TEE_ResetTransientObject(operation->key2); 694 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 695 696 res = TEE_CopyObjectAttributes1(operation->key1, key1); 697 if (res != TEE_SUCCESS) 698 goto out; 699 res = TEE_CopyObjectAttributes1(operation->key2, key2); 700 if (res != TEE_SUCCESS) { 701 if (res == TEE_ERROR_CORRUPT_OBJECT) 702 res = TEE_ERROR_CORRUPT_OBJECT_2; 703 goto out; 704 } 705 706 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 707 708 operation->info.keySize = key_size; 709 710 out: 711 if (res != TEE_SUCCESS && 712 res != TEE_ERROR_CORRUPT_OBJECT && 713 res != TEE_ERROR_CORRUPT_OBJECT_2 && 714 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 715 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 716 TEE_Panic(res); 717 718 return res; 719 } 720 721 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 722 { 723 TEE_Result res; 724 725 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 726 TEE_Panic(0); 727 if (dst_op->info.algorithm != src_op->info.algorithm) 728 TEE_Panic(0); 729 if (dst_op->info.mode != src_op->info.mode) 730 TEE_Panic(0); 731 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 732 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 733 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 734 735 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 736 key1 = src_op->key1; 737 key2 = src_op->key2; 738 } 739 740 if ((src_op->info.handleState & 741 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 742 TEE_SetOperationKey(dst_op, key1); 743 } else { 744 TEE_SetOperationKey2(dst_op, key1, key2); 745 } 746 } 747 dst_op->info.handleState = src_op->info.handleState; 748 dst_op->info.keySize = src_op->info.keySize; 749 dst_op->info.digestLength = src_op->info.digestLength; 750 dst_op->operationState = src_op->operationState; 751 752 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 753 dst_op->block_size != src_op->block_size) 754 TEE_Panic(0); 755 756 if (dst_op->buffer != NULL) { 757 if (src_op->buffer == NULL) 758 TEE_Panic(0); 759 760 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 761 dst_op->buffer_offs = src_op->buffer_offs; 762 } else if (src_op->buffer != NULL) { 763 TEE_Panic(0); 764 } 765 766 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 767 if (res != TEE_SUCCESS) 768 TEE_Panic(res); 769 } 770 771 /* Cryptographic Operations API - Message Digest Functions */ 772 773 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 774 uint32_t IVLen) 775 { 776 TEE_Result res; 777 778 /* 779 * Note : IV and IVLen are never used in current implementation 780 * This is why coherent values of IV and IVLen are not checked 781 */ 782 res = _utee_hash_init(operation->state, IV, IVLen); 783 if (res != TEE_SUCCESS) 784 TEE_Panic(res); 785 operation->buffer_offs = 0; 786 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 787 } 788 789 void TEE_DigestUpdate(TEE_OperationHandle operation, 790 const void *chunk, uint32_t chunkSize) 791 { 792 TEE_Result res = TEE_ERROR_GENERIC; 793 794 if (operation == TEE_HANDLE_NULL || 795 operation->info.operationClass != TEE_OPERATION_DIGEST) 796 TEE_Panic(0); 797 798 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 799 800 res = _utee_hash_update(operation->state, chunk, chunkSize); 801 if (res != TEE_SUCCESS) 802 TEE_Panic(res); 803 } 804 805 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 806 uint32_t chunkLen, void *hash, uint32_t *hashLen) 807 { 808 TEE_Result res; 809 uint64_t hl; 810 811 if ((operation == TEE_HANDLE_NULL) || 812 (!chunk && chunkLen) || 813 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 814 res = TEE_ERROR_BAD_PARAMETERS; 815 goto out; 816 } 817 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 818 819 hl = *hashLen; 820 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 821 *hashLen = hl; 822 if (res != TEE_SUCCESS) 823 goto out; 824 825 /* Reset operation state */ 826 init_hash_operation(operation, NULL, 0); 827 828 operation->operationState = TEE_OPERATION_STATE_INITIAL; 829 830 out: 831 if (res != TEE_SUCCESS && 832 res != TEE_ERROR_SHORT_BUFFER) 833 TEE_Panic(res); 834 835 return res; 836 } 837 838 /* Cryptographic Operations API - Symmetric Cipher Functions */ 839 840 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 841 uint32_t IVLen) 842 { 843 TEE_Result res; 844 845 if (operation == TEE_HANDLE_NULL) 846 TEE_Panic(0); 847 848 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 849 TEE_Panic(0); 850 851 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 852 !(operation->key1)) 853 TEE_Panic(0); 854 855 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 856 TEE_ResetOperation(operation); 857 858 if (IV && IVLen) { 859 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 860 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 861 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 862 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 863 TEE_Panic(0); 864 } 865 866 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 867 868 res = _utee_cipher_init(operation->state, IV, IVLen); 869 if (res != TEE_SUCCESS) 870 TEE_Panic(res); 871 872 operation->buffer_offs = 0; 873 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 874 } 875 876 static TEE_Result tee_buffer_update( 877 TEE_OperationHandle op, 878 TEE_Result(*update_func)(unsigned long state, const void *src, 879 size_t slen, void *dst, uint64_t *dlen), 880 const void *src_data, size_t src_len, 881 void *dest_data, uint64_t *dest_len) 882 { 883 TEE_Result res; 884 const uint8_t *src = src_data; 885 size_t slen = src_len; 886 uint8_t *dst = dest_data; 887 size_t dlen = *dest_len; 888 size_t acc_dlen = 0; 889 uint64_t tmp_dlen; 890 size_t l; 891 size_t buffer_size; 892 size_t buffer_left; 893 894 if (!src) { 895 if (slen) 896 TEE_Panic(0); 897 goto out; 898 } 899 900 if (op->buffer_two_blocks) { 901 buffer_size = op->block_size * 2; 902 buffer_left = 1; 903 } else { 904 buffer_size = op->block_size; 905 buffer_left = 0; 906 } 907 908 if (op->buffer_offs > 0) { 909 /* Fill up complete block */ 910 if (op->buffer_offs < op->block_size) 911 l = MIN(slen, op->block_size - op->buffer_offs); 912 else 913 l = MIN(slen, buffer_size - op->buffer_offs); 914 memcpy(op->buffer + op->buffer_offs, src, l); 915 op->buffer_offs += l; 916 src += l; 917 slen -= l; 918 if ((op->buffer_offs % op->block_size) != 0) 919 goto out; /* Nothing left to do */ 920 } 921 922 /* If we can feed from buffer */ 923 if ((op->buffer_offs > 0) && 924 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 925 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 926 op->block_size); 927 l = MIN(op->buffer_offs, l); 928 tmp_dlen = dlen; 929 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 930 if (res != TEE_SUCCESS) 931 TEE_Panic(res); 932 dst += tmp_dlen; 933 dlen -= tmp_dlen; 934 acc_dlen += tmp_dlen; 935 op->buffer_offs -= l; 936 if (op->buffer_offs > 0) { 937 /* 938 * Slen is small enough to be contained in rest buffer. 939 */ 940 memcpy(op->buffer, op->buffer + l, buffer_size - l); 941 memcpy(op->buffer + op->buffer_offs, src, slen); 942 op->buffer_offs += slen; 943 goto out; /* Nothing left to do */ 944 } 945 } 946 947 if (slen >= (buffer_size + buffer_left)) { 948 /* Buffer is empty, feed as much as possible from src */ 949 if (op->info.algorithm == TEE_ALG_AES_CTS) 950 l = ROUNDUP(slen - buffer_size, op->block_size); 951 else 952 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 953 954 tmp_dlen = dlen; 955 res = update_func(op->state, src, l, dst, &tmp_dlen); 956 if (res != TEE_SUCCESS) 957 TEE_Panic(res); 958 src += l; 959 slen -= l; 960 dst += tmp_dlen; 961 dlen -= tmp_dlen; 962 acc_dlen += tmp_dlen; 963 } 964 965 /* Slen is small enough to be contained in buffer. */ 966 memcpy(op->buffer + op->buffer_offs, src, slen); 967 op->buffer_offs += slen; 968 969 out: 970 *dest_len = acc_dlen; 971 return TEE_SUCCESS; 972 } 973 974 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 975 uint32_t srcLen, void *destData, uint32_t *destLen) 976 { 977 TEE_Result res; 978 size_t req_dlen; 979 uint64_t dl; 980 981 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 982 res = TEE_ERROR_BAD_PARAMETERS; 983 goto out; 984 } 985 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 986 987 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 988 res = TEE_ERROR_BAD_PARAMETERS; 989 goto out; 990 } 991 992 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 993 res = TEE_ERROR_BAD_PARAMETERS; 994 goto out; 995 } 996 997 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 998 res = TEE_ERROR_BAD_PARAMETERS; 999 goto out; 1000 } 1001 1002 if (!srcData && !srcLen) { 1003 *destLen = 0; 1004 res = TEE_SUCCESS; 1005 goto out; 1006 } 1007 1008 /* Calculate required dlen */ 1009 if (operation->block_size > 1) { 1010 req_dlen = ((operation->buffer_offs + srcLen) / 1011 operation->block_size) * operation->block_size; 1012 } else { 1013 req_dlen = srcLen; 1014 } 1015 if (operation->buffer_two_blocks) { 1016 if (req_dlen > operation->block_size * 2) 1017 req_dlen -= operation->block_size * 2; 1018 else 1019 req_dlen = 0; 1020 } 1021 /* 1022 * Check that required destLen is big enough before starting to feed 1023 * data to the algorithm. Errors during feeding of data are fatal as we 1024 * can't restore sync with this API. 1025 */ 1026 if (*destLen < req_dlen) { 1027 *destLen = req_dlen; 1028 res = TEE_ERROR_SHORT_BUFFER; 1029 goto out; 1030 } 1031 1032 dl = *destLen; 1033 if (operation->block_size > 1) { 1034 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1035 srcLen, destData, &dl); 1036 } else { 1037 if (srcLen > 0) { 1038 res = _utee_cipher_update(operation->state, srcData, 1039 srcLen, destData, &dl); 1040 } else { 1041 res = TEE_SUCCESS; 1042 dl = 0; 1043 } 1044 } 1045 *destLen = dl; 1046 1047 out: 1048 if (res != TEE_SUCCESS && 1049 res != TEE_ERROR_SHORT_BUFFER) 1050 TEE_Panic(res); 1051 1052 return res; 1053 } 1054 1055 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1056 const void *srcData, uint32_t srcLen, 1057 void *destData, uint32_t *destLen) 1058 { 1059 TEE_Result res = TEE_SUCCESS; 1060 uint8_t *dst = destData; 1061 size_t acc_dlen = 0; 1062 uint64_t tmp_dlen = 0; 1063 size_t req_dlen = 0; 1064 1065 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1066 res = TEE_ERROR_BAD_PARAMETERS; 1067 goto out; 1068 } 1069 if (destLen) 1070 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1071 1072 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1073 res = TEE_ERROR_BAD_PARAMETERS; 1074 goto out; 1075 } 1076 1077 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1078 res = TEE_ERROR_BAD_PARAMETERS; 1079 goto out; 1080 } 1081 1082 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1083 res = TEE_ERROR_BAD_PARAMETERS; 1084 goto out; 1085 } 1086 1087 /* 1088 * Check that the final block doesn't require padding for those 1089 * algorithms that requires client to supply padding. 1090 */ 1091 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1092 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1093 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1094 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1095 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1096 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1097 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1098 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1099 if (((operation->buffer_offs + srcLen) % operation->block_size) 1100 != 0) { 1101 res = TEE_ERROR_BAD_PARAMETERS; 1102 goto out; 1103 } 1104 } 1105 1106 /* 1107 * Check that required destLen is big enough before starting to feed 1108 * data to the algorithm. Errors during feeding of data are fatal as we 1109 * can't restore sync with this API. 1110 */ 1111 if (operation->block_size > 1) { 1112 req_dlen = operation->buffer_offs + srcLen; 1113 } else { 1114 req_dlen = srcLen; 1115 } 1116 if (destLen) 1117 tmp_dlen = *destLen; 1118 if (tmp_dlen < req_dlen) { 1119 if (destLen) 1120 *destLen = req_dlen; 1121 res = TEE_ERROR_SHORT_BUFFER; 1122 goto out; 1123 } 1124 1125 if (operation->block_size > 1) { 1126 if (srcLen) { 1127 res = tee_buffer_update(operation, _utee_cipher_update, 1128 srcData, srcLen, dst, 1129 &tmp_dlen); 1130 if (res != TEE_SUCCESS) 1131 goto out; 1132 1133 dst += tmp_dlen; 1134 acc_dlen += tmp_dlen; 1135 1136 tmp_dlen = *destLen - acc_dlen; 1137 } 1138 res = _utee_cipher_final(operation->state, operation->buffer, 1139 operation->buffer_offs, dst, 1140 &tmp_dlen); 1141 } else { 1142 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1143 &tmp_dlen); 1144 } 1145 if (res != TEE_SUCCESS) 1146 goto out; 1147 1148 acc_dlen += tmp_dlen; 1149 if (destLen) 1150 *destLen = acc_dlen; 1151 1152 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1153 1154 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1155 1156 out: 1157 if (res != TEE_SUCCESS && 1158 res != TEE_ERROR_SHORT_BUFFER) 1159 TEE_Panic(res); 1160 1161 return res; 1162 } 1163 1164 /* Cryptographic Operations API - MAC Functions */ 1165 1166 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1167 { 1168 if (operation == TEE_HANDLE_NULL) 1169 TEE_Panic(0); 1170 1171 if (operation->info.operationClass != TEE_OPERATION_MAC) 1172 TEE_Panic(0); 1173 1174 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1175 !(operation->key1)) 1176 TEE_Panic(0); 1177 1178 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1179 TEE_ResetOperation(operation); 1180 1181 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1182 1183 init_hash_operation(operation, IV, IVLen); 1184 } 1185 1186 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1187 uint32_t chunkSize) 1188 { 1189 TEE_Result res; 1190 1191 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1192 TEE_Panic(0); 1193 1194 if (operation->info.operationClass != TEE_OPERATION_MAC) 1195 TEE_Panic(0); 1196 1197 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1198 TEE_Panic(0); 1199 1200 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1201 TEE_Panic(0); 1202 1203 res = _utee_hash_update(operation->state, chunk, chunkSize); 1204 if (res != TEE_SUCCESS) 1205 TEE_Panic(res); 1206 } 1207 1208 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1209 const void *message, uint32_t messageLen, 1210 void *mac, uint32_t *macLen) 1211 { 1212 TEE_Result res; 1213 uint64_t ml; 1214 1215 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1216 res = TEE_ERROR_BAD_PARAMETERS; 1217 goto out; 1218 } 1219 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1220 1221 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1222 res = TEE_ERROR_BAD_PARAMETERS; 1223 goto out; 1224 } 1225 1226 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1227 res = TEE_ERROR_BAD_PARAMETERS; 1228 goto out; 1229 } 1230 1231 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1232 res = TEE_ERROR_BAD_PARAMETERS; 1233 goto out; 1234 } 1235 1236 ml = *macLen; 1237 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1238 *macLen = ml; 1239 if (res != TEE_SUCCESS) 1240 goto out; 1241 1242 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1243 1244 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1245 1246 out: 1247 if (res != TEE_SUCCESS && 1248 res != TEE_ERROR_SHORT_BUFFER) 1249 TEE_Panic(res); 1250 1251 return res; 1252 } 1253 1254 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1255 const void *message, uint32_t messageLen, 1256 const void *mac, uint32_t macLen) 1257 { 1258 TEE_Result res; 1259 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1260 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1261 1262 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1263 res = TEE_ERROR_BAD_PARAMETERS; 1264 goto out; 1265 } 1266 1267 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1268 res = TEE_ERROR_BAD_PARAMETERS; 1269 goto out; 1270 } 1271 1272 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1273 res = TEE_ERROR_BAD_PARAMETERS; 1274 goto out; 1275 } 1276 1277 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1278 &computed_mac_size); 1279 if (res != TEE_SUCCESS) 1280 goto out; 1281 1282 if (computed_mac_size != macLen) { 1283 res = TEE_ERROR_MAC_INVALID; 1284 goto out; 1285 } 1286 1287 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1288 res = TEE_ERROR_MAC_INVALID; 1289 goto out; 1290 } 1291 1292 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1293 1294 out: 1295 if (res != TEE_SUCCESS && 1296 res != TEE_ERROR_MAC_INVALID) 1297 TEE_Panic(res); 1298 1299 return res; 1300 } 1301 1302 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1303 1304 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1305 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1306 uint32_t payloadLen) 1307 { 1308 TEE_Result res; 1309 1310 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1311 res = TEE_ERROR_BAD_PARAMETERS; 1312 goto out; 1313 } 1314 1315 if (operation->info.operationClass != TEE_OPERATION_AE) { 1316 res = TEE_ERROR_BAD_PARAMETERS; 1317 goto out; 1318 } 1319 1320 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1321 res = TEE_ERROR_BAD_PARAMETERS; 1322 goto out; 1323 } 1324 1325 /* 1326 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1327 * in the implementation. But AES-GCM spec doesn't specify the tag len 1328 * according to the same principle so we have to check here instead to 1329 * be GP compliant. 1330 */ 1331 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1332 /* 1333 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1334 */ 1335 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1336 res = TEE_ERROR_NOT_SUPPORTED; 1337 goto out; 1338 } 1339 } 1340 1341 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1342 AADLen, payloadLen); 1343 if (res != TEE_SUCCESS) 1344 goto out; 1345 1346 operation->info.digestLength = tagLen / 8; 1347 operation->buffer_offs = 0; 1348 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1349 1350 out: 1351 if (res != TEE_SUCCESS && 1352 res != TEE_ERROR_NOT_SUPPORTED) 1353 TEE_Panic(res); 1354 1355 return res; 1356 } 1357 1358 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1359 uint32_t AADdataLen) 1360 { 1361 TEE_Result res; 1362 1363 if (operation == TEE_HANDLE_NULL || 1364 (AADdata == NULL && AADdataLen != 0)) 1365 TEE_Panic(0); 1366 1367 if (operation->info.operationClass != TEE_OPERATION_AE) 1368 TEE_Panic(0); 1369 1370 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1371 TEE_Panic(0); 1372 1373 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1374 1375 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1376 1377 if (res != TEE_SUCCESS) 1378 TEE_Panic(res); 1379 } 1380 1381 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1382 uint32_t srcLen, void *destData, uint32_t *destLen) 1383 { 1384 TEE_Result res = TEE_SUCCESS; 1385 size_t req_dlen = 0; 1386 uint64_t dl = 0; 1387 1388 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1389 res = TEE_ERROR_BAD_PARAMETERS; 1390 goto out; 1391 } 1392 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1393 1394 if (operation->info.operationClass != TEE_OPERATION_AE) { 1395 res = TEE_ERROR_BAD_PARAMETERS; 1396 goto out; 1397 } 1398 1399 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1400 res = TEE_ERROR_BAD_PARAMETERS; 1401 goto out; 1402 } 1403 1404 if (!srcData && !srcLen) { 1405 *destLen = 0; 1406 res = TEE_SUCCESS; 1407 goto out; 1408 } 1409 1410 /* 1411 * Check that required destLen is big enough before starting to feed 1412 * data to the algorithm. Errors during feeding of data are fatal as we 1413 * can't restore sync with this API. 1414 */ 1415 if (operation->block_size > 1) { 1416 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1417 operation->block_size); 1418 } else { 1419 req_dlen = srcLen; 1420 } 1421 1422 dl = *destLen; 1423 if (dl < req_dlen) { 1424 *destLen = req_dlen; 1425 res = TEE_ERROR_SHORT_BUFFER; 1426 goto out; 1427 } 1428 1429 if (operation->block_size > 1) { 1430 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1431 srcData, srcLen, destData, &dl); 1432 } else { 1433 if (srcLen > 0) { 1434 res = _utee_authenc_update_payload(operation->state, 1435 srcData, srcLen, 1436 destData, &dl); 1437 } else { 1438 dl = 0; 1439 res = TEE_SUCCESS; 1440 } 1441 } 1442 if (res != TEE_SUCCESS) 1443 goto out; 1444 1445 *destLen = dl; 1446 1447 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1448 1449 out: 1450 if (res != TEE_SUCCESS && 1451 res != TEE_ERROR_SHORT_BUFFER) 1452 TEE_Panic(res); 1453 1454 return res; 1455 } 1456 1457 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1458 const void *srcData, uint32_t srcLen, 1459 void *destData, uint32_t *destLen, void *tag, 1460 uint32_t *tagLen) 1461 { 1462 TEE_Result res; 1463 uint8_t *dst = destData; 1464 size_t acc_dlen = 0; 1465 uint64_t tmp_dlen; 1466 size_t req_dlen; 1467 uint64_t tl; 1468 1469 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1470 res = TEE_ERROR_BAD_PARAMETERS; 1471 goto out; 1472 } 1473 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1474 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1475 1476 if (operation->info.operationClass != TEE_OPERATION_AE) { 1477 res = TEE_ERROR_BAD_PARAMETERS; 1478 goto out; 1479 } 1480 1481 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1482 res = TEE_ERROR_BAD_PARAMETERS; 1483 goto out; 1484 } 1485 1486 /* 1487 * Check that required destLen is big enough before starting to feed 1488 * data to the algorithm. Errors during feeding of data are fatal as we 1489 * can't restore sync with this API. 1490 * 1491 * Need to check this before update_payload since sync would be lost if 1492 * we return short buffer after that. 1493 */ 1494 res = TEE_ERROR_GENERIC; 1495 1496 req_dlen = operation->buffer_offs + srcLen; 1497 if (*destLen < req_dlen) { 1498 *destLen = req_dlen; 1499 res = TEE_ERROR_SHORT_BUFFER; 1500 } 1501 1502 if (*tagLen < operation->info.digestLength) { 1503 *tagLen = operation->info.digestLength; 1504 res = TEE_ERROR_SHORT_BUFFER; 1505 } 1506 1507 if (res == TEE_ERROR_SHORT_BUFFER) 1508 goto out; 1509 1510 tl = *tagLen; 1511 tmp_dlen = *destLen - acc_dlen; 1512 if (operation->block_size > 1) { 1513 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1514 srcData, srcLen, dst, &tmp_dlen); 1515 if (res != TEE_SUCCESS) 1516 goto out; 1517 1518 dst += tmp_dlen; 1519 acc_dlen += tmp_dlen; 1520 1521 tmp_dlen = *destLen - acc_dlen; 1522 res = _utee_authenc_enc_final(operation->state, 1523 operation->buffer, 1524 operation->buffer_offs, dst, 1525 &tmp_dlen, tag, &tl); 1526 } else { 1527 res = _utee_authenc_enc_final(operation->state, srcData, 1528 srcLen, dst, &tmp_dlen, 1529 tag, &tl); 1530 } 1531 *tagLen = tl; 1532 if (res != TEE_SUCCESS) 1533 goto out; 1534 1535 acc_dlen += tmp_dlen; 1536 *destLen = acc_dlen; 1537 1538 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1539 1540 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1541 1542 out: 1543 if (res != TEE_SUCCESS && 1544 res != TEE_ERROR_SHORT_BUFFER) 1545 TEE_Panic(res); 1546 1547 return res; 1548 } 1549 1550 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1551 const void *srcData, uint32_t srcLen, 1552 void *destData, uint32_t *destLen, void *tag, 1553 uint32_t tagLen) 1554 { 1555 TEE_Result res; 1556 uint8_t *dst = destData; 1557 size_t acc_dlen = 0; 1558 uint64_t tmp_dlen; 1559 size_t req_dlen; 1560 1561 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1562 res = TEE_ERROR_BAD_PARAMETERS; 1563 goto out; 1564 } 1565 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1566 1567 if (operation->info.operationClass != TEE_OPERATION_AE) { 1568 res = TEE_ERROR_BAD_PARAMETERS; 1569 goto out; 1570 } 1571 1572 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1573 res = TEE_ERROR_BAD_PARAMETERS; 1574 goto out; 1575 } 1576 1577 /* 1578 * Check that required destLen is big enough before starting to feed 1579 * data to the algorithm. Errors during feeding of data are fatal as we 1580 * can't restore sync with this API. 1581 */ 1582 req_dlen = operation->buffer_offs + srcLen; 1583 if (*destLen < req_dlen) { 1584 *destLen = req_dlen; 1585 res = TEE_ERROR_SHORT_BUFFER; 1586 goto out; 1587 } 1588 1589 tmp_dlen = *destLen - acc_dlen; 1590 if (operation->block_size > 1) { 1591 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1592 srcData, srcLen, dst, &tmp_dlen); 1593 if (res != TEE_SUCCESS) 1594 goto out; 1595 1596 dst += tmp_dlen; 1597 acc_dlen += tmp_dlen; 1598 1599 tmp_dlen = *destLen - acc_dlen; 1600 res = _utee_authenc_dec_final(operation->state, 1601 operation->buffer, 1602 operation->buffer_offs, dst, 1603 &tmp_dlen, tag, tagLen); 1604 } else { 1605 res = _utee_authenc_dec_final(operation->state, srcData, 1606 srcLen, dst, &tmp_dlen, 1607 tag, tagLen); 1608 } 1609 if (res != TEE_SUCCESS) 1610 goto out; 1611 1612 /* Supplied tagLen should match what we initiated with */ 1613 if (tagLen != operation->info.digestLength) 1614 res = TEE_ERROR_MAC_INVALID; 1615 1616 acc_dlen += tmp_dlen; 1617 *destLen = acc_dlen; 1618 1619 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1620 1621 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1622 1623 out: 1624 if (res != TEE_SUCCESS && 1625 res != TEE_ERROR_SHORT_BUFFER && 1626 res != TEE_ERROR_MAC_INVALID) 1627 TEE_Panic(res); 1628 1629 return res; 1630 } 1631 1632 /* Cryptographic Operations API - Asymmetric Functions */ 1633 1634 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1635 const TEE_Attribute *params, 1636 uint32_t paramCount, const void *srcData, 1637 uint32_t srcLen, void *destData, 1638 uint32_t *destLen) 1639 { 1640 TEE_Result res = TEE_SUCCESS; 1641 struct utee_attribute ua[paramCount]; 1642 uint64_t dl = 0; 1643 1644 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1645 TEE_Panic(0); 1646 1647 __utee_check_attr_in_annotation(params, paramCount); 1648 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1649 1650 if (!operation->key1) 1651 TEE_Panic(0); 1652 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1653 TEE_Panic(0); 1654 if (operation->info.mode != TEE_MODE_ENCRYPT) 1655 TEE_Panic(0); 1656 1657 __utee_from_attr(ua, params, paramCount); 1658 dl = *destLen; 1659 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1660 srcLen, destData, &dl); 1661 *destLen = dl; 1662 1663 if (res != TEE_SUCCESS && 1664 res != TEE_ERROR_SHORT_BUFFER && 1665 res != TEE_ERROR_BAD_PARAMETERS) 1666 TEE_Panic(res); 1667 1668 return res; 1669 } 1670 1671 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1672 const TEE_Attribute *params, 1673 uint32_t paramCount, const void *srcData, 1674 uint32_t srcLen, void *destData, 1675 uint32_t *destLen) 1676 { 1677 TEE_Result res = TEE_SUCCESS; 1678 struct utee_attribute ua[paramCount]; 1679 uint64_t dl = 0; 1680 1681 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1682 TEE_Panic(0); 1683 1684 __utee_check_attr_in_annotation(params, paramCount); 1685 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1686 1687 if (!operation->key1) 1688 TEE_Panic(0); 1689 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1690 TEE_Panic(0); 1691 if (operation->info.mode != TEE_MODE_DECRYPT) 1692 TEE_Panic(0); 1693 1694 __utee_from_attr(ua, params, paramCount); 1695 dl = *destLen; 1696 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1697 srcLen, destData, &dl); 1698 *destLen = dl; 1699 1700 if (res != TEE_SUCCESS && 1701 res != TEE_ERROR_SHORT_BUFFER && 1702 res != TEE_ERROR_BAD_PARAMETERS) 1703 TEE_Panic(res); 1704 1705 return res; 1706 } 1707 1708 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1709 const TEE_Attribute *params, 1710 uint32_t paramCount, const void *digest, 1711 uint32_t digestLen, void *signature, 1712 uint32_t *signatureLen) 1713 { 1714 TEE_Result res = TEE_SUCCESS; 1715 struct utee_attribute ua[paramCount]; 1716 uint64_t sl = 0; 1717 1718 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1719 TEE_Panic(0); 1720 1721 __utee_check_attr_in_annotation(params, paramCount); 1722 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1723 1724 if (!operation->key1) 1725 TEE_Panic(0); 1726 if (operation->info.operationClass != 1727 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1728 TEE_Panic(0); 1729 if (operation->info.mode != TEE_MODE_SIGN) 1730 TEE_Panic(0); 1731 1732 __utee_from_attr(ua, params, paramCount); 1733 sl = *signatureLen; 1734 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1735 digestLen, signature, &sl); 1736 *signatureLen = sl; 1737 1738 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1739 TEE_Panic(res); 1740 1741 return res; 1742 } 1743 1744 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1745 const TEE_Attribute *params, 1746 uint32_t paramCount, const void *digest, 1747 uint32_t digestLen, 1748 const void *signature, 1749 uint32_t signatureLen) 1750 { 1751 TEE_Result res; 1752 struct utee_attribute ua[paramCount]; 1753 1754 if (operation == TEE_HANDLE_NULL || 1755 (digest == NULL && digestLen != 0) || 1756 (signature == NULL && signatureLen != 0)) 1757 TEE_Panic(0); 1758 1759 __utee_check_attr_in_annotation(params, paramCount); 1760 1761 if (!operation->key1) 1762 TEE_Panic(0); 1763 if (operation->info.operationClass != 1764 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1765 TEE_Panic(0); 1766 if (operation->info.mode != TEE_MODE_VERIFY) 1767 TEE_Panic(0); 1768 1769 __utee_from_attr(ua, params, paramCount); 1770 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1771 digestLen, signature, signatureLen); 1772 1773 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1774 TEE_Panic(res); 1775 1776 return res; 1777 } 1778 1779 /* Cryptographic Operations API - Key Derivation Functions */ 1780 1781 void TEE_DeriveKey(TEE_OperationHandle operation, 1782 const TEE_Attribute *params, uint32_t paramCount, 1783 TEE_ObjectHandle derivedKey) 1784 { 1785 TEE_Result res; 1786 TEE_ObjectInfo key_info; 1787 struct utee_attribute ua[paramCount]; 1788 1789 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1790 TEE_Panic(0); 1791 1792 __utee_check_attr_in_annotation(params, paramCount); 1793 1794 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1795 TEE_OPERATION_KEY_DERIVATION) 1796 TEE_Panic(0); 1797 1798 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1799 TEE_Panic(0); 1800 if (!operation->key1) 1801 TEE_Panic(0); 1802 if (operation->info.mode != TEE_MODE_DERIVE) 1803 TEE_Panic(0); 1804 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1805 TEE_Panic(0); 1806 1807 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1808 if (res != TEE_SUCCESS) 1809 TEE_Panic(res); 1810 1811 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1812 TEE_Panic(0); 1813 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1814 TEE_Panic(0); 1815 1816 __utee_from_attr(ua, params, paramCount); 1817 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1818 (unsigned long)derivedKey); 1819 if (res != TEE_SUCCESS) 1820 TEE_Panic(res); 1821 } 1822 1823 /* Cryptographic Operations API - Random Number Generation Functions */ 1824 1825 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1826 { 1827 TEE_Result res; 1828 1829 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1830 if (res != TEE_SUCCESS) 1831 TEE_Panic(res); 1832 } 1833 1834 int rand(void) 1835 { 1836 int rc; 1837 1838 TEE_GenerateRandom(&rc, sizeof(rc)); 1839 1840 /* 1841 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1842 * highest bit set. 1843 */ 1844 return rc & RAND_MAX; 1845 } 1846 1847 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1848 { 1849 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1850 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1851 if (alg == TEE_ALG_AES_ECB_NOPAD) 1852 goto check_element_none; 1853 } 1854 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1855 if (alg == TEE_ALG_AES_CBC_NOPAD) 1856 goto check_element_none; 1857 } 1858 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1859 if (alg == TEE_ALG_AES_CTR) 1860 goto check_element_none; 1861 } 1862 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1863 if (alg == TEE_ALG_AES_CTS) 1864 goto check_element_none; 1865 } 1866 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1867 if (alg == TEE_ALG_AES_XTS) 1868 goto check_element_none; 1869 } 1870 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1871 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1872 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1873 goto check_element_none; 1874 } 1875 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1876 if (alg == TEE_ALG_AES_CMAC) 1877 goto check_element_none; 1878 } 1879 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1880 if (alg == TEE_ALG_AES_CCM) 1881 goto check_element_none; 1882 } 1883 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1884 if (alg == TEE_ALG_AES_GCM) 1885 goto check_element_none; 1886 } 1887 } 1888 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1889 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1890 if (alg == TEE_ALG_DES_ECB_NOPAD || 1891 alg == TEE_ALG_DES3_ECB_NOPAD) 1892 goto check_element_none; 1893 } 1894 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1895 if (alg == TEE_ALG_DES_CBC_NOPAD || 1896 alg == TEE_ALG_DES3_CBC_NOPAD) 1897 goto check_element_none; 1898 } 1899 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1900 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1901 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1902 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1903 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1904 goto check_element_none; 1905 } 1906 } 1907 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1908 if (alg == TEE_ALG_MD5) 1909 goto check_element_none; 1910 } 1911 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1912 if (alg == TEE_ALG_SHA1) 1913 goto check_element_none; 1914 } 1915 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1916 if (alg == TEE_ALG_SHA224) 1917 goto check_element_none; 1918 } 1919 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1920 if (alg == TEE_ALG_SHA256) 1921 goto check_element_none; 1922 } 1923 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1924 if (alg == TEE_ALG_SHA384) 1925 goto check_element_none; 1926 } 1927 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1928 if (alg == TEE_ALG_SHA512) 1929 goto check_element_none; 1930 } 1931 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1932 if (alg == TEE_ALG_MD5SHA1) 1933 goto check_element_none; 1934 } 1935 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1936 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1937 if (alg == TEE_ALG_HMAC_MD5) 1938 goto check_element_none; 1939 } 1940 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1941 if (alg == TEE_ALG_HMAC_SHA1) 1942 goto check_element_none; 1943 } 1944 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1945 if (alg == TEE_ALG_HMAC_SHA224) 1946 goto check_element_none; 1947 } 1948 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1949 if (alg == TEE_ALG_HMAC_SHA256) 1950 goto check_element_none; 1951 } 1952 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1953 if (alg == TEE_ALG_HMAC_SHA384) 1954 goto check_element_none; 1955 } 1956 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1957 if (alg == TEE_ALG_HMAC_SHA512) 1958 goto check_element_none; 1959 } 1960 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1961 if (alg == TEE_ALG_HMAC_SM3) 1962 goto check_element_none; 1963 } 1964 } 1965 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1966 if (alg == TEE_ALG_SM3) 1967 goto check_element_none; 1968 } 1969 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1970 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1971 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1972 goto check_element_none; 1973 } 1974 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1975 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1976 goto check_element_none; 1977 } 1978 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1979 if (alg == TEE_ALG_SM4_CTR) 1980 goto check_element_none; 1981 } 1982 } 1983 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1984 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1985 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1986 goto check_element_none; 1987 } 1988 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1989 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1990 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1991 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1992 goto check_element_none; 1993 } 1994 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1995 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 1996 goto check_element_none; 1997 } 1998 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1999 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2000 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2001 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2002 goto check_element_none; 2003 } 2004 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2005 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2006 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2007 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2008 goto check_element_none; 2009 } 2010 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2011 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2012 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2013 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2014 goto check_element_none; 2015 } 2016 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2017 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2018 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2019 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2020 goto check_element_none; 2021 } 2022 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2023 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2024 goto check_element_none; 2025 } 2026 if (alg == TEE_ALG_RSA_NOPAD) 2027 goto check_element_none; 2028 } 2029 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2030 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2031 if (alg == TEE_ALG_DSA_SHA1) 2032 goto check_element_none; 2033 } 2034 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2035 if (alg == TEE_ALG_DSA_SHA224) 2036 goto check_element_none; 2037 } 2038 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2039 if (alg == TEE_ALG_DSA_SHA256) 2040 goto check_element_none; 2041 } 2042 } 2043 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2044 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2045 goto check_element_none; 2046 } 2047 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2048 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2049 element == TEE_ECC_CURVE_NIST_P192) 2050 return TEE_SUCCESS; 2051 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2052 element == TEE_ECC_CURVE_NIST_P224) 2053 return TEE_SUCCESS; 2054 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2055 element == TEE_ECC_CURVE_NIST_P256) 2056 return TEE_SUCCESS; 2057 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2058 element == TEE_ECC_CURVE_NIST_P384) 2059 return TEE_SUCCESS; 2060 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2061 element == TEE_ECC_CURVE_NIST_P521) 2062 return TEE_SUCCESS; 2063 } 2064 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2065 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2066 return TEE_SUCCESS; 2067 } 2068 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2069 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2070 return TEE_SUCCESS; 2071 } 2072 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2073 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2074 return TEE_SUCCESS; 2075 } 2076 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2077 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2078 return TEE_SUCCESS; 2079 } 2080 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2081 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2082 return TEE_SUCCESS; 2083 } 2084 2085 return TEE_ERROR_NOT_SUPPORTED; 2086 check_element_none: 2087 if (element == TEE_CRYPTO_ELEMENT_NONE) 2088 return TEE_SUCCESS; 2089 return TEE_ERROR_NOT_SUPPORTED; 2090 } 2091