1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <assert.h> 7 #include <config.h> 8 #include <stdlib.h> 9 #include <string.h> 10 #include <string_ext.h> 11 #include <tee_api.h> 12 #include <tee_api_defines_extensions.h> 13 #include <tee_internal_api_extensions.h> 14 #include <utee_syscalls.h> 15 #include <utee_defines.h> 16 #include <util.h> 17 #include "tee_api_private.h" 18 19 struct __TEE_OperationHandle { 20 TEE_OperationInfo info; 21 TEE_ObjectHandle key1; 22 TEE_ObjectHandle key2; 23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 24 25 /* 26 * buffer to collect complete blocks or to keep a complete digest 27 * for TEE_DigestExtract(). 28 */ 29 uint8_t *buffer; 30 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 31 size_t block_size; /* Block size of cipher */ 32 size_t buffer_offs; /* Offset in buffer */ 33 uint32_t state; /* Handle to state in TEE Core */ 34 }; 35 36 /* Cryptographic Operations API - Generic Operation Functions */ 37 38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 39 uint32_t algorithm, uint32_t mode, 40 uint32_t maxKeySize) 41 { 42 TEE_Result res; 43 TEE_OperationHandle op = TEE_HANDLE_NULL; 44 uint32_t handle_state = 0; 45 size_t block_size = 1; 46 uint32_t req_key_usage; 47 bool with_private_key = false; 48 bool buffer_two_blocks = false; 49 50 if (!operation) 51 TEE_Panic(0); 52 53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 54 algorithm == TEE_ALG_SM4_XTS) 55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 56 57 /* Check algorithm max key size */ 58 switch (algorithm) { 59 case TEE_ALG_DSA_SHA1: 60 if (maxKeySize < 512) 61 return TEE_ERROR_NOT_SUPPORTED; 62 if (maxKeySize > 1024) 63 return TEE_ERROR_NOT_SUPPORTED; 64 if (maxKeySize % 64 != 0) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA224: 69 if (maxKeySize != 2048) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_DSA_SHA256: 74 if (maxKeySize != 2048 && maxKeySize != 3072) 75 return TEE_ERROR_NOT_SUPPORTED; 76 break; 77 78 case TEE_ALG_ECDSA_SHA1: 79 case __OPTEE_ALG_ECDSA_P192: 80 case __OPTEE_ALG_ECDH_P192: 81 if (maxKeySize != 192) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_SHA224: 86 case __OPTEE_ALG_ECDSA_P224: 87 case __OPTEE_ALG_ECDH_P224: 88 if (maxKeySize != 224) 89 return TEE_ERROR_NOT_SUPPORTED; 90 break; 91 92 case TEE_ALG_ECDSA_SHA256: 93 case __OPTEE_ALG_ECDSA_P256: 94 case __OPTEE_ALG_ECDH_P256: 95 case TEE_ALG_SM2_PKE: 96 case TEE_ALG_SM2_DSA_SM3: 97 if (maxKeySize != 256) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_SM2_KEP: 102 /* Two 256-bit keys */ 103 if (maxKeySize != 512) 104 return TEE_ERROR_NOT_SUPPORTED; 105 break; 106 107 case TEE_ALG_ECDSA_SHA384: 108 case __OPTEE_ALG_ECDSA_P384: 109 case __OPTEE_ALG_ECDH_P384: 110 if (maxKeySize != 384) 111 return TEE_ERROR_NOT_SUPPORTED; 112 break; 113 114 case TEE_ALG_ECDSA_SHA512: 115 case __OPTEE_ALG_ECDSA_P521: 116 case __OPTEE_ALG_ECDH_P521: 117 if (maxKeySize != 521) 118 return TEE_ERROR_NOT_SUPPORTED; 119 break; 120 121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 122 if (maxKeySize > 521) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 126 case TEE_ALG_ED25519: 127 case TEE_ALG_X25519: 128 if (maxKeySize != 256) 129 return TEE_ERROR_NOT_SUPPORTED; 130 break; 131 default: 132 break; 133 } 134 135 /* Check algorithm mode (and maxKeySize for digests) */ 136 switch (algorithm) { 137 case TEE_ALG_AES_CTS: 138 case TEE_ALG_AES_XTS: 139 case TEE_ALG_SM4_XTS: 140 buffer_two_blocks = true; 141 fallthrough; 142 case TEE_ALG_AES_ECB_NOPAD: 143 case TEE_ALG_AES_CBC_NOPAD: 144 case TEE_ALG_AES_CCM: 145 case TEE_ALG_DES_ECB_NOPAD: 146 case TEE_ALG_DES_CBC_NOPAD: 147 case TEE_ALG_DES3_ECB_NOPAD: 148 case TEE_ALG_DES3_CBC_NOPAD: 149 case TEE_ALG_SM4_ECB_NOPAD: 150 case TEE_ALG_SM4_CBC_NOPAD: 151 case TEE_ALG_SM4_CTR: 152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 153 block_size = TEE_AES_BLOCK_SIZE; 154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 155 block_size = TEE_SM4_BLOCK_SIZE; 156 else 157 block_size = TEE_DES_BLOCK_SIZE; 158 fallthrough; 159 case TEE_ALG_AES_CTR: 160 case TEE_ALG_AES_GCM: 161 if (mode == TEE_MODE_ENCRYPT) 162 req_key_usage = TEE_USAGE_ENCRYPT; 163 else if (mode == TEE_MODE_DECRYPT) 164 req_key_usage = TEE_USAGE_DECRYPT; 165 else 166 return TEE_ERROR_NOT_SUPPORTED; 167 break; 168 169 #if defined(CFG_CRYPTO_RSASSA_NA1) 170 case TEE_ALG_RSASSA_PKCS1_V1_5: 171 #endif 172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 183 case TEE_ALG_DSA_SHA1: 184 case TEE_ALG_DSA_SHA224: 185 case TEE_ALG_DSA_SHA256: 186 case TEE_ALG_ECDSA_SHA1: 187 case TEE_ALG_ECDSA_SHA224: 188 case TEE_ALG_ECDSA_SHA256: 189 case TEE_ALG_ECDSA_SHA384: 190 case TEE_ALG_ECDSA_SHA512: 191 case __OPTEE_ALG_ECDSA_P192: 192 case __OPTEE_ALG_ECDSA_P224: 193 case __OPTEE_ALG_ECDSA_P256: 194 case __OPTEE_ALG_ECDSA_P384: 195 case __OPTEE_ALG_ECDSA_P521: 196 case TEE_ALG_SM2_DSA_SM3: 197 case TEE_ALG_ED25519: 198 if (mode == TEE_MODE_SIGN) { 199 with_private_key = true; 200 req_key_usage = TEE_USAGE_SIGN; 201 } else if (mode == TEE_MODE_VERIFY) { 202 req_key_usage = TEE_USAGE_VERIFY; 203 } else { 204 return TEE_ERROR_NOT_SUPPORTED; 205 } 206 break; 207 208 case TEE_ALG_RSAES_PKCS1_V1_5: 209 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 214 case TEE_ALG_SM2_PKE: 215 if (mode == TEE_MODE_ENCRYPT) { 216 req_key_usage = TEE_USAGE_ENCRYPT; 217 } else if (mode == TEE_MODE_DECRYPT) { 218 with_private_key = true; 219 req_key_usage = TEE_USAGE_DECRYPT; 220 } else { 221 return TEE_ERROR_NOT_SUPPORTED; 222 } 223 break; 224 225 case TEE_ALG_RSA_NOPAD: 226 if (mode == TEE_MODE_ENCRYPT) { 227 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 228 } else if (mode == TEE_MODE_DECRYPT) { 229 with_private_key = true; 230 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 231 } else { 232 return TEE_ERROR_NOT_SUPPORTED; 233 } 234 break; 235 236 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 237 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 238 case __OPTEE_ALG_ECDH_P192: 239 case __OPTEE_ALG_ECDH_P224: 240 case __OPTEE_ALG_ECDH_P256: 241 case __OPTEE_ALG_ECDH_P384: 242 case __OPTEE_ALG_ECDH_P521: 243 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 244 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 245 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 246 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 247 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 248 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 249 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 250 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 251 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 252 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 253 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 254 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 255 case TEE_ALG_SM2_KEP: 256 case TEE_ALG_X25519: 257 if (mode != TEE_MODE_DERIVE) 258 return TEE_ERROR_NOT_SUPPORTED; 259 with_private_key = true; 260 req_key_usage = TEE_USAGE_DERIVE; 261 break; 262 263 case TEE_ALG_MD5: 264 case TEE_ALG_SHA1: 265 case TEE_ALG_SHA224: 266 case TEE_ALG_SHA256: 267 case TEE_ALG_SHA384: 268 case TEE_ALG_SHA512: 269 case TEE_ALG_SHA3_224: 270 case TEE_ALG_SHA3_256: 271 case TEE_ALG_SHA3_384: 272 case TEE_ALG_SHA3_512: 273 case TEE_ALG_SHAKE128: 274 case TEE_ALG_SHAKE256: 275 case TEE_ALG_SM3: 276 if (mode != TEE_MODE_DIGEST) 277 return TEE_ERROR_NOT_SUPPORTED; 278 if (maxKeySize) 279 return TEE_ERROR_NOT_SUPPORTED; 280 /* v1.1: flags always set for digest operations */ 281 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 282 req_key_usage = 0; 283 break; 284 285 case TEE_ALG_DES_CBC_MAC_NOPAD: 286 case TEE_ALG_AES_CBC_MAC_NOPAD: 287 case TEE_ALG_AES_CBC_MAC_PKCS5: 288 case TEE_ALG_AES_CMAC: 289 case TEE_ALG_DES_CBC_MAC_PKCS5: 290 case TEE_ALG_DES3_CBC_MAC_NOPAD: 291 case TEE_ALG_DES3_CBC_MAC_PKCS5: 292 case TEE_ALG_DES3_CMAC: 293 case TEE_ALG_HMAC_MD5: 294 case TEE_ALG_HMAC_SHA1: 295 case TEE_ALG_HMAC_SHA224: 296 case TEE_ALG_HMAC_SHA256: 297 case TEE_ALG_HMAC_SHA384: 298 case TEE_ALG_HMAC_SHA512: 299 case TEE_ALG_HMAC_SHA3_224: 300 case TEE_ALG_HMAC_SHA3_256: 301 case TEE_ALG_HMAC_SHA3_384: 302 case TEE_ALG_HMAC_SHA3_512: 303 case TEE_ALG_HMAC_SM3: 304 if (mode != TEE_MODE_MAC) 305 return TEE_ERROR_NOT_SUPPORTED; 306 req_key_usage = TEE_USAGE_MAC; 307 break; 308 309 default: 310 return TEE_ERROR_NOT_SUPPORTED; 311 } 312 313 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 314 if (!op) 315 return TEE_ERROR_OUT_OF_MEMORY; 316 317 op->info.algorithm = algorithm; 318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 319 #ifdef CFG_CRYPTO_RSASSA_NA1 320 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 322 #endif 323 op->info.mode = mode; 324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 325 op->info.maxKeySize = maxKeySize; 326 op->info.requiredKeyUsage = req_key_usage; 327 op->info.handleState = handle_state; 328 329 /* 330 * Needed to buffer the digest if TEE_DigestExtract() doesn't 331 * retrieve the entire digest in one go. 332 */ 333 if (op->info.operationClass == TEE_OPERATION_DIGEST) 334 block_size = op->info.digestLength; 335 336 if (block_size > 1) { 337 size_t buffer_size = block_size; 338 339 if (buffer_two_blocks) 340 buffer_size *= 2; 341 342 op->buffer = TEE_Malloc(buffer_size, 343 TEE_USER_MEM_HINT_NO_FILL_ZERO); 344 if (op->buffer == NULL) { 345 res = TEE_ERROR_OUT_OF_MEMORY; 346 goto out; 347 } 348 } 349 op->block_size = block_size; 350 op->buffer_two_blocks = buffer_two_blocks; 351 352 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 353 uint32_t mks = maxKeySize; 354 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 355 with_private_key); 356 357 /* 358 * If two keys are expected the max key size is the sum of 359 * the size of both keys. 360 */ 361 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 362 mks /= 2; 363 364 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 365 if (res != TEE_SUCCESS) 366 goto out; 367 368 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 369 res = TEE_AllocateTransientObject(key_type, mks, 370 &op->key2); 371 if (res != TEE_SUCCESS) 372 goto out; 373 } 374 } 375 376 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 377 (unsigned long)op->key2, &op->state); 378 if (res != TEE_SUCCESS) 379 goto out; 380 381 /* 382 * Initialize digest operations 383 * Other multi-stage operations initialized w/ TEE_xxxInit functions 384 * Non-applicable on asymmetric operations 385 */ 386 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 387 res = _utee_hash_init(op->state, NULL, 0); 388 if (res != TEE_SUCCESS) 389 goto out; 390 /* v1.1: flags always set for digest operations */ 391 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 392 } 393 394 op->operationState = TEE_OPERATION_STATE_INITIAL; 395 396 *operation = op; 397 398 out: 399 if (res != TEE_SUCCESS) { 400 if (res != TEE_ERROR_OUT_OF_MEMORY && 401 res != TEE_ERROR_NOT_SUPPORTED) 402 TEE_Panic(res); 403 if (op) { 404 if (op->state) { 405 TEE_FreeOperation(op); 406 } else { 407 TEE_Free(op->buffer); 408 TEE_FreeTransientObject(op->key1); 409 TEE_FreeTransientObject(op->key2); 410 TEE_Free(op); 411 } 412 } 413 } 414 415 return res; 416 } 417 418 void TEE_FreeOperation(TEE_OperationHandle operation) 419 { 420 TEE_Result res; 421 422 if (operation == TEE_HANDLE_NULL) 423 return; 424 425 /* 426 * Note that keys should not be freed here, since they are 427 * claimed by the operation they will be freed by 428 * utee_cryp_state_free(). 429 */ 430 res = _utee_cryp_state_free(operation->state); 431 if (res != TEE_SUCCESS) 432 TEE_Panic(res); 433 434 TEE_Free(operation->buffer); 435 TEE_Free(operation); 436 } 437 438 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation) 439 { 440 if (operation == TEE_HANDLE_NULL) 441 TEE_Panic(0); 442 TEE_FreeOperation(operation); 443 } 444 445 void TEE_GetOperationInfo(TEE_OperationHandle operation, 446 TEE_OperationInfo *operationInfo) 447 { 448 if (operation == TEE_HANDLE_NULL) 449 TEE_Panic(0); 450 451 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 452 453 *operationInfo = operation->info; 454 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 455 operationInfo->keySize = 0; 456 operationInfo->requiredKeyUsage = 0; 457 } 458 } 459 460 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 461 TEE_OperationInfoMultiple *op_info, 462 size_t *size) 463 { 464 TEE_Result res = TEE_SUCCESS; 465 TEE_ObjectInfo kinfo = { }; 466 size_t max_key_count = 0; 467 bool two_keys = false; 468 469 if (op == TEE_HANDLE_NULL) { 470 res = TEE_ERROR_BAD_PARAMETERS; 471 goto out; 472 } 473 474 __utee_check_outbuf_annotation(op_info, size); 475 476 if (*size < sizeof(*op_info)) { 477 res = TEE_ERROR_BAD_PARAMETERS; 478 goto out; 479 } 480 max_key_count = (*size - sizeof(*op_info)) / 481 sizeof(TEE_OperationInfoKey); 482 483 TEE_MemFill(op_info, 0, *size); 484 485 /* Two keys flag (TEE_ALG_AES_XTS only) */ 486 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 487 488 if (op->info.mode == TEE_MODE_DIGEST) { 489 op_info->numberOfKeys = 0; 490 } else if (!two_keys) { 491 if (max_key_count < 1) { 492 res = TEE_ERROR_SHORT_BUFFER; 493 goto out; 494 } 495 496 res = TEE_GetObjectInfo1(op->key1, &kinfo); 497 /* Key1 is not a valid handle, "can't happen". */ 498 if (res) 499 goto out; 500 501 op_info->keyInformation[0].keySize = kinfo.objectSize; 502 op_info->keyInformation[0].requiredKeyUsage = 503 op->info.requiredKeyUsage; 504 op_info->numberOfKeys = 1; 505 } else { 506 if (max_key_count < 2) { 507 res = TEE_ERROR_SHORT_BUFFER; 508 goto out; 509 } 510 511 res = TEE_GetObjectInfo1(op->key1, &kinfo); 512 /* Key1 is not a valid handle, "can't happen". */ 513 if (res) 514 goto out; 515 516 op_info->keyInformation[0].keySize = kinfo.objectSize; 517 op_info->keyInformation[0].requiredKeyUsage = 518 op->info.requiredKeyUsage; 519 520 res = TEE_GetObjectInfo1(op->key2, &kinfo); 521 /* Key2 is not a valid handle, "can't happen". */ 522 if (res) 523 goto out; 524 525 op_info->keyInformation[1].keySize = kinfo.objectSize; 526 op_info->keyInformation[1].requiredKeyUsage = 527 op->info.requiredKeyUsage; 528 529 op_info->numberOfKeys = 2; 530 } 531 532 op_info->algorithm = op->info.algorithm; 533 op_info->operationClass = op->info.operationClass; 534 op_info->mode = op->info.mode; 535 op_info->digestLength = op->info.digestLength; 536 op_info->maxKeySize = op->info.maxKeySize; 537 op_info->handleState = op->info.handleState; 538 op_info->operationState = op->operationState; 539 540 out: 541 if (res != TEE_SUCCESS && 542 res != TEE_ERROR_SHORT_BUFFER) 543 TEE_Panic(res); 544 545 return res; 546 } 547 548 TEE_Result 549 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 550 TEE_OperationInfoMultiple *info, 551 uint32_t *operationSize) 552 { 553 TEE_Result res = TEE_SUCCESS; 554 size_t s = 0; 555 556 __utee_check_gp11_outbuf_annotation(info, operationSize); 557 s = *operationSize; 558 res = TEE_GetOperationInfoMultiple(operation, info, &s); 559 *operationSize = s; 560 return res; 561 } 562 563 void TEE_ResetOperation(TEE_OperationHandle operation) 564 { 565 TEE_Result res; 566 567 if (operation == TEE_HANDLE_NULL) 568 TEE_Panic(0); 569 570 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 571 TEE_Panic(0); 572 573 operation->operationState = TEE_OPERATION_STATE_INITIAL; 574 575 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 576 res = _utee_hash_init(operation->state, NULL, 0); 577 if (res != TEE_SUCCESS) 578 TEE_Panic(res); 579 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 580 } else { 581 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 582 } 583 } 584 585 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 586 TEE_ObjectHandle key) 587 { 588 TEE_Result res; 589 uint32_t key_size = 0; 590 TEE_ObjectInfo key_info; 591 592 if (operation == TEE_HANDLE_NULL) { 593 res = TEE_ERROR_BAD_PARAMETERS; 594 goto out; 595 } 596 597 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 598 res = TEE_ERROR_BAD_PARAMETERS; 599 goto out; 600 } 601 602 if (key == TEE_HANDLE_NULL) { 603 /* Operation key cleared */ 604 TEE_ResetTransientObject(operation->key1); 605 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 606 return TEE_SUCCESS; 607 } 608 609 /* No key for digest operation */ 610 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 611 res = TEE_ERROR_BAD_PARAMETERS; 612 goto out; 613 } 614 615 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 616 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 617 0) { 618 res = TEE_ERROR_BAD_PARAMETERS; 619 goto out; 620 } 621 622 res = TEE_GetObjectInfo1(key, &key_info); 623 /* Key is not a valid handle */ 624 if (res != TEE_SUCCESS) 625 goto out; 626 627 /* Supplied key has to meet required usage */ 628 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 629 operation->info.requiredKeyUsage) { 630 res = TEE_ERROR_BAD_PARAMETERS; 631 goto out; 632 } 633 634 if (operation->info.maxKeySize < key_info.objectSize) { 635 res = TEE_ERROR_BAD_PARAMETERS; 636 goto out; 637 } 638 639 key_size = key_info.objectSize; 640 641 TEE_ResetTransientObject(operation->key1); 642 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 643 644 res = TEE_CopyObjectAttributes1(operation->key1, key); 645 if (res != TEE_SUCCESS) 646 goto out; 647 648 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 649 650 operation->info.keySize = key_size; 651 652 out: 653 if (res != TEE_SUCCESS && 654 res != TEE_ERROR_CORRUPT_OBJECT && 655 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 656 TEE_Panic(res); 657 658 return res; 659 } 660 661 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 662 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 663 { 664 TEE_Result res; 665 uint32_t key_size = 0; 666 TEE_ObjectInfo key_info1; 667 TEE_ObjectInfo key_info2; 668 669 if (operation == TEE_HANDLE_NULL) { 670 res = TEE_ERROR_BAD_PARAMETERS; 671 goto out; 672 } 673 674 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 675 res = TEE_ERROR_BAD_PARAMETERS; 676 goto out; 677 } 678 679 /* 680 * Key1/Key2 and/or are not initialized and 681 * Either both keys are NULL or both are not NULL 682 */ 683 if (!key1 && !key2) { 684 /* Clear the keys */ 685 TEE_ResetTransientObject(operation->key1); 686 TEE_ResetTransientObject(operation->key2); 687 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 688 return TEE_SUCCESS; 689 } else if (!key1 || !key2) { 690 /* Both keys are obviously not valid. */ 691 res = TEE_ERROR_BAD_PARAMETERS; 692 goto out; 693 } 694 695 /* No key for digest operation */ 696 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 697 res = TEE_ERROR_BAD_PARAMETERS; 698 goto out; 699 } 700 701 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 702 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 703 0) { 704 res = TEE_ERROR_BAD_PARAMETERS; 705 goto out; 706 } 707 708 res = TEE_GetObjectInfo1(key1, &key_info1); 709 /* Key1 is not a valid handle */ 710 if (res != TEE_SUCCESS) 711 goto out; 712 713 /* Supplied key has to meet required usage */ 714 if ((key_info1.objectUsage & operation->info. 715 requiredKeyUsage) != operation->info.requiredKeyUsage) { 716 res = TEE_ERROR_BAD_PARAMETERS; 717 goto out; 718 } 719 720 res = TEE_GetObjectInfo1(key2, &key_info2); 721 /* Key2 is not a valid handle */ 722 if (res != TEE_SUCCESS) { 723 if (res == TEE_ERROR_CORRUPT_OBJECT) 724 res = TEE_ERROR_CORRUPT_OBJECT_2; 725 goto out; 726 } 727 728 /* Supplied key has to meet required usage */ 729 if ((key_info2.objectUsage & operation->info. 730 requiredKeyUsage) != operation->info.requiredKeyUsage) { 731 res = TEE_ERROR_BAD_PARAMETERS; 732 goto out; 733 } 734 735 /* 736 * All the multi key algorithm currently supported requires the keys to 737 * be of equal size. 738 */ 739 if (key_info1.objectSize != key_info2.objectSize) { 740 res = TEE_ERROR_BAD_PARAMETERS; 741 goto out; 742 743 } 744 745 if (operation->info.maxKeySize < key_info1.objectSize) { 746 res = TEE_ERROR_BAD_PARAMETERS; 747 goto out; 748 } 749 750 /* 751 * Odd that only the size of one key should be reported while 752 * size of two key are used when allocating the operation. 753 */ 754 key_size = key_info1.objectSize; 755 756 TEE_ResetTransientObject(operation->key1); 757 TEE_ResetTransientObject(operation->key2); 758 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 759 760 res = TEE_CopyObjectAttributes1(operation->key1, key1); 761 if (res != TEE_SUCCESS) 762 goto out; 763 res = TEE_CopyObjectAttributes1(operation->key2, key2); 764 if (res != TEE_SUCCESS) { 765 if (res == TEE_ERROR_CORRUPT_OBJECT) 766 res = TEE_ERROR_CORRUPT_OBJECT_2; 767 goto out; 768 } 769 770 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 771 772 operation->info.keySize = key_size; 773 774 out: 775 if (res != TEE_SUCCESS && 776 res != TEE_ERROR_CORRUPT_OBJECT && 777 res != TEE_ERROR_CORRUPT_OBJECT_2 && 778 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 779 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 780 TEE_Panic(res); 781 782 return res; 783 } 784 785 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 786 { 787 TEE_Result res; 788 789 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 790 TEE_Panic(0); 791 if (dst_op->info.algorithm != src_op->info.algorithm) 792 TEE_Panic(0); 793 if (dst_op->info.mode != src_op->info.mode) 794 TEE_Panic(0); 795 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 796 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 797 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 798 799 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 800 key1 = src_op->key1; 801 key2 = src_op->key2; 802 } 803 804 if ((src_op->info.handleState & 805 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 806 TEE_SetOperationKey(dst_op, key1); 807 } else { 808 TEE_SetOperationKey2(dst_op, key1, key2); 809 } 810 } 811 dst_op->info.handleState = src_op->info.handleState; 812 dst_op->info.keySize = src_op->info.keySize; 813 dst_op->info.digestLength = src_op->info.digestLength; 814 dst_op->operationState = src_op->operationState; 815 816 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 817 dst_op->block_size != src_op->block_size) 818 TEE_Panic(0); 819 820 if (dst_op->buffer != NULL) { 821 size_t sz = src_op->block_size; 822 823 if (src_op->buffer == NULL) 824 TEE_Panic(0); 825 826 if (src_op->buffer_two_blocks) 827 sz *= 2; 828 memcpy(dst_op->buffer, src_op->buffer, sz); 829 dst_op->buffer_offs = src_op->buffer_offs; 830 } else if (src_op->buffer != NULL) { 831 TEE_Panic(0); 832 } 833 834 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 835 if (res != TEE_SUCCESS) 836 TEE_Panic(res); 837 } 838 839 /* Cryptographic Operations API - Message Digest Functions */ 840 841 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 842 uint32_t IVLen) 843 { 844 TEE_Result res; 845 846 /* 847 * Note : IV and IVLen are never used in current implementation 848 * This is why coherent values of IV and IVLen are not checked 849 */ 850 res = _utee_hash_init(operation->state, IV, IVLen); 851 if (res != TEE_SUCCESS) 852 TEE_Panic(res); 853 operation->buffer_offs = 0; 854 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 855 } 856 857 void TEE_DigestUpdate(TEE_OperationHandle operation, 858 const void *chunk, size_t chunkSize) 859 { 860 TEE_Result res = TEE_ERROR_GENERIC; 861 862 if (operation == TEE_HANDLE_NULL || 863 operation->info.operationClass != TEE_OPERATION_DIGEST) 864 TEE_Panic(0); 865 866 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 867 868 res = _utee_hash_update(operation->state, chunk, chunkSize); 869 if (res != TEE_SUCCESS) 870 TEE_Panic(res); 871 } 872 873 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation, 874 const void *chunk, uint32_t chunkSize) 875 { 876 return TEE_DigestUpdate(operation, chunk, chunkSize); 877 } 878 879 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 880 size_t chunkLen, void *hash, size_t *hashLen) 881 { 882 TEE_Result res = TEE_SUCCESS; 883 uint64_t hl = 0; 884 size_t len = 0; 885 886 if ((operation == TEE_HANDLE_NULL) || 887 (!chunk && chunkLen) || 888 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 889 res = TEE_ERROR_BAD_PARAMETERS; 890 goto out; 891 } 892 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 893 chunkLen) { 894 res = TEE_ERROR_BAD_PARAMETERS; 895 goto out; 896 } 897 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 898 899 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 900 operation->buffer) { 901 /* 902 * This is not an Extendable-Output Function and we have 903 * already started extracting 904 */ 905 len = MIN(operation->block_size - operation->buffer_offs, 906 *hashLen); 907 memcpy(hash, operation->buffer + operation->buffer_offs, len); 908 *hashLen = len; 909 } else { 910 hl = *hashLen; 911 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, 912 &hl); 913 *hashLen = hl; 914 if (res) 915 goto out; 916 } 917 918 /* Reset operation state */ 919 init_hash_operation(operation, NULL, 0); 920 921 operation->operationState = TEE_OPERATION_STATE_INITIAL; 922 923 out: 924 if (res != TEE_SUCCESS && 925 res != TEE_ERROR_SHORT_BUFFER) 926 TEE_Panic(res); 927 928 return res; 929 } 930 931 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation, 932 const void *chunk, uint32_t chunkLen, 933 void *hash, uint32_t *hashLen) 934 { 935 TEE_Result res = TEE_SUCCESS; 936 size_t l = 0; 937 938 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 939 l = *hashLen; 940 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l); 941 *hashLen = l; 942 return res; 943 } 944 945 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash, 946 size_t *hashLen) 947 { 948 TEE_Result res = TEE_SUCCESS; 949 uint64_t hl = 0; 950 size_t len = 0; 951 952 if (operation == TEE_HANDLE_NULL || 953 operation->info.operationClass != TEE_OPERATION_DIGEST) 954 TEE_Panic(0); 955 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 956 957 if (!operation->buffer) { 958 /* This is an Extendable-Output Function */ 959 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 960 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 961 hl = *hashLen; 962 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl); 963 if (res) 964 TEE_Panic(0); 965 *hashLen = hl; 966 967 return TEE_SUCCESS; 968 } 969 970 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) { 971 hl = operation->block_size; 972 res = _utee_hash_final(operation->state, NULL, 0, 973 operation->buffer, &hl); 974 if (res) 975 TEE_Panic(0); 976 if (hl != operation->block_size) 977 TEE_Panic(0); 978 assert(!operation->buffer_offs); 979 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 980 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 981 } 982 983 len = MIN(operation->block_size - operation->buffer_offs, *hashLen); 984 memcpy(hash, operation->buffer + operation->buffer_offs, len); 985 *hashLen = len; 986 operation->buffer_offs += len; 987 988 return TEE_SUCCESS; 989 } 990 991 /* Cryptographic Operations API - Symmetric Cipher Functions */ 992 993 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 994 size_t IVLen) 995 { 996 TEE_Result res; 997 998 if (operation == TEE_HANDLE_NULL) 999 TEE_Panic(0); 1000 1001 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 1002 TEE_Panic(0); 1003 1004 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1005 !(operation->key1)) 1006 TEE_Panic(0); 1007 1008 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1009 TEE_ResetOperation(operation); 1010 1011 if (IV && IVLen) { 1012 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1013 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1014 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1015 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 1016 TEE_Panic(0); 1017 } 1018 1019 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1020 1021 res = _utee_cipher_init(operation->state, IV, IVLen); 1022 if (res != TEE_SUCCESS) 1023 TEE_Panic(res); 1024 1025 operation->buffer_offs = 0; 1026 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1027 } 1028 1029 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1030 uint32_t IVLen) 1031 { 1032 return TEE_CipherInit(operation, IV, IVLen); 1033 } 1034 1035 static TEE_Result tee_buffer_update( 1036 TEE_OperationHandle op, 1037 TEE_Result(*update_func)(unsigned long state, const void *src, 1038 size_t slen, void *dst, uint64_t *dlen), 1039 const void *src_data, size_t src_len, 1040 void *dest_data, uint64_t *dest_len) 1041 { 1042 TEE_Result res; 1043 const uint8_t *src = src_data; 1044 size_t slen = src_len; 1045 uint8_t *dst = dest_data; 1046 size_t dlen = *dest_len; 1047 size_t acc_dlen = 0; 1048 uint64_t tmp_dlen; 1049 size_t l; 1050 size_t buffer_size; 1051 size_t buffer_left; 1052 1053 if (!src) { 1054 if (slen) 1055 TEE_Panic(0); 1056 goto out; 1057 } 1058 1059 if (op->buffer_two_blocks) { 1060 buffer_size = op->block_size * 2; 1061 buffer_left = 1; 1062 } else { 1063 buffer_size = op->block_size; 1064 buffer_left = 0; 1065 } 1066 1067 if (op->buffer_offs > 0) { 1068 /* Fill up complete block */ 1069 if (op->buffer_offs < op->block_size) 1070 l = MIN(slen, op->block_size - op->buffer_offs); 1071 else 1072 l = MIN(slen, buffer_size - op->buffer_offs); 1073 memcpy(op->buffer + op->buffer_offs, src, l); 1074 op->buffer_offs += l; 1075 src += l; 1076 slen -= l; 1077 if ((op->buffer_offs % op->block_size) != 0) 1078 goto out; /* Nothing left to do */ 1079 } 1080 1081 /* If we can feed from buffer */ 1082 if ((op->buffer_offs > 0) && 1083 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 1084 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 1085 op->block_size); 1086 l = MIN(op->buffer_offs, l); 1087 tmp_dlen = dlen; 1088 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 1089 if (res != TEE_SUCCESS) 1090 TEE_Panic(res); 1091 dst += tmp_dlen; 1092 dlen -= tmp_dlen; 1093 acc_dlen += tmp_dlen; 1094 op->buffer_offs -= l; 1095 if (op->buffer_offs > 0) { 1096 /* 1097 * Slen is small enough to be contained in rest buffer. 1098 */ 1099 memcpy(op->buffer, op->buffer + l, buffer_size - l); 1100 memcpy(op->buffer + op->buffer_offs, src, slen); 1101 op->buffer_offs += slen; 1102 goto out; /* Nothing left to do */ 1103 } 1104 } 1105 1106 if (slen >= (buffer_size + buffer_left)) { 1107 /* Buffer is empty, feed as much as possible from src */ 1108 if (op->info.algorithm == TEE_ALG_AES_CTS) 1109 l = ROUNDUP(slen - buffer_size, op->block_size); 1110 else 1111 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 1112 1113 tmp_dlen = dlen; 1114 res = update_func(op->state, src, l, dst, &tmp_dlen); 1115 if (res != TEE_SUCCESS) 1116 TEE_Panic(res); 1117 src += l; 1118 slen -= l; 1119 dst += tmp_dlen; 1120 dlen -= tmp_dlen; 1121 acc_dlen += tmp_dlen; 1122 } 1123 1124 /* Slen is small enough to be contained in buffer. */ 1125 memcpy(op->buffer + op->buffer_offs, src, slen); 1126 op->buffer_offs += slen; 1127 1128 out: 1129 *dest_len = acc_dlen; 1130 return TEE_SUCCESS; 1131 } 1132 1133 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 1134 size_t srcLen, void *destData, size_t *destLen) 1135 { 1136 TEE_Result res; 1137 size_t req_dlen; 1138 uint64_t dl; 1139 1140 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1141 res = TEE_ERROR_BAD_PARAMETERS; 1142 goto out; 1143 } 1144 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1145 1146 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1147 res = TEE_ERROR_BAD_PARAMETERS; 1148 goto out; 1149 } 1150 1151 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1152 res = TEE_ERROR_BAD_PARAMETERS; 1153 goto out; 1154 } 1155 1156 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1157 res = TEE_ERROR_BAD_PARAMETERS; 1158 goto out; 1159 } 1160 1161 if (!srcData && !srcLen) { 1162 *destLen = 0; 1163 res = TEE_SUCCESS; 1164 goto out; 1165 } 1166 1167 /* Calculate required dlen */ 1168 if (operation->block_size > 1) { 1169 req_dlen = ((operation->buffer_offs + srcLen) / 1170 operation->block_size) * operation->block_size; 1171 } else { 1172 req_dlen = srcLen; 1173 } 1174 if (operation->buffer_two_blocks) { 1175 if (req_dlen > operation->block_size * 2) 1176 req_dlen -= operation->block_size * 2; 1177 else 1178 req_dlen = 0; 1179 } 1180 /* 1181 * Check that required destLen is big enough before starting to feed 1182 * data to the algorithm. Errors during feeding of data are fatal as we 1183 * can't restore sync with this API. 1184 */ 1185 if (*destLen < req_dlen) { 1186 *destLen = req_dlen; 1187 res = TEE_ERROR_SHORT_BUFFER; 1188 goto out; 1189 } 1190 1191 dl = *destLen; 1192 if (operation->block_size > 1) { 1193 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1194 srcLen, destData, &dl); 1195 } else { 1196 if (srcLen > 0) { 1197 res = _utee_cipher_update(operation->state, srcData, 1198 srcLen, destData, &dl); 1199 } else { 1200 res = TEE_SUCCESS; 1201 dl = 0; 1202 } 1203 } 1204 *destLen = dl; 1205 1206 out: 1207 if (res != TEE_SUCCESS && 1208 res != TEE_ERROR_SHORT_BUFFER) 1209 TEE_Panic(res); 1210 1211 return res; 1212 } 1213 1214 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation, 1215 const void *srcData, uint32_t srcLen, 1216 void *destData, uint32_t *destLen) 1217 { 1218 TEE_Result res = TEE_SUCCESS; 1219 size_t dl = 0; 1220 1221 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1222 dl = *destLen; 1223 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl); 1224 *destLen = dl; 1225 return res; 1226 } 1227 1228 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1229 const void *srcData, size_t srcLen, 1230 void *destData, size_t *destLen) 1231 { 1232 TEE_Result res = TEE_SUCCESS; 1233 uint8_t *dst = destData; 1234 size_t acc_dlen = 0; 1235 uint64_t tmp_dlen = 0; 1236 size_t req_dlen = 0; 1237 1238 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1239 res = TEE_ERROR_BAD_PARAMETERS; 1240 goto out; 1241 } 1242 if (destLen) 1243 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1244 1245 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1246 res = TEE_ERROR_BAD_PARAMETERS; 1247 goto out; 1248 } 1249 1250 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1251 res = TEE_ERROR_BAD_PARAMETERS; 1252 goto out; 1253 } 1254 1255 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1256 res = TEE_ERROR_BAD_PARAMETERS; 1257 goto out; 1258 } 1259 1260 /* 1261 * Check that the final block doesn't require padding for those 1262 * algorithms that requires client to supply padding. 1263 */ 1264 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1265 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1266 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1267 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1268 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1269 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1270 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1271 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1272 if (((operation->buffer_offs + srcLen) % operation->block_size) 1273 != 0) { 1274 res = TEE_ERROR_BAD_PARAMETERS; 1275 goto out; 1276 } 1277 } 1278 1279 /* 1280 * Check that required destLen is big enough before starting to feed 1281 * data to the algorithm. Errors during feeding of data are fatal as we 1282 * can't restore sync with this API. 1283 */ 1284 if (operation->block_size > 1) { 1285 req_dlen = operation->buffer_offs + srcLen; 1286 } else { 1287 req_dlen = srcLen; 1288 } 1289 if (destLen) 1290 tmp_dlen = *destLen; 1291 if (tmp_dlen < req_dlen) { 1292 if (destLen) 1293 *destLen = req_dlen; 1294 res = TEE_ERROR_SHORT_BUFFER; 1295 goto out; 1296 } 1297 1298 if (operation->block_size > 1) { 1299 if (srcLen) { 1300 res = tee_buffer_update(operation, _utee_cipher_update, 1301 srcData, srcLen, dst, 1302 &tmp_dlen); 1303 if (res != TEE_SUCCESS) 1304 goto out; 1305 1306 dst += tmp_dlen; 1307 acc_dlen += tmp_dlen; 1308 1309 tmp_dlen = *destLen - acc_dlen; 1310 } 1311 res = _utee_cipher_final(operation->state, operation->buffer, 1312 operation->buffer_offs, dst, 1313 &tmp_dlen); 1314 } else { 1315 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1316 &tmp_dlen); 1317 } 1318 if (res != TEE_SUCCESS) 1319 goto out; 1320 1321 acc_dlen += tmp_dlen; 1322 if (destLen) 1323 *destLen = acc_dlen; 1324 1325 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1326 1327 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1328 1329 out: 1330 if (res != TEE_SUCCESS && 1331 res != TEE_ERROR_SHORT_BUFFER) 1332 TEE_Panic(res); 1333 1334 return res; 1335 } 1336 1337 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation, 1338 const void *srcData, uint32_t srcLen, 1339 void *destData, uint32_t *destLen) 1340 { 1341 TEE_Result res = TEE_SUCCESS; 1342 size_t dl = 0; 1343 1344 if (destLen) { 1345 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1346 dl = *destLen; 1347 } 1348 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl); 1349 if (destLen) 1350 *destLen = dl; 1351 return res; 1352 } 1353 1354 /* Cryptographic Operations API - MAC Functions */ 1355 1356 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 1357 { 1358 if (operation == TEE_HANDLE_NULL) 1359 TEE_Panic(0); 1360 1361 if (operation->info.operationClass != TEE_OPERATION_MAC) 1362 TEE_Panic(0); 1363 1364 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1365 !(operation->key1)) 1366 TEE_Panic(0); 1367 1368 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1369 TEE_ResetOperation(operation); 1370 1371 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1372 1373 init_hash_operation(operation, IV, IVLen); 1374 } 1375 1376 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV, 1377 uint32_t IVLen) 1378 { 1379 return TEE_MACInit(operation, IV, IVLen); 1380 } 1381 1382 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1383 size_t chunkSize) 1384 { 1385 TEE_Result res; 1386 1387 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1388 TEE_Panic(0); 1389 1390 if (operation->info.operationClass != TEE_OPERATION_MAC) 1391 TEE_Panic(0); 1392 1393 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1394 TEE_Panic(0); 1395 1396 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1397 TEE_Panic(0); 1398 1399 res = _utee_hash_update(operation->state, chunk, chunkSize); 1400 if (res != TEE_SUCCESS) 1401 TEE_Panic(res); 1402 } 1403 1404 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1405 uint32_t chunkSize) 1406 { 1407 return TEE_MACUpdate(operation, chunk, chunkSize); 1408 } 1409 1410 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1411 const void *message, size_t messageLen, 1412 void *mac, size_t *macLen) 1413 { 1414 TEE_Result res; 1415 uint64_t ml; 1416 1417 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1418 res = TEE_ERROR_BAD_PARAMETERS; 1419 goto out; 1420 } 1421 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1422 1423 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1424 res = TEE_ERROR_BAD_PARAMETERS; 1425 goto out; 1426 } 1427 1428 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1429 res = TEE_ERROR_BAD_PARAMETERS; 1430 goto out; 1431 } 1432 1433 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1434 res = TEE_ERROR_BAD_PARAMETERS; 1435 goto out; 1436 } 1437 1438 ml = *macLen; 1439 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1440 *macLen = ml; 1441 if (res != TEE_SUCCESS) 1442 goto out; 1443 1444 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1445 1446 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1447 1448 out: 1449 if (res != TEE_SUCCESS && 1450 res != TEE_ERROR_SHORT_BUFFER) 1451 TEE_Panic(res); 1452 1453 return res; 1454 } 1455 1456 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation, 1457 const void *message, uint32_t messageLen, 1458 void *mac, uint32_t *macLen) 1459 { 1460 TEE_Result res = TEE_SUCCESS; 1461 size_t ml = 0; 1462 1463 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1464 ml = *macLen; 1465 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml); 1466 *macLen = ml; 1467 return res; 1468 } 1469 1470 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1471 const void *message, size_t messageLen, 1472 const void *mac, size_t macLen) 1473 { 1474 TEE_Result res; 1475 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1476 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 1477 1478 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1479 res = TEE_ERROR_BAD_PARAMETERS; 1480 goto out; 1481 } 1482 1483 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1484 res = TEE_ERROR_BAD_PARAMETERS; 1485 goto out; 1486 } 1487 1488 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1489 res = TEE_ERROR_BAD_PARAMETERS; 1490 goto out; 1491 } 1492 1493 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1494 &computed_mac_size); 1495 if (res != TEE_SUCCESS) 1496 goto out; 1497 1498 if (computed_mac_size != macLen) { 1499 res = TEE_ERROR_MAC_INVALID; 1500 goto out; 1501 } 1502 1503 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1504 res = TEE_ERROR_MAC_INVALID; 1505 goto out; 1506 } 1507 1508 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1509 1510 out: 1511 if (res != TEE_SUCCESS && 1512 res != TEE_ERROR_MAC_INVALID) 1513 TEE_Panic(res); 1514 1515 return res; 1516 } 1517 1518 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation, 1519 const void *message, uint32_t messageLen, 1520 const void *mac, uint32_t macLen) 1521 { 1522 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen); 1523 } 1524 1525 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1526 1527 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1528 size_t nonceLen, uint32_t tagLen, size_t AADLen, 1529 size_t payloadLen) 1530 { 1531 TEE_Result res; 1532 1533 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1534 res = TEE_ERROR_BAD_PARAMETERS; 1535 goto out; 1536 } 1537 1538 if (operation->info.operationClass != TEE_OPERATION_AE) { 1539 res = TEE_ERROR_BAD_PARAMETERS; 1540 goto out; 1541 } 1542 1543 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1544 res = TEE_ERROR_BAD_PARAMETERS; 1545 goto out; 1546 } 1547 1548 /* 1549 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1550 * in the implementation. But AES-GCM spec doesn't specify the tag len 1551 * according to the same principle so we have to check here instead to 1552 * be GP compliant. 1553 */ 1554 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1555 /* 1556 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1557 */ 1558 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1559 res = TEE_ERROR_NOT_SUPPORTED; 1560 goto out; 1561 } 1562 } 1563 1564 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1565 AADLen, payloadLen); 1566 if (res != TEE_SUCCESS) 1567 goto out; 1568 1569 operation->info.digestLength = tagLen / 8; 1570 operation->buffer_offs = 0; 1571 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1572 1573 out: 1574 if (res != TEE_SUCCESS && 1575 res != TEE_ERROR_NOT_SUPPORTED) 1576 TEE_Panic(res); 1577 1578 return res; 1579 } 1580 1581 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1582 uint32_t nonceLen, uint32_t tagLen, 1583 uint32_t AADLen, uint32_t payloadLen) 1584 { 1585 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen, 1586 payloadLen); 1587 } 1588 1589 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1590 size_t AADdataLen) 1591 { 1592 TEE_Result res = TEE_SUCCESS; 1593 1594 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen)) 1595 TEE_Panic(0); 1596 1597 if (operation->info.operationClass != TEE_OPERATION_AE) 1598 TEE_Panic(0); 1599 1600 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1601 TEE_Panic(0); 1602 1603 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1604 TEE_Panic(0); 1605 1606 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1607 if (res != TEE_SUCCESS) 1608 TEE_Panic(res); 1609 } 1610 1611 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1612 uint32_t AADdataLen) 1613 { 1614 TEE_Result res = TEE_SUCCESS; 1615 1616 if (operation == TEE_HANDLE_NULL || 1617 (AADdata == NULL && AADdataLen != 0)) 1618 TEE_Panic(0); 1619 1620 if (operation->info.operationClass != TEE_OPERATION_AE) 1621 TEE_Panic(0); 1622 1623 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1624 TEE_Panic(0); 1625 1626 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1627 1628 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1629 1630 if (res != TEE_SUCCESS) 1631 TEE_Panic(res); 1632 } 1633 1634 static TEE_Result ae_update_helper(TEE_OperationHandle operation, 1635 const void *src, size_t slen, void *dst, 1636 size_t *dlen) 1637 { 1638 TEE_Result res = TEE_SUCCESS; 1639 size_t req_dlen = 0; 1640 uint64_t dl = 0; 1641 1642 if (!src && !slen) { 1643 *dlen = 0; 1644 return TEE_SUCCESS; 1645 } 1646 1647 /* 1648 * Check that required destLen is big enough before starting to feed 1649 * data to the algorithm. Errors during feeding of data are fatal as we 1650 * can't restore sync with this API. 1651 */ 1652 if (operation->block_size > 1) { 1653 req_dlen = ROUNDDOWN(operation->buffer_offs + slen, 1654 operation->block_size); 1655 } else { 1656 req_dlen = slen; 1657 } 1658 1659 dl = *dlen; 1660 if (dl < req_dlen) { 1661 *dlen = req_dlen; 1662 return TEE_ERROR_SHORT_BUFFER; 1663 } 1664 1665 if (operation->block_size > 1) { 1666 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1667 src, slen, dst, &dl); 1668 } else { 1669 if (slen > 0) { 1670 res = _utee_authenc_update_payload(operation->state, 1671 src, slen, dst, &dl); 1672 } else { 1673 dl = 0; 1674 res = TEE_SUCCESS; 1675 } 1676 } 1677 1678 if (!res) 1679 *dlen = dl; 1680 1681 return res; 1682 } 1683 1684 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1685 size_t srcLen, void *destData, size_t *destLen) 1686 { 1687 TEE_Result res = TEE_SUCCESS; 1688 1689 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1690 res = TEE_ERROR_BAD_PARAMETERS; 1691 goto out; 1692 } 1693 __utee_check_outbuf_annotation(destData, destLen); 1694 1695 if (operation->info.operationClass != TEE_OPERATION_AE) { 1696 res = TEE_ERROR_BAD_PARAMETERS; 1697 goto out; 1698 } 1699 1700 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1701 res = TEE_ERROR_BAD_PARAMETERS; 1702 goto out; 1703 } 1704 1705 res = ae_update_helper(operation, srcData, srcLen, destData, destLen); 1706 if (res != TEE_ERROR_SHORT_BUFFER && srcLen) 1707 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1708 1709 out: 1710 if (res != TEE_SUCCESS && 1711 res != TEE_ERROR_SHORT_BUFFER) 1712 TEE_Panic(res); 1713 1714 return res; 1715 } 1716 1717 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation, 1718 const void *srcData, uint32_t srcLen, 1719 void *destData, uint32_t *destLen) 1720 { 1721 TEE_Result res = TEE_SUCCESS; 1722 size_t dl = 0; 1723 1724 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1725 res = TEE_ERROR_BAD_PARAMETERS; 1726 goto out; 1727 } 1728 __utee_check_gp11_outbuf_annotation(destData, destLen); 1729 1730 if (operation->info.operationClass != TEE_OPERATION_AE) { 1731 res = TEE_ERROR_BAD_PARAMETERS; 1732 goto out; 1733 } 1734 1735 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1736 res = TEE_ERROR_BAD_PARAMETERS; 1737 goto out; 1738 } 1739 1740 dl = *destLen; 1741 res = ae_update_helper(operation, srcData, srcLen, destData, &dl); 1742 *destLen = dl; 1743 1744 if (res != TEE_SUCCESS) 1745 goto out; 1746 1747 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1748 1749 out: 1750 if (res != TEE_SUCCESS && 1751 res != TEE_ERROR_SHORT_BUFFER) 1752 TEE_Panic(res); 1753 1754 return res; 1755 } 1756 1757 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1758 const void *srcData, size_t srcLen, 1759 void *destData, size_t *destLen, void *tag, 1760 size_t *tagLen) 1761 { 1762 TEE_Result res = TEE_SUCCESS; 1763 uint8_t *dst = destData; 1764 size_t acc_dlen = 0; 1765 uint64_t tmp_dlen = 0; 1766 size_t req_dlen = 0; 1767 uint64_t tl = 0; 1768 1769 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1770 res = TEE_ERROR_BAD_PARAMETERS; 1771 goto out; 1772 } 1773 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1774 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1775 1776 if (operation->info.operationClass != TEE_OPERATION_AE) { 1777 res = TEE_ERROR_BAD_PARAMETERS; 1778 goto out; 1779 } 1780 1781 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1782 res = TEE_ERROR_BAD_PARAMETERS; 1783 goto out; 1784 } 1785 1786 /* 1787 * Check that required destLen is big enough before starting to feed 1788 * data to the algorithm. Errors during feeding of data are fatal as we 1789 * can't restore sync with this API. 1790 * 1791 * Need to check this before update_payload since sync would be lost if 1792 * we return short buffer after that. 1793 */ 1794 res = TEE_ERROR_GENERIC; 1795 1796 req_dlen = operation->buffer_offs + srcLen; 1797 if (*destLen < req_dlen) { 1798 *destLen = req_dlen; 1799 res = TEE_ERROR_SHORT_BUFFER; 1800 } 1801 1802 if (*tagLen < operation->info.digestLength) { 1803 *tagLen = operation->info.digestLength; 1804 res = TEE_ERROR_SHORT_BUFFER; 1805 } 1806 1807 if (res == TEE_ERROR_SHORT_BUFFER) 1808 goto out; 1809 1810 tl = *tagLen; 1811 tmp_dlen = *destLen - acc_dlen; 1812 if (operation->block_size > 1) { 1813 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1814 srcData, srcLen, dst, &tmp_dlen); 1815 if (res != TEE_SUCCESS) 1816 goto out; 1817 1818 dst += tmp_dlen; 1819 acc_dlen += tmp_dlen; 1820 1821 tmp_dlen = *destLen - acc_dlen; 1822 res = _utee_authenc_enc_final(operation->state, 1823 operation->buffer, 1824 operation->buffer_offs, dst, 1825 &tmp_dlen, tag, &tl); 1826 } else { 1827 res = _utee_authenc_enc_final(operation->state, srcData, 1828 srcLen, dst, &tmp_dlen, 1829 tag, &tl); 1830 } 1831 *tagLen = tl; 1832 if (res != TEE_SUCCESS) 1833 goto out; 1834 1835 acc_dlen += tmp_dlen; 1836 *destLen = acc_dlen; 1837 1838 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1839 1840 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1841 1842 out: 1843 if (res != TEE_SUCCESS && 1844 res != TEE_ERROR_SHORT_BUFFER) 1845 TEE_Panic(res); 1846 1847 return res; 1848 } 1849 1850 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation, 1851 const void *srcData, uint32_t srcLen, 1852 void *destData, uint32_t *destLen, 1853 void *tag, uint32_t *tagLen) 1854 { 1855 TEE_Result res = TEE_SUCCESS; 1856 size_t dl = 0; 1857 size_t tl = 0; 1858 1859 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1860 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1861 dl = *destLen; 1862 tl = *tagLen; 1863 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl, 1864 tag, &tl); 1865 *destLen = dl; 1866 *tagLen = tl; 1867 return res; 1868 } 1869 1870 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1871 const void *srcData, size_t srcLen, 1872 void *destData, size_t *destLen, void *tag, 1873 size_t tagLen) 1874 { 1875 TEE_Result res = TEE_SUCCESS; 1876 uint8_t *dst = destData; 1877 size_t acc_dlen = 0; 1878 uint64_t tmp_dlen = 0; 1879 size_t req_dlen = 0; 1880 1881 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1882 res = TEE_ERROR_BAD_PARAMETERS; 1883 goto out; 1884 } 1885 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1886 1887 if (operation->info.operationClass != TEE_OPERATION_AE) { 1888 res = TEE_ERROR_BAD_PARAMETERS; 1889 goto out; 1890 } 1891 1892 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1893 res = TEE_ERROR_BAD_PARAMETERS; 1894 goto out; 1895 } 1896 1897 /* 1898 * Check that required destLen is big enough before starting to feed 1899 * data to the algorithm. Errors during feeding of data are fatal as we 1900 * can't restore sync with this API. 1901 */ 1902 req_dlen = operation->buffer_offs + srcLen; 1903 if (*destLen < req_dlen) { 1904 *destLen = req_dlen; 1905 res = TEE_ERROR_SHORT_BUFFER; 1906 goto out; 1907 } 1908 1909 tmp_dlen = *destLen - acc_dlen; 1910 if (operation->block_size > 1) { 1911 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1912 srcData, srcLen, dst, &tmp_dlen); 1913 if (res != TEE_SUCCESS) 1914 goto out; 1915 1916 dst += tmp_dlen; 1917 acc_dlen += tmp_dlen; 1918 1919 tmp_dlen = *destLen - acc_dlen; 1920 res = _utee_authenc_dec_final(operation->state, 1921 operation->buffer, 1922 operation->buffer_offs, dst, 1923 &tmp_dlen, tag, tagLen); 1924 } else { 1925 res = _utee_authenc_dec_final(operation->state, srcData, 1926 srcLen, dst, &tmp_dlen, 1927 tag, tagLen); 1928 } 1929 if (res != TEE_SUCCESS) 1930 goto out; 1931 1932 /* Supplied tagLen should match what we initiated with */ 1933 if (tagLen != operation->info.digestLength) 1934 res = TEE_ERROR_MAC_INVALID; 1935 1936 acc_dlen += tmp_dlen; 1937 *destLen = acc_dlen; 1938 1939 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1940 1941 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1942 1943 out: 1944 if (res != TEE_SUCCESS && 1945 res != TEE_ERROR_SHORT_BUFFER && 1946 res != TEE_ERROR_MAC_INVALID) 1947 TEE_Panic(res); 1948 1949 return res; 1950 } 1951 1952 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation, 1953 const void *srcData, uint32_t srcLen, 1954 void *destData, uint32_t *destLen, 1955 void *tag, uint32_t tagLen) 1956 { 1957 TEE_Result res = TEE_SUCCESS; 1958 size_t dl = 0; 1959 1960 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1961 dl = *destLen; 1962 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl, 1963 tag, tagLen); 1964 *destLen = dl; 1965 return res; 1966 } 1967 1968 /* Cryptographic Operations API - Asymmetric Functions */ 1969 1970 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1971 const TEE_Attribute *params, 1972 uint32_t paramCount, const void *srcData, 1973 size_t srcLen, void *destData, 1974 size_t *destLen) 1975 { 1976 TEE_Result res = TEE_SUCCESS; 1977 struct utee_attribute ua[paramCount]; 1978 uint64_t dl = 0; 1979 1980 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1981 TEE_Panic(0); 1982 1983 __utee_check_attr_in_annotation(params, paramCount); 1984 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1985 1986 if (!operation->key1) 1987 TEE_Panic(0); 1988 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1989 TEE_Panic(0); 1990 if (operation->info.mode != TEE_MODE_ENCRYPT) 1991 TEE_Panic(0); 1992 1993 __utee_from_attr(ua, params, paramCount); 1994 dl = *destLen; 1995 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1996 srcLen, destData, &dl); 1997 *destLen = dl; 1998 1999 if (res != TEE_SUCCESS && 2000 res != TEE_ERROR_SHORT_BUFFER && 2001 res != TEE_ERROR_BAD_PARAMETERS) 2002 TEE_Panic(res); 2003 2004 return res; 2005 } 2006 2007 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2008 const __GP11_TEE_Attribute *params, 2009 uint32_t paramCount, 2010 const void *srcData, uint32_t srcLen, 2011 void *destData, uint32_t *destLen) 2012 { 2013 TEE_Result res = TEE_SUCCESS; 2014 struct utee_attribute ua[paramCount]; 2015 uint64_t dl = 0; 2016 2017 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2018 TEE_Panic(0); 2019 2020 __utee_check_gp11_attr_in_annotation(params, paramCount); 2021 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2022 2023 if (!operation->key1) 2024 TEE_Panic(0); 2025 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2026 TEE_Panic(0); 2027 if (operation->info.mode != TEE_MODE_ENCRYPT) 2028 TEE_Panic(0); 2029 2030 __utee_from_gp11_attr(ua, params, paramCount); 2031 dl = *destLen; 2032 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2033 srcLen, destData, &dl); 2034 *destLen = dl; 2035 2036 if (res != TEE_SUCCESS && 2037 res != TEE_ERROR_SHORT_BUFFER && 2038 res != TEE_ERROR_BAD_PARAMETERS) 2039 TEE_Panic(res); 2040 2041 return res; 2042 } 2043 2044 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2045 const TEE_Attribute *params, 2046 uint32_t paramCount, const void *srcData, 2047 size_t srcLen, void *destData, 2048 size_t *destLen) 2049 { 2050 TEE_Result res = TEE_SUCCESS; 2051 struct utee_attribute ua[paramCount]; 2052 uint64_t dl = 0; 2053 2054 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2055 TEE_Panic(0); 2056 2057 __utee_check_attr_in_annotation(params, paramCount); 2058 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2059 2060 if (!operation->key1) 2061 TEE_Panic(0); 2062 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2063 TEE_Panic(0); 2064 if (operation->info.mode != TEE_MODE_DECRYPT) 2065 TEE_Panic(0); 2066 2067 __utee_from_attr(ua, params, paramCount); 2068 dl = *destLen; 2069 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2070 srcLen, destData, &dl); 2071 *destLen = dl; 2072 2073 if (res != TEE_SUCCESS && 2074 res != TEE_ERROR_SHORT_BUFFER && 2075 res != TEE_ERROR_BAD_PARAMETERS) 2076 TEE_Panic(res); 2077 2078 return res; 2079 } 2080 2081 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2082 const __GP11_TEE_Attribute *params, 2083 uint32_t paramCount, 2084 const void *srcData, uint32_t srcLen, 2085 void *destData, uint32_t *destLen) 2086 { 2087 TEE_Result res = TEE_SUCCESS; 2088 struct utee_attribute ua[paramCount]; 2089 uint64_t dl = 0; 2090 2091 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2092 TEE_Panic(0); 2093 2094 __utee_check_gp11_attr_in_annotation(params, paramCount); 2095 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2096 2097 if (!operation->key1) 2098 TEE_Panic(0); 2099 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2100 TEE_Panic(0); 2101 if (operation->info.mode != TEE_MODE_DECRYPT) 2102 TEE_Panic(0); 2103 2104 __utee_from_gp11_attr(ua, params, paramCount); 2105 dl = *destLen; 2106 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2107 srcLen, destData, &dl); 2108 *destLen = dl; 2109 2110 if (res != TEE_SUCCESS && 2111 res != TEE_ERROR_SHORT_BUFFER && 2112 res != TEE_ERROR_BAD_PARAMETERS) 2113 TEE_Panic(res); 2114 2115 return res; 2116 } 2117 2118 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2119 const TEE_Attribute *params, 2120 uint32_t paramCount, const void *digest, 2121 size_t digestLen, void *signature, 2122 size_t *signatureLen) 2123 { 2124 TEE_Result res = TEE_SUCCESS; 2125 struct utee_attribute ua[paramCount]; 2126 uint64_t sl = 0; 2127 2128 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2129 TEE_Panic(0); 2130 2131 __utee_check_attr_in_annotation(params, paramCount); 2132 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2133 2134 if (!operation->key1) 2135 TEE_Panic(0); 2136 if (operation->info.operationClass != 2137 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2138 TEE_Panic(0); 2139 if (operation->info.mode != TEE_MODE_SIGN) 2140 TEE_Panic(0); 2141 2142 __utee_from_attr(ua, params, paramCount); 2143 sl = *signatureLen; 2144 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2145 digestLen, signature, &sl); 2146 *signatureLen = sl; 2147 2148 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2149 TEE_Panic(res); 2150 2151 return res; 2152 } 2153 2154 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2155 const __GP11_TEE_Attribute *params, 2156 uint32_t paramCount, 2157 const void *digest, 2158 uint32_t digestLen, void *signature, 2159 uint32_t *signatureLen) 2160 { 2161 TEE_Result res = TEE_SUCCESS; 2162 struct utee_attribute ua[paramCount]; 2163 uint64_t sl = 0; 2164 2165 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2166 TEE_Panic(0); 2167 2168 __utee_check_gp11_attr_in_annotation(params, paramCount); 2169 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2170 2171 if (!operation->key1) 2172 TEE_Panic(0); 2173 if (operation->info.operationClass != 2174 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2175 TEE_Panic(0); 2176 if (operation->info.mode != TEE_MODE_SIGN) 2177 TEE_Panic(0); 2178 2179 __utee_from_gp11_attr(ua, params, paramCount); 2180 sl = *signatureLen; 2181 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2182 digestLen, signature, &sl); 2183 *signatureLen = sl; 2184 2185 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2186 TEE_Panic(res); 2187 2188 return res; 2189 } 2190 2191 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2192 const TEE_Attribute *params, 2193 uint32_t paramCount, const void *digest, 2194 size_t digestLen, 2195 const void *signature, 2196 size_t signatureLen) 2197 { 2198 TEE_Result res; 2199 struct utee_attribute ua[paramCount]; 2200 2201 if (operation == TEE_HANDLE_NULL || 2202 (digest == NULL && digestLen != 0) || 2203 (signature == NULL && signatureLen != 0)) 2204 TEE_Panic(0); 2205 2206 __utee_check_attr_in_annotation(params, paramCount); 2207 2208 if (!operation->key1) 2209 TEE_Panic(0); 2210 if (operation->info.operationClass != 2211 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2212 TEE_Panic(0); 2213 if (operation->info.mode != TEE_MODE_VERIFY) 2214 TEE_Panic(0); 2215 2216 __utee_from_attr(ua, params, paramCount); 2217 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2218 digestLen, signature, signatureLen); 2219 2220 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2221 TEE_Panic(res); 2222 2223 return res; 2224 } 2225 2226 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2227 const __GP11_TEE_Attribute *params, 2228 uint32_t paramCount, 2229 const void *digest, 2230 uint32_t digestLen, 2231 const void *signature, 2232 uint32_t signatureLen) 2233 { 2234 TEE_Result res = TEE_SUCCESS; 2235 struct utee_attribute ua[paramCount]; 2236 2237 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 2238 (!signature && signatureLen)) 2239 TEE_Panic(0); 2240 2241 __utee_check_gp11_attr_in_annotation(params, paramCount); 2242 2243 if (!operation->key1) 2244 TEE_Panic(0); 2245 if (operation->info.operationClass != 2246 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2247 TEE_Panic(0); 2248 if (operation->info.mode != TEE_MODE_VERIFY) 2249 TEE_Panic(0); 2250 2251 __utee_from_gp11_attr(ua, params, paramCount); 2252 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2253 digestLen, signature, signatureLen); 2254 2255 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2256 TEE_Panic(res); 2257 2258 return res; 2259 } 2260 2261 /* Cryptographic Operations API - Key Derivation Functions */ 2262 2263 void TEE_DeriveKey(TEE_OperationHandle operation, 2264 const TEE_Attribute *params, uint32_t paramCount, 2265 TEE_ObjectHandle derivedKey) 2266 { 2267 struct utee_attribute ua[paramCount]; 2268 struct utee_object_info key_info = { }; 2269 TEE_Result res = TEE_SUCCESS; 2270 2271 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2272 TEE_Panic(0); 2273 2274 __utee_check_attr_in_annotation(params, paramCount); 2275 2276 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2277 TEE_OPERATION_KEY_DERIVATION) 2278 TEE_Panic(0); 2279 2280 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2281 TEE_Panic(0); 2282 if (!operation->key1) 2283 TEE_Panic(0); 2284 if (operation->info.mode != TEE_MODE_DERIVE) 2285 TEE_Panic(0); 2286 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2287 TEE_Panic(0); 2288 2289 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2290 if (res != TEE_SUCCESS) 2291 TEE_Panic(res); 2292 2293 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2294 TEE_Panic(0); 2295 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2296 TEE_Panic(0); 2297 2298 __utee_from_attr(ua, params, paramCount); 2299 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2300 (unsigned long)derivedKey); 2301 if (res != TEE_SUCCESS) 2302 TEE_Panic(res); 2303 } 2304 2305 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 2306 const __GP11_TEE_Attribute *params, 2307 uint32_t paramCount, TEE_ObjectHandle derivedKey) 2308 { 2309 struct utee_attribute ua[paramCount]; 2310 struct utee_object_info key_info = { }; 2311 TEE_Result res = TEE_SUCCESS; 2312 2313 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2314 TEE_Panic(0); 2315 2316 __utee_check_gp11_attr_in_annotation(params, paramCount); 2317 2318 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2319 TEE_OPERATION_KEY_DERIVATION) 2320 TEE_Panic(0); 2321 2322 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2323 TEE_Panic(0); 2324 if (!operation->key1) 2325 TEE_Panic(0); 2326 if (operation->info.mode != TEE_MODE_DERIVE) 2327 TEE_Panic(0); 2328 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2329 TEE_Panic(0); 2330 2331 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2332 if (res != TEE_SUCCESS) 2333 TEE_Panic(res); 2334 2335 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2336 TEE_Panic(0); 2337 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2338 TEE_Panic(0); 2339 2340 __utee_from_gp11_attr(ua, params, paramCount); 2341 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2342 (unsigned long)derivedKey); 2343 if (res != TEE_SUCCESS) 2344 TEE_Panic(res); 2345 } 2346 2347 /* Cryptographic Operations API - Random Number Generation Functions */ 2348 2349 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen) 2350 { 2351 TEE_Result res; 2352 2353 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2354 if (res != TEE_SUCCESS) 2355 TEE_Panic(res); 2356 } 2357 2358 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2359 { 2360 TEE_GenerateRandom(randomBuffer, randomBufferLen); 2361 } 2362 2363 int rand(void) 2364 { 2365 int rc; 2366 2367 TEE_GenerateRandom(&rc, sizeof(rc)); 2368 2369 /* 2370 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2371 * highest bit set. 2372 */ 2373 return rc & RAND_MAX; 2374 } 2375 2376 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2377 { 2378 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2379 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2380 if (alg == TEE_ALG_AES_ECB_NOPAD) 2381 goto check_element_none; 2382 } 2383 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2384 if (alg == TEE_ALG_AES_CBC_NOPAD) 2385 goto check_element_none; 2386 } 2387 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2388 if (alg == TEE_ALG_AES_CTR) 2389 goto check_element_none; 2390 } 2391 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2392 if (alg == TEE_ALG_AES_CTS) 2393 goto check_element_none; 2394 } 2395 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2396 if (alg == TEE_ALG_AES_XTS) 2397 goto check_element_none; 2398 } 2399 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2400 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2401 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2402 goto check_element_none; 2403 } 2404 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2405 if (alg == TEE_ALG_AES_CMAC) 2406 goto check_element_none; 2407 } 2408 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2409 if (alg == TEE_ALG_AES_CCM) 2410 goto check_element_none; 2411 } 2412 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2413 if (alg == TEE_ALG_AES_GCM) 2414 goto check_element_none; 2415 } 2416 } 2417 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2418 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2419 if (alg == TEE_ALG_DES_ECB_NOPAD || 2420 alg == TEE_ALG_DES3_ECB_NOPAD) 2421 goto check_element_none; 2422 } 2423 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2424 if (alg == TEE_ALG_DES_CBC_NOPAD || 2425 alg == TEE_ALG_DES3_CBC_NOPAD) 2426 goto check_element_none; 2427 } 2428 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2429 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2430 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2431 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2432 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2433 goto check_element_none; 2434 } 2435 } 2436 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2437 if (alg == TEE_ALG_MD5) 2438 goto check_element_none; 2439 } 2440 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2441 if (alg == TEE_ALG_SHA1) 2442 goto check_element_none; 2443 } 2444 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2445 if (alg == TEE_ALG_SHA224) 2446 goto check_element_none; 2447 } 2448 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2449 if (alg == TEE_ALG_SHA256) 2450 goto check_element_none; 2451 } 2452 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2453 if (alg == TEE_ALG_SHA384) 2454 goto check_element_none; 2455 } 2456 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2457 if (alg == TEE_ALG_SHA512) 2458 goto check_element_none; 2459 } 2460 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2461 if (alg == TEE_ALG_SHA3_224) 2462 goto check_element_none; 2463 } 2464 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2465 if (alg == TEE_ALG_SHA3_256) 2466 goto check_element_none; 2467 } 2468 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2469 if (alg == TEE_ALG_SHA3_384) 2470 goto check_element_none; 2471 } 2472 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2473 if (alg == TEE_ALG_SHA3_512) 2474 goto check_element_none; 2475 } 2476 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2477 if (alg == TEE_ALG_MD5SHA1) 2478 goto check_element_none; 2479 } 2480 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2481 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2482 if (alg == TEE_ALG_HMAC_MD5) 2483 goto check_element_none; 2484 } 2485 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2486 if (alg == TEE_ALG_HMAC_SHA1) 2487 goto check_element_none; 2488 } 2489 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2490 if (alg == TEE_ALG_HMAC_SHA224) 2491 goto check_element_none; 2492 } 2493 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2494 if (alg == TEE_ALG_HMAC_SHA256) 2495 goto check_element_none; 2496 } 2497 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2498 if (alg == TEE_ALG_HMAC_SHA384) 2499 goto check_element_none; 2500 } 2501 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2502 if (alg == TEE_ALG_HMAC_SHA512) 2503 goto check_element_none; 2504 } 2505 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2506 if (alg == TEE_ALG_HMAC_SHA3_224) 2507 goto check_element_none; 2508 } 2509 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2510 if (alg == TEE_ALG_HMAC_SHA3_256) 2511 goto check_element_none; 2512 } 2513 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2514 if (alg == TEE_ALG_HMAC_SHA3_384) 2515 goto check_element_none; 2516 } 2517 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2518 if (alg == TEE_ALG_HMAC_SHA3_512) 2519 goto check_element_none; 2520 } 2521 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2522 if (alg == TEE_ALG_HMAC_SM3) 2523 goto check_element_none; 2524 } 2525 } 2526 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2527 if (alg == TEE_ALG_SM3) 2528 goto check_element_none; 2529 } 2530 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2531 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2532 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2533 goto check_element_none; 2534 } 2535 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2536 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2537 goto check_element_none; 2538 } 2539 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2540 if (alg == TEE_ALG_SM4_CTR) 2541 goto check_element_none; 2542 } 2543 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2544 if (alg == TEE_ALG_SM4_XTS) 2545 goto check_element_none; 2546 } 2547 } 2548 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2549 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2550 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 2551 goto check_element_none; 2552 } 2553 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2554 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2555 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2556 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2557 goto check_element_none; 2558 } 2559 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2560 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2561 goto check_element_none; 2562 } 2563 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2564 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2565 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2566 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2567 goto check_element_none; 2568 } 2569 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2570 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2571 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2572 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2573 goto check_element_none; 2574 } 2575 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2576 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2577 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2578 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2579 goto check_element_none; 2580 } 2581 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2582 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2583 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2584 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2585 goto check_element_none; 2586 } 2587 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2588 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2589 goto check_element_none; 2590 } 2591 if (alg == TEE_ALG_RSA_NOPAD) 2592 goto check_element_none; 2593 } 2594 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2595 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2596 if (alg == TEE_ALG_DSA_SHA1) 2597 goto check_element_none; 2598 } 2599 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2600 if (alg == TEE_ALG_DSA_SHA224) 2601 goto check_element_none; 2602 } 2603 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2604 if (alg == TEE_ALG_DSA_SHA256) 2605 goto check_element_none; 2606 } 2607 } 2608 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2609 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2610 goto check_element_none; 2611 } 2612 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2613 if ((alg == __OPTEE_ALG_ECDH_P192 || 2614 alg == __OPTEE_ALG_ECDSA_P192 || 2615 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2616 alg == TEE_ALG_ECDSA_SHA1) && 2617 element == TEE_ECC_CURVE_NIST_P192) 2618 return TEE_SUCCESS; 2619 if ((alg == __OPTEE_ALG_ECDH_P224 || 2620 alg == __OPTEE_ALG_ECDSA_P224 || 2621 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2622 alg == TEE_ALG_ECDSA_SHA224) && 2623 element == TEE_ECC_CURVE_NIST_P224) 2624 return TEE_SUCCESS; 2625 if ((alg == __OPTEE_ALG_ECDH_P256 || 2626 alg == __OPTEE_ALG_ECDSA_P256 || 2627 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2628 alg == TEE_ALG_ECDSA_SHA256) && 2629 element == TEE_ECC_CURVE_NIST_P256) 2630 return TEE_SUCCESS; 2631 if ((alg == __OPTEE_ALG_ECDH_P384 || 2632 alg == __OPTEE_ALG_ECDSA_P384 || 2633 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2634 alg == TEE_ALG_ECDSA_SHA384) && 2635 element == TEE_ECC_CURVE_NIST_P384) 2636 return TEE_SUCCESS; 2637 if ((alg == __OPTEE_ALG_ECDH_P521 || 2638 alg == __OPTEE_ALG_ECDSA_P521 || 2639 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2640 alg == TEE_ALG_ECDSA_SHA512) && 2641 element == TEE_ECC_CURVE_NIST_P521) 2642 return TEE_SUCCESS; 2643 } 2644 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2645 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2646 return TEE_SUCCESS; 2647 } 2648 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2649 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2650 return TEE_SUCCESS; 2651 } 2652 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2653 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2654 return TEE_SUCCESS; 2655 } 2656 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2657 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2658 return TEE_SUCCESS; 2659 } 2660 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2661 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2662 return TEE_SUCCESS; 2663 } 2664 2665 return TEE_ERROR_NOT_SUPPORTED; 2666 check_element_none: 2667 if (element == TEE_CRYPTO_ELEMENT_NONE) 2668 return TEE_SUCCESS; 2669 return TEE_ERROR_NOT_SUPPORTED; 2670 } 2671