1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <config.h> 6 #include <stdlib.h> 7 #include <string.h> 8 #include <string_ext.h> 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 uint32_t ae_tag_len; /* 28 * tag_len in bytes for AE operation else unused 29 */ 30 }; 31 32 /* Cryptographic Operations API - Generic Operation Functions */ 33 34 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 35 uint32_t algorithm, uint32_t mode, 36 uint32_t maxKeySize) 37 { 38 TEE_Result res; 39 TEE_OperationHandle op = TEE_HANDLE_NULL; 40 uint32_t handle_state = 0; 41 size_t block_size = 1; 42 uint32_t req_key_usage; 43 bool with_private_key = false; 44 bool buffer_two_blocks = false; 45 46 if (!operation) 47 TEE_Panic(0); 48 49 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP) 50 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 51 52 /* Check algorithm max key size */ 53 switch (algorithm) { 54 case TEE_ALG_DSA_SHA1: 55 if (maxKeySize < 512) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize > 1024) 58 return TEE_ERROR_NOT_SUPPORTED; 59 if (maxKeySize % 64 != 0) 60 return TEE_ERROR_NOT_SUPPORTED; 61 break; 62 63 case TEE_ALG_DSA_SHA224: 64 if (maxKeySize != 2048) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA256: 69 if (maxKeySize != 2048 && maxKeySize != 3072) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_ECDSA_P192: 74 case TEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_P224: 80 case TEE_ALG_ECDH_P224: 81 if (maxKeySize != 224) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_P256: 86 case TEE_ALG_ECDH_P256: 87 case TEE_ALG_SM2_PKE: 88 case TEE_ALG_SM2_DSA_SM3: 89 if (maxKeySize != 256) 90 return TEE_ERROR_NOT_SUPPORTED; 91 break; 92 93 case TEE_ALG_SM2_KEP: 94 /* Two 256-bit keys */ 95 if (maxKeySize != 512) 96 return TEE_ERROR_NOT_SUPPORTED; 97 break; 98 99 case TEE_ALG_ECDSA_P384: 100 case TEE_ALG_ECDH_P384: 101 if (maxKeySize != 384) 102 return TEE_ERROR_NOT_SUPPORTED; 103 break; 104 105 case TEE_ALG_ECDSA_P521: 106 case TEE_ALG_ECDH_P521: 107 if (maxKeySize != 521) 108 return TEE_ERROR_NOT_SUPPORTED; 109 break; 110 111 default: 112 break; 113 } 114 115 /* Check algorithm mode */ 116 switch (algorithm) { 117 case TEE_ALG_AES_CTS: 118 case TEE_ALG_AES_XTS: 119 buffer_two_blocks = true; 120 /* FALLTHROUGH */ 121 case TEE_ALG_AES_ECB_NOPAD: 122 case TEE_ALG_AES_CBC_NOPAD: 123 case TEE_ALG_AES_CCM: 124 case TEE_ALG_DES_ECB_NOPAD: 125 case TEE_ALG_DES_CBC_NOPAD: 126 case TEE_ALG_DES3_ECB_NOPAD: 127 case TEE_ALG_DES3_CBC_NOPAD: 128 case TEE_ALG_SM4_ECB_NOPAD: 129 case TEE_ALG_SM4_CBC_NOPAD: 130 case TEE_ALG_SM4_CTR: 131 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 132 block_size = TEE_AES_BLOCK_SIZE; 133 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 134 block_size = TEE_SM4_BLOCK_SIZE; 135 else 136 block_size = TEE_DES_BLOCK_SIZE; 137 /* FALLTHROUGH */ 138 case TEE_ALG_AES_CTR: 139 case TEE_ALG_AES_GCM: 140 if (mode == TEE_MODE_ENCRYPT) 141 req_key_usage = TEE_USAGE_ENCRYPT; 142 else if (mode == TEE_MODE_DECRYPT) 143 req_key_usage = TEE_USAGE_DECRYPT; 144 else 145 return TEE_ERROR_NOT_SUPPORTED; 146 break; 147 148 #if defined(CFG_CRYPTO_RSASSA_NA1) 149 case TEE_ALG_RSASSA_PKCS1_V1_5: 150 #endif 151 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 152 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 153 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 154 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 157 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 158 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 159 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 162 case TEE_ALG_DSA_SHA1: 163 case TEE_ALG_DSA_SHA224: 164 case TEE_ALG_DSA_SHA256: 165 case TEE_ALG_ECDSA_P192: 166 case TEE_ALG_ECDSA_P224: 167 case TEE_ALG_ECDSA_P256: 168 case TEE_ALG_ECDSA_P384: 169 case TEE_ALG_ECDSA_P521: 170 case TEE_ALG_SM2_DSA_SM3: 171 if (mode == TEE_MODE_SIGN) { 172 with_private_key = true; 173 req_key_usage = TEE_USAGE_SIGN; 174 } else if (mode == TEE_MODE_VERIFY) { 175 req_key_usage = TEE_USAGE_VERIFY; 176 } else { 177 return TEE_ERROR_NOT_SUPPORTED; 178 } 179 break; 180 181 case TEE_ALG_RSAES_PKCS1_V1_5: 182 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 183 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 184 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 187 case TEE_ALG_SM2_PKE: 188 if (mode == TEE_MODE_ENCRYPT) { 189 req_key_usage = TEE_USAGE_ENCRYPT; 190 } else if (mode == TEE_MODE_DECRYPT) { 191 with_private_key = true; 192 req_key_usage = TEE_USAGE_DECRYPT; 193 } else { 194 return TEE_ERROR_NOT_SUPPORTED; 195 } 196 break; 197 198 case TEE_ALG_RSA_NOPAD: 199 if (mode == TEE_MODE_ENCRYPT) { 200 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 201 } else if (mode == TEE_MODE_DECRYPT) { 202 with_private_key = true; 203 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 204 } else { 205 return TEE_ERROR_NOT_SUPPORTED; 206 } 207 break; 208 209 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 210 case TEE_ALG_ECDH_P192: 211 case TEE_ALG_ECDH_P224: 212 case TEE_ALG_ECDH_P256: 213 case TEE_ALG_ECDH_P384: 214 case TEE_ALG_ECDH_P521: 215 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 216 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 221 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 226 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 227 case TEE_ALG_SM2_KEP: 228 if (mode != TEE_MODE_DERIVE) 229 return TEE_ERROR_NOT_SUPPORTED; 230 with_private_key = true; 231 req_key_usage = TEE_USAGE_DERIVE; 232 break; 233 234 case TEE_ALG_MD5: 235 case TEE_ALG_SHA1: 236 case TEE_ALG_SHA224: 237 case TEE_ALG_SHA256: 238 case TEE_ALG_SHA384: 239 case TEE_ALG_SHA512: 240 case TEE_ALG_SM3: 241 if (mode != TEE_MODE_DIGEST) 242 return TEE_ERROR_NOT_SUPPORTED; 243 /* v1.1: flags always set for digest operations */ 244 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 245 req_key_usage = 0; 246 break; 247 248 case TEE_ALG_DES_CBC_MAC_NOPAD: 249 case TEE_ALG_AES_CBC_MAC_NOPAD: 250 case TEE_ALG_AES_CBC_MAC_PKCS5: 251 case TEE_ALG_AES_CMAC: 252 case TEE_ALG_DES_CBC_MAC_PKCS5: 253 case TEE_ALG_DES3_CBC_MAC_NOPAD: 254 case TEE_ALG_DES3_CBC_MAC_PKCS5: 255 case TEE_ALG_HMAC_MD5: 256 case TEE_ALG_HMAC_SHA1: 257 case TEE_ALG_HMAC_SHA224: 258 case TEE_ALG_HMAC_SHA256: 259 case TEE_ALG_HMAC_SHA384: 260 case TEE_ALG_HMAC_SHA512: 261 case TEE_ALG_HMAC_SM3: 262 if (mode != TEE_MODE_MAC) 263 return TEE_ERROR_NOT_SUPPORTED; 264 req_key_usage = TEE_USAGE_MAC; 265 break; 266 267 default: 268 return TEE_ERROR_NOT_SUPPORTED; 269 } 270 271 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 272 if (!op) 273 return TEE_ERROR_OUT_OF_MEMORY; 274 275 op->info.algorithm = algorithm; 276 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 277 #ifdef CFG_CRYPTO_RSASSA_NA1 278 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 279 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 280 #endif 281 op->info.mode = mode; 282 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 283 op->info.maxKeySize = maxKeySize; 284 op->info.requiredKeyUsage = req_key_usage; 285 op->info.handleState = handle_state; 286 287 if (block_size > 1) { 288 size_t buffer_size = block_size; 289 290 if (buffer_two_blocks) 291 buffer_size *= 2; 292 293 op->buffer = TEE_Malloc(buffer_size, 294 TEE_USER_MEM_HINT_NO_FILL_ZERO); 295 if (op->buffer == NULL) { 296 res = TEE_ERROR_OUT_OF_MEMORY; 297 goto out; 298 } 299 } 300 op->block_size = block_size; 301 op->buffer_two_blocks = buffer_two_blocks; 302 303 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 304 uint32_t mks = maxKeySize; 305 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 306 with_private_key); 307 308 /* 309 * If two keys are expected the max key size is the sum of 310 * the size of both keys. 311 */ 312 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 313 mks /= 2; 314 315 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 316 if (res != TEE_SUCCESS) 317 goto out; 318 319 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 320 res = TEE_AllocateTransientObject(key_type, mks, 321 &op->key2); 322 if (res != TEE_SUCCESS) 323 goto out; 324 } 325 } 326 327 res = utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 328 (unsigned long)op->key2, &op->state); 329 if (res != TEE_SUCCESS) 330 goto out; 331 332 /* 333 * Initialize digest operations 334 * Other multi-stage operations initialized w/ TEE_xxxInit functions 335 * Non-applicable on asymmetric operations 336 */ 337 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 338 res = utee_hash_init(op->state, NULL, 0); 339 if (res != TEE_SUCCESS) 340 goto out; 341 /* v1.1: flags always set for digest operations */ 342 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 343 } 344 345 op->operationState = TEE_OPERATION_STATE_INITIAL; 346 347 *operation = op; 348 349 out: 350 if (res != TEE_SUCCESS) { 351 if (res != TEE_ERROR_OUT_OF_MEMORY && 352 res != TEE_ERROR_NOT_SUPPORTED) 353 TEE_Panic(res); 354 if (op) { 355 if (op->state) { 356 TEE_FreeOperation(op); 357 } else { 358 TEE_Free(op->buffer); 359 TEE_FreeTransientObject(op->key1); 360 TEE_FreeTransientObject(op->key2); 361 TEE_Free(op); 362 } 363 } 364 } 365 366 return res; 367 } 368 369 void TEE_FreeOperation(TEE_OperationHandle operation) 370 { 371 TEE_Result res; 372 373 if (operation == TEE_HANDLE_NULL) 374 TEE_Panic(0); 375 376 /* 377 * Note that keys should not be freed here, since they are 378 * claimed by the operation they will be freed by 379 * utee_cryp_state_free(). 380 */ 381 res = utee_cryp_state_free(operation->state); 382 if (res != TEE_SUCCESS) 383 TEE_Panic(res); 384 385 TEE_Free(operation->buffer); 386 TEE_Free(operation); 387 } 388 389 void TEE_GetOperationInfo(TEE_OperationHandle operation, 390 TEE_OperationInfo *operationInfo) 391 { 392 if (operation == TEE_HANDLE_NULL) 393 TEE_Panic(0); 394 395 if (!operationInfo) 396 TEE_Panic(0); 397 398 *operationInfo = operation->info; 399 } 400 401 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 402 TEE_OperationInfoMultiple *operationInfoMultiple, 403 uint32_t *operationSize) 404 { 405 TEE_Result res = TEE_SUCCESS; 406 TEE_ObjectInfo key_info1; 407 TEE_ObjectInfo key_info2; 408 uint32_t num_of_keys; 409 size_t n; 410 411 if (operation == TEE_HANDLE_NULL) { 412 res = TEE_ERROR_BAD_PARAMETERS; 413 goto out; 414 } 415 416 if (!operationInfoMultiple) { 417 res = TEE_ERROR_BAD_PARAMETERS; 418 goto out; 419 } 420 421 if (!operationSize) { 422 res = TEE_ERROR_BAD_PARAMETERS; 423 goto out; 424 } 425 426 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 427 sizeof(TEE_OperationInfoKey); 428 429 if (num_of_keys > 2) { 430 res = TEE_ERROR_BAD_PARAMETERS; 431 goto out; 432 } 433 434 /* Two keys flag (TEE_ALG_AES_XTS only) */ 435 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 436 0 && 437 (num_of_keys != 2)) { 438 res = TEE_ERROR_SHORT_BUFFER; 439 goto out; 440 } 441 442 /* Clear */ 443 for (n = 0; n < num_of_keys; n++) { 444 operationInfoMultiple->keyInformation[n].keySize = 0; 445 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 446 } 447 448 if (num_of_keys == 2) { 449 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 450 /* Key2 is not a valid handle */ 451 if (res != TEE_SUCCESS) 452 goto out; 453 454 operationInfoMultiple->keyInformation[1].keySize = 455 key_info2.keySize; 456 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 457 operation->info.requiredKeyUsage; 458 } 459 460 if (num_of_keys >= 1) { 461 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 462 /* Key1 is not a valid handle */ 463 if (res != TEE_SUCCESS) { 464 if (num_of_keys == 2) { 465 operationInfoMultiple->keyInformation[1]. 466 keySize = 0; 467 operationInfoMultiple->keyInformation[1]. 468 requiredKeyUsage = 0; 469 } 470 goto out; 471 } 472 473 operationInfoMultiple->keyInformation[0].keySize = 474 key_info1.keySize; 475 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 476 operation->info.requiredKeyUsage; 477 } 478 479 /* No key */ 480 operationInfoMultiple->algorithm = operation->info.algorithm; 481 operationInfoMultiple->operationClass = operation->info.operationClass; 482 operationInfoMultiple->mode = operation->info.mode; 483 operationInfoMultiple->digestLength = operation->info.digestLength; 484 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 485 operationInfoMultiple->handleState = operation->info.handleState; 486 operationInfoMultiple->operationState = operation->operationState; 487 operationInfoMultiple->numberOfKeys = num_of_keys; 488 489 out: 490 if (res != TEE_SUCCESS && 491 res != TEE_ERROR_SHORT_BUFFER) 492 TEE_Panic(res); 493 494 return res; 495 } 496 497 void TEE_ResetOperation(TEE_OperationHandle operation) 498 { 499 TEE_Result res; 500 501 if (operation == TEE_HANDLE_NULL) 502 TEE_Panic(0); 503 504 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 505 TEE_Panic(0); 506 507 operation->operationState = TEE_OPERATION_STATE_INITIAL; 508 509 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 510 res = utee_hash_init(operation->state, NULL, 0); 511 if (res != TEE_SUCCESS) 512 TEE_Panic(res); 513 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 514 } else { 515 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 516 } 517 } 518 519 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 520 TEE_ObjectHandle key) 521 { 522 TEE_Result res; 523 uint32_t key_size = 0; 524 TEE_ObjectInfo key_info; 525 526 if (operation == TEE_HANDLE_NULL) { 527 res = TEE_ERROR_BAD_PARAMETERS; 528 goto out; 529 } 530 531 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 532 res = TEE_ERROR_BAD_PARAMETERS; 533 goto out; 534 } 535 536 if (key == TEE_HANDLE_NULL) { 537 /* Operation key cleared */ 538 TEE_ResetTransientObject(operation->key1); 539 res = TEE_ERROR_BAD_PARAMETERS; 540 goto out; 541 } 542 543 /* No key for digest operation */ 544 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 545 res = TEE_ERROR_BAD_PARAMETERS; 546 goto out; 547 } 548 549 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 550 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 551 0) { 552 res = TEE_ERROR_BAD_PARAMETERS; 553 goto out; 554 } 555 556 res = TEE_GetObjectInfo1(key, &key_info); 557 /* Key is not a valid handle */ 558 if (res != TEE_SUCCESS) 559 goto out; 560 561 /* Supplied key has to meet required usage */ 562 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 563 operation->info.requiredKeyUsage) { 564 res = TEE_ERROR_BAD_PARAMETERS; 565 goto out; 566 } 567 568 if (operation->info.maxKeySize < key_info.keySize) { 569 res = TEE_ERROR_BAD_PARAMETERS; 570 goto out; 571 } 572 573 key_size = key_info.keySize; 574 575 TEE_ResetTransientObject(operation->key1); 576 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 577 578 res = TEE_CopyObjectAttributes1(operation->key1, key); 579 if (res != TEE_SUCCESS) 580 goto out; 581 582 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 583 584 operation->info.keySize = key_size; 585 586 out: 587 if (res != TEE_SUCCESS && 588 res != TEE_ERROR_CORRUPT_OBJECT && 589 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 590 TEE_Panic(res); 591 592 return res; 593 } 594 595 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 596 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 597 { 598 TEE_Result res; 599 uint32_t key_size = 0; 600 TEE_ObjectInfo key_info1; 601 TEE_ObjectInfo key_info2; 602 603 if (operation == TEE_HANDLE_NULL) { 604 res = TEE_ERROR_BAD_PARAMETERS; 605 goto out; 606 } 607 608 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 609 res = TEE_ERROR_BAD_PARAMETERS; 610 goto out; 611 } 612 613 /* 614 * Key1/Key2 and/or are not initialized and 615 * Either both keys are NULL or both are not NULL 616 */ 617 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 618 /* Clear operation key1 (if needed) */ 619 if (key1 == TEE_HANDLE_NULL) 620 TEE_ResetTransientObject(operation->key1); 621 /* Clear operation key2 (if needed) */ 622 if (key2 == TEE_HANDLE_NULL) 623 TEE_ResetTransientObject(operation->key2); 624 res = TEE_ERROR_BAD_PARAMETERS; 625 goto out; 626 } 627 628 /* No key for digest operation */ 629 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 630 res = TEE_ERROR_BAD_PARAMETERS; 631 goto out; 632 } 633 634 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 635 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 636 0) { 637 res = TEE_ERROR_BAD_PARAMETERS; 638 goto out; 639 } 640 641 res = TEE_GetObjectInfo1(key1, &key_info1); 642 /* Key1 is not a valid handle */ 643 if (res != TEE_SUCCESS) 644 goto out; 645 646 /* Supplied key has to meet required usage */ 647 if ((key_info1.objectUsage & operation->info. 648 requiredKeyUsage) != operation->info.requiredKeyUsage) { 649 res = TEE_ERROR_BAD_PARAMETERS; 650 goto out; 651 } 652 653 res = TEE_GetObjectInfo1(key2, &key_info2); 654 /* Key2 is not a valid handle */ 655 if (res != TEE_SUCCESS) { 656 if (res == TEE_ERROR_CORRUPT_OBJECT) 657 res = TEE_ERROR_CORRUPT_OBJECT_2; 658 goto out; 659 } 660 661 /* Supplied key has to meet required usage */ 662 if ((key_info2.objectUsage & operation->info. 663 requiredKeyUsage) != operation->info.requiredKeyUsage) { 664 res = TEE_ERROR_BAD_PARAMETERS; 665 goto out; 666 } 667 668 /* 669 * All the multi key algorithm currently supported requires the keys to 670 * be of equal size. 671 */ 672 if (key_info1.keySize != key_info2.keySize) { 673 res = TEE_ERROR_BAD_PARAMETERS; 674 goto out; 675 676 } 677 678 if (operation->info.maxKeySize < key_info1.keySize) { 679 res = TEE_ERROR_BAD_PARAMETERS; 680 goto out; 681 } 682 683 /* 684 * Odd that only the size of one key should be reported while 685 * size of two key are used when allocating the operation. 686 */ 687 key_size = key_info1.keySize; 688 689 TEE_ResetTransientObject(operation->key1); 690 TEE_ResetTransientObject(operation->key2); 691 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 692 693 res = TEE_CopyObjectAttributes1(operation->key1, key1); 694 if (res != TEE_SUCCESS) 695 goto out; 696 res = TEE_CopyObjectAttributes1(operation->key2, key2); 697 if (res != TEE_SUCCESS) { 698 if (res == TEE_ERROR_CORRUPT_OBJECT) 699 res = TEE_ERROR_CORRUPT_OBJECT_2; 700 goto out; 701 } 702 703 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 704 705 operation->info.keySize = key_size; 706 707 out: 708 if (res != TEE_SUCCESS && 709 res != TEE_ERROR_CORRUPT_OBJECT && 710 res != TEE_ERROR_CORRUPT_OBJECT_2 && 711 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 712 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 713 TEE_Panic(res); 714 715 return res; 716 } 717 718 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 719 { 720 TEE_Result res; 721 722 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 723 TEE_Panic(0); 724 if (dst_op->info.algorithm != src_op->info.algorithm) 725 TEE_Panic(0); 726 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 727 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 728 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 729 730 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 731 key1 = src_op->key1; 732 key2 = src_op->key2; 733 } 734 735 if ((src_op->info.handleState & 736 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 737 TEE_SetOperationKey(dst_op, key1); 738 } else { 739 TEE_SetOperationKey2(dst_op, key1, key2); 740 } 741 } 742 dst_op->info.handleState = src_op->info.handleState; 743 dst_op->info.keySize = src_op->info.keySize; 744 dst_op->operationState = src_op->operationState; 745 746 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 747 dst_op->block_size != src_op->block_size) 748 TEE_Panic(0); 749 750 if (dst_op->buffer != NULL) { 751 if (src_op->buffer == NULL) 752 TEE_Panic(0); 753 754 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 755 dst_op->buffer_offs = src_op->buffer_offs; 756 } else if (src_op->buffer != NULL) { 757 TEE_Panic(0); 758 } 759 760 res = utee_cryp_state_copy(dst_op->state, src_op->state); 761 if (res != TEE_SUCCESS) 762 TEE_Panic(res); 763 } 764 765 /* Cryptographic Operations API - Message Digest Functions */ 766 767 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 768 uint32_t IVLen) 769 { 770 TEE_Result res; 771 772 /* 773 * Note : IV and IVLen are never used in current implementation 774 * This is why coherent values of IV and IVLen are not checked 775 */ 776 res = utee_hash_init(operation->state, IV, IVLen); 777 if (res != TEE_SUCCESS) 778 TEE_Panic(res); 779 operation->buffer_offs = 0; 780 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 781 } 782 783 void TEE_DigestUpdate(TEE_OperationHandle operation, 784 const void *chunk, uint32_t chunkSize) 785 { 786 TEE_Result res = TEE_ERROR_GENERIC; 787 788 if (operation == TEE_HANDLE_NULL || 789 operation->info.operationClass != TEE_OPERATION_DIGEST) 790 TEE_Panic(0); 791 792 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 793 794 res = utee_hash_update(operation->state, chunk, chunkSize); 795 if (res != TEE_SUCCESS) 796 TEE_Panic(res); 797 } 798 799 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 800 uint32_t chunkLen, void *hash, uint32_t *hashLen) 801 { 802 TEE_Result res; 803 uint64_t hl; 804 805 if ((operation == TEE_HANDLE_NULL) || 806 (!chunk && chunkLen) || 807 !hash || 808 !hashLen || 809 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 810 res = TEE_ERROR_BAD_PARAMETERS; 811 goto out; 812 } 813 814 hl = *hashLen; 815 res = utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 816 *hashLen = hl; 817 if (res != TEE_SUCCESS) 818 goto out; 819 820 /* Reset operation state */ 821 init_hash_operation(operation, NULL, 0); 822 823 operation->operationState = TEE_OPERATION_STATE_INITIAL; 824 825 out: 826 if (res != TEE_SUCCESS && 827 res != TEE_ERROR_SHORT_BUFFER) 828 TEE_Panic(res); 829 830 return res; 831 } 832 833 /* Cryptographic Operations API - Symmetric Cipher Functions */ 834 835 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 836 uint32_t IVLen) 837 { 838 TEE_Result res; 839 840 if (operation == TEE_HANDLE_NULL) 841 TEE_Panic(0); 842 843 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 844 TEE_Panic(0); 845 846 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 847 !(operation->key1)) 848 TEE_Panic(0); 849 850 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 851 TEE_ResetOperation(operation); 852 853 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 854 855 res = utee_cipher_init(operation->state, IV, IVLen); 856 if (res != TEE_SUCCESS) 857 TEE_Panic(res); 858 859 operation->buffer_offs = 0; 860 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 861 } 862 863 static TEE_Result tee_buffer_update( 864 TEE_OperationHandle op, 865 TEE_Result(*update_func)(unsigned long state, const void *src, 866 size_t slen, void *dst, uint64_t *dlen), 867 const void *src_data, size_t src_len, 868 void *dest_data, uint64_t *dest_len) 869 { 870 TEE_Result res; 871 const uint8_t *src = src_data; 872 size_t slen = src_len; 873 uint8_t *dst = dest_data; 874 size_t dlen = *dest_len; 875 size_t acc_dlen = 0; 876 uint64_t tmp_dlen; 877 size_t l; 878 size_t buffer_size; 879 size_t buffer_left; 880 881 if (!src) { 882 if (slen) 883 TEE_Panic(0); 884 goto out; 885 } 886 887 if (op->buffer_two_blocks) { 888 buffer_size = op->block_size * 2; 889 buffer_left = 1; 890 } else { 891 buffer_size = op->block_size; 892 buffer_left = 0; 893 } 894 895 if (op->buffer_offs > 0) { 896 /* Fill up complete block */ 897 if (op->buffer_offs < op->block_size) 898 l = MIN(slen, op->block_size - op->buffer_offs); 899 else 900 l = MIN(slen, buffer_size - op->buffer_offs); 901 memcpy(op->buffer + op->buffer_offs, src, l); 902 op->buffer_offs += l; 903 src += l; 904 slen -= l; 905 if ((op->buffer_offs % op->block_size) != 0) 906 goto out; /* Nothing left to do */ 907 } 908 909 /* If we can feed from buffer */ 910 if ((op->buffer_offs > 0) && 911 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 912 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 913 op->block_size); 914 l = MIN(op->buffer_offs, l); 915 tmp_dlen = dlen; 916 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 917 if (res != TEE_SUCCESS) 918 TEE_Panic(res); 919 dst += tmp_dlen; 920 dlen -= tmp_dlen; 921 acc_dlen += tmp_dlen; 922 op->buffer_offs -= l; 923 if (op->buffer_offs > 0) { 924 /* 925 * Slen is small enough to be contained in rest buffer. 926 */ 927 memcpy(op->buffer, op->buffer + l, buffer_size - l); 928 memcpy(op->buffer + op->buffer_offs, src, slen); 929 op->buffer_offs += slen; 930 goto out; /* Nothing left to do */ 931 } 932 } 933 934 if (slen >= (buffer_size + buffer_left)) { 935 /* Buffer is empty, feed as much as possible from src */ 936 if (op->info.algorithm == TEE_ALG_AES_CTS) 937 l = ROUNDUP(slen - buffer_size, op->block_size); 938 else 939 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 940 941 tmp_dlen = dlen; 942 res = update_func(op->state, src, l, dst, &tmp_dlen); 943 if (res != TEE_SUCCESS) 944 TEE_Panic(res); 945 src += l; 946 slen -= l; 947 dst += tmp_dlen; 948 dlen -= tmp_dlen; 949 acc_dlen += tmp_dlen; 950 } 951 952 /* Slen is small enough to be contained in buffer. */ 953 memcpy(op->buffer + op->buffer_offs, src, slen); 954 op->buffer_offs += slen; 955 956 out: 957 *dest_len = acc_dlen; 958 return TEE_SUCCESS; 959 } 960 961 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 962 uint32_t srcLen, void *destData, uint32_t *destLen) 963 { 964 TEE_Result res; 965 size_t req_dlen; 966 uint64_t dl; 967 968 if (operation == TEE_HANDLE_NULL || 969 (srcData == NULL && srcLen != 0) || 970 destLen == NULL || 971 (destData == NULL && *destLen != 0)) { 972 res = TEE_ERROR_BAD_PARAMETERS; 973 goto out; 974 } 975 976 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 977 res = TEE_ERROR_BAD_PARAMETERS; 978 goto out; 979 } 980 981 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 982 res = TEE_ERROR_BAD_PARAMETERS; 983 goto out; 984 } 985 986 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 987 res = TEE_ERROR_BAD_PARAMETERS; 988 goto out; 989 } 990 991 if (!srcData && !srcLen) { 992 *destLen = 0; 993 res = TEE_SUCCESS; 994 goto out; 995 } 996 997 /* Calculate required dlen */ 998 if (operation->block_size > 1) { 999 req_dlen = ((operation->buffer_offs + srcLen) / 1000 operation->block_size) * operation->block_size; 1001 } else { 1002 req_dlen = srcLen; 1003 } 1004 if (operation->buffer_two_blocks) { 1005 if (req_dlen > operation->block_size * 2) 1006 req_dlen -= operation->block_size * 2; 1007 else 1008 req_dlen = 0; 1009 } 1010 /* 1011 * Check that required destLen is big enough before starting to feed 1012 * data to the algorithm. Errors during feeding of data are fatal as we 1013 * can't restore sync with this API. 1014 */ 1015 if (*destLen < req_dlen) { 1016 *destLen = req_dlen; 1017 res = TEE_ERROR_SHORT_BUFFER; 1018 goto out; 1019 } 1020 1021 dl = *destLen; 1022 if (operation->block_size > 1) { 1023 res = tee_buffer_update(operation, utee_cipher_update, srcData, 1024 srcLen, destData, &dl); 1025 } else { 1026 if (srcLen > 0) { 1027 res = utee_cipher_update(operation->state, srcData, 1028 srcLen, destData, &dl); 1029 } else { 1030 res = TEE_SUCCESS; 1031 dl = 0; 1032 } 1033 } 1034 *destLen = dl; 1035 1036 out: 1037 if (res != TEE_SUCCESS && 1038 res != TEE_ERROR_SHORT_BUFFER) 1039 TEE_Panic(res); 1040 1041 return res; 1042 } 1043 1044 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1045 const void *srcData, uint32_t srcLen, 1046 void *destData, uint32_t *destLen) 1047 { 1048 TEE_Result res; 1049 uint8_t *dst = destData; 1050 size_t acc_dlen = 0; 1051 uint64_t tmp_dlen; 1052 size_t req_dlen; 1053 1054 if (operation == TEE_HANDLE_NULL || 1055 (srcData == NULL && srcLen != 0) || 1056 destLen == NULL || 1057 (destData == NULL && *destLen != 0)) { 1058 res = TEE_ERROR_BAD_PARAMETERS; 1059 goto out; 1060 } 1061 1062 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1063 res = TEE_ERROR_BAD_PARAMETERS; 1064 goto out; 1065 } 1066 1067 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1068 res = TEE_ERROR_BAD_PARAMETERS; 1069 goto out; 1070 } 1071 1072 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1073 res = TEE_ERROR_BAD_PARAMETERS; 1074 goto out; 1075 } 1076 1077 /* 1078 * Check that the final block doesn't require padding for those 1079 * algorithms that requires client to supply padding. 1080 */ 1081 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1082 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1083 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1084 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1085 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1086 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1087 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1088 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1089 if (((operation->buffer_offs + srcLen) % operation->block_size) 1090 != 0) { 1091 res = TEE_ERROR_BAD_PARAMETERS; 1092 goto out; 1093 } 1094 } 1095 1096 /* 1097 * Check that required destLen is big enough before starting to feed 1098 * data to the algorithm. Errors during feeding of data are fatal as we 1099 * can't restore sync with this API. 1100 */ 1101 if (operation->block_size > 1) { 1102 req_dlen = operation->buffer_offs + srcLen; 1103 } else { 1104 req_dlen = srcLen; 1105 } 1106 if (*destLen < req_dlen) { 1107 *destLen = req_dlen; 1108 res = TEE_ERROR_SHORT_BUFFER; 1109 goto out; 1110 } 1111 1112 tmp_dlen = *destLen - acc_dlen; 1113 if (operation->block_size > 1) { 1114 res = tee_buffer_update(operation, utee_cipher_update, 1115 srcData, srcLen, dst, &tmp_dlen); 1116 if (res != TEE_SUCCESS) 1117 goto out; 1118 1119 dst += tmp_dlen; 1120 acc_dlen += tmp_dlen; 1121 1122 tmp_dlen = *destLen - acc_dlen; 1123 res = utee_cipher_final(operation->state, operation->buffer, 1124 operation->buffer_offs, dst, &tmp_dlen); 1125 } else { 1126 res = utee_cipher_final(operation->state, srcData, 1127 srcLen, dst, &tmp_dlen); 1128 } 1129 if (res != TEE_SUCCESS) 1130 goto out; 1131 1132 acc_dlen += tmp_dlen; 1133 *destLen = acc_dlen; 1134 1135 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1136 1137 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1138 1139 out: 1140 if (res != TEE_SUCCESS && 1141 res != TEE_ERROR_SHORT_BUFFER) 1142 TEE_Panic(res); 1143 1144 return res; 1145 } 1146 1147 /* Cryptographic Operations API - MAC Functions */ 1148 1149 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1150 { 1151 if (operation == TEE_HANDLE_NULL) 1152 TEE_Panic(0); 1153 1154 if (operation->info.operationClass != TEE_OPERATION_MAC) 1155 TEE_Panic(0); 1156 1157 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1158 !(operation->key1)) 1159 TEE_Panic(0); 1160 1161 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1162 TEE_ResetOperation(operation); 1163 1164 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1165 1166 init_hash_operation(operation, IV, IVLen); 1167 } 1168 1169 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1170 uint32_t chunkSize) 1171 { 1172 TEE_Result res; 1173 1174 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1175 TEE_Panic(0); 1176 1177 if (operation->info.operationClass != TEE_OPERATION_MAC) 1178 TEE_Panic(0); 1179 1180 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1181 TEE_Panic(0); 1182 1183 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1184 TEE_Panic(0); 1185 1186 res = utee_hash_update(operation->state, chunk, chunkSize); 1187 if (res != TEE_SUCCESS) 1188 TEE_Panic(res); 1189 } 1190 1191 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1192 const void *message, uint32_t messageLen, 1193 void *mac, uint32_t *macLen) 1194 { 1195 TEE_Result res; 1196 uint64_t ml; 1197 1198 if (operation == TEE_HANDLE_NULL || 1199 (message == NULL && messageLen != 0) || 1200 mac == NULL || 1201 macLen == NULL) { 1202 res = TEE_ERROR_BAD_PARAMETERS; 1203 goto out; 1204 } 1205 1206 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1207 res = TEE_ERROR_BAD_PARAMETERS; 1208 goto out; 1209 } 1210 1211 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1212 res = TEE_ERROR_BAD_PARAMETERS; 1213 goto out; 1214 } 1215 1216 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1217 res = TEE_ERROR_BAD_PARAMETERS; 1218 goto out; 1219 } 1220 1221 ml = *macLen; 1222 res = utee_hash_final(operation->state, message, messageLen, mac, &ml); 1223 *macLen = ml; 1224 if (res != TEE_SUCCESS) 1225 goto out; 1226 1227 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1228 1229 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1230 1231 out: 1232 if (res != TEE_SUCCESS && 1233 res != TEE_ERROR_SHORT_BUFFER) 1234 TEE_Panic(res); 1235 1236 return res; 1237 } 1238 1239 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1240 const void *message, uint32_t messageLen, 1241 const void *mac, uint32_t macLen) 1242 { 1243 TEE_Result res; 1244 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1245 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1246 1247 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1248 res = TEE_ERROR_BAD_PARAMETERS; 1249 goto out; 1250 } 1251 1252 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1253 res = TEE_ERROR_BAD_PARAMETERS; 1254 goto out; 1255 } 1256 1257 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1258 res = TEE_ERROR_BAD_PARAMETERS; 1259 goto out; 1260 } 1261 1262 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1263 &computed_mac_size); 1264 if (res != TEE_SUCCESS) 1265 goto out; 1266 1267 if (computed_mac_size != macLen) { 1268 res = TEE_ERROR_MAC_INVALID; 1269 goto out; 1270 } 1271 1272 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1273 res = TEE_ERROR_MAC_INVALID; 1274 goto out; 1275 } 1276 1277 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1278 1279 out: 1280 if (res != TEE_SUCCESS && 1281 res != TEE_ERROR_MAC_INVALID) 1282 TEE_Panic(res); 1283 1284 return res; 1285 } 1286 1287 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1288 1289 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1290 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1291 uint32_t payloadLen) 1292 { 1293 TEE_Result res; 1294 1295 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1296 res = TEE_ERROR_BAD_PARAMETERS; 1297 goto out; 1298 } 1299 1300 if (operation->info.operationClass != TEE_OPERATION_AE) { 1301 res = TEE_ERROR_BAD_PARAMETERS; 1302 goto out; 1303 } 1304 1305 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1306 res = TEE_ERROR_BAD_PARAMETERS; 1307 goto out; 1308 } 1309 1310 /* 1311 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1312 * in the implementation. But AES-GCM spec doesn't specify the tag len 1313 * according to the same principle so we have to check here instead to 1314 * be GP compliant. 1315 */ 1316 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1317 /* 1318 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1319 */ 1320 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1321 res = TEE_ERROR_NOT_SUPPORTED; 1322 goto out; 1323 } 1324 } 1325 1326 res = utee_authenc_init(operation->state, nonce, nonceLen, 1327 tagLen / 8, AADLen, payloadLen); 1328 if (res != TEE_SUCCESS) 1329 goto out; 1330 1331 operation->ae_tag_len = tagLen / 8; 1332 operation->info.digestLength = operation->ae_tag_len; 1333 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1334 1335 out: 1336 if (res != TEE_SUCCESS && 1337 res != TEE_ERROR_NOT_SUPPORTED) 1338 TEE_Panic(res); 1339 1340 return res; 1341 } 1342 1343 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1344 uint32_t AADdataLen) 1345 { 1346 TEE_Result res; 1347 1348 if (operation == TEE_HANDLE_NULL || 1349 (AADdata == NULL && AADdataLen != 0)) 1350 TEE_Panic(0); 1351 1352 if (operation->info.operationClass != TEE_OPERATION_AE) 1353 TEE_Panic(0); 1354 1355 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1356 TEE_Panic(0); 1357 1358 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1359 1360 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1361 1362 if (res != TEE_SUCCESS) 1363 TEE_Panic(res); 1364 } 1365 1366 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1367 uint32_t srcLen, void *destData, uint32_t *destLen) 1368 { 1369 TEE_Result res; 1370 size_t req_dlen; 1371 uint64_t dl; 1372 1373 if (operation == TEE_HANDLE_NULL || 1374 (srcData == NULL && srcLen != 0) || 1375 destLen == NULL || 1376 (destData == NULL && *destLen != 0)) { 1377 res = TEE_ERROR_BAD_PARAMETERS; 1378 goto out; 1379 } 1380 1381 if (operation->info.operationClass != TEE_OPERATION_AE) { 1382 res = TEE_ERROR_BAD_PARAMETERS; 1383 goto out; 1384 } 1385 1386 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1387 res = TEE_ERROR_BAD_PARAMETERS; 1388 goto out; 1389 } 1390 1391 if (!srcData && !srcLen) { 1392 *destLen = 0; 1393 res = TEE_SUCCESS; 1394 goto out; 1395 } 1396 1397 /* 1398 * Check that required destLen is big enough before starting to feed 1399 * data to the algorithm. Errors during feeding of data are fatal as we 1400 * can't restore sync with this API. 1401 */ 1402 if (operation->block_size > 1) { 1403 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1404 operation->block_size); 1405 } else { 1406 req_dlen = srcLen; 1407 } 1408 1409 if (*destLen < req_dlen) { 1410 *destLen = req_dlen; 1411 res = TEE_ERROR_SHORT_BUFFER; 1412 goto out; 1413 } 1414 1415 dl = *destLen; 1416 if (operation->block_size > 1) { 1417 res = tee_buffer_update(operation, utee_authenc_update_payload, 1418 srcData, srcLen, destData, &dl); 1419 } else { 1420 if (srcLen > 0) { 1421 res = utee_authenc_update_payload(operation->state, 1422 srcData, srcLen, 1423 destData, &dl); 1424 } else { 1425 dl = 0; 1426 res = TEE_SUCCESS; 1427 } 1428 } 1429 if (res != TEE_SUCCESS) 1430 goto out; 1431 1432 *destLen = dl; 1433 1434 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1435 1436 out: 1437 if (res != TEE_SUCCESS && 1438 res != TEE_ERROR_SHORT_BUFFER) 1439 TEE_Panic(res); 1440 1441 return res; 1442 } 1443 1444 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1445 const void *srcData, uint32_t srcLen, 1446 void *destData, uint32_t *destLen, void *tag, 1447 uint32_t *tagLen) 1448 { 1449 TEE_Result res; 1450 uint8_t *dst = destData; 1451 size_t acc_dlen = 0; 1452 uint64_t tmp_dlen; 1453 size_t req_dlen; 1454 uint64_t tl; 1455 1456 if (operation == TEE_HANDLE_NULL || 1457 (srcData == NULL && srcLen != 0) || 1458 destLen == NULL || 1459 (destData == NULL && *destLen != 0) || 1460 tag == NULL || tagLen == NULL) { 1461 res = TEE_ERROR_BAD_PARAMETERS; 1462 goto out; 1463 } 1464 1465 if (operation->info.operationClass != TEE_OPERATION_AE) { 1466 res = TEE_ERROR_BAD_PARAMETERS; 1467 goto out; 1468 } 1469 1470 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1471 res = TEE_ERROR_BAD_PARAMETERS; 1472 goto out; 1473 } 1474 1475 /* 1476 * Check that required destLen is big enough before starting to feed 1477 * data to the algorithm. Errors during feeding of data are fatal as we 1478 * can't restore sync with this API. 1479 * 1480 * Need to check this before update_payload since sync would be lost if 1481 * we return short buffer after that. 1482 */ 1483 res = TEE_ERROR_GENERIC; 1484 1485 req_dlen = operation->buffer_offs + srcLen; 1486 if (*destLen < req_dlen) { 1487 *destLen = req_dlen; 1488 res = TEE_ERROR_SHORT_BUFFER; 1489 } 1490 1491 if (*tagLen < operation->ae_tag_len) { 1492 *tagLen = operation->ae_tag_len; 1493 res = TEE_ERROR_SHORT_BUFFER; 1494 } 1495 1496 if (res == TEE_ERROR_SHORT_BUFFER) 1497 goto out; 1498 1499 tl = *tagLen; 1500 tmp_dlen = *destLen - acc_dlen; 1501 if (operation->block_size > 1) { 1502 res = tee_buffer_update(operation, utee_authenc_update_payload, 1503 srcData, srcLen, dst, &tmp_dlen); 1504 if (res != TEE_SUCCESS) 1505 goto out; 1506 1507 dst += tmp_dlen; 1508 acc_dlen += tmp_dlen; 1509 1510 tmp_dlen = *destLen - acc_dlen; 1511 res = utee_authenc_enc_final(operation->state, 1512 operation->buffer, 1513 operation->buffer_offs, dst, 1514 &tmp_dlen, tag, &tl); 1515 } else { 1516 res = utee_authenc_enc_final(operation->state, srcData, 1517 srcLen, dst, &tmp_dlen, 1518 tag, &tl); 1519 } 1520 *tagLen = tl; 1521 if (res != TEE_SUCCESS) 1522 goto out; 1523 1524 acc_dlen += tmp_dlen; 1525 *destLen = acc_dlen; 1526 1527 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1528 1529 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1530 1531 out: 1532 if (res != TEE_SUCCESS && 1533 res != TEE_ERROR_SHORT_BUFFER) 1534 TEE_Panic(res); 1535 1536 return res; 1537 } 1538 1539 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1540 const void *srcData, uint32_t srcLen, 1541 void *destData, uint32_t *destLen, void *tag, 1542 uint32_t tagLen) 1543 { 1544 TEE_Result res; 1545 uint8_t *dst = destData; 1546 size_t acc_dlen = 0; 1547 uint64_t tmp_dlen; 1548 size_t req_dlen; 1549 1550 if (operation == TEE_HANDLE_NULL || 1551 (srcData == NULL && srcLen != 0) || 1552 destLen == NULL || 1553 (destData == NULL && *destLen != 0) || 1554 (tag == NULL && tagLen != 0)) { 1555 res = TEE_ERROR_BAD_PARAMETERS; 1556 goto out; 1557 } 1558 1559 if (operation->info.operationClass != TEE_OPERATION_AE) { 1560 res = TEE_ERROR_BAD_PARAMETERS; 1561 goto out; 1562 } 1563 1564 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1565 res = TEE_ERROR_BAD_PARAMETERS; 1566 goto out; 1567 } 1568 1569 /* 1570 * Check that required destLen is big enough before starting to feed 1571 * data to the algorithm. Errors during feeding of data are fatal as we 1572 * can't restore sync with this API. 1573 */ 1574 req_dlen = operation->buffer_offs + srcLen; 1575 if (*destLen < req_dlen) { 1576 *destLen = req_dlen; 1577 res = TEE_ERROR_SHORT_BUFFER; 1578 goto out; 1579 } 1580 1581 tmp_dlen = *destLen - acc_dlen; 1582 if (operation->block_size > 1) { 1583 res = tee_buffer_update(operation, utee_authenc_update_payload, 1584 srcData, srcLen, dst, &tmp_dlen); 1585 if (res != TEE_SUCCESS) 1586 goto out; 1587 1588 dst += tmp_dlen; 1589 acc_dlen += tmp_dlen; 1590 1591 tmp_dlen = *destLen - acc_dlen; 1592 res = utee_authenc_dec_final(operation->state, 1593 operation->buffer, 1594 operation->buffer_offs, dst, 1595 &tmp_dlen, tag, tagLen); 1596 } else { 1597 res = utee_authenc_dec_final(operation->state, srcData, 1598 srcLen, dst, &tmp_dlen, 1599 tag, tagLen); 1600 } 1601 if (res != TEE_SUCCESS) 1602 goto out; 1603 1604 /* Supplied tagLen should match what we initiated with */ 1605 if (tagLen != operation->ae_tag_len) 1606 res = TEE_ERROR_MAC_INVALID; 1607 1608 acc_dlen += tmp_dlen; 1609 *destLen = acc_dlen; 1610 1611 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1612 1613 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1614 1615 out: 1616 if (res != TEE_SUCCESS && 1617 res != TEE_ERROR_SHORT_BUFFER && 1618 res != TEE_ERROR_MAC_INVALID) 1619 TEE_Panic(res); 1620 1621 return res; 1622 } 1623 1624 /* Cryptographic Operations API - Asymmetric Functions */ 1625 1626 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1627 const TEE_Attribute *params, 1628 uint32_t paramCount, const void *srcData, 1629 uint32_t srcLen, void *destData, 1630 uint32_t *destLen) 1631 { 1632 TEE_Result res; 1633 struct utee_attribute ua[paramCount]; 1634 uint64_t dl; 1635 1636 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1637 destLen == NULL || (destData == NULL && *destLen != 0)) 1638 TEE_Panic(0); 1639 if (params == NULL && paramCount != 0) 1640 TEE_Panic(0); 1641 if (!operation->key1) 1642 TEE_Panic(0); 1643 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1644 TEE_Panic(0); 1645 if (operation->info.mode != TEE_MODE_ENCRYPT) 1646 TEE_Panic(0); 1647 1648 __utee_from_attr(ua, params, paramCount); 1649 dl = *destLen; 1650 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1651 srcLen, destData, &dl); 1652 *destLen = dl; 1653 1654 if (res != TEE_SUCCESS && 1655 res != TEE_ERROR_SHORT_BUFFER && 1656 res != TEE_ERROR_BAD_PARAMETERS) 1657 TEE_Panic(res); 1658 1659 return res; 1660 } 1661 1662 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1663 const TEE_Attribute *params, 1664 uint32_t paramCount, const void *srcData, 1665 uint32_t srcLen, void *destData, 1666 uint32_t *destLen) 1667 { 1668 TEE_Result res; 1669 struct utee_attribute ua[paramCount]; 1670 uint64_t dl; 1671 1672 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1673 destLen == NULL || (destData == NULL && *destLen != 0)) 1674 TEE_Panic(0); 1675 if (params == NULL && paramCount != 0) 1676 TEE_Panic(0); 1677 if (!operation->key1) 1678 TEE_Panic(0); 1679 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1680 TEE_Panic(0); 1681 if (operation->info.mode != TEE_MODE_DECRYPT) 1682 TEE_Panic(0); 1683 1684 __utee_from_attr(ua, params, paramCount); 1685 dl = *destLen; 1686 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1687 srcLen, destData, &dl); 1688 *destLen = dl; 1689 1690 if (res != TEE_SUCCESS && 1691 res != TEE_ERROR_SHORT_BUFFER && 1692 res != TEE_ERROR_BAD_PARAMETERS) 1693 TEE_Panic(res); 1694 1695 return res; 1696 } 1697 1698 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1699 const TEE_Attribute *params, 1700 uint32_t paramCount, const void *digest, 1701 uint32_t digestLen, void *signature, 1702 uint32_t *signatureLen) 1703 { 1704 TEE_Result res; 1705 struct utee_attribute ua[paramCount]; 1706 uint64_t sl; 1707 1708 if (operation == TEE_HANDLE_NULL || 1709 (digest == NULL && digestLen != 0) || 1710 signature == NULL || signatureLen == NULL) 1711 TEE_Panic(0); 1712 if (params == NULL && paramCount != 0) 1713 TEE_Panic(0); 1714 if (!operation->key1) 1715 TEE_Panic(0); 1716 if (operation->info.operationClass != 1717 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1718 TEE_Panic(0); 1719 if (operation->info.mode != TEE_MODE_SIGN) 1720 TEE_Panic(0); 1721 1722 __utee_from_attr(ua, params, paramCount); 1723 sl = *signatureLen; 1724 res = utee_asymm_operate(operation->state, ua, paramCount, digest, 1725 digestLen, signature, &sl); 1726 *signatureLen = sl; 1727 1728 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1729 TEE_Panic(res); 1730 1731 return res; 1732 } 1733 1734 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1735 const TEE_Attribute *params, 1736 uint32_t paramCount, const void *digest, 1737 uint32_t digestLen, 1738 const void *signature, 1739 uint32_t signatureLen) 1740 { 1741 TEE_Result res; 1742 struct utee_attribute ua[paramCount]; 1743 1744 if (operation == TEE_HANDLE_NULL || 1745 (digest == NULL && digestLen != 0) || 1746 (signature == NULL && signatureLen != 0)) 1747 TEE_Panic(0); 1748 if (params == NULL && paramCount != 0) 1749 TEE_Panic(0); 1750 if (!operation->key1) 1751 TEE_Panic(0); 1752 if (operation->info.operationClass != 1753 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1754 TEE_Panic(0); 1755 if (operation->info.mode != TEE_MODE_VERIFY) 1756 TEE_Panic(0); 1757 1758 __utee_from_attr(ua, params, paramCount); 1759 res = utee_asymm_verify(operation->state, ua, paramCount, digest, 1760 digestLen, signature, signatureLen); 1761 1762 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1763 TEE_Panic(res); 1764 1765 return res; 1766 } 1767 1768 /* Cryptographic Operations API - Key Derivation Functions */ 1769 1770 void TEE_DeriveKey(TEE_OperationHandle operation, 1771 const TEE_Attribute *params, uint32_t paramCount, 1772 TEE_ObjectHandle derivedKey) 1773 { 1774 TEE_Result res; 1775 TEE_ObjectInfo key_info; 1776 struct utee_attribute ua[paramCount]; 1777 1778 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1779 TEE_Panic(0); 1780 if (params == NULL && paramCount != 0) 1781 TEE_Panic(0); 1782 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1783 TEE_OPERATION_KEY_DERIVATION) 1784 TEE_Panic(0); 1785 1786 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1787 TEE_Panic(0); 1788 if (!operation->key1) 1789 TEE_Panic(0); 1790 if (operation->info.mode != TEE_MODE_DERIVE) 1791 TEE_Panic(0); 1792 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1793 TEE_Panic(0); 1794 1795 res = utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1796 if (res != TEE_SUCCESS) 1797 TEE_Panic(res); 1798 1799 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1800 TEE_Panic(0); 1801 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1802 TEE_Panic(0); 1803 1804 __utee_from_attr(ua, params, paramCount); 1805 res = utee_cryp_derive_key(operation->state, ua, paramCount, 1806 (unsigned long)derivedKey); 1807 if (res != TEE_SUCCESS) 1808 TEE_Panic(res); 1809 } 1810 1811 /* Cryptographic Operations API - Random Number Generation Functions */ 1812 1813 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1814 { 1815 TEE_Result res; 1816 1817 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1818 if (res != TEE_SUCCESS) 1819 TEE_Panic(res); 1820 } 1821 1822 int rand(void) 1823 { 1824 int rc; 1825 1826 TEE_GenerateRandom(&rc, sizeof(rc)); 1827 1828 /* 1829 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1830 * highest bit set. 1831 */ 1832 return rc & RAND_MAX; 1833 } 1834 1835 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1836 { 1837 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1838 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1839 if (alg == TEE_ALG_AES_ECB_NOPAD) 1840 goto check_element_none; 1841 } 1842 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1843 if (alg == TEE_ALG_AES_CBC_NOPAD) 1844 goto check_element_none; 1845 } 1846 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1847 if (alg == TEE_ALG_AES_CTR) 1848 goto check_element_none; 1849 } 1850 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1851 if (alg == TEE_ALG_AES_CTS) 1852 goto check_element_none; 1853 } 1854 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1855 if (alg == TEE_ALG_AES_XTS) 1856 goto check_element_none; 1857 } 1858 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1859 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1860 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1861 goto check_element_none; 1862 } 1863 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1864 if (alg == TEE_ALG_AES_CMAC) 1865 goto check_element_none; 1866 } 1867 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1868 if (alg == TEE_ALG_AES_CCM) 1869 goto check_element_none; 1870 } 1871 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1872 if (alg == TEE_ALG_AES_GCM) 1873 goto check_element_none; 1874 } 1875 } 1876 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1877 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1878 if (alg == TEE_ALG_DES_ECB_NOPAD || 1879 alg == TEE_ALG_DES3_ECB_NOPAD) 1880 goto check_element_none; 1881 } 1882 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1883 if (alg == TEE_ALG_DES_CBC_NOPAD || 1884 alg == TEE_ALG_DES3_CBC_NOPAD) 1885 goto check_element_none; 1886 } 1887 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1888 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1889 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1890 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1891 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1892 goto check_element_none; 1893 } 1894 } 1895 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1896 if (alg == TEE_ALG_MD5) 1897 goto check_element_none; 1898 } 1899 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1900 if (alg == TEE_ALG_SHA1) 1901 goto check_element_none; 1902 } 1903 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1904 if (alg == TEE_ALG_SHA224) 1905 goto check_element_none; 1906 } 1907 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1908 if (alg == TEE_ALG_SHA256) 1909 goto check_element_none; 1910 } 1911 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1912 if (alg == TEE_ALG_SHA384) 1913 goto check_element_none; 1914 } 1915 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1916 if (alg == TEE_ALG_SHA512) 1917 goto check_element_none; 1918 } 1919 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1920 if (alg == TEE_ALG_MD5SHA1) 1921 goto check_element_none; 1922 } 1923 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1924 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1925 if (alg == TEE_ALG_HMAC_MD5) 1926 goto check_element_none; 1927 } 1928 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1929 if (alg == TEE_ALG_HMAC_SHA1) 1930 goto check_element_none; 1931 } 1932 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1933 if (alg == TEE_ALG_HMAC_SHA224) 1934 goto check_element_none; 1935 } 1936 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1937 if (alg == TEE_ALG_HMAC_SHA256) 1938 goto check_element_none; 1939 } 1940 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1941 if (alg == TEE_ALG_HMAC_SHA384) 1942 goto check_element_none; 1943 } 1944 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1945 if (alg == TEE_ALG_HMAC_SHA512) 1946 goto check_element_none; 1947 } 1948 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1949 if (alg == TEE_ALG_HMAC_SM3) 1950 goto check_element_none; 1951 } 1952 } 1953 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1954 if (alg == TEE_ALG_SM3) 1955 goto check_element_none; 1956 } 1957 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1958 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1959 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1960 goto check_element_none; 1961 } 1962 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1963 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1964 goto check_element_none; 1965 } 1966 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1967 if (alg == TEE_ALG_SM4_CTR) 1968 goto check_element_none; 1969 } 1970 } 1971 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1972 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1973 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1974 goto check_element_none; 1975 } 1976 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1977 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1978 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1979 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1980 goto check_element_none; 1981 } 1982 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1983 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 1984 goto check_element_none; 1985 } 1986 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1987 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 1988 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 1989 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 1990 goto check_element_none; 1991 } 1992 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1993 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 1994 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 1995 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 1996 goto check_element_none; 1997 } 1998 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1999 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2000 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2001 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2002 goto check_element_none; 2003 } 2004 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2005 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2006 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2007 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2008 goto check_element_none; 2009 } 2010 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2011 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2012 goto check_element_none; 2013 } 2014 if (alg == TEE_ALG_RSA_NOPAD) 2015 goto check_element_none; 2016 } 2017 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2018 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2019 if (alg == TEE_ALG_DSA_SHA1) 2020 goto check_element_none; 2021 } 2022 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2023 if (alg == TEE_ALG_DSA_SHA224) 2024 goto check_element_none; 2025 } 2026 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2027 if (alg == TEE_ALG_DSA_SHA256) 2028 goto check_element_none; 2029 } 2030 } 2031 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2032 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2033 goto check_element_none; 2034 } 2035 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2036 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2037 element == TEE_ECC_CURVE_NIST_P192) 2038 return TEE_SUCCESS; 2039 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2040 element == TEE_ECC_CURVE_NIST_P224) 2041 return TEE_SUCCESS; 2042 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2043 element == TEE_ECC_CURVE_NIST_P256) 2044 return TEE_SUCCESS; 2045 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2046 element == TEE_ECC_CURVE_NIST_P384) 2047 return TEE_SUCCESS; 2048 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2049 element == TEE_ECC_CURVE_NIST_P521) 2050 return TEE_SUCCESS; 2051 } 2052 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2053 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2054 return TEE_SUCCESS; 2055 } 2056 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2057 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2058 return TEE_SUCCESS; 2059 } 2060 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2061 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2062 return TEE_SUCCESS; 2063 } 2064 2065 return TEE_ERROR_NOT_SUPPORTED; 2066 check_element_none: 2067 if (element == TEE_CRYPTO_ELEMENT_NONE) 2068 return TEE_SUCCESS; 2069 return TEE_ERROR_NOT_SUPPORTED; 2070 } 2071