1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <config.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <string_ext.h> 10 #include <tee_api.h> 11 #include <tee_api_defines_extensions.h> 12 #include <tee_internal_api_extensions.h> 13 #include <utee_syscalls.h> 14 #include <utee_defines.h> 15 #include <util.h> 16 #include "tee_api_private.h" 17 18 struct __TEE_OperationHandle { 19 TEE_OperationInfo info; 20 TEE_ObjectHandle key1; 21 TEE_ObjectHandle key2; 22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 23 uint8_t *buffer; /* buffer to collect complete blocks */ 24 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 25 size_t block_size; /* Block size of cipher */ 26 size_t buffer_offs; /* Offset in buffer */ 27 uint32_t state; /* Handle to state in TEE Core */ 28 }; 29 30 /* Cryptographic Operations API - Generic Operation Functions */ 31 32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 33 uint32_t algorithm, uint32_t mode, 34 uint32_t maxKeySize) 35 { 36 TEE_Result res; 37 TEE_OperationHandle op = TEE_HANDLE_NULL; 38 uint32_t handle_state = 0; 39 size_t block_size = 1; 40 uint32_t req_key_usage; 41 bool with_private_key = false; 42 bool buffer_two_blocks = false; 43 44 if (!operation) 45 TEE_Panic(0); 46 47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 48 algorithm == TEE_ALG_SM4_XTS) 49 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 50 51 /* Check algorithm max key size */ 52 switch (algorithm) { 53 case TEE_ALG_DSA_SHA1: 54 if (maxKeySize < 512) 55 return TEE_ERROR_NOT_SUPPORTED; 56 if (maxKeySize > 1024) 57 return TEE_ERROR_NOT_SUPPORTED; 58 if (maxKeySize % 64 != 0) 59 return TEE_ERROR_NOT_SUPPORTED; 60 break; 61 62 case TEE_ALG_DSA_SHA224: 63 if (maxKeySize != 2048) 64 return TEE_ERROR_NOT_SUPPORTED; 65 break; 66 67 case TEE_ALG_DSA_SHA256: 68 if (maxKeySize != 2048 && maxKeySize != 3072) 69 return TEE_ERROR_NOT_SUPPORTED; 70 break; 71 72 case TEE_ALG_ECDSA_SHA1: 73 case __OPTEE_ALG_ECDSA_P192: 74 case __OPTEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_SHA224: 80 case __OPTEE_ALG_ECDSA_P224: 81 case __OPTEE_ALG_ECDH_P224: 82 if (maxKeySize != 224) 83 return TEE_ERROR_NOT_SUPPORTED; 84 break; 85 86 case TEE_ALG_ECDSA_SHA256: 87 case __OPTEE_ALG_ECDSA_P256: 88 case __OPTEE_ALG_ECDH_P256: 89 case TEE_ALG_SM2_PKE: 90 case TEE_ALG_SM2_DSA_SM3: 91 if (maxKeySize != 256) 92 return TEE_ERROR_NOT_SUPPORTED; 93 break; 94 95 case TEE_ALG_SM2_KEP: 96 /* Two 256-bit keys */ 97 if (maxKeySize != 512) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_ECDSA_SHA384: 102 case __OPTEE_ALG_ECDSA_P384: 103 case __OPTEE_ALG_ECDH_P384: 104 if (maxKeySize != 384) 105 return TEE_ERROR_NOT_SUPPORTED; 106 break; 107 108 case TEE_ALG_ECDSA_SHA512: 109 case __OPTEE_ALG_ECDSA_P521: 110 case __OPTEE_ALG_ECDH_P521: 111 if (maxKeySize != 521) 112 return TEE_ERROR_NOT_SUPPORTED; 113 break; 114 115 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 116 if (maxKeySize > 521) 117 return TEE_ERROR_NOT_SUPPORTED; 118 break; 119 120 case TEE_ALG_ED25519: 121 case TEE_ALG_X25519: 122 if (maxKeySize != 256) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 default: 126 break; 127 } 128 129 /* Check algorithm mode (and maxKeySize for digests) */ 130 switch (algorithm) { 131 case TEE_ALG_AES_CTS: 132 case TEE_ALG_AES_XTS: 133 case TEE_ALG_SM4_XTS: 134 buffer_two_blocks = true; 135 fallthrough; 136 case TEE_ALG_AES_ECB_NOPAD: 137 case TEE_ALG_AES_CBC_NOPAD: 138 case TEE_ALG_AES_CCM: 139 case TEE_ALG_DES_ECB_NOPAD: 140 case TEE_ALG_DES_CBC_NOPAD: 141 case TEE_ALG_DES3_ECB_NOPAD: 142 case TEE_ALG_DES3_CBC_NOPAD: 143 case TEE_ALG_SM4_ECB_NOPAD: 144 case TEE_ALG_SM4_CBC_NOPAD: 145 case TEE_ALG_SM4_CTR: 146 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 147 block_size = TEE_AES_BLOCK_SIZE; 148 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 149 block_size = TEE_SM4_BLOCK_SIZE; 150 else 151 block_size = TEE_DES_BLOCK_SIZE; 152 fallthrough; 153 case TEE_ALG_AES_CTR: 154 case TEE_ALG_AES_GCM: 155 if (mode == TEE_MODE_ENCRYPT) 156 req_key_usage = TEE_USAGE_ENCRYPT; 157 else if (mode == TEE_MODE_DECRYPT) 158 req_key_usage = TEE_USAGE_DECRYPT; 159 else 160 return TEE_ERROR_NOT_SUPPORTED; 161 break; 162 163 #if defined(CFG_CRYPTO_RSASSA_NA1) 164 case TEE_ALG_RSASSA_PKCS1_V1_5: 165 #endif 166 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 167 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 168 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 169 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 170 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 171 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 172 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 173 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 174 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 175 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 176 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 177 case TEE_ALG_DSA_SHA1: 178 case TEE_ALG_DSA_SHA224: 179 case TEE_ALG_DSA_SHA256: 180 case TEE_ALG_ECDSA_SHA1: 181 case TEE_ALG_ECDSA_SHA224: 182 case TEE_ALG_ECDSA_SHA256: 183 case TEE_ALG_ECDSA_SHA384: 184 case TEE_ALG_ECDSA_SHA512: 185 case __OPTEE_ALG_ECDSA_P192: 186 case __OPTEE_ALG_ECDSA_P224: 187 case __OPTEE_ALG_ECDSA_P256: 188 case __OPTEE_ALG_ECDSA_P384: 189 case __OPTEE_ALG_ECDSA_P521: 190 case TEE_ALG_SM2_DSA_SM3: 191 case TEE_ALG_ED25519: 192 if (mode == TEE_MODE_SIGN) { 193 with_private_key = true; 194 req_key_usage = TEE_USAGE_SIGN; 195 } else if (mode == TEE_MODE_VERIFY) { 196 req_key_usage = TEE_USAGE_VERIFY; 197 } else { 198 return TEE_ERROR_NOT_SUPPORTED; 199 } 200 break; 201 202 case TEE_ALG_RSAES_PKCS1_V1_5: 203 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 204 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 205 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 206 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 207 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 208 case TEE_ALG_SM2_PKE: 209 if (mode == TEE_MODE_ENCRYPT) { 210 req_key_usage = TEE_USAGE_ENCRYPT; 211 } else if (mode == TEE_MODE_DECRYPT) { 212 with_private_key = true; 213 req_key_usage = TEE_USAGE_DECRYPT; 214 } else { 215 return TEE_ERROR_NOT_SUPPORTED; 216 } 217 break; 218 219 case TEE_ALG_RSA_NOPAD: 220 if (mode == TEE_MODE_ENCRYPT) { 221 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 222 } else if (mode == TEE_MODE_DECRYPT) { 223 with_private_key = true; 224 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 225 } else { 226 return TEE_ERROR_NOT_SUPPORTED; 227 } 228 break; 229 230 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 231 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 232 case __OPTEE_ALG_ECDH_P192: 233 case __OPTEE_ALG_ECDH_P224: 234 case __OPTEE_ALG_ECDH_P256: 235 case __OPTEE_ALG_ECDH_P384: 236 case __OPTEE_ALG_ECDH_P521: 237 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 238 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 239 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 240 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 241 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 242 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 243 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 244 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 245 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 246 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 247 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 248 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 249 case TEE_ALG_SM2_KEP: 250 case TEE_ALG_X25519: 251 if (mode != TEE_MODE_DERIVE) 252 return TEE_ERROR_NOT_SUPPORTED; 253 with_private_key = true; 254 req_key_usage = TEE_USAGE_DERIVE; 255 break; 256 257 case TEE_ALG_MD5: 258 case TEE_ALG_SHA1: 259 case TEE_ALG_SHA224: 260 case TEE_ALG_SHA256: 261 case TEE_ALG_SHA384: 262 case TEE_ALG_SHA512: 263 case TEE_ALG_SM3: 264 if (mode != TEE_MODE_DIGEST) 265 return TEE_ERROR_NOT_SUPPORTED; 266 if (maxKeySize) 267 return TEE_ERROR_NOT_SUPPORTED; 268 /* v1.1: flags always set for digest operations */ 269 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 270 req_key_usage = 0; 271 break; 272 273 case TEE_ALG_DES_CBC_MAC_NOPAD: 274 case TEE_ALG_AES_CBC_MAC_NOPAD: 275 case TEE_ALG_AES_CBC_MAC_PKCS5: 276 case TEE_ALG_AES_CMAC: 277 case TEE_ALG_DES_CBC_MAC_PKCS5: 278 case TEE_ALG_DES3_CBC_MAC_NOPAD: 279 case TEE_ALG_DES3_CBC_MAC_PKCS5: 280 case TEE_ALG_DES3_CMAC: 281 case TEE_ALG_HMAC_MD5: 282 case TEE_ALG_HMAC_SHA1: 283 case TEE_ALG_HMAC_SHA224: 284 case TEE_ALG_HMAC_SHA256: 285 case TEE_ALG_HMAC_SHA384: 286 case TEE_ALG_HMAC_SHA512: 287 case TEE_ALG_HMAC_SM3: 288 if (mode != TEE_MODE_MAC) 289 return TEE_ERROR_NOT_SUPPORTED; 290 req_key_usage = TEE_USAGE_MAC; 291 break; 292 293 default: 294 return TEE_ERROR_NOT_SUPPORTED; 295 } 296 297 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 298 if (!op) 299 return TEE_ERROR_OUT_OF_MEMORY; 300 301 op->info.algorithm = algorithm; 302 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 303 #ifdef CFG_CRYPTO_RSASSA_NA1 304 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 305 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 306 #endif 307 op->info.mode = mode; 308 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 309 op->info.maxKeySize = maxKeySize; 310 op->info.requiredKeyUsage = req_key_usage; 311 op->info.handleState = handle_state; 312 313 if (block_size > 1) { 314 size_t buffer_size = block_size; 315 316 if (buffer_two_blocks) 317 buffer_size *= 2; 318 319 op->buffer = TEE_Malloc(buffer_size, 320 TEE_USER_MEM_HINT_NO_FILL_ZERO); 321 if (op->buffer == NULL) { 322 res = TEE_ERROR_OUT_OF_MEMORY; 323 goto out; 324 } 325 } 326 op->block_size = block_size; 327 op->buffer_two_blocks = buffer_two_blocks; 328 329 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 330 uint32_t mks = maxKeySize; 331 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 332 with_private_key); 333 334 /* 335 * If two keys are expected the max key size is the sum of 336 * the size of both keys. 337 */ 338 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 339 mks /= 2; 340 341 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 342 if (res != TEE_SUCCESS) 343 goto out; 344 345 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 346 res = TEE_AllocateTransientObject(key_type, mks, 347 &op->key2); 348 if (res != TEE_SUCCESS) 349 goto out; 350 } 351 } 352 353 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 354 (unsigned long)op->key2, &op->state); 355 if (res != TEE_SUCCESS) 356 goto out; 357 358 /* 359 * Initialize digest operations 360 * Other multi-stage operations initialized w/ TEE_xxxInit functions 361 * Non-applicable on asymmetric operations 362 */ 363 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 364 res = _utee_hash_init(op->state, NULL, 0); 365 if (res != TEE_SUCCESS) 366 goto out; 367 /* v1.1: flags always set for digest operations */ 368 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 369 } 370 371 op->operationState = TEE_OPERATION_STATE_INITIAL; 372 373 *operation = op; 374 375 out: 376 if (res != TEE_SUCCESS) { 377 if (res != TEE_ERROR_OUT_OF_MEMORY && 378 res != TEE_ERROR_NOT_SUPPORTED) 379 TEE_Panic(res); 380 if (op) { 381 if (op->state) { 382 TEE_FreeOperation(op); 383 } else { 384 TEE_Free(op->buffer); 385 TEE_FreeTransientObject(op->key1); 386 TEE_FreeTransientObject(op->key2); 387 TEE_Free(op); 388 } 389 } 390 } 391 392 return res; 393 } 394 395 void TEE_FreeOperation(TEE_OperationHandle operation) 396 { 397 TEE_Result res; 398 399 if (operation == TEE_HANDLE_NULL) 400 TEE_Panic(0); 401 402 /* 403 * Note that keys should not be freed here, since they are 404 * claimed by the operation they will be freed by 405 * utee_cryp_state_free(). 406 */ 407 res = _utee_cryp_state_free(operation->state); 408 if (res != TEE_SUCCESS) 409 TEE_Panic(res); 410 411 TEE_Free(operation->buffer); 412 TEE_Free(operation); 413 } 414 415 void TEE_GetOperationInfo(TEE_OperationHandle operation, 416 TEE_OperationInfo *operationInfo) 417 { 418 if (operation == TEE_HANDLE_NULL) 419 TEE_Panic(0); 420 421 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 422 423 *operationInfo = operation->info; 424 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 425 operationInfo->keySize = 0; 426 operationInfo->requiredKeyUsage = 0; 427 } 428 } 429 430 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 431 TEE_OperationInfoMultiple *op_info, 432 uint32_t *size) 433 { 434 TEE_Result res = TEE_SUCCESS; 435 TEE_ObjectInfo kinfo = { }; 436 size_t max_key_count = 0; 437 bool two_keys = false; 438 439 if (op == TEE_HANDLE_NULL) { 440 res = TEE_ERROR_BAD_PARAMETERS; 441 goto out; 442 } 443 444 __utee_check_gp11_outbuf_annotation(op_info, size); 445 446 if (*size < sizeof(*op_info)) { 447 res = TEE_ERROR_BAD_PARAMETERS; 448 goto out; 449 } 450 max_key_count = (*size - sizeof(*op_info)) / 451 sizeof(TEE_OperationInfoKey); 452 453 TEE_MemFill(op_info, 0, *size); 454 455 /* Two keys flag (TEE_ALG_AES_XTS only) */ 456 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 457 458 if (op->info.mode == TEE_MODE_DIGEST) { 459 op_info->numberOfKeys = 0; 460 } else if (!two_keys) { 461 if (max_key_count < 1) { 462 res = TEE_ERROR_SHORT_BUFFER; 463 goto out; 464 } 465 466 res = TEE_GetObjectInfo1(op->key1, &kinfo); 467 /* Key1 is not a valid handle, "can't happen". */ 468 if (res) 469 goto out; 470 471 op_info->keyInformation[0].keySize = kinfo.objectSize; 472 op_info->keyInformation[0].requiredKeyUsage = 473 op->info.requiredKeyUsage; 474 op_info->numberOfKeys = 1; 475 } else { 476 if (max_key_count < 2) { 477 res = TEE_ERROR_SHORT_BUFFER; 478 goto out; 479 } 480 481 res = TEE_GetObjectInfo1(op->key1, &kinfo); 482 /* Key1 is not a valid handle, "can't happen". */ 483 if (res) 484 goto out; 485 486 op_info->keyInformation[0].keySize = kinfo.objectSize; 487 op_info->keyInformation[0].requiredKeyUsage = 488 op->info.requiredKeyUsage; 489 490 res = TEE_GetObjectInfo1(op->key2, &kinfo); 491 /* Key2 is not a valid handle, "can't happen". */ 492 if (res) 493 goto out; 494 495 op_info->keyInformation[1].keySize = kinfo.objectSize; 496 op_info->keyInformation[1].requiredKeyUsage = 497 op->info.requiredKeyUsage; 498 499 op_info->numberOfKeys = 2; 500 } 501 502 op_info->algorithm = op->info.algorithm; 503 op_info->operationClass = op->info.operationClass; 504 op_info->mode = op->info.mode; 505 op_info->digestLength = op->info.digestLength; 506 op_info->maxKeySize = op->info.maxKeySize; 507 op_info->handleState = op->info.handleState; 508 op_info->operationState = op->operationState; 509 510 out: 511 if (res != TEE_SUCCESS && 512 res != TEE_ERROR_SHORT_BUFFER) 513 TEE_Panic(res); 514 515 return res; 516 } 517 518 void TEE_ResetOperation(TEE_OperationHandle operation) 519 { 520 TEE_Result res; 521 522 if (operation == TEE_HANDLE_NULL) 523 TEE_Panic(0); 524 525 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 526 TEE_Panic(0); 527 528 operation->operationState = TEE_OPERATION_STATE_INITIAL; 529 530 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 531 res = _utee_hash_init(operation->state, NULL, 0); 532 if (res != TEE_SUCCESS) 533 TEE_Panic(res); 534 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 535 } else { 536 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 537 } 538 } 539 540 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 541 TEE_ObjectHandle key) 542 { 543 TEE_Result res; 544 uint32_t key_size = 0; 545 TEE_ObjectInfo key_info; 546 547 if (operation == TEE_HANDLE_NULL) { 548 res = TEE_ERROR_BAD_PARAMETERS; 549 goto out; 550 } 551 552 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 553 res = TEE_ERROR_BAD_PARAMETERS; 554 goto out; 555 } 556 557 if (key == TEE_HANDLE_NULL) { 558 /* Operation key cleared */ 559 TEE_ResetTransientObject(operation->key1); 560 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 561 return TEE_SUCCESS; 562 } 563 564 /* No key for digest operation */ 565 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 566 res = TEE_ERROR_BAD_PARAMETERS; 567 goto out; 568 } 569 570 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 571 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 572 0) { 573 res = TEE_ERROR_BAD_PARAMETERS; 574 goto out; 575 } 576 577 res = TEE_GetObjectInfo1(key, &key_info); 578 /* Key is not a valid handle */ 579 if (res != TEE_SUCCESS) 580 goto out; 581 582 /* Supplied key has to meet required usage */ 583 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 584 operation->info.requiredKeyUsage) { 585 res = TEE_ERROR_BAD_PARAMETERS; 586 goto out; 587 } 588 589 if (operation->info.maxKeySize < key_info.objectSize) { 590 res = TEE_ERROR_BAD_PARAMETERS; 591 goto out; 592 } 593 594 key_size = key_info.objectSize; 595 596 TEE_ResetTransientObject(operation->key1); 597 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 598 599 res = TEE_CopyObjectAttributes1(operation->key1, key); 600 if (res != TEE_SUCCESS) 601 goto out; 602 603 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 604 605 operation->info.keySize = key_size; 606 607 out: 608 if (res != TEE_SUCCESS && 609 res != TEE_ERROR_CORRUPT_OBJECT && 610 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 611 TEE_Panic(res); 612 613 return res; 614 } 615 616 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 617 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 618 { 619 TEE_Result res; 620 uint32_t key_size = 0; 621 TEE_ObjectInfo key_info1; 622 TEE_ObjectInfo key_info2; 623 624 if (operation == TEE_HANDLE_NULL) { 625 res = TEE_ERROR_BAD_PARAMETERS; 626 goto out; 627 } 628 629 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 630 res = TEE_ERROR_BAD_PARAMETERS; 631 goto out; 632 } 633 634 /* 635 * Key1/Key2 and/or are not initialized and 636 * Either both keys are NULL or both are not NULL 637 */ 638 if (!key1 && !key2) { 639 /* Clear the keys */ 640 TEE_ResetTransientObject(operation->key1); 641 TEE_ResetTransientObject(operation->key2); 642 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 643 return TEE_SUCCESS; 644 } else if (!key1 || !key2) { 645 /* Both keys are obviously not valid. */ 646 res = TEE_ERROR_BAD_PARAMETERS; 647 goto out; 648 } 649 650 /* No key for digest operation */ 651 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 652 res = TEE_ERROR_BAD_PARAMETERS; 653 goto out; 654 } 655 656 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 657 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 658 0) { 659 res = TEE_ERROR_BAD_PARAMETERS; 660 goto out; 661 } 662 663 res = TEE_GetObjectInfo1(key1, &key_info1); 664 /* Key1 is not a valid handle */ 665 if (res != TEE_SUCCESS) 666 goto out; 667 668 /* Supplied key has to meet required usage */ 669 if ((key_info1.objectUsage & operation->info. 670 requiredKeyUsage) != operation->info.requiredKeyUsage) { 671 res = TEE_ERROR_BAD_PARAMETERS; 672 goto out; 673 } 674 675 res = TEE_GetObjectInfo1(key2, &key_info2); 676 /* Key2 is not a valid handle */ 677 if (res != TEE_SUCCESS) { 678 if (res == TEE_ERROR_CORRUPT_OBJECT) 679 res = TEE_ERROR_CORRUPT_OBJECT_2; 680 goto out; 681 } 682 683 /* Supplied key has to meet required usage */ 684 if ((key_info2.objectUsage & operation->info. 685 requiredKeyUsage) != operation->info.requiredKeyUsage) { 686 res = TEE_ERROR_BAD_PARAMETERS; 687 goto out; 688 } 689 690 /* 691 * All the multi key algorithm currently supported requires the keys to 692 * be of equal size. 693 */ 694 if (key_info1.objectSize != key_info2.objectSize) { 695 res = TEE_ERROR_BAD_PARAMETERS; 696 goto out; 697 698 } 699 700 if (operation->info.maxKeySize < key_info1.objectSize) { 701 res = TEE_ERROR_BAD_PARAMETERS; 702 goto out; 703 } 704 705 /* 706 * Odd that only the size of one key should be reported while 707 * size of two key are used when allocating the operation. 708 */ 709 key_size = key_info1.objectSize; 710 711 TEE_ResetTransientObject(operation->key1); 712 TEE_ResetTransientObject(operation->key2); 713 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 714 715 res = TEE_CopyObjectAttributes1(operation->key1, key1); 716 if (res != TEE_SUCCESS) 717 goto out; 718 res = TEE_CopyObjectAttributes1(operation->key2, key2); 719 if (res != TEE_SUCCESS) { 720 if (res == TEE_ERROR_CORRUPT_OBJECT) 721 res = TEE_ERROR_CORRUPT_OBJECT_2; 722 goto out; 723 } 724 725 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 726 727 operation->info.keySize = key_size; 728 729 out: 730 if (res != TEE_SUCCESS && 731 res != TEE_ERROR_CORRUPT_OBJECT && 732 res != TEE_ERROR_CORRUPT_OBJECT_2 && 733 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 734 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 735 TEE_Panic(res); 736 737 return res; 738 } 739 740 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 741 { 742 TEE_Result res; 743 744 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 745 TEE_Panic(0); 746 if (dst_op->info.algorithm != src_op->info.algorithm) 747 TEE_Panic(0); 748 if (dst_op->info.mode != src_op->info.mode) 749 TEE_Panic(0); 750 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 751 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 752 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 753 754 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 755 key1 = src_op->key1; 756 key2 = src_op->key2; 757 } 758 759 if ((src_op->info.handleState & 760 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 761 TEE_SetOperationKey(dst_op, key1); 762 } else { 763 TEE_SetOperationKey2(dst_op, key1, key2); 764 } 765 } 766 dst_op->info.handleState = src_op->info.handleState; 767 dst_op->info.keySize = src_op->info.keySize; 768 dst_op->info.digestLength = src_op->info.digestLength; 769 dst_op->operationState = src_op->operationState; 770 771 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 772 dst_op->block_size != src_op->block_size) 773 TEE_Panic(0); 774 775 if (dst_op->buffer != NULL) { 776 if (src_op->buffer == NULL) 777 TEE_Panic(0); 778 779 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 780 dst_op->buffer_offs = src_op->buffer_offs; 781 } else if (src_op->buffer != NULL) { 782 TEE_Panic(0); 783 } 784 785 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 786 if (res != TEE_SUCCESS) 787 TEE_Panic(res); 788 } 789 790 /* Cryptographic Operations API - Message Digest Functions */ 791 792 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 793 uint32_t IVLen) 794 { 795 TEE_Result res; 796 797 /* 798 * Note : IV and IVLen are never used in current implementation 799 * This is why coherent values of IV and IVLen are not checked 800 */ 801 res = _utee_hash_init(operation->state, IV, IVLen); 802 if (res != TEE_SUCCESS) 803 TEE_Panic(res); 804 operation->buffer_offs = 0; 805 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 806 } 807 808 void TEE_DigestUpdate(TEE_OperationHandle operation, 809 const void *chunk, uint32_t chunkSize) 810 { 811 TEE_Result res = TEE_ERROR_GENERIC; 812 813 if (operation == TEE_HANDLE_NULL || 814 operation->info.operationClass != TEE_OPERATION_DIGEST) 815 TEE_Panic(0); 816 817 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 818 819 res = _utee_hash_update(operation->state, chunk, chunkSize); 820 if (res != TEE_SUCCESS) 821 TEE_Panic(res); 822 } 823 824 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 825 uint32_t chunkLen, void *hash, uint32_t *hashLen) 826 { 827 TEE_Result res; 828 uint64_t hl; 829 830 if ((operation == TEE_HANDLE_NULL) || 831 (!chunk && chunkLen) || 832 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 833 res = TEE_ERROR_BAD_PARAMETERS; 834 goto out; 835 } 836 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 837 838 hl = *hashLen; 839 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 840 *hashLen = hl; 841 if (res != TEE_SUCCESS) 842 goto out; 843 844 /* Reset operation state */ 845 init_hash_operation(operation, NULL, 0); 846 847 operation->operationState = TEE_OPERATION_STATE_INITIAL; 848 849 out: 850 if (res != TEE_SUCCESS && 851 res != TEE_ERROR_SHORT_BUFFER) 852 TEE_Panic(res); 853 854 return res; 855 } 856 857 /* Cryptographic Operations API - Symmetric Cipher Functions */ 858 859 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 860 uint32_t IVLen) 861 { 862 TEE_Result res; 863 864 if (operation == TEE_HANDLE_NULL) 865 TEE_Panic(0); 866 867 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 868 TEE_Panic(0); 869 870 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 871 !(operation->key1)) 872 TEE_Panic(0); 873 874 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 875 TEE_ResetOperation(operation); 876 877 if (IV && IVLen) { 878 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 879 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 880 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 881 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 882 TEE_Panic(0); 883 } 884 885 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 886 887 res = _utee_cipher_init(operation->state, IV, IVLen); 888 if (res != TEE_SUCCESS) 889 TEE_Panic(res); 890 891 operation->buffer_offs = 0; 892 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 893 } 894 895 static TEE_Result tee_buffer_update( 896 TEE_OperationHandle op, 897 TEE_Result(*update_func)(unsigned long state, const void *src, 898 size_t slen, void *dst, uint64_t *dlen), 899 const void *src_data, size_t src_len, 900 void *dest_data, uint64_t *dest_len) 901 { 902 TEE_Result res; 903 const uint8_t *src = src_data; 904 size_t slen = src_len; 905 uint8_t *dst = dest_data; 906 size_t dlen = *dest_len; 907 size_t acc_dlen = 0; 908 uint64_t tmp_dlen; 909 size_t l; 910 size_t buffer_size; 911 size_t buffer_left; 912 913 if (!src) { 914 if (slen) 915 TEE_Panic(0); 916 goto out; 917 } 918 919 if (op->buffer_two_blocks) { 920 buffer_size = op->block_size * 2; 921 buffer_left = 1; 922 } else { 923 buffer_size = op->block_size; 924 buffer_left = 0; 925 } 926 927 if (op->buffer_offs > 0) { 928 /* Fill up complete block */ 929 if (op->buffer_offs < op->block_size) 930 l = MIN(slen, op->block_size - op->buffer_offs); 931 else 932 l = MIN(slen, buffer_size - op->buffer_offs); 933 memcpy(op->buffer + op->buffer_offs, src, l); 934 op->buffer_offs += l; 935 src += l; 936 slen -= l; 937 if ((op->buffer_offs % op->block_size) != 0) 938 goto out; /* Nothing left to do */ 939 } 940 941 /* If we can feed from buffer */ 942 if ((op->buffer_offs > 0) && 943 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 944 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 945 op->block_size); 946 l = MIN(op->buffer_offs, l); 947 tmp_dlen = dlen; 948 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 949 if (res != TEE_SUCCESS) 950 TEE_Panic(res); 951 dst += tmp_dlen; 952 dlen -= tmp_dlen; 953 acc_dlen += tmp_dlen; 954 op->buffer_offs -= l; 955 if (op->buffer_offs > 0) { 956 /* 957 * Slen is small enough to be contained in rest buffer. 958 */ 959 memcpy(op->buffer, op->buffer + l, buffer_size - l); 960 memcpy(op->buffer + op->buffer_offs, src, slen); 961 op->buffer_offs += slen; 962 goto out; /* Nothing left to do */ 963 } 964 } 965 966 if (slen >= (buffer_size + buffer_left)) { 967 /* Buffer is empty, feed as much as possible from src */ 968 if (op->info.algorithm == TEE_ALG_AES_CTS) 969 l = ROUNDUP(slen - buffer_size, op->block_size); 970 else 971 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 972 973 tmp_dlen = dlen; 974 res = update_func(op->state, src, l, dst, &tmp_dlen); 975 if (res != TEE_SUCCESS) 976 TEE_Panic(res); 977 src += l; 978 slen -= l; 979 dst += tmp_dlen; 980 dlen -= tmp_dlen; 981 acc_dlen += tmp_dlen; 982 } 983 984 /* Slen is small enough to be contained in buffer. */ 985 memcpy(op->buffer + op->buffer_offs, src, slen); 986 op->buffer_offs += slen; 987 988 out: 989 *dest_len = acc_dlen; 990 return TEE_SUCCESS; 991 } 992 993 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 994 uint32_t srcLen, void *destData, uint32_t *destLen) 995 { 996 TEE_Result res; 997 size_t req_dlen; 998 uint64_t dl; 999 1000 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1001 res = TEE_ERROR_BAD_PARAMETERS; 1002 goto out; 1003 } 1004 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1005 1006 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1007 res = TEE_ERROR_BAD_PARAMETERS; 1008 goto out; 1009 } 1010 1011 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1012 res = TEE_ERROR_BAD_PARAMETERS; 1013 goto out; 1014 } 1015 1016 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1017 res = TEE_ERROR_BAD_PARAMETERS; 1018 goto out; 1019 } 1020 1021 if (!srcData && !srcLen) { 1022 *destLen = 0; 1023 res = TEE_SUCCESS; 1024 goto out; 1025 } 1026 1027 /* Calculate required dlen */ 1028 if (operation->block_size > 1) { 1029 req_dlen = ((operation->buffer_offs + srcLen) / 1030 operation->block_size) * operation->block_size; 1031 } else { 1032 req_dlen = srcLen; 1033 } 1034 if (operation->buffer_two_blocks) { 1035 if (req_dlen > operation->block_size * 2) 1036 req_dlen -= operation->block_size * 2; 1037 else 1038 req_dlen = 0; 1039 } 1040 /* 1041 * Check that required destLen is big enough before starting to feed 1042 * data to the algorithm. Errors during feeding of data are fatal as we 1043 * can't restore sync with this API. 1044 */ 1045 if (*destLen < req_dlen) { 1046 *destLen = req_dlen; 1047 res = TEE_ERROR_SHORT_BUFFER; 1048 goto out; 1049 } 1050 1051 dl = *destLen; 1052 if (operation->block_size > 1) { 1053 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1054 srcLen, destData, &dl); 1055 } else { 1056 if (srcLen > 0) { 1057 res = _utee_cipher_update(operation->state, srcData, 1058 srcLen, destData, &dl); 1059 } else { 1060 res = TEE_SUCCESS; 1061 dl = 0; 1062 } 1063 } 1064 *destLen = dl; 1065 1066 out: 1067 if (res != TEE_SUCCESS && 1068 res != TEE_ERROR_SHORT_BUFFER) 1069 TEE_Panic(res); 1070 1071 return res; 1072 } 1073 1074 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1075 const void *srcData, uint32_t srcLen, 1076 void *destData, uint32_t *destLen) 1077 { 1078 TEE_Result res = TEE_SUCCESS; 1079 uint8_t *dst = destData; 1080 size_t acc_dlen = 0; 1081 uint64_t tmp_dlen = 0; 1082 size_t req_dlen = 0; 1083 1084 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1085 res = TEE_ERROR_BAD_PARAMETERS; 1086 goto out; 1087 } 1088 if (destLen) 1089 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1090 1091 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1092 res = TEE_ERROR_BAD_PARAMETERS; 1093 goto out; 1094 } 1095 1096 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1097 res = TEE_ERROR_BAD_PARAMETERS; 1098 goto out; 1099 } 1100 1101 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1102 res = TEE_ERROR_BAD_PARAMETERS; 1103 goto out; 1104 } 1105 1106 /* 1107 * Check that the final block doesn't require padding for those 1108 * algorithms that requires client to supply padding. 1109 */ 1110 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1111 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1112 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1113 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1114 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1115 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1116 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1117 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1118 if (((operation->buffer_offs + srcLen) % operation->block_size) 1119 != 0) { 1120 res = TEE_ERROR_BAD_PARAMETERS; 1121 goto out; 1122 } 1123 } 1124 1125 /* 1126 * Check that required destLen is big enough before starting to feed 1127 * data to the algorithm. Errors during feeding of data are fatal as we 1128 * can't restore sync with this API. 1129 */ 1130 if (operation->block_size > 1) { 1131 req_dlen = operation->buffer_offs + srcLen; 1132 } else { 1133 req_dlen = srcLen; 1134 } 1135 if (destLen) 1136 tmp_dlen = *destLen; 1137 if (tmp_dlen < req_dlen) { 1138 if (destLen) 1139 *destLen = req_dlen; 1140 res = TEE_ERROR_SHORT_BUFFER; 1141 goto out; 1142 } 1143 1144 if (operation->block_size > 1) { 1145 if (srcLen) { 1146 res = tee_buffer_update(operation, _utee_cipher_update, 1147 srcData, srcLen, dst, 1148 &tmp_dlen); 1149 if (res != TEE_SUCCESS) 1150 goto out; 1151 1152 dst += tmp_dlen; 1153 acc_dlen += tmp_dlen; 1154 1155 tmp_dlen = *destLen - acc_dlen; 1156 } 1157 res = _utee_cipher_final(operation->state, operation->buffer, 1158 operation->buffer_offs, dst, 1159 &tmp_dlen); 1160 } else { 1161 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1162 &tmp_dlen); 1163 } 1164 if (res != TEE_SUCCESS) 1165 goto out; 1166 1167 acc_dlen += tmp_dlen; 1168 if (destLen) 1169 *destLen = acc_dlen; 1170 1171 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1172 1173 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1174 1175 out: 1176 if (res != TEE_SUCCESS && 1177 res != TEE_ERROR_SHORT_BUFFER) 1178 TEE_Panic(res); 1179 1180 return res; 1181 } 1182 1183 /* Cryptographic Operations API - MAC Functions */ 1184 1185 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1186 { 1187 if (operation == TEE_HANDLE_NULL) 1188 TEE_Panic(0); 1189 1190 if (operation->info.operationClass != TEE_OPERATION_MAC) 1191 TEE_Panic(0); 1192 1193 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1194 !(operation->key1)) 1195 TEE_Panic(0); 1196 1197 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1198 TEE_ResetOperation(operation); 1199 1200 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1201 1202 init_hash_operation(operation, IV, IVLen); 1203 } 1204 1205 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1206 uint32_t chunkSize) 1207 { 1208 TEE_Result res; 1209 1210 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1211 TEE_Panic(0); 1212 1213 if (operation->info.operationClass != TEE_OPERATION_MAC) 1214 TEE_Panic(0); 1215 1216 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1217 TEE_Panic(0); 1218 1219 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1220 TEE_Panic(0); 1221 1222 res = _utee_hash_update(operation->state, chunk, chunkSize); 1223 if (res != TEE_SUCCESS) 1224 TEE_Panic(res); 1225 } 1226 1227 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1228 const void *message, uint32_t messageLen, 1229 void *mac, uint32_t *macLen) 1230 { 1231 TEE_Result res; 1232 uint64_t ml; 1233 1234 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1235 res = TEE_ERROR_BAD_PARAMETERS; 1236 goto out; 1237 } 1238 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1239 1240 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1241 res = TEE_ERROR_BAD_PARAMETERS; 1242 goto out; 1243 } 1244 1245 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1246 res = TEE_ERROR_BAD_PARAMETERS; 1247 goto out; 1248 } 1249 1250 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1251 res = TEE_ERROR_BAD_PARAMETERS; 1252 goto out; 1253 } 1254 1255 ml = *macLen; 1256 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1257 *macLen = ml; 1258 if (res != TEE_SUCCESS) 1259 goto out; 1260 1261 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1262 1263 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1264 1265 out: 1266 if (res != TEE_SUCCESS && 1267 res != TEE_ERROR_SHORT_BUFFER) 1268 TEE_Panic(res); 1269 1270 return res; 1271 } 1272 1273 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1274 const void *message, uint32_t messageLen, 1275 const void *mac, uint32_t macLen) 1276 { 1277 TEE_Result res; 1278 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1279 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1280 1281 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1282 res = TEE_ERROR_BAD_PARAMETERS; 1283 goto out; 1284 } 1285 1286 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1287 res = TEE_ERROR_BAD_PARAMETERS; 1288 goto out; 1289 } 1290 1291 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1292 res = TEE_ERROR_BAD_PARAMETERS; 1293 goto out; 1294 } 1295 1296 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1297 &computed_mac_size); 1298 if (res != TEE_SUCCESS) 1299 goto out; 1300 1301 if (computed_mac_size != macLen) { 1302 res = TEE_ERROR_MAC_INVALID; 1303 goto out; 1304 } 1305 1306 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1307 res = TEE_ERROR_MAC_INVALID; 1308 goto out; 1309 } 1310 1311 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1312 1313 out: 1314 if (res != TEE_SUCCESS && 1315 res != TEE_ERROR_MAC_INVALID) 1316 TEE_Panic(res); 1317 1318 return res; 1319 } 1320 1321 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1322 1323 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1324 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1325 uint32_t payloadLen) 1326 { 1327 TEE_Result res; 1328 1329 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1330 res = TEE_ERROR_BAD_PARAMETERS; 1331 goto out; 1332 } 1333 1334 if (operation->info.operationClass != TEE_OPERATION_AE) { 1335 res = TEE_ERROR_BAD_PARAMETERS; 1336 goto out; 1337 } 1338 1339 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1340 res = TEE_ERROR_BAD_PARAMETERS; 1341 goto out; 1342 } 1343 1344 /* 1345 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1346 * in the implementation. But AES-GCM spec doesn't specify the tag len 1347 * according to the same principle so we have to check here instead to 1348 * be GP compliant. 1349 */ 1350 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1351 /* 1352 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1353 */ 1354 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1355 res = TEE_ERROR_NOT_SUPPORTED; 1356 goto out; 1357 } 1358 } 1359 1360 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1361 AADLen, payloadLen); 1362 if (res != TEE_SUCCESS) 1363 goto out; 1364 1365 operation->info.digestLength = tagLen / 8; 1366 operation->buffer_offs = 0; 1367 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1368 1369 out: 1370 if (res != TEE_SUCCESS && 1371 res != TEE_ERROR_NOT_SUPPORTED) 1372 TEE_Panic(res); 1373 1374 return res; 1375 } 1376 1377 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1378 uint32_t AADdataLen) 1379 { 1380 TEE_Result res; 1381 1382 if (operation == TEE_HANDLE_NULL || 1383 (AADdata == NULL && AADdataLen != 0)) 1384 TEE_Panic(0); 1385 1386 if (operation->info.operationClass != TEE_OPERATION_AE) 1387 TEE_Panic(0); 1388 1389 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1390 TEE_Panic(0); 1391 1392 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1393 1394 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1395 1396 if (res != TEE_SUCCESS) 1397 TEE_Panic(res); 1398 } 1399 1400 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1401 uint32_t srcLen, void *destData, uint32_t *destLen) 1402 { 1403 TEE_Result res = TEE_SUCCESS; 1404 size_t req_dlen = 0; 1405 uint64_t dl = 0; 1406 1407 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1408 res = TEE_ERROR_BAD_PARAMETERS; 1409 goto out; 1410 } 1411 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1412 1413 if (operation->info.operationClass != TEE_OPERATION_AE) { 1414 res = TEE_ERROR_BAD_PARAMETERS; 1415 goto out; 1416 } 1417 1418 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1419 res = TEE_ERROR_BAD_PARAMETERS; 1420 goto out; 1421 } 1422 1423 if (!srcData && !srcLen) { 1424 *destLen = 0; 1425 res = TEE_SUCCESS; 1426 goto out; 1427 } 1428 1429 /* 1430 * Check that required destLen is big enough before starting to feed 1431 * data to the algorithm. Errors during feeding of data are fatal as we 1432 * can't restore sync with this API. 1433 */ 1434 if (operation->block_size > 1) { 1435 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1436 operation->block_size); 1437 } else { 1438 req_dlen = srcLen; 1439 } 1440 1441 dl = *destLen; 1442 if (dl < req_dlen) { 1443 *destLen = req_dlen; 1444 res = TEE_ERROR_SHORT_BUFFER; 1445 goto out; 1446 } 1447 1448 if (operation->block_size > 1) { 1449 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1450 srcData, srcLen, destData, &dl); 1451 } else { 1452 if (srcLen > 0) { 1453 res = _utee_authenc_update_payload(operation->state, 1454 srcData, srcLen, 1455 destData, &dl); 1456 } else { 1457 dl = 0; 1458 res = TEE_SUCCESS; 1459 } 1460 } 1461 if (res != TEE_SUCCESS) 1462 goto out; 1463 1464 *destLen = dl; 1465 1466 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1467 1468 out: 1469 if (res != TEE_SUCCESS && 1470 res != TEE_ERROR_SHORT_BUFFER) 1471 TEE_Panic(res); 1472 1473 return res; 1474 } 1475 1476 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1477 const void *srcData, uint32_t srcLen, 1478 void *destData, uint32_t *destLen, void *tag, 1479 uint32_t *tagLen) 1480 { 1481 TEE_Result res; 1482 uint8_t *dst = destData; 1483 size_t acc_dlen = 0; 1484 uint64_t tmp_dlen; 1485 size_t req_dlen; 1486 uint64_t tl; 1487 1488 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1489 res = TEE_ERROR_BAD_PARAMETERS; 1490 goto out; 1491 } 1492 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1493 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1494 1495 if (operation->info.operationClass != TEE_OPERATION_AE) { 1496 res = TEE_ERROR_BAD_PARAMETERS; 1497 goto out; 1498 } 1499 1500 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1501 res = TEE_ERROR_BAD_PARAMETERS; 1502 goto out; 1503 } 1504 1505 /* 1506 * Check that required destLen is big enough before starting to feed 1507 * data to the algorithm. Errors during feeding of data are fatal as we 1508 * can't restore sync with this API. 1509 * 1510 * Need to check this before update_payload since sync would be lost if 1511 * we return short buffer after that. 1512 */ 1513 res = TEE_ERROR_GENERIC; 1514 1515 req_dlen = operation->buffer_offs + srcLen; 1516 if (*destLen < req_dlen) { 1517 *destLen = req_dlen; 1518 res = TEE_ERROR_SHORT_BUFFER; 1519 } 1520 1521 if (*tagLen < operation->info.digestLength) { 1522 *tagLen = operation->info.digestLength; 1523 res = TEE_ERROR_SHORT_BUFFER; 1524 } 1525 1526 if (res == TEE_ERROR_SHORT_BUFFER) 1527 goto out; 1528 1529 tl = *tagLen; 1530 tmp_dlen = *destLen - acc_dlen; 1531 if (operation->block_size > 1) { 1532 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1533 srcData, srcLen, dst, &tmp_dlen); 1534 if (res != TEE_SUCCESS) 1535 goto out; 1536 1537 dst += tmp_dlen; 1538 acc_dlen += tmp_dlen; 1539 1540 tmp_dlen = *destLen - acc_dlen; 1541 res = _utee_authenc_enc_final(operation->state, 1542 operation->buffer, 1543 operation->buffer_offs, dst, 1544 &tmp_dlen, tag, &tl); 1545 } else { 1546 res = _utee_authenc_enc_final(operation->state, srcData, 1547 srcLen, dst, &tmp_dlen, 1548 tag, &tl); 1549 } 1550 *tagLen = tl; 1551 if (res != TEE_SUCCESS) 1552 goto out; 1553 1554 acc_dlen += tmp_dlen; 1555 *destLen = acc_dlen; 1556 1557 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1558 1559 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1560 1561 out: 1562 if (res != TEE_SUCCESS && 1563 res != TEE_ERROR_SHORT_BUFFER) 1564 TEE_Panic(res); 1565 1566 return res; 1567 } 1568 1569 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1570 const void *srcData, uint32_t srcLen, 1571 void *destData, uint32_t *destLen, void *tag, 1572 uint32_t tagLen) 1573 { 1574 TEE_Result res; 1575 uint8_t *dst = destData; 1576 size_t acc_dlen = 0; 1577 uint64_t tmp_dlen; 1578 size_t req_dlen; 1579 1580 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1581 res = TEE_ERROR_BAD_PARAMETERS; 1582 goto out; 1583 } 1584 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1585 1586 if (operation->info.operationClass != TEE_OPERATION_AE) { 1587 res = TEE_ERROR_BAD_PARAMETERS; 1588 goto out; 1589 } 1590 1591 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1592 res = TEE_ERROR_BAD_PARAMETERS; 1593 goto out; 1594 } 1595 1596 /* 1597 * Check that required destLen is big enough before starting to feed 1598 * data to the algorithm. Errors during feeding of data are fatal as we 1599 * can't restore sync with this API. 1600 */ 1601 req_dlen = operation->buffer_offs + srcLen; 1602 if (*destLen < req_dlen) { 1603 *destLen = req_dlen; 1604 res = TEE_ERROR_SHORT_BUFFER; 1605 goto out; 1606 } 1607 1608 tmp_dlen = *destLen - acc_dlen; 1609 if (operation->block_size > 1) { 1610 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1611 srcData, srcLen, dst, &tmp_dlen); 1612 if (res != TEE_SUCCESS) 1613 goto out; 1614 1615 dst += tmp_dlen; 1616 acc_dlen += tmp_dlen; 1617 1618 tmp_dlen = *destLen - acc_dlen; 1619 res = _utee_authenc_dec_final(operation->state, 1620 operation->buffer, 1621 operation->buffer_offs, dst, 1622 &tmp_dlen, tag, tagLen); 1623 } else { 1624 res = _utee_authenc_dec_final(operation->state, srcData, 1625 srcLen, dst, &tmp_dlen, 1626 tag, tagLen); 1627 } 1628 if (res != TEE_SUCCESS) 1629 goto out; 1630 1631 /* Supplied tagLen should match what we initiated with */ 1632 if (tagLen != operation->info.digestLength) 1633 res = TEE_ERROR_MAC_INVALID; 1634 1635 acc_dlen += tmp_dlen; 1636 *destLen = acc_dlen; 1637 1638 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1639 1640 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1641 1642 out: 1643 if (res != TEE_SUCCESS && 1644 res != TEE_ERROR_SHORT_BUFFER && 1645 res != TEE_ERROR_MAC_INVALID) 1646 TEE_Panic(res); 1647 1648 return res; 1649 } 1650 1651 /* Cryptographic Operations API - Asymmetric Functions */ 1652 1653 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1654 const TEE_Attribute *params, 1655 uint32_t paramCount, const void *srcData, 1656 uint32_t srcLen, void *destData, 1657 uint32_t *destLen) 1658 { 1659 TEE_Result res = TEE_SUCCESS; 1660 struct utee_attribute ua[paramCount]; 1661 uint64_t dl = 0; 1662 1663 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1664 TEE_Panic(0); 1665 1666 __utee_check_attr_in_annotation(params, paramCount); 1667 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1668 1669 if (!operation->key1) 1670 TEE_Panic(0); 1671 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1672 TEE_Panic(0); 1673 if (operation->info.mode != TEE_MODE_ENCRYPT) 1674 TEE_Panic(0); 1675 1676 __utee_from_attr(ua, params, paramCount); 1677 dl = *destLen; 1678 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1679 srcLen, destData, &dl); 1680 *destLen = dl; 1681 1682 if (res != TEE_SUCCESS && 1683 res != TEE_ERROR_SHORT_BUFFER && 1684 res != TEE_ERROR_BAD_PARAMETERS) 1685 TEE_Panic(res); 1686 1687 return res; 1688 } 1689 1690 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1691 const __GP11_TEE_Attribute *params, 1692 uint32_t paramCount, 1693 const void *srcData, uint32_t srcLen, 1694 void *destData, uint32_t *destLen) 1695 { 1696 TEE_Result res = TEE_SUCCESS; 1697 struct utee_attribute ua[paramCount]; 1698 uint64_t dl = 0; 1699 1700 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1701 TEE_Panic(0); 1702 1703 __utee_check_gp11_attr_in_annotation(params, paramCount); 1704 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1705 1706 if (!operation->key1) 1707 TEE_Panic(0); 1708 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1709 TEE_Panic(0); 1710 if (operation->info.mode != TEE_MODE_ENCRYPT) 1711 TEE_Panic(0); 1712 1713 __utee_from_gp11_attr(ua, params, paramCount); 1714 dl = *destLen; 1715 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1716 srcLen, destData, &dl); 1717 *destLen = dl; 1718 1719 if (res != TEE_SUCCESS && 1720 res != TEE_ERROR_SHORT_BUFFER && 1721 res != TEE_ERROR_BAD_PARAMETERS) 1722 TEE_Panic(res); 1723 1724 return res; 1725 } 1726 1727 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1728 const TEE_Attribute *params, 1729 uint32_t paramCount, const void *srcData, 1730 uint32_t srcLen, void *destData, 1731 uint32_t *destLen) 1732 { 1733 TEE_Result res = TEE_SUCCESS; 1734 struct utee_attribute ua[paramCount]; 1735 uint64_t dl = 0; 1736 1737 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1738 TEE_Panic(0); 1739 1740 __utee_check_attr_in_annotation(params, paramCount); 1741 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1742 1743 if (!operation->key1) 1744 TEE_Panic(0); 1745 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1746 TEE_Panic(0); 1747 if (operation->info.mode != TEE_MODE_DECRYPT) 1748 TEE_Panic(0); 1749 1750 __utee_from_attr(ua, params, paramCount); 1751 dl = *destLen; 1752 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1753 srcLen, destData, &dl); 1754 *destLen = dl; 1755 1756 if (res != TEE_SUCCESS && 1757 res != TEE_ERROR_SHORT_BUFFER && 1758 res != TEE_ERROR_BAD_PARAMETERS) 1759 TEE_Panic(res); 1760 1761 return res; 1762 } 1763 1764 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1765 const __GP11_TEE_Attribute *params, 1766 uint32_t paramCount, 1767 const void *srcData, uint32_t srcLen, 1768 void *destData, uint32_t *destLen) 1769 { 1770 TEE_Result res = TEE_SUCCESS; 1771 struct utee_attribute ua[paramCount]; 1772 uint64_t dl = 0; 1773 1774 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1775 TEE_Panic(0); 1776 1777 __utee_check_gp11_attr_in_annotation(params, paramCount); 1778 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1779 1780 if (!operation->key1) 1781 TEE_Panic(0); 1782 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1783 TEE_Panic(0); 1784 if (operation->info.mode != TEE_MODE_DECRYPT) 1785 TEE_Panic(0); 1786 1787 __utee_from_gp11_attr(ua, params, paramCount); 1788 dl = *destLen; 1789 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1790 srcLen, destData, &dl); 1791 *destLen = dl; 1792 1793 if (res != TEE_SUCCESS && 1794 res != TEE_ERROR_SHORT_BUFFER && 1795 res != TEE_ERROR_BAD_PARAMETERS) 1796 TEE_Panic(res); 1797 1798 return res; 1799 } 1800 1801 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1802 const TEE_Attribute *params, 1803 uint32_t paramCount, const void *digest, 1804 uint32_t digestLen, void *signature, 1805 uint32_t *signatureLen) 1806 { 1807 TEE_Result res = TEE_SUCCESS; 1808 struct utee_attribute ua[paramCount]; 1809 uint64_t sl = 0; 1810 1811 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1812 TEE_Panic(0); 1813 1814 __utee_check_attr_in_annotation(params, paramCount); 1815 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1816 1817 if (!operation->key1) 1818 TEE_Panic(0); 1819 if (operation->info.operationClass != 1820 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1821 TEE_Panic(0); 1822 if (operation->info.mode != TEE_MODE_SIGN) 1823 TEE_Panic(0); 1824 1825 __utee_from_attr(ua, params, paramCount); 1826 sl = *signatureLen; 1827 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1828 digestLen, signature, &sl); 1829 *signatureLen = sl; 1830 1831 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1832 TEE_Panic(res); 1833 1834 return res; 1835 } 1836 1837 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1838 const __GP11_TEE_Attribute *params, 1839 uint32_t paramCount, 1840 const void *digest, 1841 uint32_t digestLen, void *signature, 1842 uint32_t *signatureLen) 1843 { 1844 TEE_Result res = TEE_SUCCESS; 1845 struct utee_attribute ua[paramCount]; 1846 uint64_t sl = 0; 1847 1848 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1849 TEE_Panic(0); 1850 1851 __utee_check_gp11_attr_in_annotation(params, paramCount); 1852 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1853 1854 if (!operation->key1) 1855 TEE_Panic(0); 1856 if (operation->info.operationClass != 1857 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1858 TEE_Panic(0); 1859 if (operation->info.mode != TEE_MODE_SIGN) 1860 TEE_Panic(0); 1861 1862 __utee_from_gp11_attr(ua, params, paramCount); 1863 sl = *signatureLen; 1864 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1865 digestLen, signature, &sl); 1866 *signatureLen = sl; 1867 1868 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1869 TEE_Panic(res); 1870 1871 return res; 1872 } 1873 1874 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1875 const TEE_Attribute *params, 1876 uint32_t paramCount, const void *digest, 1877 uint32_t digestLen, 1878 const void *signature, 1879 uint32_t signatureLen) 1880 { 1881 TEE_Result res; 1882 struct utee_attribute ua[paramCount]; 1883 1884 if (operation == TEE_HANDLE_NULL || 1885 (digest == NULL && digestLen != 0) || 1886 (signature == NULL && signatureLen != 0)) 1887 TEE_Panic(0); 1888 1889 __utee_check_attr_in_annotation(params, paramCount); 1890 1891 if (!operation->key1) 1892 TEE_Panic(0); 1893 if (operation->info.operationClass != 1894 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1895 TEE_Panic(0); 1896 if (operation->info.mode != TEE_MODE_VERIFY) 1897 TEE_Panic(0); 1898 1899 __utee_from_attr(ua, params, paramCount); 1900 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1901 digestLen, signature, signatureLen); 1902 1903 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1904 TEE_Panic(res); 1905 1906 return res; 1907 } 1908 1909 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1910 const __GP11_TEE_Attribute *params, 1911 uint32_t paramCount, 1912 const void *digest, 1913 uint32_t digestLen, 1914 const void *signature, 1915 uint32_t signatureLen) 1916 { 1917 TEE_Result res = TEE_SUCCESS; 1918 struct utee_attribute ua[paramCount]; 1919 1920 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 1921 (!signature && signatureLen)) 1922 TEE_Panic(0); 1923 1924 __utee_check_gp11_attr_in_annotation(params, paramCount); 1925 1926 if (!operation->key1) 1927 TEE_Panic(0); 1928 if (operation->info.operationClass != 1929 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1930 TEE_Panic(0); 1931 if (operation->info.mode != TEE_MODE_VERIFY) 1932 TEE_Panic(0); 1933 1934 __utee_from_gp11_attr(ua, params, paramCount); 1935 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1936 digestLen, signature, signatureLen); 1937 1938 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1939 TEE_Panic(res); 1940 1941 return res; 1942 } 1943 1944 /* Cryptographic Operations API - Key Derivation Functions */ 1945 1946 void TEE_DeriveKey(TEE_OperationHandle operation, 1947 const TEE_Attribute *params, uint32_t paramCount, 1948 TEE_ObjectHandle derivedKey) 1949 { 1950 struct utee_attribute ua[paramCount]; 1951 struct utee_object_info key_info = { }; 1952 TEE_Result res = TEE_SUCCESS; 1953 1954 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1955 TEE_Panic(0); 1956 1957 __utee_check_attr_in_annotation(params, paramCount); 1958 1959 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1960 TEE_OPERATION_KEY_DERIVATION) 1961 TEE_Panic(0); 1962 1963 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1964 TEE_Panic(0); 1965 if (!operation->key1) 1966 TEE_Panic(0); 1967 if (operation->info.mode != TEE_MODE_DERIVE) 1968 TEE_Panic(0); 1969 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1970 TEE_Panic(0); 1971 1972 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1973 if (res != TEE_SUCCESS) 1974 TEE_Panic(res); 1975 1976 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 1977 TEE_Panic(0); 1978 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1979 TEE_Panic(0); 1980 1981 __utee_from_attr(ua, params, paramCount); 1982 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1983 (unsigned long)derivedKey); 1984 if (res != TEE_SUCCESS) 1985 TEE_Panic(res); 1986 } 1987 1988 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 1989 const __GP11_TEE_Attribute *params, 1990 uint32_t paramCount, TEE_ObjectHandle derivedKey) 1991 { 1992 struct utee_attribute ua[paramCount]; 1993 struct utee_object_info key_info = { }; 1994 TEE_Result res = TEE_SUCCESS; 1995 1996 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1997 TEE_Panic(0); 1998 1999 __utee_check_gp11_attr_in_annotation(params, paramCount); 2000 2001 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2002 TEE_OPERATION_KEY_DERIVATION) 2003 TEE_Panic(0); 2004 2005 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2006 TEE_Panic(0); 2007 if (!operation->key1) 2008 TEE_Panic(0); 2009 if (operation->info.mode != TEE_MODE_DERIVE) 2010 TEE_Panic(0); 2011 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2012 TEE_Panic(0); 2013 2014 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2015 if (res != TEE_SUCCESS) 2016 TEE_Panic(res); 2017 2018 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2019 TEE_Panic(0); 2020 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2021 TEE_Panic(0); 2022 2023 __utee_from_gp11_attr(ua, params, paramCount); 2024 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2025 (unsigned long)derivedKey); 2026 if (res != TEE_SUCCESS) 2027 TEE_Panic(res); 2028 } 2029 2030 /* Cryptographic Operations API - Random Number Generation Functions */ 2031 2032 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2033 { 2034 TEE_Result res; 2035 2036 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2037 if (res != TEE_SUCCESS) 2038 TEE_Panic(res); 2039 } 2040 2041 int rand(void) 2042 { 2043 int rc; 2044 2045 TEE_GenerateRandom(&rc, sizeof(rc)); 2046 2047 /* 2048 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2049 * highest bit set. 2050 */ 2051 return rc & RAND_MAX; 2052 } 2053 2054 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2055 { 2056 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2057 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2058 if (alg == TEE_ALG_AES_ECB_NOPAD) 2059 goto check_element_none; 2060 } 2061 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2062 if (alg == TEE_ALG_AES_CBC_NOPAD) 2063 goto check_element_none; 2064 } 2065 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2066 if (alg == TEE_ALG_AES_CTR) 2067 goto check_element_none; 2068 } 2069 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2070 if (alg == TEE_ALG_AES_CTS) 2071 goto check_element_none; 2072 } 2073 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2074 if (alg == TEE_ALG_AES_XTS) 2075 goto check_element_none; 2076 } 2077 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2078 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2079 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2080 goto check_element_none; 2081 } 2082 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2083 if (alg == TEE_ALG_AES_CMAC) 2084 goto check_element_none; 2085 } 2086 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2087 if (alg == TEE_ALG_AES_CCM) 2088 goto check_element_none; 2089 } 2090 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2091 if (alg == TEE_ALG_AES_GCM) 2092 goto check_element_none; 2093 } 2094 } 2095 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2096 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2097 if (alg == TEE_ALG_DES_ECB_NOPAD || 2098 alg == TEE_ALG_DES3_ECB_NOPAD) 2099 goto check_element_none; 2100 } 2101 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2102 if (alg == TEE_ALG_DES_CBC_NOPAD || 2103 alg == TEE_ALG_DES3_CBC_NOPAD) 2104 goto check_element_none; 2105 } 2106 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2107 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2108 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2109 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2110 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2111 goto check_element_none; 2112 } 2113 } 2114 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2115 if (alg == TEE_ALG_MD5) 2116 goto check_element_none; 2117 } 2118 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2119 if (alg == TEE_ALG_SHA1) 2120 goto check_element_none; 2121 } 2122 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2123 if (alg == TEE_ALG_SHA224) 2124 goto check_element_none; 2125 } 2126 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2127 if (alg == TEE_ALG_SHA256) 2128 goto check_element_none; 2129 } 2130 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2131 if (alg == TEE_ALG_SHA384) 2132 goto check_element_none; 2133 } 2134 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2135 if (alg == TEE_ALG_SHA512) 2136 goto check_element_none; 2137 } 2138 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2139 if (alg == TEE_ALG_MD5SHA1) 2140 goto check_element_none; 2141 } 2142 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2143 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2144 if (alg == TEE_ALG_HMAC_MD5) 2145 goto check_element_none; 2146 } 2147 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2148 if (alg == TEE_ALG_HMAC_SHA1) 2149 goto check_element_none; 2150 } 2151 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2152 if (alg == TEE_ALG_HMAC_SHA224) 2153 goto check_element_none; 2154 } 2155 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2156 if (alg == TEE_ALG_HMAC_SHA256) 2157 goto check_element_none; 2158 } 2159 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2160 if (alg == TEE_ALG_HMAC_SHA384) 2161 goto check_element_none; 2162 } 2163 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2164 if (alg == TEE_ALG_HMAC_SHA512) 2165 goto check_element_none; 2166 } 2167 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2168 if (alg == TEE_ALG_HMAC_SM3) 2169 goto check_element_none; 2170 } 2171 } 2172 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2173 if (alg == TEE_ALG_SM3) 2174 goto check_element_none; 2175 } 2176 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2177 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2178 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2179 goto check_element_none; 2180 } 2181 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2182 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2183 goto check_element_none; 2184 } 2185 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2186 if (alg == TEE_ALG_SM4_CTR) 2187 goto check_element_none; 2188 } 2189 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2190 if (alg == TEE_ALG_SM4_XTS) 2191 goto check_element_none; 2192 } 2193 } 2194 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2195 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2196 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 2197 goto check_element_none; 2198 } 2199 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2200 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2201 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2202 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2203 goto check_element_none; 2204 } 2205 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2206 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2207 goto check_element_none; 2208 } 2209 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2210 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2211 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2212 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2213 goto check_element_none; 2214 } 2215 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2216 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2217 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2218 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2219 goto check_element_none; 2220 } 2221 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2222 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2223 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2224 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2225 goto check_element_none; 2226 } 2227 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2228 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2229 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2230 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2231 goto check_element_none; 2232 } 2233 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2234 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2235 goto check_element_none; 2236 } 2237 if (alg == TEE_ALG_RSA_NOPAD) 2238 goto check_element_none; 2239 } 2240 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2241 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2242 if (alg == TEE_ALG_DSA_SHA1) 2243 goto check_element_none; 2244 } 2245 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2246 if (alg == TEE_ALG_DSA_SHA224) 2247 goto check_element_none; 2248 } 2249 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2250 if (alg == TEE_ALG_DSA_SHA256) 2251 goto check_element_none; 2252 } 2253 } 2254 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2255 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2256 goto check_element_none; 2257 } 2258 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2259 if ((alg == __OPTEE_ALG_ECDH_P192 || 2260 alg == __OPTEE_ALG_ECDSA_P192 || 2261 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2262 alg == TEE_ALG_ECDSA_SHA1) && 2263 element == TEE_ECC_CURVE_NIST_P192) 2264 return TEE_SUCCESS; 2265 if ((alg == __OPTEE_ALG_ECDH_P224 || 2266 alg == __OPTEE_ALG_ECDSA_P224 || 2267 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2268 alg == TEE_ALG_ECDSA_SHA224) && 2269 element == TEE_ECC_CURVE_NIST_P224) 2270 return TEE_SUCCESS; 2271 if ((alg == __OPTEE_ALG_ECDH_P256 || 2272 alg == __OPTEE_ALG_ECDSA_P256 || 2273 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2274 alg == TEE_ALG_ECDSA_SHA256) && 2275 element == TEE_ECC_CURVE_NIST_P256) 2276 return TEE_SUCCESS; 2277 if ((alg == __OPTEE_ALG_ECDH_P384 || 2278 alg == __OPTEE_ALG_ECDSA_P384 || 2279 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2280 alg == TEE_ALG_ECDSA_SHA384) && 2281 element == TEE_ECC_CURVE_NIST_P384) 2282 return TEE_SUCCESS; 2283 if ((alg == __OPTEE_ALG_ECDH_P521 || 2284 alg == __OPTEE_ALG_ECDSA_P521 || 2285 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2286 alg == TEE_ALG_ECDSA_SHA512) && 2287 element == TEE_ECC_CURVE_NIST_P521) 2288 return TEE_SUCCESS; 2289 } 2290 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2291 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2292 return TEE_SUCCESS; 2293 } 2294 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2295 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2296 return TEE_SUCCESS; 2297 } 2298 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2299 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2300 return TEE_SUCCESS; 2301 } 2302 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2303 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2304 return TEE_SUCCESS; 2305 } 2306 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2307 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2308 return TEE_SUCCESS; 2309 } 2310 2311 return TEE_ERROR_NOT_SUPPORTED; 2312 check_element_none: 2313 if (element == TEE_CRYPTO_ELEMENT_NONE) 2314 return TEE_SUCCESS; 2315 return TEE_ERROR_NOT_SUPPORTED; 2316 } 2317