1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <config.h> 6 #include <stdlib.h> 7 #include <string.h> 8 #include <string_ext.h> 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 }; 28 29 /* Cryptographic Operations API - Generic Operation Functions */ 30 31 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 32 uint32_t algorithm, uint32_t mode, 33 uint32_t maxKeySize) 34 { 35 TEE_Result res; 36 TEE_OperationHandle op = TEE_HANDLE_NULL; 37 uint32_t handle_state = 0; 38 size_t block_size = 1; 39 uint32_t req_key_usage; 40 bool with_private_key = false; 41 bool buffer_two_blocks = false; 42 43 if (!operation) 44 TEE_Panic(0); 45 46 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP) 47 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 48 49 /* Check algorithm max key size */ 50 switch (algorithm) { 51 case TEE_ALG_DSA_SHA1: 52 if (maxKeySize < 512) 53 return TEE_ERROR_NOT_SUPPORTED; 54 if (maxKeySize > 1024) 55 return TEE_ERROR_NOT_SUPPORTED; 56 if (maxKeySize % 64 != 0) 57 return TEE_ERROR_NOT_SUPPORTED; 58 break; 59 60 case TEE_ALG_DSA_SHA224: 61 if (maxKeySize != 2048) 62 return TEE_ERROR_NOT_SUPPORTED; 63 break; 64 65 case TEE_ALG_DSA_SHA256: 66 if (maxKeySize != 2048 && maxKeySize != 3072) 67 return TEE_ERROR_NOT_SUPPORTED; 68 break; 69 70 case TEE_ALG_ECDSA_P192: 71 case TEE_ALG_ECDH_P192: 72 if (maxKeySize != 192) 73 return TEE_ERROR_NOT_SUPPORTED; 74 break; 75 76 case TEE_ALG_ECDSA_P224: 77 case TEE_ALG_ECDH_P224: 78 if (maxKeySize != 224) 79 return TEE_ERROR_NOT_SUPPORTED; 80 break; 81 82 case TEE_ALG_ECDSA_P256: 83 case TEE_ALG_ECDH_P256: 84 case TEE_ALG_SM2_PKE: 85 case TEE_ALG_SM2_DSA_SM3: 86 if (maxKeySize != 256) 87 return TEE_ERROR_NOT_SUPPORTED; 88 break; 89 90 case TEE_ALG_SM2_KEP: 91 /* Two 256-bit keys */ 92 if (maxKeySize != 512) 93 return TEE_ERROR_NOT_SUPPORTED; 94 break; 95 96 case TEE_ALG_ECDSA_P384: 97 case TEE_ALG_ECDH_P384: 98 if (maxKeySize != 384) 99 return TEE_ERROR_NOT_SUPPORTED; 100 break; 101 102 case TEE_ALG_ECDSA_P521: 103 case TEE_ALG_ECDH_P521: 104 if (maxKeySize != 521) 105 return TEE_ERROR_NOT_SUPPORTED; 106 break; 107 108 default: 109 break; 110 } 111 112 /* Check algorithm mode */ 113 switch (algorithm) { 114 case TEE_ALG_AES_CTS: 115 case TEE_ALG_AES_XTS: 116 buffer_two_blocks = true; 117 /* FALLTHROUGH */ 118 case TEE_ALG_AES_ECB_NOPAD: 119 case TEE_ALG_AES_CBC_NOPAD: 120 case TEE_ALG_AES_CCM: 121 case TEE_ALG_DES_ECB_NOPAD: 122 case TEE_ALG_DES_CBC_NOPAD: 123 case TEE_ALG_DES3_ECB_NOPAD: 124 case TEE_ALG_DES3_CBC_NOPAD: 125 case TEE_ALG_SM4_ECB_NOPAD: 126 case TEE_ALG_SM4_CBC_NOPAD: 127 case TEE_ALG_SM4_CTR: 128 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 129 block_size = TEE_AES_BLOCK_SIZE; 130 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 131 block_size = TEE_SM4_BLOCK_SIZE; 132 else 133 block_size = TEE_DES_BLOCK_SIZE; 134 /* FALLTHROUGH */ 135 case TEE_ALG_AES_CTR: 136 case TEE_ALG_AES_GCM: 137 if (mode == TEE_MODE_ENCRYPT) 138 req_key_usage = TEE_USAGE_ENCRYPT; 139 else if (mode == TEE_MODE_DECRYPT) 140 req_key_usage = TEE_USAGE_DECRYPT; 141 else 142 return TEE_ERROR_NOT_SUPPORTED; 143 break; 144 145 #if defined(CFG_CRYPTO_RSASSA_NA1) 146 case TEE_ALG_RSASSA_PKCS1_V1_5: 147 #endif 148 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 149 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 150 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 151 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 152 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 153 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 154 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 155 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 156 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 157 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 158 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 159 case TEE_ALG_DSA_SHA1: 160 case TEE_ALG_DSA_SHA224: 161 case TEE_ALG_DSA_SHA256: 162 case TEE_ALG_ECDSA_P192: 163 case TEE_ALG_ECDSA_P224: 164 case TEE_ALG_ECDSA_P256: 165 case TEE_ALG_ECDSA_P384: 166 case TEE_ALG_ECDSA_P521: 167 case TEE_ALG_SM2_DSA_SM3: 168 if (mode == TEE_MODE_SIGN) { 169 with_private_key = true; 170 req_key_usage = TEE_USAGE_SIGN; 171 } else if (mode == TEE_MODE_VERIFY) { 172 req_key_usage = TEE_USAGE_VERIFY; 173 } else { 174 return TEE_ERROR_NOT_SUPPORTED; 175 } 176 break; 177 178 case TEE_ALG_RSAES_PKCS1_V1_5: 179 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 180 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 181 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 182 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 183 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 184 case TEE_ALG_SM2_PKE: 185 if (mode == TEE_MODE_ENCRYPT) { 186 req_key_usage = TEE_USAGE_ENCRYPT; 187 } else if (mode == TEE_MODE_DECRYPT) { 188 with_private_key = true; 189 req_key_usage = TEE_USAGE_DECRYPT; 190 } else { 191 return TEE_ERROR_NOT_SUPPORTED; 192 } 193 break; 194 195 case TEE_ALG_RSA_NOPAD: 196 if (mode == TEE_MODE_ENCRYPT) { 197 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 198 } else if (mode == TEE_MODE_DECRYPT) { 199 with_private_key = true; 200 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 201 } else { 202 return TEE_ERROR_NOT_SUPPORTED; 203 } 204 break; 205 206 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 207 case TEE_ALG_ECDH_P192: 208 case TEE_ALG_ECDH_P224: 209 case TEE_ALG_ECDH_P256: 210 case TEE_ALG_ECDH_P384: 211 case TEE_ALG_ECDH_P521: 212 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 213 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 214 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 215 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 216 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 218 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 219 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 220 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 221 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 223 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 224 case TEE_ALG_SM2_KEP: 225 if (mode != TEE_MODE_DERIVE) 226 return TEE_ERROR_NOT_SUPPORTED; 227 with_private_key = true; 228 req_key_usage = TEE_USAGE_DERIVE; 229 break; 230 231 case TEE_ALG_MD5: 232 case TEE_ALG_SHA1: 233 case TEE_ALG_SHA224: 234 case TEE_ALG_SHA256: 235 case TEE_ALG_SHA384: 236 case TEE_ALG_SHA512: 237 case TEE_ALG_SM3: 238 if (mode != TEE_MODE_DIGEST) 239 return TEE_ERROR_NOT_SUPPORTED; 240 /* v1.1: flags always set for digest operations */ 241 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 242 req_key_usage = 0; 243 break; 244 245 case TEE_ALG_DES_CBC_MAC_NOPAD: 246 case TEE_ALG_AES_CBC_MAC_NOPAD: 247 case TEE_ALG_AES_CBC_MAC_PKCS5: 248 case TEE_ALG_AES_CMAC: 249 case TEE_ALG_DES_CBC_MAC_PKCS5: 250 case TEE_ALG_DES3_CBC_MAC_NOPAD: 251 case TEE_ALG_DES3_CBC_MAC_PKCS5: 252 case TEE_ALG_HMAC_MD5: 253 case TEE_ALG_HMAC_SHA1: 254 case TEE_ALG_HMAC_SHA224: 255 case TEE_ALG_HMAC_SHA256: 256 case TEE_ALG_HMAC_SHA384: 257 case TEE_ALG_HMAC_SHA512: 258 case TEE_ALG_HMAC_SM3: 259 if (mode != TEE_MODE_MAC) 260 return TEE_ERROR_NOT_SUPPORTED; 261 req_key_usage = TEE_USAGE_MAC; 262 break; 263 264 default: 265 return TEE_ERROR_NOT_SUPPORTED; 266 } 267 268 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 269 if (!op) 270 return TEE_ERROR_OUT_OF_MEMORY; 271 272 op->info.algorithm = algorithm; 273 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 274 #ifdef CFG_CRYPTO_RSASSA_NA1 275 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 276 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 277 #endif 278 op->info.mode = mode; 279 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 280 op->info.maxKeySize = maxKeySize; 281 op->info.requiredKeyUsage = req_key_usage; 282 op->info.handleState = handle_state; 283 284 if (block_size > 1) { 285 size_t buffer_size = block_size; 286 287 if (buffer_two_blocks) 288 buffer_size *= 2; 289 290 op->buffer = TEE_Malloc(buffer_size, 291 TEE_USER_MEM_HINT_NO_FILL_ZERO); 292 if (op->buffer == NULL) { 293 res = TEE_ERROR_OUT_OF_MEMORY; 294 goto out; 295 } 296 } 297 op->block_size = block_size; 298 op->buffer_two_blocks = buffer_two_blocks; 299 300 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 301 uint32_t mks = maxKeySize; 302 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 303 with_private_key); 304 305 /* 306 * If two keys are expected the max key size is the sum of 307 * the size of both keys. 308 */ 309 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 310 mks /= 2; 311 312 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 313 if (res != TEE_SUCCESS) 314 goto out; 315 316 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 317 res = TEE_AllocateTransientObject(key_type, mks, 318 &op->key2); 319 if (res != TEE_SUCCESS) 320 goto out; 321 } 322 } 323 324 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 325 (unsigned long)op->key2, &op->state); 326 if (res != TEE_SUCCESS) 327 goto out; 328 329 /* 330 * Initialize digest operations 331 * Other multi-stage operations initialized w/ TEE_xxxInit functions 332 * Non-applicable on asymmetric operations 333 */ 334 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 335 res = _utee_hash_init(op->state, NULL, 0); 336 if (res != TEE_SUCCESS) 337 goto out; 338 /* v1.1: flags always set for digest operations */ 339 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 340 } 341 342 op->operationState = TEE_OPERATION_STATE_INITIAL; 343 344 *operation = op; 345 346 out: 347 if (res != TEE_SUCCESS) { 348 if (res != TEE_ERROR_OUT_OF_MEMORY && 349 res != TEE_ERROR_NOT_SUPPORTED) 350 TEE_Panic(res); 351 if (op) { 352 if (op->state) { 353 TEE_FreeOperation(op); 354 } else { 355 TEE_Free(op->buffer); 356 TEE_FreeTransientObject(op->key1); 357 TEE_FreeTransientObject(op->key2); 358 TEE_Free(op); 359 } 360 } 361 } 362 363 return res; 364 } 365 366 void TEE_FreeOperation(TEE_OperationHandle operation) 367 { 368 TEE_Result res; 369 370 if (operation == TEE_HANDLE_NULL) 371 TEE_Panic(0); 372 373 /* 374 * Note that keys should not be freed here, since they are 375 * claimed by the operation they will be freed by 376 * utee_cryp_state_free(). 377 */ 378 res = _utee_cryp_state_free(operation->state); 379 if (res != TEE_SUCCESS) 380 TEE_Panic(res); 381 382 TEE_Free(operation->buffer); 383 TEE_Free(operation); 384 } 385 386 void TEE_GetOperationInfo(TEE_OperationHandle operation, 387 TEE_OperationInfo *operationInfo) 388 { 389 if (operation == TEE_HANDLE_NULL) 390 TEE_Panic(0); 391 392 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 393 394 *operationInfo = operation->info; 395 } 396 397 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 398 TEE_OperationInfoMultiple *operationInfoMultiple, 399 uint32_t *operationSize) 400 { 401 TEE_Result res = TEE_SUCCESS; 402 TEE_ObjectInfo key_info1; 403 TEE_ObjectInfo key_info2; 404 uint32_t num_of_keys; 405 size_t n; 406 407 if (operation == TEE_HANDLE_NULL) { 408 res = TEE_ERROR_BAD_PARAMETERS; 409 goto out; 410 } 411 412 __utee_check_outbuf_annotation(operationInfoMultiple, operationSize); 413 414 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 415 sizeof(TEE_OperationInfoKey); 416 417 if (num_of_keys > 2) { 418 res = TEE_ERROR_BAD_PARAMETERS; 419 goto out; 420 } 421 422 /* Two keys flag (TEE_ALG_AES_XTS only) */ 423 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 424 0 && 425 (num_of_keys != 2)) { 426 res = TEE_ERROR_SHORT_BUFFER; 427 goto out; 428 } 429 430 /* Clear */ 431 for (n = 0; n < num_of_keys; n++) { 432 operationInfoMultiple->keyInformation[n].keySize = 0; 433 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 434 } 435 436 if (num_of_keys == 2) { 437 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 438 /* Key2 is not a valid handle */ 439 if (res != TEE_SUCCESS) 440 goto out; 441 442 operationInfoMultiple->keyInformation[1].keySize = 443 key_info2.keySize; 444 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 445 operation->info.requiredKeyUsage; 446 } 447 448 if (num_of_keys >= 1) { 449 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 450 /* Key1 is not a valid handle */ 451 if (res != TEE_SUCCESS) { 452 if (num_of_keys == 2) { 453 operationInfoMultiple->keyInformation[1]. 454 keySize = 0; 455 operationInfoMultiple->keyInformation[1]. 456 requiredKeyUsage = 0; 457 } 458 goto out; 459 } 460 461 operationInfoMultiple->keyInformation[0].keySize = 462 key_info1.keySize; 463 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 464 operation->info.requiredKeyUsage; 465 } 466 467 /* No key */ 468 operationInfoMultiple->algorithm = operation->info.algorithm; 469 operationInfoMultiple->operationClass = operation->info.operationClass; 470 operationInfoMultiple->mode = operation->info.mode; 471 operationInfoMultiple->digestLength = operation->info.digestLength; 472 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 473 operationInfoMultiple->handleState = operation->info.handleState; 474 operationInfoMultiple->operationState = operation->operationState; 475 operationInfoMultiple->numberOfKeys = num_of_keys; 476 477 out: 478 if (res != TEE_SUCCESS && 479 res != TEE_ERROR_SHORT_BUFFER) 480 TEE_Panic(res); 481 482 return res; 483 } 484 485 void TEE_ResetOperation(TEE_OperationHandle operation) 486 { 487 TEE_Result res; 488 489 if (operation == TEE_HANDLE_NULL) 490 TEE_Panic(0); 491 492 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 493 TEE_Panic(0); 494 495 operation->operationState = TEE_OPERATION_STATE_INITIAL; 496 497 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 498 res = _utee_hash_init(operation->state, NULL, 0); 499 if (res != TEE_SUCCESS) 500 TEE_Panic(res); 501 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 502 } else { 503 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 504 } 505 } 506 507 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 508 TEE_ObjectHandle key) 509 { 510 TEE_Result res; 511 uint32_t key_size = 0; 512 TEE_ObjectInfo key_info; 513 514 if (operation == TEE_HANDLE_NULL) { 515 res = TEE_ERROR_BAD_PARAMETERS; 516 goto out; 517 } 518 519 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 520 res = TEE_ERROR_BAD_PARAMETERS; 521 goto out; 522 } 523 524 if (key == TEE_HANDLE_NULL) { 525 /* Operation key cleared */ 526 TEE_ResetTransientObject(operation->key1); 527 res = TEE_ERROR_BAD_PARAMETERS; 528 goto out; 529 } 530 531 /* No key for digest operation */ 532 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 533 res = TEE_ERROR_BAD_PARAMETERS; 534 goto out; 535 } 536 537 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 538 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 539 0) { 540 res = TEE_ERROR_BAD_PARAMETERS; 541 goto out; 542 } 543 544 res = TEE_GetObjectInfo1(key, &key_info); 545 /* Key is not a valid handle */ 546 if (res != TEE_SUCCESS) 547 goto out; 548 549 /* Supplied key has to meet required usage */ 550 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 551 operation->info.requiredKeyUsage) { 552 res = TEE_ERROR_BAD_PARAMETERS; 553 goto out; 554 } 555 556 if (operation->info.maxKeySize < key_info.keySize) { 557 res = TEE_ERROR_BAD_PARAMETERS; 558 goto out; 559 } 560 561 key_size = key_info.keySize; 562 563 TEE_ResetTransientObject(operation->key1); 564 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 565 566 res = TEE_CopyObjectAttributes1(operation->key1, key); 567 if (res != TEE_SUCCESS) 568 goto out; 569 570 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 571 572 operation->info.keySize = key_size; 573 574 out: 575 if (res != TEE_SUCCESS && 576 res != TEE_ERROR_CORRUPT_OBJECT && 577 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 578 TEE_Panic(res); 579 580 return res; 581 } 582 583 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 584 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 585 { 586 TEE_Result res; 587 uint32_t key_size = 0; 588 TEE_ObjectInfo key_info1; 589 TEE_ObjectInfo key_info2; 590 591 if (operation == TEE_HANDLE_NULL) { 592 res = TEE_ERROR_BAD_PARAMETERS; 593 goto out; 594 } 595 596 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 597 res = TEE_ERROR_BAD_PARAMETERS; 598 goto out; 599 } 600 601 /* 602 * Key1/Key2 and/or are not initialized and 603 * Either both keys are NULL or both are not NULL 604 */ 605 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 606 /* Clear operation key1 (if needed) */ 607 if (key1 == TEE_HANDLE_NULL) 608 TEE_ResetTransientObject(operation->key1); 609 /* Clear operation key2 (if needed) */ 610 if (key2 == TEE_HANDLE_NULL) 611 TEE_ResetTransientObject(operation->key2); 612 res = TEE_ERROR_BAD_PARAMETERS; 613 goto out; 614 } 615 616 /* No key for digest operation */ 617 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 618 res = TEE_ERROR_BAD_PARAMETERS; 619 goto out; 620 } 621 622 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 623 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 624 0) { 625 res = TEE_ERROR_BAD_PARAMETERS; 626 goto out; 627 } 628 629 res = TEE_GetObjectInfo1(key1, &key_info1); 630 /* Key1 is not a valid handle */ 631 if (res != TEE_SUCCESS) 632 goto out; 633 634 /* Supplied key has to meet required usage */ 635 if ((key_info1.objectUsage & operation->info. 636 requiredKeyUsage) != operation->info.requiredKeyUsage) { 637 res = TEE_ERROR_BAD_PARAMETERS; 638 goto out; 639 } 640 641 res = TEE_GetObjectInfo1(key2, &key_info2); 642 /* Key2 is not a valid handle */ 643 if (res != TEE_SUCCESS) { 644 if (res == TEE_ERROR_CORRUPT_OBJECT) 645 res = TEE_ERROR_CORRUPT_OBJECT_2; 646 goto out; 647 } 648 649 /* Supplied key has to meet required usage */ 650 if ((key_info2.objectUsage & operation->info. 651 requiredKeyUsage) != operation->info.requiredKeyUsage) { 652 res = TEE_ERROR_BAD_PARAMETERS; 653 goto out; 654 } 655 656 /* 657 * All the multi key algorithm currently supported requires the keys to 658 * be of equal size. 659 */ 660 if (key_info1.keySize != key_info2.keySize) { 661 res = TEE_ERROR_BAD_PARAMETERS; 662 goto out; 663 664 } 665 666 if (operation->info.maxKeySize < key_info1.keySize) { 667 res = TEE_ERROR_BAD_PARAMETERS; 668 goto out; 669 } 670 671 /* 672 * Odd that only the size of one key should be reported while 673 * size of two key are used when allocating the operation. 674 */ 675 key_size = key_info1.keySize; 676 677 TEE_ResetTransientObject(operation->key1); 678 TEE_ResetTransientObject(operation->key2); 679 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 680 681 res = TEE_CopyObjectAttributes1(operation->key1, key1); 682 if (res != TEE_SUCCESS) 683 goto out; 684 res = TEE_CopyObjectAttributes1(operation->key2, key2); 685 if (res != TEE_SUCCESS) { 686 if (res == TEE_ERROR_CORRUPT_OBJECT) 687 res = TEE_ERROR_CORRUPT_OBJECT_2; 688 goto out; 689 } 690 691 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 692 693 operation->info.keySize = key_size; 694 695 out: 696 if (res != TEE_SUCCESS && 697 res != TEE_ERROR_CORRUPT_OBJECT && 698 res != TEE_ERROR_CORRUPT_OBJECT_2 && 699 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 700 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 701 TEE_Panic(res); 702 703 return res; 704 } 705 706 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 707 { 708 TEE_Result res; 709 710 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 711 TEE_Panic(0); 712 if (dst_op->info.algorithm != src_op->info.algorithm) 713 TEE_Panic(0); 714 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 715 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 716 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 717 718 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 719 key1 = src_op->key1; 720 key2 = src_op->key2; 721 } 722 723 if ((src_op->info.handleState & 724 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 725 TEE_SetOperationKey(dst_op, key1); 726 } else { 727 TEE_SetOperationKey2(dst_op, key1, key2); 728 } 729 } 730 dst_op->info.handleState = src_op->info.handleState; 731 dst_op->info.keySize = src_op->info.keySize; 732 dst_op->operationState = src_op->operationState; 733 734 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 735 dst_op->block_size != src_op->block_size) 736 TEE_Panic(0); 737 738 if (dst_op->buffer != NULL) { 739 if (src_op->buffer == NULL) 740 TEE_Panic(0); 741 742 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 743 dst_op->buffer_offs = src_op->buffer_offs; 744 } else if (src_op->buffer != NULL) { 745 TEE_Panic(0); 746 } 747 748 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 749 if (res != TEE_SUCCESS) 750 TEE_Panic(res); 751 } 752 753 /* Cryptographic Operations API - Message Digest Functions */ 754 755 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 756 uint32_t IVLen) 757 { 758 TEE_Result res; 759 760 /* 761 * Note : IV and IVLen are never used in current implementation 762 * This is why coherent values of IV and IVLen are not checked 763 */ 764 res = _utee_hash_init(operation->state, IV, IVLen); 765 if (res != TEE_SUCCESS) 766 TEE_Panic(res); 767 operation->buffer_offs = 0; 768 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 769 } 770 771 void TEE_DigestUpdate(TEE_OperationHandle operation, 772 const void *chunk, uint32_t chunkSize) 773 { 774 TEE_Result res = TEE_ERROR_GENERIC; 775 776 if (operation == TEE_HANDLE_NULL || 777 operation->info.operationClass != TEE_OPERATION_DIGEST) 778 TEE_Panic(0); 779 780 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 781 782 res = _utee_hash_update(operation->state, chunk, chunkSize); 783 if (res != TEE_SUCCESS) 784 TEE_Panic(res); 785 } 786 787 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 788 uint32_t chunkLen, void *hash, uint32_t *hashLen) 789 { 790 TEE_Result res; 791 uint64_t hl; 792 793 if ((operation == TEE_HANDLE_NULL) || 794 (!chunk && chunkLen) || 795 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 796 res = TEE_ERROR_BAD_PARAMETERS; 797 goto out; 798 } 799 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 800 801 hl = *hashLen; 802 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 803 *hashLen = hl; 804 if (res != TEE_SUCCESS) 805 goto out; 806 807 /* Reset operation state */ 808 init_hash_operation(operation, NULL, 0); 809 810 operation->operationState = TEE_OPERATION_STATE_INITIAL; 811 812 out: 813 if (res != TEE_SUCCESS && 814 res != TEE_ERROR_SHORT_BUFFER) 815 TEE_Panic(res); 816 817 return res; 818 } 819 820 /* Cryptographic Operations API - Symmetric Cipher Functions */ 821 822 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 823 uint32_t IVLen) 824 { 825 TEE_Result res; 826 827 if (operation == TEE_HANDLE_NULL) 828 TEE_Panic(0); 829 830 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 831 TEE_Panic(0); 832 833 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 834 !(operation->key1)) 835 TEE_Panic(0); 836 837 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 838 TEE_ResetOperation(operation); 839 840 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 841 842 res = _utee_cipher_init(operation->state, IV, IVLen); 843 if (res != TEE_SUCCESS) 844 TEE_Panic(res); 845 846 operation->buffer_offs = 0; 847 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 848 } 849 850 static TEE_Result tee_buffer_update( 851 TEE_OperationHandle op, 852 TEE_Result(*update_func)(unsigned long state, const void *src, 853 size_t slen, void *dst, uint64_t *dlen), 854 const void *src_data, size_t src_len, 855 void *dest_data, uint64_t *dest_len) 856 { 857 TEE_Result res; 858 const uint8_t *src = src_data; 859 size_t slen = src_len; 860 uint8_t *dst = dest_data; 861 size_t dlen = *dest_len; 862 size_t acc_dlen = 0; 863 uint64_t tmp_dlen; 864 size_t l; 865 size_t buffer_size; 866 size_t buffer_left; 867 868 if (!src) { 869 if (slen) 870 TEE_Panic(0); 871 goto out; 872 } 873 874 if (op->buffer_two_blocks) { 875 buffer_size = op->block_size * 2; 876 buffer_left = 1; 877 } else { 878 buffer_size = op->block_size; 879 buffer_left = 0; 880 } 881 882 if (op->buffer_offs > 0) { 883 /* Fill up complete block */ 884 if (op->buffer_offs < op->block_size) 885 l = MIN(slen, op->block_size - op->buffer_offs); 886 else 887 l = MIN(slen, buffer_size - op->buffer_offs); 888 memcpy(op->buffer + op->buffer_offs, src, l); 889 op->buffer_offs += l; 890 src += l; 891 slen -= l; 892 if ((op->buffer_offs % op->block_size) != 0) 893 goto out; /* Nothing left to do */ 894 } 895 896 /* If we can feed from buffer */ 897 if ((op->buffer_offs > 0) && 898 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 899 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 900 op->block_size); 901 l = MIN(op->buffer_offs, l); 902 tmp_dlen = dlen; 903 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 904 if (res != TEE_SUCCESS) 905 TEE_Panic(res); 906 dst += tmp_dlen; 907 dlen -= tmp_dlen; 908 acc_dlen += tmp_dlen; 909 op->buffer_offs -= l; 910 if (op->buffer_offs > 0) { 911 /* 912 * Slen is small enough to be contained in rest buffer. 913 */ 914 memcpy(op->buffer, op->buffer + l, buffer_size - l); 915 memcpy(op->buffer + op->buffer_offs, src, slen); 916 op->buffer_offs += slen; 917 goto out; /* Nothing left to do */ 918 } 919 } 920 921 if (slen >= (buffer_size + buffer_left)) { 922 /* Buffer is empty, feed as much as possible from src */ 923 if (op->info.algorithm == TEE_ALG_AES_CTS) 924 l = ROUNDUP(slen - buffer_size, op->block_size); 925 else 926 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 927 928 tmp_dlen = dlen; 929 res = update_func(op->state, src, l, dst, &tmp_dlen); 930 if (res != TEE_SUCCESS) 931 TEE_Panic(res); 932 src += l; 933 slen -= l; 934 dst += tmp_dlen; 935 dlen -= tmp_dlen; 936 acc_dlen += tmp_dlen; 937 } 938 939 /* Slen is small enough to be contained in buffer. */ 940 memcpy(op->buffer + op->buffer_offs, src, slen); 941 op->buffer_offs += slen; 942 943 out: 944 *dest_len = acc_dlen; 945 return TEE_SUCCESS; 946 } 947 948 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 949 uint32_t srcLen, void *destData, uint32_t *destLen) 950 { 951 TEE_Result res; 952 size_t req_dlen; 953 uint64_t dl; 954 955 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 956 res = TEE_ERROR_BAD_PARAMETERS; 957 goto out; 958 } 959 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 960 961 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 962 res = TEE_ERROR_BAD_PARAMETERS; 963 goto out; 964 } 965 966 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 967 res = TEE_ERROR_BAD_PARAMETERS; 968 goto out; 969 } 970 971 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 972 res = TEE_ERROR_BAD_PARAMETERS; 973 goto out; 974 } 975 976 if (!srcData && !srcLen) { 977 *destLen = 0; 978 res = TEE_SUCCESS; 979 goto out; 980 } 981 982 /* Calculate required dlen */ 983 if (operation->block_size > 1) { 984 req_dlen = ((operation->buffer_offs + srcLen) / 985 operation->block_size) * operation->block_size; 986 } else { 987 req_dlen = srcLen; 988 } 989 if (operation->buffer_two_blocks) { 990 if (req_dlen > operation->block_size * 2) 991 req_dlen -= operation->block_size * 2; 992 else 993 req_dlen = 0; 994 } 995 /* 996 * Check that required destLen is big enough before starting to feed 997 * data to the algorithm. Errors during feeding of data are fatal as we 998 * can't restore sync with this API. 999 */ 1000 if (*destLen < req_dlen) { 1001 *destLen = req_dlen; 1002 res = TEE_ERROR_SHORT_BUFFER; 1003 goto out; 1004 } 1005 1006 dl = *destLen; 1007 if (operation->block_size > 1) { 1008 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1009 srcLen, destData, &dl); 1010 } else { 1011 if (srcLen > 0) { 1012 res = _utee_cipher_update(operation->state, srcData, 1013 srcLen, destData, &dl); 1014 } else { 1015 res = TEE_SUCCESS; 1016 dl = 0; 1017 } 1018 } 1019 *destLen = dl; 1020 1021 out: 1022 if (res != TEE_SUCCESS && 1023 res != TEE_ERROR_SHORT_BUFFER) 1024 TEE_Panic(res); 1025 1026 return res; 1027 } 1028 1029 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1030 const void *srcData, uint32_t srcLen, 1031 void *destData, uint32_t *destLen) 1032 { 1033 TEE_Result res = TEE_SUCCESS; 1034 uint8_t *dst = destData; 1035 size_t acc_dlen = 0; 1036 uint64_t tmp_dlen = 0; 1037 size_t req_dlen = 0; 1038 1039 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1040 res = TEE_ERROR_BAD_PARAMETERS; 1041 goto out; 1042 } 1043 if (destLen) 1044 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1045 1046 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1047 res = TEE_ERROR_BAD_PARAMETERS; 1048 goto out; 1049 } 1050 1051 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1052 res = TEE_ERROR_BAD_PARAMETERS; 1053 goto out; 1054 } 1055 1056 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1057 res = TEE_ERROR_BAD_PARAMETERS; 1058 goto out; 1059 } 1060 1061 /* 1062 * Check that the final block doesn't require padding for those 1063 * algorithms that requires client to supply padding. 1064 */ 1065 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1066 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1067 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1068 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1069 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1070 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1071 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1072 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1073 if (((operation->buffer_offs + srcLen) % operation->block_size) 1074 != 0) { 1075 res = TEE_ERROR_BAD_PARAMETERS; 1076 goto out; 1077 } 1078 } 1079 1080 /* 1081 * Check that required destLen is big enough before starting to feed 1082 * data to the algorithm. Errors during feeding of data are fatal as we 1083 * can't restore sync with this API. 1084 */ 1085 if (operation->block_size > 1) { 1086 req_dlen = operation->buffer_offs + srcLen; 1087 } else { 1088 req_dlen = srcLen; 1089 } 1090 if (destLen) 1091 tmp_dlen = *destLen; 1092 if (tmp_dlen < req_dlen) { 1093 if (destLen) 1094 *destLen = req_dlen; 1095 res = TEE_ERROR_SHORT_BUFFER; 1096 goto out; 1097 } 1098 1099 if (operation->block_size > 1) { 1100 res = tee_buffer_update(operation, _utee_cipher_update, 1101 srcData, srcLen, dst, &tmp_dlen); 1102 if (res != TEE_SUCCESS) 1103 goto out; 1104 1105 dst += tmp_dlen; 1106 acc_dlen += tmp_dlen; 1107 1108 tmp_dlen = *destLen - acc_dlen; 1109 res = _utee_cipher_final(operation->state, operation->buffer, 1110 operation->buffer_offs, dst, 1111 &tmp_dlen); 1112 } else { 1113 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1114 &tmp_dlen); 1115 } 1116 if (res != TEE_SUCCESS) 1117 goto out; 1118 1119 acc_dlen += tmp_dlen; 1120 if (destLen) 1121 *destLen = acc_dlen; 1122 1123 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1124 1125 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1126 1127 out: 1128 if (res != TEE_SUCCESS && 1129 res != TEE_ERROR_SHORT_BUFFER) 1130 TEE_Panic(res); 1131 1132 return res; 1133 } 1134 1135 /* Cryptographic Operations API - MAC Functions */ 1136 1137 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1138 { 1139 if (operation == TEE_HANDLE_NULL) 1140 TEE_Panic(0); 1141 1142 if (operation->info.operationClass != TEE_OPERATION_MAC) 1143 TEE_Panic(0); 1144 1145 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1146 !(operation->key1)) 1147 TEE_Panic(0); 1148 1149 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1150 TEE_ResetOperation(operation); 1151 1152 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1153 1154 init_hash_operation(operation, IV, IVLen); 1155 } 1156 1157 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1158 uint32_t chunkSize) 1159 { 1160 TEE_Result res; 1161 1162 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1163 TEE_Panic(0); 1164 1165 if (operation->info.operationClass != TEE_OPERATION_MAC) 1166 TEE_Panic(0); 1167 1168 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1169 TEE_Panic(0); 1170 1171 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1172 TEE_Panic(0); 1173 1174 res = _utee_hash_update(operation->state, chunk, chunkSize); 1175 if (res != TEE_SUCCESS) 1176 TEE_Panic(res); 1177 } 1178 1179 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1180 const void *message, uint32_t messageLen, 1181 void *mac, uint32_t *macLen) 1182 { 1183 TEE_Result res; 1184 uint64_t ml; 1185 1186 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1187 res = TEE_ERROR_BAD_PARAMETERS; 1188 goto out; 1189 } 1190 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1191 1192 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1193 res = TEE_ERROR_BAD_PARAMETERS; 1194 goto out; 1195 } 1196 1197 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1198 res = TEE_ERROR_BAD_PARAMETERS; 1199 goto out; 1200 } 1201 1202 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1203 res = TEE_ERROR_BAD_PARAMETERS; 1204 goto out; 1205 } 1206 1207 ml = *macLen; 1208 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1209 *macLen = ml; 1210 if (res != TEE_SUCCESS) 1211 goto out; 1212 1213 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1214 1215 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1216 1217 out: 1218 if (res != TEE_SUCCESS && 1219 res != TEE_ERROR_SHORT_BUFFER) 1220 TEE_Panic(res); 1221 1222 return res; 1223 } 1224 1225 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1226 const void *message, uint32_t messageLen, 1227 const void *mac, uint32_t macLen) 1228 { 1229 TEE_Result res; 1230 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1231 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1232 1233 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1234 res = TEE_ERROR_BAD_PARAMETERS; 1235 goto out; 1236 } 1237 1238 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1239 res = TEE_ERROR_BAD_PARAMETERS; 1240 goto out; 1241 } 1242 1243 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1244 res = TEE_ERROR_BAD_PARAMETERS; 1245 goto out; 1246 } 1247 1248 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1249 &computed_mac_size); 1250 if (res != TEE_SUCCESS) 1251 goto out; 1252 1253 if (computed_mac_size != macLen) { 1254 res = TEE_ERROR_MAC_INVALID; 1255 goto out; 1256 } 1257 1258 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1259 res = TEE_ERROR_MAC_INVALID; 1260 goto out; 1261 } 1262 1263 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1264 1265 out: 1266 if (res != TEE_SUCCESS && 1267 res != TEE_ERROR_MAC_INVALID) 1268 TEE_Panic(res); 1269 1270 return res; 1271 } 1272 1273 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1274 1275 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1276 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1277 uint32_t payloadLen) 1278 { 1279 TEE_Result res; 1280 1281 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1282 res = TEE_ERROR_BAD_PARAMETERS; 1283 goto out; 1284 } 1285 1286 if (operation->info.operationClass != TEE_OPERATION_AE) { 1287 res = TEE_ERROR_BAD_PARAMETERS; 1288 goto out; 1289 } 1290 1291 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1292 res = TEE_ERROR_BAD_PARAMETERS; 1293 goto out; 1294 } 1295 1296 /* 1297 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1298 * in the implementation. But AES-GCM spec doesn't specify the tag len 1299 * according to the same principle so we have to check here instead to 1300 * be GP compliant. 1301 */ 1302 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1303 /* 1304 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1305 */ 1306 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1307 res = TEE_ERROR_NOT_SUPPORTED; 1308 goto out; 1309 } 1310 } 1311 1312 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1313 AADLen, payloadLen); 1314 if (res != TEE_SUCCESS) 1315 goto out; 1316 1317 operation->info.digestLength = tagLen / 8; 1318 operation->buffer_offs = 0; 1319 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1320 1321 out: 1322 if (res != TEE_SUCCESS && 1323 res != TEE_ERROR_NOT_SUPPORTED) 1324 TEE_Panic(res); 1325 1326 return res; 1327 } 1328 1329 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1330 uint32_t AADdataLen) 1331 { 1332 TEE_Result res; 1333 1334 if (operation == TEE_HANDLE_NULL || 1335 (AADdata == NULL && AADdataLen != 0)) 1336 TEE_Panic(0); 1337 1338 if (operation->info.operationClass != TEE_OPERATION_AE) 1339 TEE_Panic(0); 1340 1341 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1342 TEE_Panic(0); 1343 1344 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1345 1346 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1347 1348 if (res != TEE_SUCCESS) 1349 TEE_Panic(res); 1350 } 1351 1352 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1353 uint32_t srcLen, void *destData, uint32_t *destLen) 1354 { 1355 TEE_Result res = TEE_SUCCESS; 1356 size_t req_dlen = 0; 1357 uint64_t dl = 0; 1358 1359 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1360 res = TEE_ERROR_BAD_PARAMETERS; 1361 goto out; 1362 } 1363 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1364 1365 if (operation->info.operationClass != TEE_OPERATION_AE) { 1366 res = TEE_ERROR_BAD_PARAMETERS; 1367 goto out; 1368 } 1369 1370 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1371 res = TEE_ERROR_BAD_PARAMETERS; 1372 goto out; 1373 } 1374 1375 if (!srcData && !srcLen) { 1376 *destLen = 0; 1377 res = TEE_SUCCESS; 1378 goto out; 1379 } 1380 1381 /* 1382 * Check that required destLen is big enough before starting to feed 1383 * data to the algorithm. Errors during feeding of data are fatal as we 1384 * can't restore sync with this API. 1385 */ 1386 if (operation->block_size > 1) { 1387 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1388 operation->block_size); 1389 } else { 1390 req_dlen = srcLen; 1391 } 1392 1393 dl = *destLen; 1394 if (dl < req_dlen) { 1395 *destLen = req_dlen; 1396 res = TEE_ERROR_SHORT_BUFFER; 1397 goto out; 1398 } 1399 1400 if (operation->block_size > 1) { 1401 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1402 srcData, srcLen, destData, &dl); 1403 } else { 1404 if (srcLen > 0) { 1405 res = _utee_authenc_update_payload(operation->state, 1406 srcData, srcLen, 1407 destData, &dl); 1408 } else { 1409 dl = 0; 1410 res = TEE_SUCCESS; 1411 } 1412 } 1413 if (res != TEE_SUCCESS) 1414 goto out; 1415 1416 *destLen = dl; 1417 1418 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1419 1420 out: 1421 if (res != TEE_SUCCESS && 1422 res != TEE_ERROR_SHORT_BUFFER) 1423 TEE_Panic(res); 1424 1425 return res; 1426 } 1427 1428 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1429 const void *srcData, uint32_t srcLen, 1430 void *destData, uint32_t *destLen, void *tag, 1431 uint32_t *tagLen) 1432 { 1433 TEE_Result res; 1434 uint8_t *dst = destData; 1435 size_t acc_dlen = 0; 1436 uint64_t tmp_dlen; 1437 size_t req_dlen; 1438 uint64_t tl; 1439 1440 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1441 res = TEE_ERROR_BAD_PARAMETERS; 1442 goto out; 1443 } 1444 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1445 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1446 1447 if (operation->info.operationClass != TEE_OPERATION_AE) { 1448 res = TEE_ERROR_BAD_PARAMETERS; 1449 goto out; 1450 } 1451 1452 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1453 res = TEE_ERROR_BAD_PARAMETERS; 1454 goto out; 1455 } 1456 1457 /* 1458 * Check that required destLen is big enough before starting to feed 1459 * data to the algorithm. Errors during feeding of data are fatal as we 1460 * can't restore sync with this API. 1461 * 1462 * Need to check this before update_payload since sync would be lost if 1463 * we return short buffer after that. 1464 */ 1465 res = TEE_ERROR_GENERIC; 1466 1467 req_dlen = operation->buffer_offs + srcLen; 1468 if (*destLen < req_dlen) { 1469 *destLen = req_dlen; 1470 res = TEE_ERROR_SHORT_BUFFER; 1471 } 1472 1473 if (*tagLen < operation->info.digestLength) { 1474 *tagLen = operation->info.digestLength; 1475 res = TEE_ERROR_SHORT_BUFFER; 1476 } 1477 1478 if (res == TEE_ERROR_SHORT_BUFFER) 1479 goto out; 1480 1481 tl = *tagLen; 1482 tmp_dlen = *destLen - acc_dlen; 1483 if (operation->block_size > 1) { 1484 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1485 srcData, srcLen, dst, &tmp_dlen); 1486 if (res != TEE_SUCCESS) 1487 goto out; 1488 1489 dst += tmp_dlen; 1490 acc_dlen += tmp_dlen; 1491 1492 tmp_dlen = *destLen - acc_dlen; 1493 res = _utee_authenc_enc_final(operation->state, 1494 operation->buffer, 1495 operation->buffer_offs, dst, 1496 &tmp_dlen, tag, &tl); 1497 } else { 1498 res = _utee_authenc_enc_final(operation->state, srcData, 1499 srcLen, dst, &tmp_dlen, 1500 tag, &tl); 1501 } 1502 *tagLen = tl; 1503 if (res != TEE_SUCCESS) 1504 goto out; 1505 1506 acc_dlen += tmp_dlen; 1507 *destLen = acc_dlen; 1508 1509 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1510 1511 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1512 1513 out: 1514 if (res != TEE_SUCCESS && 1515 res != TEE_ERROR_SHORT_BUFFER) 1516 TEE_Panic(res); 1517 1518 return res; 1519 } 1520 1521 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1522 const void *srcData, uint32_t srcLen, 1523 void *destData, uint32_t *destLen, void *tag, 1524 uint32_t tagLen) 1525 { 1526 TEE_Result res; 1527 uint8_t *dst = destData; 1528 size_t acc_dlen = 0; 1529 uint64_t tmp_dlen; 1530 size_t req_dlen; 1531 1532 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1533 res = TEE_ERROR_BAD_PARAMETERS; 1534 goto out; 1535 } 1536 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1537 1538 if (operation->info.operationClass != TEE_OPERATION_AE) { 1539 res = TEE_ERROR_BAD_PARAMETERS; 1540 goto out; 1541 } 1542 1543 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1544 res = TEE_ERROR_BAD_PARAMETERS; 1545 goto out; 1546 } 1547 1548 /* 1549 * Check that required destLen is big enough before starting to feed 1550 * data to the algorithm. Errors during feeding of data are fatal as we 1551 * can't restore sync with this API. 1552 */ 1553 req_dlen = operation->buffer_offs + srcLen; 1554 if (*destLen < req_dlen) { 1555 *destLen = req_dlen; 1556 res = TEE_ERROR_SHORT_BUFFER; 1557 goto out; 1558 } 1559 1560 tmp_dlen = *destLen - acc_dlen; 1561 if (operation->block_size > 1) { 1562 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1563 srcData, srcLen, dst, &tmp_dlen); 1564 if (res != TEE_SUCCESS) 1565 goto out; 1566 1567 dst += tmp_dlen; 1568 acc_dlen += tmp_dlen; 1569 1570 tmp_dlen = *destLen - acc_dlen; 1571 res = _utee_authenc_dec_final(operation->state, 1572 operation->buffer, 1573 operation->buffer_offs, dst, 1574 &tmp_dlen, tag, tagLen); 1575 } else { 1576 res = _utee_authenc_dec_final(operation->state, srcData, 1577 srcLen, dst, &tmp_dlen, 1578 tag, tagLen); 1579 } 1580 if (res != TEE_SUCCESS) 1581 goto out; 1582 1583 /* Supplied tagLen should match what we initiated with */ 1584 if (tagLen != operation->info.digestLength) 1585 res = TEE_ERROR_MAC_INVALID; 1586 1587 acc_dlen += tmp_dlen; 1588 *destLen = acc_dlen; 1589 1590 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1591 1592 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1593 1594 out: 1595 if (res != TEE_SUCCESS && 1596 res != TEE_ERROR_SHORT_BUFFER && 1597 res != TEE_ERROR_MAC_INVALID) 1598 TEE_Panic(res); 1599 1600 return res; 1601 } 1602 1603 /* Cryptographic Operations API - Asymmetric Functions */ 1604 1605 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1606 const TEE_Attribute *params, 1607 uint32_t paramCount, const void *srcData, 1608 uint32_t srcLen, void *destData, 1609 uint32_t *destLen) 1610 { 1611 TEE_Result res = TEE_SUCCESS; 1612 struct utee_attribute ua[paramCount]; 1613 uint64_t dl = 0; 1614 1615 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1616 TEE_Panic(0); 1617 1618 __utee_check_attr_in_annotation(params, paramCount); 1619 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1620 1621 if (!operation->key1) 1622 TEE_Panic(0); 1623 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1624 TEE_Panic(0); 1625 if (operation->info.mode != TEE_MODE_ENCRYPT) 1626 TEE_Panic(0); 1627 1628 __utee_from_attr(ua, params, paramCount); 1629 dl = *destLen; 1630 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1631 srcLen, destData, &dl); 1632 *destLen = dl; 1633 1634 if (res != TEE_SUCCESS && 1635 res != TEE_ERROR_SHORT_BUFFER && 1636 res != TEE_ERROR_BAD_PARAMETERS) 1637 TEE_Panic(res); 1638 1639 return res; 1640 } 1641 1642 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1643 const TEE_Attribute *params, 1644 uint32_t paramCount, const void *srcData, 1645 uint32_t srcLen, void *destData, 1646 uint32_t *destLen) 1647 { 1648 TEE_Result res = TEE_SUCCESS; 1649 struct utee_attribute ua[paramCount]; 1650 uint64_t dl = 0; 1651 1652 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1653 TEE_Panic(0); 1654 1655 __utee_check_attr_in_annotation(params, paramCount); 1656 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1657 1658 if (!operation->key1) 1659 TEE_Panic(0); 1660 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1661 TEE_Panic(0); 1662 if (operation->info.mode != TEE_MODE_DECRYPT) 1663 TEE_Panic(0); 1664 1665 __utee_from_attr(ua, params, paramCount); 1666 dl = *destLen; 1667 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1668 srcLen, destData, &dl); 1669 *destLen = dl; 1670 1671 if (res != TEE_SUCCESS && 1672 res != TEE_ERROR_SHORT_BUFFER && 1673 res != TEE_ERROR_BAD_PARAMETERS) 1674 TEE_Panic(res); 1675 1676 return res; 1677 } 1678 1679 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1680 const TEE_Attribute *params, 1681 uint32_t paramCount, const void *digest, 1682 uint32_t digestLen, void *signature, 1683 uint32_t *signatureLen) 1684 { 1685 TEE_Result res = TEE_SUCCESS; 1686 struct utee_attribute ua[paramCount]; 1687 uint64_t sl = 0; 1688 1689 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1690 TEE_Panic(0); 1691 1692 __utee_check_attr_in_annotation(params, paramCount); 1693 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1694 1695 if (!operation->key1) 1696 TEE_Panic(0); 1697 if (operation->info.operationClass != 1698 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1699 TEE_Panic(0); 1700 if (operation->info.mode != TEE_MODE_SIGN) 1701 TEE_Panic(0); 1702 1703 __utee_from_attr(ua, params, paramCount); 1704 sl = *signatureLen; 1705 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1706 digestLen, signature, &sl); 1707 *signatureLen = sl; 1708 1709 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1710 TEE_Panic(res); 1711 1712 return res; 1713 } 1714 1715 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1716 const TEE_Attribute *params, 1717 uint32_t paramCount, const void *digest, 1718 uint32_t digestLen, 1719 const void *signature, 1720 uint32_t signatureLen) 1721 { 1722 TEE_Result res; 1723 struct utee_attribute ua[paramCount]; 1724 1725 if (operation == TEE_HANDLE_NULL || 1726 (digest == NULL && digestLen != 0) || 1727 (signature == NULL && signatureLen != 0)) 1728 TEE_Panic(0); 1729 1730 __utee_check_attr_in_annotation(params, paramCount); 1731 1732 if (!operation->key1) 1733 TEE_Panic(0); 1734 if (operation->info.operationClass != 1735 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1736 TEE_Panic(0); 1737 if (operation->info.mode != TEE_MODE_VERIFY) 1738 TEE_Panic(0); 1739 1740 __utee_from_attr(ua, params, paramCount); 1741 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1742 digestLen, signature, signatureLen); 1743 1744 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1745 TEE_Panic(res); 1746 1747 return res; 1748 } 1749 1750 /* Cryptographic Operations API - Key Derivation Functions */ 1751 1752 void TEE_DeriveKey(TEE_OperationHandle operation, 1753 const TEE_Attribute *params, uint32_t paramCount, 1754 TEE_ObjectHandle derivedKey) 1755 { 1756 TEE_Result res; 1757 TEE_ObjectInfo key_info; 1758 struct utee_attribute ua[paramCount]; 1759 1760 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1761 TEE_Panic(0); 1762 1763 __utee_check_attr_in_annotation(params, paramCount); 1764 1765 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1766 TEE_OPERATION_KEY_DERIVATION) 1767 TEE_Panic(0); 1768 1769 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1770 TEE_Panic(0); 1771 if (!operation->key1) 1772 TEE_Panic(0); 1773 if (operation->info.mode != TEE_MODE_DERIVE) 1774 TEE_Panic(0); 1775 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1776 TEE_Panic(0); 1777 1778 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1779 if (res != TEE_SUCCESS) 1780 TEE_Panic(res); 1781 1782 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1783 TEE_Panic(0); 1784 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1785 TEE_Panic(0); 1786 1787 __utee_from_attr(ua, params, paramCount); 1788 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1789 (unsigned long)derivedKey); 1790 if (res != TEE_SUCCESS) 1791 TEE_Panic(res); 1792 } 1793 1794 /* Cryptographic Operations API - Random Number Generation Functions */ 1795 1796 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1797 { 1798 TEE_Result res; 1799 1800 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1801 if (res != TEE_SUCCESS) 1802 TEE_Panic(res); 1803 } 1804 1805 int rand(void) 1806 { 1807 int rc; 1808 1809 TEE_GenerateRandom(&rc, sizeof(rc)); 1810 1811 /* 1812 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1813 * highest bit set. 1814 */ 1815 return rc & RAND_MAX; 1816 } 1817 1818 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1819 { 1820 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1821 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1822 if (alg == TEE_ALG_AES_ECB_NOPAD) 1823 goto check_element_none; 1824 } 1825 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1826 if (alg == TEE_ALG_AES_CBC_NOPAD) 1827 goto check_element_none; 1828 } 1829 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1830 if (alg == TEE_ALG_AES_CTR) 1831 goto check_element_none; 1832 } 1833 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1834 if (alg == TEE_ALG_AES_CTS) 1835 goto check_element_none; 1836 } 1837 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1838 if (alg == TEE_ALG_AES_XTS) 1839 goto check_element_none; 1840 } 1841 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1842 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1843 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1844 goto check_element_none; 1845 } 1846 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1847 if (alg == TEE_ALG_AES_CMAC) 1848 goto check_element_none; 1849 } 1850 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1851 if (alg == TEE_ALG_AES_CCM) 1852 goto check_element_none; 1853 } 1854 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1855 if (alg == TEE_ALG_AES_GCM) 1856 goto check_element_none; 1857 } 1858 } 1859 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1860 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1861 if (alg == TEE_ALG_DES_ECB_NOPAD || 1862 alg == TEE_ALG_DES3_ECB_NOPAD) 1863 goto check_element_none; 1864 } 1865 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1866 if (alg == TEE_ALG_DES_CBC_NOPAD || 1867 alg == TEE_ALG_DES3_CBC_NOPAD) 1868 goto check_element_none; 1869 } 1870 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1871 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1872 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1873 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1874 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1875 goto check_element_none; 1876 } 1877 } 1878 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1879 if (alg == TEE_ALG_MD5) 1880 goto check_element_none; 1881 } 1882 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1883 if (alg == TEE_ALG_SHA1) 1884 goto check_element_none; 1885 } 1886 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1887 if (alg == TEE_ALG_SHA224) 1888 goto check_element_none; 1889 } 1890 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1891 if (alg == TEE_ALG_SHA256) 1892 goto check_element_none; 1893 } 1894 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1895 if (alg == TEE_ALG_SHA384) 1896 goto check_element_none; 1897 } 1898 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1899 if (alg == TEE_ALG_SHA512) 1900 goto check_element_none; 1901 } 1902 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1903 if (alg == TEE_ALG_MD5SHA1) 1904 goto check_element_none; 1905 } 1906 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1907 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1908 if (alg == TEE_ALG_HMAC_MD5) 1909 goto check_element_none; 1910 } 1911 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1912 if (alg == TEE_ALG_HMAC_SHA1) 1913 goto check_element_none; 1914 } 1915 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1916 if (alg == TEE_ALG_HMAC_SHA224) 1917 goto check_element_none; 1918 } 1919 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1920 if (alg == TEE_ALG_HMAC_SHA256) 1921 goto check_element_none; 1922 } 1923 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1924 if (alg == TEE_ALG_HMAC_SHA384) 1925 goto check_element_none; 1926 } 1927 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1928 if (alg == TEE_ALG_HMAC_SHA512) 1929 goto check_element_none; 1930 } 1931 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1932 if (alg == TEE_ALG_HMAC_SM3) 1933 goto check_element_none; 1934 } 1935 } 1936 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1937 if (alg == TEE_ALG_SM3) 1938 goto check_element_none; 1939 } 1940 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1941 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1942 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1943 goto check_element_none; 1944 } 1945 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1946 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1947 goto check_element_none; 1948 } 1949 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1950 if (alg == TEE_ALG_SM4_CTR) 1951 goto check_element_none; 1952 } 1953 } 1954 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1955 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1956 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1957 goto check_element_none; 1958 } 1959 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1960 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1961 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1962 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1963 goto check_element_none; 1964 } 1965 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1966 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 1967 goto check_element_none; 1968 } 1969 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1970 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 1971 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 1972 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 1973 goto check_element_none; 1974 } 1975 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1976 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 1977 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 1978 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 1979 goto check_element_none; 1980 } 1981 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1982 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 1983 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 1984 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 1985 goto check_element_none; 1986 } 1987 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1988 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 1989 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 1990 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 1991 goto check_element_none; 1992 } 1993 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 1994 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 1995 goto check_element_none; 1996 } 1997 if (alg == TEE_ALG_RSA_NOPAD) 1998 goto check_element_none; 1999 } 2000 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2001 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2002 if (alg == TEE_ALG_DSA_SHA1) 2003 goto check_element_none; 2004 } 2005 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2006 if (alg == TEE_ALG_DSA_SHA224) 2007 goto check_element_none; 2008 } 2009 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2010 if (alg == TEE_ALG_DSA_SHA256) 2011 goto check_element_none; 2012 } 2013 } 2014 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2015 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2016 goto check_element_none; 2017 } 2018 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2019 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2020 element == TEE_ECC_CURVE_NIST_P192) 2021 return TEE_SUCCESS; 2022 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2023 element == TEE_ECC_CURVE_NIST_P224) 2024 return TEE_SUCCESS; 2025 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2026 element == TEE_ECC_CURVE_NIST_P256) 2027 return TEE_SUCCESS; 2028 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2029 element == TEE_ECC_CURVE_NIST_P384) 2030 return TEE_SUCCESS; 2031 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2032 element == TEE_ECC_CURVE_NIST_P521) 2033 return TEE_SUCCESS; 2034 } 2035 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2036 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2037 return TEE_SUCCESS; 2038 } 2039 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2040 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2041 return TEE_SUCCESS; 2042 } 2043 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2044 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2045 return TEE_SUCCESS; 2046 } 2047 2048 return TEE_ERROR_NOT_SUPPORTED; 2049 check_element_none: 2050 if (element == TEE_CRYPTO_ELEMENT_NONE) 2051 return TEE_SUCCESS; 2052 return TEE_ERROR_NOT_SUPPORTED; 2053 } 2054