1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 #include <string_ext.h> 30 31 #include <tee_api.h> 32 #include <tee_api_defines_extensions.h> 33 #include <tee_internal_api_extensions.h> 34 #include <utee_syscalls.h> 35 #include <utee_defines.h> 36 #include <util.h> 37 38 struct __TEE_OperationHandle { 39 TEE_OperationInfo info; 40 TEE_ObjectHandle key1; 41 TEE_ObjectHandle key2; 42 uint8_t *buffer; /* buffer to collect complete blocks */ 43 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 44 size_t block_size; /* Block size of cipher */ 45 size_t buffer_offs; /* Offset in buffer */ 46 uint32_t state; /* Handle to state in TEE Core */ 47 uint32_t ae_tag_len; /* 48 * tag_len in bytes for AE operation else unused 49 */ 50 }; 51 52 /* Cryptographic Operations API - Generic Operation Functions */ 53 54 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 55 uint32_t algorithm, uint32_t mode, 56 uint32_t maxKeySize) 57 { 58 TEE_Result res; 59 TEE_OperationHandle op = TEE_HANDLE_NULL; 60 uint32_t handle_state = 0; 61 size_t block_size = 1; 62 uint32_t req_key_usage; 63 bool with_private_key = false; 64 bool buffer_two_blocks = false; 65 66 if (operation == NULL) 67 TEE_Panic(0); 68 69 if (algorithm == TEE_ALG_AES_XTS) 70 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 71 72 switch (algorithm) { 73 case TEE_ALG_AES_CTS: 74 case TEE_ALG_AES_XTS: 75 buffer_two_blocks = true; 76 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 77 case TEE_ALG_AES_CBC_NOPAD: 78 case TEE_ALG_AES_CTR: 79 case TEE_ALG_AES_CCM: 80 case TEE_ALG_AES_GCM: 81 case TEE_ALG_DES_ECB_NOPAD: 82 case TEE_ALG_DES_CBC_NOPAD: 83 case TEE_ALG_DES3_ECB_NOPAD: 84 case TEE_ALG_DES3_CBC_NOPAD: 85 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 86 block_size = TEE_AES_BLOCK_SIZE; 87 else 88 block_size = TEE_DES_BLOCK_SIZE; 89 90 if (mode == TEE_MODE_ENCRYPT) 91 req_key_usage = TEE_USAGE_ENCRYPT; 92 else if (mode == TEE_MODE_DECRYPT) 93 req_key_usage = TEE_USAGE_DECRYPT; 94 else 95 return TEE_ERROR_NOT_SUPPORTED; 96 break; 97 98 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 99 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 100 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 101 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 102 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 103 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 104 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 105 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 106 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 107 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 108 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 109 case TEE_ALG_DSA_SHA1: 110 if (mode == TEE_MODE_SIGN) { 111 with_private_key = true; 112 req_key_usage = TEE_USAGE_SIGN; 113 } else if (mode == TEE_MODE_VERIFY) { 114 req_key_usage = TEE_USAGE_VERIFY; 115 } else { 116 return TEE_ERROR_NOT_SUPPORTED; 117 } 118 break; 119 120 case TEE_ALG_RSAES_PKCS1_V1_5: 121 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 122 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 123 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 124 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 125 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 126 if (mode == TEE_MODE_ENCRYPT) { 127 req_key_usage = TEE_USAGE_ENCRYPT; 128 } else if (mode == TEE_MODE_DECRYPT) { 129 with_private_key = true; 130 req_key_usage = TEE_USAGE_DECRYPT; 131 } else { 132 return TEE_ERROR_NOT_SUPPORTED; 133 } 134 break; 135 136 case TEE_ALG_RSA_NOPAD: 137 if (mode == TEE_MODE_ENCRYPT) { 138 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 139 } else if (mode == TEE_MODE_DECRYPT) { 140 with_private_key = true; 141 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 142 } else { 143 return TEE_ERROR_NOT_SUPPORTED; 144 } 145 break; 146 147 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 148 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 149 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 150 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 151 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 152 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 153 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 154 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 155 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 156 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 157 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 158 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 159 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 160 if (mode != TEE_MODE_DERIVE) 161 return TEE_ERROR_NOT_SUPPORTED; 162 with_private_key = true; 163 req_key_usage = TEE_USAGE_DERIVE; 164 break; 165 166 case TEE_ALG_MD5: 167 case TEE_ALG_SHA1: 168 case TEE_ALG_SHA224: 169 case TEE_ALG_SHA256: 170 case TEE_ALG_SHA384: 171 case TEE_ALG_SHA512: 172 if (mode != TEE_MODE_DIGEST) 173 return TEE_ERROR_NOT_SUPPORTED; 174 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 175 req_key_usage = 0; 176 break; 177 178 case TEE_ALG_DES_CBC_MAC_NOPAD: 179 case TEE_ALG_AES_CBC_MAC_NOPAD: 180 case TEE_ALG_AES_CBC_MAC_PKCS5: 181 case TEE_ALG_AES_CMAC: 182 case TEE_ALG_DES_CBC_MAC_PKCS5: 183 case TEE_ALG_DES3_CBC_MAC_NOPAD: 184 case TEE_ALG_DES3_CBC_MAC_PKCS5: 185 case TEE_ALG_HMAC_MD5: 186 case TEE_ALG_HMAC_SHA1: 187 case TEE_ALG_HMAC_SHA224: 188 case TEE_ALG_HMAC_SHA256: 189 case TEE_ALG_HMAC_SHA384: 190 case TEE_ALG_HMAC_SHA512: 191 if (mode != TEE_MODE_MAC) 192 return TEE_ERROR_NOT_SUPPORTED; 193 req_key_usage = TEE_USAGE_MAC; 194 break; 195 196 default: 197 return TEE_ERROR_NOT_SUPPORTED; 198 } 199 200 op = TEE_Malloc(sizeof(*op), 0); 201 if (op == NULL) 202 return TEE_ERROR_OUT_OF_MEMORY; 203 204 op->info.algorithm = algorithm; 205 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 206 op->info.mode = mode; 207 op->info.maxKeySize = maxKeySize; 208 op->info.requiredKeyUsage = req_key_usage; 209 op->info.handleState = handle_state; 210 211 if (block_size > 1) { 212 size_t buffer_size = block_size; 213 214 if (buffer_two_blocks) 215 buffer_size *= 2; 216 217 op->buffer = 218 TEE_Malloc(buffer_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 219 if (op->buffer == NULL) { 220 res = TEE_ERROR_OUT_OF_MEMORY; 221 goto out; 222 } 223 } 224 op->block_size = block_size; 225 op->buffer_two_blocks = buffer_two_blocks; 226 227 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 228 uint32_t mks = maxKeySize; 229 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 230 with_private_key); 231 232 /* 233 * If two keys are expected the max key size is the sum of 234 * the size of both keys. 235 */ 236 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 237 mks /= 2; 238 239 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 240 if (res != TEE_SUCCESS) 241 goto out; 242 243 if ((op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 244 0) { 245 res = 246 TEE_AllocateTransientObject(key_type, mks, 247 &op->key2); 248 if (res != TEE_SUCCESS) 249 goto out; 250 } 251 } 252 253 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 254 (uint32_t) op->key2, &op->state); 255 if (res != TEE_SUCCESS) 256 goto out; 257 258 /* For multi-stage operation do an "init". */ 259 TEE_ResetOperation(op); 260 *operation = op; 261 262 out: 263 if (res != TEE_SUCCESS) { 264 TEE_FreeTransientObject(op->key1); 265 TEE_FreeTransientObject(op->key2); 266 TEE_FreeOperation(op); 267 } 268 269 return res; 270 } 271 272 void TEE_FreeOperation(TEE_OperationHandle operation) 273 { 274 if (operation != TEE_HANDLE_NULL) { 275 /* 276 * Note that keys should not be freed here, since they are 277 * claimed by the operation they will be freed by 278 * utee_cryp_state_free(). 279 */ 280 utee_cryp_state_free(operation->state); 281 TEE_Free(operation->buffer); 282 TEE_Free(operation); 283 } 284 } 285 286 void TEE_GetOperationInfo(TEE_OperationHandle operation, 287 TEE_OperationInfo *operationInfo) 288 { 289 if (operation == TEE_HANDLE_NULL) 290 TEE_Panic(0); 291 292 if (operationInfo == NULL) 293 TEE_Panic(0); 294 295 *operationInfo = operation->info; 296 } 297 298 void TEE_ResetOperation(TEE_OperationHandle operation) 299 { 300 TEE_Result res; 301 302 if (operation == TEE_HANDLE_NULL) 303 TEE_Panic(0); 304 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 305 res = utee_hash_init(operation->state, NULL, 0); 306 if (res != TEE_SUCCESS) 307 TEE_Panic(res); 308 } 309 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 310 } 311 312 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 313 TEE_ObjectHandle key) 314 { 315 TEE_Result res; 316 uint32_t key_size = 0; 317 318 if (operation == TEE_HANDLE_NULL) 319 TEE_Panic(0); 320 321 /* No key for digests */ 322 if (operation->info.operationClass == TEE_OPERATION_DIGEST) 323 TEE_Panic(0); 324 325 /* Two keys expected */ 326 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 327 0) 328 TEE_Panic(0); 329 330 if (key != TEE_HANDLE_NULL) { 331 TEE_ObjectInfo key_info; 332 333 res = TEE_GetObjectInfo1(key, &key_info); 334 if (res != TEE_SUCCESS) 335 goto err; 336 337 /* Supplied key has to meet required usage */ 338 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 339 operation->info.requiredKeyUsage) { 340 TEE_Panic(0); 341 } 342 343 if (operation->info.maxKeySize < key_info.keySize) 344 TEE_Panic(0); 345 346 key_size = key_info.keySize; 347 } 348 349 TEE_ResetTransientObject(operation->key1); 350 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 351 352 if (key != TEE_HANDLE_NULL) { 353 res = TEE_CopyObjectAttributes1(operation->key1, key); 354 if (res != TEE_SUCCESS) 355 goto err; 356 357 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 358 } 359 360 operation->info.keySize = key_size; 361 362 goto out; 363 364 err: 365 if (res == TEE_ERROR_CORRUPT_OBJECT || 366 res == TEE_ERROR_STORAGE_NOT_AVAILABLE) 367 return res; 368 else 369 TEE_Panic(0); 370 out: 371 return TEE_SUCCESS; 372 } 373 374 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 375 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 376 { 377 TEE_Result res; 378 uint32_t key_size = 0; 379 380 if (operation == TEE_HANDLE_NULL) 381 TEE_Panic(0); 382 383 /* Two keys not expected */ 384 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 385 0) 386 TEE_Panic(0); 387 388 /* Either both keys are NULL or both are not NULL */ 389 if ((key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) && 390 key1 != key2) 391 TEE_Panic(0); 392 393 if (key1 != TEE_HANDLE_NULL) { 394 TEE_ObjectInfo key_info1; 395 TEE_ObjectInfo key_info2; 396 397 res = TEE_GetObjectInfo1(key1, &key_info1); 398 if (res != TEE_SUCCESS) 399 goto err; 400 401 /* Supplied key has to meet required usage */ 402 if ((key_info1.objectUsage & operation->info. 403 requiredKeyUsage) != operation->info.requiredKeyUsage) { 404 TEE_Panic(0); 405 } 406 407 res = TEE_GetObjectInfo1(key2, &key_info2); 408 if (res != TEE_SUCCESS) { 409 if (res == TEE_ERROR_CORRUPT_OBJECT) 410 res = TEE_ERROR_CORRUPT_OBJECT_2; 411 goto err; 412 } 413 414 /* Supplied key has to meet required usage */ 415 if ((key_info2.objectUsage & operation->info. 416 requiredKeyUsage) != operation->info.requiredKeyUsage) { 417 TEE_Panic(0); 418 } 419 420 /* 421 * AES-XTS (the only multi key algorithm supported, requires the 422 * keys to be of equal size. 423 */ 424 if (operation->info.algorithm == TEE_ALG_AES_XTS && 425 key_info1.keySize != key_info2.keySize) 426 TEE_Panic(0); 427 428 if (operation->info.maxKeySize < key_info1.keySize) 429 TEE_Panic(0); 430 431 /* 432 * Odd that only the size of one key should be reported while 433 * size of two key are used when allocating the operation. 434 */ 435 key_size = key_info1.keySize; 436 } 437 438 TEE_ResetTransientObject(operation->key1); 439 TEE_ResetTransientObject(operation->key2); 440 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 441 442 if (key1 != TEE_HANDLE_NULL) { 443 res = TEE_CopyObjectAttributes1(operation->key1, key1); 444 if (res != TEE_SUCCESS) 445 goto err; 446 447 res = TEE_CopyObjectAttributes1(operation->key2, key2); 448 if (res != TEE_SUCCESS) { 449 if (res == TEE_ERROR_CORRUPT_OBJECT) 450 res = TEE_ERROR_CORRUPT_OBJECT_2; 451 goto err; 452 } 453 454 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 455 } 456 457 operation->info.keySize = key_size; 458 459 goto out; 460 461 err: 462 if (res == TEE_ERROR_CORRUPT_OBJECT || 463 res == TEE_ERROR_CORRUPT_OBJECT_2 || 464 res == TEE_ERROR_STORAGE_NOT_AVAILABLE || 465 res == TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 466 return res; 467 else 468 TEE_Panic(0); 469 out: 470 return TEE_SUCCESS; 471 } 472 473 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 474 { 475 TEE_Result res; 476 477 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 478 TEE_Panic(0); 479 if (dst_op->info.algorithm != src_op->info.algorithm) 480 TEE_Panic(0); 481 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 482 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 483 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 484 485 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 486 key1 = src_op->key1; 487 key2 = src_op->key2; 488 } 489 490 if ((src_op->info.handleState & 491 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 492 TEE_SetOperationKey(dst_op, key1); 493 } else { 494 TEE_SetOperationKey2(dst_op, key1, key2); 495 } 496 } 497 dst_op->info.handleState = src_op->info.handleState; 498 dst_op->info.keySize = src_op->info.keySize; 499 500 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 501 dst_op->block_size != src_op->block_size) 502 TEE_Panic(0); 503 504 if (dst_op->buffer != NULL) { 505 if (src_op->buffer == NULL) 506 TEE_Panic(0); 507 508 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 509 dst_op->buffer_offs = src_op->buffer_offs; 510 } else if (src_op->buffer != NULL) { 511 TEE_Panic(0); 512 } 513 514 res = utee_cryp_state_copy(dst_op->state, src_op->state); 515 if (res != TEE_SUCCESS) 516 TEE_Panic(res); 517 } 518 519 /* Cryptographic Operations API - Message Digest Functions */ 520 521 void TEE_DigestUpdate(TEE_OperationHandle operation, 522 void *chunk, uint32_t chunkSize) 523 { 524 TEE_Result res = TEE_ERROR_GENERIC; 525 526 if (operation == TEE_HANDLE_NULL || 527 operation->info.operationClass != TEE_OPERATION_DIGEST) 528 TEE_Panic(0); 529 530 res = utee_hash_update(operation->state, chunk, chunkSize); 531 if (res != TEE_SUCCESS) 532 TEE_Panic(res); 533 } 534 535 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 536 uint32_t chunkLen, void *hash, uint32_t *hashLen) 537 { 538 if ((operation == TEE_HANDLE_NULL) || (!chunk && chunkLen) || 539 !hash || !hashLen || 540 (operation->info.operationClass != TEE_OPERATION_DIGEST)) 541 TEE_Panic(0); 542 543 return utee_hash_final(operation->state, chunk, chunkLen, hash, 544 hashLen); 545 } 546 547 /* Cryptographic Operations API - Symmetric Cipher Functions */ 548 549 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 550 { 551 TEE_Result res; 552 553 if (operation == TEE_HANDLE_NULL) 554 TEE_Panic(0); 555 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 556 TEE_Panic(0); 557 res = utee_cipher_init(operation->state, IV, IVLen); 558 if (res != TEE_SUCCESS) 559 TEE_Panic(res); 560 operation->buffer_offs = 0; 561 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 562 } 563 564 static TEE_Result tee_buffer_update( 565 TEE_OperationHandle op, 566 TEE_Result(*update_func) (uint32_t state, const void *src, 567 size_t slen, void *dst, uint32_t *dlen), 568 const void *src_data, size_t src_len, 569 void *dest_data, uint32_t *dest_len) 570 { 571 TEE_Result res; 572 const uint8_t *src = src_data; 573 size_t slen = src_len; 574 uint8_t *dst = dest_data; 575 size_t dlen = *dest_len; 576 size_t acc_dlen = 0; 577 uint32_t tmp_dlen; 578 size_t l; 579 size_t buffer_size; 580 size_t buffer_left; 581 582 if (op->buffer_two_blocks) { 583 buffer_size = op->block_size * 2; 584 buffer_left = 1; 585 } else { 586 buffer_size = op->block_size; 587 buffer_left = 0; 588 } 589 590 if (op->buffer_offs > 0) { 591 /* Fill up complete block */ 592 if (op->buffer_offs < op->block_size) 593 l = MIN(slen, op->block_size - op->buffer_offs); 594 else 595 l = MIN(slen, buffer_size - op->buffer_offs); 596 memcpy(op->buffer + op->buffer_offs, src, l); 597 op->buffer_offs += l; 598 src += l; 599 slen -= l; 600 if ((op->buffer_offs % op->block_size) != 0) 601 goto out; /* Nothing left to do */ 602 } 603 604 /* If we can feed from buffer */ 605 if ((op->buffer_offs > 0) && 606 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 607 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 608 op->block_size); 609 l = MIN(op->buffer_offs, l); 610 tmp_dlen = dlen; 611 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 612 if (res != TEE_SUCCESS) 613 TEE_Panic(res); 614 dst += tmp_dlen; 615 dlen -= tmp_dlen; 616 acc_dlen += tmp_dlen; 617 op->buffer_offs -= l; 618 if (op->buffer_offs > 0) { 619 /* 620 * Slen is small enough to be contained in rest buffer. 621 */ 622 memcpy(op->buffer, op->buffer + l, buffer_size - l); 623 memcpy(op->buffer + op->buffer_offs, src, slen); 624 op->buffer_offs += slen; 625 goto out; /* Nothing left to do */ 626 } 627 } 628 629 if (slen >= (buffer_size + buffer_left)) { 630 /* Buffer is empty, feed as much as possible from src */ 631 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 632 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 633 634 tmp_dlen = dlen; 635 res = update_func(op->state, src, l, dst, &tmp_dlen); 636 if (res != TEE_SUCCESS) 637 TEE_Panic(res); 638 src += l; 639 slen -= l; 640 dst += tmp_dlen; 641 dlen -= tmp_dlen; 642 acc_dlen += tmp_dlen; 643 } else { 644 /* 645 * Supplied data isn't well aligned, we're forced to 646 * feed through the buffer. 647 */ 648 while (slen >= op->block_size) { 649 memcpy(op->buffer, src, op->block_size); 650 651 tmp_dlen = dlen; 652 res = 653 update_func(op->state, op->buffer, 654 op->block_size, dst, &tmp_dlen); 655 if (res != TEE_SUCCESS) 656 TEE_Panic(res); 657 src += op->block_size; 658 slen -= op->block_size; 659 dst += tmp_dlen; 660 dlen -= tmp_dlen; 661 acc_dlen += tmp_dlen; 662 } 663 } 664 } 665 666 /* Slen is small enough to be contained in buffer. */ 667 memcpy(op->buffer + op->buffer_offs, src, slen); 668 op->buffer_offs += slen; 669 670 out: 671 *dest_len = acc_dlen; 672 return TEE_SUCCESS; 673 } 674 675 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 676 uint32_t srcLen, void *destData, uint32_t *destLen) 677 { 678 size_t req_dlen; 679 680 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 681 destLen == NULL || (destData == NULL && *destLen != 0)) 682 TEE_Panic(0); 683 if (op->info.operationClass != TEE_OPERATION_CIPHER) 684 TEE_Panic(0); 685 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 686 TEE_Panic(0); 687 688 /* Calculate required dlen */ 689 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 690 op->block_size; 691 if (op->buffer_two_blocks) { 692 if (req_dlen > op->block_size * 2) 693 req_dlen -= op->block_size * 2; 694 else 695 req_dlen = 0; 696 } 697 /* 698 * Check that required destLen is big enough before starting to feed 699 * data to the algorithm. Errors during feeding of data are fatal as we 700 * can't restore sync with this API. 701 */ 702 if (*destLen < req_dlen) { 703 *destLen = req_dlen; 704 return TEE_ERROR_SHORT_BUFFER; 705 } 706 707 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, destData, 708 destLen); 709 710 return TEE_SUCCESS; 711 } 712 713 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 714 const void *srcData, uint32_t srcLen, void *destData, 715 uint32_t *destLen) 716 { 717 TEE_Result res; 718 uint8_t *dst = destData; 719 size_t acc_dlen = 0; 720 uint32_t tmp_dlen; 721 size_t req_dlen; 722 723 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 724 destLen == NULL || (destData == NULL && *destLen != 0)) 725 TEE_Panic(0); 726 if (op->info.operationClass != TEE_OPERATION_CIPHER) 727 TEE_Panic(0); 728 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 729 TEE_Panic(0); 730 731 /* 732 * Check that the final block doesn't require padding for those 733 * algorithms that requires client to supply padding. 734 */ 735 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 736 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 737 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 738 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 739 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 740 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 741 if (((op->buffer_offs + srcLen) % op->block_size) != 0) 742 return TEE_ERROR_BAD_PARAMETERS; 743 } 744 745 /* 746 * Check that required destLen is big enough before starting to feed 747 * data to the algorithm. Errors during feeding of data are fatal as we 748 * can't restore sync with this API. 749 */ 750 req_dlen = op->buffer_offs + srcLen; 751 if (*destLen < req_dlen) { 752 *destLen = req_dlen; 753 return TEE_ERROR_SHORT_BUFFER; 754 } 755 756 tmp_dlen = *destLen - acc_dlen; 757 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 758 &tmp_dlen); 759 dst += tmp_dlen; 760 acc_dlen += tmp_dlen; 761 762 tmp_dlen = *destLen - acc_dlen; 763 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 764 dst, &tmp_dlen); 765 if (res != TEE_SUCCESS) 766 TEE_Panic(res); 767 acc_dlen += tmp_dlen; 768 769 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 770 *destLen = acc_dlen; 771 return TEE_SUCCESS; 772 } 773 774 /* Cryptographic Operations API - MAC Functions */ 775 776 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 777 { 778 TEE_Result res; 779 780 if (operation == TEE_HANDLE_NULL) 781 TEE_Panic(0); 782 if (IV == NULL && IVLen != 0) 783 TEE_Panic(0); 784 if (operation->info.operationClass != TEE_OPERATION_MAC) 785 TEE_Panic(0); 786 res = utee_hash_init(operation->state, IV, IVLen); 787 if (res != TEE_SUCCESS) 788 TEE_Panic(res); 789 operation->buffer_offs = 0; 790 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 791 } 792 793 void TEE_MACUpdate(TEE_OperationHandle op, const void *chunk, uint32_t chunkSize) 794 { 795 TEE_Result res; 796 797 if (op == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 798 TEE_Panic(0); 799 if (op->info.operationClass != TEE_OPERATION_MAC) 800 TEE_Panic(0); 801 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 802 TEE_Panic(0); 803 804 res = utee_hash_update(op->state, chunk, chunkSize); 805 if (res != TEE_SUCCESS) 806 TEE_Panic(res); 807 } 808 809 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle op, 810 const void *message, uint32_t messageLen, 811 void *mac, uint32_t *macLen) 812 { 813 TEE_Result res; 814 815 if (op == TEE_HANDLE_NULL || (message == NULL && messageLen != 0) || 816 mac == NULL || macLen == NULL) 817 TEE_Panic(0); 818 if (op->info.operationClass != TEE_OPERATION_MAC) 819 TEE_Panic(0); 820 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 821 TEE_Panic(0); 822 823 res = utee_hash_final(op->state, message, messageLen, mac, macLen); 824 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 825 return res; 826 } 827 828 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 829 const void *message, uint32_t messageLen, 830 const void *mac, uint32_t macLen) 831 { 832 TEE_Result res; 833 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 834 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 835 836 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 837 &computed_mac_size); 838 if (res != TEE_SUCCESS) 839 return res; 840 if (computed_mac_size != macLen) 841 return TEE_ERROR_MAC_INVALID; 842 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) 843 return TEE_ERROR_MAC_INVALID; 844 return TEE_SUCCESS; 845 } 846 847 /* Cryptographic Operations API - Authenticated Encryption Functions */ 848 849 TEE_Result TEE_AEInit(TEE_OperationHandle op, const void *nonce, 850 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 851 uint32_t payloadLen) 852 { 853 TEE_Result res; 854 855 if (op == TEE_HANDLE_NULL || nonce == NULL) 856 TEE_Panic(0); 857 if (op->info.operationClass != TEE_OPERATION_AE) 858 TEE_Panic(0); 859 860 /* 861 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 862 * in the implementation. But AES-GCM spec doesn't specify the tag len 863 * according to the same principle so we have to check here instead to 864 * be GP compliant. 865 */ 866 if (op->info.algorithm == TEE_ALG_AES_GCM) { 867 /* 868 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 869 */ 870 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) 871 return TEE_ERROR_NOT_SUPPORTED; 872 } 873 874 res = utee_authenc_init(op->state, nonce, nonceLen, tagLen / 8, AADLen, 875 payloadLen); 876 if (res != TEE_SUCCESS) { 877 if (res != TEE_ERROR_NOT_SUPPORTED) 878 TEE_Panic(res); 879 return res; 880 } 881 op->ae_tag_len = tagLen / 8; 882 883 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 884 return TEE_SUCCESS; 885 } 886 887 void TEE_AEUpdateAAD(TEE_OperationHandle op, const void *AADdata, 888 uint32_t AADdataLen) 889 { 890 TEE_Result res; 891 892 if (op == TEE_HANDLE_NULL || (AADdata == NULL && AADdataLen != 0)) 893 TEE_Panic(0); 894 if (op->info.operationClass != TEE_OPERATION_AE) 895 TEE_Panic(0); 896 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 897 TEE_Panic(0); 898 899 res = utee_authenc_update_aad(op->state, AADdata, AADdataLen); 900 if (res != TEE_SUCCESS) 901 TEE_Panic(res); 902 } 903 904 TEE_Result TEE_AEUpdate(TEE_OperationHandle op, const void *srcData, 905 uint32_t srcLen, void *destData, uint32_t *destLen) 906 { 907 size_t req_dlen; 908 909 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 910 destLen == NULL || (destData == NULL && *destLen != 0)) 911 TEE_Panic(0); 912 if (op->info.operationClass != TEE_OPERATION_AE) 913 TEE_Panic(0); 914 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 915 TEE_Panic(0); 916 917 /* 918 * Check that required destLen is big enough before starting to feed 919 * data to the algorithm. Errors during feeding of data are fatal as we 920 * can't restore sync with this API. 921 */ 922 req_dlen = ROUNDDOWN(op->buffer_offs + srcLen, op->block_size); 923 if (*destLen < req_dlen) { 924 *destLen = req_dlen; 925 return TEE_ERROR_SHORT_BUFFER; 926 } 927 928 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 929 destData, destLen); 930 931 return TEE_SUCCESS; 932 } 933 934 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle op, 935 const void *srcData, uint32_t srcLen, 936 void *destData, uint32_t *destLen, void *tag, 937 uint32_t *tagLen) 938 { 939 TEE_Result res; 940 uint8_t *dst = destData; 941 size_t acc_dlen = 0; 942 uint32_t tmp_dlen; 943 size_t req_dlen; 944 945 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 946 destLen == NULL || (destData == NULL && *destLen != 0) || 947 tag == NULL || tagLen == NULL) 948 TEE_Panic(0); 949 if (op->info.operationClass != TEE_OPERATION_AE) 950 TEE_Panic(0); 951 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 952 TEE_Panic(0); 953 954 /* 955 * Check that required destLen is big enough before starting to feed 956 * data to the algorithm. Errors during feeding of data are fatal as we 957 * can't restore sync with this API. 958 */ 959 req_dlen = op->buffer_offs + srcLen; 960 if (*destLen < req_dlen) { 961 *destLen = req_dlen; 962 return TEE_ERROR_SHORT_BUFFER; 963 } 964 965 /* 966 * Need to check this before update_payload since sync would be lost if 967 * we return short buffer after that. 968 */ 969 if (*tagLen < op->ae_tag_len) { 970 *tagLen = op->ae_tag_len; 971 return TEE_ERROR_SHORT_BUFFER; 972 } 973 974 tmp_dlen = *destLen - acc_dlen; 975 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 976 dst, &tmp_dlen); 977 dst += tmp_dlen; 978 acc_dlen += tmp_dlen; 979 980 tmp_dlen = *destLen - acc_dlen; 981 res = 982 utee_authenc_enc_final(op->state, op->buffer, op->buffer_offs, dst, 983 &tmp_dlen, tag, tagLen); 984 if (res != TEE_SUCCESS) 985 TEE_Panic(res); 986 acc_dlen += tmp_dlen; 987 988 *destLen = acc_dlen; 989 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 990 991 return res; 992 } 993 994 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle op, 995 const void *srcData, uint32_t srcLen, 996 void *destData, uint32_t *destLen, const void *tag, 997 uint32_t tagLen) 998 { 999 TEE_Result res; 1000 uint8_t *dst = destData; 1001 size_t acc_dlen = 0; 1002 uint32_t tmp_dlen; 1003 size_t req_dlen; 1004 1005 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1006 destLen == NULL || (destData == NULL && *destLen != 0) || 1007 (tag == NULL && tagLen != 0)) 1008 TEE_Panic(0); 1009 if (op->info.operationClass != TEE_OPERATION_AE) 1010 TEE_Panic(0); 1011 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1012 TEE_Panic(0); 1013 1014 /* 1015 * Check that required destLen is big enough before starting to feed 1016 * data to the algorithm. Errors during feeding of data are fatal as we 1017 * can't restore sync with this API. 1018 */ 1019 req_dlen = op->buffer_offs + srcLen; 1020 if (*destLen < req_dlen) { 1021 *destLen = req_dlen; 1022 return TEE_ERROR_SHORT_BUFFER; 1023 } 1024 1025 tmp_dlen = *destLen - acc_dlen; 1026 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1027 dst, &tmp_dlen); 1028 dst += tmp_dlen; 1029 acc_dlen += tmp_dlen; 1030 1031 tmp_dlen = *destLen - acc_dlen; 1032 res = 1033 utee_authenc_dec_final(op->state, op->buffer, op->buffer_offs, dst, 1034 &tmp_dlen, tag, tagLen); 1035 if (res != TEE_SUCCESS && res != TEE_ERROR_MAC_INVALID) 1036 TEE_Panic(res); 1037 /* Supplied tagLen should match what we initiated with */ 1038 if (tagLen != op->ae_tag_len) 1039 res = TEE_ERROR_MAC_INVALID; 1040 1041 acc_dlen += tmp_dlen; 1042 1043 *destLen = acc_dlen; 1044 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1045 1046 return res; 1047 } 1048 1049 /* Cryptographic Operations API - Asymmetric Functions */ 1050 1051 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle op, 1052 const TEE_Attribute *params, 1053 uint32_t paramCount, const void *srcData, 1054 uint32_t srcLen, void *destData, 1055 uint32_t *destLen) 1056 { 1057 TEE_Result res; 1058 1059 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1060 destLen == NULL || (destData == NULL && *destLen != 0)) 1061 TEE_Panic(0); 1062 if (paramCount != 0 && params == NULL) 1063 TEE_Panic(0); 1064 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1065 TEE_Panic(0); 1066 if (op->info.mode != TEE_MODE_ENCRYPT) 1067 TEE_Panic(0); 1068 1069 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1070 destData, destLen); 1071 if (res != TEE_SUCCESS && 1072 res != TEE_ERROR_SHORT_BUFFER && 1073 res != TEE_ERROR_BAD_PARAMETERS) 1074 TEE_Panic(res); 1075 return res; 1076 } 1077 1078 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle op, 1079 const TEE_Attribute *params, 1080 uint32_t paramCount, const void *srcData, 1081 uint32_t srcLen, void *destData, 1082 uint32_t *destLen) 1083 { 1084 TEE_Result res; 1085 1086 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1087 destLen == NULL || (destData == NULL && *destLen != 0)) 1088 TEE_Panic(0); 1089 if (paramCount != 0 && params == NULL) 1090 TEE_Panic(0); 1091 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1092 TEE_Panic(0); 1093 if (op->info.mode != TEE_MODE_DECRYPT) 1094 TEE_Panic(0); 1095 1096 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1097 destData, destLen); 1098 if (res != TEE_SUCCESS && 1099 res != TEE_ERROR_SHORT_BUFFER && 1100 res != TEE_ERROR_BAD_PARAMETERS) 1101 TEE_Panic(res); 1102 return res; 1103 } 1104 1105 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle op, 1106 const TEE_Attribute *params, 1107 uint32_t paramCount, const void *digest, 1108 uint32_t digestLen, void *signature, 1109 uint32_t *signatureLen) 1110 { 1111 TEE_Result res; 1112 1113 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1114 signature == NULL || signatureLen == NULL) 1115 TEE_Panic(0); 1116 if (paramCount != 0 && params == NULL) 1117 TEE_Panic(0); 1118 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1119 TEE_Panic(0); 1120 if (op->info.mode != TEE_MODE_SIGN) 1121 TEE_Panic(0); 1122 1123 res = 1124 utee_asymm_operate(op->state, params, paramCount, digest, digestLen, 1125 signature, signatureLen); 1126 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1127 TEE_Panic(res); 1128 return res; 1129 } 1130 1131 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle op, 1132 const TEE_Attribute *params, 1133 uint32_t paramCount, const void *digest, 1134 uint32_t digestLen, const void *signature, 1135 uint32_t signatureLen) 1136 { 1137 TEE_Result res; 1138 1139 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1140 (signature == NULL && signatureLen != 0)) 1141 TEE_Panic(0); 1142 if (paramCount != 0 && params == NULL) 1143 TEE_Panic(0); 1144 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1145 TEE_Panic(0); 1146 if (op->info.mode != TEE_MODE_VERIFY) 1147 TEE_Panic(0); 1148 1149 res = 1150 utee_asymm_verify(op->state, params, paramCount, digest, digestLen, 1151 signature, signatureLen); 1152 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1153 TEE_Panic(res); 1154 return res; 1155 } 1156 1157 /* Cryptographic Operations API - Key Derivation Functions */ 1158 1159 void TEE_DeriveKey(TEE_OperationHandle operation, 1160 const TEE_Attribute *params, uint32_t paramCount, 1161 TEE_ObjectHandle derivedKey) 1162 { 1163 TEE_Result res; 1164 TEE_ObjectInfo key_info; 1165 1166 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1167 TEE_Panic(0); 1168 if (paramCount != 0 && params == NULL) 1169 TEE_Panic(0); 1170 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1171 TEE_OPERATION_KEY_DERIVATION) 1172 TEE_Panic(0); 1173 1174 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1175 TEE_Panic(0); 1176 if (operation->info.mode != TEE_MODE_DERIVE) 1177 TEE_Panic(0); 1178 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1179 TEE_Panic(0); 1180 1181 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1182 if (res != TEE_SUCCESS) 1183 TEE_Panic(0); 1184 1185 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1186 TEE_Panic(0); 1187 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1188 TEE_Panic(0); 1189 1190 res = utee_cryp_derive_key(operation->state, params, paramCount, 1191 (uint32_t) derivedKey); 1192 if (res != TEE_SUCCESS) 1193 TEE_Panic(res); 1194 } 1195 1196 /* Cryptographic Operations API - Random Number Generation Functions */ 1197 1198 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1199 { 1200 TEE_Result res; 1201 1202 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1203 if (res != TEE_SUCCESS) 1204 TEE_Panic(res); 1205 } 1206