1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <stdlib.h> 6 #include <string.h> 7 #include <string_ext.h> 8 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 uint32_t ae_tag_len; /* 28 * tag_len in bytes for AE operation else unused 29 */ 30 }; 31 32 /* Cryptographic Operations API - Generic Operation Functions */ 33 34 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 35 uint32_t algorithm, uint32_t mode, 36 uint32_t maxKeySize) 37 { 38 TEE_Result res; 39 TEE_OperationHandle op = TEE_HANDLE_NULL; 40 uint32_t handle_state = 0; 41 size_t block_size = 1; 42 uint32_t req_key_usage; 43 bool with_private_key = false; 44 bool buffer_two_blocks = false; 45 46 if (!operation) 47 TEE_Panic(0); 48 49 if (algorithm == TEE_ALG_AES_XTS) 50 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 51 52 /* Check algorithm max key size */ 53 switch (algorithm) { 54 case TEE_ALG_DSA_SHA1: 55 if (maxKeySize < 512) 56 return TEE_ERROR_NOT_SUPPORTED; 57 if (maxKeySize > 1024) 58 return TEE_ERROR_NOT_SUPPORTED; 59 if (maxKeySize % 64 != 0) 60 return TEE_ERROR_NOT_SUPPORTED; 61 break; 62 63 case TEE_ALG_DSA_SHA224: 64 if (maxKeySize != 2048) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA256: 69 if (maxKeySize != 2048 && maxKeySize != 3072) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_ECDSA_P192: 74 case TEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_P224: 80 case TEE_ALG_ECDH_P224: 81 if (maxKeySize != 224) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_P256: 86 case TEE_ALG_ECDH_P256: 87 if (maxKeySize != 256) 88 return TEE_ERROR_NOT_SUPPORTED; 89 break; 90 91 case TEE_ALG_ECDSA_P384: 92 case TEE_ALG_ECDH_P384: 93 if (maxKeySize != 384) 94 return TEE_ERROR_NOT_SUPPORTED; 95 break; 96 97 case TEE_ALG_ECDSA_P521: 98 case TEE_ALG_ECDH_P521: 99 if (maxKeySize != 521) 100 return TEE_ERROR_NOT_SUPPORTED; 101 break; 102 103 default: 104 break; 105 } 106 107 /* Check algorithm mode */ 108 switch (algorithm) { 109 case TEE_ALG_AES_CTS: 110 case TEE_ALG_AES_XTS: 111 buffer_two_blocks = true; 112 /* FALLTHROUGH */ 113 case TEE_ALG_AES_ECB_NOPAD: 114 case TEE_ALG_AES_CBC_NOPAD: 115 case TEE_ALG_AES_CCM: 116 case TEE_ALG_DES_ECB_NOPAD: 117 case TEE_ALG_DES_CBC_NOPAD: 118 case TEE_ALG_DES3_ECB_NOPAD: 119 case TEE_ALG_DES3_CBC_NOPAD: 120 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 121 block_size = TEE_AES_BLOCK_SIZE; 122 else 123 block_size = TEE_DES_BLOCK_SIZE; 124 /* FALLTHROUGH */ 125 case TEE_ALG_AES_CTR: 126 case TEE_ALG_AES_GCM: 127 if (mode == TEE_MODE_ENCRYPT) 128 req_key_usage = TEE_USAGE_ENCRYPT; 129 else if (mode == TEE_MODE_DECRYPT) 130 req_key_usage = TEE_USAGE_DECRYPT; 131 else 132 return TEE_ERROR_NOT_SUPPORTED; 133 break; 134 135 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 136 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 137 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 138 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 139 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 140 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 141 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 142 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 143 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 144 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 145 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 146 case TEE_ALG_DSA_SHA1: 147 case TEE_ALG_DSA_SHA224: 148 case TEE_ALG_DSA_SHA256: 149 case TEE_ALG_ECDSA_P192: 150 case TEE_ALG_ECDSA_P224: 151 case TEE_ALG_ECDSA_P256: 152 case TEE_ALG_ECDSA_P384: 153 case TEE_ALG_ECDSA_P521: 154 if (mode == TEE_MODE_SIGN) { 155 with_private_key = true; 156 req_key_usage = TEE_USAGE_SIGN; 157 } else if (mode == TEE_MODE_VERIFY) { 158 req_key_usage = TEE_USAGE_VERIFY; 159 } else { 160 return TEE_ERROR_NOT_SUPPORTED; 161 } 162 break; 163 164 case TEE_ALG_RSAES_PKCS1_V1_5: 165 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 166 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 167 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 168 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 169 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 170 if (mode == TEE_MODE_ENCRYPT) { 171 req_key_usage = TEE_USAGE_ENCRYPT; 172 } else if (mode == TEE_MODE_DECRYPT) { 173 with_private_key = true; 174 req_key_usage = TEE_USAGE_DECRYPT; 175 } else { 176 return TEE_ERROR_NOT_SUPPORTED; 177 } 178 break; 179 180 case TEE_ALG_RSA_NOPAD: 181 if (mode == TEE_MODE_ENCRYPT) { 182 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 183 } else if (mode == TEE_MODE_DECRYPT) { 184 with_private_key = true; 185 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 186 } else { 187 return TEE_ERROR_NOT_SUPPORTED; 188 } 189 break; 190 191 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 192 case TEE_ALG_ECDH_P192: 193 case TEE_ALG_ECDH_P224: 194 case TEE_ALG_ECDH_P256: 195 case TEE_ALG_ECDH_P384: 196 case TEE_ALG_ECDH_P521: 197 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 198 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 199 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 200 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 201 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 202 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 203 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 204 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 205 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 206 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 207 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 208 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 209 if (mode != TEE_MODE_DERIVE) 210 return TEE_ERROR_NOT_SUPPORTED; 211 with_private_key = true; 212 req_key_usage = TEE_USAGE_DERIVE; 213 break; 214 215 case TEE_ALG_MD5: 216 case TEE_ALG_SHA1: 217 case TEE_ALG_SHA224: 218 case TEE_ALG_SHA256: 219 case TEE_ALG_SHA384: 220 case TEE_ALG_SHA512: 221 if (mode != TEE_MODE_DIGEST) 222 return TEE_ERROR_NOT_SUPPORTED; 223 /* v1.1: flags always set for digest operations */ 224 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 225 req_key_usage = 0; 226 break; 227 228 case TEE_ALG_DES_CBC_MAC_NOPAD: 229 case TEE_ALG_AES_CBC_MAC_NOPAD: 230 case TEE_ALG_AES_CBC_MAC_PKCS5: 231 case TEE_ALG_AES_CMAC: 232 case TEE_ALG_DES_CBC_MAC_PKCS5: 233 case TEE_ALG_DES3_CBC_MAC_NOPAD: 234 case TEE_ALG_DES3_CBC_MAC_PKCS5: 235 case TEE_ALG_HMAC_MD5: 236 case TEE_ALG_HMAC_SHA1: 237 case TEE_ALG_HMAC_SHA224: 238 case TEE_ALG_HMAC_SHA256: 239 case TEE_ALG_HMAC_SHA384: 240 case TEE_ALG_HMAC_SHA512: 241 if (mode != TEE_MODE_MAC) 242 return TEE_ERROR_NOT_SUPPORTED; 243 req_key_usage = TEE_USAGE_MAC; 244 break; 245 246 default: 247 return TEE_ERROR_NOT_SUPPORTED; 248 } 249 250 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 251 if (!op) 252 return TEE_ERROR_OUT_OF_MEMORY; 253 254 op->info.algorithm = algorithm; 255 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 256 op->info.mode = mode; 257 op->info.maxKeySize = maxKeySize; 258 op->info.requiredKeyUsage = req_key_usage; 259 op->info.handleState = handle_state; 260 261 if (block_size > 1) { 262 size_t buffer_size = block_size; 263 264 if (buffer_two_blocks) 265 buffer_size *= 2; 266 267 op->buffer = TEE_Malloc(buffer_size, 268 TEE_USER_MEM_HINT_NO_FILL_ZERO); 269 if (op->buffer == NULL) { 270 res = TEE_ERROR_OUT_OF_MEMORY; 271 goto out; 272 } 273 } 274 op->block_size = block_size; 275 op->buffer_two_blocks = buffer_two_blocks; 276 277 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 278 uint32_t mks = maxKeySize; 279 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 280 with_private_key); 281 282 /* 283 * If two keys are expected the max key size is the sum of 284 * the size of both keys. 285 */ 286 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 287 mks /= 2; 288 289 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 290 if (res != TEE_SUCCESS) 291 goto out; 292 293 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 294 res = TEE_AllocateTransientObject(key_type, mks, 295 &op->key2); 296 if (res != TEE_SUCCESS) 297 goto out; 298 } 299 } 300 301 res = utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 302 (unsigned long)op->key2, &op->state); 303 if (res != TEE_SUCCESS) 304 goto out; 305 306 /* 307 * Initialize digest operations 308 * Other multi-stage operations initialized w/ TEE_xxxInit functions 309 * Non-applicable on asymmetric operations 310 */ 311 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 312 res = utee_hash_init(op->state, NULL, 0); 313 if (res != TEE_SUCCESS) 314 goto out; 315 /* v1.1: flags always set for digest operations */ 316 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 317 } 318 319 op->operationState = TEE_OPERATION_STATE_INITIAL; 320 321 *operation = op; 322 323 out: 324 if (res != TEE_SUCCESS) { 325 if (res != TEE_ERROR_OUT_OF_MEMORY && 326 res != TEE_ERROR_NOT_SUPPORTED) 327 TEE_Panic(res); 328 if (op) { 329 if (op->state) { 330 TEE_FreeOperation(op); 331 } else { 332 TEE_Free(op->buffer); 333 TEE_FreeTransientObject(op->key1); 334 TEE_FreeTransientObject(op->key2); 335 TEE_Free(op); 336 } 337 } 338 } 339 340 return res; 341 } 342 343 void TEE_FreeOperation(TEE_OperationHandle operation) 344 { 345 TEE_Result res; 346 347 if (operation == TEE_HANDLE_NULL) 348 TEE_Panic(0); 349 350 /* 351 * Note that keys should not be freed here, since they are 352 * claimed by the operation they will be freed by 353 * utee_cryp_state_free(). 354 */ 355 res = utee_cryp_state_free(operation->state); 356 if (res != TEE_SUCCESS) 357 TEE_Panic(res); 358 359 TEE_Free(operation->buffer); 360 TEE_Free(operation); 361 } 362 363 void TEE_GetOperationInfo(TEE_OperationHandle operation, 364 TEE_OperationInfo *operationInfo) 365 { 366 if (operation == TEE_HANDLE_NULL) 367 TEE_Panic(0); 368 369 if (!operationInfo) 370 TEE_Panic(0); 371 372 *operationInfo = operation->info; 373 } 374 375 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 376 TEE_OperationInfoMultiple *operationInfoMultiple, 377 uint32_t *operationSize) 378 { 379 TEE_Result res = TEE_SUCCESS; 380 TEE_ObjectInfo key_info1; 381 TEE_ObjectInfo key_info2; 382 uint32_t num_of_keys; 383 size_t n; 384 385 if (operation == TEE_HANDLE_NULL) { 386 res = TEE_ERROR_BAD_PARAMETERS; 387 goto out; 388 } 389 390 if (!operationInfoMultiple) { 391 res = TEE_ERROR_BAD_PARAMETERS; 392 goto out; 393 } 394 395 if (!operationSize) { 396 res = TEE_ERROR_BAD_PARAMETERS; 397 goto out; 398 } 399 400 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 401 sizeof(TEE_OperationInfoKey); 402 403 if (num_of_keys > 2) { 404 res = TEE_ERROR_BAD_PARAMETERS; 405 goto out; 406 } 407 408 /* Two keys flag (TEE_ALG_AES_XTS only) */ 409 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 410 0 && 411 (num_of_keys != 2)) { 412 res = TEE_ERROR_SHORT_BUFFER; 413 goto out; 414 } 415 416 /* Clear */ 417 for (n = 0; n < num_of_keys; n++) { 418 operationInfoMultiple->keyInformation[n].keySize = 0; 419 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 420 } 421 422 if (num_of_keys == 2) { 423 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 424 /* Key2 is not a valid handle */ 425 if (res != TEE_SUCCESS) 426 goto out; 427 428 operationInfoMultiple->keyInformation[1].keySize = 429 key_info2.keySize; 430 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 431 operation->info.requiredKeyUsage; 432 } 433 434 if (num_of_keys >= 1) { 435 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 436 /* Key1 is not a valid handle */ 437 if (res != TEE_SUCCESS) { 438 if (num_of_keys == 2) { 439 operationInfoMultiple->keyInformation[1]. 440 keySize = 0; 441 operationInfoMultiple->keyInformation[1]. 442 requiredKeyUsage = 0; 443 } 444 goto out; 445 } 446 447 operationInfoMultiple->keyInformation[0].keySize = 448 key_info1.keySize; 449 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 450 operation->info.requiredKeyUsage; 451 } 452 453 /* No key */ 454 operationInfoMultiple->algorithm = operation->info.algorithm; 455 operationInfoMultiple->operationClass = operation->info.operationClass; 456 operationInfoMultiple->mode = operation->info.mode; 457 operationInfoMultiple->digestLength = operation->info.digestLength; 458 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 459 operationInfoMultiple->handleState = operation->info.handleState; 460 operationInfoMultiple->operationState = operation->operationState; 461 operationInfoMultiple->numberOfKeys = num_of_keys; 462 463 out: 464 if (res != TEE_SUCCESS && 465 res != TEE_ERROR_SHORT_BUFFER) 466 TEE_Panic(res); 467 468 return res; 469 } 470 471 void TEE_ResetOperation(TEE_OperationHandle operation) 472 { 473 TEE_Result res; 474 475 if (operation == TEE_HANDLE_NULL) 476 TEE_Panic(0); 477 478 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 479 TEE_Panic(0); 480 481 operation->operationState = TEE_OPERATION_STATE_INITIAL; 482 483 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 484 res = utee_hash_init(operation->state, NULL, 0); 485 if (res != TEE_SUCCESS) 486 TEE_Panic(res); 487 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 488 } else { 489 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 490 } 491 } 492 493 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 494 TEE_ObjectHandle key) 495 { 496 TEE_Result res; 497 uint32_t key_size = 0; 498 TEE_ObjectInfo key_info; 499 500 if (operation == TEE_HANDLE_NULL) { 501 res = TEE_ERROR_BAD_PARAMETERS; 502 goto out; 503 } 504 505 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 506 res = TEE_ERROR_BAD_PARAMETERS; 507 goto out; 508 } 509 510 if (key == TEE_HANDLE_NULL) { 511 /* Operation key cleared */ 512 TEE_ResetTransientObject(operation->key1); 513 res = TEE_ERROR_BAD_PARAMETERS; 514 goto out; 515 } 516 517 /* No key for digest operation */ 518 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 519 res = TEE_ERROR_BAD_PARAMETERS; 520 goto out; 521 } 522 523 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 524 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 525 0) { 526 res = TEE_ERROR_BAD_PARAMETERS; 527 goto out; 528 } 529 530 res = TEE_GetObjectInfo1(key, &key_info); 531 /* Key is not a valid handle */ 532 if (res != TEE_SUCCESS) 533 goto out; 534 535 /* Supplied key has to meet required usage */ 536 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 537 operation->info.requiredKeyUsage) { 538 res = TEE_ERROR_BAD_PARAMETERS; 539 goto out; 540 } 541 542 if (operation->info.maxKeySize < key_info.keySize) { 543 res = TEE_ERROR_BAD_PARAMETERS; 544 goto out; 545 } 546 547 key_size = key_info.keySize; 548 549 TEE_ResetTransientObject(operation->key1); 550 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 551 552 res = TEE_CopyObjectAttributes1(operation->key1, key); 553 if (res != TEE_SUCCESS) 554 goto out; 555 556 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 557 558 operation->info.keySize = key_size; 559 560 out: 561 if (res != TEE_SUCCESS && 562 res != TEE_ERROR_CORRUPT_OBJECT && 563 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 564 TEE_Panic(res); 565 566 return res; 567 } 568 569 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 570 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 571 { 572 TEE_Result res; 573 uint32_t key_size = 0; 574 TEE_ObjectInfo key_info1; 575 TEE_ObjectInfo key_info2; 576 577 if (operation == TEE_HANDLE_NULL) { 578 res = TEE_ERROR_BAD_PARAMETERS; 579 goto out; 580 } 581 582 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 583 res = TEE_ERROR_BAD_PARAMETERS; 584 goto out; 585 } 586 587 /* 588 * Key1/Key2 and/or are not initialized and 589 * Either both keys are NULL or both are not NULL 590 */ 591 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 592 /* Clear operation key1 (if needed) */ 593 if (key1 == TEE_HANDLE_NULL) 594 TEE_ResetTransientObject(operation->key1); 595 /* Clear operation key2 (if needed) */ 596 if (key2 == TEE_HANDLE_NULL) 597 TEE_ResetTransientObject(operation->key2); 598 res = TEE_ERROR_BAD_PARAMETERS; 599 goto out; 600 } 601 602 /* No key for digest operation */ 603 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 604 res = TEE_ERROR_BAD_PARAMETERS; 605 goto out; 606 } 607 608 /* Two keys flag expected (TEE_ALG_AES_XTS only) */ 609 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 610 0) { 611 res = TEE_ERROR_BAD_PARAMETERS; 612 goto out; 613 } 614 615 res = TEE_GetObjectInfo1(key1, &key_info1); 616 /* Key1 is not a valid handle */ 617 if (res != TEE_SUCCESS) 618 goto out; 619 620 /* Supplied key has to meet required usage */ 621 if ((key_info1.objectUsage & operation->info. 622 requiredKeyUsage) != operation->info.requiredKeyUsage) { 623 res = TEE_ERROR_BAD_PARAMETERS; 624 goto out; 625 } 626 627 res = TEE_GetObjectInfo1(key2, &key_info2); 628 /* Key2 is not a valid handle */ 629 if (res != TEE_SUCCESS) { 630 if (res == TEE_ERROR_CORRUPT_OBJECT) 631 res = TEE_ERROR_CORRUPT_OBJECT_2; 632 goto out; 633 } 634 635 /* Supplied key has to meet required usage */ 636 if ((key_info2.objectUsage & operation->info. 637 requiredKeyUsage) != operation->info.requiredKeyUsage) { 638 res = TEE_ERROR_BAD_PARAMETERS; 639 goto out; 640 } 641 642 /* 643 * AES-XTS (the only multi key algorithm supported, requires the 644 * keys to be of equal size. 645 */ 646 if (operation->info.algorithm == TEE_ALG_AES_XTS && 647 key_info1.keySize != key_info2.keySize) { 648 res = TEE_ERROR_BAD_PARAMETERS; 649 goto out; 650 651 } 652 653 if (operation->info.maxKeySize < key_info1.keySize) { 654 res = TEE_ERROR_BAD_PARAMETERS; 655 goto out; 656 } 657 658 /* 659 * Odd that only the size of one key should be reported while 660 * size of two key are used when allocating the operation. 661 */ 662 key_size = key_info1.keySize; 663 664 TEE_ResetTransientObject(operation->key1); 665 TEE_ResetTransientObject(operation->key2); 666 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 667 668 res = TEE_CopyObjectAttributes1(operation->key1, key1); 669 if (res != TEE_SUCCESS) 670 goto out; 671 672 res = TEE_CopyObjectAttributes1(operation->key2, key2); 673 if (res != TEE_SUCCESS) { 674 if (res == TEE_ERROR_CORRUPT_OBJECT) 675 res = TEE_ERROR_CORRUPT_OBJECT_2; 676 goto out; 677 } 678 679 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 680 681 operation->info.keySize = key_size; 682 683 out: 684 if (res != TEE_SUCCESS && 685 res != TEE_ERROR_CORRUPT_OBJECT && 686 res != TEE_ERROR_CORRUPT_OBJECT_2 && 687 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 688 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 689 TEE_Panic(res); 690 691 return res; 692 } 693 694 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 695 { 696 TEE_Result res; 697 698 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 699 TEE_Panic(0); 700 if (dst_op->info.algorithm != src_op->info.algorithm) 701 TEE_Panic(0); 702 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 703 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 704 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 705 706 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 707 key1 = src_op->key1; 708 key2 = src_op->key2; 709 } 710 711 if ((src_op->info.handleState & 712 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 713 TEE_SetOperationKey(dst_op, key1); 714 } else { 715 TEE_SetOperationKey2(dst_op, key1, key2); 716 } 717 } 718 dst_op->info.handleState = src_op->info.handleState; 719 dst_op->info.keySize = src_op->info.keySize; 720 dst_op->operationState = src_op->operationState; 721 722 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 723 dst_op->block_size != src_op->block_size) 724 TEE_Panic(0); 725 726 if (dst_op->buffer != NULL) { 727 if (src_op->buffer == NULL) 728 TEE_Panic(0); 729 730 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 731 dst_op->buffer_offs = src_op->buffer_offs; 732 } else if (src_op->buffer != NULL) { 733 TEE_Panic(0); 734 } 735 736 res = utee_cryp_state_copy(dst_op->state, src_op->state); 737 if (res != TEE_SUCCESS) 738 TEE_Panic(res); 739 } 740 741 /* Cryptographic Operations API - Message Digest Functions */ 742 743 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 744 uint32_t IVLen) 745 { 746 TEE_Result res; 747 748 /* 749 * Note : IV and IVLen are never used in current implementation 750 * This is why coherent values of IV and IVLen are not checked 751 */ 752 res = utee_hash_init(operation->state, IV, IVLen); 753 if (res != TEE_SUCCESS) 754 TEE_Panic(res); 755 operation->buffer_offs = 0; 756 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 757 } 758 759 void TEE_DigestUpdate(TEE_OperationHandle operation, 760 const void *chunk, uint32_t chunkSize) 761 { 762 TEE_Result res = TEE_ERROR_GENERIC; 763 764 if (operation == TEE_HANDLE_NULL || 765 operation->info.operationClass != TEE_OPERATION_DIGEST) 766 TEE_Panic(0); 767 768 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 769 770 res = utee_hash_update(operation->state, chunk, chunkSize); 771 if (res != TEE_SUCCESS) 772 TEE_Panic(res); 773 } 774 775 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 776 uint32_t chunkLen, void *hash, uint32_t *hashLen) 777 { 778 TEE_Result res; 779 uint64_t hl; 780 781 if ((operation == TEE_HANDLE_NULL) || 782 (!chunk && chunkLen) || 783 !hash || 784 !hashLen || 785 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 786 res = TEE_ERROR_BAD_PARAMETERS; 787 goto out; 788 } 789 790 hl = *hashLen; 791 res = utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 792 *hashLen = hl; 793 if (res != TEE_SUCCESS) 794 goto out; 795 796 /* Reset operation state */ 797 init_hash_operation(operation, NULL, 0); 798 799 operation->operationState = TEE_OPERATION_STATE_INITIAL; 800 801 out: 802 if (res != TEE_SUCCESS && 803 res != TEE_ERROR_SHORT_BUFFER) 804 TEE_Panic(res); 805 806 return res; 807 } 808 809 /* Cryptographic Operations API - Symmetric Cipher Functions */ 810 811 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 812 uint32_t IVLen) 813 { 814 TEE_Result res; 815 816 if (operation == TEE_HANDLE_NULL) 817 TEE_Panic(0); 818 819 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 820 TEE_Panic(0); 821 822 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 823 !(operation->key1)) 824 TEE_Panic(0); 825 826 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 827 TEE_ResetOperation(operation); 828 829 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 830 831 res = utee_cipher_init(operation->state, IV, IVLen); 832 if (res != TEE_SUCCESS) 833 TEE_Panic(res); 834 835 operation->buffer_offs = 0; 836 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 837 } 838 839 static TEE_Result tee_buffer_update( 840 TEE_OperationHandle op, 841 TEE_Result(*update_func)(unsigned long state, const void *src, 842 size_t slen, void *dst, uint64_t *dlen), 843 const void *src_data, size_t src_len, 844 void *dest_data, uint64_t *dest_len) 845 { 846 TEE_Result res; 847 const uint8_t *src = src_data; 848 size_t slen = src_len; 849 uint8_t *dst = dest_data; 850 size_t dlen = *dest_len; 851 size_t acc_dlen = 0; 852 uint64_t tmp_dlen; 853 size_t l; 854 size_t buffer_size; 855 size_t buffer_left; 856 857 if (!src) { 858 if (slen) 859 TEE_Panic(0); 860 goto out; 861 } 862 863 if (op->buffer_two_blocks) { 864 buffer_size = op->block_size * 2; 865 buffer_left = 1; 866 } else { 867 buffer_size = op->block_size; 868 buffer_left = 0; 869 } 870 871 if (op->buffer_offs > 0) { 872 /* Fill up complete block */ 873 if (op->buffer_offs < op->block_size) 874 l = MIN(slen, op->block_size - op->buffer_offs); 875 else 876 l = MIN(slen, buffer_size - op->buffer_offs); 877 memcpy(op->buffer + op->buffer_offs, src, l); 878 op->buffer_offs += l; 879 src += l; 880 slen -= l; 881 if ((op->buffer_offs % op->block_size) != 0) 882 goto out; /* Nothing left to do */ 883 } 884 885 /* If we can feed from buffer */ 886 if ((op->buffer_offs > 0) && 887 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 888 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 889 op->block_size); 890 l = MIN(op->buffer_offs, l); 891 tmp_dlen = dlen; 892 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 893 if (res != TEE_SUCCESS) 894 TEE_Panic(res); 895 dst += tmp_dlen; 896 dlen -= tmp_dlen; 897 acc_dlen += tmp_dlen; 898 op->buffer_offs -= l; 899 if (op->buffer_offs > 0) { 900 /* 901 * Slen is small enough to be contained in rest buffer. 902 */ 903 memcpy(op->buffer, op->buffer + l, buffer_size - l); 904 memcpy(op->buffer + op->buffer_offs, src, slen); 905 op->buffer_offs += slen; 906 goto out; /* Nothing left to do */ 907 } 908 } 909 910 if (slen >= (buffer_size + buffer_left)) { 911 /* Buffer is empty, feed as much as possible from src */ 912 if (op->info.algorithm == TEE_ALG_AES_CTS) 913 l = ROUNDUP(slen - buffer_size, op->block_size); 914 else 915 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 916 917 tmp_dlen = dlen; 918 res = update_func(op->state, src, l, dst, &tmp_dlen); 919 if (res != TEE_SUCCESS) 920 TEE_Panic(res); 921 src += l; 922 slen -= l; 923 dst += tmp_dlen; 924 dlen -= tmp_dlen; 925 acc_dlen += tmp_dlen; 926 } 927 928 /* Slen is small enough to be contained in buffer. */ 929 memcpy(op->buffer + op->buffer_offs, src, slen); 930 op->buffer_offs += slen; 931 932 out: 933 *dest_len = acc_dlen; 934 return TEE_SUCCESS; 935 } 936 937 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 938 uint32_t srcLen, void *destData, uint32_t *destLen) 939 { 940 TEE_Result res; 941 size_t req_dlen; 942 uint64_t dl; 943 944 if (operation == TEE_HANDLE_NULL || 945 (srcData == NULL && srcLen != 0) || 946 destLen == NULL || 947 (destData == NULL && *destLen != 0)) { 948 res = TEE_ERROR_BAD_PARAMETERS; 949 goto out; 950 } 951 952 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 953 res = TEE_ERROR_BAD_PARAMETERS; 954 goto out; 955 } 956 957 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 958 res = TEE_ERROR_BAD_PARAMETERS; 959 goto out; 960 } 961 962 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 963 res = TEE_ERROR_BAD_PARAMETERS; 964 goto out; 965 } 966 967 if (!srcData && !srcLen) { 968 *destLen = 0; 969 res = TEE_SUCCESS; 970 goto out; 971 } 972 973 /* Calculate required dlen */ 974 if (operation->block_size > 1) { 975 req_dlen = ((operation->buffer_offs + srcLen) / 976 operation->block_size) * operation->block_size; 977 } else { 978 req_dlen = srcLen; 979 } 980 if (operation->buffer_two_blocks) { 981 if (req_dlen > operation->block_size * 2) 982 req_dlen -= operation->block_size * 2; 983 else 984 req_dlen = 0; 985 } 986 /* 987 * Check that required destLen is big enough before starting to feed 988 * data to the algorithm. Errors during feeding of data are fatal as we 989 * can't restore sync with this API. 990 */ 991 if (*destLen < req_dlen) { 992 *destLen = req_dlen; 993 res = TEE_ERROR_SHORT_BUFFER; 994 goto out; 995 } 996 997 dl = *destLen; 998 if (operation->block_size > 1) { 999 res = tee_buffer_update(operation, utee_cipher_update, srcData, 1000 srcLen, destData, &dl); 1001 } else { 1002 if (srcLen > 0) { 1003 res = utee_cipher_update(operation->state, srcData, 1004 srcLen, destData, &dl); 1005 } else { 1006 res = TEE_SUCCESS; 1007 dl = 0; 1008 } 1009 } 1010 *destLen = dl; 1011 1012 out: 1013 if (res != TEE_SUCCESS && 1014 res != TEE_ERROR_SHORT_BUFFER) 1015 TEE_Panic(res); 1016 1017 return res; 1018 } 1019 1020 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1021 const void *srcData, uint32_t srcLen, 1022 void *destData, uint32_t *destLen) 1023 { 1024 TEE_Result res; 1025 uint8_t *dst = destData; 1026 size_t acc_dlen = 0; 1027 uint64_t tmp_dlen; 1028 size_t req_dlen; 1029 1030 if (operation == TEE_HANDLE_NULL || 1031 (srcData == NULL && srcLen != 0) || 1032 destLen == NULL || 1033 (destData == NULL && *destLen != 0)) { 1034 res = TEE_ERROR_BAD_PARAMETERS; 1035 goto out; 1036 } 1037 1038 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1039 res = TEE_ERROR_BAD_PARAMETERS; 1040 goto out; 1041 } 1042 1043 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1044 res = TEE_ERROR_BAD_PARAMETERS; 1045 goto out; 1046 } 1047 1048 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1049 res = TEE_ERROR_BAD_PARAMETERS; 1050 goto out; 1051 } 1052 1053 /* 1054 * Check that the final block doesn't require padding for those 1055 * algorithms that requires client to supply padding. 1056 */ 1057 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1058 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1059 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1060 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1061 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1062 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 1063 if (((operation->buffer_offs + srcLen) % operation->block_size) 1064 != 0) { 1065 res = TEE_ERROR_BAD_PARAMETERS; 1066 goto out; 1067 } 1068 } 1069 1070 /* 1071 * Check that required destLen is big enough before starting to feed 1072 * data to the algorithm. Errors during feeding of data are fatal as we 1073 * can't restore sync with this API. 1074 */ 1075 if (operation->block_size > 1) { 1076 req_dlen = operation->buffer_offs + srcLen; 1077 } else { 1078 req_dlen = srcLen; 1079 } 1080 if (*destLen < req_dlen) { 1081 *destLen = req_dlen; 1082 res = TEE_ERROR_SHORT_BUFFER; 1083 goto out; 1084 } 1085 1086 tmp_dlen = *destLen - acc_dlen; 1087 if (operation->block_size > 1) { 1088 res = tee_buffer_update(operation, utee_cipher_update, 1089 srcData, srcLen, dst, &tmp_dlen); 1090 if (res != TEE_SUCCESS) 1091 goto out; 1092 1093 dst += tmp_dlen; 1094 acc_dlen += tmp_dlen; 1095 1096 tmp_dlen = *destLen - acc_dlen; 1097 res = utee_cipher_final(operation->state, operation->buffer, 1098 operation->buffer_offs, dst, &tmp_dlen); 1099 } else { 1100 res = utee_cipher_final(operation->state, srcData, 1101 srcLen, dst, &tmp_dlen); 1102 } 1103 if (res != TEE_SUCCESS) 1104 goto out; 1105 1106 acc_dlen += tmp_dlen; 1107 *destLen = acc_dlen; 1108 1109 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1110 1111 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1112 1113 out: 1114 if (res != TEE_SUCCESS && 1115 res != TEE_ERROR_SHORT_BUFFER) 1116 TEE_Panic(res); 1117 1118 return res; 1119 } 1120 1121 /* Cryptographic Operations API - MAC Functions */ 1122 1123 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1124 { 1125 if (operation == TEE_HANDLE_NULL) 1126 TEE_Panic(0); 1127 1128 if (operation->info.operationClass != TEE_OPERATION_MAC) 1129 TEE_Panic(0); 1130 1131 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1132 !(operation->key1)) 1133 TEE_Panic(0); 1134 1135 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1136 TEE_ResetOperation(operation); 1137 1138 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1139 1140 init_hash_operation(operation, IV, IVLen); 1141 } 1142 1143 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1144 uint32_t chunkSize) 1145 { 1146 TEE_Result res; 1147 1148 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1149 TEE_Panic(0); 1150 1151 if (operation->info.operationClass != TEE_OPERATION_MAC) 1152 TEE_Panic(0); 1153 1154 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1155 TEE_Panic(0); 1156 1157 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1158 TEE_Panic(0); 1159 1160 res = utee_hash_update(operation->state, chunk, chunkSize); 1161 if (res != TEE_SUCCESS) 1162 TEE_Panic(res); 1163 } 1164 1165 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1166 const void *message, uint32_t messageLen, 1167 void *mac, uint32_t *macLen) 1168 { 1169 TEE_Result res; 1170 uint64_t ml; 1171 1172 if (operation == TEE_HANDLE_NULL || 1173 (message == NULL && messageLen != 0) || 1174 mac == NULL || 1175 macLen == NULL) { 1176 res = TEE_ERROR_BAD_PARAMETERS; 1177 goto out; 1178 } 1179 1180 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1181 res = TEE_ERROR_BAD_PARAMETERS; 1182 goto out; 1183 } 1184 1185 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1186 res = TEE_ERROR_BAD_PARAMETERS; 1187 goto out; 1188 } 1189 1190 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1191 res = TEE_ERROR_BAD_PARAMETERS; 1192 goto out; 1193 } 1194 1195 ml = *macLen; 1196 res = utee_hash_final(operation->state, message, messageLen, mac, &ml); 1197 *macLen = ml; 1198 if (res != TEE_SUCCESS) 1199 goto out; 1200 1201 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1202 1203 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1204 1205 out: 1206 if (res != TEE_SUCCESS && 1207 res != TEE_ERROR_SHORT_BUFFER) 1208 TEE_Panic(res); 1209 1210 return res; 1211 } 1212 1213 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1214 const void *message, uint32_t messageLen, 1215 const void *mac, uint32_t macLen) 1216 { 1217 TEE_Result res; 1218 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1219 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1220 1221 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1222 res = TEE_ERROR_BAD_PARAMETERS; 1223 goto out; 1224 } 1225 1226 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1227 res = TEE_ERROR_BAD_PARAMETERS; 1228 goto out; 1229 } 1230 1231 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1232 res = TEE_ERROR_BAD_PARAMETERS; 1233 goto out; 1234 } 1235 1236 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1237 &computed_mac_size); 1238 if (res != TEE_SUCCESS) 1239 goto out; 1240 1241 if (computed_mac_size != macLen) { 1242 res = TEE_ERROR_MAC_INVALID; 1243 goto out; 1244 } 1245 1246 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) { 1247 res = TEE_ERROR_MAC_INVALID; 1248 goto out; 1249 } 1250 1251 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1252 1253 out: 1254 if (res != TEE_SUCCESS && 1255 res != TEE_ERROR_MAC_INVALID) 1256 TEE_Panic(res); 1257 1258 return res; 1259 } 1260 1261 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1262 1263 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1264 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1265 uint32_t payloadLen) 1266 { 1267 TEE_Result res; 1268 1269 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1270 res = TEE_ERROR_BAD_PARAMETERS; 1271 goto out; 1272 } 1273 1274 if (operation->info.operationClass != TEE_OPERATION_AE) { 1275 res = TEE_ERROR_BAD_PARAMETERS; 1276 goto out; 1277 } 1278 1279 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1280 res = TEE_ERROR_BAD_PARAMETERS; 1281 goto out; 1282 } 1283 1284 /* 1285 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1286 * in the implementation. But AES-GCM spec doesn't specify the tag len 1287 * according to the same principle so we have to check here instead to 1288 * be GP compliant. 1289 */ 1290 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1291 /* 1292 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1293 */ 1294 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1295 res = TEE_ERROR_NOT_SUPPORTED; 1296 goto out; 1297 } 1298 } 1299 1300 res = utee_authenc_init(operation->state, nonce, nonceLen, 1301 tagLen / 8, AADLen, payloadLen); 1302 if (res != TEE_SUCCESS) 1303 goto out; 1304 1305 operation->ae_tag_len = tagLen / 8; 1306 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1307 1308 out: 1309 if (res != TEE_SUCCESS && 1310 res != TEE_ERROR_NOT_SUPPORTED) 1311 TEE_Panic(res); 1312 1313 return res; 1314 } 1315 1316 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1317 uint32_t AADdataLen) 1318 { 1319 TEE_Result res; 1320 1321 if (operation == TEE_HANDLE_NULL || 1322 (AADdata == NULL && AADdataLen != 0)) 1323 TEE_Panic(0); 1324 1325 if (operation->info.operationClass != TEE_OPERATION_AE) 1326 TEE_Panic(0); 1327 1328 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1329 TEE_Panic(0); 1330 1331 res = utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1332 1333 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1334 1335 if (res != TEE_SUCCESS) 1336 TEE_Panic(res); 1337 } 1338 1339 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1340 uint32_t srcLen, void *destData, uint32_t *destLen) 1341 { 1342 TEE_Result res; 1343 size_t req_dlen; 1344 uint64_t dl; 1345 1346 if (operation == TEE_HANDLE_NULL || 1347 (srcData == NULL && srcLen != 0) || 1348 destLen == NULL || 1349 (destData == NULL && *destLen != 0)) { 1350 res = TEE_ERROR_BAD_PARAMETERS; 1351 goto out; 1352 } 1353 1354 if (operation->info.operationClass != TEE_OPERATION_AE) { 1355 res = TEE_ERROR_BAD_PARAMETERS; 1356 goto out; 1357 } 1358 1359 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1360 res = TEE_ERROR_BAD_PARAMETERS; 1361 goto out; 1362 } 1363 1364 if (!srcData && !srcLen) { 1365 *destLen = 0; 1366 res = TEE_SUCCESS; 1367 goto out; 1368 } 1369 1370 /* 1371 * Check that required destLen is big enough before starting to feed 1372 * data to the algorithm. Errors during feeding of data are fatal as we 1373 * can't restore sync with this API. 1374 */ 1375 if (operation->block_size > 1) { 1376 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1377 operation->block_size); 1378 } else { 1379 req_dlen = srcLen; 1380 } 1381 1382 if (*destLen < req_dlen) { 1383 *destLen = req_dlen; 1384 res = TEE_ERROR_SHORT_BUFFER; 1385 goto out; 1386 } 1387 1388 dl = *destLen; 1389 if (operation->block_size > 1) { 1390 res = tee_buffer_update(operation, utee_authenc_update_payload, 1391 srcData, srcLen, destData, &dl); 1392 } else { 1393 if (srcLen > 0) { 1394 res = utee_authenc_update_payload(operation->state, 1395 srcData, srcLen, 1396 destData, &dl); 1397 } else { 1398 dl = 0; 1399 res = TEE_SUCCESS; 1400 } 1401 } 1402 if (res != TEE_SUCCESS) 1403 goto out; 1404 1405 *destLen = dl; 1406 1407 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1408 1409 out: 1410 if (res != TEE_SUCCESS && 1411 res != TEE_ERROR_SHORT_BUFFER) 1412 TEE_Panic(res); 1413 1414 return res; 1415 } 1416 1417 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1418 const void *srcData, uint32_t srcLen, 1419 void *destData, uint32_t *destLen, void *tag, 1420 uint32_t *tagLen) 1421 { 1422 TEE_Result res; 1423 uint8_t *dst = destData; 1424 size_t acc_dlen = 0; 1425 uint64_t tmp_dlen; 1426 size_t req_dlen; 1427 uint64_t tl; 1428 1429 if (operation == TEE_HANDLE_NULL || 1430 (srcData == NULL && srcLen != 0) || 1431 destLen == NULL || 1432 (destData == NULL && *destLen != 0) || 1433 tag == NULL || tagLen == NULL) { 1434 res = TEE_ERROR_BAD_PARAMETERS; 1435 goto out; 1436 } 1437 1438 if (operation->info.operationClass != TEE_OPERATION_AE) { 1439 res = TEE_ERROR_BAD_PARAMETERS; 1440 goto out; 1441 } 1442 1443 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1444 res = TEE_ERROR_BAD_PARAMETERS; 1445 goto out; 1446 } 1447 1448 /* 1449 * Check that required destLen is big enough before starting to feed 1450 * data to the algorithm. Errors during feeding of data are fatal as we 1451 * can't restore sync with this API. 1452 * 1453 * Need to check this before update_payload since sync would be lost if 1454 * we return short buffer after that. 1455 */ 1456 res = TEE_ERROR_GENERIC; 1457 1458 req_dlen = operation->buffer_offs + srcLen; 1459 if (*destLen < req_dlen) { 1460 *destLen = req_dlen; 1461 res = TEE_ERROR_SHORT_BUFFER; 1462 } 1463 1464 if (*tagLen < operation->ae_tag_len) { 1465 *tagLen = operation->ae_tag_len; 1466 res = TEE_ERROR_SHORT_BUFFER; 1467 } 1468 1469 if (res == TEE_ERROR_SHORT_BUFFER) 1470 goto out; 1471 1472 tl = *tagLen; 1473 tmp_dlen = *destLen - acc_dlen; 1474 if (operation->block_size > 1) { 1475 res = tee_buffer_update(operation, utee_authenc_update_payload, 1476 srcData, srcLen, dst, &tmp_dlen); 1477 if (res != TEE_SUCCESS) 1478 goto out; 1479 1480 dst += tmp_dlen; 1481 acc_dlen += tmp_dlen; 1482 1483 tmp_dlen = *destLen - acc_dlen; 1484 res = utee_authenc_enc_final(operation->state, 1485 operation->buffer, 1486 operation->buffer_offs, dst, 1487 &tmp_dlen, tag, &tl); 1488 } else { 1489 res = utee_authenc_enc_final(operation->state, srcData, 1490 srcLen, dst, &tmp_dlen, 1491 tag, &tl); 1492 } 1493 *tagLen = tl; 1494 if (res != TEE_SUCCESS) 1495 goto out; 1496 1497 acc_dlen += tmp_dlen; 1498 *destLen = acc_dlen; 1499 1500 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1501 1502 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1503 1504 out: 1505 if (res != TEE_SUCCESS && 1506 res != TEE_ERROR_SHORT_BUFFER) 1507 TEE_Panic(res); 1508 1509 return res; 1510 } 1511 1512 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1513 const void *srcData, uint32_t srcLen, 1514 void *destData, uint32_t *destLen, void *tag, 1515 uint32_t tagLen) 1516 { 1517 TEE_Result res; 1518 uint8_t *dst = destData; 1519 size_t acc_dlen = 0; 1520 uint64_t tmp_dlen; 1521 size_t req_dlen; 1522 1523 if (operation == TEE_HANDLE_NULL || 1524 (srcData == NULL && srcLen != 0) || 1525 destLen == NULL || 1526 (destData == NULL && *destLen != 0) || 1527 (tag == NULL && tagLen != 0)) { 1528 res = TEE_ERROR_BAD_PARAMETERS; 1529 goto out; 1530 } 1531 1532 if (operation->info.operationClass != TEE_OPERATION_AE) { 1533 res = TEE_ERROR_BAD_PARAMETERS; 1534 goto out; 1535 } 1536 1537 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1538 res = TEE_ERROR_BAD_PARAMETERS; 1539 goto out; 1540 } 1541 1542 /* 1543 * Check that required destLen is big enough before starting to feed 1544 * data to the algorithm. Errors during feeding of data are fatal as we 1545 * can't restore sync with this API. 1546 */ 1547 req_dlen = operation->buffer_offs + srcLen; 1548 if (*destLen < req_dlen) { 1549 *destLen = req_dlen; 1550 res = TEE_ERROR_SHORT_BUFFER; 1551 goto out; 1552 } 1553 1554 tmp_dlen = *destLen - acc_dlen; 1555 if (operation->block_size > 1) { 1556 res = tee_buffer_update(operation, utee_authenc_update_payload, 1557 srcData, srcLen, dst, &tmp_dlen); 1558 if (res != TEE_SUCCESS) 1559 goto out; 1560 1561 dst += tmp_dlen; 1562 acc_dlen += tmp_dlen; 1563 1564 tmp_dlen = *destLen - acc_dlen; 1565 res = utee_authenc_dec_final(operation->state, 1566 operation->buffer, 1567 operation->buffer_offs, dst, 1568 &tmp_dlen, tag, tagLen); 1569 } else { 1570 res = utee_authenc_dec_final(operation->state, srcData, 1571 srcLen, dst, &tmp_dlen, 1572 tag, tagLen); 1573 } 1574 if (res != TEE_SUCCESS) 1575 goto out; 1576 1577 /* Supplied tagLen should match what we initiated with */ 1578 if (tagLen != operation->ae_tag_len) 1579 res = TEE_ERROR_MAC_INVALID; 1580 1581 acc_dlen += tmp_dlen; 1582 *destLen = acc_dlen; 1583 1584 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1585 1586 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1587 1588 out: 1589 if (res != TEE_SUCCESS && 1590 res != TEE_ERROR_SHORT_BUFFER && 1591 res != TEE_ERROR_MAC_INVALID) 1592 TEE_Panic(res); 1593 1594 return res; 1595 } 1596 1597 /* Cryptographic Operations API - Asymmetric Functions */ 1598 1599 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1600 const TEE_Attribute *params, 1601 uint32_t paramCount, const void *srcData, 1602 uint32_t srcLen, void *destData, 1603 uint32_t *destLen) 1604 { 1605 TEE_Result res; 1606 struct utee_attribute ua[paramCount]; 1607 uint64_t dl; 1608 1609 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1610 destLen == NULL || (destData == NULL && *destLen != 0)) 1611 TEE_Panic(0); 1612 if (params == NULL && paramCount != 0) 1613 TEE_Panic(0); 1614 if (!operation->key1) 1615 TEE_Panic(0); 1616 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1617 TEE_Panic(0); 1618 if (operation->info.mode != TEE_MODE_ENCRYPT) 1619 TEE_Panic(0); 1620 1621 __utee_from_attr(ua, params, paramCount); 1622 dl = *destLen; 1623 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1624 srcLen, destData, &dl); 1625 *destLen = dl; 1626 1627 if (res != TEE_SUCCESS && 1628 res != TEE_ERROR_SHORT_BUFFER && 1629 res != TEE_ERROR_BAD_PARAMETERS) 1630 TEE_Panic(res); 1631 1632 return res; 1633 } 1634 1635 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1636 const TEE_Attribute *params, 1637 uint32_t paramCount, const void *srcData, 1638 uint32_t srcLen, void *destData, 1639 uint32_t *destLen) 1640 { 1641 TEE_Result res; 1642 struct utee_attribute ua[paramCount]; 1643 uint64_t dl; 1644 1645 if (operation == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1646 destLen == NULL || (destData == NULL && *destLen != 0)) 1647 TEE_Panic(0); 1648 if (params == NULL && paramCount != 0) 1649 TEE_Panic(0); 1650 if (!operation->key1) 1651 TEE_Panic(0); 1652 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1653 TEE_Panic(0); 1654 if (operation->info.mode != TEE_MODE_DECRYPT) 1655 TEE_Panic(0); 1656 1657 __utee_from_attr(ua, params, paramCount); 1658 dl = *destLen; 1659 res = utee_asymm_operate(operation->state, ua, paramCount, srcData, 1660 srcLen, destData, &dl); 1661 *destLen = dl; 1662 1663 if (res != TEE_SUCCESS && 1664 res != TEE_ERROR_SHORT_BUFFER && 1665 res != TEE_ERROR_BAD_PARAMETERS) 1666 TEE_Panic(res); 1667 1668 return res; 1669 } 1670 1671 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1672 const TEE_Attribute *params, 1673 uint32_t paramCount, const void *digest, 1674 uint32_t digestLen, void *signature, 1675 uint32_t *signatureLen) 1676 { 1677 TEE_Result res; 1678 struct utee_attribute ua[paramCount]; 1679 uint64_t sl; 1680 1681 if (operation == TEE_HANDLE_NULL || 1682 (digest == NULL && digestLen != 0) || 1683 signature == NULL || signatureLen == NULL) 1684 TEE_Panic(0); 1685 if (params == NULL && paramCount != 0) 1686 TEE_Panic(0); 1687 if (!operation->key1) 1688 TEE_Panic(0); 1689 if (operation->info.operationClass != 1690 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1691 TEE_Panic(0); 1692 if (operation->info.mode != TEE_MODE_SIGN) 1693 TEE_Panic(0); 1694 1695 __utee_from_attr(ua, params, paramCount); 1696 sl = *signatureLen; 1697 res = utee_asymm_operate(operation->state, ua, paramCount, digest, 1698 digestLen, signature, &sl); 1699 *signatureLen = sl; 1700 1701 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1702 TEE_Panic(res); 1703 1704 return res; 1705 } 1706 1707 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1708 const TEE_Attribute *params, 1709 uint32_t paramCount, const void *digest, 1710 uint32_t digestLen, 1711 const void *signature, 1712 uint32_t signatureLen) 1713 { 1714 TEE_Result res; 1715 struct utee_attribute ua[paramCount]; 1716 1717 if (operation == TEE_HANDLE_NULL || 1718 (digest == NULL && digestLen != 0) || 1719 (signature == NULL && signatureLen != 0)) 1720 TEE_Panic(0); 1721 if (params == NULL && paramCount != 0) 1722 TEE_Panic(0); 1723 if (!operation->key1) 1724 TEE_Panic(0); 1725 if (operation->info.operationClass != 1726 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1727 TEE_Panic(0); 1728 if (operation->info.mode != TEE_MODE_VERIFY) 1729 TEE_Panic(0); 1730 1731 __utee_from_attr(ua, params, paramCount); 1732 res = utee_asymm_verify(operation->state, ua, paramCount, digest, 1733 digestLen, signature, signatureLen); 1734 1735 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1736 TEE_Panic(res); 1737 1738 return res; 1739 } 1740 1741 /* Cryptographic Operations API - Key Derivation Functions */ 1742 1743 void TEE_DeriveKey(TEE_OperationHandle operation, 1744 const TEE_Attribute *params, uint32_t paramCount, 1745 TEE_ObjectHandle derivedKey) 1746 { 1747 TEE_Result res; 1748 TEE_ObjectInfo key_info; 1749 struct utee_attribute ua[paramCount]; 1750 1751 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1752 TEE_Panic(0); 1753 if (params == NULL && paramCount != 0) 1754 TEE_Panic(0); 1755 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1756 TEE_OPERATION_KEY_DERIVATION) 1757 TEE_Panic(0); 1758 1759 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1760 TEE_Panic(0); 1761 if (!operation->key1) 1762 TEE_Panic(0); 1763 if (operation->info.mode != TEE_MODE_DERIVE) 1764 TEE_Panic(0); 1765 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1766 TEE_Panic(0); 1767 1768 res = utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1769 if (res != TEE_SUCCESS) 1770 TEE_Panic(res); 1771 1772 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1773 TEE_Panic(0); 1774 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1775 TEE_Panic(0); 1776 1777 __utee_from_attr(ua, params, paramCount); 1778 res = utee_cryp_derive_key(operation->state, ua, paramCount, 1779 (unsigned long)derivedKey); 1780 if (res != TEE_SUCCESS) 1781 TEE_Panic(res); 1782 } 1783 1784 /* Cryptographic Operations API - Random Number Generation Functions */ 1785 1786 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1787 { 1788 TEE_Result res; 1789 1790 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1791 if (res != TEE_SUCCESS) 1792 TEE_Panic(res); 1793 } 1794 1795 int rand(void) 1796 { 1797 int rc; 1798 1799 TEE_GenerateRandom(&rc, sizeof(rc)); 1800 1801 /* 1802 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1803 * highest bit set. 1804 */ 1805 return rc & RAND_MAX; 1806 } 1807