1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <assert.h> 7 #include <config.h> 8 #include <stdlib.h> 9 #include <string.h> 10 #include <string_ext.h> 11 #include <tee_api.h> 12 #include <tee_api_defines_extensions.h> 13 #include <tee_internal_api_extensions.h> 14 #include <utee_syscalls.h> 15 #include <utee_defines.h> 16 #include <util.h> 17 #include "tee_api_private.h" 18 19 struct __TEE_OperationHandle { 20 TEE_OperationInfo info; 21 TEE_ObjectHandle key1; 22 TEE_ObjectHandle key2; 23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 24 25 /* 26 * buffer to collect complete blocks or to keep a complete digest 27 * for TEE_DigestExtract(). 28 */ 29 uint8_t *buffer; 30 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 31 size_t block_size; /* Block size of cipher */ 32 size_t buffer_offs; /* Offset in buffer */ 33 uint32_t state; /* Handle to state in TEE Core */ 34 }; 35 36 /* Cryptographic Operations API - Generic Operation Functions */ 37 38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 39 uint32_t algorithm, uint32_t mode, 40 uint32_t maxKeySize) 41 { 42 TEE_Result res; 43 TEE_OperationHandle op = TEE_HANDLE_NULL; 44 uint32_t handle_state = 0; 45 size_t block_size = 1; 46 uint32_t req_key_usage; 47 bool with_private_key = false; 48 bool buffer_two_blocks = false; 49 50 if (!operation) 51 TEE_Panic(0); 52 53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 54 algorithm == TEE_ALG_SM4_XTS) 55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 56 57 /* Check algorithm max key size */ 58 switch (algorithm) { 59 case TEE_ALG_DSA_SHA1: 60 if (maxKeySize < 512) 61 return TEE_ERROR_NOT_SUPPORTED; 62 if (maxKeySize > 1024) 63 return TEE_ERROR_NOT_SUPPORTED; 64 if (maxKeySize % 64 != 0) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA224: 69 if (maxKeySize != 2048) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_DSA_SHA256: 74 if (maxKeySize != 2048 && maxKeySize != 3072) 75 return TEE_ERROR_NOT_SUPPORTED; 76 break; 77 78 case TEE_ALG_ECDSA_SHA1: 79 case __OPTEE_ALG_ECDSA_P192: 80 case __OPTEE_ALG_ECDH_P192: 81 if (maxKeySize != 192) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_SHA224: 86 case __OPTEE_ALG_ECDSA_P224: 87 case __OPTEE_ALG_ECDH_P224: 88 if (maxKeySize != 224) 89 return TEE_ERROR_NOT_SUPPORTED; 90 break; 91 92 case TEE_ALG_ECDSA_SHA256: 93 case __OPTEE_ALG_ECDSA_P256: 94 case __OPTEE_ALG_ECDH_P256: 95 case TEE_ALG_SM2_PKE: 96 case TEE_ALG_SM2_DSA_SM3: 97 if (maxKeySize != 256) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_SM2_KEP: 102 /* Two 256-bit keys */ 103 if (maxKeySize != 512) 104 return TEE_ERROR_NOT_SUPPORTED; 105 break; 106 107 case TEE_ALG_ECDSA_SHA384: 108 case __OPTEE_ALG_ECDSA_P384: 109 case __OPTEE_ALG_ECDH_P384: 110 if (maxKeySize != 384) 111 return TEE_ERROR_NOT_SUPPORTED; 112 break; 113 114 case TEE_ALG_ECDSA_SHA512: 115 case __OPTEE_ALG_ECDSA_P521: 116 case __OPTEE_ALG_ECDH_P521: 117 if (maxKeySize != 521) 118 return TEE_ERROR_NOT_SUPPORTED; 119 break; 120 121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 122 if (maxKeySize > 521) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 126 case TEE_ALG_ED25519: 127 case TEE_ALG_X25519: 128 if (maxKeySize != 256) 129 return TEE_ERROR_NOT_SUPPORTED; 130 break; 131 default: 132 break; 133 } 134 135 /* Check algorithm mode */ 136 switch (algorithm) { 137 case TEE_ALG_AES_CTS: 138 case TEE_ALG_AES_XTS: 139 case TEE_ALG_SM4_XTS: 140 buffer_two_blocks = true; 141 fallthrough; 142 case TEE_ALG_AES_ECB_NOPAD: 143 case TEE_ALG_AES_CBC_NOPAD: 144 case TEE_ALG_AES_CCM: 145 case TEE_ALG_DES_ECB_NOPAD: 146 case TEE_ALG_DES_CBC_NOPAD: 147 case TEE_ALG_DES3_ECB_NOPAD: 148 case TEE_ALG_DES3_CBC_NOPAD: 149 case TEE_ALG_SM4_ECB_NOPAD: 150 case TEE_ALG_SM4_CBC_NOPAD: 151 case TEE_ALG_SM4_CTR: 152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 153 block_size = TEE_AES_BLOCK_SIZE; 154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 155 block_size = TEE_SM4_BLOCK_SIZE; 156 else 157 block_size = TEE_DES_BLOCK_SIZE; 158 fallthrough; 159 case TEE_ALG_AES_CTR: 160 case TEE_ALG_AES_GCM: 161 if (mode == TEE_MODE_ENCRYPT) 162 req_key_usage = TEE_USAGE_ENCRYPT; 163 else if (mode == TEE_MODE_DECRYPT) 164 req_key_usage = TEE_USAGE_DECRYPT; 165 else 166 return TEE_ERROR_NOT_SUPPORTED; 167 break; 168 169 #if defined(CFG_CRYPTO_RSASSA_NA1) 170 case TEE_ALG_RSASSA_PKCS1_V1_5: 171 #endif 172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5: 179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 183 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 184 case TEE_ALG_DSA_SHA1: 185 case TEE_ALG_DSA_SHA224: 186 case TEE_ALG_DSA_SHA256: 187 case TEE_ALG_ECDSA_SHA1: 188 case TEE_ALG_ECDSA_SHA224: 189 case TEE_ALG_ECDSA_SHA256: 190 case TEE_ALG_ECDSA_SHA384: 191 case TEE_ALG_ECDSA_SHA512: 192 case __OPTEE_ALG_ECDSA_P192: 193 case __OPTEE_ALG_ECDSA_P224: 194 case __OPTEE_ALG_ECDSA_P256: 195 case __OPTEE_ALG_ECDSA_P384: 196 case __OPTEE_ALG_ECDSA_P521: 197 case TEE_ALG_SM2_DSA_SM3: 198 case TEE_ALG_ED25519: 199 if (mode == TEE_MODE_SIGN) { 200 with_private_key = true; 201 req_key_usage = TEE_USAGE_SIGN; 202 } else if (mode == TEE_MODE_VERIFY) { 203 req_key_usage = TEE_USAGE_VERIFY; 204 } else { 205 return TEE_ERROR_NOT_SUPPORTED; 206 } 207 break; 208 209 case TEE_ALG_RSAES_PKCS1_V1_5: 210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5: 211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 214 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 215 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 216 case TEE_ALG_SM2_PKE: 217 if (mode == TEE_MODE_ENCRYPT) { 218 req_key_usage = TEE_USAGE_ENCRYPT; 219 } else if (mode == TEE_MODE_DECRYPT) { 220 with_private_key = true; 221 req_key_usage = TEE_USAGE_DECRYPT; 222 } else { 223 return TEE_ERROR_NOT_SUPPORTED; 224 } 225 break; 226 227 case TEE_ALG_RSA_NOPAD: 228 if (mode == TEE_MODE_ENCRYPT) { 229 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 230 } else if (mode == TEE_MODE_DECRYPT) { 231 with_private_key = true; 232 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 233 } else { 234 return TEE_ERROR_NOT_SUPPORTED; 235 } 236 break; 237 238 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 239 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 240 case __OPTEE_ALG_ECDH_P192: 241 case __OPTEE_ALG_ECDH_P224: 242 case __OPTEE_ALG_ECDH_P256: 243 case __OPTEE_ALG_ECDH_P384: 244 case __OPTEE_ALG_ECDH_P521: 245 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 246 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 247 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 248 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 249 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 250 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 251 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 252 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 253 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 254 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 255 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 256 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 257 case TEE_ALG_SM2_KEP: 258 case TEE_ALG_X25519: 259 if (mode != TEE_MODE_DERIVE) 260 return TEE_ERROR_NOT_SUPPORTED; 261 with_private_key = true; 262 req_key_usage = TEE_USAGE_DERIVE; 263 break; 264 265 case TEE_ALG_MD5: 266 case TEE_ALG_SHA1: 267 case TEE_ALG_SHA224: 268 case TEE_ALG_SHA256: 269 case TEE_ALG_SHA384: 270 case TEE_ALG_SHA512: 271 case TEE_ALG_SHA3_224: 272 case TEE_ALG_SHA3_256: 273 case TEE_ALG_SHA3_384: 274 case TEE_ALG_SHA3_512: 275 case TEE_ALG_SHAKE128: 276 case TEE_ALG_SHAKE256: 277 case TEE_ALG_SM3: 278 if (mode != TEE_MODE_DIGEST) 279 return TEE_ERROR_NOT_SUPPORTED; 280 /* v1.1: flags always set for digest operations */ 281 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 282 req_key_usage = 0; 283 break; 284 285 case TEE_ALG_DES_CBC_MAC_NOPAD: 286 case TEE_ALG_AES_CBC_MAC_NOPAD: 287 case TEE_ALG_AES_CBC_MAC_PKCS5: 288 case TEE_ALG_AES_CMAC: 289 case TEE_ALG_DES_CBC_MAC_PKCS5: 290 case TEE_ALG_DES3_CBC_MAC_NOPAD: 291 case TEE_ALG_DES3_CBC_MAC_PKCS5: 292 case TEE_ALG_DES3_CMAC: 293 case TEE_ALG_HMAC_MD5: 294 case TEE_ALG_HMAC_SHA1: 295 case TEE_ALG_HMAC_SHA224: 296 case TEE_ALG_HMAC_SHA256: 297 case TEE_ALG_HMAC_SHA384: 298 case TEE_ALG_HMAC_SHA512: 299 case TEE_ALG_HMAC_SHA3_224: 300 case TEE_ALG_HMAC_SHA3_256: 301 case TEE_ALG_HMAC_SHA3_384: 302 case TEE_ALG_HMAC_SHA3_512: 303 case TEE_ALG_HMAC_SM3: 304 if (mode != TEE_MODE_MAC) 305 return TEE_ERROR_NOT_SUPPORTED; 306 req_key_usage = TEE_USAGE_MAC; 307 break; 308 309 default: 310 return TEE_ERROR_NOT_SUPPORTED; 311 } 312 313 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 314 if (!op) 315 return TEE_ERROR_OUT_OF_MEMORY; 316 317 op->info.algorithm = algorithm; 318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 319 #ifdef CFG_CRYPTO_RSASSA_NA1 320 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 322 #endif 323 op->info.mode = mode; 324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 325 op->info.maxKeySize = maxKeySize; 326 op->info.requiredKeyUsage = req_key_usage; 327 op->info.handleState = handle_state; 328 329 /* 330 * Needed to buffer the digest if TEE_DigestExtract() doesn't 331 * retrieve the entire digest in one go. 332 */ 333 if (op->info.operationClass == TEE_OPERATION_DIGEST) 334 block_size = op->info.digestLength; 335 336 if (block_size > 1) { 337 size_t buffer_size = block_size; 338 339 if (buffer_two_blocks) 340 buffer_size *= 2; 341 342 op->buffer = TEE_Malloc(buffer_size, 343 TEE_USER_MEM_HINT_NO_FILL_ZERO); 344 if (op->buffer == NULL) { 345 res = TEE_ERROR_OUT_OF_MEMORY; 346 goto out; 347 } 348 } 349 op->block_size = block_size; 350 op->buffer_two_blocks = buffer_two_blocks; 351 352 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 353 uint32_t mks = maxKeySize; 354 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 355 with_private_key); 356 357 /* 358 * If two keys are expected the max key size is the sum of 359 * the size of both keys. 360 */ 361 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 362 mks /= 2; 363 364 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 365 if (res != TEE_SUCCESS) 366 goto out; 367 368 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 369 res = TEE_AllocateTransientObject(key_type, mks, 370 &op->key2); 371 if (res != TEE_SUCCESS) 372 goto out; 373 } 374 } 375 376 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 377 (unsigned long)op->key2, &op->state); 378 if (res != TEE_SUCCESS) 379 goto out; 380 381 /* 382 * Initialize digest operations 383 * Other multi-stage operations initialized w/ TEE_xxxInit functions 384 * Non-applicable on asymmetric operations 385 */ 386 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 387 res = _utee_hash_init(op->state, NULL, 0); 388 if (res != TEE_SUCCESS) 389 goto out; 390 /* v1.1: flags always set for digest operations */ 391 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 392 } 393 394 op->operationState = TEE_OPERATION_STATE_INITIAL; 395 396 *operation = op; 397 398 out: 399 if (res != TEE_SUCCESS) { 400 if (res != TEE_ERROR_OUT_OF_MEMORY && 401 res != TEE_ERROR_NOT_SUPPORTED) 402 TEE_Panic(res); 403 if (op) { 404 if (op->state) { 405 TEE_FreeOperation(op); 406 } else { 407 TEE_Free(op->buffer); 408 TEE_FreeTransientObject(op->key1); 409 TEE_FreeTransientObject(op->key2); 410 TEE_Free(op); 411 } 412 } 413 } 414 415 return res; 416 } 417 418 void TEE_FreeOperation(TEE_OperationHandle operation) 419 { 420 TEE_Result res; 421 422 if (operation == TEE_HANDLE_NULL) 423 return; 424 425 /* 426 * Note that keys should not be freed here, since they are 427 * claimed by the operation they will be freed by 428 * utee_cryp_state_free(). 429 */ 430 res = _utee_cryp_state_free(operation->state); 431 if (res != TEE_SUCCESS) 432 TEE_Panic(res); 433 434 TEE_Free(operation->buffer); 435 TEE_Free(operation); 436 } 437 438 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation) 439 { 440 if (operation == TEE_HANDLE_NULL) 441 TEE_Panic(0); 442 TEE_FreeOperation(operation); 443 } 444 445 void TEE_GetOperationInfo(TEE_OperationHandle operation, 446 TEE_OperationInfo *operationInfo) 447 { 448 if (operation == TEE_HANDLE_NULL) 449 TEE_Panic(0); 450 451 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 452 453 *operationInfo = operation->info; 454 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 455 operationInfo->keySize = 0; 456 operationInfo->requiredKeyUsage = 0; 457 } 458 } 459 460 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 461 TEE_OperationInfoMultiple *op_info, 462 size_t *size) 463 { 464 TEE_Result res = TEE_SUCCESS; 465 TEE_ObjectInfo kinfo = { }; 466 size_t max_key_count = 0; 467 bool two_keys = false; 468 469 if (op == TEE_HANDLE_NULL) { 470 res = TEE_ERROR_BAD_PARAMETERS; 471 goto out; 472 } 473 474 __utee_check_outbuf_annotation(op_info, size); 475 476 if (*size < sizeof(*op_info)) { 477 res = TEE_ERROR_BAD_PARAMETERS; 478 goto out; 479 } 480 max_key_count = (*size - sizeof(*op_info)) / 481 sizeof(TEE_OperationInfoKey); 482 483 TEE_MemFill(op_info, 0, *size); 484 485 /* Two keys flag (TEE_ALG_AES_XTS only) */ 486 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 487 488 if (op->info.mode == TEE_MODE_DIGEST) { 489 op_info->numberOfKeys = 0; 490 } else if (!two_keys) { 491 if (max_key_count < 1) { 492 res = TEE_ERROR_SHORT_BUFFER; 493 goto out; 494 } 495 496 res = TEE_GetObjectInfo1(op->key1, &kinfo); 497 /* Key1 is not a valid handle, "can't happen". */ 498 if (res) 499 goto out; 500 501 op_info->keyInformation[0].keySize = kinfo.objectSize; 502 op_info->keyInformation[0].requiredKeyUsage = 503 op->info.requiredKeyUsage; 504 op_info->numberOfKeys = 1; 505 } else { 506 if (max_key_count < 2) { 507 res = TEE_ERROR_SHORT_BUFFER; 508 goto out; 509 } 510 511 res = TEE_GetObjectInfo1(op->key1, &kinfo); 512 /* Key1 is not a valid handle, "can't happen". */ 513 if (res) 514 goto out; 515 516 op_info->keyInformation[0].keySize = kinfo.objectSize; 517 op_info->keyInformation[0].requiredKeyUsage = 518 op->info.requiredKeyUsage; 519 520 res = TEE_GetObjectInfo1(op->key2, &kinfo); 521 /* Key2 is not a valid handle, "can't happen". */ 522 if (res) 523 goto out; 524 525 op_info->keyInformation[1].keySize = kinfo.objectSize; 526 op_info->keyInformation[1].requiredKeyUsage = 527 op->info.requiredKeyUsage; 528 529 op_info->numberOfKeys = 2; 530 } 531 532 op_info->algorithm = op->info.algorithm; 533 op_info->operationClass = op->info.operationClass; 534 op_info->mode = op->info.mode; 535 op_info->digestLength = op->info.digestLength; 536 op_info->maxKeySize = op->info.maxKeySize; 537 op_info->handleState = op->info.handleState; 538 op_info->operationState = op->operationState; 539 540 out: 541 if (res != TEE_SUCCESS && 542 res != TEE_ERROR_SHORT_BUFFER) 543 TEE_Panic(res); 544 545 return res; 546 } 547 548 TEE_Result 549 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 550 TEE_OperationInfoMultiple *info, 551 uint32_t *operationSize) 552 { 553 TEE_Result res = TEE_SUCCESS; 554 size_t s = 0; 555 556 __utee_check_gp11_outbuf_annotation(info, operationSize); 557 s = *operationSize; 558 res = TEE_GetOperationInfoMultiple(operation, info, &s); 559 *operationSize = s; 560 return res; 561 } 562 563 static void reset_operation_state(TEE_OperationHandle op) 564 { 565 op->operationState = TEE_OPERATION_STATE_INITIAL; 566 567 if (op->info.operationClass == TEE_OPERATION_DIGEST) { 568 TEE_Result res = _utee_hash_init(op->state, NULL, 0); 569 570 if (res != TEE_SUCCESS) 571 TEE_Panic(res); 572 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 573 } else { 574 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 575 } 576 } 577 578 void TEE_ResetOperation(TEE_OperationHandle operation) 579 { 580 if (operation == TEE_HANDLE_NULL) 581 TEE_Panic(0); 582 583 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 584 TEE_Panic(0); 585 586 reset_operation_state(operation); 587 } 588 589 static TEE_Result set_operation_key(TEE_OperationHandle operation, 590 TEE_ObjectHandle key) 591 { 592 TEE_Result res; 593 uint32_t key_size = 0; 594 TEE_ObjectInfo key_info; 595 596 assert(operation); 597 598 if (key == TEE_HANDLE_NULL) { 599 /* Operation key cleared */ 600 TEE_ResetTransientObject(operation->key1); 601 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 602 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 603 reset_operation_state(operation); 604 return TEE_SUCCESS; 605 } 606 607 /* No key for digest operation */ 608 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 609 res = TEE_ERROR_BAD_PARAMETERS; 610 goto out; 611 } 612 613 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 614 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 615 0) { 616 res = TEE_ERROR_BAD_PARAMETERS; 617 goto out; 618 } 619 620 res = TEE_GetObjectInfo1(key, &key_info); 621 /* Key is not a valid handle */ 622 if (res != TEE_SUCCESS) 623 goto out; 624 625 /* Supplied key has to meet required usage */ 626 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 627 operation->info.requiredKeyUsage) { 628 res = TEE_ERROR_BAD_PARAMETERS; 629 goto out; 630 } 631 632 if (operation->info.maxKeySize < key_info.objectSize) { 633 res = TEE_ERROR_BAD_PARAMETERS; 634 goto out; 635 } 636 637 key_size = key_info.objectSize; 638 639 TEE_ResetTransientObject(operation->key1); 640 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 641 642 res = TEE_CopyObjectAttributes1(operation->key1, key); 643 if (res != TEE_SUCCESS) 644 goto out; 645 646 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 647 648 operation->info.keySize = key_size; 649 650 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 651 reset_operation_state(operation); 652 653 out: 654 if (res != TEE_SUCCESS && 655 res != TEE_ERROR_CORRUPT_OBJECT && 656 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 657 TEE_Panic(res); 658 659 return res; 660 } 661 662 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 663 TEE_ObjectHandle key) 664 { 665 if (operation == TEE_HANDLE_NULL || 666 operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) 667 TEE_Panic(0); 668 669 return set_operation_key(operation, key); 670 } 671 672 TEE_Result __GP11_TEE_SetOperationKey(TEE_OperationHandle operation, 673 TEE_ObjectHandle key) 674 { 675 if (operation == TEE_HANDLE_NULL || 676 operation->operationState != TEE_OPERATION_STATE_INITIAL) 677 TEE_Panic(0); 678 679 return set_operation_key(operation, key); 680 } 681 682 static TEE_Result set_operation_key2(TEE_OperationHandle operation, 683 TEE_ObjectHandle key1, 684 TEE_ObjectHandle key2) 685 { 686 TEE_Result res; 687 uint32_t key_size = 0; 688 TEE_ObjectInfo key_info1; 689 TEE_ObjectInfo key_info2; 690 691 if (operation == TEE_HANDLE_NULL) { 692 res = TEE_ERROR_BAD_PARAMETERS; 693 goto out; 694 } 695 696 /* 697 * Key1/Key2 and/or are not initialized and 698 * Either both keys are NULL or both are not NULL 699 */ 700 if (!key1 && !key2) { 701 /* Clear the keys */ 702 TEE_ResetTransientObject(operation->key1); 703 TEE_ResetTransientObject(operation->key2); 704 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 705 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 706 reset_operation_state(operation); 707 return TEE_SUCCESS; 708 } else if (!key1 || !key2) { 709 /* Both keys are obviously not valid. */ 710 res = TEE_ERROR_BAD_PARAMETERS; 711 goto out; 712 } 713 714 /* No key for digest operation */ 715 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 716 res = TEE_ERROR_BAD_PARAMETERS; 717 goto out; 718 } 719 720 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 721 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 722 0) { 723 res = TEE_ERROR_BAD_PARAMETERS; 724 goto out; 725 } 726 727 res = TEE_GetObjectInfo1(key1, &key_info1); 728 /* Key1 is not a valid handle */ 729 if (res != TEE_SUCCESS) 730 goto out; 731 732 /* Supplied key has to meet required usage */ 733 if ((key_info1.objectUsage & operation->info. 734 requiredKeyUsage) != operation->info.requiredKeyUsage) { 735 res = TEE_ERROR_BAD_PARAMETERS; 736 goto out; 737 } 738 739 res = TEE_GetObjectInfo1(key2, &key_info2); 740 /* Key2 is not a valid handle */ 741 if (res != TEE_SUCCESS) { 742 if (res == TEE_ERROR_CORRUPT_OBJECT) 743 res = TEE_ERROR_CORRUPT_OBJECT_2; 744 goto out; 745 } 746 747 /* Supplied key has to meet required usage */ 748 if ((key_info2.objectUsage & operation->info. 749 requiredKeyUsage) != operation->info.requiredKeyUsage) { 750 res = TEE_ERROR_BAD_PARAMETERS; 751 goto out; 752 } 753 754 /* 755 * All the multi key algorithm currently supported requires the keys to 756 * be of equal size. 757 */ 758 if (key_info1.objectSize != key_info2.objectSize) { 759 res = TEE_ERROR_BAD_PARAMETERS; 760 goto out; 761 762 } 763 764 if (operation->info.maxKeySize < key_info1.objectSize) { 765 res = TEE_ERROR_BAD_PARAMETERS; 766 goto out; 767 } 768 769 /* 770 * Odd that only the size of one key should be reported while 771 * size of two key are used when allocating the operation. 772 */ 773 key_size = key_info1.objectSize; 774 775 TEE_ResetTransientObject(operation->key1); 776 TEE_ResetTransientObject(operation->key2); 777 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 778 779 res = TEE_CopyObjectAttributes1(operation->key1, key1); 780 if (res != TEE_SUCCESS) 781 goto out; 782 res = TEE_CopyObjectAttributes1(operation->key2, key2); 783 if (res != TEE_SUCCESS) { 784 if (res == TEE_ERROR_CORRUPT_OBJECT) 785 res = TEE_ERROR_CORRUPT_OBJECT_2; 786 goto out; 787 } 788 789 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 790 791 operation->info.keySize = key_size; 792 793 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 794 reset_operation_state(operation); 795 out: 796 if (res != TEE_SUCCESS && 797 res != TEE_ERROR_CORRUPT_OBJECT && 798 res != TEE_ERROR_CORRUPT_OBJECT_2 && 799 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 800 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 801 TEE_Panic(res); 802 803 return res; 804 } 805 806 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 807 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 808 { 809 if (operation != TEE_HANDLE_NULL && key1 && key1 == key2) 810 return TEE_ERROR_SECURITY; 811 812 return set_operation_key2(operation, key1, key2); 813 } 814 815 TEE_Result __GP11_TEE_SetOperationKey2(TEE_OperationHandle operation, 816 TEE_ObjectHandle key1, 817 TEE_ObjectHandle key2) 818 { 819 if (operation == TEE_HANDLE_NULL || 820 operation->operationState != TEE_OPERATION_STATE_INITIAL) 821 TEE_Panic(0); 822 823 return set_operation_key2(operation, key1, key2); 824 } 825 826 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 827 { 828 TEE_Result res; 829 830 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 831 TEE_Panic(0); 832 if (dst_op->info.algorithm != src_op->info.algorithm) 833 TEE_Panic(0); 834 if (dst_op->info.mode != src_op->info.mode) 835 TEE_Panic(0); 836 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 837 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 838 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 839 840 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 841 key1 = src_op->key1; 842 key2 = src_op->key2; 843 } 844 845 if ((src_op->info.handleState & 846 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 847 /* 848 * TEE_SetOperationKey() cannot operate on an operation 849 * that has TEE_HANDLE_FLAG_INITIALIZED. Use the 850 * internal function. 851 */ 852 set_operation_key(dst_op, key1); 853 } else { 854 TEE_SetOperationKey2(dst_op, key1, key2); 855 } 856 } 857 dst_op->info.handleState = src_op->info.handleState; 858 dst_op->info.keySize = src_op->info.keySize; 859 dst_op->info.digestLength = src_op->info.digestLength; 860 dst_op->operationState = src_op->operationState; 861 862 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 863 dst_op->block_size != src_op->block_size) 864 TEE_Panic(0); 865 866 if (dst_op->buffer != NULL) { 867 size_t sz = src_op->block_size; 868 869 if (src_op->buffer == NULL) 870 TEE_Panic(0); 871 872 if (src_op->buffer_two_blocks) 873 sz *= 2; 874 memcpy(dst_op->buffer, src_op->buffer, sz); 875 dst_op->buffer_offs = src_op->buffer_offs; 876 } else if (src_op->buffer != NULL) { 877 TEE_Panic(0); 878 } 879 880 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 881 if (res != TEE_SUCCESS) 882 TEE_Panic(res); 883 } 884 885 /* Cryptographic Operations API - Message Digest Functions */ 886 887 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 888 uint32_t IVLen) 889 { 890 TEE_Result res; 891 892 /* 893 * Note : IV and IVLen are never used in current implementation 894 * This is why coherent values of IV and IVLen are not checked 895 */ 896 res = _utee_hash_init(operation->state, IV, IVLen); 897 if (res != TEE_SUCCESS) 898 TEE_Panic(res); 899 operation->buffer_offs = 0; 900 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 901 } 902 903 void TEE_DigestUpdate(TEE_OperationHandle operation, 904 const void *chunk, size_t chunkSize) 905 { 906 TEE_Result res = TEE_ERROR_GENERIC; 907 908 if (operation == TEE_HANDLE_NULL || 909 operation->info.operationClass != TEE_OPERATION_DIGEST) 910 TEE_Panic(0); 911 912 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 913 914 res = _utee_hash_update(operation->state, chunk, chunkSize); 915 if (res != TEE_SUCCESS) 916 TEE_Panic(res); 917 } 918 919 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation, 920 const void *chunk, uint32_t chunkSize) 921 { 922 return TEE_DigestUpdate(operation, chunk, chunkSize); 923 } 924 925 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 926 size_t chunkLen, void *hash, size_t *hashLen) 927 { 928 TEE_Result res = TEE_SUCCESS; 929 uint64_t hl = 0; 930 size_t len = 0; 931 932 if ((operation == TEE_HANDLE_NULL) || 933 (!chunk && chunkLen) || 934 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 935 res = TEE_ERROR_BAD_PARAMETERS; 936 goto out; 937 } 938 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 939 chunkLen) { 940 res = TEE_ERROR_BAD_PARAMETERS; 941 goto out; 942 } 943 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 944 945 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 946 operation->buffer) { 947 /* 948 * This is not an Extendable-Output Function and we have 949 * already started extracting 950 */ 951 len = MIN(operation->block_size - operation->buffer_offs, 952 *hashLen); 953 memcpy(hash, operation->buffer + operation->buffer_offs, len); 954 *hashLen = len; 955 } else { 956 hl = *hashLen; 957 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, 958 &hl); 959 *hashLen = hl; 960 if (res) 961 goto out; 962 } 963 964 /* Reset operation state */ 965 init_hash_operation(operation, NULL, 0); 966 967 operation->operationState = TEE_OPERATION_STATE_INITIAL; 968 969 out: 970 if (res != TEE_SUCCESS && 971 res != TEE_ERROR_SHORT_BUFFER) 972 TEE_Panic(res); 973 974 return res; 975 } 976 977 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation, 978 const void *chunk, uint32_t chunkLen, 979 void *hash, uint32_t *hashLen) 980 { 981 TEE_Result res = TEE_SUCCESS; 982 size_t l = 0; 983 984 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 985 l = *hashLen; 986 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l); 987 *hashLen = l; 988 return res; 989 } 990 991 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash, 992 size_t *hashLen) 993 { 994 TEE_Result res = TEE_SUCCESS; 995 uint64_t hl = 0; 996 size_t len = 0; 997 998 if (operation == TEE_HANDLE_NULL || 999 operation->info.operationClass != TEE_OPERATION_DIGEST) 1000 TEE_Panic(0); 1001 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 1002 1003 if (!operation->buffer) { 1004 /* This is an Extendable-Output Function */ 1005 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 1006 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 1007 hl = *hashLen; 1008 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl); 1009 if (res) 1010 TEE_Panic(0); 1011 *hashLen = hl; 1012 1013 return TEE_SUCCESS; 1014 } 1015 1016 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) { 1017 hl = operation->block_size; 1018 res = _utee_hash_final(operation->state, NULL, 0, 1019 operation->buffer, &hl); 1020 if (res) 1021 TEE_Panic(0); 1022 if (hl != operation->block_size) 1023 TEE_Panic(0); 1024 assert(!operation->buffer_offs); 1025 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 1026 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 1027 } 1028 1029 len = MIN(operation->block_size - operation->buffer_offs, *hashLen); 1030 memcpy(hash, operation->buffer + operation->buffer_offs, len); 1031 *hashLen = len; 1032 operation->buffer_offs += len; 1033 1034 return TEE_SUCCESS; 1035 } 1036 1037 /* Cryptographic Operations API - Symmetric Cipher Functions */ 1038 1039 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1040 size_t IVLen) 1041 { 1042 TEE_Result res; 1043 1044 if (operation == TEE_HANDLE_NULL) 1045 TEE_Panic(0); 1046 1047 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 1048 TEE_Panic(0); 1049 1050 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1051 !(operation->key1)) 1052 TEE_Panic(0); 1053 1054 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1055 TEE_ResetOperation(operation); 1056 1057 if (IV && IVLen) { 1058 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1059 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1060 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1061 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 1062 TEE_Panic(0); 1063 } 1064 1065 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1066 1067 res = _utee_cipher_init(operation->state, IV, IVLen); 1068 if (res != TEE_SUCCESS) 1069 TEE_Panic(res); 1070 1071 operation->buffer_offs = 0; 1072 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1073 } 1074 1075 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1076 uint32_t IVLen) 1077 { 1078 return TEE_CipherInit(operation, IV, IVLen); 1079 } 1080 1081 static TEE_Result tee_buffer_update( 1082 TEE_OperationHandle op, 1083 TEE_Result(*update_func)(unsigned long state, const void *src, 1084 size_t slen, void *dst, uint64_t *dlen), 1085 const void *src_data, size_t src_len, 1086 void *dest_data, uint64_t *dest_len) 1087 { 1088 TEE_Result res; 1089 const uint8_t *src = src_data; 1090 size_t slen = src_len; 1091 uint8_t *dst = dest_data; 1092 size_t dlen = *dest_len; 1093 size_t acc_dlen = 0; 1094 uint64_t tmp_dlen; 1095 size_t l; 1096 size_t buffer_size; 1097 size_t buffer_left; 1098 1099 if (!src) { 1100 if (slen) 1101 TEE_Panic(0); 1102 goto out; 1103 } 1104 1105 if (op->buffer_two_blocks) { 1106 buffer_size = op->block_size * 2; 1107 buffer_left = 1; 1108 } else { 1109 buffer_size = op->block_size; 1110 buffer_left = 0; 1111 } 1112 1113 if (op->buffer_offs > 0) { 1114 /* Fill up complete block */ 1115 if (op->buffer_offs < op->block_size) 1116 l = MIN(slen, op->block_size - op->buffer_offs); 1117 else 1118 l = MIN(slen, buffer_size - op->buffer_offs); 1119 memcpy(op->buffer + op->buffer_offs, src, l); 1120 op->buffer_offs += l; 1121 src += l; 1122 slen -= l; 1123 if ((op->buffer_offs % op->block_size) != 0) 1124 goto out; /* Nothing left to do */ 1125 } 1126 1127 /* If we can feed from buffer */ 1128 if ((op->buffer_offs > 0) && 1129 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 1130 l = ROUNDUP2(op->buffer_offs + slen - buffer_size, 1131 op->block_size); 1132 l = MIN(op->buffer_offs, l); 1133 /* 1134 * If we're buffering only a single block, process it 1135 * immediately. 1136 */ 1137 if (!op->buffer_two_blocks) 1138 l = op->block_size; 1139 tmp_dlen = dlen; 1140 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 1141 if (res != TEE_SUCCESS) 1142 TEE_Panic(res); 1143 dst += tmp_dlen; 1144 dlen -= tmp_dlen; 1145 acc_dlen += tmp_dlen; 1146 op->buffer_offs -= l; 1147 if (op->buffer_offs > 0) { 1148 /* 1149 * Slen is small enough to be contained in rest buffer. 1150 */ 1151 memcpy(op->buffer, op->buffer + l, buffer_size - l); 1152 memcpy(op->buffer + op->buffer_offs, src, slen); 1153 op->buffer_offs += slen; 1154 goto out; /* Nothing left to do */ 1155 } 1156 } 1157 1158 if (slen >= (buffer_size + buffer_left)) { 1159 /* Buffer is empty, feed as much as possible from src */ 1160 if (op->buffer_two_blocks) 1161 l = ROUNDUP2(slen - buffer_size, op->block_size); 1162 else 1163 l = ROUNDUP2(slen - buffer_size + 1, op->block_size); 1164 1165 tmp_dlen = dlen; 1166 res = update_func(op->state, src, l, dst, &tmp_dlen); 1167 if (res != TEE_SUCCESS) 1168 TEE_Panic(res); 1169 src += l; 1170 slen -= l; 1171 dst += tmp_dlen; 1172 dlen -= tmp_dlen; 1173 acc_dlen += tmp_dlen; 1174 } 1175 1176 /* Slen is small enough to be contained in buffer. */ 1177 memcpy(op->buffer + op->buffer_offs, src, slen); 1178 op->buffer_offs += slen; 1179 1180 out: 1181 *dest_len = acc_dlen; 1182 return TEE_SUCCESS; 1183 } 1184 1185 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 1186 size_t srcLen, void *destData, size_t *destLen) 1187 { 1188 TEE_Result res; 1189 size_t req_dlen; 1190 uint64_t dl; 1191 1192 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1193 res = TEE_ERROR_BAD_PARAMETERS; 1194 goto out; 1195 } 1196 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1197 1198 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1199 res = TEE_ERROR_BAD_PARAMETERS; 1200 goto out; 1201 } 1202 1203 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1204 res = TEE_ERROR_BAD_PARAMETERS; 1205 goto out; 1206 } 1207 1208 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1209 res = TEE_ERROR_BAD_PARAMETERS; 1210 goto out; 1211 } 1212 1213 if (!srcData && !srcLen) { 1214 *destLen = 0; 1215 res = TEE_SUCCESS; 1216 goto out; 1217 } 1218 1219 /* Calculate required dlen */ 1220 if (operation->block_size > 1) { 1221 req_dlen = ((operation->buffer_offs + srcLen) / 1222 operation->block_size) * operation->block_size; 1223 } else { 1224 req_dlen = srcLen; 1225 } 1226 if (operation->buffer_two_blocks) { 1227 if (operation->buffer_offs + srcLen > 1228 operation->block_size * 2) { 1229 req_dlen = operation->buffer_offs + srcLen - 1230 operation->block_size * 2; 1231 req_dlen = ROUNDUP2(req_dlen, operation->block_size); 1232 } else { 1233 req_dlen = 0; 1234 } 1235 } 1236 /* 1237 * Check that required destLen is big enough before starting to feed 1238 * data to the algorithm. Errors during feeding of data are fatal as we 1239 * can't restore sync with this API. 1240 */ 1241 if (*destLen < req_dlen) { 1242 *destLen = req_dlen; 1243 res = TEE_ERROR_SHORT_BUFFER; 1244 goto out; 1245 } 1246 1247 dl = *destLen; 1248 if (operation->block_size > 1) { 1249 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1250 srcLen, destData, &dl); 1251 } else { 1252 if (srcLen > 0) { 1253 res = _utee_cipher_update(operation->state, srcData, 1254 srcLen, destData, &dl); 1255 } else { 1256 res = TEE_SUCCESS; 1257 dl = 0; 1258 } 1259 } 1260 *destLen = dl; 1261 1262 out: 1263 if (res != TEE_SUCCESS && 1264 res != TEE_ERROR_SHORT_BUFFER) 1265 TEE_Panic(res); 1266 1267 return res; 1268 } 1269 1270 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation, 1271 const void *srcData, uint32_t srcLen, 1272 void *destData, uint32_t *destLen) 1273 { 1274 TEE_Result res = TEE_SUCCESS; 1275 size_t dl = 0; 1276 1277 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1278 dl = *destLen; 1279 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl); 1280 *destLen = dl; 1281 return res; 1282 } 1283 1284 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1285 const void *srcData, size_t srcLen, 1286 void *destData, size_t *destLen) 1287 { 1288 TEE_Result res = TEE_SUCCESS; 1289 uint8_t *dst = destData; 1290 size_t acc_dlen = 0; 1291 uint64_t tmp_dlen = 0; 1292 size_t req_dlen = 0; 1293 1294 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1295 res = TEE_ERROR_BAD_PARAMETERS; 1296 goto out; 1297 } 1298 if (destLen) 1299 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1300 1301 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1302 res = TEE_ERROR_BAD_PARAMETERS; 1303 goto out; 1304 } 1305 1306 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1307 res = TEE_ERROR_BAD_PARAMETERS; 1308 goto out; 1309 } 1310 1311 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1312 res = TEE_ERROR_BAD_PARAMETERS; 1313 goto out; 1314 } 1315 1316 /* 1317 * Check that the final block doesn't require padding for those 1318 * algorithms that requires client to supply padding. 1319 */ 1320 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1321 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1322 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1323 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1324 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1325 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1326 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1327 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1328 if (((operation->buffer_offs + srcLen) % operation->block_size) 1329 != 0) { 1330 res = TEE_ERROR_BAD_PARAMETERS; 1331 goto out; 1332 } 1333 } 1334 1335 /* 1336 * Check that required destLen is big enough before starting to feed 1337 * data to the algorithm. Errors during feeding of data are fatal as we 1338 * can't restore sync with this API. 1339 */ 1340 if (operation->block_size > 1) { 1341 req_dlen = operation->buffer_offs + srcLen; 1342 } else { 1343 req_dlen = srcLen; 1344 } 1345 if (destLen) 1346 tmp_dlen = *destLen; 1347 if (tmp_dlen < req_dlen) { 1348 if (destLen) 1349 *destLen = req_dlen; 1350 res = TEE_ERROR_SHORT_BUFFER; 1351 goto out; 1352 } 1353 1354 if (operation->block_size > 1) { 1355 if (srcLen) { 1356 res = tee_buffer_update(operation, _utee_cipher_update, 1357 srcData, srcLen, dst, 1358 &tmp_dlen); 1359 if (res != TEE_SUCCESS) 1360 goto out; 1361 1362 dst += tmp_dlen; 1363 acc_dlen += tmp_dlen; 1364 1365 tmp_dlen = *destLen - acc_dlen; 1366 } 1367 res = _utee_cipher_final(operation->state, operation->buffer, 1368 operation->buffer_offs, dst, 1369 &tmp_dlen); 1370 } else { 1371 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1372 &tmp_dlen); 1373 } 1374 if (res != TEE_SUCCESS) 1375 goto out; 1376 1377 acc_dlen += tmp_dlen; 1378 if (destLen) 1379 *destLen = acc_dlen; 1380 1381 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1382 1383 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1384 1385 out: 1386 if (res != TEE_SUCCESS && 1387 res != TEE_ERROR_SHORT_BUFFER) 1388 TEE_Panic(res); 1389 1390 return res; 1391 } 1392 1393 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation, 1394 const void *srcData, uint32_t srcLen, 1395 void *destData, uint32_t *destLen) 1396 { 1397 TEE_Result res = TEE_SUCCESS; 1398 size_t dl = 0; 1399 1400 if (destLen) { 1401 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1402 dl = *destLen; 1403 } 1404 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl); 1405 if (destLen) 1406 *destLen = dl; 1407 return res; 1408 } 1409 1410 /* Cryptographic Operations API - MAC Functions */ 1411 1412 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 1413 { 1414 if (operation == TEE_HANDLE_NULL) 1415 TEE_Panic(0); 1416 1417 if (operation->info.operationClass != TEE_OPERATION_MAC) 1418 TEE_Panic(0); 1419 1420 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1421 !(operation->key1)) 1422 TEE_Panic(0); 1423 1424 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1425 TEE_ResetOperation(operation); 1426 1427 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1428 1429 init_hash_operation(operation, IV, IVLen); 1430 } 1431 1432 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV, 1433 uint32_t IVLen) 1434 { 1435 return TEE_MACInit(operation, IV, IVLen); 1436 } 1437 1438 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1439 size_t chunkSize) 1440 { 1441 TEE_Result res; 1442 1443 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1444 TEE_Panic(0); 1445 1446 if (operation->info.operationClass != TEE_OPERATION_MAC) 1447 TEE_Panic(0); 1448 1449 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1450 TEE_Panic(0); 1451 1452 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1453 TEE_Panic(0); 1454 1455 res = _utee_hash_update(operation->state, chunk, chunkSize); 1456 if (res != TEE_SUCCESS) 1457 TEE_Panic(res); 1458 } 1459 1460 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1461 uint32_t chunkSize) 1462 { 1463 return TEE_MACUpdate(operation, chunk, chunkSize); 1464 } 1465 1466 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1467 const void *message, size_t messageLen, 1468 void *mac, size_t *macLen) 1469 { 1470 TEE_Result res; 1471 uint64_t ml; 1472 1473 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1474 res = TEE_ERROR_BAD_PARAMETERS; 1475 goto out; 1476 } 1477 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1478 1479 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1480 res = TEE_ERROR_BAD_PARAMETERS; 1481 goto out; 1482 } 1483 1484 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1485 res = TEE_ERROR_BAD_PARAMETERS; 1486 goto out; 1487 } 1488 1489 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1490 res = TEE_ERROR_BAD_PARAMETERS; 1491 goto out; 1492 } 1493 1494 ml = *macLen; 1495 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1496 *macLen = ml; 1497 if (res != TEE_SUCCESS) 1498 goto out; 1499 1500 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1501 1502 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1503 1504 out: 1505 if (res != TEE_SUCCESS && 1506 res != TEE_ERROR_SHORT_BUFFER) 1507 TEE_Panic(res); 1508 1509 return res; 1510 } 1511 1512 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation, 1513 const void *message, uint32_t messageLen, 1514 void *mac, uint32_t *macLen) 1515 { 1516 TEE_Result res = TEE_SUCCESS; 1517 size_t ml = 0; 1518 1519 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1520 ml = *macLen; 1521 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml); 1522 *macLen = ml; 1523 return res; 1524 } 1525 1526 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1527 const void *message, size_t messageLen, 1528 const void *mac, size_t macLen) 1529 { 1530 TEE_Result res; 1531 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1532 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 1533 1534 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1535 res = TEE_ERROR_BAD_PARAMETERS; 1536 goto out; 1537 } 1538 1539 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1540 res = TEE_ERROR_BAD_PARAMETERS; 1541 goto out; 1542 } 1543 1544 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1545 res = TEE_ERROR_BAD_PARAMETERS; 1546 goto out; 1547 } 1548 1549 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1550 &computed_mac_size); 1551 if (res != TEE_SUCCESS) 1552 goto out; 1553 1554 if (computed_mac_size != macLen) { 1555 res = TEE_ERROR_MAC_INVALID; 1556 goto out; 1557 } 1558 1559 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1560 res = TEE_ERROR_MAC_INVALID; 1561 goto out; 1562 } 1563 1564 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1565 1566 out: 1567 if (res != TEE_SUCCESS && 1568 res != TEE_ERROR_MAC_INVALID) 1569 TEE_Panic(res); 1570 1571 return res; 1572 } 1573 1574 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation, 1575 const void *message, uint32_t messageLen, 1576 const void *mac, uint32_t macLen) 1577 { 1578 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen); 1579 } 1580 1581 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1582 1583 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1584 size_t nonceLen, uint32_t tagLen, size_t AADLen, 1585 size_t payloadLen) 1586 { 1587 TEE_Result res; 1588 1589 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1590 res = TEE_ERROR_BAD_PARAMETERS; 1591 goto out; 1592 } 1593 1594 if (operation->info.operationClass != TEE_OPERATION_AE) { 1595 res = TEE_ERROR_BAD_PARAMETERS; 1596 goto out; 1597 } 1598 1599 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1600 res = TEE_ERROR_BAD_PARAMETERS; 1601 goto out; 1602 } 1603 1604 /* 1605 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1606 * in the implementation. But AES-GCM spec doesn't specify the tag len 1607 * according to the same principle so we have to check here instead to 1608 * be GP compliant. 1609 */ 1610 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1611 /* 1612 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1613 */ 1614 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1615 res = TEE_ERROR_NOT_SUPPORTED; 1616 goto out; 1617 } 1618 } 1619 1620 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1621 AADLen, payloadLen); 1622 if (res != TEE_SUCCESS) 1623 goto out; 1624 1625 operation->info.digestLength = tagLen / 8; 1626 operation->buffer_offs = 0; 1627 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1628 1629 out: 1630 if (res != TEE_SUCCESS && 1631 res != TEE_ERROR_NOT_SUPPORTED) 1632 TEE_Panic(res); 1633 1634 return res; 1635 } 1636 1637 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1638 uint32_t nonceLen, uint32_t tagLen, 1639 uint32_t AADLen, uint32_t payloadLen) 1640 { 1641 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen, 1642 payloadLen); 1643 } 1644 1645 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1646 size_t AADdataLen) 1647 { 1648 TEE_Result res = TEE_SUCCESS; 1649 1650 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen)) 1651 TEE_Panic(0); 1652 1653 if (operation->info.operationClass != TEE_OPERATION_AE) 1654 TEE_Panic(0); 1655 1656 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1657 TEE_Panic(0); 1658 1659 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1660 TEE_Panic(0); 1661 1662 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1663 if (res != TEE_SUCCESS) 1664 TEE_Panic(res); 1665 } 1666 1667 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1668 uint32_t AADdataLen) 1669 { 1670 TEE_Result res = TEE_SUCCESS; 1671 1672 if (operation == TEE_HANDLE_NULL || 1673 (AADdata == NULL && AADdataLen != 0)) 1674 TEE_Panic(0); 1675 1676 if (operation->info.operationClass != TEE_OPERATION_AE) 1677 TEE_Panic(0); 1678 1679 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1680 TEE_Panic(0); 1681 1682 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1683 1684 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1685 1686 if (res != TEE_SUCCESS) 1687 TEE_Panic(res); 1688 } 1689 1690 static TEE_Result ae_update_helper(TEE_OperationHandle operation, 1691 const void *src, size_t slen, void *dst, 1692 size_t *dlen) 1693 { 1694 TEE_Result res = TEE_SUCCESS; 1695 size_t req_dlen = 0; 1696 uint64_t dl = 0; 1697 1698 if (!src && !slen) { 1699 *dlen = 0; 1700 return TEE_SUCCESS; 1701 } 1702 1703 /* 1704 * Check that required destLen is big enough before starting to feed 1705 * data to the algorithm. Errors during feeding of data are fatal as we 1706 * can't restore sync with this API. 1707 */ 1708 if (operation->block_size > 1) { 1709 req_dlen = ROUNDDOWN2(operation->buffer_offs + slen, 1710 operation->block_size); 1711 } else { 1712 req_dlen = slen; 1713 } 1714 1715 dl = *dlen; 1716 if (dl < req_dlen) { 1717 *dlen = req_dlen; 1718 return TEE_ERROR_SHORT_BUFFER; 1719 } 1720 1721 if (operation->block_size > 1) { 1722 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1723 src, slen, dst, &dl); 1724 } else { 1725 if (slen > 0) { 1726 res = _utee_authenc_update_payload(operation->state, 1727 src, slen, dst, &dl); 1728 } else { 1729 dl = 0; 1730 res = TEE_SUCCESS; 1731 } 1732 } 1733 1734 if (!res) 1735 *dlen = dl; 1736 1737 return res; 1738 } 1739 1740 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1741 size_t srcLen, void *destData, size_t *destLen) 1742 { 1743 TEE_Result res = TEE_SUCCESS; 1744 1745 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1746 res = TEE_ERROR_BAD_PARAMETERS; 1747 goto out; 1748 } 1749 __utee_check_outbuf_annotation(destData, destLen); 1750 1751 if (operation->info.operationClass != TEE_OPERATION_AE) { 1752 res = TEE_ERROR_BAD_PARAMETERS; 1753 goto out; 1754 } 1755 1756 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1757 res = TEE_ERROR_BAD_PARAMETERS; 1758 goto out; 1759 } 1760 1761 res = ae_update_helper(operation, srcData, srcLen, destData, destLen); 1762 if (res != TEE_ERROR_SHORT_BUFFER && srcLen) 1763 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1764 1765 out: 1766 if (res != TEE_SUCCESS && 1767 res != TEE_ERROR_SHORT_BUFFER) 1768 TEE_Panic(res); 1769 1770 return res; 1771 } 1772 1773 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation, 1774 const void *srcData, uint32_t srcLen, 1775 void *destData, uint32_t *destLen) 1776 { 1777 TEE_Result res = TEE_SUCCESS; 1778 size_t dl = 0; 1779 1780 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1781 res = TEE_ERROR_BAD_PARAMETERS; 1782 goto out; 1783 } 1784 __utee_check_gp11_outbuf_annotation(destData, destLen); 1785 1786 if (operation->info.operationClass != TEE_OPERATION_AE) { 1787 res = TEE_ERROR_BAD_PARAMETERS; 1788 goto out; 1789 } 1790 1791 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1792 res = TEE_ERROR_BAD_PARAMETERS; 1793 goto out; 1794 } 1795 1796 dl = *destLen; 1797 res = ae_update_helper(operation, srcData, srcLen, destData, &dl); 1798 *destLen = dl; 1799 1800 if (res != TEE_SUCCESS) 1801 goto out; 1802 1803 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1804 1805 out: 1806 if (res != TEE_SUCCESS && 1807 res != TEE_ERROR_SHORT_BUFFER) 1808 TEE_Panic(res); 1809 1810 return res; 1811 } 1812 1813 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1814 const void *srcData, size_t srcLen, 1815 void *destData, size_t *destLen, void *tag, 1816 size_t *tagLen) 1817 { 1818 TEE_Result res = TEE_SUCCESS; 1819 uint8_t *dst = destData; 1820 size_t acc_dlen = 0; 1821 uint64_t tmp_dlen = 0; 1822 size_t req_dlen = 0; 1823 uint64_t tl = 0; 1824 1825 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1826 res = TEE_ERROR_BAD_PARAMETERS; 1827 goto out; 1828 } 1829 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1830 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1831 1832 if (operation->info.operationClass != TEE_OPERATION_AE) { 1833 res = TEE_ERROR_BAD_PARAMETERS; 1834 goto out; 1835 } 1836 1837 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1838 res = TEE_ERROR_BAD_PARAMETERS; 1839 goto out; 1840 } 1841 1842 /* 1843 * Check that required destLen is big enough before starting to feed 1844 * data to the algorithm. Errors during feeding of data are fatal as we 1845 * can't restore sync with this API. 1846 * 1847 * Need to check this before update_payload since sync would be lost if 1848 * we return short buffer after that. 1849 */ 1850 res = TEE_ERROR_GENERIC; 1851 1852 req_dlen = operation->buffer_offs + srcLen; 1853 if (*destLen < req_dlen) { 1854 *destLen = req_dlen; 1855 res = TEE_ERROR_SHORT_BUFFER; 1856 } 1857 1858 if (*tagLen < operation->info.digestLength) { 1859 *tagLen = operation->info.digestLength; 1860 res = TEE_ERROR_SHORT_BUFFER; 1861 } 1862 1863 if (res == TEE_ERROR_SHORT_BUFFER) 1864 goto out; 1865 1866 tl = *tagLen; 1867 tmp_dlen = *destLen - acc_dlen; 1868 if (operation->block_size > 1) { 1869 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1870 srcData, srcLen, dst, &tmp_dlen); 1871 if (res != TEE_SUCCESS) 1872 goto out; 1873 1874 dst += tmp_dlen; 1875 acc_dlen += tmp_dlen; 1876 1877 tmp_dlen = *destLen - acc_dlen; 1878 res = _utee_authenc_enc_final(operation->state, 1879 operation->buffer, 1880 operation->buffer_offs, dst, 1881 &tmp_dlen, tag, &tl); 1882 } else { 1883 res = _utee_authenc_enc_final(operation->state, srcData, 1884 srcLen, dst, &tmp_dlen, 1885 tag, &tl); 1886 } 1887 *tagLen = tl; 1888 if (res != TEE_SUCCESS) 1889 goto out; 1890 1891 acc_dlen += tmp_dlen; 1892 *destLen = acc_dlen; 1893 1894 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1895 1896 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1897 1898 out: 1899 if (res != TEE_SUCCESS && 1900 res != TEE_ERROR_SHORT_BUFFER) 1901 TEE_Panic(res); 1902 1903 return res; 1904 } 1905 1906 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation, 1907 const void *srcData, uint32_t srcLen, 1908 void *destData, uint32_t *destLen, 1909 void *tag, uint32_t *tagLen) 1910 { 1911 TEE_Result res = TEE_SUCCESS; 1912 size_t dl = 0; 1913 size_t tl = 0; 1914 1915 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1916 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1917 dl = *destLen; 1918 tl = *tagLen; 1919 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl, 1920 tag, &tl); 1921 *destLen = dl; 1922 *tagLen = tl; 1923 return res; 1924 } 1925 1926 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1927 const void *srcData, size_t srcLen, 1928 void *destData, size_t *destLen, void *tag, 1929 size_t tagLen) 1930 { 1931 TEE_Result res = TEE_SUCCESS; 1932 uint8_t *dst = destData; 1933 size_t acc_dlen = 0; 1934 uint64_t tmp_dlen = 0; 1935 size_t req_dlen = 0; 1936 1937 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1938 res = TEE_ERROR_BAD_PARAMETERS; 1939 goto out; 1940 } 1941 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1942 1943 if (operation->info.operationClass != TEE_OPERATION_AE) { 1944 res = TEE_ERROR_BAD_PARAMETERS; 1945 goto out; 1946 } 1947 1948 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1949 res = TEE_ERROR_BAD_PARAMETERS; 1950 goto out; 1951 } 1952 1953 /* 1954 * Check that required destLen is big enough before starting to feed 1955 * data to the algorithm. Errors during feeding of data are fatal as we 1956 * can't restore sync with this API. 1957 */ 1958 req_dlen = operation->buffer_offs + srcLen; 1959 if (*destLen < req_dlen) { 1960 *destLen = req_dlen; 1961 res = TEE_ERROR_SHORT_BUFFER; 1962 goto out; 1963 } 1964 1965 tmp_dlen = *destLen - acc_dlen; 1966 if (operation->block_size > 1) { 1967 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1968 srcData, srcLen, dst, &tmp_dlen); 1969 if (res != TEE_SUCCESS) 1970 goto out; 1971 1972 dst += tmp_dlen; 1973 acc_dlen += tmp_dlen; 1974 1975 tmp_dlen = *destLen - acc_dlen; 1976 res = _utee_authenc_dec_final(operation->state, 1977 operation->buffer, 1978 operation->buffer_offs, dst, 1979 &tmp_dlen, tag, tagLen); 1980 } else { 1981 res = _utee_authenc_dec_final(operation->state, srcData, 1982 srcLen, dst, &tmp_dlen, 1983 tag, tagLen); 1984 } 1985 if (res != TEE_SUCCESS) 1986 goto out; 1987 1988 /* Supplied tagLen should match what we initiated with */ 1989 if (tagLen != operation->info.digestLength) 1990 res = TEE_ERROR_MAC_INVALID; 1991 1992 acc_dlen += tmp_dlen; 1993 *destLen = acc_dlen; 1994 1995 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1996 1997 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1998 1999 out: 2000 if (res != TEE_SUCCESS && 2001 res != TEE_ERROR_SHORT_BUFFER && 2002 res != TEE_ERROR_MAC_INVALID) 2003 TEE_Panic(res); 2004 2005 return res; 2006 } 2007 2008 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation, 2009 const void *srcData, uint32_t srcLen, 2010 void *destData, uint32_t *destLen, 2011 void *tag, uint32_t tagLen) 2012 { 2013 TEE_Result res = TEE_SUCCESS; 2014 size_t dl = 0; 2015 2016 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2017 dl = *destLen; 2018 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl, 2019 tag, tagLen); 2020 *destLen = dl; 2021 return res; 2022 } 2023 2024 /* Cryptographic Operations API - Asymmetric Functions */ 2025 2026 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2027 const TEE_Attribute *params, 2028 uint32_t paramCount, const void *srcData, 2029 size_t srcLen, void *destData, 2030 size_t *destLen) 2031 { 2032 TEE_Result res = TEE_SUCCESS; 2033 struct utee_attribute ua[paramCount]; 2034 uint64_t dl = 0; 2035 2036 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2037 TEE_Panic(0); 2038 2039 __utee_check_attr_in_annotation(params, paramCount); 2040 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2041 2042 if (!operation->key1) 2043 TEE_Panic(0); 2044 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2045 TEE_Panic(0); 2046 if (operation->info.mode != TEE_MODE_ENCRYPT) 2047 TEE_Panic(0); 2048 2049 __utee_from_attr(ua, params, paramCount); 2050 dl = *destLen; 2051 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2052 srcLen, destData, &dl); 2053 *destLen = dl; 2054 2055 if (res != TEE_SUCCESS && 2056 res != TEE_ERROR_SHORT_BUFFER && 2057 res != TEE_ERROR_BAD_PARAMETERS && 2058 res != TEE_ERROR_CIPHERTEXT_INVALID && 2059 res != TEE_ERROR_NOT_SUPPORTED) 2060 TEE_Panic(res); 2061 2062 return res; 2063 } 2064 2065 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2066 const __GP11_TEE_Attribute *params, 2067 uint32_t paramCount, 2068 const void *srcData, uint32_t srcLen, 2069 void *destData, uint32_t *destLen) 2070 { 2071 TEE_Result res = TEE_SUCCESS; 2072 struct utee_attribute ua[paramCount]; 2073 uint64_t dl = 0; 2074 2075 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2076 TEE_Panic(0); 2077 2078 __utee_check_gp11_attr_in_annotation(params, paramCount); 2079 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2080 2081 if (!operation->key1) 2082 TEE_Panic(0); 2083 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2084 TEE_Panic(0); 2085 if (operation->info.mode != TEE_MODE_ENCRYPT) 2086 TEE_Panic(0); 2087 2088 __utee_from_gp11_attr(ua, params, paramCount); 2089 dl = *destLen; 2090 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2091 srcLen, destData, &dl); 2092 *destLen = dl; 2093 2094 if (res != TEE_SUCCESS && 2095 res != TEE_ERROR_SHORT_BUFFER && 2096 res != TEE_ERROR_BAD_PARAMETERS) 2097 TEE_Panic(res); 2098 2099 return res; 2100 } 2101 2102 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2103 const TEE_Attribute *params, 2104 uint32_t paramCount, const void *srcData, 2105 size_t srcLen, void *destData, 2106 size_t *destLen) 2107 { 2108 TEE_Result res = TEE_SUCCESS; 2109 struct utee_attribute ua[paramCount]; 2110 uint64_t dl = 0; 2111 2112 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2113 TEE_Panic(0); 2114 2115 __utee_check_attr_in_annotation(params, paramCount); 2116 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2117 2118 if (!operation->key1) 2119 TEE_Panic(0); 2120 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2121 TEE_Panic(0); 2122 if (operation->info.mode != TEE_MODE_DECRYPT) 2123 TEE_Panic(0); 2124 2125 __utee_from_attr(ua, params, paramCount); 2126 dl = *destLen; 2127 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2128 srcLen, destData, &dl); 2129 *destLen = dl; 2130 2131 if (res != TEE_SUCCESS && 2132 res != TEE_ERROR_SHORT_BUFFER && 2133 res != TEE_ERROR_BAD_PARAMETERS && 2134 res != TEE_ERROR_CIPHERTEXT_INVALID && 2135 res != TEE_ERROR_NOT_SUPPORTED) 2136 TEE_Panic(res); 2137 2138 return res; 2139 } 2140 2141 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2142 const __GP11_TEE_Attribute *params, 2143 uint32_t paramCount, 2144 const void *srcData, uint32_t srcLen, 2145 void *destData, uint32_t *destLen) 2146 { 2147 TEE_Result res = TEE_SUCCESS; 2148 struct utee_attribute ua[paramCount]; 2149 uint64_t dl = 0; 2150 2151 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2152 TEE_Panic(0); 2153 2154 __utee_check_gp11_attr_in_annotation(params, paramCount); 2155 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2156 2157 if (!operation->key1) 2158 TEE_Panic(0); 2159 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2160 TEE_Panic(0); 2161 if (operation->info.mode != TEE_MODE_DECRYPT) 2162 TEE_Panic(0); 2163 2164 __utee_from_gp11_attr(ua, params, paramCount); 2165 dl = *destLen; 2166 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2167 srcLen, destData, &dl); 2168 *destLen = dl; 2169 2170 if (res != TEE_SUCCESS && 2171 res != TEE_ERROR_SHORT_BUFFER && 2172 res != TEE_ERROR_BAD_PARAMETERS) 2173 TEE_Panic(res); 2174 2175 return res; 2176 } 2177 2178 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2179 const TEE_Attribute *params, 2180 uint32_t paramCount, const void *digest, 2181 size_t digestLen, void *signature, 2182 size_t *signatureLen) 2183 { 2184 TEE_Result res = TEE_SUCCESS; 2185 struct utee_attribute ua[paramCount]; 2186 uint64_t sl = 0; 2187 2188 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2189 TEE_Panic(0); 2190 2191 __utee_check_attr_in_annotation(params, paramCount); 2192 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2193 2194 if (!operation->key1) 2195 TEE_Panic(0); 2196 if (operation->info.operationClass != 2197 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2198 TEE_Panic(0); 2199 if (operation->info.mode != TEE_MODE_SIGN) 2200 TEE_Panic(0); 2201 2202 __utee_from_attr(ua, params, paramCount); 2203 sl = *signatureLen; 2204 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2205 digestLen, signature, &sl); 2206 *signatureLen = sl; 2207 2208 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2209 TEE_Panic(res); 2210 2211 return res; 2212 } 2213 2214 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2215 const __GP11_TEE_Attribute *params, 2216 uint32_t paramCount, 2217 const void *digest, 2218 uint32_t digestLen, void *signature, 2219 uint32_t *signatureLen) 2220 { 2221 TEE_Result res = TEE_SUCCESS; 2222 struct utee_attribute ua[paramCount]; 2223 uint64_t sl = 0; 2224 2225 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2226 TEE_Panic(0); 2227 2228 __utee_check_gp11_attr_in_annotation(params, paramCount); 2229 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2230 2231 if (!operation->key1) 2232 TEE_Panic(0); 2233 if (operation->info.operationClass != 2234 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2235 TEE_Panic(0); 2236 if (operation->info.mode != TEE_MODE_SIGN) 2237 TEE_Panic(0); 2238 2239 __utee_from_gp11_attr(ua, params, paramCount); 2240 sl = *signatureLen; 2241 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2242 digestLen, signature, &sl); 2243 *signatureLen = sl; 2244 2245 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2246 TEE_Panic(res); 2247 2248 return res; 2249 } 2250 2251 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2252 const TEE_Attribute *params, 2253 uint32_t paramCount, const void *digest, 2254 size_t digestLen, 2255 const void *signature, 2256 size_t signatureLen) 2257 { 2258 TEE_Result res; 2259 struct utee_attribute ua[paramCount]; 2260 2261 if (operation == TEE_HANDLE_NULL || 2262 (digest == NULL && digestLen != 0) || 2263 (signature == NULL && signatureLen != 0)) 2264 TEE_Panic(0); 2265 2266 __utee_check_attr_in_annotation(params, paramCount); 2267 2268 if (!operation->key1) 2269 TEE_Panic(0); 2270 if (operation->info.operationClass != 2271 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2272 TEE_Panic(0); 2273 if (operation->info.mode != TEE_MODE_VERIFY) 2274 TEE_Panic(0); 2275 2276 __utee_from_attr(ua, params, paramCount); 2277 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2278 digestLen, signature, signatureLen); 2279 2280 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2281 TEE_Panic(res); 2282 2283 return res; 2284 } 2285 2286 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2287 const __GP11_TEE_Attribute *params, 2288 uint32_t paramCount, 2289 const void *digest, 2290 uint32_t digestLen, 2291 const void *signature, 2292 uint32_t signatureLen) 2293 { 2294 TEE_Result res = TEE_SUCCESS; 2295 struct utee_attribute ua[paramCount]; 2296 2297 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 2298 (!signature && signatureLen)) 2299 TEE_Panic(0); 2300 2301 __utee_check_gp11_attr_in_annotation(params, paramCount); 2302 2303 if (!operation->key1) 2304 TEE_Panic(0); 2305 if (operation->info.operationClass != 2306 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2307 TEE_Panic(0); 2308 if (operation->info.mode != TEE_MODE_VERIFY) 2309 TEE_Panic(0); 2310 2311 __utee_from_gp11_attr(ua, params, paramCount); 2312 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2313 digestLen, signature, signatureLen); 2314 2315 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2316 TEE_Panic(res); 2317 2318 return res; 2319 } 2320 2321 /* Cryptographic Operations API - Key Derivation Functions */ 2322 2323 void TEE_DeriveKey(TEE_OperationHandle operation, 2324 const TEE_Attribute *params, uint32_t paramCount, 2325 TEE_ObjectHandle derivedKey) 2326 { 2327 struct utee_attribute ua[paramCount]; 2328 struct utee_object_info key_info = { }; 2329 TEE_Result res = TEE_SUCCESS; 2330 2331 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2332 TEE_Panic(0); 2333 2334 __utee_check_attr_in_annotation(params, paramCount); 2335 2336 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2337 TEE_OPERATION_KEY_DERIVATION) 2338 TEE_Panic(0); 2339 2340 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2341 TEE_Panic(0); 2342 if (!operation->key1) 2343 TEE_Panic(0); 2344 if (operation->info.mode != TEE_MODE_DERIVE) 2345 TEE_Panic(0); 2346 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2347 TEE_Panic(0); 2348 2349 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2350 if (res != TEE_SUCCESS) 2351 TEE_Panic(res); 2352 2353 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2354 TEE_Panic(0); 2355 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2356 TEE_Panic(0); 2357 2358 __utee_from_attr(ua, params, paramCount); 2359 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2360 (unsigned long)derivedKey); 2361 if (res != TEE_SUCCESS) 2362 TEE_Panic(res); 2363 } 2364 2365 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 2366 const __GP11_TEE_Attribute *params, 2367 uint32_t paramCount, TEE_ObjectHandle derivedKey) 2368 { 2369 struct utee_attribute ua[paramCount]; 2370 struct utee_object_info key_info = { }; 2371 TEE_Result res = TEE_SUCCESS; 2372 2373 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2374 TEE_Panic(0); 2375 2376 __utee_check_gp11_attr_in_annotation(params, paramCount); 2377 2378 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2379 TEE_OPERATION_KEY_DERIVATION) 2380 TEE_Panic(0); 2381 2382 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2383 TEE_Panic(0); 2384 if (!operation->key1) 2385 TEE_Panic(0); 2386 if (operation->info.mode != TEE_MODE_DERIVE) 2387 TEE_Panic(0); 2388 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2389 TEE_Panic(0); 2390 2391 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2392 if (res != TEE_SUCCESS) 2393 TEE_Panic(res); 2394 2395 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2396 TEE_Panic(0); 2397 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2398 TEE_Panic(0); 2399 2400 __utee_from_gp11_attr(ua, params, paramCount); 2401 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2402 (unsigned long)derivedKey); 2403 if (res != TEE_SUCCESS) 2404 TEE_Panic(res); 2405 } 2406 2407 /* Cryptographic Operations API - Random Number Generation Functions */ 2408 2409 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen) 2410 { 2411 TEE_Result res; 2412 2413 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2414 if (res != TEE_SUCCESS) 2415 TEE_Panic(res); 2416 } 2417 2418 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2419 { 2420 TEE_GenerateRandom(randomBuffer, randomBufferLen); 2421 } 2422 2423 int rand(void) 2424 { 2425 int rc; 2426 2427 TEE_GenerateRandom(&rc, sizeof(rc)); 2428 2429 /* 2430 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2431 * highest bit set. 2432 */ 2433 return rc & RAND_MAX; 2434 } 2435 2436 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2437 { 2438 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2439 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2440 if (alg == TEE_ALG_AES_ECB_NOPAD) 2441 goto check_element_none; 2442 } 2443 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2444 if (alg == TEE_ALG_AES_CBC_NOPAD) 2445 goto check_element_none; 2446 } 2447 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2448 if (alg == TEE_ALG_AES_CTR) 2449 goto check_element_none; 2450 } 2451 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2452 if (alg == TEE_ALG_AES_CTS) 2453 goto check_element_none; 2454 } 2455 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2456 if (alg == TEE_ALG_AES_XTS) 2457 goto check_element_none; 2458 } 2459 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2460 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2461 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2462 goto check_element_none; 2463 } 2464 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2465 if (alg == TEE_ALG_AES_CMAC) 2466 goto check_element_none; 2467 } 2468 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2469 if (alg == TEE_ALG_AES_CCM) 2470 goto check_element_none; 2471 } 2472 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2473 if (alg == TEE_ALG_AES_GCM) 2474 goto check_element_none; 2475 } 2476 } 2477 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2478 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2479 if (alg == TEE_ALG_DES_ECB_NOPAD || 2480 alg == TEE_ALG_DES3_ECB_NOPAD) 2481 goto check_element_none; 2482 } 2483 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2484 if (alg == TEE_ALG_DES_CBC_NOPAD || 2485 alg == TEE_ALG_DES3_CBC_NOPAD) 2486 goto check_element_none; 2487 } 2488 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2489 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2490 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2491 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2492 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2493 goto check_element_none; 2494 } 2495 } 2496 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2497 if (alg == TEE_ALG_MD5) 2498 goto check_element_none; 2499 } 2500 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2501 if (alg == TEE_ALG_SHA1) 2502 goto check_element_none; 2503 } 2504 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2505 if (alg == TEE_ALG_SHA224) 2506 goto check_element_none; 2507 } 2508 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2509 if (alg == TEE_ALG_SHA256) 2510 goto check_element_none; 2511 } 2512 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2513 if (alg == TEE_ALG_SHA384) 2514 goto check_element_none; 2515 } 2516 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2517 if (alg == TEE_ALG_SHA512) 2518 goto check_element_none; 2519 } 2520 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2521 if (alg == TEE_ALG_SHA3_224) 2522 goto check_element_none; 2523 } 2524 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2525 if (alg == TEE_ALG_SHA3_256) 2526 goto check_element_none; 2527 } 2528 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2529 if (alg == TEE_ALG_SHA3_384) 2530 goto check_element_none; 2531 } 2532 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2533 if (alg == TEE_ALG_SHA3_512) 2534 goto check_element_none; 2535 } 2536 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2537 if (alg == TEE_ALG_MD5SHA1) 2538 goto check_element_none; 2539 } 2540 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2541 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2542 if (alg == TEE_ALG_HMAC_MD5) 2543 goto check_element_none; 2544 } 2545 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2546 if (alg == TEE_ALG_HMAC_SHA1) 2547 goto check_element_none; 2548 } 2549 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2550 if (alg == TEE_ALG_HMAC_SHA224) 2551 goto check_element_none; 2552 } 2553 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2554 if (alg == TEE_ALG_HMAC_SHA256) 2555 goto check_element_none; 2556 } 2557 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2558 if (alg == TEE_ALG_HMAC_SHA384) 2559 goto check_element_none; 2560 } 2561 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2562 if (alg == TEE_ALG_HMAC_SHA512) 2563 goto check_element_none; 2564 } 2565 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2566 if (alg == TEE_ALG_HMAC_SHA3_224) 2567 goto check_element_none; 2568 } 2569 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2570 if (alg == TEE_ALG_HMAC_SHA3_256) 2571 goto check_element_none; 2572 } 2573 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2574 if (alg == TEE_ALG_HMAC_SHA3_384) 2575 goto check_element_none; 2576 } 2577 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2578 if (alg == TEE_ALG_HMAC_SHA3_512) 2579 goto check_element_none; 2580 } 2581 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2582 if (alg == TEE_ALG_HMAC_SM3) 2583 goto check_element_none; 2584 } 2585 } 2586 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2587 if (alg == TEE_ALG_SM3) 2588 goto check_element_none; 2589 } 2590 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2591 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2592 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2593 goto check_element_none; 2594 } 2595 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2596 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2597 goto check_element_none; 2598 } 2599 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2600 if (alg == TEE_ALG_SM4_CTR) 2601 goto check_element_none; 2602 } 2603 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2604 if (alg == TEE_ALG_SM4_XTS) 2605 goto check_element_none; 2606 } 2607 } 2608 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2609 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2610 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5 || 2611 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 || 2612 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5) 2613 goto check_element_none; 2614 } 2615 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2616 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2617 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2618 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2619 goto check_element_none; 2620 } 2621 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2622 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2623 goto check_element_none; 2624 } 2625 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2626 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2627 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2628 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2629 goto check_element_none; 2630 } 2631 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2632 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2633 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2634 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2635 goto check_element_none; 2636 } 2637 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2638 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2639 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2640 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2641 goto check_element_none; 2642 } 2643 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2644 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2645 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2646 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2647 goto check_element_none; 2648 } 2649 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2650 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2651 goto check_element_none; 2652 } 2653 if (alg == TEE_ALG_RSA_NOPAD) 2654 goto check_element_none; 2655 } 2656 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2657 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2658 if (alg == TEE_ALG_DSA_SHA1) 2659 goto check_element_none; 2660 } 2661 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2662 if (alg == TEE_ALG_DSA_SHA224) 2663 goto check_element_none; 2664 } 2665 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2666 if (alg == TEE_ALG_DSA_SHA256) 2667 goto check_element_none; 2668 } 2669 } 2670 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2671 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2672 goto check_element_none; 2673 } 2674 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2675 if ((alg == __OPTEE_ALG_ECDH_P192 || 2676 alg == __OPTEE_ALG_ECDSA_P192 || 2677 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2678 alg == TEE_ALG_ECDSA_SHA1) && 2679 element == TEE_ECC_CURVE_NIST_P192) 2680 return TEE_SUCCESS; 2681 if ((alg == __OPTEE_ALG_ECDH_P224 || 2682 alg == __OPTEE_ALG_ECDSA_P224 || 2683 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2684 alg == TEE_ALG_ECDSA_SHA224) && 2685 element == TEE_ECC_CURVE_NIST_P224) 2686 return TEE_SUCCESS; 2687 if ((alg == __OPTEE_ALG_ECDH_P256 || 2688 alg == __OPTEE_ALG_ECDSA_P256 || 2689 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2690 alg == TEE_ALG_ECDSA_SHA256) && 2691 element == TEE_ECC_CURVE_NIST_P256) 2692 return TEE_SUCCESS; 2693 if ((alg == __OPTEE_ALG_ECDH_P384 || 2694 alg == __OPTEE_ALG_ECDSA_P384 || 2695 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2696 alg == TEE_ALG_ECDSA_SHA384) && 2697 element == TEE_ECC_CURVE_NIST_P384) 2698 return TEE_SUCCESS; 2699 if ((alg == __OPTEE_ALG_ECDH_P521 || 2700 alg == __OPTEE_ALG_ECDSA_P521 || 2701 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2702 alg == TEE_ALG_ECDSA_SHA512) && 2703 element == TEE_ECC_CURVE_NIST_P521) 2704 return TEE_SUCCESS; 2705 } 2706 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2707 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2708 return TEE_SUCCESS; 2709 } 2710 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2711 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2712 return TEE_SUCCESS; 2713 } 2714 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2715 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2716 return TEE_SUCCESS; 2717 } 2718 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2719 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2720 return TEE_SUCCESS; 2721 } 2722 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2723 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2724 return TEE_SUCCESS; 2725 } 2726 2727 return TEE_ERROR_NOT_SUPPORTED; 2728 check_element_none: 2729 if (element == TEE_CRYPTO_ELEMENT_NONE) 2730 return TEE_SUCCESS; 2731 return TEE_ERROR_NOT_SUPPORTED; 2732 } 2733