1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 30 #include <tee_api.h> 31 #include <tee_internal_api_extensions.h> 32 #include <utee_syscalls.h> 33 #include <utee_defines.h> 34 35 struct __TEE_OperationHandle { 36 TEE_OperationInfo info; 37 TEE_ObjectHandle key1; 38 TEE_ObjectHandle key2; 39 uint8_t *buffer; /* buffer to collect complete blocks */ 40 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 41 size_t block_size; /* Block size of cipher */ 42 size_t buffer_offs; /* Offset in buffer */ 43 uint32_t state; /* Handle to state in TEE Core */ 44 uint32_t ae_tag_len; /* 45 * tag_len in bytes for AE operation else unused 46 */ 47 }; 48 49 /* Cryptographic Operations API - Generic Operation Functions */ 50 51 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 52 uint32_t algorithm, uint32_t mode, 53 uint32_t maxKeySize) 54 { 55 TEE_Result res; 56 TEE_OperationHandle op = TEE_HANDLE_NULL; 57 uint32_t handle_state = 0; 58 size_t block_size = 1; 59 uint32_t req_key_usage; 60 bool with_private_key = false; 61 bool buffer_two_blocks = false; 62 63 if (operation == NULL) 64 TEE_Panic(0); 65 66 if (algorithm == TEE_ALG_AES_XTS) 67 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 68 69 switch (algorithm) { 70 case TEE_ALG_AES_CTS: 71 case TEE_ALG_AES_XTS: 72 buffer_two_blocks = true; 73 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 74 case TEE_ALG_AES_CBC_NOPAD: 75 case TEE_ALG_AES_CTR: 76 case TEE_ALG_AES_CCM: 77 case TEE_ALG_AES_GCM: 78 case TEE_ALG_DES_ECB_NOPAD: 79 case TEE_ALG_DES_CBC_NOPAD: 80 case TEE_ALG_DES3_ECB_NOPAD: 81 case TEE_ALG_DES3_CBC_NOPAD: 82 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 83 block_size = TEE_AES_BLOCK_SIZE; 84 else 85 block_size = TEE_DES_BLOCK_SIZE; 86 87 if (mode == TEE_MODE_ENCRYPT) 88 req_key_usage = TEE_USAGE_ENCRYPT; 89 else if (mode == TEE_MODE_DECRYPT) 90 req_key_usage = TEE_USAGE_DECRYPT; 91 else 92 return TEE_ERROR_NOT_SUPPORTED; 93 break; 94 95 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 96 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 97 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 98 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 99 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 100 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 101 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 102 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 103 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 104 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 105 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 106 case TEE_ALG_DSA_SHA1: 107 if (mode == TEE_MODE_SIGN) { 108 with_private_key = true; 109 req_key_usage = TEE_USAGE_SIGN; 110 } else if (mode == TEE_MODE_VERIFY) { 111 req_key_usage = TEE_USAGE_VERIFY; 112 } else { 113 return TEE_ERROR_NOT_SUPPORTED; 114 } 115 break; 116 117 case TEE_ALG_RSAES_PKCS1_V1_5: 118 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 119 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 120 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 121 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 122 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 123 if (mode == TEE_MODE_ENCRYPT) { 124 req_key_usage = TEE_USAGE_ENCRYPT; 125 } else if (mode == TEE_MODE_DECRYPT) { 126 with_private_key = true; 127 req_key_usage = TEE_USAGE_DECRYPT; 128 } else { 129 return TEE_ERROR_NOT_SUPPORTED; 130 } 131 break; 132 133 case TEE_ALG_RSA_NOPAD: 134 if (mode == TEE_MODE_ENCRYPT) { 135 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 136 } else if (mode == TEE_MODE_DECRYPT) { 137 with_private_key = true; 138 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 139 } else { 140 return TEE_ERROR_NOT_SUPPORTED; 141 } 142 break; 143 144 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 145 if (mode != TEE_MODE_DERIVE) 146 return TEE_ERROR_NOT_SUPPORTED; 147 with_private_key = true; 148 req_key_usage = TEE_USAGE_DERIVE; 149 break; 150 151 case TEE_ALG_MD5: 152 case TEE_ALG_SHA1: 153 case TEE_ALG_SHA224: 154 case TEE_ALG_SHA256: 155 case TEE_ALG_SHA384: 156 case TEE_ALG_SHA512: 157 if (mode != TEE_MODE_DIGEST) 158 return TEE_ERROR_NOT_SUPPORTED; 159 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 160 req_key_usage = 0; 161 break; 162 163 case TEE_ALG_DES_CBC_MAC_NOPAD: 164 case TEE_ALG_AES_CBC_MAC_NOPAD: 165 case TEE_ALG_AES_CBC_MAC_PKCS5: 166 case TEE_ALG_AES_CMAC: 167 case TEE_ALG_DES_CBC_MAC_PKCS5: 168 case TEE_ALG_DES3_CBC_MAC_NOPAD: 169 case TEE_ALG_DES3_CBC_MAC_PKCS5: 170 case TEE_ALG_HMAC_MD5: 171 case TEE_ALG_HMAC_SHA1: 172 case TEE_ALG_HMAC_SHA224: 173 case TEE_ALG_HMAC_SHA256: 174 case TEE_ALG_HMAC_SHA384: 175 case TEE_ALG_HMAC_SHA512: 176 if (mode != TEE_MODE_MAC) 177 return TEE_ERROR_NOT_SUPPORTED; 178 req_key_usage = TEE_USAGE_MAC; 179 break; 180 181 default: 182 return TEE_ERROR_NOT_SUPPORTED; 183 } 184 185 op = TEE_Malloc(sizeof(*op), 0); 186 if (op == NULL) 187 return TEE_ERROR_OUT_OF_MEMORY; 188 189 op->info.algorithm = algorithm; 190 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 191 op->info.mode = mode; 192 op->info.maxKeySize = maxKeySize; 193 op->info.requiredKeyUsage = req_key_usage; 194 op->info.handleState = handle_state; 195 196 if (block_size > 1) { 197 size_t buffer_size = block_size; 198 199 if (buffer_two_blocks) 200 buffer_size *= 2; 201 202 op->buffer = 203 TEE_Malloc(buffer_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 204 if (op->buffer == NULL) { 205 res = TEE_ERROR_OUT_OF_MEMORY; 206 goto out; 207 } 208 } 209 op->block_size = block_size; 210 op->buffer_two_blocks = buffer_two_blocks; 211 212 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 213 uint32_t mks = maxKeySize; 214 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 215 with_private_key); 216 217 /* 218 * If two keys are expected the max key size is the sum of 219 * the size of both keys. 220 */ 221 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 222 mks /= 2; 223 224 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 225 if (res != TEE_SUCCESS) 226 goto out; 227 228 if ((op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 229 0) { 230 res = 231 TEE_AllocateTransientObject(key_type, mks, 232 &op->key2); 233 if (res != TEE_SUCCESS) 234 goto out; 235 } 236 } 237 238 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 239 (uint32_t) op->key2, &op->state); 240 if (res != TEE_SUCCESS) 241 goto out; 242 243 /* For multi-stage operation do an "init". */ 244 TEE_ResetOperation(op); 245 *operation = op; 246 247 out: 248 if (res != TEE_SUCCESS) { 249 TEE_FreeTransientObject(op->key1); 250 TEE_FreeTransientObject(op->key2); 251 TEE_FreeOperation(op); 252 } 253 254 return res; 255 } 256 257 void TEE_FreeOperation(TEE_OperationHandle operation) 258 { 259 if (operation != TEE_HANDLE_NULL) { 260 /* 261 * Note that keys should not be freed here, since they are 262 * claimed by the operation they will be freed by 263 * utee_cryp_state_free(). 264 */ 265 utee_cryp_state_free(operation->state); 266 TEE_Free(operation->buffer); 267 TEE_Free(operation); 268 } 269 } 270 271 void TEE_GetOperationInfo(TEE_OperationHandle operation, 272 TEE_OperationInfo *operationInfo) 273 { 274 if (operation == TEE_HANDLE_NULL) 275 TEE_Panic(0); 276 277 if (operationInfo == NULL) 278 TEE_Panic(0); 279 280 *operationInfo = operation->info; 281 } 282 283 void TEE_ResetOperation(TEE_OperationHandle operation) 284 { 285 TEE_Result res; 286 287 if (operation == TEE_HANDLE_NULL) 288 TEE_Panic(0); 289 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 290 res = utee_hash_init(operation->state, NULL, 0); 291 if (res != TEE_SUCCESS) 292 TEE_Panic(res); 293 } 294 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 295 } 296 297 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 298 TEE_ObjectHandle key) 299 { 300 uint32_t key_size = 0; 301 302 if (operation == TEE_HANDLE_NULL) 303 TEE_Panic(0); 304 305 /* No key for digests */ 306 if (operation->info.operationClass == TEE_OPERATION_DIGEST) 307 TEE_Panic(0); 308 309 /* Two keys expected */ 310 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 311 0) 312 TEE_Panic(0); 313 314 if (key != TEE_HANDLE_NULL) { 315 TEE_ObjectInfo key_info; 316 317 TEE_GetObjectInfo(key, &key_info); 318 /* Supplied key has to meet required usage */ 319 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 320 operation->info.requiredKeyUsage) { 321 TEE_Panic(0); 322 } 323 324 if (operation->info.maxKeySize < key_info.objectSize) 325 TEE_Panic(0); 326 327 key_size = key_info.objectSize; 328 } 329 330 TEE_ResetTransientObject(operation->key1); 331 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 332 333 if (key != TEE_HANDLE_NULL) { 334 TEE_CopyObjectAttributes(operation->key1, key); 335 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 336 } 337 338 operation->info.keySize = key_size; 339 340 return TEE_SUCCESS; 341 } 342 343 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 344 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 345 { 346 uint32_t key_size = 0; 347 348 if (operation == TEE_HANDLE_NULL) 349 TEE_Panic(0); 350 351 /* Two keys not expected */ 352 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 353 0) 354 TEE_Panic(0); 355 356 /* Either both keys are NULL or both are not NULL */ 357 if ((key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) && 358 key1 != key2) 359 TEE_Panic(0); 360 361 if (key1 != TEE_HANDLE_NULL) { 362 TEE_ObjectInfo key_info1; 363 TEE_ObjectInfo key_info2; 364 365 TEE_GetObjectInfo(key1, &key_info1); 366 /* Supplied key has to meet required usage */ 367 if ((key_info1.objectUsage & operation->info. 368 requiredKeyUsage) != operation->info.requiredKeyUsage) { 369 TEE_Panic(0); 370 } 371 372 TEE_GetObjectInfo(key2, &key_info2); 373 /* Supplied key has to meet required usage */ 374 if ((key_info2.objectUsage & operation->info. 375 requiredKeyUsage) != operation->info.requiredKeyUsage) { 376 TEE_Panic(0); 377 } 378 379 /* 380 * AES-XTS (the only multi key algorithm supported, requires the 381 * keys to be of equal size. 382 */ 383 if (operation->info.algorithm == TEE_ALG_AES_XTS && 384 key_info1.objectSize != key_info2.objectSize) 385 TEE_Panic(0); 386 387 if (operation->info.maxKeySize < key_info1.objectSize) 388 TEE_Panic(0); 389 390 /* 391 * Odd that only the size of one key should be reported while 392 * size of two key are used when allocating the operation. 393 */ 394 key_size = key_info1.objectSize; 395 } 396 397 TEE_ResetTransientObject(operation->key1); 398 TEE_ResetTransientObject(operation->key2); 399 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 400 401 if (key1 != TEE_HANDLE_NULL) { 402 TEE_CopyObjectAttributes(operation->key1, key1); 403 TEE_CopyObjectAttributes(operation->key2, key2); 404 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 405 } 406 407 operation->info.keySize = key_size; 408 409 return TEE_SUCCESS; 410 } 411 412 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 413 { 414 TEE_Result res; 415 416 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 417 TEE_Panic(0); 418 if (dst_op->info.algorithm != src_op->info.algorithm) 419 TEE_Panic(0); 420 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 421 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 422 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 423 424 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 425 key1 = src_op->key1; 426 key2 = src_op->key2; 427 } 428 429 if ((src_op->info.handleState & 430 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 431 TEE_SetOperationKey(dst_op, key1); 432 } else { 433 TEE_SetOperationKey2(dst_op, key1, key2); 434 } 435 } 436 dst_op->info.handleState = src_op->info.handleState; 437 dst_op->info.keySize = src_op->info.keySize; 438 439 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 440 dst_op->block_size != src_op->block_size) 441 TEE_Panic(0); 442 443 if (dst_op->buffer != NULL) { 444 if (src_op->buffer == NULL) 445 TEE_Panic(0); 446 447 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 448 dst_op->buffer_offs = src_op->buffer_offs; 449 } else if (src_op->buffer != NULL) { 450 TEE_Panic(0); 451 } 452 453 res = utee_cryp_state_copy(dst_op->state, src_op->state); 454 if (res != TEE_SUCCESS) 455 TEE_Panic(res); 456 } 457 458 /* Cryptographic Operations API - Message Digest Functions */ 459 460 void TEE_DigestUpdate(TEE_OperationHandle operation, 461 void *chunk, size_t chunkSize) 462 { 463 TEE_Result res; 464 465 if (operation == TEE_HANDLE_NULL || chunk == NULL) 466 TEE_Panic(0); 467 if (operation->info.operationClass != TEE_OPERATION_DIGEST) 468 TEE_Panic(0); 469 res = utee_hash_update(operation->state, chunk, chunkSize); 470 if (res != TEE_SUCCESS) 471 TEE_Panic(res); 472 } 473 474 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 475 size_t chunkLen, void *hash, size_t *hashLen) 476 { 477 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkLen != 0) || 478 hash == NULL || hashLen == NULL) 479 TEE_Panic(0); 480 if (operation->info.operationClass != TEE_OPERATION_DIGEST) 481 TEE_Panic(0); 482 return utee_hash_final(operation->state, chunk, chunkLen, hash, 483 hashLen); 484 } 485 486 /* Cryptographic Operations API - Symmetric Cipher Functions */ 487 488 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 489 { 490 TEE_Result res; 491 492 if (operation == TEE_HANDLE_NULL) 493 TEE_Panic(0); 494 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 495 TEE_Panic(0); 496 res = utee_cipher_init(operation->state, IV, IVLen); 497 if (res != TEE_SUCCESS) 498 TEE_Panic(res); 499 operation->buffer_offs = 0; 500 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 501 } 502 503 static TEE_Result tee_buffer_update( 504 TEE_OperationHandle op, 505 TEE_Result(*update_func) (uint32_t state, const void *src, 506 size_t slen, void *dst, size_t *dlen), 507 const void *src_data, size_t src_len, 508 void *dest_data, size_t *dest_len) 509 { 510 TEE_Result res; 511 const uint8_t *src = src_data; 512 size_t slen = src_len; 513 uint8_t *dst = dest_data; 514 size_t dlen = *dest_len; 515 size_t acc_dlen = 0; 516 size_t tmp_dlen; 517 size_t l; 518 size_t buffer_size; 519 520 if (op->buffer_two_blocks) 521 buffer_size = op->block_size * 2; 522 else 523 buffer_size = op->block_size; 524 525 if (op->buffer_offs > 0) { 526 /* Fill up complete block */ 527 if (op->buffer_offs < op->block_size) 528 l = MIN(slen, op->block_size - op->buffer_offs); 529 else 530 l = MIN(slen, buffer_size - op->buffer_offs); 531 memcpy(op->buffer + op->buffer_offs, src, l); 532 op->buffer_offs += l; 533 src += l; 534 slen -= l; 535 if ((op->buffer_offs % op->block_size) != 0) 536 goto out; /* Nothing left to do */ 537 } 538 539 /* If we can feed from buffer */ 540 if (op->buffer_offs > 0 && (op->buffer_offs + slen) > buffer_size) { 541 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 542 op->block_size); 543 l = MIN(op->buffer_offs, l); 544 tmp_dlen = dlen; 545 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 546 if (res != TEE_SUCCESS) 547 TEE_Panic(res); 548 dst += tmp_dlen; 549 dlen -= tmp_dlen; 550 acc_dlen += tmp_dlen; 551 op->buffer_offs -= l; 552 if (op->buffer_offs > 0) { 553 /* 554 * Slen is small enough to be contained in rest buffer. 555 */ 556 memcpy(op->buffer, op->buffer + l, buffer_size - l); 557 memcpy(op->buffer + op->buffer_offs, src, slen); 558 op->buffer_offs += slen; 559 goto out; /* Nothing left to do */ 560 } 561 } 562 563 if (slen > buffer_size) { 564 /* Buffer is empty, feed as much as possible from src */ 565 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 566 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 567 568 tmp_dlen = dlen; 569 res = update_func(op->state, src, l, dst, &tmp_dlen); 570 if (res != TEE_SUCCESS) 571 TEE_Panic(res); 572 src += l; 573 slen -= l; 574 dst += tmp_dlen; 575 dlen -= tmp_dlen; 576 acc_dlen += tmp_dlen; 577 } else { 578 /* 579 * Supplied data isn't well aligned, we're forced to 580 * feed through the buffer. 581 */ 582 while (slen >= op->block_size) { 583 memcpy(op->buffer, src, op->block_size); 584 585 tmp_dlen = dlen; 586 res = 587 update_func(op->state, op->buffer, 588 op->block_size, dst, &tmp_dlen); 589 if (res != TEE_SUCCESS) 590 TEE_Panic(res); 591 src += op->block_size; 592 slen -= op->block_size; 593 dst += tmp_dlen; 594 dlen -= tmp_dlen; 595 acc_dlen += tmp_dlen; 596 } 597 } 598 } 599 600 /* Slen is small enough to be contained in buffer. */ 601 memcpy(op->buffer + op->buffer_offs, src, slen); 602 op->buffer_offs += slen; 603 604 out: 605 *dest_len = acc_dlen; 606 return TEE_SUCCESS; 607 } 608 609 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 610 size_t srcLen, void *destData, size_t *destLen) 611 { 612 size_t req_dlen; 613 614 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 615 destLen == NULL || (destData == NULL && *destLen != 0)) 616 TEE_Panic(0); 617 if (op->info.operationClass != TEE_OPERATION_CIPHER) 618 TEE_Panic(0); 619 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 620 TEE_Panic(0); 621 622 /* Calculate required dlen */ 623 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 624 op->block_size; 625 if (op->buffer_two_blocks) { 626 if (req_dlen > op->block_size * 2) 627 req_dlen -= op->block_size * 2; 628 else 629 req_dlen = 0; 630 } 631 /* 632 * Check that required destLen is big enough before starting to feed 633 * data to the algorithm. Errors during feeding of data are fatal as we 634 * can't restore sync with this API. 635 */ 636 if (*destLen < req_dlen) { 637 *destLen = req_dlen; 638 return TEE_ERROR_SHORT_BUFFER; 639 } 640 641 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, destData, 642 destLen); 643 644 return TEE_SUCCESS; 645 } 646 647 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 648 const void *srcData, size_t srcLen, void *destData, 649 size_t *destLen) 650 { 651 TEE_Result res; 652 uint8_t *dst = destData; 653 size_t acc_dlen = 0; 654 size_t tmp_dlen; 655 size_t req_dlen; 656 657 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 658 destLen == NULL || (destData == NULL && *destLen != 0)) 659 TEE_Panic(0); 660 if (op->info.operationClass != TEE_OPERATION_CIPHER) 661 TEE_Panic(0); 662 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 663 TEE_Panic(0); 664 665 /* 666 * Check that the final block doesn't require padding for those 667 * algorithms that requires client to supply padding. 668 */ 669 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 670 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 671 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 672 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 673 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 674 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 675 if (((op->buffer_offs + srcLen) % op->block_size) != 0) 676 return TEE_ERROR_BAD_PARAMETERS; 677 } 678 679 /* 680 * Check that required destLen is big enough before starting to feed 681 * data to the algorithm. Errors during feeding of data are fatal as we 682 * can't restore sync with this API. 683 */ 684 req_dlen = op->buffer_offs + srcLen; 685 if (*destLen < req_dlen) { 686 *destLen = req_dlen; 687 return TEE_ERROR_SHORT_BUFFER; 688 } 689 690 tmp_dlen = *destLen - acc_dlen; 691 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 692 &tmp_dlen); 693 dst += tmp_dlen; 694 acc_dlen += tmp_dlen; 695 696 tmp_dlen = *destLen - acc_dlen; 697 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 698 dst, &tmp_dlen); 699 if (res != TEE_SUCCESS) 700 TEE_Panic(res); 701 acc_dlen += tmp_dlen; 702 703 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 704 *destLen = acc_dlen; 705 return TEE_SUCCESS; 706 } 707 708 /* Cryptographic Operations API - MAC Functions */ 709 710 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 711 { 712 TEE_Result res; 713 714 if (operation == TEE_HANDLE_NULL) 715 TEE_Panic(0); 716 if (IV == NULL && IVLen != 0) 717 TEE_Panic(0); 718 if (operation->info.operationClass != TEE_OPERATION_MAC) 719 TEE_Panic(0); 720 res = utee_hash_init(operation->state, IV, IVLen); 721 if (res != TEE_SUCCESS) 722 TEE_Panic(res); 723 operation->buffer_offs = 0; 724 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 725 } 726 727 void TEE_MACUpdate(TEE_OperationHandle op, const void *chunk, size_t chunkSize) 728 { 729 TEE_Result res; 730 731 if (op == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 732 TEE_Panic(0); 733 if (op->info.operationClass != TEE_OPERATION_MAC) 734 TEE_Panic(0); 735 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 736 TEE_Panic(0); 737 738 res = utee_hash_update(op->state, chunk, chunkSize); 739 if (res != TEE_SUCCESS) 740 TEE_Panic(res); 741 } 742 743 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle op, 744 const void *message, size_t messageLen, 745 void *mac, size_t *macLen) 746 { 747 TEE_Result res; 748 749 if (op == TEE_HANDLE_NULL || (message == NULL && messageLen != 0) || 750 mac == NULL || macLen == NULL) 751 TEE_Panic(0); 752 if (op->info.operationClass != TEE_OPERATION_MAC) 753 TEE_Panic(0); 754 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 755 TEE_Panic(0); 756 757 res = utee_hash_final(op->state, message, messageLen, mac, macLen); 758 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 759 return res; 760 } 761 762 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 763 const void *message, size_t messageLen, 764 const void *mac, size_t macLen) 765 { 766 TEE_Result res; 767 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 768 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 769 770 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 771 &computed_mac_size); 772 if (res != TEE_SUCCESS) 773 return res; 774 if (computed_mac_size != macLen) 775 return TEE_ERROR_MAC_INVALID; 776 if (memcmp(mac, computed_mac, computed_mac_size) != 0) 777 return TEE_ERROR_MAC_INVALID; 778 /* don't leave this on stack */ 779 memset(computed_mac, 0, computed_mac_size); 780 return TEE_SUCCESS; 781 } 782 783 /* Cryptographic Operations API - Authenticated Encryption Functions */ 784 785 TEE_Result TEE_AEInit(TEE_OperationHandle op, const void *nonce, 786 size_t nonceLen, uint32_t tagLen, uint32_t AADLen, 787 uint32_t payloadLen) 788 { 789 TEE_Result res; 790 791 if (op == TEE_HANDLE_NULL || nonce == NULL) 792 TEE_Panic(0); 793 if (op->info.operationClass != TEE_OPERATION_AE) 794 TEE_Panic(0); 795 796 /* 797 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 798 * in the implementation. But AES-GCM spec doesn't specify the tag len 799 * according to the same principle so we have to check here instead to 800 * be GP compliant. 801 */ 802 if (op->info.algorithm == TEE_ALG_AES_GCM) { 803 /* 804 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 805 */ 806 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) 807 return TEE_ERROR_NOT_SUPPORTED; 808 } 809 810 res = utee_authenc_init(op->state, nonce, nonceLen, tagLen / 8, AADLen, 811 payloadLen); 812 if (res != TEE_SUCCESS) { 813 if (res != TEE_ERROR_NOT_SUPPORTED) 814 TEE_Panic(res); 815 return res; 816 } 817 op->ae_tag_len = tagLen / 8; 818 819 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 820 return TEE_SUCCESS; 821 } 822 823 void TEE_AEUpdateAAD(TEE_OperationHandle op, const void *AADdata, 824 size_t AADdataLen) 825 { 826 TEE_Result res; 827 828 if (op == TEE_HANDLE_NULL || (AADdata == NULL && AADdataLen != 0)) 829 TEE_Panic(0); 830 if (op->info.operationClass != TEE_OPERATION_AE) 831 TEE_Panic(0); 832 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 833 TEE_Panic(0); 834 835 res = utee_authenc_update_aad(op->state, AADdata, AADdataLen); 836 if (res != TEE_SUCCESS) 837 TEE_Panic(res); 838 } 839 840 TEE_Result TEE_AEUpdate(TEE_OperationHandle op, const void *srcData, 841 size_t srcLen, void *destData, size_t *destLen) 842 { 843 size_t req_dlen; 844 845 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 846 destLen == NULL || (destData == NULL && *destLen != 0)) 847 TEE_Panic(0); 848 if (op->info.operationClass != TEE_OPERATION_AE) 849 TEE_Panic(0); 850 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 851 TEE_Panic(0); 852 853 /* 854 * Check that required destLen is big enough before starting to feed 855 * data to the algorithm. Errors during feeding of data are fatal as we 856 * can't restore sync with this API. 857 */ 858 req_dlen = ROUNDDOWN(op->buffer_offs + srcLen, op->block_size); 859 if (*destLen < req_dlen) { 860 *destLen = req_dlen; 861 return TEE_ERROR_SHORT_BUFFER; 862 } 863 864 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 865 destData, destLen); 866 867 return TEE_SUCCESS; 868 } 869 870 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle op, 871 const void *srcData, size_t srcLen, 872 void *destData, size_t *destLen, void *tag, 873 size_t *tagLen) 874 { 875 TEE_Result res; 876 uint8_t *dst = destData; 877 size_t acc_dlen = 0; 878 size_t tmp_dlen; 879 size_t req_dlen; 880 881 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 882 destLen == NULL || (destData == NULL && *destLen != 0) || 883 tag == NULL || tagLen == NULL) 884 TEE_Panic(0); 885 if (op->info.operationClass != TEE_OPERATION_AE) 886 TEE_Panic(0); 887 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 888 TEE_Panic(0); 889 890 /* 891 * Check that required destLen is big enough before starting to feed 892 * data to the algorithm. Errors during feeding of data are fatal as we 893 * can't restore sync with this API. 894 */ 895 req_dlen = op->buffer_offs + srcLen; 896 if (*destLen < req_dlen) { 897 *destLen = req_dlen; 898 return TEE_ERROR_SHORT_BUFFER; 899 } 900 901 /* 902 * Need to check this before update_payload since sync would be lost if 903 * we return short buffer after that. 904 */ 905 if (*tagLen < op->ae_tag_len) { 906 *tagLen = op->ae_tag_len; 907 return TEE_ERROR_SHORT_BUFFER; 908 } 909 910 tmp_dlen = *destLen - acc_dlen; 911 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 912 dst, &tmp_dlen); 913 dst += tmp_dlen; 914 acc_dlen += tmp_dlen; 915 916 tmp_dlen = *destLen - acc_dlen; 917 res = 918 utee_authenc_enc_final(op->state, op->buffer, op->buffer_offs, dst, 919 &tmp_dlen, tag, tagLen); 920 if (res != TEE_SUCCESS) 921 TEE_Panic(res); 922 acc_dlen += tmp_dlen; 923 924 *destLen = acc_dlen; 925 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 926 927 return res; 928 } 929 930 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle op, 931 const void *srcData, size_t srcLen, 932 void *destData, size_t *destLen, const void *tag, 933 size_t tagLen) 934 { 935 TEE_Result res; 936 uint8_t *dst = destData; 937 size_t acc_dlen = 0; 938 size_t tmp_dlen; 939 size_t req_dlen; 940 941 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 942 destLen == NULL || (destData == NULL && *destLen != 0) || 943 (tag == NULL && tagLen != 0)) 944 TEE_Panic(0); 945 if (op->info.operationClass != TEE_OPERATION_AE) 946 TEE_Panic(0); 947 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 948 TEE_Panic(0); 949 950 /* 951 * Check that required destLen is big enough before starting to feed 952 * data to the algorithm. Errors during feeding of data are fatal as we 953 * can't restore sync with this API. 954 */ 955 req_dlen = op->buffer_offs + srcLen; 956 if (*destLen < req_dlen) { 957 *destLen = req_dlen; 958 return TEE_ERROR_SHORT_BUFFER; 959 } 960 961 tmp_dlen = *destLen - acc_dlen; 962 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 963 dst, &tmp_dlen); 964 dst += tmp_dlen; 965 acc_dlen += tmp_dlen; 966 967 tmp_dlen = *destLen - acc_dlen; 968 res = 969 utee_authenc_dec_final(op->state, op->buffer, op->buffer_offs, dst, 970 &tmp_dlen, tag, tagLen); 971 if (res != TEE_SUCCESS && res != TEE_ERROR_MAC_INVALID) 972 TEE_Panic(res); 973 /* Supplied tagLen should match what we initiated with */ 974 if (tagLen != op->ae_tag_len) 975 res = TEE_ERROR_MAC_INVALID; 976 977 acc_dlen += tmp_dlen; 978 979 *destLen = acc_dlen; 980 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 981 982 return res; 983 } 984 985 /* Cryptographic Operations API - Asymmetric Functions */ 986 987 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle op, 988 const TEE_Attribute *params, 989 uint32_t paramCount, const void *srcData, 990 size_t srcLen, void *destData, 991 size_t *destLen) 992 { 993 TEE_Result res; 994 995 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 996 destLen == NULL || (destData == NULL && *destLen != 0)) 997 TEE_Panic(0); 998 if (paramCount != 0 && params == NULL) 999 TEE_Panic(0); 1000 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1001 TEE_Panic(0); 1002 if (op->info.mode != TEE_MODE_ENCRYPT) 1003 TEE_Panic(0); 1004 1005 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1006 destData, destLen); 1007 if (res != TEE_SUCCESS && 1008 res != TEE_ERROR_SHORT_BUFFER && 1009 res != TEE_ERROR_BAD_PARAMETERS) 1010 TEE_Panic(res); 1011 return res; 1012 } 1013 1014 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle op, 1015 const TEE_Attribute *params, 1016 uint32_t paramCount, const void *srcData, 1017 size_t srcLen, void *destData, 1018 size_t *destLen) 1019 { 1020 TEE_Result res; 1021 1022 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1023 destLen == NULL || (destData == NULL && *destLen != 0)) 1024 TEE_Panic(0); 1025 if (paramCount != 0 && params == NULL) 1026 TEE_Panic(0); 1027 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1028 TEE_Panic(0); 1029 if (op->info.mode != TEE_MODE_DECRYPT) 1030 TEE_Panic(0); 1031 1032 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1033 destData, destLen); 1034 if (res != TEE_SUCCESS && 1035 res != TEE_ERROR_SHORT_BUFFER && 1036 res != TEE_ERROR_BAD_PARAMETERS) 1037 TEE_Panic(res); 1038 return res; 1039 } 1040 1041 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle op, 1042 const TEE_Attribute *params, 1043 uint32_t paramCount, const void *digest, 1044 size_t digestLen, void *signature, 1045 size_t *signatureLen) 1046 { 1047 TEE_Result res; 1048 1049 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1050 signature == NULL || signatureLen == NULL) 1051 TEE_Panic(0); 1052 if (paramCount != 0 && params == NULL) 1053 TEE_Panic(0); 1054 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1055 TEE_Panic(0); 1056 if (op->info.mode != TEE_MODE_SIGN) 1057 TEE_Panic(0); 1058 1059 res = 1060 utee_asymm_operate(op->state, params, paramCount, digest, digestLen, 1061 signature, signatureLen); 1062 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1063 TEE_Panic(res); 1064 return res; 1065 } 1066 1067 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle op, 1068 const TEE_Attribute *params, 1069 uint32_t paramCount, const void *digest, 1070 size_t digestLen, const void *signature, 1071 size_t signatureLen) 1072 { 1073 TEE_Result res; 1074 1075 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1076 (signature == NULL && signatureLen != 0)) 1077 TEE_Panic(0); 1078 if (paramCount != 0 && params == NULL) 1079 TEE_Panic(0); 1080 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1081 TEE_Panic(0); 1082 if (op->info.mode != TEE_MODE_VERIFY) 1083 TEE_Panic(0); 1084 1085 res = 1086 utee_asymm_verify(op->state, params, paramCount, digest, digestLen, 1087 signature, signatureLen); 1088 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1089 TEE_Panic(res); 1090 return res; 1091 } 1092 1093 /* Cryptographic Operations API - Key Derivation Functions */ 1094 1095 void TEE_DeriveKey(TEE_OperationHandle operation, 1096 const TEE_Attribute *params, uint32_t paramCount, 1097 TEE_ObjectHandle derivedKey) 1098 { 1099 TEE_Result res; 1100 TEE_ObjectInfo key_info; 1101 1102 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1103 TEE_Panic(0); 1104 if (paramCount != 0 && params == NULL) 1105 TEE_Panic(0); 1106 1107 if (operation->info.algorithm != TEE_ALG_DH_DERIVE_SHARED_SECRET) 1108 TEE_Panic(0); 1109 1110 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1111 TEE_Panic(0); 1112 if (operation->info.mode != TEE_MODE_DERIVE) 1113 TEE_Panic(0); 1114 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1115 TEE_Panic(0); 1116 1117 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1118 if (res != TEE_SUCCESS) 1119 TEE_Panic(0); 1120 1121 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1122 TEE_Panic(0); 1123 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1124 TEE_Panic(0); 1125 1126 if ((operation->info.algorithm == TEE_ALG_DH_DERIVE_SHARED_SECRET) && 1127 (paramCount != 1 || 1128 params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE)) 1129 TEE_Panic(0); 1130 1131 res = utee_cryp_derive_key(operation->state, params, paramCount, 1132 (uint32_t) derivedKey); 1133 if (res != TEE_SUCCESS) 1134 TEE_Panic(res); 1135 } 1136 1137 /* Cryptographic Operations API - Random Number Generation Functions */ 1138 1139 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen) 1140 { 1141 TEE_Result res; 1142 1143 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1144 if (res != TEE_SUCCESS) 1145 TEE_Panic(res); 1146 } 1147