1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 #include <string_ext.h> 30 31 #include <tee_api.h> 32 #include <tee_api_defines_extensions.h> 33 #include <tee_internal_api_extensions.h> 34 #include <utee_syscalls.h> 35 #include <utee_defines.h> 36 #include <util.h> 37 38 struct __TEE_OperationHandle { 39 TEE_OperationInfo info; 40 TEE_ObjectHandle key1; 41 TEE_ObjectHandle key2; 42 uint8_t *buffer; /* buffer to collect complete blocks */ 43 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 44 size_t block_size; /* Block size of cipher */ 45 size_t buffer_offs; /* Offset in buffer */ 46 uint32_t state; /* Handle to state in TEE Core */ 47 uint32_t ae_tag_len; /* 48 * tag_len in bytes for AE operation else unused 49 */ 50 }; 51 52 /* Cryptographic Operations API - Generic Operation Functions */ 53 54 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 55 uint32_t algorithm, uint32_t mode, 56 uint32_t maxKeySize) 57 { 58 TEE_Result res; 59 TEE_OperationHandle op = TEE_HANDLE_NULL; 60 uint32_t handle_state = 0; 61 size_t block_size = 1; 62 uint32_t req_key_usage; 63 bool with_private_key = false; 64 bool buffer_two_blocks = false; 65 66 if (!operation) 67 TEE_Panic(0); 68 69 if (algorithm == TEE_ALG_AES_XTS) 70 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 71 72 /* Check algorithm max key size */ 73 switch (algorithm) { 74 case TEE_ALG_DSA_SHA1: 75 if (maxKeySize < 512) 76 return TEE_ERROR_NOT_SUPPORTED; 77 if (maxKeySize > 1024) 78 return TEE_ERROR_NOT_SUPPORTED; 79 if (maxKeySize % 64 != 0) 80 return TEE_ERROR_NOT_SUPPORTED; 81 break; 82 83 case TEE_ALG_DSA_SHA224: 84 if (maxKeySize != 2048) 85 return TEE_ERROR_NOT_SUPPORTED; 86 break; 87 88 case TEE_ALG_DSA_SHA256: 89 if (maxKeySize != 2048 && maxKeySize != 3072) 90 return TEE_ERROR_NOT_SUPPORTED; 91 break; 92 93 case TEE_ALG_ECDSA_P192: 94 case TEE_ALG_ECDH_P192: 95 if (maxKeySize != 192) 96 return TEE_ERROR_NOT_SUPPORTED; 97 break; 98 99 case TEE_ALG_ECDSA_P224: 100 case TEE_ALG_ECDH_P224: 101 if (maxKeySize != 224) 102 return TEE_ERROR_NOT_SUPPORTED; 103 break; 104 105 case TEE_ALG_ECDSA_P256: 106 case TEE_ALG_ECDH_P256: 107 if (maxKeySize != 256) 108 return TEE_ERROR_NOT_SUPPORTED; 109 break; 110 111 case TEE_ALG_ECDSA_P384: 112 case TEE_ALG_ECDH_P384: 113 if (maxKeySize != 384) 114 return TEE_ERROR_NOT_SUPPORTED; 115 break; 116 117 case TEE_ALG_ECDSA_P521: 118 case TEE_ALG_ECDH_P521: 119 if (maxKeySize != 521) 120 return TEE_ERROR_NOT_SUPPORTED; 121 break; 122 123 default: 124 break; 125 } 126 127 /* Check algorithm mode */ 128 switch (algorithm) { 129 case TEE_ALG_AES_CTS: 130 case TEE_ALG_AES_XTS: 131 buffer_two_blocks = true; 132 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 133 case TEE_ALG_AES_CBC_NOPAD: 134 case TEE_ALG_AES_CTR: 135 case TEE_ALG_AES_CCM: 136 case TEE_ALG_AES_GCM: 137 case TEE_ALG_DES_ECB_NOPAD: 138 case TEE_ALG_DES_CBC_NOPAD: 139 case TEE_ALG_DES3_ECB_NOPAD: 140 case TEE_ALG_DES3_CBC_NOPAD: 141 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 142 block_size = TEE_AES_BLOCK_SIZE; 143 else 144 block_size = TEE_DES_BLOCK_SIZE; 145 146 if (mode == TEE_MODE_ENCRYPT) 147 req_key_usage = TEE_USAGE_ENCRYPT; 148 else if (mode == TEE_MODE_DECRYPT) 149 req_key_usage = TEE_USAGE_DECRYPT; 150 else 151 return TEE_ERROR_NOT_SUPPORTED; 152 break; 153 154 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 165 case TEE_ALG_DSA_SHA1: 166 case TEE_ALG_DSA_SHA224: 167 case TEE_ALG_DSA_SHA256: 168 case TEE_ALG_ECDSA_P192: 169 case TEE_ALG_ECDSA_P224: 170 case TEE_ALG_ECDSA_P256: 171 case TEE_ALG_ECDSA_P384: 172 case TEE_ALG_ECDSA_P521: 173 if (mode == TEE_MODE_SIGN) { 174 with_private_key = true; 175 req_key_usage = TEE_USAGE_SIGN; 176 } else if (mode == TEE_MODE_VERIFY) { 177 req_key_usage = TEE_USAGE_VERIFY; 178 } else { 179 return TEE_ERROR_NOT_SUPPORTED; 180 } 181 break; 182 183 case TEE_ALG_RSAES_PKCS1_V1_5: 184 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 189 if (mode == TEE_MODE_ENCRYPT) { 190 req_key_usage = TEE_USAGE_ENCRYPT; 191 } else if (mode == TEE_MODE_DECRYPT) { 192 with_private_key = true; 193 req_key_usage = TEE_USAGE_DECRYPT; 194 } else { 195 return TEE_ERROR_NOT_SUPPORTED; 196 } 197 break; 198 199 case TEE_ALG_RSA_NOPAD: 200 if (mode == TEE_MODE_ENCRYPT) { 201 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 202 } else if (mode == TEE_MODE_DECRYPT) { 203 with_private_key = true; 204 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 205 } else { 206 return TEE_ERROR_NOT_SUPPORTED; 207 } 208 break; 209 210 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 211 case TEE_ALG_ECDH_P192: 212 case TEE_ALG_ECDH_P224: 213 case TEE_ALG_ECDH_P256: 214 case TEE_ALG_ECDH_P384: 215 case TEE_ALG_ECDH_P521: 216 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 227 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 228 if (mode != TEE_MODE_DERIVE) 229 return TEE_ERROR_NOT_SUPPORTED; 230 with_private_key = true; 231 req_key_usage = TEE_USAGE_DERIVE; 232 break; 233 234 case TEE_ALG_MD5: 235 case TEE_ALG_SHA1: 236 case TEE_ALG_SHA224: 237 case TEE_ALG_SHA256: 238 case TEE_ALG_SHA384: 239 case TEE_ALG_SHA512: 240 if (mode != TEE_MODE_DIGEST) 241 return TEE_ERROR_NOT_SUPPORTED; 242 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 243 req_key_usage = 0; 244 break; 245 246 case TEE_ALG_DES_CBC_MAC_NOPAD: 247 case TEE_ALG_AES_CBC_MAC_NOPAD: 248 case TEE_ALG_AES_CBC_MAC_PKCS5: 249 case TEE_ALG_AES_CMAC: 250 case TEE_ALG_DES_CBC_MAC_PKCS5: 251 case TEE_ALG_DES3_CBC_MAC_NOPAD: 252 case TEE_ALG_DES3_CBC_MAC_PKCS5: 253 case TEE_ALG_HMAC_MD5: 254 case TEE_ALG_HMAC_SHA1: 255 case TEE_ALG_HMAC_SHA224: 256 case TEE_ALG_HMAC_SHA256: 257 case TEE_ALG_HMAC_SHA384: 258 case TEE_ALG_HMAC_SHA512: 259 if (mode != TEE_MODE_MAC) 260 return TEE_ERROR_NOT_SUPPORTED; 261 req_key_usage = TEE_USAGE_MAC; 262 break; 263 264 default: 265 return TEE_ERROR_NOT_SUPPORTED; 266 } 267 268 op = TEE_Malloc(sizeof(*op), 0); 269 if (!op) 270 return TEE_ERROR_OUT_OF_MEMORY; 271 272 op->info.algorithm = algorithm; 273 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 274 op->info.mode = mode; 275 op->info.maxKeySize = maxKeySize; 276 op->info.requiredKeyUsage = req_key_usage; 277 op->info.handleState = handle_state; 278 279 if (block_size > 1) { 280 size_t buffer_size = block_size; 281 282 if (buffer_two_blocks) 283 buffer_size *= 2; 284 285 op->buffer = TEE_Malloc(buffer_size, 286 TEE_USER_MEM_HINT_NO_FILL_ZERO); 287 if (op->buffer == NULL) { 288 res = TEE_ERROR_OUT_OF_MEMORY; 289 goto err0; 290 } 291 } 292 op->block_size = block_size; 293 op->buffer_two_blocks = buffer_two_blocks; 294 295 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 296 uint32_t mks = maxKeySize; 297 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 298 with_private_key); 299 300 /* 301 * If two keys are expected the max key size is the sum of 302 * the size of both keys. 303 */ 304 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 305 mks /= 2; 306 307 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 308 if (res != TEE_SUCCESS) 309 goto err1; 310 311 if ((op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 312 0) { 313 res = TEE_AllocateTransientObject(key_type, mks, 314 &op->key2); 315 if (res != TEE_SUCCESS) 316 goto err2; 317 } 318 } 319 320 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 321 (uint32_t) op->key2, &op->state); 322 if (res != TEE_SUCCESS) { 323 if ((op->info.handleState & 324 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 0) 325 goto err2; 326 goto err1; 327 } 328 329 /* For multi-stage operation do an "init". */ 330 TEE_ResetOperation(op); 331 *operation = op; 332 goto out; 333 334 err2: 335 TEE_FreeTransientObject(op->key2); 336 err1: 337 TEE_FreeTransientObject(op->key1); 338 err0: 339 TEE_FreeOperation(op); 340 341 if (res != TEE_SUCCESS && 342 res != TEE_ERROR_OUT_OF_MEMORY && 343 res != TEE_ERROR_NOT_SUPPORTED) 344 TEE_Panic(0); 345 out: 346 return res; 347 } 348 349 void TEE_FreeOperation(TEE_OperationHandle operation) 350 { 351 if (operation != TEE_HANDLE_NULL) { 352 /* 353 * Note that keys should not be freed here, since they are 354 * claimed by the operation they will be freed by 355 * utee_cryp_state_free(). 356 */ 357 utee_cryp_state_free(operation->state); 358 TEE_Free(operation->buffer); 359 TEE_Free(operation); 360 } 361 } 362 363 void TEE_GetOperationInfo(TEE_OperationHandle operation, 364 TEE_OperationInfo *operationInfo) 365 { 366 if (operation == TEE_HANDLE_NULL) 367 TEE_Panic(0); 368 369 if (operationInfo == NULL) 370 TEE_Panic(0); 371 372 *operationInfo = operation->info; 373 } 374 375 void TEE_ResetOperation(TEE_OperationHandle operation) 376 { 377 TEE_Result res; 378 379 if (operation == TEE_HANDLE_NULL) 380 TEE_Panic(0); 381 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 382 res = utee_hash_init(operation->state, NULL, 0); 383 if (res != TEE_SUCCESS) 384 TEE_Panic(res); 385 } 386 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 387 } 388 389 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 390 TEE_ObjectHandle key) 391 { 392 TEE_Result res; 393 uint32_t key_size = 0; 394 395 if (operation == TEE_HANDLE_NULL) 396 TEE_Panic(0); 397 398 /* No key for digests */ 399 if (operation->info.operationClass == TEE_OPERATION_DIGEST) 400 TEE_Panic(0); 401 402 /* Two keys expected */ 403 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 404 0) 405 TEE_Panic(0); 406 407 if (key != TEE_HANDLE_NULL) { 408 TEE_ObjectInfo key_info; 409 410 res = TEE_GetObjectInfo1(key, &key_info); 411 if (res != TEE_SUCCESS) 412 goto err; 413 414 /* Supplied key has to meet required usage */ 415 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 416 operation->info.requiredKeyUsage) { 417 TEE_Panic(0); 418 } 419 420 if (operation->info.maxKeySize < key_info.keySize) 421 TEE_Panic(0); 422 423 key_size = key_info.keySize; 424 } 425 426 TEE_ResetTransientObject(operation->key1); 427 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 428 429 if (key != TEE_HANDLE_NULL) { 430 res = TEE_CopyObjectAttributes1(operation->key1, key); 431 if (res != TEE_SUCCESS) 432 goto err; 433 434 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 435 } 436 437 operation->info.keySize = key_size; 438 439 goto out; 440 441 err: 442 if (res == TEE_ERROR_CORRUPT_OBJECT || 443 res == TEE_ERROR_STORAGE_NOT_AVAILABLE) 444 return res; 445 TEE_Panic(0); 446 out: 447 return TEE_SUCCESS; 448 } 449 450 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 451 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 452 { 453 TEE_Result res; 454 uint32_t key_size = 0; 455 456 if (operation == TEE_HANDLE_NULL) 457 TEE_Panic(0); 458 459 /* Two keys not expected */ 460 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 461 0) 462 TEE_Panic(0); 463 464 /* Either both keys are NULL or both are not NULL */ 465 if ((key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) && 466 key1 != key2) 467 TEE_Panic(0); 468 469 if (key1 != TEE_HANDLE_NULL) { 470 TEE_ObjectInfo key_info1; 471 TEE_ObjectInfo key_info2; 472 473 res = TEE_GetObjectInfo1(key1, &key_info1); 474 if (res != TEE_SUCCESS) 475 goto err; 476 477 /* Supplied key has to meet required usage */ 478 if ((key_info1.objectUsage & operation->info. 479 requiredKeyUsage) != operation->info.requiredKeyUsage) { 480 TEE_Panic(0); 481 } 482 483 res = TEE_GetObjectInfo1(key2, &key_info2); 484 if (res != TEE_SUCCESS) { 485 if (res == TEE_ERROR_CORRUPT_OBJECT) 486 res = TEE_ERROR_CORRUPT_OBJECT_2; 487 goto err; 488 } 489 490 /* Supplied key has to meet required usage */ 491 if ((key_info2.objectUsage & operation->info. 492 requiredKeyUsage) != operation->info.requiredKeyUsage) { 493 TEE_Panic(0); 494 } 495 496 /* 497 * AES-XTS (the only multi key algorithm supported, requires the 498 * keys to be of equal size. 499 */ 500 if (operation->info.algorithm == TEE_ALG_AES_XTS && 501 key_info1.keySize != key_info2.keySize) 502 TEE_Panic(0); 503 504 if (operation->info.maxKeySize < key_info1.keySize) 505 TEE_Panic(0); 506 507 /* 508 * Odd that only the size of one key should be reported while 509 * size of two key are used when allocating the operation. 510 */ 511 key_size = key_info1.keySize; 512 } 513 514 TEE_ResetTransientObject(operation->key1); 515 TEE_ResetTransientObject(operation->key2); 516 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 517 518 if (key1 != TEE_HANDLE_NULL) { 519 res = TEE_CopyObjectAttributes1(operation->key1, key1); 520 if (res != TEE_SUCCESS) 521 goto err; 522 523 res = TEE_CopyObjectAttributes1(operation->key2, key2); 524 if (res != TEE_SUCCESS) { 525 if (res == TEE_ERROR_CORRUPT_OBJECT) 526 res = TEE_ERROR_CORRUPT_OBJECT_2; 527 goto err; 528 } 529 530 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 531 } 532 533 operation->info.keySize = key_size; 534 535 goto out; 536 537 err: 538 if (res == TEE_ERROR_CORRUPT_OBJECT || 539 res == TEE_ERROR_CORRUPT_OBJECT_2 || 540 res == TEE_ERROR_STORAGE_NOT_AVAILABLE || 541 res == TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 542 return res; 543 TEE_Panic(0); 544 out: 545 return TEE_SUCCESS; 546 } 547 548 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 549 { 550 TEE_Result res; 551 552 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 553 TEE_Panic(0); 554 if (dst_op->info.algorithm != src_op->info.algorithm) 555 TEE_Panic(0); 556 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 557 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 558 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 559 560 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 561 key1 = src_op->key1; 562 key2 = src_op->key2; 563 } 564 565 if ((src_op->info.handleState & 566 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 567 TEE_SetOperationKey(dst_op, key1); 568 } else { 569 TEE_SetOperationKey2(dst_op, key1, key2); 570 } 571 } 572 dst_op->info.handleState = src_op->info.handleState; 573 dst_op->info.keySize = src_op->info.keySize; 574 575 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 576 dst_op->block_size != src_op->block_size) 577 TEE_Panic(0); 578 579 if (dst_op->buffer != NULL) { 580 if (src_op->buffer == NULL) 581 TEE_Panic(0); 582 583 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 584 dst_op->buffer_offs = src_op->buffer_offs; 585 } else if (src_op->buffer != NULL) { 586 TEE_Panic(0); 587 } 588 589 res = utee_cryp_state_copy(dst_op->state, src_op->state); 590 if (res != TEE_SUCCESS) 591 TEE_Panic(res); 592 } 593 594 /* Cryptographic Operations API - Message Digest Functions */ 595 596 void TEE_DigestUpdate(TEE_OperationHandle operation, 597 void *chunk, uint32_t chunkSize) 598 { 599 TEE_Result res = TEE_ERROR_GENERIC; 600 601 if (operation == TEE_HANDLE_NULL || 602 operation->info.operationClass != TEE_OPERATION_DIGEST) 603 TEE_Panic(0); 604 605 res = utee_hash_update(operation->state, chunk, chunkSize); 606 if (res != TEE_SUCCESS) 607 TEE_Panic(res); 608 } 609 610 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 611 uint32_t chunkLen, void *hash, uint32_t *hashLen) 612 { 613 if ((operation == TEE_HANDLE_NULL) || (!chunk && chunkLen) || 614 !hash || !hashLen || 615 (operation->info.operationClass != TEE_OPERATION_DIGEST)) 616 TEE_Panic(0); 617 618 return utee_hash_final(operation->state, chunk, chunkLen, hash, 619 hashLen); 620 } 621 622 /* Cryptographic Operations API - Symmetric Cipher Functions */ 623 624 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 625 { 626 TEE_Result res; 627 628 if (operation == TEE_HANDLE_NULL) 629 TEE_Panic(0); 630 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 631 TEE_Panic(0); 632 res = utee_cipher_init(operation->state, IV, IVLen); 633 if (res != TEE_SUCCESS) 634 TEE_Panic(res); 635 operation->buffer_offs = 0; 636 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 637 } 638 639 static TEE_Result tee_buffer_update( 640 TEE_OperationHandle op, 641 TEE_Result(*update_func) (uint32_t state, const void *src, 642 size_t slen, void *dst, uint32_t *dlen), 643 const void *src_data, size_t src_len, 644 void *dest_data, uint32_t *dest_len) 645 { 646 TEE_Result res; 647 const uint8_t *src = src_data; 648 size_t slen = src_len; 649 uint8_t *dst = dest_data; 650 size_t dlen = *dest_len; 651 size_t acc_dlen = 0; 652 uint32_t tmp_dlen; 653 size_t l; 654 size_t buffer_size; 655 size_t buffer_left; 656 657 if (op->buffer_two_blocks) { 658 buffer_size = op->block_size * 2; 659 buffer_left = 1; 660 } else { 661 buffer_size = op->block_size; 662 buffer_left = 0; 663 } 664 665 if (op->buffer_offs > 0) { 666 /* Fill up complete block */ 667 if (op->buffer_offs < op->block_size) 668 l = MIN(slen, op->block_size - op->buffer_offs); 669 else 670 l = MIN(slen, buffer_size - op->buffer_offs); 671 memcpy(op->buffer + op->buffer_offs, src, l); 672 op->buffer_offs += l; 673 src += l; 674 slen -= l; 675 if ((op->buffer_offs % op->block_size) != 0) 676 goto out; /* Nothing left to do */ 677 } 678 679 /* If we can feed from buffer */ 680 if ((op->buffer_offs > 0) && 681 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 682 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 683 op->block_size); 684 l = MIN(op->buffer_offs, l); 685 tmp_dlen = dlen; 686 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 687 if (res != TEE_SUCCESS) 688 TEE_Panic(res); 689 dst += tmp_dlen; 690 dlen -= tmp_dlen; 691 acc_dlen += tmp_dlen; 692 op->buffer_offs -= l; 693 if (op->buffer_offs > 0) { 694 /* 695 * Slen is small enough to be contained in rest buffer. 696 */ 697 memcpy(op->buffer, op->buffer + l, buffer_size - l); 698 memcpy(op->buffer + op->buffer_offs, src, slen); 699 op->buffer_offs += slen; 700 goto out; /* Nothing left to do */ 701 } 702 } 703 704 if (slen >= (buffer_size + buffer_left)) { 705 /* Buffer is empty, feed as much as possible from src */ 706 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 707 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 708 709 tmp_dlen = dlen; 710 res = update_func(op->state, src, l, dst, &tmp_dlen); 711 if (res != TEE_SUCCESS) 712 TEE_Panic(res); 713 src += l; 714 slen -= l; 715 dst += tmp_dlen; 716 dlen -= tmp_dlen; 717 acc_dlen += tmp_dlen; 718 } else { 719 /* 720 * Supplied data isn't well aligned, we're forced to 721 * feed through the buffer. 722 */ 723 while (slen >= op->block_size) { 724 memcpy(op->buffer, src, op->block_size); 725 726 tmp_dlen = dlen; 727 res = 728 update_func(op->state, op->buffer, 729 op->block_size, dst, &tmp_dlen); 730 if (res != TEE_SUCCESS) 731 TEE_Panic(res); 732 src += op->block_size; 733 slen -= op->block_size; 734 dst += tmp_dlen; 735 dlen -= tmp_dlen; 736 acc_dlen += tmp_dlen; 737 } 738 } 739 } 740 741 /* Slen is small enough to be contained in buffer. */ 742 memcpy(op->buffer + op->buffer_offs, src, slen); 743 op->buffer_offs += slen; 744 745 out: 746 *dest_len = acc_dlen; 747 return TEE_SUCCESS; 748 } 749 750 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 751 uint32_t srcLen, void *destData, uint32_t *destLen) 752 { 753 size_t req_dlen; 754 755 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 756 destLen == NULL || (destData == NULL && *destLen != 0)) 757 TEE_Panic(0); 758 if (op->info.operationClass != TEE_OPERATION_CIPHER) 759 TEE_Panic(0); 760 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 761 TEE_Panic(0); 762 763 /* Calculate required dlen */ 764 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 765 op->block_size; 766 if (op->buffer_two_blocks) { 767 if (req_dlen > op->block_size * 2) 768 req_dlen -= op->block_size * 2; 769 else 770 req_dlen = 0; 771 } 772 /* 773 * Check that required destLen is big enough before starting to feed 774 * data to the algorithm. Errors during feeding of data are fatal as we 775 * can't restore sync with this API. 776 */ 777 if (*destLen < req_dlen) { 778 *destLen = req_dlen; 779 return TEE_ERROR_SHORT_BUFFER; 780 } 781 782 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, destData, 783 destLen); 784 785 return TEE_SUCCESS; 786 } 787 788 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 789 const void *srcData, uint32_t srcLen, void *destData, 790 uint32_t *destLen) 791 { 792 TEE_Result res; 793 uint8_t *dst = destData; 794 size_t acc_dlen = 0; 795 uint32_t tmp_dlen; 796 size_t req_dlen; 797 798 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 799 destLen == NULL || (destData == NULL && *destLen != 0)) 800 TEE_Panic(0); 801 if (op->info.operationClass != TEE_OPERATION_CIPHER) 802 TEE_Panic(0); 803 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 804 TEE_Panic(0); 805 806 /* 807 * Check that the final block doesn't require padding for those 808 * algorithms that requires client to supply padding. 809 */ 810 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 811 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 812 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 813 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 814 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 815 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 816 if (((op->buffer_offs + srcLen) % op->block_size) != 0) 817 return TEE_ERROR_BAD_PARAMETERS; 818 } 819 820 /* 821 * Check that required destLen is big enough before starting to feed 822 * data to the algorithm. Errors during feeding of data are fatal as we 823 * can't restore sync with this API. 824 */ 825 req_dlen = op->buffer_offs + srcLen; 826 if (*destLen < req_dlen) { 827 *destLen = req_dlen; 828 return TEE_ERROR_SHORT_BUFFER; 829 } 830 831 tmp_dlen = *destLen - acc_dlen; 832 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 833 &tmp_dlen); 834 dst += tmp_dlen; 835 acc_dlen += tmp_dlen; 836 837 tmp_dlen = *destLen - acc_dlen; 838 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 839 dst, &tmp_dlen); 840 if (res != TEE_SUCCESS) 841 TEE_Panic(res); 842 acc_dlen += tmp_dlen; 843 844 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 845 *destLen = acc_dlen; 846 return TEE_SUCCESS; 847 } 848 849 /* Cryptographic Operations API - MAC Functions */ 850 851 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 852 { 853 TEE_Result res; 854 855 if (operation == TEE_HANDLE_NULL) 856 TEE_Panic(0); 857 if (IV == NULL && IVLen != 0) 858 TEE_Panic(0); 859 if (operation->info.operationClass != TEE_OPERATION_MAC) 860 TEE_Panic(0); 861 res = utee_hash_init(operation->state, IV, IVLen); 862 if (res != TEE_SUCCESS) 863 TEE_Panic(res); 864 operation->buffer_offs = 0; 865 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 866 } 867 868 void TEE_MACUpdate(TEE_OperationHandle op, const void *chunk, uint32_t chunkSize) 869 { 870 TEE_Result res; 871 872 if (op == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 873 TEE_Panic(0); 874 if (op->info.operationClass != TEE_OPERATION_MAC) 875 TEE_Panic(0); 876 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 877 TEE_Panic(0); 878 879 res = utee_hash_update(op->state, chunk, chunkSize); 880 if (res != TEE_SUCCESS) 881 TEE_Panic(res); 882 } 883 884 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle op, 885 const void *message, uint32_t messageLen, 886 void *mac, uint32_t *macLen) 887 { 888 TEE_Result res; 889 890 if (op == TEE_HANDLE_NULL || (message == NULL && messageLen != 0) || 891 mac == NULL || macLen == NULL) 892 TEE_Panic(0); 893 if (op->info.operationClass != TEE_OPERATION_MAC) 894 TEE_Panic(0); 895 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 896 TEE_Panic(0); 897 898 res = utee_hash_final(op->state, message, messageLen, mac, macLen); 899 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 900 return res; 901 } 902 903 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 904 const void *message, uint32_t messageLen, 905 const void *mac, uint32_t macLen) 906 { 907 TEE_Result res; 908 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 909 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 910 911 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 912 &computed_mac_size); 913 if (res != TEE_SUCCESS) 914 return res; 915 if (computed_mac_size != macLen) 916 return TEE_ERROR_MAC_INVALID; 917 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) 918 return TEE_ERROR_MAC_INVALID; 919 return TEE_SUCCESS; 920 } 921 922 /* Cryptographic Operations API - Authenticated Encryption Functions */ 923 924 TEE_Result TEE_AEInit(TEE_OperationHandle op, const void *nonce, 925 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 926 uint32_t payloadLen) 927 { 928 TEE_Result res; 929 930 if (op == TEE_HANDLE_NULL || nonce == NULL) 931 TEE_Panic(0); 932 if (op->info.operationClass != TEE_OPERATION_AE) 933 TEE_Panic(0); 934 935 /* 936 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 937 * in the implementation. But AES-GCM spec doesn't specify the tag len 938 * according to the same principle so we have to check here instead to 939 * be GP compliant. 940 */ 941 if (op->info.algorithm == TEE_ALG_AES_GCM) { 942 /* 943 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 944 */ 945 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) 946 return TEE_ERROR_NOT_SUPPORTED; 947 } 948 949 res = utee_authenc_init(op->state, nonce, nonceLen, tagLen / 8, AADLen, 950 payloadLen); 951 if (res != TEE_SUCCESS) { 952 if (res != TEE_ERROR_NOT_SUPPORTED) 953 TEE_Panic(res); 954 return res; 955 } 956 op->ae_tag_len = tagLen / 8; 957 958 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 959 return TEE_SUCCESS; 960 } 961 962 void TEE_AEUpdateAAD(TEE_OperationHandle op, const void *AADdata, 963 uint32_t AADdataLen) 964 { 965 TEE_Result res; 966 967 if (op == TEE_HANDLE_NULL || (AADdata == NULL && AADdataLen != 0)) 968 TEE_Panic(0); 969 if (op->info.operationClass != TEE_OPERATION_AE) 970 TEE_Panic(0); 971 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 972 TEE_Panic(0); 973 974 res = utee_authenc_update_aad(op->state, AADdata, AADdataLen); 975 if (res != TEE_SUCCESS) 976 TEE_Panic(res); 977 } 978 979 TEE_Result TEE_AEUpdate(TEE_OperationHandle op, const void *srcData, 980 uint32_t srcLen, void *destData, uint32_t *destLen) 981 { 982 size_t req_dlen; 983 984 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 985 destLen == NULL || (destData == NULL && *destLen != 0)) 986 TEE_Panic(0); 987 if (op->info.operationClass != TEE_OPERATION_AE) 988 TEE_Panic(0); 989 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 990 TEE_Panic(0); 991 992 /* 993 * Check that required destLen is big enough before starting to feed 994 * data to the algorithm. Errors during feeding of data are fatal as we 995 * can't restore sync with this API. 996 */ 997 req_dlen = ROUNDDOWN(op->buffer_offs + srcLen, op->block_size); 998 if (*destLen < req_dlen) { 999 *destLen = req_dlen; 1000 return TEE_ERROR_SHORT_BUFFER; 1001 } 1002 1003 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1004 destData, destLen); 1005 1006 return TEE_SUCCESS; 1007 } 1008 1009 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle op, 1010 const void *srcData, uint32_t srcLen, 1011 void *destData, uint32_t *destLen, void *tag, 1012 uint32_t *tagLen) 1013 { 1014 TEE_Result res; 1015 uint8_t *dst = destData; 1016 size_t acc_dlen = 0; 1017 uint32_t tmp_dlen; 1018 size_t req_dlen; 1019 1020 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1021 destLen == NULL || (destData == NULL && *destLen != 0) || 1022 tag == NULL || tagLen == NULL) 1023 TEE_Panic(0); 1024 if (op->info.operationClass != TEE_OPERATION_AE) 1025 TEE_Panic(0); 1026 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1027 TEE_Panic(0); 1028 1029 /* 1030 * Check that required destLen is big enough before starting to feed 1031 * data to the algorithm. Errors during feeding of data are fatal as we 1032 * can't restore sync with this API. 1033 */ 1034 req_dlen = op->buffer_offs + srcLen; 1035 if (*destLen < req_dlen) { 1036 *destLen = req_dlen; 1037 return TEE_ERROR_SHORT_BUFFER; 1038 } 1039 1040 /* 1041 * Need to check this before update_payload since sync would be lost if 1042 * we return short buffer after that. 1043 */ 1044 if (*tagLen < op->ae_tag_len) { 1045 *tagLen = op->ae_tag_len; 1046 return TEE_ERROR_SHORT_BUFFER; 1047 } 1048 1049 tmp_dlen = *destLen - acc_dlen; 1050 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1051 dst, &tmp_dlen); 1052 dst += tmp_dlen; 1053 acc_dlen += tmp_dlen; 1054 1055 tmp_dlen = *destLen - acc_dlen; 1056 res = 1057 utee_authenc_enc_final(op->state, op->buffer, op->buffer_offs, dst, 1058 &tmp_dlen, tag, tagLen); 1059 if (res != TEE_SUCCESS) 1060 TEE_Panic(res); 1061 acc_dlen += tmp_dlen; 1062 1063 *destLen = acc_dlen; 1064 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1065 1066 return res; 1067 } 1068 1069 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle op, 1070 const void *srcData, uint32_t srcLen, 1071 void *destData, uint32_t *destLen, const void *tag, 1072 uint32_t tagLen) 1073 { 1074 TEE_Result res; 1075 uint8_t *dst = destData; 1076 size_t acc_dlen = 0; 1077 uint32_t tmp_dlen; 1078 size_t req_dlen; 1079 1080 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1081 destLen == NULL || (destData == NULL && *destLen != 0) || 1082 (tag == NULL && tagLen != 0)) 1083 TEE_Panic(0); 1084 if (op->info.operationClass != TEE_OPERATION_AE) 1085 TEE_Panic(0); 1086 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1087 TEE_Panic(0); 1088 1089 /* 1090 * Check that required destLen is big enough before starting to feed 1091 * data to the algorithm. Errors during feeding of data are fatal as we 1092 * can't restore sync with this API. 1093 */ 1094 req_dlen = op->buffer_offs + srcLen; 1095 if (*destLen < req_dlen) { 1096 *destLen = req_dlen; 1097 return TEE_ERROR_SHORT_BUFFER; 1098 } 1099 1100 tmp_dlen = *destLen - acc_dlen; 1101 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1102 dst, &tmp_dlen); 1103 dst += tmp_dlen; 1104 acc_dlen += tmp_dlen; 1105 1106 tmp_dlen = *destLen - acc_dlen; 1107 res = 1108 utee_authenc_dec_final(op->state, op->buffer, op->buffer_offs, dst, 1109 &tmp_dlen, tag, tagLen); 1110 if (res != TEE_SUCCESS && res != TEE_ERROR_MAC_INVALID) 1111 TEE_Panic(res); 1112 /* Supplied tagLen should match what we initiated with */ 1113 if (tagLen != op->ae_tag_len) 1114 res = TEE_ERROR_MAC_INVALID; 1115 1116 acc_dlen += tmp_dlen; 1117 1118 *destLen = acc_dlen; 1119 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1120 1121 return res; 1122 } 1123 1124 /* Cryptographic Operations API - Asymmetric Functions */ 1125 1126 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle op, 1127 const TEE_Attribute *params, 1128 uint32_t paramCount, const void *srcData, 1129 uint32_t srcLen, void *destData, 1130 uint32_t *destLen) 1131 { 1132 TEE_Result res; 1133 1134 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1135 destLen == NULL || (destData == NULL && *destLen != 0)) 1136 TEE_Panic(0); 1137 if (paramCount != 0 && params == NULL) 1138 TEE_Panic(0); 1139 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1140 TEE_Panic(0); 1141 if (op->info.mode != TEE_MODE_ENCRYPT) 1142 TEE_Panic(0); 1143 1144 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1145 destData, destLen); 1146 if (res != TEE_SUCCESS && 1147 res != TEE_ERROR_SHORT_BUFFER && 1148 res != TEE_ERROR_BAD_PARAMETERS) 1149 TEE_Panic(res); 1150 return res; 1151 } 1152 1153 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle op, 1154 const TEE_Attribute *params, 1155 uint32_t paramCount, const void *srcData, 1156 uint32_t srcLen, void *destData, 1157 uint32_t *destLen) 1158 { 1159 TEE_Result res; 1160 1161 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1162 destLen == NULL || (destData == NULL && *destLen != 0)) 1163 TEE_Panic(0); 1164 if (paramCount != 0 && params == NULL) 1165 TEE_Panic(0); 1166 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1167 TEE_Panic(0); 1168 if (op->info.mode != TEE_MODE_DECRYPT) 1169 TEE_Panic(0); 1170 1171 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1172 destData, destLen); 1173 if (res != TEE_SUCCESS && 1174 res != TEE_ERROR_SHORT_BUFFER && 1175 res != TEE_ERROR_BAD_PARAMETERS) 1176 TEE_Panic(res); 1177 return res; 1178 } 1179 1180 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle op, 1181 const TEE_Attribute *params, 1182 uint32_t paramCount, const void *digest, 1183 uint32_t digestLen, void *signature, 1184 uint32_t *signatureLen) 1185 { 1186 TEE_Result res; 1187 1188 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1189 signature == NULL || signatureLen == NULL) 1190 TEE_Panic(0); 1191 if (paramCount != 0 && params == NULL) 1192 TEE_Panic(0); 1193 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1194 TEE_Panic(0); 1195 if (op->info.mode != TEE_MODE_SIGN) 1196 TEE_Panic(0); 1197 1198 res = 1199 utee_asymm_operate(op->state, params, paramCount, digest, digestLen, 1200 signature, signatureLen); 1201 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1202 TEE_Panic(res); 1203 return res; 1204 } 1205 1206 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle op, 1207 const TEE_Attribute *params, 1208 uint32_t paramCount, const void *digest, 1209 uint32_t digestLen, const void *signature, 1210 uint32_t signatureLen) 1211 { 1212 TEE_Result res; 1213 1214 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1215 (signature == NULL && signatureLen != 0)) 1216 TEE_Panic(0); 1217 if (paramCount != 0 && params == NULL) 1218 TEE_Panic(0); 1219 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1220 TEE_Panic(0); 1221 if (op->info.mode != TEE_MODE_VERIFY) 1222 TEE_Panic(0); 1223 1224 res = 1225 utee_asymm_verify(op->state, params, paramCount, digest, digestLen, 1226 signature, signatureLen); 1227 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1228 TEE_Panic(res); 1229 return res; 1230 } 1231 1232 /* Cryptographic Operations API - Key Derivation Functions */ 1233 1234 void TEE_DeriveKey(TEE_OperationHandle operation, 1235 const TEE_Attribute *params, uint32_t paramCount, 1236 TEE_ObjectHandle derivedKey) 1237 { 1238 TEE_Result res; 1239 TEE_ObjectInfo key_info; 1240 1241 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1242 TEE_Panic(0); 1243 if (paramCount != 0 && params == NULL) 1244 TEE_Panic(0); 1245 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1246 TEE_OPERATION_KEY_DERIVATION) 1247 TEE_Panic(0); 1248 1249 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1250 TEE_Panic(0); 1251 if (operation->info.mode != TEE_MODE_DERIVE) 1252 TEE_Panic(0); 1253 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1254 TEE_Panic(0); 1255 1256 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1257 if (res != TEE_SUCCESS) 1258 TEE_Panic(0); 1259 1260 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1261 TEE_Panic(0); 1262 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1263 TEE_Panic(0); 1264 1265 res = utee_cryp_derive_key(operation->state, params, paramCount, 1266 (uint32_t) derivedKey); 1267 if (res != TEE_SUCCESS) 1268 TEE_Panic(res); 1269 } 1270 1271 /* Cryptographic Operations API - Random Number Generation Functions */ 1272 1273 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1274 { 1275 TEE_Result res; 1276 1277 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1278 if (res != TEE_SUCCESS) 1279 TEE_Panic(res); 1280 } 1281