1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <assert.h> 7 #include <config.h> 8 #include <stdlib.h> 9 #include <string.h> 10 #include <string_ext.h> 11 #include <tee_api.h> 12 #include <tee_api_defines_extensions.h> 13 #include <tee_internal_api_extensions.h> 14 #include <utee_syscalls.h> 15 #include <utee_defines.h> 16 #include <util.h> 17 #include "tee_api_private.h" 18 19 struct __TEE_OperationHandle { 20 TEE_OperationInfo info; 21 TEE_ObjectHandle key1; 22 TEE_ObjectHandle key2; 23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 24 25 /* 26 * buffer to collect complete blocks or to keep a complete digest 27 * for TEE_DigestExtract(). 28 */ 29 uint8_t *buffer; 30 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 31 size_t block_size; /* Block size of cipher */ 32 size_t buffer_offs; /* Offset in buffer */ 33 uint32_t state; /* Handle to state in TEE Core */ 34 }; 35 36 /* Cryptographic Operations API - Generic Operation Functions */ 37 38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 39 uint32_t algorithm, uint32_t mode, 40 uint32_t maxKeySize) 41 { 42 TEE_Result res; 43 TEE_OperationHandle op = TEE_HANDLE_NULL; 44 uint32_t handle_state = 0; 45 size_t block_size = 1; 46 uint32_t req_key_usage; 47 bool with_private_key = false; 48 bool buffer_two_blocks = false; 49 50 if (!operation) 51 TEE_Panic(0); 52 53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 54 algorithm == TEE_ALG_SM4_XTS) 55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 56 57 /* Check algorithm max key size */ 58 switch (algorithm) { 59 case TEE_ALG_DSA_SHA1: 60 if (maxKeySize < 512) 61 return TEE_ERROR_NOT_SUPPORTED; 62 if (maxKeySize > 1024) 63 return TEE_ERROR_NOT_SUPPORTED; 64 if (maxKeySize % 64 != 0) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA224: 69 if (maxKeySize != 2048) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_DSA_SHA256: 74 if (maxKeySize != 2048 && maxKeySize != 3072) 75 return TEE_ERROR_NOT_SUPPORTED; 76 break; 77 78 case TEE_ALG_ECDSA_SHA1: 79 case __OPTEE_ALG_ECDSA_P192: 80 case __OPTEE_ALG_ECDH_P192: 81 if (maxKeySize != 192) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_SHA224: 86 case __OPTEE_ALG_ECDSA_P224: 87 case __OPTEE_ALG_ECDH_P224: 88 if (maxKeySize != 224) 89 return TEE_ERROR_NOT_SUPPORTED; 90 break; 91 92 case TEE_ALG_ECDSA_SHA256: 93 case __OPTEE_ALG_ECDSA_P256: 94 case __OPTEE_ALG_ECDH_P256: 95 case TEE_ALG_SM2_PKE: 96 case TEE_ALG_SM2_DSA_SM3: 97 if (maxKeySize != 256) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_SM2_KEP: 102 /* Two 256-bit keys */ 103 if (maxKeySize != 512) 104 return TEE_ERROR_NOT_SUPPORTED; 105 break; 106 107 case TEE_ALG_ECDSA_SHA384: 108 case __OPTEE_ALG_ECDSA_P384: 109 case __OPTEE_ALG_ECDH_P384: 110 if (maxKeySize != 384) 111 return TEE_ERROR_NOT_SUPPORTED; 112 break; 113 114 case TEE_ALG_ECDSA_SHA512: 115 case __OPTEE_ALG_ECDSA_P521: 116 case __OPTEE_ALG_ECDH_P521: 117 if (maxKeySize != 521) 118 return TEE_ERROR_NOT_SUPPORTED; 119 break; 120 121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 122 if (maxKeySize > 521) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 126 case TEE_ALG_ED25519: 127 case TEE_ALG_X25519: 128 if (maxKeySize != 256) 129 return TEE_ERROR_NOT_SUPPORTED; 130 break; 131 default: 132 break; 133 } 134 135 /* Check algorithm mode */ 136 switch (algorithm) { 137 case TEE_ALG_AES_CTS: 138 case TEE_ALG_AES_XTS: 139 case TEE_ALG_SM4_XTS: 140 buffer_two_blocks = true; 141 fallthrough; 142 case TEE_ALG_AES_ECB_NOPAD: 143 case TEE_ALG_AES_CBC_NOPAD: 144 case TEE_ALG_AES_CCM: 145 case TEE_ALG_DES_ECB_NOPAD: 146 case TEE_ALG_DES_CBC_NOPAD: 147 case TEE_ALG_DES3_ECB_NOPAD: 148 case TEE_ALG_DES3_CBC_NOPAD: 149 case TEE_ALG_SM4_ECB_NOPAD: 150 case TEE_ALG_SM4_CBC_NOPAD: 151 case TEE_ALG_SM4_CTR: 152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 153 block_size = TEE_AES_BLOCK_SIZE; 154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 155 block_size = TEE_SM4_BLOCK_SIZE; 156 else 157 block_size = TEE_DES_BLOCK_SIZE; 158 fallthrough; 159 case TEE_ALG_AES_CTR: 160 case TEE_ALG_AES_GCM: 161 if (mode == TEE_MODE_ENCRYPT) 162 req_key_usage = TEE_USAGE_ENCRYPT; 163 else if (mode == TEE_MODE_DECRYPT) 164 req_key_usage = TEE_USAGE_DECRYPT; 165 else 166 return TEE_ERROR_NOT_SUPPORTED; 167 break; 168 169 #if defined(CFG_CRYPTO_RSASSA_NA1) 170 case TEE_ALG_RSASSA_PKCS1_V1_5: 171 #endif 172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5: 179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 183 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 184 case TEE_ALG_DSA_SHA1: 185 case TEE_ALG_DSA_SHA224: 186 case TEE_ALG_DSA_SHA256: 187 case TEE_ALG_ECDSA_SHA1: 188 case TEE_ALG_ECDSA_SHA224: 189 case TEE_ALG_ECDSA_SHA256: 190 case TEE_ALG_ECDSA_SHA384: 191 case TEE_ALG_ECDSA_SHA512: 192 case __OPTEE_ALG_ECDSA_P192: 193 case __OPTEE_ALG_ECDSA_P224: 194 case __OPTEE_ALG_ECDSA_P256: 195 case __OPTEE_ALG_ECDSA_P384: 196 case __OPTEE_ALG_ECDSA_P521: 197 case TEE_ALG_SM2_DSA_SM3: 198 case TEE_ALG_ED25519: 199 if (mode == TEE_MODE_SIGN) { 200 with_private_key = true; 201 req_key_usage = TEE_USAGE_SIGN; 202 } else if (mode == TEE_MODE_VERIFY) { 203 req_key_usage = TEE_USAGE_VERIFY; 204 } else { 205 return TEE_ERROR_NOT_SUPPORTED; 206 } 207 break; 208 209 case TEE_ALG_RSAES_PKCS1_V1_5: 210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5: 211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 214 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 215 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 216 case TEE_ALG_SM2_PKE: 217 if (mode == TEE_MODE_ENCRYPT) { 218 req_key_usage = TEE_USAGE_ENCRYPT; 219 } else if (mode == TEE_MODE_DECRYPT) { 220 with_private_key = true; 221 req_key_usage = TEE_USAGE_DECRYPT; 222 } else { 223 return TEE_ERROR_NOT_SUPPORTED; 224 } 225 break; 226 227 case TEE_ALG_RSA_NOPAD: 228 if (mode == TEE_MODE_ENCRYPT) { 229 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 230 } else if (mode == TEE_MODE_DECRYPT) { 231 with_private_key = true; 232 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 233 } else { 234 return TEE_ERROR_NOT_SUPPORTED; 235 } 236 break; 237 238 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 239 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 240 case __OPTEE_ALG_ECDH_P192: 241 case __OPTEE_ALG_ECDH_P224: 242 case __OPTEE_ALG_ECDH_P256: 243 case __OPTEE_ALG_ECDH_P384: 244 case __OPTEE_ALG_ECDH_P521: 245 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 246 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 247 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 248 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 249 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 250 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 251 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 252 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 253 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 254 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 255 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 256 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 257 case TEE_ALG_SM2_KEP: 258 case TEE_ALG_X25519: 259 if (mode != TEE_MODE_DERIVE) 260 return TEE_ERROR_NOT_SUPPORTED; 261 with_private_key = true; 262 req_key_usage = TEE_USAGE_DERIVE; 263 break; 264 265 case TEE_ALG_MD5: 266 case TEE_ALG_SHA1: 267 case TEE_ALG_SHA224: 268 case TEE_ALG_SHA256: 269 case TEE_ALG_SHA384: 270 case TEE_ALG_SHA512: 271 case TEE_ALG_SHA3_224: 272 case TEE_ALG_SHA3_256: 273 case TEE_ALG_SHA3_384: 274 case TEE_ALG_SHA3_512: 275 case TEE_ALG_SHAKE128: 276 case TEE_ALG_SHAKE256: 277 case TEE_ALG_SM3: 278 if (mode != TEE_MODE_DIGEST) 279 return TEE_ERROR_NOT_SUPPORTED; 280 /* v1.1: flags always set for digest operations */ 281 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 282 req_key_usage = 0; 283 break; 284 285 case TEE_ALG_DES_CBC_MAC_NOPAD: 286 case TEE_ALG_AES_CBC_MAC_NOPAD: 287 case TEE_ALG_AES_CBC_MAC_PKCS5: 288 case TEE_ALG_AES_CMAC: 289 case TEE_ALG_DES_CBC_MAC_PKCS5: 290 case TEE_ALG_DES3_CBC_MAC_NOPAD: 291 case TEE_ALG_DES3_CBC_MAC_PKCS5: 292 case TEE_ALG_DES3_CMAC: 293 case TEE_ALG_HMAC_MD5: 294 case TEE_ALG_HMAC_SHA1: 295 case TEE_ALG_HMAC_SHA224: 296 case TEE_ALG_HMAC_SHA256: 297 case TEE_ALG_HMAC_SHA384: 298 case TEE_ALG_HMAC_SHA512: 299 case TEE_ALG_HMAC_SHA3_224: 300 case TEE_ALG_HMAC_SHA3_256: 301 case TEE_ALG_HMAC_SHA3_384: 302 case TEE_ALG_HMAC_SHA3_512: 303 case TEE_ALG_HMAC_SM3: 304 if (mode != TEE_MODE_MAC) 305 return TEE_ERROR_NOT_SUPPORTED; 306 req_key_usage = TEE_USAGE_MAC; 307 break; 308 309 default: 310 return TEE_ERROR_NOT_SUPPORTED; 311 } 312 313 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 314 if (!op) 315 return TEE_ERROR_OUT_OF_MEMORY; 316 317 op->info.algorithm = algorithm; 318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 319 #ifdef CFG_CRYPTO_RSASSA_NA1 320 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 322 #endif 323 op->info.mode = mode; 324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 325 op->info.maxKeySize = maxKeySize; 326 op->info.requiredKeyUsage = req_key_usage; 327 op->info.handleState = handle_state; 328 329 /* 330 * Needed to buffer the digest if TEE_DigestExtract() doesn't 331 * retrieve the entire digest in one go. 332 */ 333 if (op->info.operationClass == TEE_OPERATION_DIGEST) 334 block_size = op->info.digestLength; 335 336 if (block_size > 1) { 337 size_t buffer_size = block_size; 338 339 if (buffer_two_blocks) 340 buffer_size *= 2; 341 342 op->buffer = TEE_Malloc(buffer_size, 343 TEE_USER_MEM_HINT_NO_FILL_ZERO); 344 if (op->buffer == NULL) { 345 res = TEE_ERROR_OUT_OF_MEMORY; 346 goto out; 347 } 348 } 349 op->block_size = block_size; 350 op->buffer_two_blocks = buffer_two_blocks; 351 352 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 353 uint32_t mks = maxKeySize; 354 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 355 with_private_key); 356 357 /* 358 * If two keys are expected the max key size is the sum of 359 * the size of both keys. 360 */ 361 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 362 mks /= 2; 363 364 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 365 if (res != TEE_SUCCESS) 366 goto out; 367 368 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 369 res = TEE_AllocateTransientObject(key_type, mks, 370 &op->key2); 371 if (res != TEE_SUCCESS) 372 goto out; 373 } 374 } 375 376 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 377 (unsigned long)op->key2, &op->state); 378 if (res != TEE_SUCCESS) 379 goto out; 380 381 /* 382 * Initialize digest operations 383 * Other multi-stage operations initialized w/ TEE_xxxInit functions 384 * Non-applicable on asymmetric operations 385 */ 386 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 387 res = _utee_hash_init(op->state, NULL, 0); 388 if (res != TEE_SUCCESS) 389 goto out; 390 /* v1.1: flags always set for digest operations */ 391 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 392 } 393 394 op->operationState = TEE_OPERATION_STATE_INITIAL; 395 396 *operation = op; 397 398 out: 399 if (res != TEE_SUCCESS) { 400 if (res != TEE_ERROR_OUT_OF_MEMORY && 401 res != TEE_ERROR_NOT_SUPPORTED) 402 TEE_Panic(res); 403 if (op) { 404 if (op->state) { 405 TEE_FreeOperation(op); 406 } else { 407 TEE_Free(op->buffer); 408 TEE_FreeTransientObject(op->key1); 409 TEE_FreeTransientObject(op->key2); 410 TEE_Free(op); 411 } 412 } 413 } 414 415 return res; 416 } 417 418 void TEE_FreeOperation(TEE_OperationHandle operation) 419 { 420 TEE_Result res; 421 422 if (operation == TEE_HANDLE_NULL) 423 return; 424 425 /* 426 * Note that keys should not be freed here, since they are 427 * claimed by the operation they will be freed by 428 * utee_cryp_state_free(). 429 */ 430 res = _utee_cryp_state_free(operation->state); 431 if (res != TEE_SUCCESS) 432 TEE_Panic(res); 433 434 TEE_Free(operation->buffer); 435 TEE_Free(operation); 436 } 437 438 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation) 439 { 440 if (operation == TEE_HANDLE_NULL) 441 TEE_Panic(0); 442 TEE_FreeOperation(operation); 443 } 444 445 void TEE_GetOperationInfo(TEE_OperationHandle operation, 446 TEE_OperationInfo *operationInfo) 447 { 448 if (operation == TEE_HANDLE_NULL) 449 TEE_Panic(0); 450 451 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 452 453 *operationInfo = operation->info; 454 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 455 operationInfo->keySize = 0; 456 operationInfo->requiredKeyUsage = 0; 457 } 458 } 459 460 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 461 TEE_OperationInfoMultiple *op_info, 462 size_t *size) 463 { 464 TEE_Result res = TEE_SUCCESS; 465 TEE_ObjectInfo kinfo = { }; 466 size_t max_key_count = 0; 467 bool two_keys = false; 468 469 if (op == TEE_HANDLE_NULL) { 470 res = TEE_ERROR_BAD_PARAMETERS; 471 goto out; 472 } 473 474 __utee_check_outbuf_annotation(op_info, size); 475 476 if (*size < sizeof(*op_info)) { 477 res = TEE_ERROR_BAD_PARAMETERS; 478 goto out; 479 } 480 max_key_count = (*size - sizeof(*op_info)) / 481 sizeof(TEE_OperationInfoKey); 482 483 TEE_MemFill(op_info, 0, *size); 484 485 /* Two keys flag (TEE_ALG_AES_XTS only) */ 486 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 487 488 if (op->info.mode == TEE_MODE_DIGEST) { 489 op_info->numberOfKeys = 0; 490 } else if (!two_keys) { 491 if (max_key_count < 1) { 492 res = TEE_ERROR_SHORT_BUFFER; 493 goto out; 494 } 495 496 res = TEE_GetObjectInfo1(op->key1, &kinfo); 497 /* Key1 is not a valid handle, "can't happen". */ 498 if (res) 499 goto out; 500 501 op_info->keyInformation[0].keySize = kinfo.objectSize; 502 op_info->keyInformation[0].requiredKeyUsage = 503 op->info.requiredKeyUsage; 504 op_info->numberOfKeys = 1; 505 } else { 506 if (max_key_count < 2) { 507 res = TEE_ERROR_SHORT_BUFFER; 508 goto out; 509 } 510 511 res = TEE_GetObjectInfo1(op->key1, &kinfo); 512 /* Key1 is not a valid handle, "can't happen". */ 513 if (res) 514 goto out; 515 516 op_info->keyInformation[0].keySize = kinfo.objectSize; 517 op_info->keyInformation[0].requiredKeyUsage = 518 op->info.requiredKeyUsage; 519 520 res = TEE_GetObjectInfo1(op->key2, &kinfo); 521 /* Key2 is not a valid handle, "can't happen". */ 522 if (res) 523 goto out; 524 525 op_info->keyInformation[1].keySize = kinfo.objectSize; 526 op_info->keyInformation[1].requiredKeyUsage = 527 op->info.requiredKeyUsage; 528 529 op_info->numberOfKeys = 2; 530 } 531 532 op_info->algorithm = op->info.algorithm; 533 op_info->operationClass = op->info.operationClass; 534 op_info->mode = op->info.mode; 535 op_info->digestLength = op->info.digestLength; 536 op_info->maxKeySize = op->info.maxKeySize; 537 op_info->handleState = op->info.handleState; 538 op_info->operationState = op->operationState; 539 540 out: 541 if (res != TEE_SUCCESS && 542 res != TEE_ERROR_SHORT_BUFFER) 543 TEE_Panic(res); 544 545 return res; 546 } 547 548 TEE_Result 549 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 550 TEE_OperationInfoMultiple *info, 551 uint32_t *operationSize) 552 { 553 TEE_Result res = TEE_SUCCESS; 554 size_t s = 0; 555 556 __utee_check_gp11_outbuf_annotation(info, operationSize); 557 s = *operationSize; 558 res = TEE_GetOperationInfoMultiple(operation, info, &s); 559 *operationSize = s; 560 return res; 561 } 562 563 static void reset_operation_state(TEE_OperationHandle op) 564 { 565 op->operationState = TEE_OPERATION_STATE_INITIAL; 566 567 if (op->info.operationClass == TEE_OPERATION_DIGEST) { 568 TEE_Result res = _utee_hash_init(op->state, NULL, 0); 569 570 if (res != TEE_SUCCESS) 571 TEE_Panic(res); 572 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 573 } else { 574 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 575 } 576 } 577 578 void TEE_ResetOperation(TEE_OperationHandle operation) 579 { 580 if (operation == TEE_HANDLE_NULL) 581 TEE_Panic(0); 582 583 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 584 TEE_Panic(0); 585 586 reset_operation_state(operation); 587 } 588 589 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 590 TEE_ObjectHandle key) 591 { 592 TEE_Result res; 593 uint32_t key_size = 0; 594 TEE_ObjectInfo key_info; 595 596 if (operation == TEE_HANDLE_NULL) { 597 res = TEE_ERROR_BAD_PARAMETERS; 598 goto out; 599 } 600 601 if (key == TEE_HANDLE_NULL) { 602 /* Operation key cleared */ 603 TEE_ResetTransientObject(operation->key1); 604 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 605 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 606 reset_operation_state(operation); 607 return TEE_SUCCESS; 608 } 609 610 /* No key for digest operation */ 611 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 612 res = TEE_ERROR_BAD_PARAMETERS; 613 goto out; 614 } 615 616 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 617 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 618 0) { 619 res = TEE_ERROR_BAD_PARAMETERS; 620 goto out; 621 } 622 623 res = TEE_GetObjectInfo1(key, &key_info); 624 /* Key is not a valid handle */ 625 if (res != TEE_SUCCESS) 626 goto out; 627 628 /* Supplied key has to meet required usage */ 629 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 630 operation->info.requiredKeyUsage) { 631 res = TEE_ERROR_BAD_PARAMETERS; 632 goto out; 633 } 634 635 if (operation->info.maxKeySize < key_info.objectSize) { 636 res = TEE_ERROR_BAD_PARAMETERS; 637 goto out; 638 } 639 640 key_size = key_info.objectSize; 641 642 TEE_ResetTransientObject(operation->key1); 643 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 644 645 res = TEE_CopyObjectAttributes1(operation->key1, key); 646 if (res != TEE_SUCCESS) 647 goto out; 648 649 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 650 651 operation->info.keySize = key_size; 652 653 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 654 reset_operation_state(operation); 655 656 out: 657 if (res != TEE_SUCCESS && 658 res != TEE_ERROR_CORRUPT_OBJECT && 659 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 660 TEE_Panic(res); 661 662 return res; 663 } 664 665 TEE_Result __GP11_TEE_SetOperationKey(TEE_OperationHandle operation, 666 TEE_ObjectHandle key) 667 { 668 if (operation == TEE_HANDLE_NULL || 669 operation->operationState != TEE_OPERATION_STATE_INITIAL) 670 TEE_Panic(0); 671 672 return TEE_SetOperationKey(operation, key); 673 } 674 675 static TEE_Result set_operation_key2(TEE_OperationHandle operation, 676 TEE_ObjectHandle key1, 677 TEE_ObjectHandle key2) 678 { 679 TEE_Result res; 680 uint32_t key_size = 0; 681 TEE_ObjectInfo key_info1; 682 TEE_ObjectInfo key_info2; 683 684 if (operation == TEE_HANDLE_NULL) { 685 res = TEE_ERROR_BAD_PARAMETERS; 686 goto out; 687 } 688 689 /* 690 * Key1/Key2 and/or are not initialized and 691 * Either both keys are NULL or both are not NULL 692 */ 693 if (!key1 && !key2) { 694 /* Clear the keys */ 695 TEE_ResetTransientObject(operation->key1); 696 TEE_ResetTransientObject(operation->key2); 697 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 698 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 699 reset_operation_state(operation); 700 return TEE_SUCCESS; 701 } else if (!key1 || !key2) { 702 /* Both keys are obviously not valid. */ 703 res = TEE_ERROR_BAD_PARAMETERS; 704 goto out; 705 } 706 707 /* No key for digest operation */ 708 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 709 res = TEE_ERROR_BAD_PARAMETERS; 710 goto out; 711 } 712 713 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 714 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 715 0) { 716 res = TEE_ERROR_BAD_PARAMETERS; 717 goto out; 718 } 719 720 res = TEE_GetObjectInfo1(key1, &key_info1); 721 /* Key1 is not a valid handle */ 722 if (res != TEE_SUCCESS) 723 goto out; 724 725 /* Supplied key has to meet required usage */ 726 if ((key_info1.objectUsage & operation->info. 727 requiredKeyUsage) != operation->info.requiredKeyUsage) { 728 res = TEE_ERROR_BAD_PARAMETERS; 729 goto out; 730 } 731 732 res = TEE_GetObjectInfo1(key2, &key_info2); 733 /* Key2 is not a valid handle */ 734 if (res != TEE_SUCCESS) { 735 if (res == TEE_ERROR_CORRUPT_OBJECT) 736 res = TEE_ERROR_CORRUPT_OBJECT_2; 737 goto out; 738 } 739 740 /* Supplied key has to meet required usage */ 741 if ((key_info2.objectUsage & operation->info. 742 requiredKeyUsage) != operation->info.requiredKeyUsage) { 743 res = TEE_ERROR_BAD_PARAMETERS; 744 goto out; 745 } 746 747 /* 748 * All the multi key algorithm currently supported requires the keys to 749 * be of equal size. 750 */ 751 if (key_info1.objectSize != key_info2.objectSize) { 752 res = TEE_ERROR_BAD_PARAMETERS; 753 goto out; 754 755 } 756 757 if (operation->info.maxKeySize < key_info1.objectSize) { 758 res = TEE_ERROR_BAD_PARAMETERS; 759 goto out; 760 } 761 762 /* 763 * Odd that only the size of one key should be reported while 764 * size of two key are used when allocating the operation. 765 */ 766 key_size = key_info1.objectSize; 767 768 TEE_ResetTransientObject(operation->key1); 769 TEE_ResetTransientObject(operation->key2); 770 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 771 772 res = TEE_CopyObjectAttributes1(operation->key1, key1); 773 if (res != TEE_SUCCESS) 774 goto out; 775 res = TEE_CopyObjectAttributes1(operation->key2, key2); 776 if (res != TEE_SUCCESS) { 777 if (res == TEE_ERROR_CORRUPT_OBJECT) 778 res = TEE_ERROR_CORRUPT_OBJECT_2; 779 goto out; 780 } 781 782 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 783 784 operation->info.keySize = key_size; 785 786 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 787 reset_operation_state(operation); 788 out: 789 if (res != TEE_SUCCESS && 790 res != TEE_ERROR_CORRUPT_OBJECT && 791 res != TEE_ERROR_CORRUPT_OBJECT_2 && 792 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 793 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 794 TEE_Panic(res); 795 796 return res; 797 } 798 799 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 800 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 801 { 802 if (operation != TEE_HANDLE_NULL && key1 && key1 == key2) 803 return TEE_ERROR_SECURITY; 804 805 return set_operation_key2(operation, key1, key2); 806 } 807 808 TEE_Result __GP11_TEE_SetOperationKey2(TEE_OperationHandle operation, 809 TEE_ObjectHandle key1, 810 TEE_ObjectHandle key2) 811 { 812 if (operation == TEE_HANDLE_NULL || 813 operation->operationState != TEE_OPERATION_STATE_INITIAL) 814 TEE_Panic(0); 815 816 return set_operation_key2(operation, key1, key2); 817 } 818 819 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 820 { 821 TEE_Result res; 822 823 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 824 TEE_Panic(0); 825 if (dst_op->info.algorithm != src_op->info.algorithm) 826 TEE_Panic(0); 827 if (dst_op->info.mode != src_op->info.mode) 828 TEE_Panic(0); 829 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 830 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 831 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 832 833 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 834 key1 = src_op->key1; 835 key2 = src_op->key2; 836 } 837 838 if ((src_op->info.handleState & 839 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 840 TEE_SetOperationKey(dst_op, key1); 841 } else { 842 TEE_SetOperationKey2(dst_op, key1, key2); 843 } 844 } 845 dst_op->info.handleState = src_op->info.handleState; 846 dst_op->info.keySize = src_op->info.keySize; 847 dst_op->info.digestLength = src_op->info.digestLength; 848 dst_op->operationState = src_op->operationState; 849 850 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 851 dst_op->block_size != src_op->block_size) 852 TEE_Panic(0); 853 854 if (dst_op->buffer != NULL) { 855 size_t sz = src_op->block_size; 856 857 if (src_op->buffer == NULL) 858 TEE_Panic(0); 859 860 if (src_op->buffer_two_blocks) 861 sz *= 2; 862 memcpy(dst_op->buffer, src_op->buffer, sz); 863 dst_op->buffer_offs = src_op->buffer_offs; 864 } else if (src_op->buffer != NULL) { 865 TEE_Panic(0); 866 } 867 868 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 869 if (res != TEE_SUCCESS) 870 TEE_Panic(res); 871 } 872 873 /* Cryptographic Operations API - Message Digest Functions */ 874 875 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 876 uint32_t IVLen) 877 { 878 TEE_Result res; 879 880 /* 881 * Note : IV and IVLen are never used in current implementation 882 * This is why coherent values of IV and IVLen are not checked 883 */ 884 res = _utee_hash_init(operation->state, IV, IVLen); 885 if (res != TEE_SUCCESS) 886 TEE_Panic(res); 887 operation->buffer_offs = 0; 888 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 889 } 890 891 void TEE_DigestUpdate(TEE_OperationHandle operation, 892 const void *chunk, size_t chunkSize) 893 { 894 TEE_Result res = TEE_ERROR_GENERIC; 895 896 if (operation == TEE_HANDLE_NULL || 897 operation->info.operationClass != TEE_OPERATION_DIGEST) 898 TEE_Panic(0); 899 900 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 901 902 res = _utee_hash_update(operation->state, chunk, chunkSize); 903 if (res != TEE_SUCCESS) 904 TEE_Panic(res); 905 } 906 907 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation, 908 const void *chunk, uint32_t chunkSize) 909 { 910 return TEE_DigestUpdate(operation, chunk, chunkSize); 911 } 912 913 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 914 size_t chunkLen, void *hash, size_t *hashLen) 915 { 916 TEE_Result res = TEE_SUCCESS; 917 uint64_t hl = 0; 918 size_t len = 0; 919 920 if ((operation == TEE_HANDLE_NULL) || 921 (!chunk && chunkLen) || 922 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 923 res = TEE_ERROR_BAD_PARAMETERS; 924 goto out; 925 } 926 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 927 chunkLen) { 928 res = TEE_ERROR_BAD_PARAMETERS; 929 goto out; 930 } 931 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 932 933 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 934 operation->buffer) { 935 /* 936 * This is not an Extendable-Output Function and we have 937 * already started extracting 938 */ 939 len = MIN(operation->block_size - operation->buffer_offs, 940 *hashLen); 941 memcpy(hash, operation->buffer + operation->buffer_offs, len); 942 *hashLen = len; 943 } else { 944 hl = *hashLen; 945 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, 946 &hl); 947 *hashLen = hl; 948 if (res) 949 goto out; 950 } 951 952 /* Reset operation state */ 953 init_hash_operation(operation, NULL, 0); 954 955 operation->operationState = TEE_OPERATION_STATE_INITIAL; 956 957 out: 958 if (res != TEE_SUCCESS && 959 res != TEE_ERROR_SHORT_BUFFER) 960 TEE_Panic(res); 961 962 return res; 963 } 964 965 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation, 966 const void *chunk, uint32_t chunkLen, 967 void *hash, uint32_t *hashLen) 968 { 969 TEE_Result res = TEE_SUCCESS; 970 size_t l = 0; 971 972 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 973 l = *hashLen; 974 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l); 975 *hashLen = l; 976 return res; 977 } 978 979 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash, 980 size_t *hashLen) 981 { 982 TEE_Result res = TEE_SUCCESS; 983 uint64_t hl = 0; 984 size_t len = 0; 985 986 if (operation == TEE_HANDLE_NULL || 987 operation->info.operationClass != TEE_OPERATION_DIGEST) 988 TEE_Panic(0); 989 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 990 991 if (!operation->buffer) { 992 /* This is an Extendable-Output Function */ 993 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 994 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 995 hl = *hashLen; 996 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl); 997 if (res) 998 TEE_Panic(0); 999 *hashLen = hl; 1000 1001 return TEE_SUCCESS; 1002 } 1003 1004 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) { 1005 hl = operation->block_size; 1006 res = _utee_hash_final(operation->state, NULL, 0, 1007 operation->buffer, &hl); 1008 if (res) 1009 TEE_Panic(0); 1010 if (hl != operation->block_size) 1011 TEE_Panic(0); 1012 assert(!operation->buffer_offs); 1013 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 1014 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 1015 } 1016 1017 len = MIN(operation->block_size - operation->buffer_offs, *hashLen); 1018 memcpy(hash, operation->buffer + operation->buffer_offs, len); 1019 *hashLen = len; 1020 operation->buffer_offs += len; 1021 1022 return TEE_SUCCESS; 1023 } 1024 1025 /* Cryptographic Operations API - Symmetric Cipher Functions */ 1026 1027 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1028 size_t IVLen) 1029 { 1030 TEE_Result res; 1031 1032 if (operation == TEE_HANDLE_NULL) 1033 TEE_Panic(0); 1034 1035 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 1036 TEE_Panic(0); 1037 1038 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1039 !(operation->key1)) 1040 TEE_Panic(0); 1041 1042 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1043 TEE_ResetOperation(operation); 1044 1045 if (IV && IVLen) { 1046 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1047 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1048 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1049 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 1050 TEE_Panic(0); 1051 } 1052 1053 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1054 1055 res = _utee_cipher_init(operation->state, IV, IVLen); 1056 if (res != TEE_SUCCESS) 1057 TEE_Panic(res); 1058 1059 operation->buffer_offs = 0; 1060 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1061 } 1062 1063 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1064 uint32_t IVLen) 1065 { 1066 return TEE_CipherInit(operation, IV, IVLen); 1067 } 1068 1069 static TEE_Result tee_buffer_update( 1070 TEE_OperationHandle op, 1071 TEE_Result(*update_func)(unsigned long state, const void *src, 1072 size_t slen, void *dst, uint64_t *dlen), 1073 const void *src_data, size_t src_len, 1074 void *dest_data, uint64_t *dest_len) 1075 { 1076 TEE_Result res; 1077 const uint8_t *src = src_data; 1078 size_t slen = src_len; 1079 uint8_t *dst = dest_data; 1080 size_t dlen = *dest_len; 1081 size_t acc_dlen = 0; 1082 uint64_t tmp_dlen; 1083 size_t l; 1084 size_t buffer_size; 1085 size_t buffer_left; 1086 1087 if (!src) { 1088 if (slen) 1089 TEE_Panic(0); 1090 goto out; 1091 } 1092 1093 if (op->buffer_two_blocks) { 1094 buffer_size = op->block_size * 2; 1095 buffer_left = 1; 1096 } else { 1097 buffer_size = op->block_size; 1098 buffer_left = 0; 1099 } 1100 1101 if (op->buffer_offs > 0) { 1102 /* Fill up complete block */ 1103 if (op->buffer_offs < op->block_size) 1104 l = MIN(slen, op->block_size - op->buffer_offs); 1105 else 1106 l = MIN(slen, buffer_size - op->buffer_offs); 1107 memcpy(op->buffer + op->buffer_offs, src, l); 1108 op->buffer_offs += l; 1109 src += l; 1110 slen -= l; 1111 if ((op->buffer_offs % op->block_size) != 0) 1112 goto out; /* Nothing left to do */ 1113 } 1114 1115 /* If we can feed from buffer */ 1116 if ((op->buffer_offs > 0) && 1117 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 1118 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 1119 op->block_size); 1120 l = MIN(op->buffer_offs, l); 1121 /* 1122 * If we're buffering only a single block, process it 1123 * immediately. 1124 */ 1125 if (!op->buffer_two_blocks) 1126 l = op->block_size; 1127 tmp_dlen = dlen; 1128 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 1129 if (res != TEE_SUCCESS) 1130 TEE_Panic(res); 1131 dst += tmp_dlen; 1132 dlen -= tmp_dlen; 1133 acc_dlen += tmp_dlen; 1134 op->buffer_offs -= l; 1135 if (op->buffer_offs > 0) { 1136 /* 1137 * Slen is small enough to be contained in rest buffer. 1138 */ 1139 memcpy(op->buffer, op->buffer + l, buffer_size - l); 1140 memcpy(op->buffer + op->buffer_offs, src, slen); 1141 op->buffer_offs += slen; 1142 goto out; /* Nothing left to do */ 1143 } 1144 } 1145 1146 if (slen >= (buffer_size + buffer_left)) { 1147 /* Buffer is empty, feed as much as possible from src */ 1148 if (op->buffer_two_blocks) 1149 l = ROUNDUP(slen - buffer_size, op->block_size); 1150 else 1151 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 1152 1153 tmp_dlen = dlen; 1154 res = update_func(op->state, src, l, dst, &tmp_dlen); 1155 if (res != TEE_SUCCESS) 1156 TEE_Panic(res); 1157 src += l; 1158 slen -= l; 1159 dst += tmp_dlen; 1160 dlen -= tmp_dlen; 1161 acc_dlen += tmp_dlen; 1162 } 1163 1164 /* Slen is small enough to be contained in buffer. */ 1165 memcpy(op->buffer + op->buffer_offs, src, slen); 1166 op->buffer_offs += slen; 1167 1168 out: 1169 *dest_len = acc_dlen; 1170 return TEE_SUCCESS; 1171 } 1172 1173 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 1174 size_t srcLen, void *destData, size_t *destLen) 1175 { 1176 TEE_Result res; 1177 size_t req_dlen; 1178 uint64_t dl; 1179 1180 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1181 res = TEE_ERROR_BAD_PARAMETERS; 1182 goto out; 1183 } 1184 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1185 1186 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1187 res = TEE_ERROR_BAD_PARAMETERS; 1188 goto out; 1189 } 1190 1191 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1192 res = TEE_ERROR_BAD_PARAMETERS; 1193 goto out; 1194 } 1195 1196 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1197 res = TEE_ERROR_BAD_PARAMETERS; 1198 goto out; 1199 } 1200 1201 if (!srcData && !srcLen) { 1202 *destLen = 0; 1203 res = TEE_SUCCESS; 1204 goto out; 1205 } 1206 1207 /* Calculate required dlen */ 1208 if (operation->block_size > 1) { 1209 req_dlen = ((operation->buffer_offs + srcLen) / 1210 operation->block_size) * operation->block_size; 1211 } else { 1212 req_dlen = srcLen; 1213 } 1214 if (operation->buffer_two_blocks) { 1215 if (operation->buffer_offs + srcLen > 1216 operation->block_size * 2) { 1217 req_dlen = operation->buffer_offs + srcLen - 1218 operation->block_size * 2; 1219 req_dlen = ROUNDUP(req_dlen, operation->block_size); 1220 } else { 1221 req_dlen = 0; 1222 } 1223 } 1224 /* 1225 * Check that required destLen is big enough before starting to feed 1226 * data to the algorithm. Errors during feeding of data are fatal as we 1227 * can't restore sync with this API. 1228 */ 1229 if (*destLen < req_dlen) { 1230 *destLen = req_dlen; 1231 res = TEE_ERROR_SHORT_BUFFER; 1232 goto out; 1233 } 1234 1235 dl = *destLen; 1236 if (operation->block_size > 1) { 1237 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1238 srcLen, destData, &dl); 1239 } else { 1240 if (srcLen > 0) { 1241 res = _utee_cipher_update(operation->state, srcData, 1242 srcLen, destData, &dl); 1243 } else { 1244 res = TEE_SUCCESS; 1245 dl = 0; 1246 } 1247 } 1248 *destLen = dl; 1249 1250 out: 1251 if (res != TEE_SUCCESS && 1252 res != TEE_ERROR_SHORT_BUFFER) 1253 TEE_Panic(res); 1254 1255 return res; 1256 } 1257 1258 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation, 1259 const void *srcData, uint32_t srcLen, 1260 void *destData, uint32_t *destLen) 1261 { 1262 TEE_Result res = TEE_SUCCESS; 1263 size_t dl = 0; 1264 1265 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1266 dl = *destLen; 1267 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl); 1268 *destLen = dl; 1269 return res; 1270 } 1271 1272 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1273 const void *srcData, size_t srcLen, 1274 void *destData, size_t *destLen) 1275 { 1276 TEE_Result res = TEE_SUCCESS; 1277 uint8_t *dst = destData; 1278 size_t acc_dlen = 0; 1279 uint64_t tmp_dlen = 0; 1280 size_t req_dlen = 0; 1281 1282 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1283 res = TEE_ERROR_BAD_PARAMETERS; 1284 goto out; 1285 } 1286 if (destLen) 1287 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1288 1289 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1290 res = TEE_ERROR_BAD_PARAMETERS; 1291 goto out; 1292 } 1293 1294 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1295 res = TEE_ERROR_BAD_PARAMETERS; 1296 goto out; 1297 } 1298 1299 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1300 res = TEE_ERROR_BAD_PARAMETERS; 1301 goto out; 1302 } 1303 1304 /* 1305 * Check that the final block doesn't require padding for those 1306 * algorithms that requires client to supply padding. 1307 */ 1308 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1309 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1310 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1311 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1312 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1313 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1314 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1315 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1316 if (((operation->buffer_offs + srcLen) % operation->block_size) 1317 != 0) { 1318 res = TEE_ERROR_BAD_PARAMETERS; 1319 goto out; 1320 } 1321 } 1322 1323 /* 1324 * Check that required destLen is big enough before starting to feed 1325 * data to the algorithm. Errors during feeding of data are fatal as we 1326 * can't restore sync with this API. 1327 */ 1328 if (operation->block_size > 1) { 1329 req_dlen = operation->buffer_offs + srcLen; 1330 } else { 1331 req_dlen = srcLen; 1332 } 1333 if (destLen) 1334 tmp_dlen = *destLen; 1335 if (tmp_dlen < req_dlen) { 1336 if (destLen) 1337 *destLen = req_dlen; 1338 res = TEE_ERROR_SHORT_BUFFER; 1339 goto out; 1340 } 1341 1342 if (operation->block_size > 1) { 1343 if (srcLen) { 1344 res = tee_buffer_update(operation, _utee_cipher_update, 1345 srcData, srcLen, dst, 1346 &tmp_dlen); 1347 if (res != TEE_SUCCESS) 1348 goto out; 1349 1350 dst += tmp_dlen; 1351 acc_dlen += tmp_dlen; 1352 1353 tmp_dlen = *destLen - acc_dlen; 1354 } 1355 res = _utee_cipher_final(operation->state, operation->buffer, 1356 operation->buffer_offs, dst, 1357 &tmp_dlen); 1358 } else { 1359 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1360 &tmp_dlen); 1361 } 1362 if (res != TEE_SUCCESS) 1363 goto out; 1364 1365 acc_dlen += tmp_dlen; 1366 if (destLen) 1367 *destLen = acc_dlen; 1368 1369 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1370 1371 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1372 1373 out: 1374 if (res != TEE_SUCCESS && 1375 res != TEE_ERROR_SHORT_BUFFER) 1376 TEE_Panic(res); 1377 1378 return res; 1379 } 1380 1381 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation, 1382 const void *srcData, uint32_t srcLen, 1383 void *destData, uint32_t *destLen) 1384 { 1385 TEE_Result res = TEE_SUCCESS; 1386 size_t dl = 0; 1387 1388 if (destLen) { 1389 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1390 dl = *destLen; 1391 } 1392 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl); 1393 if (destLen) 1394 *destLen = dl; 1395 return res; 1396 } 1397 1398 /* Cryptographic Operations API - MAC Functions */ 1399 1400 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 1401 { 1402 if (operation == TEE_HANDLE_NULL) 1403 TEE_Panic(0); 1404 1405 if (operation->info.operationClass != TEE_OPERATION_MAC) 1406 TEE_Panic(0); 1407 1408 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1409 !(operation->key1)) 1410 TEE_Panic(0); 1411 1412 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1413 TEE_ResetOperation(operation); 1414 1415 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1416 1417 init_hash_operation(operation, IV, IVLen); 1418 } 1419 1420 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV, 1421 uint32_t IVLen) 1422 { 1423 return TEE_MACInit(operation, IV, IVLen); 1424 } 1425 1426 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1427 size_t chunkSize) 1428 { 1429 TEE_Result res; 1430 1431 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1432 TEE_Panic(0); 1433 1434 if (operation->info.operationClass != TEE_OPERATION_MAC) 1435 TEE_Panic(0); 1436 1437 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1438 TEE_Panic(0); 1439 1440 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1441 TEE_Panic(0); 1442 1443 res = _utee_hash_update(operation->state, chunk, chunkSize); 1444 if (res != TEE_SUCCESS) 1445 TEE_Panic(res); 1446 } 1447 1448 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1449 uint32_t chunkSize) 1450 { 1451 return TEE_MACUpdate(operation, chunk, chunkSize); 1452 } 1453 1454 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1455 const void *message, size_t messageLen, 1456 void *mac, size_t *macLen) 1457 { 1458 TEE_Result res; 1459 uint64_t ml; 1460 1461 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1462 res = TEE_ERROR_BAD_PARAMETERS; 1463 goto out; 1464 } 1465 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1466 1467 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1468 res = TEE_ERROR_BAD_PARAMETERS; 1469 goto out; 1470 } 1471 1472 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1473 res = TEE_ERROR_BAD_PARAMETERS; 1474 goto out; 1475 } 1476 1477 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1478 res = TEE_ERROR_BAD_PARAMETERS; 1479 goto out; 1480 } 1481 1482 ml = *macLen; 1483 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1484 *macLen = ml; 1485 if (res != TEE_SUCCESS) 1486 goto out; 1487 1488 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1489 1490 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1491 1492 out: 1493 if (res != TEE_SUCCESS && 1494 res != TEE_ERROR_SHORT_BUFFER) 1495 TEE_Panic(res); 1496 1497 return res; 1498 } 1499 1500 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation, 1501 const void *message, uint32_t messageLen, 1502 void *mac, uint32_t *macLen) 1503 { 1504 TEE_Result res = TEE_SUCCESS; 1505 size_t ml = 0; 1506 1507 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1508 ml = *macLen; 1509 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml); 1510 *macLen = ml; 1511 return res; 1512 } 1513 1514 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1515 const void *message, size_t messageLen, 1516 const void *mac, size_t macLen) 1517 { 1518 TEE_Result res; 1519 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1520 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 1521 1522 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1523 res = TEE_ERROR_BAD_PARAMETERS; 1524 goto out; 1525 } 1526 1527 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1528 res = TEE_ERROR_BAD_PARAMETERS; 1529 goto out; 1530 } 1531 1532 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1533 res = TEE_ERROR_BAD_PARAMETERS; 1534 goto out; 1535 } 1536 1537 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1538 &computed_mac_size); 1539 if (res != TEE_SUCCESS) 1540 goto out; 1541 1542 if (computed_mac_size != macLen) { 1543 res = TEE_ERROR_MAC_INVALID; 1544 goto out; 1545 } 1546 1547 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1548 res = TEE_ERROR_MAC_INVALID; 1549 goto out; 1550 } 1551 1552 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1553 1554 out: 1555 if (res != TEE_SUCCESS && 1556 res != TEE_ERROR_MAC_INVALID) 1557 TEE_Panic(res); 1558 1559 return res; 1560 } 1561 1562 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation, 1563 const void *message, uint32_t messageLen, 1564 const void *mac, uint32_t macLen) 1565 { 1566 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen); 1567 } 1568 1569 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1570 1571 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1572 size_t nonceLen, uint32_t tagLen, size_t AADLen, 1573 size_t payloadLen) 1574 { 1575 TEE_Result res; 1576 1577 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1578 res = TEE_ERROR_BAD_PARAMETERS; 1579 goto out; 1580 } 1581 1582 if (operation->info.operationClass != TEE_OPERATION_AE) { 1583 res = TEE_ERROR_BAD_PARAMETERS; 1584 goto out; 1585 } 1586 1587 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1588 res = TEE_ERROR_BAD_PARAMETERS; 1589 goto out; 1590 } 1591 1592 /* 1593 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1594 * in the implementation. But AES-GCM spec doesn't specify the tag len 1595 * according to the same principle so we have to check here instead to 1596 * be GP compliant. 1597 */ 1598 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1599 /* 1600 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1601 */ 1602 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1603 res = TEE_ERROR_NOT_SUPPORTED; 1604 goto out; 1605 } 1606 } 1607 1608 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1609 AADLen, payloadLen); 1610 if (res != TEE_SUCCESS) 1611 goto out; 1612 1613 operation->info.digestLength = tagLen / 8; 1614 operation->buffer_offs = 0; 1615 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1616 1617 out: 1618 if (res != TEE_SUCCESS && 1619 res != TEE_ERROR_NOT_SUPPORTED) 1620 TEE_Panic(res); 1621 1622 return res; 1623 } 1624 1625 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1626 uint32_t nonceLen, uint32_t tagLen, 1627 uint32_t AADLen, uint32_t payloadLen) 1628 { 1629 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen, 1630 payloadLen); 1631 } 1632 1633 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1634 size_t AADdataLen) 1635 { 1636 TEE_Result res = TEE_SUCCESS; 1637 1638 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen)) 1639 TEE_Panic(0); 1640 1641 if (operation->info.operationClass != TEE_OPERATION_AE) 1642 TEE_Panic(0); 1643 1644 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1645 TEE_Panic(0); 1646 1647 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1648 TEE_Panic(0); 1649 1650 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1651 if (res != TEE_SUCCESS) 1652 TEE_Panic(res); 1653 } 1654 1655 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1656 uint32_t AADdataLen) 1657 { 1658 TEE_Result res = TEE_SUCCESS; 1659 1660 if (operation == TEE_HANDLE_NULL || 1661 (AADdata == NULL && AADdataLen != 0)) 1662 TEE_Panic(0); 1663 1664 if (operation->info.operationClass != TEE_OPERATION_AE) 1665 TEE_Panic(0); 1666 1667 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1668 TEE_Panic(0); 1669 1670 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1671 1672 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1673 1674 if (res != TEE_SUCCESS) 1675 TEE_Panic(res); 1676 } 1677 1678 static TEE_Result ae_update_helper(TEE_OperationHandle operation, 1679 const void *src, size_t slen, void *dst, 1680 size_t *dlen) 1681 { 1682 TEE_Result res = TEE_SUCCESS; 1683 size_t req_dlen = 0; 1684 uint64_t dl = 0; 1685 1686 if (!src && !slen) { 1687 *dlen = 0; 1688 return TEE_SUCCESS; 1689 } 1690 1691 /* 1692 * Check that required destLen is big enough before starting to feed 1693 * data to the algorithm. Errors during feeding of data are fatal as we 1694 * can't restore sync with this API. 1695 */ 1696 if (operation->block_size > 1) { 1697 req_dlen = ROUNDDOWN(operation->buffer_offs + slen, 1698 operation->block_size); 1699 } else { 1700 req_dlen = slen; 1701 } 1702 1703 dl = *dlen; 1704 if (dl < req_dlen) { 1705 *dlen = req_dlen; 1706 return TEE_ERROR_SHORT_BUFFER; 1707 } 1708 1709 if (operation->block_size > 1) { 1710 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1711 src, slen, dst, &dl); 1712 } else { 1713 if (slen > 0) { 1714 res = _utee_authenc_update_payload(operation->state, 1715 src, slen, dst, &dl); 1716 } else { 1717 dl = 0; 1718 res = TEE_SUCCESS; 1719 } 1720 } 1721 1722 if (!res) 1723 *dlen = dl; 1724 1725 return res; 1726 } 1727 1728 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1729 size_t srcLen, void *destData, size_t *destLen) 1730 { 1731 TEE_Result res = TEE_SUCCESS; 1732 1733 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1734 res = TEE_ERROR_BAD_PARAMETERS; 1735 goto out; 1736 } 1737 __utee_check_outbuf_annotation(destData, destLen); 1738 1739 if (operation->info.operationClass != TEE_OPERATION_AE) { 1740 res = TEE_ERROR_BAD_PARAMETERS; 1741 goto out; 1742 } 1743 1744 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1745 res = TEE_ERROR_BAD_PARAMETERS; 1746 goto out; 1747 } 1748 1749 res = ae_update_helper(operation, srcData, srcLen, destData, destLen); 1750 if (res != TEE_ERROR_SHORT_BUFFER && srcLen) 1751 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1752 1753 out: 1754 if (res != TEE_SUCCESS && 1755 res != TEE_ERROR_SHORT_BUFFER) 1756 TEE_Panic(res); 1757 1758 return res; 1759 } 1760 1761 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation, 1762 const void *srcData, uint32_t srcLen, 1763 void *destData, uint32_t *destLen) 1764 { 1765 TEE_Result res = TEE_SUCCESS; 1766 size_t dl = 0; 1767 1768 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1769 res = TEE_ERROR_BAD_PARAMETERS; 1770 goto out; 1771 } 1772 __utee_check_gp11_outbuf_annotation(destData, destLen); 1773 1774 if (operation->info.operationClass != TEE_OPERATION_AE) { 1775 res = TEE_ERROR_BAD_PARAMETERS; 1776 goto out; 1777 } 1778 1779 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1780 res = TEE_ERROR_BAD_PARAMETERS; 1781 goto out; 1782 } 1783 1784 dl = *destLen; 1785 res = ae_update_helper(operation, srcData, srcLen, destData, &dl); 1786 *destLen = dl; 1787 1788 if (res != TEE_SUCCESS) 1789 goto out; 1790 1791 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1792 1793 out: 1794 if (res != TEE_SUCCESS && 1795 res != TEE_ERROR_SHORT_BUFFER) 1796 TEE_Panic(res); 1797 1798 return res; 1799 } 1800 1801 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1802 const void *srcData, size_t srcLen, 1803 void *destData, size_t *destLen, void *tag, 1804 size_t *tagLen) 1805 { 1806 TEE_Result res = TEE_SUCCESS; 1807 uint8_t *dst = destData; 1808 size_t acc_dlen = 0; 1809 uint64_t tmp_dlen = 0; 1810 size_t req_dlen = 0; 1811 uint64_t tl = 0; 1812 1813 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1814 res = TEE_ERROR_BAD_PARAMETERS; 1815 goto out; 1816 } 1817 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1818 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1819 1820 if (operation->info.operationClass != TEE_OPERATION_AE) { 1821 res = TEE_ERROR_BAD_PARAMETERS; 1822 goto out; 1823 } 1824 1825 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1826 res = TEE_ERROR_BAD_PARAMETERS; 1827 goto out; 1828 } 1829 1830 /* 1831 * Check that required destLen is big enough before starting to feed 1832 * data to the algorithm. Errors during feeding of data are fatal as we 1833 * can't restore sync with this API. 1834 * 1835 * Need to check this before update_payload since sync would be lost if 1836 * we return short buffer after that. 1837 */ 1838 res = TEE_ERROR_GENERIC; 1839 1840 req_dlen = operation->buffer_offs + srcLen; 1841 if (*destLen < req_dlen) { 1842 *destLen = req_dlen; 1843 res = TEE_ERROR_SHORT_BUFFER; 1844 } 1845 1846 if (*tagLen < operation->info.digestLength) { 1847 *tagLen = operation->info.digestLength; 1848 res = TEE_ERROR_SHORT_BUFFER; 1849 } 1850 1851 if (res == TEE_ERROR_SHORT_BUFFER) 1852 goto out; 1853 1854 tl = *tagLen; 1855 tmp_dlen = *destLen - acc_dlen; 1856 if (operation->block_size > 1) { 1857 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1858 srcData, srcLen, dst, &tmp_dlen); 1859 if (res != TEE_SUCCESS) 1860 goto out; 1861 1862 dst += tmp_dlen; 1863 acc_dlen += tmp_dlen; 1864 1865 tmp_dlen = *destLen - acc_dlen; 1866 res = _utee_authenc_enc_final(operation->state, 1867 operation->buffer, 1868 operation->buffer_offs, dst, 1869 &tmp_dlen, tag, &tl); 1870 } else { 1871 res = _utee_authenc_enc_final(operation->state, srcData, 1872 srcLen, dst, &tmp_dlen, 1873 tag, &tl); 1874 } 1875 *tagLen = tl; 1876 if (res != TEE_SUCCESS) 1877 goto out; 1878 1879 acc_dlen += tmp_dlen; 1880 *destLen = acc_dlen; 1881 1882 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1883 1884 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1885 1886 out: 1887 if (res != TEE_SUCCESS && 1888 res != TEE_ERROR_SHORT_BUFFER) 1889 TEE_Panic(res); 1890 1891 return res; 1892 } 1893 1894 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation, 1895 const void *srcData, uint32_t srcLen, 1896 void *destData, uint32_t *destLen, 1897 void *tag, uint32_t *tagLen) 1898 { 1899 TEE_Result res = TEE_SUCCESS; 1900 size_t dl = 0; 1901 size_t tl = 0; 1902 1903 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1904 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1905 dl = *destLen; 1906 tl = *tagLen; 1907 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl, 1908 tag, &tl); 1909 *destLen = dl; 1910 *tagLen = tl; 1911 return res; 1912 } 1913 1914 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1915 const void *srcData, size_t srcLen, 1916 void *destData, size_t *destLen, void *tag, 1917 size_t tagLen) 1918 { 1919 TEE_Result res = TEE_SUCCESS; 1920 uint8_t *dst = destData; 1921 size_t acc_dlen = 0; 1922 uint64_t tmp_dlen = 0; 1923 size_t req_dlen = 0; 1924 1925 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1926 res = TEE_ERROR_BAD_PARAMETERS; 1927 goto out; 1928 } 1929 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1930 1931 if (operation->info.operationClass != TEE_OPERATION_AE) { 1932 res = TEE_ERROR_BAD_PARAMETERS; 1933 goto out; 1934 } 1935 1936 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1937 res = TEE_ERROR_BAD_PARAMETERS; 1938 goto out; 1939 } 1940 1941 /* 1942 * Check that required destLen is big enough before starting to feed 1943 * data to the algorithm. Errors during feeding of data are fatal as we 1944 * can't restore sync with this API. 1945 */ 1946 req_dlen = operation->buffer_offs + srcLen; 1947 if (*destLen < req_dlen) { 1948 *destLen = req_dlen; 1949 res = TEE_ERROR_SHORT_BUFFER; 1950 goto out; 1951 } 1952 1953 tmp_dlen = *destLen - acc_dlen; 1954 if (operation->block_size > 1) { 1955 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1956 srcData, srcLen, dst, &tmp_dlen); 1957 if (res != TEE_SUCCESS) 1958 goto out; 1959 1960 dst += tmp_dlen; 1961 acc_dlen += tmp_dlen; 1962 1963 tmp_dlen = *destLen - acc_dlen; 1964 res = _utee_authenc_dec_final(operation->state, 1965 operation->buffer, 1966 operation->buffer_offs, dst, 1967 &tmp_dlen, tag, tagLen); 1968 } else { 1969 res = _utee_authenc_dec_final(operation->state, srcData, 1970 srcLen, dst, &tmp_dlen, 1971 tag, tagLen); 1972 } 1973 if (res != TEE_SUCCESS) 1974 goto out; 1975 1976 /* Supplied tagLen should match what we initiated with */ 1977 if (tagLen != operation->info.digestLength) 1978 res = TEE_ERROR_MAC_INVALID; 1979 1980 acc_dlen += tmp_dlen; 1981 *destLen = acc_dlen; 1982 1983 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1984 1985 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1986 1987 out: 1988 if (res != TEE_SUCCESS && 1989 res != TEE_ERROR_SHORT_BUFFER && 1990 res != TEE_ERROR_MAC_INVALID) 1991 TEE_Panic(res); 1992 1993 return res; 1994 } 1995 1996 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation, 1997 const void *srcData, uint32_t srcLen, 1998 void *destData, uint32_t *destLen, 1999 void *tag, uint32_t tagLen) 2000 { 2001 TEE_Result res = TEE_SUCCESS; 2002 size_t dl = 0; 2003 2004 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2005 dl = *destLen; 2006 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl, 2007 tag, tagLen); 2008 *destLen = dl; 2009 return res; 2010 } 2011 2012 /* Cryptographic Operations API - Asymmetric Functions */ 2013 2014 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2015 const TEE_Attribute *params, 2016 uint32_t paramCount, const void *srcData, 2017 size_t srcLen, void *destData, 2018 size_t *destLen) 2019 { 2020 TEE_Result res = TEE_SUCCESS; 2021 struct utee_attribute ua[paramCount]; 2022 uint64_t dl = 0; 2023 2024 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2025 TEE_Panic(0); 2026 2027 __utee_check_attr_in_annotation(params, paramCount); 2028 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2029 2030 if (!operation->key1) 2031 TEE_Panic(0); 2032 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2033 TEE_Panic(0); 2034 if (operation->info.mode != TEE_MODE_ENCRYPT) 2035 TEE_Panic(0); 2036 2037 __utee_from_attr(ua, params, paramCount); 2038 dl = *destLen; 2039 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2040 srcLen, destData, &dl); 2041 *destLen = dl; 2042 2043 if (res != TEE_SUCCESS && 2044 res != TEE_ERROR_SHORT_BUFFER && 2045 res != TEE_ERROR_BAD_PARAMETERS && 2046 res != TEE_ERROR_CIPHERTEXT_INVALID && 2047 res != TEE_ERROR_NOT_SUPPORTED) 2048 TEE_Panic(res); 2049 2050 return res; 2051 } 2052 2053 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2054 const __GP11_TEE_Attribute *params, 2055 uint32_t paramCount, 2056 const void *srcData, uint32_t srcLen, 2057 void *destData, uint32_t *destLen) 2058 { 2059 TEE_Result res = TEE_SUCCESS; 2060 struct utee_attribute ua[paramCount]; 2061 uint64_t dl = 0; 2062 2063 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2064 TEE_Panic(0); 2065 2066 __utee_check_gp11_attr_in_annotation(params, paramCount); 2067 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2068 2069 if (!operation->key1) 2070 TEE_Panic(0); 2071 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2072 TEE_Panic(0); 2073 if (operation->info.mode != TEE_MODE_ENCRYPT) 2074 TEE_Panic(0); 2075 2076 __utee_from_gp11_attr(ua, params, paramCount); 2077 dl = *destLen; 2078 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2079 srcLen, destData, &dl); 2080 *destLen = dl; 2081 2082 if (res != TEE_SUCCESS && 2083 res != TEE_ERROR_SHORT_BUFFER && 2084 res != TEE_ERROR_BAD_PARAMETERS) 2085 TEE_Panic(res); 2086 2087 return res; 2088 } 2089 2090 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2091 const TEE_Attribute *params, 2092 uint32_t paramCount, const void *srcData, 2093 size_t srcLen, void *destData, 2094 size_t *destLen) 2095 { 2096 TEE_Result res = TEE_SUCCESS; 2097 struct utee_attribute ua[paramCount]; 2098 uint64_t dl = 0; 2099 2100 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2101 TEE_Panic(0); 2102 2103 __utee_check_attr_in_annotation(params, paramCount); 2104 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2105 2106 if (!operation->key1) 2107 TEE_Panic(0); 2108 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2109 TEE_Panic(0); 2110 if (operation->info.mode != TEE_MODE_DECRYPT) 2111 TEE_Panic(0); 2112 2113 __utee_from_attr(ua, params, paramCount); 2114 dl = *destLen; 2115 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2116 srcLen, destData, &dl); 2117 *destLen = dl; 2118 2119 if (res != TEE_SUCCESS && 2120 res != TEE_ERROR_SHORT_BUFFER && 2121 res != TEE_ERROR_BAD_PARAMETERS && 2122 res != TEE_ERROR_CIPHERTEXT_INVALID && 2123 res != TEE_ERROR_NOT_SUPPORTED) 2124 TEE_Panic(res); 2125 2126 return res; 2127 } 2128 2129 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2130 const __GP11_TEE_Attribute *params, 2131 uint32_t paramCount, 2132 const void *srcData, uint32_t srcLen, 2133 void *destData, uint32_t *destLen) 2134 { 2135 TEE_Result res = TEE_SUCCESS; 2136 struct utee_attribute ua[paramCount]; 2137 uint64_t dl = 0; 2138 2139 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2140 TEE_Panic(0); 2141 2142 __utee_check_gp11_attr_in_annotation(params, paramCount); 2143 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2144 2145 if (!operation->key1) 2146 TEE_Panic(0); 2147 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2148 TEE_Panic(0); 2149 if (operation->info.mode != TEE_MODE_DECRYPT) 2150 TEE_Panic(0); 2151 2152 __utee_from_gp11_attr(ua, params, paramCount); 2153 dl = *destLen; 2154 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2155 srcLen, destData, &dl); 2156 *destLen = dl; 2157 2158 if (res != TEE_SUCCESS && 2159 res != TEE_ERROR_SHORT_BUFFER && 2160 res != TEE_ERROR_BAD_PARAMETERS) 2161 TEE_Panic(res); 2162 2163 return res; 2164 } 2165 2166 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2167 const TEE_Attribute *params, 2168 uint32_t paramCount, const void *digest, 2169 size_t digestLen, void *signature, 2170 size_t *signatureLen) 2171 { 2172 TEE_Result res = TEE_SUCCESS; 2173 struct utee_attribute ua[paramCount]; 2174 uint64_t sl = 0; 2175 2176 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2177 TEE_Panic(0); 2178 2179 __utee_check_attr_in_annotation(params, paramCount); 2180 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2181 2182 if (!operation->key1) 2183 TEE_Panic(0); 2184 if (operation->info.operationClass != 2185 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2186 TEE_Panic(0); 2187 if (operation->info.mode != TEE_MODE_SIGN) 2188 TEE_Panic(0); 2189 2190 __utee_from_attr(ua, params, paramCount); 2191 sl = *signatureLen; 2192 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2193 digestLen, signature, &sl); 2194 *signatureLen = sl; 2195 2196 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2197 TEE_Panic(res); 2198 2199 return res; 2200 } 2201 2202 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2203 const __GP11_TEE_Attribute *params, 2204 uint32_t paramCount, 2205 const void *digest, 2206 uint32_t digestLen, void *signature, 2207 uint32_t *signatureLen) 2208 { 2209 TEE_Result res = TEE_SUCCESS; 2210 struct utee_attribute ua[paramCount]; 2211 uint64_t sl = 0; 2212 2213 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2214 TEE_Panic(0); 2215 2216 __utee_check_gp11_attr_in_annotation(params, paramCount); 2217 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2218 2219 if (!operation->key1) 2220 TEE_Panic(0); 2221 if (operation->info.operationClass != 2222 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2223 TEE_Panic(0); 2224 if (operation->info.mode != TEE_MODE_SIGN) 2225 TEE_Panic(0); 2226 2227 __utee_from_gp11_attr(ua, params, paramCount); 2228 sl = *signatureLen; 2229 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2230 digestLen, signature, &sl); 2231 *signatureLen = sl; 2232 2233 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2234 TEE_Panic(res); 2235 2236 return res; 2237 } 2238 2239 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2240 const TEE_Attribute *params, 2241 uint32_t paramCount, const void *digest, 2242 size_t digestLen, 2243 const void *signature, 2244 size_t signatureLen) 2245 { 2246 TEE_Result res; 2247 struct utee_attribute ua[paramCount]; 2248 2249 if (operation == TEE_HANDLE_NULL || 2250 (digest == NULL && digestLen != 0) || 2251 (signature == NULL && signatureLen != 0)) 2252 TEE_Panic(0); 2253 2254 __utee_check_attr_in_annotation(params, paramCount); 2255 2256 if (!operation->key1) 2257 TEE_Panic(0); 2258 if (operation->info.operationClass != 2259 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2260 TEE_Panic(0); 2261 if (operation->info.mode != TEE_MODE_VERIFY) 2262 TEE_Panic(0); 2263 2264 __utee_from_attr(ua, params, paramCount); 2265 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2266 digestLen, signature, signatureLen); 2267 2268 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2269 TEE_Panic(res); 2270 2271 return res; 2272 } 2273 2274 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2275 const __GP11_TEE_Attribute *params, 2276 uint32_t paramCount, 2277 const void *digest, 2278 uint32_t digestLen, 2279 const void *signature, 2280 uint32_t signatureLen) 2281 { 2282 TEE_Result res = TEE_SUCCESS; 2283 struct utee_attribute ua[paramCount]; 2284 2285 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 2286 (!signature && signatureLen)) 2287 TEE_Panic(0); 2288 2289 __utee_check_gp11_attr_in_annotation(params, paramCount); 2290 2291 if (!operation->key1) 2292 TEE_Panic(0); 2293 if (operation->info.operationClass != 2294 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2295 TEE_Panic(0); 2296 if (operation->info.mode != TEE_MODE_VERIFY) 2297 TEE_Panic(0); 2298 2299 __utee_from_gp11_attr(ua, params, paramCount); 2300 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2301 digestLen, signature, signatureLen); 2302 2303 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2304 TEE_Panic(res); 2305 2306 return res; 2307 } 2308 2309 /* Cryptographic Operations API - Key Derivation Functions */ 2310 2311 void TEE_DeriveKey(TEE_OperationHandle operation, 2312 const TEE_Attribute *params, uint32_t paramCount, 2313 TEE_ObjectHandle derivedKey) 2314 { 2315 struct utee_attribute ua[paramCount]; 2316 struct utee_object_info key_info = { }; 2317 TEE_Result res = TEE_SUCCESS; 2318 2319 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2320 TEE_Panic(0); 2321 2322 __utee_check_attr_in_annotation(params, paramCount); 2323 2324 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2325 TEE_OPERATION_KEY_DERIVATION) 2326 TEE_Panic(0); 2327 2328 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2329 TEE_Panic(0); 2330 if (!operation->key1) 2331 TEE_Panic(0); 2332 if (operation->info.mode != TEE_MODE_DERIVE) 2333 TEE_Panic(0); 2334 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2335 TEE_Panic(0); 2336 2337 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2338 if (res != TEE_SUCCESS) 2339 TEE_Panic(res); 2340 2341 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2342 TEE_Panic(0); 2343 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2344 TEE_Panic(0); 2345 2346 __utee_from_attr(ua, params, paramCount); 2347 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2348 (unsigned long)derivedKey); 2349 if (res != TEE_SUCCESS) 2350 TEE_Panic(res); 2351 } 2352 2353 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 2354 const __GP11_TEE_Attribute *params, 2355 uint32_t paramCount, TEE_ObjectHandle derivedKey) 2356 { 2357 struct utee_attribute ua[paramCount]; 2358 struct utee_object_info key_info = { }; 2359 TEE_Result res = TEE_SUCCESS; 2360 2361 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2362 TEE_Panic(0); 2363 2364 __utee_check_gp11_attr_in_annotation(params, paramCount); 2365 2366 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2367 TEE_OPERATION_KEY_DERIVATION) 2368 TEE_Panic(0); 2369 2370 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2371 TEE_Panic(0); 2372 if (!operation->key1) 2373 TEE_Panic(0); 2374 if (operation->info.mode != TEE_MODE_DERIVE) 2375 TEE_Panic(0); 2376 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2377 TEE_Panic(0); 2378 2379 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2380 if (res != TEE_SUCCESS) 2381 TEE_Panic(res); 2382 2383 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2384 TEE_Panic(0); 2385 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2386 TEE_Panic(0); 2387 2388 __utee_from_gp11_attr(ua, params, paramCount); 2389 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2390 (unsigned long)derivedKey); 2391 if (res != TEE_SUCCESS) 2392 TEE_Panic(res); 2393 } 2394 2395 /* Cryptographic Operations API - Random Number Generation Functions */ 2396 2397 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen) 2398 { 2399 TEE_Result res; 2400 2401 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2402 if (res != TEE_SUCCESS) 2403 TEE_Panic(res); 2404 } 2405 2406 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2407 { 2408 TEE_GenerateRandom(randomBuffer, randomBufferLen); 2409 } 2410 2411 int rand(void) 2412 { 2413 int rc; 2414 2415 TEE_GenerateRandom(&rc, sizeof(rc)); 2416 2417 /* 2418 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2419 * highest bit set. 2420 */ 2421 return rc & RAND_MAX; 2422 } 2423 2424 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2425 { 2426 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2427 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2428 if (alg == TEE_ALG_AES_ECB_NOPAD) 2429 goto check_element_none; 2430 } 2431 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2432 if (alg == TEE_ALG_AES_CBC_NOPAD) 2433 goto check_element_none; 2434 } 2435 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2436 if (alg == TEE_ALG_AES_CTR) 2437 goto check_element_none; 2438 } 2439 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2440 if (alg == TEE_ALG_AES_CTS) 2441 goto check_element_none; 2442 } 2443 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2444 if (alg == TEE_ALG_AES_XTS) 2445 goto check_element_none; 2446 } 2447 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2448 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2449 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2450 goto check_element_none; 2451 } 2452 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2453 if (alg == TEE_ALG_AES_CMAC) 2454 goto check_element_none; 2455 } 2456 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2457 if (alg == TEE_ALG_AES_CCM) 2458 goto check_element_none; 2459 } 2460 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2461 if (alg == TEE_ALG_AES_GCM) 2462 goto check_element_none; 2463 } 2464 } 2465 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2466 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2467 if (alg == TEE_ALG_DES_ECB_NOPAD || 2468 alg == TEE_ALG_DES3_ECB_NOPAD) 2469 goto check_element_none; 2470 } 2471 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2472 if (alg == TEE_ALG_DES_CBC_NOPAD || 2473 alg == TEE_ALG_DES3_CBC_NOPAD) 2474 goto check_element_none; 2475 } 2476 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2477 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2478 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2479 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2480 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2481 goto check_element_none; 2482 } 2483 } 2484 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2485 if (alg == TEE_ALG_MD5) 2486 goto check_element_none; 2487 } 2488 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2489 if (alg == TEE_ALG_SHA1) 2490 goto check_element_none; 2491 } 2492 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2493 if (alg == TEE_ALG_SHA224) 2494 goto check_element_none; 2495 } 2496 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2497 if (alg == TEE_ALG_SHA256) 2498 goto check_element_none; 2499 } 2500 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2501 if (alg == TEE_ALG_SHA384) 2502 goto check_element_none; 2503 } 2504 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2505 if (alg == TEE_ALG_SHA512) 2506 goto check_element_none; 2507 } 2508 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2509 if (alg == TEE_ALG_SHA3_224) 2510 goto check_element_none; 2511 } 2512 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2513 if (alg == TEE_ALG_SHA3_256) 2514 goto check_element_none; 2515 } 2516 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2517 if (alg == TEE_ALG_SHA3_384) 2518 goto check_element_none; 2519 } 2520 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2521 if (alg == TEE_ALG_SHA3_512) 2522 goto check_element_none; 2523 } 2524 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2525 if (alg == TEE_ALG_MD5SHA1) 2526 goto check_element_none; 2527 } 2528 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2529 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2530 if (alg == TEE_ALG_HMAC_MD5) 2531 goto check_element_none; 2532 } 2533 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2534 if (alg == TEE_ALG_HMAC_SHA1) 2535 goto check_element_none; 2536 } 2537 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2538 if (alg == TEE_ALG_HMAC_SHA224) 2539 goto check_element_none; 2540 } 2541 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2542 if (alg == TEE_ALG_HMAC_SHA256) 2543 goto check_element_none; 2544 } 2545 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2546 if (alg == TEE_ALG_HMAC_SHA384) 2547 goto check_element_none; 2548 } 2549 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2550 if (alg == TEE_ALG_HMAC_SHA512) 2551 goto check_element_none; 2552 } 2553 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2554 if (alg == TEE_ALG_HMAC_SHA3_224) 2555 goto check_element_none; 2556 } 2557 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2558 if (alg == TEE_ALG_HMAC_SHA3_256) 2559 goto check_element_none; 2560 } 2561 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2562 if (alg == TEE_ALG_HMAC_SHA3_384) 2563 goto check_element_none; 2564 } 2565 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2566 if (alg == TEE_ALG_HMAC_SHA3_512) 2567 goto check_element_none; 2568 } 2569 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2570 if (alg == TEE_ALG_HMAC_SM3) 2571 goto check_element_none; 2572 } 2573 } 2574 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2575 if (alg == TEE_ALG_SM3) 2576 goto check_element_none; 2577 } 2578 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2579 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2580 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2581 goto check_element_none; 2582 } 2583 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2584 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2585 goto check_element_none; 2586 } 2587 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2588 if (alg == TEE_ALG_SM4_CTR) 2589 goto check_element_none; 2590 } 2591 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2592 if (alg == TEE_ALG_SM4_XTS) 2593 goto check_element_none; 2594 } 2595 } 2596 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2597 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2598 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5 || 2599 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 || 2600 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5) 2601 goto check_element_none; 2602 } 2603 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2604 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2605 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2606 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2607 goto check_element_none; 2608 } 2609 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2610 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2611 goto check_element_none; 2612 } 2613 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2614 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2615 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2616 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2617 goto check_element_none; 2618 } 2619 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2620 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2621 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2622 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2623 goto check_element_none; 2624 } 2625 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2626 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2627 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2628 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2629 goto check_element_none; 2630 } 2631 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2632 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2633 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2634 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2635 goto check_element_none; 2636 } 2637 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2638 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2639 goto check_element_none; 2640 } 2641 if (alg == TEE_ALG_RSA_NOPAD) 2642 goto check_element_none; 2643 } 2644 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2645 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2646 if (alg == TEE_ALG_DSA_SHA1) 2647 goto check_element_none; 2648 } 2649 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2650 if (alg == TEE_ALG_DSA_SHA224) 2651 goto check_element_none; 2652 } 2653 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2654 if (alg == TEE_ALG_DSA_SHA256) 2655 goto check_element_none; 2656 } 2657 } 2658 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2659 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2660 goto check_element_none; 2661 } 2662 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2663 if ((alg == __OPTEE_ALG_ECDH_P192 || 2664 alg == __OPTEE_ALG_ECDSA_P192 || 2665 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2666 alg == TEE_ALG_ECDSA_SHA1) && 2667 element == TEE_ECC_CURVE_NIST_P192) 2668 return TEE_SUCCESS; 2669 if ((alg == __OPTEE_ALG_ECDH_P224 || 2670 alg == __OPTEE_ALG_ECDSA_P224 || 2671 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2672 alg == TEE_ALG_ECDSA_SHA224) && 2673 element == TEE_ECC_CURVE_NIST_P224) 2674 return TEE_SUCCESS; 2675 if ((alg == __OPTEE_ALG_ECDH_P256 || 2676 alg == __OPTEE_ALG_ECDSA_P256 || 2677 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2678 alg == TEE_ALG_ECDSA_SHA256) && 2679 element == TEE_ECC_CURVE_NIST_P256) 2680 return TEE_SUCCESS; 2681 if ((alg == __OPTEE_ALG_ECDH_P384 || 2682 alg == __OPTEE_ALG_ECDSA_P384 || 2683 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2684 alg == TEE_ALG_ECDSA_SHA384) && 2685 element == TEE_ECC_CURVE_NIST_P384) 2686 return TEE_SUCCESS; 2687 if ((alg == __OPTEE_ALG_ECDH_P521 || 2688 alg == __OPTEE_ALG_ECDSA_P521 || 2689 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2690 alg == TEE_ALG_ECDSA_SHA512) && 2691 element == TEE_ECC_CURVE_NIST_P521) 2692 return TEE_SUCCESS; 2693 } 2694 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2695 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2696 return TEE_SUCCESS; 2697 } 2698 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2699 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2700 return TEE_SUCCESS; 2701 } 2702 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2703 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2704 return TEE_SUCCESS; 2705 } 2706 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2707 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2708 return TEE_SUCCESS; 2709 } 2710 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2711 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2712 return TEE_SUCCESS; 2713 } 2714 2715 return TEE_ERROR_NOT_SUPPORTED; 2716 check_element_none: 2717 if (element == TEE_CRYPTO_ELEMENT_NONE) 2718 return TEE_SUCCESS; 2719 return TEE_ERROR_NOT_SUPPORTED; 2720 } 2721