1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 #include <config.h> 6 #include <stdlib.h> 7 #include <string.h> 8 #include <string_ext.h> 9 #include <tee_api.h> 10 #include <tee_api_defines_extensions.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_syscalls.h> 13 #include <utee_defines.h> 14 #include <util.h> 15 #include "tee_api_private.h" 16 17 struct __TEE_OperationHandle { 18 TEE_OperationInfo info; 19 TEE_ObjectHandle key1; 20 TEE_ObjectHandle key2; 21 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 22 uint8_t *buffer; /* buffer to collect complete blocks */ 23 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 24 size_t block_size; /* Block size of cipher */ 25 size_t buffer_offs; /* Offset in buffer */ 26 uint32_t state; /* Handle to state in TEE Core */ 27 }; 28 29 /* Cryptographic Operations API - Generic Operation Functions */ 30 31 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 32 uint32_t algorithm, uint32_t mode, 33 uint32_t maxKeySize) 34 { 35 TEE_Result res; 36 TEE_OperationHandle op = TEE_HANDLE_NULL; 37 uint32_t handle_state = 0; 38 size_t block_size = 1; 39 uint32_t req_key_usage; 40 bool with_private_key = false; 41 bool buffer_two_blocks = false; 42 43 if (!operation) 44 TEE_Panic(0); 45 46 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP) 47 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 48 49 /* Check algorithm max key size */ 50 switch (algorithm) { 51 case TEE_ALG_DSA_SHA1: 52 if (maxKeySize < 512) 53 return TEE_ERROR_NOT_SUPPORTED; 54 if (maxKeySize > 1024) 55 return TEE_ERROR_NOT_SUPPORTED; 56 if (maxKeySize % 64 != 0) 57 return TEE_ERROR_NOT_SUPPORTED; 58 break; 59 60 case TEE_ALG_DSA_SHA224: 61 if (maxKeySize != 2048) 62 return TEE_ERROR_NOT_SUPPORTED; 63 break; 64 65 case TEE_ALG_DSA_SHA256: 66 if (maxKeySize != 2048 && maxKeySize != 3072) 67 return TEE_ERROR_NOT_SUPPORTED; 68 break; 69 70 case TEE_ALG_ECDSA_P192: 71 case TEE_ALG_ECDH_P192: 72 if (maxKeySize != 192) 73 return TEE_ERROR_NOT_SUPPORTED; 74 break; 75 76 case TEE_ALG_ECDSA_P224: 77 case TEE_ALG_ECDH_P224: 78 if (maxKeySize != 224) 79 return TEE_ERROR_NOT_SUPPORTED; 80 break; 81 82 case TEE_ALG_ECDSA_P256: 83 case TEE_ALG_ECDH_P256: 84 case TEE_ALG_SM2_PKE: 85 case TEE_ALG_SM2_DSA_SM3: 86 if (maxKeySize != 256) 87 return TEE_ERROR_NOT_SUPPORTED; 88 break; 89 90 case TEE_ALG_SM2_KEP: 91 /* Two 256-bit keys */ 92 if (maxKeySize != 512) 93 return TEE_ERROR_NOT_SUPPORTED; 94 break; 95 96 case TEE_ALG_ECDSA_P384: 97 case TEE_ALG_ECDH_P384: 98 if (maxKeySize != 384) 99 return TEE_ERROR_NOT_SUPPORTED; 100 break; 101 102 case TEE_ALG_ECDSA_P521: 103 case TEE_ALG_ECDH_P521: 104 if (maxKeySize != 521) 105 return TEE_ERROR_NOT_SUPPORTED; 106 break; 107 108 default: 109 break; 110 } 111 112 /* Check algorithm mode (and maxKeySize for digests) */ 113 switch (algorithm) { 114 case TEE_ALG_AES_CTS: 115 case TEE_ALG_AES_XTS: 116 buffer_two_blocks = true; 117 /* FALLTHROUGH */ 118 case TEE_ALG_AES_ECB_NOPAD: 119 case TEE_ALG_AES_CBC_NOPAD: 120 case TEE_ALG_AES_CCM: 121 case TEE_ALG_DES_ECB_NOPAD: 122 case TEE_ALG_DES_CBC_NOPAD: 123 case TEE_ALG_DES3_ECB_NOPAD: 124 case TEE_ALG_DES3_CBC_NOPAD: 125 case TEE_ALG_SM4_ECB_NOPAD: 126 case TEE_ALG_SM4_CBC_NOPAD: 127 case TEE_ALG_SM4_CTR: 128 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 129 block_size = TEE_AES_BLOCK_SIZE; 130 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 131 block_size = TEE_SM4_BLOCK_SIZE; 132 else 133 block_size = TEE_DES_BLOCK_SIZE; 134 /* FALLTHROUGH */ 135 case TEE_ALG_AES_CTR: 136 case TEE_ALG_AES_GCM: 137 if (mode == TEE_MODE_ENCRYPT) 138 req_key_usage = TEE_USAGE_ENCRYPT; 139 else if (mode == TEE_MODE_DECRYPT) 140 req_key_usage = TEE_USAGE_DECRYPT; 141 else 142 return TEE_ERROR_NOT_SUPPORTED; 143 break; 144 145 #if defined(CFG_CRYPTO_RSASSA_NA1) 146 case TEE_ALG_RSASSA_PKCS1_V1_5: 147 #endif 148 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 149 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 150 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 151 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 152 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 153 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 154 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 155 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 156 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 157 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 158 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 159 case TEE_ALG_DSA_SHA1: 160 case TEE_ALG_DSA_SHA224: 161 case TEE_ALG_DSA_SHA256: 162 case TEE_ALG_ECDSA_P192: 163 case TEE_ALG_ECDSA_P224: 164 case TEE_ALG_ECDSA_P256: 165 case TEE_ALG_ECDSA_P384: 166 case TEE_ALG_ECDSA_P521: 167 case TEE_ALG_SM2_DSA_SM3: 168 if (mode == TEE_MODE_SIGN) { 169 with_private_key = true; 170 req_key_usage = TEE_USAGE_SIGN; 171 } else if (mode == TEE_MODE_VERIFY) { 172 req_key_usage = TEE_USAGE_VERIFY; 173 } else { 174 return TEE_ERROR_NOT_SUPPORTED; 175 } 176 break; 177 178 case TEE_ALG_RSAES_PKCS1_V1_5: 179 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 180 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 181 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 182 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 183 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 184 case TEE_ALG_SM2_PKE: 185 if (mode == TEE_MODE_ENCRYPT) { 186 req_key_usage = TEE_USAGE_ENCRYPT; 187 } else if (mode == TEE_MODE_DECRYPT) { 188 with_private_key = true; 189 req_key_usage = TEE_USAGE_DECRYPT; 190 } else { 191 return TEE_ERROR_NOT_SUPPORTED; 192 } 193 break; 194 195 case TEE_ALG_RSA_NOPAD: 196 if (mode == TEE_MODE_ENCRYPT) { 197 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 198 } else if (mode == TEE_MODE_DECRYPT) { 199 with_private_key = true; 200 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 201 } else { 202 return TEE_ERROR_NOT_SUPPORTED; 203 } 204 break; 205 206 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 207 case TEE_ALG_ECDH_P192: 208 case TEE_ALG_ECDH_P224: 209 case TEE_ALG_ECDH_P256: 210 case TEE_ALG_ECDH_P384: 211 case TEE_ALG_ECDH_P521: 212 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 213 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 214 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 215 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 216 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 218 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 219 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 220 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 221 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 223 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 224 case TEE_ALG_SM2_KEP: 225 if (mode != TEE_MODE_DERIVE) 226 return TEE_ERROR_NOT_SUPPORTED; 227 with_private_key = true; 228 req_key_usage = TEE_USAGE_DERIVE; 229 break; 230 231 case TEE_ALG_MD5: 232 case TEE_ALG_SHA1: 233 case TEE_ALG_SHA224: 234 case TEE_ALG_SHA256: 235 case TEE_ALG_SHA384: 236 case TEE_ALG_SHA512: 237 case TEE_ALG_SM3: 238 if (mode != TEE_MODE_DIGEST) 239 return TEE_ERROR_NOT_SUPPORTED; 240 if (maxKeySize) 241 return TEE_ERROR_NOT_SUPPORTED; 242 /* v1.1: flags always set for digest operations */ 243 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 244 req_key_usage = 0; 245 break; 246 247 case TEE_ALG_DES_CBC_MAC_NOPAD: 248 case TEE_ALG_AES_CBC_MAC_NOPAD: 249 case TEE_ALG_AES_CBC_MAC_PKCS5: 250 case TEE_ALG_AES_CMAC: 251 case TEE_ALG_DES_CBC_MAC_PKCS5: 252 case TEE_ALG_DES3_CBC_MAC_NOPAD: 253 case TEE_ALG_DES3_CBC_MAC_PKCS5: 254 case TEE_ALG_HMAC_MD5: 255 case TEE_ALG_HMAC_SHA1: 256 case TEE_ALG_HMAC_SHA224: 257 case TEE_ALG_HMAC_SHA256: 258 case TEE_ALG_HMAC_SHA384: 259 case TEE_ALG_HMAC_SHA512: 260 case TEE_ALG_HMAC_SM3: 261 if (mode != TEE_MODE_MAC) 262 return TEE_ERROR_NOT_SUPPORTED; 263 req_key_usage = TEE_USAGE_MAC; 264 break; 265 266 default: 267 return TEE_ERROR_NOT_SUPPORTED; 268 } 269 270 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 271 if (!op) 272 return TEE_ERROR_OUT_OF_MEMORY; 273 274 op->info.algorithm = algorithm; 275 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 276 #ifdef CFG_CRYPTO_RSASSA_NA1 277 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 278 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 279 #endif 280 op->info.mode = mode; 281 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 282 op->info.maxKeySize = maxKeySize; 283 op->info.requiredKeyUsage = req_key_usage; 284 op->info.handleState = handle_state; 285 286 if (block_size > 1) { 287 size_t buffer_size = block_size; 288 289 if (buffer_two_blocks) 290 buffer_size *= 2; 291 292 op->buffer = TEE_Malloc(buffer_size, 293 TEE_USER_MEM_HINT_NO_FILL_ZERO); 294 if (op->buffer == NULL) { 295 res = TEE_ERROR_OUT_OF_MEMORY; 296 goto out; 297 } 298 } 299 op->block_size = block_size; 300 op->buffer_two_blocks = buffer_two_blocks; 301 302 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 303 uint32_t mks = maxKeySize; 304 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 305 with_private_key); 306 307 /* 308 * If two keys are expected the max key size is the sum of 309 * the size of both keys. 310 */ 311 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 312 mks /= 2; 313 314 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 315 if (res != TEE_SUCCESS) 316 goto out; 317 318 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 319 res = TEE_AllocateTransientObject(key_type, mks, 320 &op->key2); 321 if (res != TEE_SUCCESS) 322 goto out; 323 } 324 } 325 326 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 327 (unsigned long)op->key2, &op->state); 328 if (res != TEE_SUCCESS) 329 goto out; 330 331 /* 332 * Initialize digest operations 333 * Other multi-stage operations initialized w/ TEE_xxxInit functions 334 * Non-applicable on asymmetric operations 335 */ 336 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 337 res = _utee_hash_init(op->state, NULL, 0); 338 if (res != TEE_SUCCESS) 339 goto out; 340 /* v1.1: flags always set for digest operations */ 341 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 342 } 343 344 op->operationState = TEE_OPERATION_STATE_INITIAL; 345 346 *operation = op; 347 348 out: 349 if (res != TEE_SUCCESS) { 350 if (res != TEE_ERROR_OUT_OF_MEMORY && 351 res != TEE_ERROR_NOT_SUPPORTED) 352 TEE_Panic(res); 353 if (op) { 354 if (op->state) { 355 TEE_FreeOperation(op); 356 } else { 357 TEE_Free(op->buffer); 358 TEE_FreeTransientObject(op->key1); 359 TEE_FreeTransientObject(op->key2); 360 TEE_Free(op); 361 } 362 } 363 } 364 365 return res; 366 } 367 368 void TEE_FreeOperation(TEE_OperationHandle operation) 369 { 370 TEE_Result res; 371 372 if (operation == TEE_HANDLE_NULL) 373 TEE_Panic(0); 374 375 /* 376 * Note that keys should not be freed here, since they are 377 * claimed by the operation they will be freed by 378 * utee_cryp_state_free(). 379 */ 380 res = _utee_cryp_state_free(operation->state); 381 if (res != TEE_SUCCESS) 382 TEE_Panic(res); 383 384 TEE_Free(operation->buffer); 385 TEE_Free(operation); 386 } 387 388 void TEE_GetOperationInfo(TEE_OperationHandle operation, 389 TEE_OperationInfo *operationInfo) 390 { 391 if (operation == TEE_HANDLE_NULL) 392 TEE_Panic(0); 393 394 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 395 396 *operationInfo = operation->info; 397 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 398 operationInfo->keySize = 0; 399 operationInfo->requiredKeyUsage = 0; 400 } 401 } 402 403 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 404 TEE_OperationInfoMultiple *operationInfoMultiple, 405 uint32_t *operationSize) 406 { 407 TEE_Result res = TEE_SUCCESS; 408 TEE_ObjectInfo key_info1; 409 TEE_ObjectInfo key_info2; 410 uint32_t num_of_keys; 411 size_t n; 412 413 if (operation == TEE_HANDLE_NULL) { 414 res = TEE_ERROR_BAD_PARAMETERS; 415 goto out; 416 } 417 418 __utee_check_outbuf_annotation(operationInfoMultiple, operationSize); 419 420 num_of_keys = (*operationSize-sizeof(TEE_OperationInfoMultiple))/ 421 sizeof(TEE_OperationInfoKey); 422 423 if (num_of_keys > 2) { 424 res = TEE_ERROR_BAD_PARAMETERS; 425 goto out; 426 } 427 428 /* Two keys flag (TEE_ALG_AES_XTS only) */ 429 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 430 0 && 431 (num_of_keys != 2)) { 432 res = TEE_ERROR_SHORT_BUFFER; 433 goto out; 434 } 435 436 /* Clear */ 437 for (n = 0; n < num_of_keys; n++) { 438 operationInfoMultiple->keyInformation[n].keySize = 0; 439 operationInfoMultiple->keyInformation[n].requiredKeyUsage = 0; 440 } 441 442 if (num_of_keys == 2) { 443 res = TEE_GetObjectInfo1(operation->key2, &key_info2); 444 /* Key2 is not a valid handle */ 445 if (res != TEE_SUCCESS) 446 goto out; 447 448 operationInfoMultiple->keyInformation[1].keySize = 449 key_info2.keySize; 450 operationInfoMultiple->keyInformation[1].requiredKeyUsage = 451 operation->info.requiredKeyUsage; 452 } 453 454 if (num_of_keys >= 1) { 455 res = TEE_GetObjectInfo1(operation->key1, &key_info1); 456 /* Key1 is not a valid handle */ 457 if (res != TEE_SUCCESS) { 458 if (num_of_keys == 2) { 459 operationInfoMultiple->keyInformation[1]. 460 keySize = 0; 461 operationInfoMultiple->keyInformation[1]. 462 requiredKeyUsage = 0; 463 } 464 goto out; 465 } 466 467 operationInfoMultiple->keyInformation[0].keySize = 468 key_info1.keySize; 469 operationInfoMultiple->keyInformation[0].requiredKeyUsage = 470 operation->info.requiredKeyUsage; 471 } 472 473 /* No key */ 474 operationInfoMultiple->algorithm = operation->info.algorithm; 475 operationInfoMultiple->operationClass = operation->info.operationClass; 476 operationInfoMultiple->mode = operation->info.mode; 477 operationInfoMultiple->digestLength = operation->info.digestLength; 478 operationInfoMultiple->maxKeySize = operation->info.maxKeySize; 479 operationInfoMultiple->handleState = operation->info.handleState; 480 operationInfoMultiple->operationState = operation->operationState; 481 operationInfoMultiple->numberOfKeys = num_of_keys; 482 483 out: 484 if (res != TEE_SUCCESS && 485 res != TEE_ERROR_SHORT_BUFFER) 486 TEE_Panic(res); 487 488 return res; 489 } 490 491 void TEE_ResetOperation(TEE_OperationHandle operation) 492 { 493 TEE_Result res; 494 495 if (operation == TEE_HANDLE_NULL) 496 TEE_Panic(0); 497 498 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 499 TEE_Panic(0); 500 501 operation->operationState = TEE_OPERATION_STATE_INITIAL; 502 503 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 504 res = _utee_hash_init(operation->state, NULL, 0); 505 if (res != TEE_SUCCESS) 506 TEE_Panic(res); 507 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 508 } else { 509 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 510 } 511 } 512 513 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 514 TEE_ObjectHandle key) 515 { 516 TEE_Result res; 517 uint32_t key_size = 0; 518 TEE_ObjectInfo key_info; 519 520 if (operation == TEE_HANDLE_NULL) { 521 res = TEE_ERROR_BAD_PARAMETERS; 522 goto out; 523 } 524 525 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 526 res = TEE_ERROR_BAD_PARAMETERS; 527 goto out; 528 } 529 530 if (key == TEE_HANDLE_NULL) { 531 /* Operation key cleared */ 532 TEE_ResetTransientObject(operation->key1); 533 res = TEE_ERROR_BAD_PARAMETERS; 534 goto out; 535 } 536 537 /* No key for digest operation */ 538 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 539 res = TEE_ERROR_BAD_PARAMETERS; 540 goto out; 541 } 542 543 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 544 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 545 0) { 546 res = TEE_ERROR_BAD_PARAMETERS; 547 goto out; 548 } 549 550 res = TEE_GetObjectInfo1(key, &key_info); 551 /* Key is not a valid handle */ 552 if (res != TEE_SUCCESS) 553 goto out; 554 555 /* Supplied key has to meet required usage */ 556 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 557 operation->info.requiredKeyUsage) { 558 res = TEE_ERROR_BAD_PARAMETERS; 559 goto out; 560 } 561 562 if (operation->info.maxKeySize < key_info.keySize) { 563 res = TEE_ERROR_BAD_PARAMETERS; 564 goto out; 565 } 566 567 key_size = key_info.keySize; 568 569 TEE_ResetTransientObject(operation->key1); 570 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 571 572 res = TEE_CopyObjectAttributes1(operation->key1, key); 573 if (res != TEE_SUCCESS) 574 goto out; 575 576 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 577 578 operation->info.keySize = key_size; 579 580 out: 581 if (res != TEE_SUCCESS && 582 res != TEE_ERROR_CORRUPT_OBJECT && 583 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 584 TEE_Panic(res); 585 586 return res; 587 } 588 589 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 590 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 591 { 592 TEE_Result res; 593 uint32_t key_size = 0; 594 TEE_ObjectInfo key_info1; 595 TEE_ObjectInfo key_info2; 596 597 if (operation == TEE_HANDLE_NULL) { 598 res = TEE_ERROR_BAD_PARAMETERS; 599 goto out; 600 } 601 602 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 603 res = TEE_ERROR_BAD_PARAMETERS; 604 goto out; 605 } 606 607 /* 608 * Key1/Key2 and/or are not initialized and 609 * Either both keys are NULL or both are not NULL 610 */ 611 if (key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) { 612 /* Clear operation key1 (if needed) */ 613 if (key1 == TEE_HANDLE_NULL) 614 TEE_ResetTransientObject(operation->key1); 615 /* Clear operation key2 (if needed) */ 616 if (key2 == TEE_HANDLE_NULL) 617 TEE_ResetTransientObject(operation->key2); 618 res = TEE_ERROR_BAD_PARAMETERS; 619 goto out; 620 } 621 622 /* No key for digest operation */ 623 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 624 res = TEE_ERROR_BAD_PARAMETERS; 625 goto out; 626 } 627 628 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 629 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 630 0) { 631 res = TEE_ERROR_BAD_PARAMETERS; 632 goto out; 633 } 634 635 res = TEE_GetObjectInfo1(key1, &key_info1); 636 /* Key1 is not a valid handle */ 637 if (res != TEE_SUCCESS) 638 goto out; 639 640 /* Supplied key has to meet required usage */ 641 if ((key_info1.objectUsage & operation->info. 642 requiredKeyUsage) != operation->info.requiredKeyUsage) { 643 res = TEE_ERROR_BAD_PARAMETERS; 644 goto out; 645 } 646 647 res = TEE_GetObjectInfo1(key2, &key_info2); 648 /* Key2 is not a valid handle */ 649 if (res != TEE_SUCCESS) { 650 if (res == TEE_ERROR_CORRUPT_OBJECT) 651 res = TEE_ERROR_CORRUPT_OBJECT_2; 652 goto out; 653 } 654 655 /* Supplied key has to meet required usage */ 656 if ((key_info2.objectUsage & operation->info. 657 requiredKeyUsage) != operation->info.requiredKeyUsage) { 658 res = TEE_ERROR_BAD_PARAMETERS; 659 goto out; 660 } 661 662 /* 663 * All the multi key algorithm currently supported requires the keys to 664 * be of equal size. 665 */ 666 if (key_info1.keySize != key_info2.keySize) { 667 res = TEE_ERROR_BAD_PARAMETERS; 668 goto out; 669 670 } 671 672 if (operation->info.maxKeySize < key_info1.keySize) { 673 res = TEE_ERROR_BAD_PARAMETERS; 674 goto out; 675 } 676 677 /* 678 * Odd that only the size of one key should be reported while 679 * size of two key are used when allocating the operation. 680 */ 681 key_size = key_info1.keySize; 682 683 TEE_ResetTransientObject(operation->key1); 684 TEE_ResetTransientObject(operation->key2); 685 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 686 687 res = TEE_CopyObjectAttributes1(operation->key1, key1); 688 if (res != TEE_SUCCESS) 689 goto out; 690 res = TEE_CopyObjectAttributes1(operation->key2, key2); 691 if (res != TEE_SUCCESS) { 692 if (res == TEE_ERROR_CORRUPT_OBJECT) 693 res = TEE_ERROR_CORRUPT_OBJECT_2; 694 goto out; 695 } 696 697 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 698 699 operation->info.keySize = key_size; 700 701 out: 702 if (res != TEE_SUCCESS && 703 res != TEE_ERROR_CORRUPT_OBJECT && 704 res != TEE_ERROR_CORRUPT_OBJECT_2 && 705 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 706 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 707 TEE_Panic(res); 708 709 return res; 710 } 711 712 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 713 { 714 TEE_Result res; 715 716 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 717 TEE_Panic(0); 718 if (dst_op->info.algorithm != src_op->info.algorithm) 719 TEE_Panic(0); 720 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 721 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 722 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 723 724 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 725 key1 = src_op->key1; 726 key2 = src_op->key2; 727 } 728 729 if ((src_op->info.handleState & 730 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 731 TEE_SetOperationKey(dst_op, key1); 732 } else { 733 TEE_SetOperationKey2(dst_op, key1, key2); 734 } 735 } 736 dst_op->info.handleState = src_op->info.handleState; 737 dst_op->info.keySize = src_op->info.keySize; 738 dst_op->operationState = src_op->operationState; 739 740 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 741 dst_op->block_size != src_op->block_size) 742 TEE_Panic(0); 743 744 if (dst_op->buffer != NULL) { 745 if (src_op->buffer == NULL) 746 TEE_Panic(0); 747 748 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 749 dst_op->buffer_offs = src_op->buffer_offs; 750 } else if (src_op->buffer != NULL) { 751 TEE_Panic(0); 752 } 753 754 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 755 if (res != TEE_SUCCESS) 756 TEE_Panic(res); 757 } 758 759 /* Cryptographic Operations API - Message Digest Functions */ 760 761 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 762 uint32_t IVLen) 763 { 764 TEE_Result res; 765 766 /* 767 * Note : IV and IVLen are never used in current implementation 768 * This is why coherent values of IV and IVLen are not checked 769 */ 770 res = _utee_hash_init(operation->state, IV, IVLen); 771 if (res != TEE_SUCCESS) 772 TEE_Panic(res); 773 operation->buffer_offs = 0; 774 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 775 } 776 777 void TEE_DigestUpdate(TEE_OperationHandle operation, 778 const void *chunk, uint32_t chunkSize) 779 { 780 TEE_Result res = TEE_ERROR_GENERIC; 781 782 if (operation == TEE_HANDLE_NULL || 783 operation->info.operationClass != TEE_OPERATION_DIGEST) 784 TEE_Panic(0); 785 786 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 787 788 res = _utee_hash_update(operation->state, chunk, chunkSize); 789 if (res != TEE_SUCCESS) 790 TEE_Panic(res); 791 } 792 793 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 794 uint32_t chunkLen, void *hash, uint32_t *hashLen) 795 { 796 TEE_Result res; 797 uint64_t hl; 798 799 if ((operation == TEE_HANDLE_NULL) || 800 (!chunk && chunkLen) || 801 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 802 res = TEE_ERROR_BAD_PARAMETERS; 803 goto out; 804 } 805 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 806 807 hl = *hashLen; 808 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 809 *hashLen = hl; 810 if (res != TEE_SUCCESS) 811 goto out; 812 813 /* Reset operation state */ 814 init_hash_operation(operation, NULL, 0); 815 816 operation->operationState = TEE_OPERATION_STATE_INITIAL; 817 818 out: 819 if (res != TEE_SUCCESS && 820 res != TEE_ERROR_SHORT_BUFFER) 821 TEE_Panic(res); 822 823 return res; 824 } 825 826 /* Cryptographic Operations API - Symmetric Cipher Functions */ 827 828 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 829 uint32_t IVLen) 830 { 831 TEE_Result res; 832 833 if (operation == TEE_HANDLE_NULL) 834 TEE_Panic(0); 835 836 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 837 TEE_Panic(0); 838 839 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 840 !(operation->key1)) 841 TEE_Panic(0); 842 843 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 844 TEE_ResetOperation(operation); 845 846 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 847 848 res = _utee_cipher_init(operation->state, IV, IVLen); 849 if (res != TEE_SUCCESS) 850 TEE_Panic(res); 851 852 operation->buffer_offs = 0; 853 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 854 } 855 856 static TEE_Result tee_buffer_update( 857 TEE_OperationHandle op, 858 TEE_Result(*update_func)(unsigned long state, const void *src, 859 size_t slen, void *dst, uint64_t *dlen), 860 const void *src_data, size_t src_len, 861 void *dest_data, uint64_t *dest_len) 862 { 863 TEE_Result res; 864 const uint8_t *src = src_data; 865 size_t slen = src_len; 866 uint8_t *dst = dest_data; 867 size_t dlen = *dest_len; 868 size_t acc_dlen = 0; 869 uint64_t tmp_dlen; 870 size_t l; 871 size_t buffer_size; 872 size_t buffer_left; 873 874 if (!src) { 875 if (slen) 876 TEE_Panic(0); 877 goto out; 878 } 879 880 if (op->buffer_two_blocks) { 881 buffer_size = op->block_size * 2; 882 buffer_left = 1; 883 } else { 884 buffer_size = op->block_size; 885 buffer_left = 0; 886 } 887 888 if (op->buffer_offs > 0) { 889 /* Fill up complete block */ 890 if (op->buffer_offs < op->block_size) 891 l = MIN(slen, op->block_size - op->buffer_offs); 892 else 893 l = MIN(slen, buffer_size - op->buffer_offs); 894 memcpy(op->buffer + op->buffer_offs, src, l); 895 op->buffer_offs += l; 896 src += l; 897 slen -= l; 898 if ((op->buffer_offs % op->block_size) != 0) 899 goto out; /* Nothing left to do */ 900 } 901 902 /* If we can feed from buffer */ 903 if ((op->buffer_offs > 0) && 904 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 905 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 906 op->block_size); 907 l = MIN(op->buffer_offs, l); 908 tmp_dlen = dlen; 909 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 910 if (res != TEE_SUCCESS) 911 TEE_Panic(res); 912 dst += tmp_dlen; 913 dlen -= tmp_dlen; 914 acc_dlen += tmp_dlen; 915 op->buffer_offs -= l; 916 if (op->buffer_offs > 0) { 917 /* 918 * Slen is small enough to be contained in rest buffer. 919 */ 920 memcpy(op->buffer, op->buffer + l, buffer_size - l); 921 memcpy(op->buffer + op->buffer_offs, src, slen); 922 op->buffer_offs += slen; 923 goto out; /* Nothing left to do */ 924 } 925 } 926 927 if (slen >= (buffer_size + buffer_left)) { 928 /* Buffer is empty, feed as much as possible from src */ 929 if (op->info.algorithm == TEE_ALG_AES_CTS) 930 l = ROUNDUP(slen - buffer_size, op->block_size); 931 else 932 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 933 934 tmp_dlen = dlen; 935 res = update_func(op->state, src, l, dst, &tmp_dlen); 936 if (res != TEE_SUCCESS) 937 TEE_Panic(res); 938 src += l; 939 slen -= l; 940 dst += tmp_dlen; 941 dlen -= tmp_dlen; 942 acc_dlen += tmp_dlen; 943 } 944 945 /* Slen is small enough to be contained in buffer. */ 946 memcpy(op->buffer + op->buffer_offs, src, slen); 947 op->buffer_offs += slen; 948 949 out: 950 *dest_len = acc_dlen; 951 return TEE_SUCCESS; 952 } 953 954 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 955 uint32_t srcLen, void *destData, uint32_t *destLen) 956 { 957 TEE_Result res; 958 size_t req_dlen; 959 uint64_t dl; 960 961 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 962 res = TEE_ERROR_BAD_PARAMETERS; 963 goto out; 964 } 965 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 966 967 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 968 res = TEE_ERROR_BAD_PARAMETERS; 969 goto out; 970 } 971 972 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 973 res = TEE_ERROR_BAD_PARAMETERS; 974 goto out; 975 } 976 977 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 978 res = TEE_ERROR_BAD_PARAMETERS; 979 goto out; 980 } 981 982 if (!srcData && !srcLen) { 983 *destLen = 0; 984 res = TEE_SUCCESS; 985 goto out; 986 } 987 988 /* Calculate required dlen */ 989 if (operation->block_size > 1) { 990 req_dlen = ((operation->buffer_offs + srcLen) / 991 operation->block_size) * operation->block_size; 992 } else { 993 req_dlen = srcLen; 994 } 995 if (operation->buffer_two_blocks) { 996 if (req_dlen > operation->block_size * 2) 997 req_dlen -= operation->block_size * 2; 998 else 999 req_dlen = 0; 1000 } 1001 /* 1002 * Check that required destLen is big enough before starting to feed 1003 * data to the algorithm. Errors during feeding of data are fatal as we 1004 * can't restore sync with this API. 1005 */ 1006 if (*destLen < req_dlen) { 1007 *destLen = req_dlen; 1008 res = TEE_ERROR_SHORT_BUFFER; 1009 goto out; 1010 } 1011 1012 dl = *destLen; 1013 if (operation->block_size > 1) { 1014 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1015 srcLen, destData, &dl); 1016 } else { 1017 if (srcLen > 0) { 1018 res = _utee_cipher_update(operation->state, srcData, 1019 srcLen, destData, &dl); 1020 } else { 1021 res = TEE_SUCCESS; 1022 dl = 0; 1023 } 1024 } 1025 *destLen = dl; 1026 1027 out: 1028 if (res != TEE_SUCCESS && 1029 res != TEE_ERROR_SHORT_BUFFER) 1030 TEE_Panic(res); 1031 1032 return res; 1033 } 1034 1035 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1036 const void *srcData, uint32_t srcLen, 1037 void *destData, uint32_t *destLen) 1038 { 1039 TEE_Result res = TEE_SUCCESS; 1040 uint8_t *dst = destData; 1041 size_t acc_dlen = 0; 1042 uint64_t tmp_dlen = 0; 1043 size_t req_dlen = 0; 1044 1045 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1046 res = TEE_ERROR_BAD_PARAMETERS; 1047 goto out; 1048 } 1049 if (destLen) 1050 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1051 1052 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1053 res = TEE_ERROR_BAD_PARAMETERS; 1054 goto out; 1055 } 1056 1057 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1058 res = TEE_ERROR_BAD_PARAMETERS; 1059 goto out; 1060 } 1061 1062 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1063 res = TEE_ERROR_BAD_PARAMETERS; 1064 goto out; 1065 } 1066 1067 /* 1068 * Check that the final block doesn't require padding for those 1069 * algorithms that requires client to supply padding. 1070 */ 1071 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1072 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1073 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1074 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1075 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1076 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1077 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1078 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1079 if (((operation->buffer_offs + srcLen) % operation->block_size) 1080 != 0) { 1081 res = TEE_ERROR_BAD_PARAMETERS; 1082 goto out; 1083 } 1084 } 1085 1086 /* 1087 * Check that required destLen is big enough before starting to feed 1088 * data to the algorithm. Errors during feeding of data are fatal as we 1089 * can't restore sync with this API. 1090 */ 1091 if (operation->block_size > 1) { 1092 req_dlen = operation->buffer_offs + srcLen; 1093 } else { 1094 req_dlen = srcLen; 1095 } 1096 if (destLen) 1097 tmp_dlen = *destLen; 1098 if (tmp_dlen < req_dlen) { 1099 if (destLen) 1100 *destLen = req_dlen; 1101 res = TEE_ERROR_SHORT_BUFFER; 1102 goto out; 1103 } 1104 1105 if (operation->block_size > 1) { 1106 res = tee_buffer_update(operation, _utee_cipher_update, 1107 srcData, srcLen, dst, &tmp_dlen); 1108 if (res != TEE_SUCCESS) 1109 goto out; 1110 1111 dst += tmp_dlen; 1112 acc_dlen += tmp_dlen; 1113 1114 tmp_dlen = *destLen - acc_dlen; 1115 res = _utee_cipher_final(operation->state, operation->buffer, 1116 operation->buffer_offs, dst, 1117 &tmp_dlen); 1118 } else { 1119 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1120 &tmp_dlen); 1121 } 1122 if (res != TEE_SUCCESS) 1123 goto out; 1124 1125 acc_dlen += tmp_dlen; 1126 if (destLen) 1127 *destLen = acc_dlen; 1128 1129 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1130 1131 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1132 1133 out: 1134 if (res != TEE_SUCCESS && 1135 res != TEE_ERROR_SHORT_BUFFER) 1136 TEE_Panic(res); 1137 1138 return res; 1139 } 1140 1141 /* Cryptographic Operations API - MAC Functions */ 1142 1143 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1144 { 1145 if (operation == TEE_HANDLE_NULL) 1146 TEE_Panic(0); 1147 1148 if (operation->info.operationClass != TEE_OPERATION_MAC) 1149 TEE_Panic(0); 1150 1151 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1152 !(operation->key1)) 1153 TEE_Panic(0); 1154 1155 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1156 TEE_ResetOperation(operation); 1157 1158 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1159 1160 init_hash_operation(operation, IV, IVLen); 1161 } 1162 1163 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1164 uint32_t chunkSize) 1165 { 1166 TEE_Result res; 1167 1168 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1169 TEE_Panic(0); 1170 1171 if (operation->info.operationClass != TEE_OPERATION_MAC) 1172 TEE_Panic(0); 1173 1174 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1175 TEE_Panic(0); 1176 1177 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1178 TEE_Panic(0); 1179 1180 res = _utee_hash_update(operation->state, chunk, chunkSize); 1181 if (res != TEE_SUCCESS) 1182 TEE_Panic(res); 1183 } 1184 1185 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1186 const void *message, uint32_t messageLen, 1187 void *mac, uint32_t *macLen) 1188 { 1189 TEE_Result res; 1190 uint64_t ml; 1191 1192 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1193 res = TEE_ERROR_BAD_PARAMETERS; 1194 goto out; 1195 } 1196 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1197 1198 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1199 res = TEE_ERROR_BAD_PARAMETERS; 1200 goto out; 1201 } 1202 1203 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1204 res = TEE_ERROR_BAD_PARAMETERS; 1205 goto out; 1206 } 1207 1208 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1209 res = TEE_ERROR_BAD_PARAMETERS; 1210 goto out; 1211 } 1212 1213 ml = *macLen; 1214 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1215 *macLen = ml; 1216 if (res != TEE_SUCCESS) 1217 goto out; 1218 1219 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1220 1221 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1222 1223 out: 1224 if (res != TEE_SUCCESS && 1225 res != TEE_ERROR_SHORT_BUFFER) 1226 TEE_Panic(res); 1227 1228 return res; 1229 } 1230 1231 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1232 const void *message, uint32_t messageLen, 1233 const void *mac, uint32_t macLen) 1234 { 1235 TEE_Result res; 1236 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 1237 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1238 1239 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1240 res = TEE_ERROR_BAD_PARAMETERS; 1241 goto out; 1242 } 1243 1244 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1245 res = TEE_ERROR_BAD_PARAMETERS; 1246 goto out; 1247 } 1248 1249 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1250 res = TEE_ERROR_BAD_PARAMETERS; 1251 goto out; 1252 } 1253 1254 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1255 &computed_mac_size); 1256 if (res != TEE_SUCCESS) 1257 goto out; 1258 1259 if (computed_mac_size != macLen) { 1260 res = TEE_ERROR_MAC_INVALID; 1261 goto out; 1262 } 1263 1264 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1265 res = TEE_ERROR_MAC_INVALID; 1266 goto out; 1267 } 1268 1269 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1270 1271 out: 1272 if (res != TEE_SUCCESS && 1273 res != TEE_ERROR_MAC_INVALID) 1274 TEE_Panic(res); 1275 1276 return res; 1277 } 1278 1279 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1280 1281 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1282 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1283 uint32_t payloadLen) 1284 { 1285 TEE_Result res; 1286 1287 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1288 res = TEE_ERROR_BAD_PARAMETERS; 1289 goto out; 1290 } 1291 1292 if (operation->info.operationClass != TEE_OPERATION_AE) { 1293 res = TEE_ERROR_BAD_PARAMETERS; 1294 goto out; 1295 } 1296 1297 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1298 res = TEE_ERROR_BAD_PARAMETERS; 1299 goto out; 1300 } 1301 1302 /* 1303 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1304 * in the implementation. But AES-GCM spec doesn't specify the tag len 1305 * according to the same principle so we have to check here instead to 1306 * be GP compliant. 1307 */ 1308 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1309 /* 1310 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1311 */ 1312 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1313 res = TEE_ERROR_NOT_SUPPORTED; 1314 goto out; 1315 } 1316 } 1317 1318 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1319 AADLen, payloadLen); 1320 if (res != TEE_SUCCESS) 1321 goto out; 1322 1323 operation->info.digestLength = tagLen / 8; 1324 operation->buffer_offs = 0; 1325 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1326 1327 out: 1328 if (res != TEE_SUCCESS && 1329 res != TEE_ERROR_NOT_SUPPORTED) 1330 TEE_Panic(res); 1331 1332 return res; 1333 } 1334 1335 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1336 uint32_t AADdataLen) 1337 { 1338 TEE_Result res; 1339 1340 if (operation == TEE_HANDLE_NULL || 1341 (AADdata == NULL && AADdataLen != 0)) 1342 TEE_Panic(0); 1343 1344 if (operation->info.operationClass != TEE_OPERATION_AE) 1345 TEE_Panic(0); 1346 1347 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1348 TEE_Panic(0); 1349 1350 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1351 1352 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1353 1354 if (res != TEE_SUCCESS) 1355 TEE_Panic(res); 1356 } 1357 1358 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1359 uint32_t srcLen, void *destData, uint32_t *destLen) 1360 { 1361 TEE_Result res = TEE_SUCCESS; 1362 size_t req_dlen = 0; 1363 uint64_t dl = 0; 1364 1365 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1366 res = TEE_ERROR_BAD_PARAMETERS; 1367 goto out; 1368 } 1369 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1370 1371 if (operation->info.operationClass != TEE_OPERATION_AE) { 1372 res = TEE_ERROR_BAD_PARAMETERS; 1373 goto out; 1374 } 1375 1376 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1377 res = TEE_ERROR_BAD_PARAMETERS; 1378 goto out; 1379 } 1380 1381 if (!srcData && !srcLen) { 1382 *destLen = 0; 1383 res = TEE_SUCCESS; 1384 goto out; 1385 } 1386 1387 /* 1388 * Check that required destLen is big enough before starting to feed 1389 * data to the algorithm. Errors during feeding of data are fatal as we 1390 * can't restore sync with this API. 1391 */ 1392 if (operation->block_size > 1) { 1393 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1394 operation->block_size); 1395 } else { 1396 req_dlen = srcLen; 1397 } 1398 1399 dl = *destLen; 1400 if (dl < req_dlen) { 1401 *destLen = req_dlen; 1402 res = TEE_ERROR_SHORT_BUFFER; 1403 goto out; 1404 } 1405 1406 if (operation->block_size > 1) { 1407 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1408 srcData, srcLen, destData, &dl); 1409 } else { 1410 if (srcLen > 0) { 1411 res = _utee_authenc_update_payload(operation->state, 1412 srcData, srcLen, 1413 destData, &dl); 1414 } else { 1415 dl = 0; 1416 res = TEE_SUCCESS; 1417 } 1418 } 1419 if (res != TEE_SUCCESS) 1420 goto out; 1421 1422 *destLen = dl; 1423 1424 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1425 1426 out: 1427 if (res != TEE_SUCCESS && 1428 res != TEE_ERROR_SHORT_BUFFER) 1429 TEE_Panic(res); 1430 1431 return res; 1432 } 1433 1434 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1435 const void *srcData, uint32_t srcLen, 1436 void *destData, uint32_t *destLen, void *tag, 1437 uint32_t *tagLen) 1438 { 1439 TEE_Result res; 1440 uint8_t *dst = destData; 1441 size_t acc_dlen = 0; 1442 uint64_t tmp_dlen; 1443 size_t req_dlen; 1444 uint64_t tl; 1445 1446 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1447 res = TEE_ERROR_BAD_PARAMETERS; 1448 goto out; 1449 } 1450 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1451 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1452 1453 if (operation->info.operationClass != TEE_OPERATION_AE) { 1454 res = TEE_ERROR_BAD_PARAMETERS; 1455 goto out; 1456 } 1457 1458 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1459 res = TEE_ERROR_BAD_PARAMETERS; 1460 goto out; 1461 } 1462 1463 /* 1464 * Check that required destLen is big enough before starting to feed 1465 * data to the algorithm. Errors during feeding of data are fatal as we 1466 * can't restore sync with this API. 1467 * 1468 * Need to check this before update_payload since sync would be lost if 1469 * we return short buffer after that. 1470 */ 1471 res = TEE_ERROR_GENERIC; 1472 1473 req_dlen = operation->buffer_offs + srcLen; 1474 if (*destLen < req_dlen) { 1475 *destLen = req_dlen; 1476 res = TEE_ERROR_SHORT_BUFFER; 1477 } 1478 1479 if (*tagLen < operation->info.digestLength) { 1480 *tagLen = operation->info.digestLength; 1481 res = TEE_ERROR_SHORT_BUFFER; 1482 } 1483 1484 if (res == TEE_ERROR_SHORT_BUFFER) 1485 goto out; 1486 1487 tl = *tagLen; 1488 tmp_dlen = *destLen - acc_dlen; 1489 if (operation->block_size > 1) { 1490 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1491 srcData, srcLen, dst, &tmp_dlen); 1492 if (res != TEE_SUCCESS) 1493 goto out; 1494 1495 dst += tmp_dlen; 1496 acc_dlen += tmp_dlen; 1497 1498 tmp_dlen = *destLen - acc_dlen; 1499 res = _utee_authenc_enc_final(operation->state, 1500 operation->buffer, 1501 operation->buffer_offs, dst, 1502 &tmp_dlen, tag, &tl); 1503 } else { 1504 res = _utee_authenc_enc_final(operation->state, srcData, 1505 srcLen, dst, &tmp_dlen, 1506 tag, &tl); 1507 } 1508 *tagLen = tl; 1509 if (res != TEE_SUCCESS) 1510 goto out; 1511 1512 acc_dlen += tmp_dlen; 1513 *destLen = acc_dlen; 1514 1515 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1516 1517 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1518 1519 out: 1520 if (res != TEE_SUCCESS && 1521 res != TEE_ERROR_SHORT_BUFFER) 1522 TEE_Panic(res); 1523 1524 return res; 1525 } 1526 1527 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1528 const void *srcData, uint32_t srcLen, 1529 void *destData, uint32_t *destLen, void *tag, 1530 uint32_t tagLen) 1531 { 1532 TEE_Result res; 1533 uint8_t *dst = destData; 1534 size_t acc_dlen = 0; 1535 uint64_t tmp_dlen; 1536 size_t req_dlen; 1537 1538 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1539 res = TEE_ERROR_BAD_PARAMETERS; 1540 goto out; 1541 } 1542 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1543 1544 if (operation->info.operationClass != TEE_OPERATION_AE) { 1545 res = TEE_ERROR_BAD_PARAMETERS; 1546 goto out; 1547 } 1548 1549 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1550 res = TEE_ERROR_BAD_PARAMETERS; 1551 goto out; 1552 } 1553 1554 /* 1555 * Check that required destLen is big enough before starting to feed 1556 * data to the algorithm. Errors during feeding of data are fatal as we 1557 * can't restore sync with this API. 1558 */ 1559 req_dlen = operation->buffer_offs + srcLen; 1560 if (*destLen < req_dlen) { 1561 *destLen = req_dlen; 1562 res = TEE_ERROR_SHORT_BUFFER; 1563 goto out; 1564 } 1565 1566 tmp_dlen = *destLen - acc_dlen; 1567 if (operation->block_size > 1) { 1568 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1569 srcData, srcLen, dst, &tmp_dlen); 1570 if (res != TEE_SUCCESS) 1571 goto out; 1572 1573 dst += tmp_dlen; 1574 acc_dlen += tmp_dlen; 1575 1576 tmp_dlen = *destLen - acc_dlen; 1577 res = _utee_authenc_dec_final(operation->state, 1578 operation->buffer, 1579 operation->buffer_offs, dst, 1580 &tmp_dlen, tag, tagLen); 1581 } else { 1582 res = _utee_authenc_dec_final(operation->state, srcData, 1583 srcLen, dst, &tmp_dlen, 1584 tag, tagLen); 1585 } 1586 if (res != TEE_SUCCESS) 1587 goto out; 1588 1589 /* Supplied tagLen should match what we initiated with */ 1590 if (tagLen != operation->info.digestLength) 1591 res = TEE_ERROR_MAC_INVALID; 1592 1593 acc_dlen += tmp_dlen; 1594 *destLen = acc_dlen; 1595 1596 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1597 1598 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1599 1600 out: 1601 if (res != TEE_SUCCESS && 1602 res != TEE_ERROR_SHORT_BUFFER && 1603 res != TEE_ERROR_MAC_INVALID) 1604 TEE_Panic(res); 1605 1606 return res; 1607 } 1608 1609 /* Cryptographic Operations API - Asymmetric Functions */ 1610 1611 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1612 const TEE_Attribute *params, 1613 uint32_t paramCount, const void *srcData, 1614 uint32_t srcLen, void *destData, 1615 uint32_t *destLen) 1616 { 1617 TEE_Result res = TEE_SUCCESS; 1618 struct utee_attribute ua[paramCount]; 1619 uint64_t dl = 0; 1620 1621 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1622 TEE_Panic(0); 1623 1624 __utee_check_attr_in_annotation(params, paramCount); 1625 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1626 1627 if (!operation->key1) 1628 TEE_Panic(0); 1629 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1630 TEE_Panic(0); 1631 if (operation->info.mode != TEE_MODE_ENCRYPT) 1632 TEE_Panic(0); 1633 1634 __utee_from_attr(ua, params, paramCount); 1635 dl = *destLen; 1636 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1637 srcLen, destData, &dl); 1638 *destLen = dl; 1639 1640 if (res != TEE_SUCCESS && 1641 res != TEE_ERROR_SHORT_BUFFER && 1642 res != TEE_ERROR_BAD_PARAMETERS) 1643 TEE_Panic(res); 1644 1645 return res; 1646 } 1647 1648 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1649 const TEE_Attribute *params, 1650 uint32_t paramCount, const void *srcData, 1651 uint32_t srcLen, void *destData, 1652 uint32_t *destLen) 1653 { 1654 TEE_Result res = TEE_SUCCESS; 1655 struct utee_attribute ua[paramCount]; 1656 uint64_t dl = 0; 1657 1658 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1659 TEE_Panic(0); 1660 1661 __utee_check_attr_in_annotation(params, paramCount); 1662 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1663 1664 if (!operation->key1) 1665 TEE_Panic(0); 1666 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1667 TEE_Panic(0); 1668 if (operation->info.mode != TEE_MODE_DECRYPT) 1669 TEE_Panic(0); 1670 1671 __utee_from_attr(ua, params, paramCount); 1672 dl = *destLen; 1673 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1674 srcLen, destData, &dl); 1675 *destLen = dl; 1676 1677 if (res != TEE_SUCCESS && 1678 res != TEE_ERROR_SHORT_BUFFER && 1679 res != TEE_ERROR_BAD_PARAMETERS) 1680 TEE_Panic(res); 1681 1682 return res; 1683 } 1684 1685 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1686 const TEE_Attribute *params, 1687 uint32_t paramCount, const void *digest, 1688 uint32_t digestLen, void *signature, 1689 uint32_t *signatureLen) 1690 { 1691 TEE_Result res = TEE_SUCCESS; 1692 struct utee_attribute ua[paramCount]; 1693 uint64_t sl = 0; 1694 1695 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1696 TEE_Panic(0); 1697 1698 __utee_check_attr_in_annotation(params, paramCount); 1699 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1700 1701 if (!operation->key1) 1702 TEE_Panic(0); 1703 if (operation->info.operationClass != 1704 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1705 TEE_Panic(0); 1706 if (operation->info.mode != TEE_MODE_SIGN) 1707 TEE_Panic(0); 1708 1709 __utee_from_attr(ua, params, paramCount); 1710 sl = *signatureLen; 1711 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1712 digestLen, signature, &sl); 1713 *signatureLen = sl; 1714 1715 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1716 TEE_Panic(res); 1717 1718 return res; 1719 } 1720 1721 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1722 const TEE_Attribute *params, 1723 uint32_t paramCount, const void *digest, 1724 uint32_t digestLen, 1725 const void *signature, 1726 uint32_t signatureLen) 1727 { 1728 TEE_Result res; 1729 struct utee_attribute ua[paramCount]; 1730 1731 if (operation == TEE_HANDLE_NULL || 1732 (digest == NULL && digestLen != 0) || 1733 (signature == NULL && signatureLen != 0)) 1734 TEE_Panic(0); 1735 1736 __utee_check_attr_in_annotation(params, paramCount); 1737 1738 if (!operation->key1) 1739 TEE_Panic(0); 1740 if (operation->info.operationClass != 1741 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1742 TEE_Panic(0); 1743 if (operation->info.mode != TEE_MODE_VERIFY) 1744 TEE_Panic(0); 1745 1746 __utee_from_attr(ua, params, paramCount); 1747 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1748 digestLen, signature, signatureLen); 1749 1750 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1751 TEE_Panic(res); 1752 1753 return res; 1754 } 1755 1756 /* Cryptographic Operations API - Key Derivation Functions */ 1757 1758 void TEE_DeriveKey(TEE_OperationHandle operation, 1759 const TEE_Attribute *params, uint32_t paramCount, 1760 TEE_ObjectHandle derivedKey) 1761 { 1762 TEE_Result res; 1763 TEE_ObjectInfo key_info; 1764 struct utee_attribute ua[paramCount]; 1765 1766 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1767 TEE_Panic(0); 1768 1769 __utee_check_attr_in_annotation(params, paramCount); 1770 1771 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1772 TEE_OPERATION_KEY_DERIVATION) 1773 TEE_Panic(0); 1774 1775 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1776 TEE_Panic(0); 1777 if (!operation->key1) 1778 TEE_Panic(0); 1779 if (operation->info.mode != TEE_MODE_DERIVE) 1780 TEE_Panic(0); 1781 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1782 TEE_Panic(0); 1783 1784 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1785 if (res != TEE_SUCCESS) 1786 TEE_Panic(res); 1787 1788 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1789 TEE_Panic(0); 1790 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1791 TEE_Panic(0); 1792 1793 __utee_from_attr(ua, params, paramCount); 1794 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1795 (unsigned long)derivedKey); 1796 if (res != TEE_SUCCESS) 1797 TEE_Panic(res); 1798 } 1799 1800 /* Cryptographic Operations API - Random Number Generation Functions */ 1801 1802 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1803 { 1804 TEE_Result res; 1805 1806 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1807 if (res != TEE_SUCCESS) 1808 TEE_Panic(res); 1809 } 1810 1811 int rand(void) 1812 { 1813 int rc; 1814 1815 TEE_GenerateRandom(&rc, sizeof(rc)); 1816 1817 /* 1818 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1819 * highest bit set. 1820 */ 1821 return rc & RAND_MAX; 1822 } 1823 1824 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1825 { 1826 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1827 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1828 if (alg == TEE_ALG_AES_ECB_NOPAD) 1829 goto check_element_none; 1830 } 1831 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1832 if (alg == TEE_ALG_AES_CBC_NOPAD) 1833 goto check_element_none; 1834 } 1835 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1836 if (alg == TEE_ALG_AES_CTR) 1837 goto check_element_none; 1838 } 1839 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1840 if (alg == TEE_ALG_AES_CTS) 1841 goto check_element_none; 1842 } 1843 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1844 if (alg == TEE_ALG_AES_XTS) 1845 goto check_element_none; 1846 } 1847 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1848 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1849 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1850 goto check_element_none; 1851 } 1852 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1853 if (alg == TEE_ALG_AES_CMAC) 1854 goto check_element_none; 1855 } 1856 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1857 if (alg == TEE_ALG_AES_CCM) 1858 goto check_element_none; 1859 } 1860 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1861 if (alg == TEE_ALG_AES_GCM) 1862 goto check_element_none; 1863 } 1864 } 1865 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1866 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1867 if (alg == TEE_ALG_DES_ECB_NOPAD || 1868 alg == TEE_ALG_DES3_ECB_NOPAD) 1869 goto check_element_none; 1870 } 1871 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1872 if (alg == TEE_ALG_DES_CBC_NOPAD || 1873 alg == TEE_ALG_DES3_CBC_NOPAD) 1874 goto check_element_none; 1875 } 1876 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1877 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1878 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1879 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1880 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1881 goto check_element_none; 1882 } 1883 } 1884 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1885 if (alg == TEE_ALG_MD5) 1886 goto check_element_none; 1887 } 1888 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1889 if (alg == TEE_ALG_SHA1) 1890 goto check_element_none; 1891 } 1892 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1893 if (alg == TEE_ALG_SHA224) 1894 goto check_element_none; 1895 } 1896 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1897 if (alg == TEE_ALG_SHA256) 1898 goto check_element_none; 1899 } 1900 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1901 if (alg == TEE_ALG_SHA384) 1902 goto check_element_none; 1903 } 1904 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1905 if (alg == TEE_ALG_SHA512) 1906 goto check_element_none; 1907 } 1908 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1909 if (alg == TEE_ALG_MD5SHA1) 1910 goto check_element_none; 1911 } 1912 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1913 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1914 if (alg == TEE_ALG_HMAC_MD5) 1915 goto check_element_none; 1916 } 1917 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1918 if (alg == TEE_ALG_HMAC_SHA1) 1919 goto check_element_none; 1920 } 1921 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1922 if (alg == TEE_ALG_HMAC_SHA224) 1923 goto check_element_none; 1924 } 1925 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1926 if (alg == TEE_ALG_HMAC_SHA256) 1927 goto check_element_none; 1928 } 1929 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1930 if (alg == TEE_ALG_HMAC_SHA384) 1931 goto check_element_none; 1932 } 1933 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1934 if (alg == TEE_ALG_HMAC_SHA512) 1935 goto check_element_none; 1936 } 1937 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1938 if (alg == TEE_ALG_HMAC_SM3) 1939 goto check_element_none; 1940 } 1941 } 1942 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1943 if (alg == TEE_ALG_SM3) 1944 goto check_element_none; 1945 } 1946 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1947 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1948 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1949 goto check_element_none; 1950 } 1951 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1952 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1953 goto check_element_none; 1954 } 1955 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1956 if (alg == TEE_ALG_SM4_CTR) 1957 goto check_element_none; 1958 } 1959 } 1960 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1961 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1962 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1963 goto check_element_none; 1964 } 1965 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1966 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1967 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1968 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1969 goto check_element_none; 1970 } 1971 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1972 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 1973 goto check_element_none; 1974 } 1975 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1976 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 1977 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 1978 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 1979 goto check_element_none; 1980 } 1981 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1982 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 1983 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 1984 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 1985 goto check_element_none; 1986 } 1987 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1988 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 1989 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 1990 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 1991 goto check_element_none; 1992 } 1993 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1994 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 1995 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 1996 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 1997 goto check_element_none; 1998 } 1999 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2000 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2001 goto check_element_none; 2002 } 2003 if (alg == TEE_ALG_RSA_NOPAD) 2004 goto check_element_none; 2005 } 2006 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2007 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2008 if (alg == TEE_ALG_DSA_SHA1) 2009 goto check_element_none; 2010 } 2011 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2012 if (alg == TEE_ALG_DSA_SHA224) 2013 goto check_element_none; 2014 } 2015 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2016 if (alg == TEE_ALG_DSA_SHA256) 2017 goto check_element_none; 2018 } 2019 } 2020 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2021 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2022 goto check_element_none; 2023 } 2024 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2025 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2026 element == TEE_ECC_CURVE_NIST_P192) 2027 return TEE_SUCCESS; 2028 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2029 element == TEE_ECC_CURVE_NIST_P224) 2030 return TEE_SUCCESS; 2031 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2032 element == TEE_ECC_CURVE_NIST_P256) 2033 return TEE_SUCCESS; 2034 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2035 element == TEE_ECC_CURVE_NIST_P384) 2036 return TEE_SUCCESS; 2037 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2038 element == TEE_ECC_CURVE_NIST_P521) 2039 return TEE_SUCCESS; 2040 } 2041 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2042 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2043 return TEE_SUCCESS; 2044 } 2045 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2046 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2047 return TEE_SUCCESS; 2048 } 2049 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2050 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2051 return TEE_SUCCESS; 2052 } 2053 2054 return TEE_ERROR_NOT_SUPPORTED; 2055 check_element_none: 2056 if (element == TEE_CRYPTO_ELEMENT_NONE) 2057 return TEE_SUCCESS; 2058 return TEE_ERROR_NOT_SUPPORTED; 2059 } 2060