1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 #include <stdlib.h> 28 #include <string.h> 29 #include <string_ext.h> 30 31 #include <tee_api.h> 32 #include <tee_api_defines_extensions.h> 33 #include <tee_internal_api_extensions.h> 34 #include <utee_syscalls.h> 35 #include <utee_defines.h> 36 #include <util.h> 37 38 struct __TEE_OperationHandle { 39 TEE_OperationInfo info; 40 TEE_ObjectHandle key1; 41 TEE_ObjectHandle key2; 42 uint8_t *buffer; /* buffer to collect complete blocks */ 43 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 44 size_t block_size; /* Block size of cipher */ 45 size_t buffer_offs; /* Offset in buffer */ 46 uint32_t state; /* Handle to state in TEE Core */ 47 uint32_t ae_tag_len; /* 48 * tag_len in bytes for AE operation else unused 49 */ 50 }; 51 52 /* Cryptographic Operations API - Generic Operation Functions */ 53 54 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 55 uint32_t algorithm, uint32_t mode, 56 uint32_t maxKeySize) 57 { 58 TEE_Result res; 59 TEE_OperationHandle op = TEE_HANDLE_NULL; 60 uint32_t handle_state = 0; 61 size_t block_size = 1; 62 uint32_t req_key_usage; 63 bool with_private_key = false; 64 bool buffer_two_blocks = false; 65 66 if (!operation) 67 TEE_Panic(0); 68 69 if (algorithm == TEE_ALG_AES_XTS) 70 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 71 72 /* Check algorithm max key size */ 73 switch (algorithm) { 74 case TEE_ALG_DSA_SHA1: 75 if (maxKeySize < 512) 76 return TEE_ERROR_NOT_SUPPORTED; 77 if (maxKeySize > 1024) 78 return TEE_ERROR_NOT_SUPPORTED; 79 if (maxKeySize % 64 != 0) 80 return TEE_ERROR_NOT_SUPPORTED; 81 break; 82 83 case TEE_ALG_DSA_SHA224: 84 if (maxKeySize != 2048) 85 return TEE_ERROR_NOT_SUPPORTED; 86 break; 87 88 case TEE_ALG_DSA_SHA256: 89 if (maxKeySize != 2048 && maxKeySize != 3072) 90 return TEE_ERROR_NOT_SUPPORTED; 91 break; 92 93 case TEE_ALG_ECDSA_P192: 94 case TEE_ALG_ECDH_P192: 95 if (maxKeySize != 192) 96 return TEE_ERROR_NOT_SUPPORTED; 97 break; 98 99 case TEE_ALG_ECDSA_P224: 100 case TEE_ALG_ECDH_P224: 101 if (maxKeySize != 224) 102 return TEE_ERROR_NOT_SUPPORTED; 103 break; 104 105 case TEE_ALG_ECDSA_P256: 106 case TEE_ALG_ECDH_P256: 107 if (maxKeySize != 256) 108 return TEE_ERROR_NOT_SUPPORTED; 109 break; 110 111 case TEE_ALG_ECDSA_P384: 112 case TEE_ALG_ECDH_P384: 113 if (maxKeySize != 384) 114 return TEE_ERROR_NOT_SUPPORTED; 115 break; 116 117 case TEE_ALG_ECDSA_P521: 118 case TEE_ALG_ECDH_P521: 119 if (maxKeySize != 521) 120 return TEE_ERROR_NOT_SUPPORTED; 121 break; 122 123 default: 124 break; 125 } 126 127 /* Check algorithm mode */ 128 switch (algorithm) { 129 case TEE_ALG_AES_CTS: 130 case TEE_ALG_AES_XTS: 131 buffer_two_blocks = true; 132 /*FALLTHROUGH*/ case TEE_ALG_AES_ECB_NOPAD: 133 case TEE_ALG_AES_CBC_NOPAD: 134 case TEE_ALG_AES_CTR: 135 case TEE_ALG_AES_CCM: 136 case TEE_ALG_AES_GCM: 137 case TEE_ALG_DES_ECB_NOPAD: 138 case TEE_ALG_DES_CBC_NOPAD: 139 case TEE_ALG_DES3_ECB_NOPAD: 140 case TEE_ALG_DES3_CBC_NOPAD: 141 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 142 block_size = TEE_AES_BLOCK_SIZE; 143 else 144 block_size = TEE_DES_BLOCK_SIZE; 145 146 if (mode == TEE_MODE_ENCRYPT) 147 req_key_usage = TEE_USAGE_ENCRYPT; 148 else if (mode == TEE_MODE_DECRYPT) 149 req_key_usage = TEE_USAGE_DECRYPT; 150 else 151 return TEE_ERROR_NOT_SUPPORTED; 152 break; 153 154 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 155 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 160 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 165 case TEE_ALG_DSA_SHA1: 166 case TEE_ALG_DSA_SHA224: 167 case TEE_ALG_DSA_SHA256: 168 case TEE_ALG_ECDSA_P192: 169 case TEE_ALG_ECDSA_P224: 170 case TEE_ALG_ECDSA_P256: 171 case TEE_ALG_ECDSA_P384: 172 case TEE_ALG_ECDSA_P521: 173 if (mode == TEE_MODE_SIGN) { 174 with_private_key = true; 175 req_key_usage = TEE_USAGE_SIGN; 176 } else if (mode == TEE_MODE_VERIFY) { 177 req_key_usage = TEE_USAGE_VERIFY; 178 } else { 179 return TEE_ERROR_NOT_SUPPORTED; 180 } 181 break; 182 183 case TEE_ALG_RSAES_PKCS1_V1_5: 184 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 185 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 186 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 189 if (mode == TEE_MODE_ENCRYPT) { 190 req_key_usage = TEE_USAGE_ENCRYPT; 191 } else if (mode == TEE_MODE_DECRYPT) { 192 with_private_key = true; 193 req_key_usage = TEE_USAGE_DECRYPT; 194 } else { 195 return TEE_ERROR_NOT_SUPPORTED; 196 } 197 break; 198 199 case TEE_ALG_RSA_NOPAD: 200 if (mode == TEE_MODE_ENCRYPT) { 201 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 202 } else if (mode == TEE_MODE_DECRYPT) { 203 with_private_key = true; 204 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 205 } else { 206 return TEE_ERROR_NOT_SUPPORTED; 207 } 208 break; 209 210 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 211 case TEE_ALG_ECDH_P192: 212 case TEE_ALG_ECDH_P224: 213 case TEE_ALG_ECDH_P256: 214 case TEE_ALG_ECDH_P384: 215 case TEE_ALG_ECDH_P521: 216 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 217 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 218 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 219 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 220 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 222 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 223 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 224 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 225 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 227 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 228 if (mode != TEE_MODE_DERIVE) 229 return TEE_ERROR_NOT_SUPPORTED; 230 with_private_key = true; 231 req_key_usage = TEE_USAGE_DERIVE; 232 break; 233 234 case TEE_ALG_MD5: 235 case TEE_ALG_SHA1: 236 case TEE_ALG_SHA224: 237 case TEE_ALG_SHA256: 238 case TEE_ALG_SHA384: 239 case TEE_ALG_SHA512: 240 if (mode != TEE_MODE_DIGEST) 241 return TEE_ERROR_NOT_SUPPORTED; 242 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 243 req_key_usage = 0; 244 break; 245 246 case TEE_ALG_DES_CBC_MAC_NOPAD: 247 case TEE_ALG_AES_CBC_MAC_NOPAD: 248 case TEE_ALG_AES_CBC_MAC_PKCS5: 249 case TEE_ALG_AES_CMAC: 250 case TEE_ALG_DES_CBC_MAC_PKCS5: 251 case TEE_ALG_DES3_CBC_MAC_NOPAD: 252 case TEE_ALG_DES3_CBC_MAC_PKCS5: 253 case TEE_ALG_HMAC_MD5: 254 case TEE_ALG_HMAC_SHA1: 255 case TEE_ALG_HMAC_SHA224: 256 case TEE_ALG_HMAC_SHA256: 257 case TEE_ALG_HMAC_SHA384: 258 case TEE_ALG_HMAC_SHA512: 259 if (mode != TEE_MODE_MAC) 260 return TEE_ERROR_NOT_SUPPORTED; 261 req_key_usage = TEE_USAGE_MAC; 262 break; 263 264 default: 265 return TEE_ERROR_NOT_SUPPORTED; 266 } 267 268 op = TEE_Malloc(sizeof(*op), 0); 269 if (!op) 270 return TEE_ERROR_OUT_OF_MEMORY; 271 272 op->info.algorithm = algorithm; 273 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 274 op->info.mode = mode; 275 op->info.maxKeySize = maxKeySize; 276 op->info.requiredKeyUsage = req_key_usage; 277 op->info.handleState = handle_state; 278 279 if (block_size > 1) { 280 size_t buffer_size = block_size; 281 282 if (buffer_two_blocks) 283 buffer_size *= 2; 284 285 op->buffer = TEE_Malloc(buffer_size, 286 TEE_USER_MEM_HINT_NO_FILL_ZERO); 287 if (op->buffer == NULL) { 288 res = TEE_ERROR_OUT_OF_MEMORY; 289 goto err0; 290 } 291 } 292 op->block_size = block_size; 293 op->buffer_two_blocks = buffer_two_blocks; 294 295 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 296 uint32_t mks = maxKeySize; 297 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 298 with_private_key); 299 300 /* 301 * If two keys are expected the max key size is the sum of 302 * the size of both keys. 303 */ 304 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 305 mks /= 2; 306 307 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 308 if (res != TEE_SUCCESS) 309 goto err1; 310 311 if ((op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 312 0) { 313 res = TEE_AllocateTransientObject(key_type, mks, 314 &op->key2); 315 if (res != TEE_SUCCESS) 316 goto err2; 317 } 318 } 319 320 res = utee_cryp_state_alloc(algorithm, mode, (uint32_t) op->key1, 321 (uint32_t) op->key2, &op->state); 322 if (res != TEE_SUCCESS) { 323 if ((op->info.handleState & 324 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 0) 325 goto err2; 326 goto err1; 327 } 328 329 /* For multi-stage operation do an "init". */ 330 TEE_ResetOperation(op); 331 *operation = op; 332 goto out; 333 334 err2: 335 TEE_FreeTransientObject(op->key2); 336 err1: 337 TEE_FreeTransientObject(op->key1); 338 err0: 339 TEE_FreeOperation(op); 340 341 if (res != TEE_SUCCESS && 342 res != TEE_ERROR_OUT_OF_MEMORY && 343 res != TEE_ERROR_NOT_SUPPORTED) 344 TEE_Panic(0); 345 out: 346 return res; 347 } 348 349 void TEE_FreeOperation(TEE_OperationHandle operation) 350 { 351 TEE_Result res; 352 353 if (operation == TEE_HANDLE_NULL) 354 TEE_Panic(0); 355 356 /* 357 * Note that keys should not be freed here, since they are 358 * claimed by the operation they will be freed by 359 * utee_cryp_state_free(). 360 */ 361 res = utee_cryp_state_free(operation->state); 362 if (res != TEE_SUCCESS) 363 TEE_Panic(0); 364 365 TEE_Free(operation->buffer); 366 TEE_Free(operation); 367 } 368 369 void TEE_GetOperationInfo(TEE_OperationHandle operation, 370 TEE_OperationInfo *operationInfo) 371 { 372 if (operation == TEE_HANDLE_NULL) 373 TEE_Panic(0); 374 375 if (operationInfo == NULL) 376 TEE_Panic(0); 377 378 *operationInfo = operation->info; 379 } 380 381 void TEE_ResetOperation(TEE_OperationHandle operation) 382 { 383 TEE_Result res; 384 385 if (operation == TEE_HANDLE_NULL) 386 TEE_Panic(0); 387 388 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) != 0) { 389 if (operation->info.keySize == 0) 390 TEE_Panic(0); 391 } 392 393 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 394 res = utee_hash_init(operation->state, NULL, 0); 395 if (res != TEE_SUCCESS) 396 TEE_Panic(res); 397 } 398 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 399 } 400 401 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 402 TEE_ObjectHandle key) 403 { 404 TEE_Result res; 405 uint32_t key_size = 0; 406 407 if (operation == TEE_HANDLE_NULL) 408 TEE_Panic(0); 409 410 /* No key for digests */ 411 if (operation->info.operationClass == TEE_OPERATION_DIGEST) 412 TEE_Panic(0); 413 414 /* Two keys expected */ 415 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 416 0) 417 TEE_Panic(0); 418 419 if (key != TEE_HANDLE_NULL) { 420 TEE_ObjectInfo key_info; 421 422 res = TEE_GetObjectInfo1(key, &key_info); 423 if (res != TEE_SUCCESS) 424 goto err; 425 426 /* Supplied key has to meet required usage */ 427 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 428 operation->info.requiredKeyUsage) { 429 TEE_Panic(0); 430 } 431 432 if (operation->info.maxKeySize < key_info.keySize) 433 TEE_Panic(0); 434 435 key_size = key_info.keySize; 436 } 437 438 TEE_ResetTransientObject(operation->key1); 439 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 440 441 if (key != TEE_HANDLE_NULL) { 442 res = TEE_CopyObjectAttributes1(operation->key1, key); 443 if (res != TEE_SUCCESS) 444 goto err; 445 446 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 447 } 448 449 operation->info.keySize = key_size; 450 451 goto out; 452 453 err: 454 if (res == TEE_ERROR_CORRUPT_OBJECT || 455 res == TEE_ERROR_STORAGE_NOT_AVAILABLE) 456 return res; 457 TEE_Panic(0); 458 out: 459 return TEE_SUCCESS; 460 } 461 462 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 463 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 464 { 465 TEE_Result res; 466 uint32_t key_size = 0; 467 468 if (operation == TEE_HANDLE_NULL) 469 TEE_Panic(0); 470 471 /* Two keys not expected */ 472 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 473 0) 474 TEE_Panic(0); 475 476 /* Either both keys are NULL or both are not NULL */ 477 if ((key1 == TEE_HANDLE_NULL || key2 == TEE_HANDLE_NULL) && 478 key1 != key2) 479 TEE_Panic(0); 480 481 if (key1 != TEE_HANDLE_NULL) { 482 TEE_ObjectInfo key_info1; 483 TEE_ObjectInfo key_info2; 484 485 res = TEE_GetObjectInfo1(key1, &key_info1); 486 if (res != TEE_SUCCESS) 487 goto err; 488 489 /* Supplied key has to meet required usage */ 490 if ((key_info1.objectUsage & operation->info. 491 requiredKeyUsage) != operation->info.requiredKeyUsage) { 492 TEE_Panic(0); 493 } 494 495 res = TEE_GetObjectInfo1(key2, &key_info2); 496 if (res != TEE_SUCCESS) { 497 if (res == TEE_ERROR_CORRUPT_OBJECT) 498 res = TEE_ERROR_CORRUPT_OBJECT_2; 499 goto err; 500 } 501 502 /* Supplied key has to meet required usage */ 503 if ((key_info2.objectUsage & operation->info. 504 requiredKeyUsage) != operation->info.requiredKeyUsage) { 505 TEE_Panic(0); 506 } 507 508 /* 509 * AES-XTS (the only multi key algorithm supported, requires the 510 * keys to be of equal size. 511 */ 512 if (operation->info.algorithm == TEE_ALG_AES_XTS && 513 key_info1.keySize != key_info2.keySize) 514 TEE_Panic(0); 515 516 if (operation->info.maxKeySize < key_info1.keySize) 517 TEE_Panic(0); 518 519 /* 520 * Odd that only the size of one key should be reported while 521 * size of two key are used when allocating the operation. 522 */ 523 key_size = key_info1.keySize; 524 } 525 526 TEE_ResetTransientObject(operation->key1); 527 TEE_ResetTransientObject(operation->key2); 528 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 529 530 if (key1 != TEE_HANDLE_NULL) { 531 res = TEE_CopyObjectAttributes1(operation->key1, key1); 532 if (res != TEE_SUCCESS) 533 goto err; 534 535 res = TEE_CopyObjectAttributes1(operation->key2, key2); 536 if (res != TEE_SUCCESS) { 537 if (res == TEE_ERROR_CORRUPT_OBJECT) 538 res = TEE_ERROR_CORRUPT_OBJECT_2; 539 goto err; 540 } 541 542 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 543 } 544 545 operation->info.keySize = key_size; 546 547 goto out; 548 549 err: 550 if (res == TEE_ERROR_CORRUPT_OBJECT || 551 res == TEE_ERROR_CORRUPT_OBJECT_2 || 552 res == TEE_ERROR_STORAGE_NOT_AVAILABLE || 553 res == TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 554 return res; 555 TEE_Panic(0); 556 out: 557 return TEE_SUCCESS; 558 } 559 560 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 561 { 562 TEE_Result res; 563 564 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 565 TEE_Panic(0); 566 if (dst_op->info.algorithm != src_op->info.algorithm) 567 TEE_Panic(0); 568 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 569 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 570 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 571 572 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 573 key1 = src_op->key1; 574 key2 = src_op->key2; 575 } 576 577 if ((src_op->info.handleState & 578 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 579 TEE_SetOperationKey(dst_op, key1); 580 } else { 581 TEE_SetOperationKey2(dst_op, key1, key2); 582 } 583 } 584 dst_op->info.handleState = src_op->info.handleState; 585 dst_op->info.keySize = src_op->info.keySize; 586 587 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 588 dst_op->block_size != src_op->block_size) 589 TEE_Panic(0); 590 591 if (dst_op->buffer != NULL) { 592 if (src_op->buffer == NULL) 593 TEE_Panic(0); 594 595 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 596 dst_op->buffer_offs = src_op->buffer_offs; 597 } else if (src_op->buffer != NULL) { 598 TEE_Panic(0); 599 } 600 601 res = utee_cryp_state_copy(dst_op->state, src_op->state); 602 if (res != TEE_SUCCESS) 603 TEE_Panic(res); 604 } 605 606 /* Cryptographic Operations API - Message Digest Functions */ 607 608 void TEE_DigestUpdate(TEE_OperationHandle operation, 609 void *chunk, uint32_t chunkSize) 610 { 611 TEE_Result res = TEE_ERROR_GENERIC; 612 613 if (operation == TEE_HANDLE_NULL || 614 operation->info.operationClass != TEE_OPERATION_DIGEST) 615 TEE_Panic(0); 616 617 res = utee_hash_update(operation->state, chunk, chunkSize); 618 if (res != TEE_SUCCESS) 619 TEE_Panic(res); 620 } 621 622 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 623 uint32_t chunkLen, void *hash, uint32_t *hashLen) 624 { 625 if ((operation == TEE_HANDLE_NULL) || (!chunk && chunkLen) || 626 !hash || !hashLen || 627 (operation->info.operationClass != TEE_OPERATION_DIGEST)) 628 TEE_Panic(0); 629 630 return utee_hash_final(operation->state, chunk, chunkLen, hash, 631 hashLen); 632 } 633 634 /* Cryptographic Operations API - Symmetric Cipher Functions */ 635 636 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 637 { 638 TEE_Result res; 639 640 if (operation == TEE_HANDLE_NULL) 641 TEE_Panic(0); 642 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 643 TEE_Panic(0); 644 res = utee_cipher_init(operation->state, IV, IVLen); 645 if (res != TEE_SUCCESS) 646 TEE_Panic(res); 647 operation->buffer_offs = 0; 648 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 649 } 650 651 static TEE_Result tee_buffer_update( 652 TEE_OperationHandle op, 653 TEE_Result(*update_func) (uint32_t state, const void *src, 654 size_t slen, void *dst, uint32_t *dlen), 655 const void *src_data, size_t src_len, 656 void *dest_data, uint32_t *dest_len) 657 { 658 TEE_Result res; 659 const uint8_t *src = src_data; 660 size_t slen = src_len; 661 uint8_t *dst = dest_data; 662 size_t dlen = *dest_len; 663 size_t acc_dlen = 0; 664 uint32_t tmp_dlen; 665 size_t l; 666 size_t buffer_size; 667 size_t buffer_left; 668 669 if (op->buffer_two_blocks) { 670 buffer_size = op->block_size * 2; 671 buffer_left = 1; 672 } else { 673 buffer_size = op->block_size; 674 buffer_left = 0; 675 } 676 677 if (op->buffer_offs > 0) { 678 /* Fill up complete block */ 679 if (op->buffer_offs < op->block_size) 680 l = MIN(slen, op->block_size - op->buffer_offs); 681 else 682 l = MIN(slen, buffer_size - op->buffer_offs); 683 memcpy(op->buffer + op->buffer_offs, src, l); 684 op->buffer_offs += l; 685 src += l; 686 slen -= l; 687 if ((op->buffer_offs % op->block_size) != 0) 688 goto out; /* Nothing left to do */ 689 } 690 691 /* If we can feed from buffer */ 692 if ((op->buffer_offs > 0) && 693 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 694 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 695 op->block_size); 696 l = MIN(op->buffer_offs, l); 697 tmp_dlen = dlen; 698 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 699 if (res != TEE_SUCCESS) 700 TEE_Panic(res); 701 dst += tmp_dlen; 702 dlen -= tmp_dlen; 703 acc_dlen += tmp_dlen; 704 op->buffer_offs -= l; 705 if (op->buffer_offs > 0) { 706 /* 707 * Slen is small enough to be contained in rest buffer. 708 */ 709 memcpy(op->buffer, op->buffer + l, buffer_size - l); 710 memcpy(op->buffer + op->buffer_offs, src, slen); 711 op->buffer_offs += slen; 712 goto out; /* Nothing left to do */ 713 } 714 } 715 716 if (slen >= (buffer_size + buffer_left)) { 717 /* Buffer is empty, feed as much as possible from src */ 718 if (TEE_ALIGNMENT_IS_OK(src, uint32_t)) { 719 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 720 721 tmp_dlen = dlen; 722 res = update_func(op->state, src, l, dst, &tmp_dlen); 723 if (res != TEE_SUCCESS) 724 TEE_Panic(res); 725 src += l; 726 slen -= l; 727 dst += tmp_dlen; 728 dlen -= tmp_dlen; 729 acc_dlen += tmp_dlen; 730 } else { 731 /* 732 * Supplied data isn't well aligned, we're forced to 733 * feed through the buffer. 734 */ 735 while (slen >= op->block_size) { 736 memcpy(op->buffer, src, op->block_size); 737 738 tmp_dlen = dlen; 739 res = 740 update_func(op->state, op->buffer, 741 op->block_size, dst, &tmp_dlen); 742 if (res != TEE_SUCCESS) 743 TEE_Panic(res); 744 src += op->block_size; 745 slen -= op->block_size; 746 dst += tmp_dlen; 747 dlen -= tmp_dlen; 748 acc_dlen += tmp_dlen; 749 } 750 } 751 } 752 753 /* Slen is small enough to be contained in buffer. */ 754 memcpy(op->buffer + op->buffer_offs, src, slen); 755 op->buffer_offs += slen; 756 757 out: 758 *dest_len = acc_dlen; 759 return TEE_SUCCESS; 760 } 761 762 TEE_Result TEE_CipherUpdate(TEE_OperationHandle op, const void *srcData, 763 uint32_t srcLen, void *destData, uint32_t *destLen) 764 { 765 size_t req_dlen; 766 767 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 768 destLen == NULL || (destData == NULL && *destLen != 0)) 769 TEE_Panic(0); 770 if (op->info.operationClass != TEE_OPERATION_CIPHER) 771 TEE_Panic(0); 772 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 773 TEE_Panic(0); 774 775 /* Calculate required dlen */ 776 req_dlen = ((op->buffer_offs + srcLen) / op->block_size) * 777 op->block_size; 778 if (op->buffer_two_blocks) { 779 if (req_dlen > op->block_size * 2) 780 req_dlen -= op->block_size * 2; 781 else 782 req_dlen = 0; 783 } 784 /* 785 * Check that required destLen is big enough before starting to feed 786 * data to the algorithm. Errors during feeding of data are fatal as we 787 * can't restore sync with this API. 788 */ 789 if (*destLen < req_dlen) { 790 *destLen = req_dlen; 791 return TEE_ERROR_SHORT_BUFFER; 792 } 793 794 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, destData, 795 destLen); 796 797 return TEE_SUCCESS; 798 } 799 800 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle op, 801 const void *srcData, uint32_t srcLen, void *destData, 802 uint32_t *destLen) 803 { 804 TEE_Result res; 805 uint8_t *dst = destData; 806 size_t acc_dlen = 0; 807 uint32_t tmp_dlen; 808 size_t req_dlen; 809 810 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 811 destLen == NULL || (destData == NULL && *destLen != 0)) 812 TEE_Panic(0); 813 if (op->info.operationClass != TEE_OPERATION_CIPHER) 814 TEE_Panic(0); 815 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 816 TEE_Panic(0); 817 818 /* 819 * Check that the final block doesn't require padding for those 820 * algorithms that requires client to supply padding. 821 */ 822 if (op->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 823 op->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 824 op->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 825 op->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 826 op->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 827 op->info.algorithm == TEE_ALG_DES3_CBC_NOPAD) { 828 if (((op->buffer_offs + srcLen) % op->block_size) != 0) 829 return TEE_ERROR_BAD_PARAMETERS; 830 } 831 832 /* 833 * Check that required destLen is big enough before starting to feed 834 * data to the algorithm. Errors during feeding of data are fatal as we 835 * can't restore sync with this API. 836 */ 837 req_dlen = op->buffer_offs + srcLen; 838 if (*destLen < req_dlen) { 839 *destLen = req_dlen; 840 return TEE_ERROR_SHORT_BUFFER; 841 } 842 843 tmp_dlen = *destLen - acc_dlen; 844 tee_buffer_update(op, utee_cipher_update, srcData, srcLen, dst, 845 &tmp_dlen); 846 dst += tmp_dlen; 847 acc_dlen += tmp_dlen; 848 849 tmp_dlen = *destLen - acc_dlen; 850 res = utee_cipher_final(op->state, op->buffer, op->buffer_offs, 851 dst, &tmp_dlen); 852 if (res != TEE_SUCCESS) 853 TEE_Panic(res); 854 acc_dlen += tmp_dlen; 855 856 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 857 *destLen = acc_dlen; 858 return TEE_SUCCESS; 859 } 860 861 /* Cryptographic Operations API - MAC Functions */ 862 863 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 864 { 865 TEE_Result res; 866 867 if (operation == TEE_HANDLE_NULL) 868 TEE_Panic(0); 869 if (IV == NULL && IVLen != 0) 870 TEE_Panic(0); 871 if (operation->info.operationClass != TEE_OPERATION_MAC) 872 TEE_Panic(0); 873 res = utee_hash_init(operation->state, IV, IVLen); 874 if (res != TEE_SUCCESS) 875 TEE_Panic(res); 876 operation->buffer_offs = 0; 877 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 878 } 879 880 void TEE_MACUpdate(TEE_OperationHandle op, const void *chunk, uint32_t chunkSize) 881 { 882 TEE_Result res; 883 884 if (op == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 885 TEE_Panic(0); 886 if (op->info.operationClass != TEE_OPERATION_MAC) 887 TEE_Panic(0); 888 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 889 TEE_Panic(0); 890 891 res = utee_hash_update(op->state, chunk, chunkSize); 892 if (res != TEE_SUCCESS) 893 TEE_Panic(res); 894 } 895 896 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle op, 897 const void *message, uint32_t messageLen, 898 void *mac, uint32_t *macLen) 899 { 900 TEE_Result res; 901 902 if (op == TEE_HANDLE_NULL || (message == NULL && messageLen != 0) || 903 mac == NULL || macLen == NULL) 904 TEE_Panic(0); 905 if (op->info.operationClass != TEE_OPERATION_MAC) 906 TEE_Panic(0); 907 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 908 TEE_Panic(0); 909 910 res = utee_hash_final(op->state, message, messageLen, mac, macLen); 911 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 912 return res; 913 } 914 915 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 916 const void *message, uint32_t messageLen, 917 const void *mac, uint32_t macLen) 918 { 919 TEE_Result res; 920 uint8_t computed_mac[TEE_MAX_HASH_SIZE]; 921 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 922 923 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 924 &computed_mac_size); 925 if (res != TEE_SUCCESS) 926 return res; 927 if (computed_mac_size != macLen) 928 return TEE_ERROR_MAC_INVALID; 929 if (buf_compare_ct(mac, computed_mac, computed_mac_size) != 0) 930 return TEE_ERROR_MAC_INVALID; 931 return TEE_SUCCESS; 932 } 933 934 /* Cryptographic Operations API - Authenticated Encryption Functions */ 935 936 TEE_Result TEE_AEInit(TEE_OperationHandle op, const void *nonce, 937 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 938 uint32_t payloadLen) 939 { 940 TEE_Result res; 941 942 if (op == TEE_HANDLE_NULL || nonce == NULL) 943 TEE_Panic(0); 944 if (op->info.operationClass != TEE_OPERATION_AE) 945 TEE_Panic(0); 946 947 /* 948 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 949 * in the implementation. But AES-GCM spec doesn't specify the tag len 950 * according to the same principle so we have to check here instead to 951 * be GP compliant. 952 */ 953 if (op->info.algorithm == TEE_ALG_AES_GCM) { 954 /* 955 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 956 */ 957 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) 958 return TEE_ERROR_NOT_SUPPORTED; 959 } 960 961 res = utee_authenc_init(op->state, nonce, nonceLen, tagLen / 8, AADLen, 962 payloadLen); 963 if (res != TEE_SUCCESS) { 964 if (res != TEE_ERROR_NOT_SUPPORTED) 965 TEE_Panic(res); 966 return res; 967 } 968 op->ae_tag_len = tagLen / 8; 969 970 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 971 return TEE_SUCCESS; 972 } 973 974 void TEE_AEUpdateAAD(TEE_OperationHandle op, const void *AADdata, 975 uint32_t AADdataLen) 976 { 977 TEE_Result res; 978 979 if (op == TEE_HANDLE_NULL || (AADdata == NULL && AADdataLen != 0)) 980 TEE_Panic(0); 981 if (op->info.operationClass != TEE_OPERATION_AE) 982 TEE_Panic(0); 983 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 984 TEE_Panic(0); 985 986 res = utee_authenc_update_aad(op->state, AADdata, AADdataLen); 987 if (res != TEE_SUCCESS) 988 TEE_Panic(res); 989 } 990 991 TEE_Result TEE_AEUpdate(TEE_OperationHandle op, const void *srcData, 992 uint32_t srcLen, void *destData, uint32_t *destLen) 993 { 994 size_t req_dlen; 995 996 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 997 destLen == NULL || (destData == NULL && *destLen != 0)) 998 TEE_Panic(0); 999 if (op->info.operationClass != TEE_OPERATION_AE) 1000 TEE_Panic(0); 1001 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1002 TEE_Panic(0); 1003 1004 /* 1005 * Check that required destLen is big enough before starting to feed 1006 * data to the algorithm. Errors during feeding of data are fatal as we 1007 * can't restore sync with this API. 1008 */ 1009 req_dlen = ROUNDDOWN(op->buffer_offs + srcLen, op->block_size); 1010 if (*destLen < req_dlen) { 1011 *destLen = req_dlen; 1012 return TEE_ERROR_SHORT_BUFFER; 1013 } 1014 1015 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1016 destData, destLen); 1017 1018 return TEE_SUCCESS; 1019 } 1020 1021 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle op, 1022 const void *srcData, uint32_t srcLen, 1023 void *destData, uint32_t *destLen, void *tag, 1024 uint32_t *tagLen) 1025 { 1026 TEE_Result res; 1027 uint8_t *dst = destData; 1028 size_t acc_dlen = 0; 1029 uint32_t tmp_dlen; 1030 size_t req_dlen; 1031 1032 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1033 destLen == NULL || (destData == NULL && *destLen != 0) || 1034 tag == NULL || tagLen == NULL) 1035 TEE_Panic(0); 1036 if (op->info.operationClass != TEE_OPERATION_AE) 1037 TEE_Panic(0); 1038 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1039 TEE_Panic(0); 1040 1041 /* 1042 * Check that required destLen is big enough before starting to feed 1043 * data to the algorithm. Errors during feeding of data are fatal as we 1044 * can't restore sync with this API. 1045 */ 1046 req_dlen = op->buffer_offs + srcLen; 1047 if (*destLen < req_dlen) { 1048 *destLen = req_dlen; 1049 return TEE_ERROR_SHORT_BUFFER; 1050 } 1051 1052 /* 1053 * Need to check this before update_payload since sync would be lost if 1054 * we return short buffer after that. 1055 */ 1056 if (*tagLen < op->ae_tag_len) { 1057 *tagLen = op->ae_tag_len; 1058 return TEE_ERROR_SHORT_BUFFER; 1059 } 1060 1061 tmp_dlen = *destLen - acc_dlen; 1062 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1063 dst, &tmp_dlen); 1064 dst += tmp_dlen; 1065 acc_dlen += tmp_dlen; 1066 1067 tmp_dlen = *destLen - acc_dlen; 1068 res = 1069 utee_authenc_enc_final(op->state, op->buffer, op->buffer_offs, dst, 1070 &tmp_dlen, tag, tagLen); 1071 if (res != TEE_SUCCESS) 1072 TEE_Panic(res); 1073 acc_dlen += tmp_dlen; 1074 1075 *destLen = acc_dlen; 1076 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1077 1078 return res; 1079 } 1080 1081 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle op, 1082 const void *srcData, uint32_t srcLen, 1083 void *destData, uint32_t *destLen, const void *tag, 1084 uint32_t tagLen) 1085 { 1086 TEE_Result res; 1087 uint8_t *dst = destData; 1088 size_t acc_dlen = 0; 1089 uint32_t tmp_dlen; 1090 size_t req_dlen; 1091 1092 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1093 destLen == NULL || (destData == NULL && *destLen != 0) || 1094 (tag == NULL && tagLen != 0)) 1095 TEE_Panic(0); 1096 if (op->info.operationClass != TEE_OPERATION_AE) 1097 TEE_Panic(0); 1098 if ((op->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1099 TEE_Panic(0); 1100 1101 /* 1102 * Check that required destLen is big enough before starting to feed 1103 * data to the algorithm. Errors during feeding of data are fatal as we 1104 * can't restore sync with this API. 1105 */ 1106 req_dlen = op->buffer_offs + srcLen; 1107 if (*destLen < req_dlen) { 1108 *destLen = req_dlen; 1109 return TEE_ERROR_SHORT_BUFFER; 1110 } 1111 1112 tmp_dlen = *destLen - acc_dlen; 1113 tee_buffer_update(op, utee_authenc_update_payload, srcData, srcLen, 1114 dst, &tmp_dlen); 1115 dst += tmp_dlen; 1116 acc_dlen += tmp_dlen; 1117 1118 tmp_dlen = *destLen - acc_dlen; 1119 res = 1120 utee_authenc_dec_final(op->state, op->buffer, op->buffer_offs, dst, 1121 &tmp_dlen, tag, tagLen); 1122 if (res != TEE_SUCCESS && res != TEE_ERROR_MAC_INVALID) 1123 TEE_Panic(res); 1124 /* Supplied tagLen should match what we initiated with */ 1125 if (tagLen != op->ae_tag_len) 1126 res = TEE_ERROR_MAC_INVALID; 1127 1128 acc_dlen += tmp_dlen; 1129 1130 *destLen = acc_dlen; 1131 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1132 1133 return res; 1134 } 1135 1136 /* Cryptographic Operations API - Asymmetric Functions */ 1137 1138 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle op, 1139 const TEE_Attribute *params, 1140 uint32_t paramCount, const void *srcData, 1141 uint32_t srcLen, void *destData, 1142 uint32_t *destLen) 1143 { 1144 TEE_Result res; 1145 1146 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1147 destLen == NULL || (destData == NULL && *destLen != 0)) 1148 TEE_Panic(0); 1149 if (paramCount != 0 && params == NULL) 1150 TEE_Panic(0); 1151 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1152 TEE_Panic(0); 1153 if (op->info.mode != TEE_MODE_ENCRYPT) 1154 TEE_Panic(0); 1155 1156 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1157 destData, destLen); 1158 if (res != TEE_SUCCESS && 1159 res != TEE_ERROR_SHORT_BUFFER && 1160 res != TEE_ERROR_BAD_PARAMETERS) 1161 TEE_Panic(res); 1162 return res; 1163 } 1164 1165 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle op, 1166 const TEE_Attribute *params, 1167 uint32_t paramCount, const void *srcData, 1168 uint32_t srcLen, void *destData, 1169 uint32_t *destLen) 1170 { 1171 TEE_Result res; 1172 1173 if (op == TEE_HANDLE_NULL || (srcData == NULL && srcLen != 0) || 1174 destLen == NULL || (destData == NULL && *destLen != 0)) 1175 TEE_Panic(0); 1176 if (paramCount != 0 && params == NULL) 1177 TEE_Panic(0); 1178 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1179 TEE_Panic(0); 1180 if (op->info.mode != TEE_MODE_DECRYPT) 1181 TEE_Panic(0); 1182 1183 res = utee_asymm_operate(op->state, params, paramCount, srcData, srcLen, 1184 destData, destLen); 1185 if (res != TEE_SUCCESS && 1186 res != TEE_ERROR_SHORT_BUFFER && 1187 res != TEE_ERROR_BAD_PARAMETERS) 1188 TEE_Panic(res); 1189 return res; 1190 } 1191 1192 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle op, 1193 const TEE_Attribute *params, 1194 uint32_t paramCount, const void *digest, 1195 uint32_t digestLen, void *signature, 1196 uint32_t *signatureLen) 1197 { 1198 TEE_Result res; 1199 1200 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1201 signature == NULL || signatureLen == NULL) 1202 TEE_Panic(0); 1203 if (paramCount != 0 && params == NULL) 1204 TEE_Panic(0); 1205 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1206 TEE_Panic(0); 1207 if (op->info.mode != TEE_MODE_SIGN) 1208 TEE_Panic(0); 1209 1210 res = 1211 utee_asymm_operate(op->state, params, paramCount, digest, digestLen, 1212 signature, signatureLen); 1213 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1214 TEE_Panic(res); 1215 return res; 1216 } 1217 1218 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle op, 1219 const TEE_Attribute *params, 1220 uint32_t paramCount, const void *digest, 1221 uint32_t digestLen, const void *signature, 1222 uint32_t signatureLen) 1223 { 1224 TEE_Result res; 1225 1226 if (op == TEE_HANDLE_NULL || (digest == NULL && digestLen != 0) || 1227 (signature == NULL && signatureLen != 0)) 1228 TEE_Panic(0); 1229 if (paramCount != 0 && params == NULL) 1230 TEE_Panic(0); 1231 if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1232 TEE_Panic(0); 1233 if (op->info.mode != TEE_MODE_VERIFY) 1234 TEE_Panic(0); 1235 1236 res = 1237 utee_asymm_verify(op->state, params, paramCount, digest, digestLen, 1238 signature, signatureLen); 1239 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1240 TEE_Panic(res); 1241 return res; 1242 } 1243 1244 /* Cryptographic Operations API - Key Derivation Functions */ 1245 1246 void TEE_DeriveKey(TEE_OperationHandle operation, 1247 const TEE_Attribute *params, uint32_t paramCount, 1248 TEE_ObjectHandle derivedKey) 1249 { 1250 TEE_Result res; 1251 TEE_ObjectInfo key_info; 1252 1253 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1254 TEE_Panic(0); 1255 if (paramCount != 0 && params == NULL) 1256 TEE_Panic(0); 1257 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1258 TEE_OPERATION_KEY_DERIVATION) 1259 TEE_Panic(0); 1260 1261 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1262 TEE_Panic(0); 1263 if (operation->info.mode != TEE_MODE_DERIVE) 1264 TEE_Panic(0); 1265 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1266 TEE_Panic(0); 1267 1268 res = utee_cryp_obj_get_info((uint32_t) derivedKey, &key_info); 1269 if (res != TEE_SUCCESS) 1270 TEE_Panic(0); 1271 1272 if (key_info.objectType != TEE_TYPE_GENERIC_SECRET) 1273 TEE_Panic(0); 1274 if ((key_info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1275 TEE_Panic(0); 1276 1277 res = utee_cryp_derive_key(operation->state, params, paramCount, 1278 (uint32_t) derivedKey); 1279 if (res != TEE_SUCCESS) 1280 TEE_Panic(res); 1281 } 1282 1283 /* Cryptographic Operations API - Random Number Generation Functions */ 1284 1285 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1286 { 1287 TEE_Result res; 1288 1289 res = utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1290 if (res != TEE_SUCCESS) 1291 TEE_Panic(res); 1292 } 1293