1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <config.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <string_ext.h> 10 #include <tee_api.h> 11 #include <tee_api_defines_extensions.h> 12 #include <tee_internal_api_extensions.h> 13 #include <utee_syscalls.h> 14 #include <utee_defines.h> 15 #include <util.h> 16 #include "tee_api_private.h" 17 18 struct __TEE_OperationHandle { 19 TEE_OperationInfo info; 20 TEE_ObjectHandle key1; 21 TEE_ObjectHandle key2; 22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 23 uint8_t *buffer; /* buffer to collect complete blocks */ 24 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 25 size_t block_size; /* Block size of cipher */ 26 size_t buffer_offs; /* Offset in buffer */ 27 uint32_t state; /* Handle to state in TEE Core */ 28 }; 29 30 /* Cryptographic Operations API - Generic Operation Functions */ 31 32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 33 uint32_t algorithm, uint32_t mode, 34 uint32_t maxKeySize) 35 { 36 TEE_Result res; 37 TEE_OperationHandle op = TEE_HANDLE_NULL; 38 uint32_t handle_state = 0; 39 size_t block_size = 1; 40 uint32_t req_key_usage; 41 bool with_private_key = false; 42 bool buffer_two_blocks = false; 43 44 if (!operation) 45 TEE_Panic(0); 46 47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 48 algorithm == TEE_ALG_SM4_XTS) 49 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 50 51 /* Check algorithm max key size */ 52 switch (algorithm) { 53 case TEE_ALG_DSA_SHA1: 54 if (maxKeySize < 512) 55 return TEE_ERROR_NOT_SUPPORTED; 56 if (maxKeySize > 1024) 57 return TEE_ERROR_NOT_SUPPORTED; 58 if (maxKeySize % 64 != 0) 59 return TEE_ERROR_NOT_SUPPORTED; 60 break; 61 62 case TEE_ALG_DSA_SHA224: 63 if (maxKeySize != 2048) 64 return TEE_ERROR_NOT_SUPPORTED; 65 break; 66 67 case TEE_ALG_DSA_SHA256: 68 if (maxKeySize != 2048 && maxKeySize != 3072) 69 return TEE_ERROR_NOT_SUPPORTED; 70 break; 71 72 case TEE_ALG_ECDSA_SHA1: 73 case __OPTEE_ALG_ECDSA_P192: 74 case __OPTEE_ALG_ECDH_P192: 75 if (maxKeySize != 192) 76 return TEE_ERROR_NOT_SUPPORTED; 77 break; 78 79 case TEE_ALG_ECDSA_SHA224: 80 case __OPTEE_ALG_ECDSA_P224: 81 case __OPTEE_ALG_ECDH_P224: 82 if (maxKeySize != 224) 83 return TEE_ERROR_NOT_SUPPORTED; 84 break; 85 86 case TEE_ALG_ECDSA_SHA256: 87 case __OPTEE_ALG_ECDSA_P256: 88 case __OPTEE_ALG_ECDH_P256: 89 case TEE_ALG_SM2_PKE: 90 case TEE_ALG_SM2_DSA_SM3: 91 if (maxKeySize != 256) 92 return TEE_ERROR_NOT_SUPPORTED; 93 break; 94 95 case TEE_ALG_SM2_KEP: 96 /* Two 256-bit keys */ 97 if (maxKeySize != 512) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_ECDSA_SHA384: 102 case __OPTEE_ALG_ECDSA_P384: 103 case __OPTEE_ALG_ECDH_P384: 104 if (maxKeySize != 384) 105 return TEE_ERROR_NOT_SUPPORTED; 106 break; 107 108 case TEE_ALG_ECDSA_SHA512: 109 case __OPTEE_ALG_ECDSA_P521: 110 case __OPTEE_ALG_ECDH_P521: 111 if (maxKeySize != 521) 112 return TEE_ERROR_NOT_SUPPORTED; 113 break; 114 115 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 116 if (maxKeySize > 521) 117 return TEE_ERROR_NOT_SUPPORTED; 118 break; 119 120 case TEE_ALG_ED25519: 121 case TEE_ALG_X25519: 122 if (maxKeySize != 256) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 default: 126 break; 127 } 128 129 /* Check algorithm mode (and maxKeySize for digests) */ 130 switch (algorithm) { 131 case TEE_ALG_AES_CTS: 132 case TEE_ALG_AES_XTS: 133 case TEE_ALG_SM4_XTS: 134 buffer_two_blocks = true; 135 fallthrough; 136 case TEE_ALG_AES_ECB_NOPAD: 137 case TEE_ALG_AES_CBC_NOPAD: 138 case TEE_ALG_AES_CCM: 139 case TEE_ALG_DES_ECB_NOPAD: 140 case TEE_ALG_DES_CBC_NOPAD: 141 case TEE_ALG_DES3_ECB_NOPAD: 142 case TEE_ALG_DES3_CBC_NOPAD: 143 case TEE_ALG_SM4_ECB_NOPAD: 144 case TEE_ALG_SM4_CBC_NOPAD: 145 case TEE_ALG_SM4_CTR: 146 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 147 block_size = TEE_AES_BLOCK_SIZE; 148 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 149 block_size = TEE_SM4_BLOCK_SIZE; 150 else 151 block_size = TEE_DES_BLOCK_SIZE; 152 fallthrough; 153 case TEE_ALG_AES_CTR: 154 case TEE_ALG_AES_GCM: 155 if (mode == TEE_MODE_ENCRYPT) 156 req_key_usage = TEE_USAGE_ENCRYPT; 157 else if (mode == TEE_MODE_DECRYPT) 158 req_key_usage = TEE_USAGE_DECRYPT; 159 else 160 return TEE_ERROR_NOT_SUPPORTED; 161 break; 162 163 #if defined(CFG_CRYPTO_RSASSA_NA1) 164 case TEE_ALG_RSASSA_PKCS1_V1_5: 165 #endif 166 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 167 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 168 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 169 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 170 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 171 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 172 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 173 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 174 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 175 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 176 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 177 case TEE_ALG_DSA_SHA1: 178 case TEE_ALG_DSA_SHA224: 179 case TEE_ALG_DSA_SHA256: 180 case TEE_ALG_ECDSA_SHA1: 181 case TEE_ALG_ECDSA_SHA224: 182 case TEE_ALG_ECDSA_SHA256: 183 case TEE_ALG_ECDSA_SHA384: 184 case TEE_ALG_ECDSA_SHA512: 185 case __OPTEE_ALG_ECDSA_P192: 186 case __OPTEE_ALG_ECDSA_P224: 187 case __OPTEE_ALG_ECDSA_P256: 188 case __OPTEE_ALG_ECDSA_P384: 189 case __OPTEE_ALG_ECDSA_P521: 190 case TEE_ALG_SM2_DSA_SM3: 191 case TEE_ALG_ED25519: 192 if (mode == TEE_MODE_SIGN) { 193 with_private_key = true; 194 req_key_usage = TEE_USAGE_SIGN; 195 } else if (mode == TEE_MODE_VERIFY) { 196 req_key_usage = TEE_USAGE_VERIFY; 197 } else { 198 return TEE_ERROR_NOT_SUPPORTED; 199 } 200 break; 201 202 case TEE_ALG_RSAES_PKCS1_V1_5: 203 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 204 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 205 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 206 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 207 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 208 case TEE_ALG_SM2_PKE: 209 if (mode == TEE_MODE_ENCRYPT) { 210 req_key_usage = TEE_USAGE_ENCRYPT; 211 } else if (mode == TEE_MODE_DECRYPT) { 212 with_private_key = true; 213 req_key_usage = TEE_USAGE_DECRYPT; 214 } else { 215 return TEE_ERROR_NOT_SUPPORTED; 216 } 217 break; 218 219 case TEE_ALG_RSA_NOPAD: 220 if (mode == TEE_MODE_ENCRYPT) { 221 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 222 } else if (mode == TEE_MODE_DECRYPT) { 223 with_private_key = true; 224 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 225 } else { 226 return TEE_ERROR_NOT_SUPPORTED; 227 } 228 break; 229 230 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 231 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 232 case __OPTEE_ALG_ECDH_P192: 233 case __OPTEE_ALG_ECDH_P224: 234 case __OPTEE_ALG_ECDH_P256: 235 case __OPTEE_ALG_ECDH_P384: 236 case __OPTEE_ALG_ECDH_P521: 237 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 238 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 239 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 240 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 241 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 242 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 243 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 244 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 245 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 246 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 247 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 248 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 249 case TEE_ALG_SM2_KEP: 250 case TEE_ALG_X25519: 251 if (mode != TEE_MODE_DERIVE) 252 return TEE_ERROR_NOT_SUPPORTED; 253 with_private_key = true; 254 req_key_usage = TEE_USAGE_DERIVE; 255 break; 256 257 case TEE_ALG_MD5: 258 case TEE_ALG_SHA1: 259 case TEE_ALG_SHA224: 260 case TEE_ALG_SHA256: 261 case TEE_ALG_SHA384: 262 case TEE_ALG_SHA512: 263 case TEE_ALG_SM3: 264 if (mode != TEE_MODE_DIGEST) 265 return TEE_ERROR_NOT_SUPPORTED; 266 if (maxKeySize) 267 return TEE_ERROR_NOT_SUPPORTED; 268 /* v1.1: flags always set for digest operations */ 269 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 270 req_key_usage = 0; 271 break; 272 273 case TEE_ALG_DES_CBC_MAC_NOPAD: 274 case TEE_ALG_AES_CBC_MAC_NOPAD: 275 case TEE_ALG_AES_CBC_MAC_PKCS5: 276 case TEE_ALG_AES_CMAC: 277 case TEE_ALG_DES_CBC_MAC_PKCS5: 278 case TEE_ALG_DES3_CBC_MAC_NOPAD: 279 case TEE_ALG_DES3_CBC_MAC_PKCS5: 280 case TEE_ALG_DES3_CMAC: 281 case TEE_ALG_HMAC_MD5: 282 case TEE_ALG_HMAC_SHA1: 283 case TEE_ALG_HMAC_SHA224: 284 case TEE_ALG_HMAC_SHA256: 285 case TEE_ALG_HMAC_SHA384: 286 case TEE_ALG_HMAC_SHA512: 287 case TEE_ALG_HMAC_SM3: 288 if (mode != TEE_MODE_MAC) 289 return TEE_ERROR_NOT_SUPPORTED; 290 req_key_usage = TEE_USAGE_MAC; 291 break; 292 293 default: 294 return TEE_ERROR_NOT_SUPPORTED; 295 } 296 297 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 298 if (!op) 299 return TEE_ERROR_OUT_OF_MEMORY; 300 301 op->info.algorithm = algorithm; 302 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 303 #ifdef CFG_CRYPTO_RSASSA_NA1 304 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 305 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 306 #endif 307 op->info.mode = mode; 308 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 309 op->info.maxKeySize = maxKeySize; 310 op->info.requiredKeyUsage = req_key_usage; 311 op->info.handleState = handle_state; 312 313 if (block_size > 1) { 314 size_t buffer_size = block_size; 315 316 if (buffer_two_blocks) 317 buffer_size *= 2; 318 319 op->buffer = TEE_Malloc(buffer_size, 320 TEE_USER_MEM_HINT_NO_FILL_ZERO); 321 if (op->buffer == NULL) { 322 res = TEE_ERROR_OUT_OF_MEMORY; 323 goto out; 324 } 325 } 326 op->block_size = block_size; 327 op->buffer_two_blocks = buffer_two_blocks; 328 329 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 330 uint32_t mks = maxKeySize; 331 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 332 with_private_key); 333 334 /* 335 * If two keys are expected the max key size is the sum of 336 * the size of both keys. 337 */ 338 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 339 mks /= 2; 340 341 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 342 if (res != TEE_SUCCESS) 343 goto out; 344 345 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 346 res = TEE_AllocateTransientObject(key_type, mks, 347 &op->key2); 348 if (res != TEE_SUCCESS) 349 goto out; 350 } 351 } 352 353 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 354 (unsigned long)op->key2, &op->state); 355 if (res != TEE_SUCCESS) 356 goto out; 357 358 /* 359 * Initialize digest operations 360 * Other multi-stage operations initialized w/ TEE_xxxInit functions 361 * Non-applicable on asymmetric operations 362 */ 363 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 364 res = _utee_hash_init(op->state, NULL, 0); 365 if (res != TEE_SUCCESS) 366 goto out; 367 /* v1.1: flags always set for digest operations */ 368 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 369 } 370 371 op->operationState = TEE_OPERATION_STATE_INITIAL; 372 373 *operation = op; 374 375 out: 376 if (res != TEE_SUCCESS) { 377 if (res != TEE_ERROR_OUT_OF_MEMORY && 378 res != TEE_ERROR_NOT_SUPPORTED) 379 TEE_Panic(res); 380 if (op) { 381 if (op->state) { 382 TEE_FreeOperation(op); 383 } else { 384 TEE_Free(op->buffer); 385 TEE_FreeTransientObject(op->key1); 386 TEE_FreeTransientObject(op->key2); 387 TEE_Free(op); 388 } 389 } 390 } 391 392 return res; 393 } 394 395 void TEE_FreeOperation(TEE_OperationHandle operation) 396 { 397 TEE_Result res; 398 399 if (operation == TEE_HANDLE_NULL) 400 TEE_Panic(0); 401 402 /* 403 * Note that keys should not be freed here, since they are 404 * claimed by the operation they will be freed by 405 * utee_cryp_state_free(). 406 */ 407 res = _utee_cryp_state_free(operation->state); 408 if (res != TEE_SUCCESS) 409 TEE_Panic(res); 410 411 TEE_Free(operation->buffer); 412 TEE_Free(operation); 413 } 414 415 void TEE_GetOperationInfo(TEE_OperationHandle operation, 416 TEE_OperationInfo *operationInfo) 417 { 418 if (operation == TEE_HANDLE_NULL) 419 TEE_Panic(0); 420 421 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 422 423 *operationInfo = operation->info; 424 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 425 operationInfo->keySize = 0; 426 operationInfo->requiredKeyUsage = 0; 427 } 428 } 429 430 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 431 TEE_OperationInfoMultiple *op_info, 432 size_t *size) 433 { 434 TEE_Result res = TEE_SUCCESS; 435 TEE_ObjectInfo kinfo = { }; 436 size_t max_key_count = 0; 437 bool two_keys = false; 438 439 if (op == TEE_HANDLE_NULL) { 440 res = TEE_ERROR_BAD_PARAMETERS; 441 goto out; 442 } 443 444 __utee_check_outbuf_annotation(op_info, size); 445 446 if (*size < sizeof(*op_info)) { 447 res = TEE_ERROR_BAD_PARAMETERS; 448 goto out; 449 } 450 max_key_count = (*size - sizeof(*op_info)) / 451 sizeof(TEE_OperationInfoKey); 452 453 TEE_MemFill(op_info, 0, *size); 454 455 /* Two keys flag (TEE_ALG_AES_XTS only) */ 456 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 457 458 if (op->info.mode == TEE_MODE_DIGEST) { 459 op_info->numberOfKeys = 0; 460 } else if (!two_keys) { 461 if (max_key_count < 1) { 462 res = TEE_ERROR_SHORT_BUFFER; 463 goto out; 464 } 465 466 res = TEE_GetObjectInfo1(op->key1, &kinfo); 467 /* Key1 is not a valid handle, "can't happen". */ 468 if (res) 469 goto out; 470 471 op_info->keyInformation[0].keySize = kinfo.objectSize; 472 op_info->keyInformation[0].requiredKeyUsage = 473 op->info.requiredKeyUsage; 474 op_info->numberOfKeys = 1; 475 } else { 476 if (max_key_count < 2) { 477 res = TEE_ERROR_SHORT_BUFFER; 478 goto out; 479 } 480 481 res = TEE_GetObjectInfo1(op->key1, &kinfo); 482 /* Key1 is not a valid handle, "can't happen". */ 483 if (res) 484 goto out; 485 486 op_info->keyInformation[0].keySize = kinfo.objectSize; 487 op_info->keyInformation[0].requiredKeyUsage = 488 op->info.requiredKeyUsage; 489 490 res = TEE_GetObjectInfo1(op->key2, &kinfo); 491 /* Key2 is not a valid handle, "can't happen". */ 492 if (res) 493 goto out; 494 495 op_info->keyInformation[1].keySize = kinfo.objectSize; 496 op_info->keyInformation[1].requiredKeyUsage = 497 op->info.requiredKeyUsage; 498 499 op_info->numberOfKeys = 2; 500 } 501 502 op_info->algorithm = op->info.algorithm; 503 op_info->operationClass = op->info.operationClass; 504 op_info->mode = op->info.mode; 505 op_info->digestLength = op->info.digestLength; 506 op_info->maxKeySize = op->info.maxKeySize; 507 op_info->handleState = op->info.handleState; 508 op_info->operationState = op->operationState; 509 510 out: 511 if (res != TEE_SUCCESS && 512 res != TEE_ERROR_SHORT_BUFFER) 513 TEE_Panic(res); 514 515 return res; 516 } 517 518 TEE_Result 519 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 520 TEE_OperationInfoMultiple *info, 521 uint32_t *operationSize) 522 { 523 TEE_Result res = TEE_SUCCESS; 524 size_t s = 0; 525 526 __utee_check_gp11_outbuf_annotation(info, operationSize); 527 s = *operationSize; 528 res = TEE_GetOperationInfoMultiple(operation, info, &s); 529 *operationSize = s; 530 return res; 531 } 532 533 void TEE_ResetOperation(TEE_OperationHandle operation) 534 { 535 TEE_Result res; 536 537 if (operation == TEE_HANDLE_NULL) 538 TEE_Panic(0); 539 540 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 541 TEE_Panic(0); 542 543 operation->operationState = TEE_OPERATION_STATE_INITIAL; 544 545 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 546 res = _utee_hash_init(operation->state, NULL, 0); 547 if (res != TEE_SUCCESS) 548 TEE_Panic(res); 549 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 550 } else { 551 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 552 } 553 } 554 555 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 556 TEE_ObjectHandle key) 557 { 558 TEE_Result res; 559 uint32_t key_size = 0; 560 TEE_ObjectInfo key_info; 561 562 if (operation == TEE_HANDLE_NULL) { 563 res = TEE_ERROR_BAD_PARAMETERS; 564 goto out; 565 } 566 567 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 568 res = TEE_ERROR_BAD_PARAMETERS; 569 goto out; 570 } 571 572 if (key == TEE_HANDLE_NULL) { 573 /* Operation key cleared */ 574 TEE_ResetTransientObject(operation->key1); 575 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 576 return TEE_SUCCESS; 577 } 578 579 /* No key for digest operation */ 580 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 581 res = TEE_ERROR_BAD_PARAMETERS; 582 goto out; 583 } 584 585 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 586 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 587 0) { 588 res = TEE_ERROR_BAD_PARAMETERS; 589 goto out; 590 } 591 592 res = TEE_GetObjectInfo1(key, &key_info); 593 /* Key is not a valid handle */ 594 if (res != TEE_SUCCESS) 595 goto out; 596 597 /* Supplied key has to meet required usage */ 598 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 599 operation->info.requiredKeyUsage) { 600 res = TEE_ERROR_BAD_PARAMETERS; 601 goto out; 602 } 603 604 if (operation->info.maxKeySize < key_info.objectSize) { 605 res = TEE_ERROR_BAD_PARAMETERS; 606 goto out; 607 } 608 609 key_size = key_info.objectSize; 610 611 TEE_ResetTransientObject(operation->key1); 612 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 613 614 res = TEE_CopyObjectAttributes1(operation->key1, key); 615 if (res != TEE_SUCCESS) 616 goto out; 617 618 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 619 620 operation->info.keySize = key_size; 621 622 out: 623 if (res != TEE_SUCCESS && 624 res != TEE_ERROR_CORRUPT_OBJECT && 625 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 626 TEE_Panic(res); 627 628 return res; 629 } 630 631 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 632 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 633 { 634 TEE_Result res; 635 uint32_t key_size = 0; 636 TEE_ObjectInfo key_info1; 637 TEE_ObjectInfo key_info2; 638 639 if (operation == TEE_HANDLE_NULL) { 640 res = TEE_ERROR_BAD_PARAMETERS; 641 goto out; 642 } 643 644 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 645 res = TEE_ERROR_BAD_PARAMETERS; 646 goto out; 647 } 648 649 /* 650 * Key1/Key2 and/or are not initialized and 651 * Either both keys are NULL or both are not NULL 652 */ 653 if (!key1 && !key2) { 654 /* Clear the keys */ 655 TEE_ResetTransientObject(operation->key1); 656 TEE_ResetTransientObject(operation->key2); 657 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 658 return TEE_SUCCESS; 659 } else if (!key1 || !key2) { 660 /* Both keys are obviously not valid. */ 661 res = TEE_ERROR_BAD_PARAMETERS; 662 goto out; 663 } 664 665 /* No key for digest operation */ 666 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 667 res = TEE_ERROR_BAD_PARAMETERS; 668 goto out; 669 } 670 671 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 672 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 673 0) { 674 res = TEE_ERROR_BAD_PARAMETERS; 675 goto out; 676 } 677 678 res = TEE_GetObjectInfo1(key1, &key_info1); 679 /* Key1 is not a valid handle */ 680 if (res != TEE_SUCCESS) 681 goto out; 682 683 /* Supplied key has to meet required usage */ 684 if ((key_info1.objectUsage & operation->info. 685 requiredKeyUsage) != operation->info.requiredKeyUsage) { 686 res = TEE_ERROR_BAD_PARAMETERS; 687 goto out; 688 } 689 690 res = TEE_GetObjectInfo1(key2, &key_info2); 691 /* Key2 is not a valid handle */ 692 if (res != TEE_SUCCESS) { 693 if (res == TEE_ERROR_CORRUPT_OBJECT) 694 res = TEE_ERROR_CORRUPT_OBJECT_2; 695 goto out; 696 } 697 698 /* Supplied key has to meet required usage */ 699 if ((key_info2.objectUsage & operation->info. 700 requiredKeyUsage) != operation->info.requiredKeyUsage) { 701 res = TEE_ERROR_BAD_PARAMETERS; 702 goto out; 703 } 704 705 /* 706 * All the multi key algorithm currently supported requires the keys to 707 * be of equal size. 708 */ 709 if (key_info1.objectSize != key_info2.objectSize) { 710 res = TEE_ERROR_BAD_PARAMETERS; 711 goto out; 712 713 } 714 715 if (operation->info.maxKeySize < key_info1.objectSize) { 716 res = TEE_ERROR_BAD_PARAMETERS; 717 goto out; 718 } 719 720 /* 721 * Odd that only the size of one key should be reported while 722 * size of two key are used when allocating the operation. 723 */ 724 key_size = key_info1.objectSize; 725 726 TEE_ResetTransientObject(operation->key1); 727 TEE_ResetTransientObject(operation->key2); 728 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 729 730 res = TEE_CopyObjectAttributes1(operation->key1, key1); 731 if (res != TEE_SUCCESS) 732 goto out; 733 res = TEE_CopyObjectAttributes1(operation->key2, key2); 734 if (res != TEE_SUCCESS) { 735 if (res == TEE_ERROR_CORRUPT_OBJECT) 736 res = TEE_ERROR_CORRUPT_OBJECT_2; 737 goto out; 738 } 739 740 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 741 742 operation->info.keySize = key_size; 743 744 out: 745 if (res != TEE_SUCCESS && 746 res != TEE_ERROR_CORRUPT_OBJECT && 747 res != TEE_ERROR_CORRUPT_OBJECT_2 && 748 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 749 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 750 TEE_Panic(res); 751 752 return res; 753 } 754 755 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 756 { 757 TEE_Result res; 758 759 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 760 TEE_Panic(0); 761 if (dst_op->info.algorithm != src_op->info.algorithm) 762 TEE_Panic(0); 763 if (dst_op->info.mode != src_op->info.mode) 764 TEE_Panic(0); 765 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 766 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 767 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 768 769 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 770 key1 = src_op->key1; 771 key2 = src_op->key2; 772 } 773 774 if ((src_op->info.handleState & 775 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 776 TEE_SetOperationKey(dst_op, key1); 777 } else { 778 TEE_SetOperationKey2(dst_op, key1, key2); 779 } 780 } 781 dst_op->info.handleState = src_op->info.handleState; 782 dst_op->info.keySize = src_op->info.keySize; 783 dst_op->info.digestLength = src_op->info.digestLength; 784 dst_op->operationState = src_op->operationState; 785 786 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 787 dst_op->block_size != src_op->block_size) 788 TEE_Panic(0); 789 790 if (dst_op->buffer != NULL) { 791 if (src_op->buffer == NULL) 792 TEE_Panic(0); 793 794 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 795 dst_op->buffer_offs = src_op->buffer_offs; 796 } else if (src_op->buffer != NULL) { 797 TEE_Panic(0); 798 } 799 800 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 801 if (res != TEE_SUCCESS) 802 TEE_Panic(res); 803 } 804 805 /* Cryptographic Operations API - Message Digest Functions */ 806 807 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 808 uint32_t IVLen) 809 { 810 TEE_Result res; 811 812 /* 813 * Note : IV and IVLen are never used in current implementation 814 * This is why coherent values of IV and IVLen are not checked 815 */ 816 res = _utee_hash_init(operation->state, IV, IVLen); 817 if (res != TEE_SUCCESS) 818 TEE_Panic(res); 819 operation->buffer_offs = 0; 820 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 821 } 822 823 void TEE_DigestUpdate(TEE_OperationHandle operation, 824 const void *chunk, uint32_t chunkSize) 825 { 826 TEE_Result res = TEE_ERROR_GENERIC; 827 828 if (operation == TEE_HANDLE_NULL || 829 operation->info.operationClass != TEE_OPERATION_DIGEST) 830 TEE_Panic(0); 831 832 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 833 834 res = _utee_hash_update(operation->state, chunk, chunkSize); 835 if (res != TEE_SUCCESS) 836 TEE_Panic(res); 837 } 838 839 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 840 uint32_t chunkLen, void *hash, uint32_t *hashLen) 841 { 842 TEE_Result res; 843 uint64_t hl; 844 845 if ((operation == TEE_HANDLE_NULL) || 846 (!chunk && chunkLen) || 847 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 848 res = TEE_ERROR_BAD_PARAMETERS; 849 goto out; 850 } 851 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 852 853 hl = *hashLen; 854 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 855 *hashLen = hl; 856 if (res != TEE_SUCCESS) 857 goto out; 858 859 /* Reset operation state */ 860 init_hash_operation(operation, NULL, 0); 861 862 operation->operationState = TEE_OPERATION_STATE_INITIAL; 863 864 out: 865 if (res != TEE_SUCCESS && 866 res != TEE_ERROR_SHORT_BUFFER) 867 TEE_Panic(res); 868 869 return res; 870 } 871 872 /* Cryptographic Operations API - Symmetric Cipher Functions */ 873 874 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 875 uint32_t IVLen) 876 { 877 TEE_Result res; 878 879 if (operation == TEE_HANDLE_NULL) 880 TEE_Panic(0); 881 882 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 883 TEE_Panic(0); 884 885 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 886 !(operation->key1)) 887 TEE_Panic(0); 888 889 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 890 TEE_ResetOperation(operation); 891 892 if (IV && IVLen) { 893 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 894 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 895 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 896 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 897 TEE_Panic(0); 898 } 899 900 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 901 902 res = _utee_cipher_init(operation->state, IV, IVLen); 903 if (res != TEE_SUCCESS) 904 TEE_Panic(res); 905 906 operation->buffer_offs = 0; 907 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 908 } 909 910 static TEE_Result tee_buffer_update( 911 TEE_OperationHandle op, 912 TEE_Result(*update_func)(unsigned long state, const void *src, 913 size_t slen, void *dst, uint64_t *dlen), 914 const void *src_data, size_t src_len, 915 void *dest_data, uint64_t *dest_len) 916 { 917 TEE_Result res; 918 const uint8_t *src = src_data; 919 size_t slen = src_len; 920 uint8_t *dst = dest_data; 921 size_t dlen = *dest_len; 922 size_t acc_dlen = 0; 923 uint64_t tmp_dlen; 924 size_t l; 925 size_t buffer_size; 926 size_t buffer_left; 927 928 if (!src) { 929 if (slen) 930 TEE_Panic(0); 931 goto out; 932 } 933 934 if (op->buffer_two_blocks) { 935 buffer_size = op->block_size * 2; 936 buffer_left = 1; 937 } else { 938 buffer_size = op->block_size; 939 buffer_left = 0; 940 } 941 942 if (op->buffer_offs > 0) { 943 /* Fill up complete block */ 944 if (op->buffer_offs < op->block_size) 945 l = MIN(slen, op->block_size - op->buffer_offs); 946 else 947 l = MIN(slen, buffer_size - op->buffer_offs); 948 memcpy(op->buffer + op->buffer_offs, src, l); 949 op->buffer_offs += l; 950 src += l; 951 slen -= l; 952 if ((op->buffer_offs % op->block_size) != 0) 953 goto out; /* Nothing left to do */ 954 } 955 956 /* If we can feed from buffer */ 957 if ((op->buffer_offs > 0) && 958 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 959 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 960 op->block_size); 961 l = MIN(op->buffer_offs, l); 962 tmp_dlen = dlen; 963 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 964 if (res != TEE_SUCCESS) 965 TEE_Panic(res); 966 dst += tmp_dlen; 967 dlen -= tmp_dlen; 968 acc_dlen += tmp_dlen; 969 op->buffer_offs -= l; 970 if (op->buffer_offs > 0) { 971 /* 972 * Slen is small enough to be contained in rest buffer. 973 */ 974 memcpy(op->buffer, op->buffer + l, buffer_size - l); 975 memcpy(op->buffer + op->buffer_offs, src, slen); 976 op->buffer_offs += slen; 977 goto out; /* Nothing left to do */ 978 } 979 } 980 981 if (slen >= (buffer_size + buffer_left)) { 982 /* Buffer is empty, feed as much as possible from src */ 983 if (op->info.algorithm == TEE_ALG_AES_CTS) 984 l = ROUNDUP(slen - buffer_size, op->block_size); 985 else 986 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 987 988 tmp_dlen = dlen; 989 res = update_func(op->state, src, l, dst, &tmp_dlen); 990 if (res != TEE_SUCCESS) 991 TEE_Panic(res); 992 src += l; 993 slen -= l; 994 dst += tmp_dlen; 995 dlen -= tmp_dlen; 996 acc_dlen += tmp_dlen; 997 } 998 999 /* Slen is small enough to be contained in buffer. */ 1000 memcpy(op->buffer + op->buffer_offs, src, slen); 1001 op->buffer_offs += slen; 1002 1003 out: 1004 *dest_len = acc_dlen; 1005 return TEE_SUCCESS; 1006 } 1007 1008 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 1009 uint32_t srcLen, void *destData, uint32_t *destLen) 1010 { 1011 TEE_Result res; 1012 size_t req_dlen; 1013 uint64_t dl; 1014 1015 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1016 res = TEE_ERROR_BAD_PARAMETERS; 1017 goto out; 1018 } 1019 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1020 1021 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1022 res = TEE_ERROR_BAD_PARAMETERS; 1023 goto out; 1024 } 1025 1026 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1027 res = TEE_ERROR_BAD_PARAMETERS; 1028 goto out; 1029 } 1030 1031 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1032 res = TEE_ERROR_BAD_PARAMETERS; 1033 goto out; 1034 } 1035 1036 if (!srcData && !srcLen) { 1037 *destLen = 0; 1038 res = TEE_SUCCESS; 1039 goto out; 1040 } 1041 1042 /* Calculate required dlen */ 1043 if (operation->block_size > 1) { 1044 req_dlen = ((operation->buffer_offs + srcLen) / 1045 operation->block_size) * operation->block_size; 1046 } else { 1047 req_dlen = srcLen; 1048 } 1049 if (operation->buffer_two_blocks) { 1050 if (req_dlen > operation->block_size * 2) 1051 req_dlen -= operation->block_size * 2; 1052 else 1053 req_dlen = 0; 1054 } 1055 /* 1056 * Check that required destLen is big enough before starting to feed 1057 * data to the algorithm. Errors during feeding of data are fatal as we 1058 * can't restore sync with this API. 1059 */ 1060 if (*destLen < req_dlen) { 1061 *destLen = req_dlen; 1062 res = TEE_ERROR_SHORT_BUFFER; 1063 goto out; 1064 } 1065 1066 dl = *destLen; 1067 if (operation->block_size > 1) { 1068 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1069 srcLen, destData, &dl); 1070 } else { 1071 if (srcLen > 0) { 1072 res = _utee_cipher_update(operation->state, srcData, 1073 srcLen, destData, &dl); 1074 } else { 1075 res = TEE_SUCCESS; 1076 dl = 0; 1077 } 1078 } 1079 *destLen = dl; 1080 1081 out: 1082 if (res != TEE_SUCCESS && 1083 res != TEE_ERROR_SHORT_BUFFER) 1084 TEE_Panic(res); 1085 1086 return res; 1087 } 1088 1089 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1090 const void *srcData, uint32_t srcLen, 1091 void *destData, uint32_t *destLen) 1092 { 1093 TEE_Result res = TEE_SUCCESS; 1094 uint8_t *dst = destData; 1095 size_t acc_dlen = 0; 1096 uint64_t tmp_dlen = 0; 1097 size_t req_dlen = 0; 1098 1099 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1100 res = TEE_ERROR_BAD_PARAMETERS; 1101 goto out; 1102 } 1103 if (destLen) 1104 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1105 1106 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1107 res = TEE_ERROR_BAD_PARAMETERS; 1108 goto out; 1109 } 1110 1111 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1112 res = TEE_ERROR_BAD_PARAMETERS; 1113 goto out; 1114 } 1115 1116 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1117 res = TEE_ERROR_BAD_PARAMETERS; 1118 goto out; 1119 } 1120 1121 /* 1122 * Check that the final block doesn't require padding for those 1123 * algorithms that requires client to supply padding. 1124 */ 1125 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1126 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1127 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1128 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1129 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1130 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1131 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1132 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1133 if (((operation->buffer_offs + srcLen) % operation->block_size) 1134 != 0) { 1135 res = TEE_ERROR_BAD_PARAMETERS; 1136 goto out; 1137 } 1138 } 1139 1140 /* 1141 * Check that required destLen is big enough before starting to feed 1142 * data to the algorithm. Errors during feeding of data are fatal as we 1143 * can't restore sync with this API. 1144 */ 1145 if (operation->block_size > 1) { 1146 req_dlen = operation->buffer_offs + srcLen; 1147 } else { 1148 req_dlen = srcLen; 1149 } 1150 if (destLen) 1151 tmp_dlen = *destLen; 1152 if (tmp_dlen < req_dlen) { 1153 if (destLen) 1154 *destLen = req_dlen; 1155 res = TEE_ERROR_SHORT_BUFFER; 1156 goto out; 1157 } 1158 1159 if (operation->block_size > 1) { 1160 if (srcLen) { 1161 res = tee_buffer_update(operation, _utee_cipher_update, 1162 srcData, srcLen, dst, 1163 &tmp_dlen); 1164 if (res != TEE_SUCCESS) 1165 goto out; 1166 1167 dst += tmp_dlen; 1168 acc_dlen += tmp_dlen; 1169 1170 tmp_dlen = *destLen - acc_dlen; 1171 } 1172 res = _utee_cipher_final(operation->state, operation->buffer, 1173 operation->buffer_offs, dst, 1174 &tmp_dlen); 1175 } else { 1176 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1177 &tmp_dlen); 1178 } 1179 if (res != TEE_SUCCESS) 1180 goto out; 1181 1182 acc_dlen += tmp_dlen; 1183 if (destLen) 1184 *destLen = acc_dlen; 1185 1186 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1187 1188 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1189 1190 out: 1191 if (res != TEE_SUCCESS && 1192 res != TEE_ERROR_SHORT_BUFFER) 1193 TEE_Panic(res); 1194 1195 return res; 1196 } 1197 1198 /* Cryptographic Operations API - MAC Functions */ 1199 1200 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1201 { 1202 if (operation == TEE_HANDLE_NULL) 1203 TEE_Panic(0); 1204 1205 if (operation->info.operationClass != TEE_OPERATION_MAC) 1206 TEE_Panic(0); 1207 1208 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1209 !(operation->key1)) 1210 TEE_Panic(0); 1211 1212 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1213 TEE_ResetOperation(operation); 1214 1215 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1216 1217 init_hash_operation(operation, IV, IVLen); 1218 } 1219 1220 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1221 uint32_t chunkSize) 1222 { 1223 TEE_Result res; 1224 1225 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1226 TEE_Panic(0); 1227 1228 if (operation->info.operationClass != TEE_OPERATION_MAC) 1229 TEE_Panic(0); 1230 1231 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1232 TEE_Panic(0); 1233 1234 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1235 TEE_Panic(0); 1236 1237 res = _utee_hash_update(operation->state, chunk, chunkSize); 1238 if (res != TEE_SUCCESS) 1239 TEE_Panic(res); 1240 } 1241 1242 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1243 const void *message, uint32_t messageLen, 1244 void *mac, uint32_t *macLen) 1245 { 1246 TEE_Result res; 1247 uint64_t ml; 1248 1249 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1250 res = TEE_ERROR_BAD_PARAMETERS; 1251 goto out; 1252 } 1253 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1254 1255 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1256 res = TEE_ERROR_BAD_PARAMETERS; 1257 goto out; 1258 } 1259 1260 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1261 res = TEE_ERROR_BAD_PARAMETERS; 1262 goto out; 1263 } 1264 1265 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1266 res = TEE_ERROR_BAD_PARAMETERS; 1267 goto out; 1268 } 1269 1270 ml = *macLen; 1271 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1272 *macLen = ml; 1273 if (res != TEE_SUCCESS) 1274 goto out; 1275 1276 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1277 1278 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1279 1280 out: 1281 if (res != TEE_SUCCESS && 1282 res != TEE_ERROR_SHORT_BUFFER) 1283 TEE_Panic(res); 1284 1285 return res; 1286 } 1287 1288 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1289 const void *message, uint32_t messageLen, 1290 const void *mac, uint32_t macLen) 1291 { 1292 TEE_Result res; 1293 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1294 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1295 1296 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1297 res = TEE_ERROR_BAD_PARAMETERS; 1298 goto out; 1299 } 1300 1301 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1302 res = TEE_ERROR_BAD_PARAMETERS; 1303 goto out; 1304 } 1305 1306 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1307 res = TEE_ERROR_BAD_PARAMETERS; 1308 goto out; 1309 } 1310 1311 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1312 &computed_mac_size); 1313 if (res != TEE_SUCCESS) 1314 goto out; 1315 1316 if (computed_mac_size != macLen) { 1317 res = TEE_ERROR_MAC_INVALID; 1318 goto out; 1319 } 1320 1321 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1322 res = TEE_ERROR_MAC_INVALID; 1323 goto out; 1324 } 1325 1326 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1327 1328 out: 1329 if (res != TEE_SUCCESS && 1330 res != TEE_ERROR_MAC_INVALID) 1331 TEE_Panic(res); 1332 1333 return res; 1334 } 1335 1336 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1337 1338 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1339 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1340 uint32_t payloadLen) 1341 { 1342 TEE_Result res; 1343 1344 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1345 res = TEE_ERROR_BAD_PARAMETERS; 1346 goto out; 1347 } 1348 1349 if (operation->info.operationClass != TEE_OPERATION_AE) { 1350 res = TEE_ERROR_BAD_PARAMETERS; 1351 goto out; 1352 } 1353 1354 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1355 res = TEE_ERROR_BAD_PARAMETERS; 1356 goto out; 1357 } 1358 1359 /* 1360 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1361 * in the implementation. But AES-GCM spec doesn't specify the tag len 1362 * according to the same principle so we have to check here instead to 1363 * be GP compliant. 1364 */ 1365 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1366 /* 1367 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1368 */ 1369 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1370 res = TEE_ERROR_NOT_SUPPORTED; 1371 goto out; 1372 } 1373 } 1374 1375 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1376 AADLen, payloadLen); 1377 if (res != TEE_SUCCESS) 1378 goto out; 1379 1380 operation->info.digestLength = tagLen / 8; 1381 operation->buffer_offs = 0; 1382 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1383 1384 out: 1385 if (res != TEE_SUCCESS && 1386 res != TEE_ERROR_NOT_SUPPORTED) 1387 TEE_Panic(res); 1388 1389 return res; 1390 } 1391 1392 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1393 uint32_t AADdataLen) 1394 { 1395 TEE_Result res; 1396 1397 if (operation == TEE_HANDLE_NULL || 1398 (AADdata == NULL && AADdataLen != 0)) 1399 TEE_Panic(0); 1400 1401 if (operation->info.operationClass != TEE_OPERATION_AE) 1402 TEE_Panic(0); 1403 1404 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1405 TEE_Panic(0); 1406 1407 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1408 1409 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1410 1411 if (res != TEE_SUCCESS) 1412 TEE_Panic(res); 1413 } 1414 1415 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1416 uint32_t srcLen, void *destData, uint32_t *destLen) 1417 { 1418 TEE_Result res = TEE_SUCCESS; 1419 size_t req_dlen = 0; 1420 uint64_t dl = 0; 1421 1422 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1423 res = TEE_ERROR_BAD_PARAMETERS; 1424 goto out; 1425 } 1426 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1427 1428 if (operation->info.operationClass != TEE_OPERATION_AE) { 1429 res = TEE_ERROR_BAD_PARAMETERS; 1430 goto out; 1431 } 1432 1433 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1434 res = TEE_ERROR_BAD_PARAMETERS; 1435 goto out; 1436 } 1437 1438 if (!srcData && !srcLen) { 1439 *destLen = 0; 1440 res = TEE_SUCCESS; 1441 goto out; 1442 } 1443 1444 /* 1445 * Check that required destLen is big enough before starting to feed 1446 * data to the algorithm. Errors during feeding of data are fatal as we 1447 * can't restore sync with this API. 1448 */ 1449 if (operation->block_size > 1) { 1450 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1451 operation->block_size); 1452 } else { 1453 req_dlen = srcLen; 1454 } 1455 1456 dl = *destLen; 1457 if (dl < req_dlen) { 1458 *destLen = req_dlen; 1459 res = TEE_ERROR_SHORT_BUFFER; 1460 goto out; 1461 } 1462 1463 if (operation->block_size > 1) { 1464 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1465 srcData, srcLen, destData, &dl); 1466 } else { 1467 if (srcLen > 0) { 1468 res = _utee_authenc_update_payload(operation->state, 1469 srcData, srcLen, 1470 destData, &dl); 1471 } else { 1472 dl = 0; 1473 res = TEE_SUCCESS; 1474 } 1475 } 1476 if (res != TEE_SUCCESS) 1477 goto out; 1478 1479 *destLen = dl; 1480 1481 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1482 1483 out: 1484 if (res != TEE_SUCCESS && 1485 res != TEE_ERROR_SHORT_BUFFER) 1486 TEE_Panic(res); 1487 1488 return res; 1489 } 1490 1491 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1492 const void *srcData, uint32_t srcLen, 1493 void *destData, uint32_t *destLen, void *tag, 1494 uint32_t *tagLen) 1495 { 1496 TEE_Result res; 1497 uint8_t *dst = destData; 1498 size_t acc_dlen = 0; 1499 uint64_t tmp_dlen; 1500 size_t req_dlen; 1501 uint64_t tl; 1502 1503 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1504 res = TEE_ERROR_BAD_PARAMETERS; 1505 goto out; 1506 } 1507 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1508 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1509 1510 if (operation->info.operationClass != TEE_OPERATION_AE) { 1511 res = TEE_ERROR_BAD_PARAMETERS; 1512 goto out; 1513 } 1514 1515 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1516 res = TEE_ERROR_BAD_PARAMETERS; 1517 goto out; 1518 } 1519 1520 /* 1521 * Check that required destLen is big enough before starting to feed 1522 * data to the algorithm. Errors during feeding of data are fatal as we 1523 * can't restore sync with this API. 1524 * 1525 * Need to check this before update_payload since sync would be lost if 1526 * we return short buffer after that. 1527 */ 1528 res = TEE_ERROR_GENERIC; 1529 1530 req_dlen = operation->buffer_offs + srcLen; 1531 if (*destLen < req_dlen) { 1532 *destLen = req_dlen; 1533 res = TEE_ERROR_SHORT_BUFFER; 1534 } 1535 1536 if (*tagLen < operation->info.digestLength) { 1537 *tagLen = operation->info.digestLength; 1538 res = TEE_ERROR_SHORT_BUFFER; 1539 } 1540 1541 if (res == TEE_ERROR_SHORT_BUFFER) 1542 goto out; 1543 1544 tl = *tagLen; 1545 tmp_dlen = *destLen - acc_dlen; 1546 if (operation->block_size > 1) { 1547 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1548 srcData, srcLen, dst, &tmp_dlen); 1549 if (res != TEE_SUCCESS) 1550 goto out; 1551 1552 dst += tmp_dlen; 1553 acc_dlen += tmp_dlen; 1554 1555 tmp_dlen = *destLen - acc_dlen; 1556 res = _utee_authenc_enc_final(operation->state, 1557 operation->buffer, 1558 operation->buffer_offs, dst, 1559 &tmp_dlen, tag, &tl); 1560 } else { 1561 res = _utee_authenc_enc_final(operation->state, srcData, 1562 srcLen, dst, &tmp_dlen, 1563 tag, &tl); 1564 } 1565 *tagLen = tl; 1566 if (res != TEE_SUCCESS) 1567 goto out; 1568 1569 acc_dlen += tmp_dlen; 1570 *destLen = acc_dlen; 1571 1572 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1573 1574 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1575 1576 out: 1577 if (res != TEE_SUCCESS && 1578 res != TEE_ERROR_SHORT_BUFFER) 1579 TEE_Panic(res); 1580 1581 return res; 1582 } 1583 1584 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1585 const void *srcData, uint32_t srcLen, 1586 void *destData, uint32_t *destLen, void *tag, 1587 uint32_t tagLen) 1588 { 1589 TEE_Result res; 1590 uint8_t *dst = destData; 1591 size_t acc_dlen = 0; 1592 uint64_t tmp_dlen; 1593 size_t req_dlen; 1594 1595 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1596 res = TEE_ERROR_BAD_PARAMETERS; 1597 goto out; 1598 } 1599 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1600 1601 if (operation->info.operationClass != TEE_OPERATION_AE) { 1602 res = TEE_ERROR_BAD_PARAMETERS; 1603 goto out; 1604 } 1605 1606 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1607 res = TEE_ERROR_BAD_PARAMETERS; 1608 goto out; 1609 } 1610 1611 /* 1612 * Check that required destLen is big enough before starting to feed 1613 * data to the algorithm. Errors during feeding of data are fatal as we 1614 * can't restore sync with this API. 1615 */ 1616 req_dlen = operation->buffer_offs + srcLen; 1617 if (*destLen < req_dlen) { 1618 *destLen = req_dlen; 1619 res = TEE_ERROR_SHORT_BUFFER; 1620 goto out; 1621 } 1622 1623 tmp_dlen = *destLen - acc_dlen; 1624 if (operation->block_size > 1) { 1625 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1626 srcData, srcLen, dst, &tmp_dlen); 1627 if (res != TEE_SUCCESS) 1628 goto out; 1629 1630 dst += tmp_dlen; 1631 acc_dlen += tmp_dlen; 1632 1633 tmp_dlen = *destLen - acc_dlen; 1634 res = _utee_authenc_dec_final(operation->state, 1635 operation->buffer, 1636 operation->buffer_offs, dst, 1637 &tmp_dlen, tag, tagLen); 1638 } else { 1639 res = _utee_authenc_dec_final(operation->state, srcData, 1640 srcLen, dst, &tmp_dlen, 1641 tag, tagLen); 1642 } 1643 if (res != TEE_SUCCESS) 1644 goto out; 1645 1646 /* Supplied tagLen should match what we initiated with */ 1647 if (tagLen != operation->info.digestLength) 1648 res = TEE_ERROR_MAC_INVALID; 1649 1650 acc_dlen += tmp_dlen; 1651 *destLen = acc_dlen; 1652 1653 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1654 1655 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1656 1657 out: 1658 if (res != TEE_SUCCESS && 1659 res != TEE_ERROR_SHORT_BUFFER && 1660 res != TEE_ERROR_MAC_INVALID) 1661 TEE_Panic(res); 1662 1663 return res; 1664 } 1665 1666 /* Cryptographic Operations API - Asymmetric Functions */ 1667 1668 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1669 const TEE_Attribute *params, 1670 uint32_t paramCount, const void *srcData, 1671 uint32_t srcLen, void *destData, 1672 uint32_t *destLen) 1673 { 1674 TEE_Result res = TEE_SUCCESS; 1675 struct utee_attribute ua[paramCount]; 1676 uint64_t dl = 0; 1677 1678 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1679 TEE_Panic(0); 1680 1681 __utee_check_attr_in_annotation(params, paramCount); 1682 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1683 1684 if (!operation->key1) 1685 TEE_Panic(0); 1686 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1687 TEE_Panic(0); 1688 if (operation->info.mode != TEE_MODE_ENCRYPT) 1689 TEE_Panic(0); 1690 1691 __utee_from_attr(ua, params, paramCount); 1692 dl = *destLen; 1693 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1694 srcLen, destData, &dl); 1695 *destLen = dl; 1696 1697 if (res != TEE_SUCCESS && 1698 res != TEE_ERROR_SHORT_BUFFER && 1699 res != TEE_ERROR_BAD_PARAMETERS) 1700 TEE_Panic(res); 1701 1702 return res; 1703 } 1704 1705 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1706 const __GP11_TEE_Attribute *params, 1707 uint32_t paramCount, 1708 const void *srcData, uint32_t srcLen, 1709 void *destData, uint32_t *destLen) 1710 { 1711 TEE_Result res = TEE_SUCCESS; 1712 struct utee_attribute ua[paramCount]; 1713 uint64_t dl = 0; 1714 1715 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1716 TEE_Panic(0); 1717 1718 __utee_check_gp11_attr_in_annotation(params, paramCount); 1719 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1720 1721 if (!operation->key1) 1722 TEE_Panic(0); 1723 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1724 TEE_Panic(0); 1725 if (operation->info.mode != TEE_MODE_ENCRYPT) 1726 TEE_Panic(0); 1727 1728 __utee_from_gp11_attr(ua, params, paramCount); 1729 dl = *destLen; 1730 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1731 srcLen, destData, &dl); 1732 *destLen = dl; 1733 1734 if (res != TEE_SUCCESS && 1735 res != TEE_ERROR_SHORT_BUFFER && 1736 res != TEE_ERROR_BAD_PARAMETERS) 1737 TEE_Panic(res); 1738 1739 return res; 1740 } 1741 1742 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1743 const TEE_Attribute *params, 1744 uint32_t paramCount, const void *srcData, 1745 uint32_t srcLen, void *destData, 1746 uint32_t *destLen) 1747 { 1748 TEE_Result res = TEE_SUCCESS; 1749 struct utee_attribute ua[paramCount]; 1750 uint64_t dl = 0; 1751 1752 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1753 TEE_Panic(0); 1754 1755 __utee_check_attr_in_annotation(params, paramCount); 1756 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1757 1758 if (!operation->key1) 1759 TEE_Panic(0); 1760 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1761 TEE_Panic(0); 1762 if (operation->info.mode != TEE_MODE_DECRYPT) 1763 TEE_Panic(0); 1764 1765 __utee_from_attr(ua, params, paramCount); 1766 dl = *destLen; 1767 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1768 srcLen, destData, &dl); 1769 *destLen = dl; 1770 1771 if (res != TEE_SUCCESS && 1772 res != TEE_ERROR_SHORT_BUFFER && 1773 res != TEE_ERROR_BAD_PARAMETERS) 1774 TEE_Panic(res); 1775 1776 return res; 1777 } 1778 1779 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1780 const __GP11_TEE_Attribute *params, 1781 uint32_t paramCount, 1782 const void *srcData, uint32_t srcLen, 1783 void *destData, uint32_t *destLen) 1784 { 1785 TEE_Result res = TEE_SUCCESS; 1786 struct utee_attribute ua[paramCount]; 1787 uint64_t dl = 0; 1788 1789 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1790 TEE_Panic(0); 1791 1792 __utee_check_gp11_attr_in_annotation(params, paramCount); 1793 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1794 1795 if (!operation->key1) 1796 TEE_Panic(0); 1797 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1798 TEE_Panic(0); 1799 if (operation->info.mode != TEE_MODE_DECRYPT) 1800 TEE_Panic(0); 1801 1802 __utee_from_gp11_attr(ua, params, paramCount); 1803 dl = *destLen; 1804 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1805 srcLen, destData, &dl); 1806 *destLen = dl; 1807 1808 if (res != TEE_SUCCESS && 1809 res != TEE_ERROR_SHORT_BUFFER && 1810 res != TEE_ERROR_BAD_PARAMETERS) 1811 TEE_Panic(res); 1812 1813 return res; 1814 } 1815 1816 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1817 const TEE_Attribute *params, 1818 uint32_t paramCount, const void *digest, 1819 uint32_t digestLen, void *signature, 1820 uint32_t *signatureLen) 1821 { 1822 TEE_Result res = TEE_SUCCESS; 1823 struct utee_attribute ua[paramCount]; 1824 uint64_t sl = 0; 1825 1826 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1827 TEE_Panic(0); 1828 1829 __utee_check_attr_in_annotation(params, paramCount); 1830 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1831 1832 if (!operation->key1) 1833 TEE_Panic(0); 1834 if (operation->info.operationClass != 1835 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1836 TEE_Panic(0); 1837 if (operation->info.mode != TEE_MODE_SIGN) 1838 TEE_Panic(0); 1839 1840 __utee_from_attr(ua, params, paramCount); 1841 sl = *signatureLen; 1842 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1843 digestLen, signature, &sl); 1844 *signatureLen = sl; 1845 1846 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1847 TEE_Panic(res); 1848 1849 return res; 1850 } 1851 1852 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1853 const __GP11_TEE_Attribute *params, 1854 uint32_t paramCount, 1855 const void *digest, 1856 uint32_t digestLen, void *signature, 1857 uint32_t *signatureLen) 1858 { 1859 TEE_Result res = TEE_SUCCESS; 1860 struct utee_attribute ua[paramCount]; 1861 uint64_t sl = 0; 1862 1863 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1864 TEE_Panic(0); 1865 1866 __utee_check_gp11_attr_in_annotation(params, paramCount); 1867 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1868 1869 if (!operation->key1) 1870 TEE_Panic(0); 1871 if (operation->info.operationClass != 1872 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1873 TEE_Panic(0); 1874 if (operation->info.mode != TEE_MODE_SIGN) 1875 TEE_Panic(0); 1876 1877 __utee_from_gp11_attr(ua, params, paramCount); 1878 sl = *signatureLen; 1879 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1880 digestLen, signature, &sl); 1881 *signatureLen = sl; 1882 1883 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1884 TEE_Panic(res); 1885 1886 return res; 1887 } 1888 1889 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1890 const TEE_Attribute *params, 1891 uint32_t paramCount, const void *digest, 1892 uint32_t digestLen, 1893 const void *signature, 1894 uint32_t signatureLen) 1895 { 1896 TEE_Result res; 1897 struct utee_attribute ua[paramCount]; 1898 1899 if (operation == TEE_HANDLE_NULL || 1900 (digest == NULL && digestLen != 0) || 1901 (signature == NULL && signatureLen != 0)) 1902 TEE_Panic(0); 1903 1904 __utee_check_attr_in_annotation(params, paramCount); 1905 1906 if (!operation->key1) 1907 TEE_Panic(0); 1908 if (operation->info.operationClass != 1909 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1910 TEE_Panic(0); 1911 if (operation->info.mode != TEE_MODE_VERIFY) 1912 TEE_Panic(0); 1913 1914 __utee_from_attr(ua, params, paramCount); 1915 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1916 digestLen, signature, signatureLen); 1917 1918 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1919 TEE_Panic(res); 1920 1921 return res; 1922 } 1923 1924 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1925 const __GP11_TEE_Attribute *params, 1926 uint32_t paramCount, 1927 const void *digest, 1928 uint32_t digestLen, 1929 const void *signature, 1930 uint32_t signatureLen) 1931 { 1932 TEE_Result res = TEE_SUCCESS; 1933 struct utee_attribute ua[paramCount]; 1934 1935 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 1936 (!signature && signatureLen)) 1937 TEE_Panic(0); 1938 1939 __utee_check_gp11_attr_in_annotation(params, paramCount); 1940 1941 if (!operation->key1) 1942 TEE_Panic(0); 1943 if (operation->info.operationClass != 1944 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1945 TEE_Panic(0); 1946 if (operation->info.mode != TEE_MODE_VERIFY) 1947 TEE_Panic(0); 1948 1949 __utee_from_gp11_attr(ua, params, paramCount); 1950 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1951 digestLen, signature, signatureLen); 1952 1953 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1954 TEE_Panic(res); 1955 1956 return res; 1957 } 1958 1959 /* Cryptographic Operations API - Key Derivation Functions */ 1960 1961 void TEE_DeriveKey(TEE_OperationHandle operation, 1962 const TEE_Attribute *params, uint32_t paramCount, 1963 TEE_ObjectHandle derivedKey) 1964 { 1965 struct utee_attribute ua[paramCount]; 1966 struct utee_object_info key_info = { }; 1967 TEE_Result res = TEE_SUCCESS; 1968 1969 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1970 TEE_Panic(0); 1971 1972 __utee_check_attr_in_annotation(params, paramCount); 1973 1974 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1975 TEE_OPERATION_KEY_DERIVATION) 1976 TEE_Panic(0); 1977 1978 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1979 TEE_Panic(0); 1980 if (!operation->key1) 1981 TEE_Panic(0); 1982 if (operation->info.mode != TEE_MODE_DERIVE) 1983 TEE_Panic(0); 1984 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1985 TEE_Panic(0); 1986 1987 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1988 if (res != TEE_SUCCESS) 1989 TEE_Panic(res); 1990 1991 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 1992 TEE_Panic(0); 1993 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1994 TEE_Panic(0); 1995 1996 __utee_from_attr(ua, params, paramCount); 1997 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1998 (unsigned long)derivedKey); 1999 if (res != TEE_SUCCESS) 2000 TEE_Panic(res); 2001 } 2002 2003 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 2004 const __GP11_TEE_Attribute *params, 2005 uint32_t paramCount, TEE_ObjectHandle derivedKey) 2006 { 2007 struct utee_attribute ua[paramCount]; 2008 struct utee_object_info key_info = { }; 2009 TEE_Result res = TEE_SUCCESS; 2010 2011 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2012 TEE_Panic(0); 2013 2014 __utee_check_gp11_attr_in_annotation(params, paramCount); 2015 2016 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2017 TEE_OPERATION_KEY_DERIVATION) 2018 TEE_Panic(0); 2019 2020 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2021 TEE_Panic(0); 2022 if (!operation->key1) 2023 TEE_Panic(0); 2024 if (operation->info.mode != TEE_MODE_DERIVE) 2025 TEE_Panic(0); 2026 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2027 TEE_Panic(0); 2028 2029 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2030 if (res != TEE_SUCCESS) 2031 TEE_Panic(res); 2032 2033 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2034 TEE_Panic(0); 2035 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2036 TEE_Panic(0); 2037 2038 __utee_from_gp11_attr(ua, params, paramCount); 2039 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2040 (unsigned long)derivedKey); 2041 if (res != TEE_SUCCESS) 2042 TEE_Panic(res); 2043 } 2044 2045 /* Cryptographic Operations API - Random Number Generation Functions */ 2046 2047 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2048 { 2049 TEE_Result res; 2050 2051 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2052 if (res != TEE_SUCCESS) 2053 TEE_Panic(res); 2054 } 2055 2056 int rand(void) 2057 { 2058 int rc; 2059 2060 TEE_GenerateRandom(&rc, sizeof(rc)); 2061 2062 /* 2063 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2064 * highest bit set. 2065 */ 2066 return rc & RAND_MAX; 2067 } 2068 2069 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2070 { 2071 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2072 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2073 if (alg == TEE_ALG_AES_ECB_NOPAD) 2074 goto check_element_none; 2075 } 2076 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2077 if (alg == TEE_ALG_AES_CBC_NOPAD) 2078 goto check_element_none; 2079 } 2080 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2081 if (alg == TEE_ALG_AES_CTR) 2082 goto check_element_none; 2083 } 2084 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2085 if (alg == TEE_ALG_AES_CTS) 2086 goto check_element_none; 2087 } 2088 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2089 if (alg == TEE_ALG_AES_XTS) 2090 goto check_element_none; 2091 } 2092 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2093 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2094 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2095 goto check_element_none; 2096 } 2097 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2098 if (alg == TEE_ALG_AES_CMAC) 2099 goto check_element_none; 2100 } 2101 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2102 if (alg == TEE_ALG_AES_CCM) 2103 goto check_element_none; 2104 } 2105 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2106 if (alg == TEE_ALG_AES_GCM) 2107 goto check_element_none; 2108 } 2109 } 2110 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2111 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2112 if (alg == TEE_ALG_DES_ECB_NOPAD || 2113 alg == TEE_ALG_DES3_ECB_NOPAD) 2114 goto check_element_none; 2115 } 2116 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2117 if (alg == TEE_ALG_DES_CBC_NOPAD || 2118 alg == TEE_ALG_DES3_CBC_NOPAD) 2119 goto check_element_none; 2120 } 2121 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2122 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2123 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2124 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2125 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2126 goto check_element_none; 2127 } 2128 } 2129 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2130 if (alg == TEE_ALG_MD5) 2131 goto check_element_none; 2132 } 2133 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2134 if (alg == TEE_ALG_SHA1) 2135 goto check_element_none; 2136 } 2137 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2138 if (alg == TEE_ALG_SHA224) 2139 goto check_element_none; 2140 } 2141 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2142 if (alg == TEE_ALG_SHA256) 2143 goto check_element_none; 2144 } 2145 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2146 if (alg == TEE_ALG_SHA384) 2147 goto check_element_none; 2148 } 2149 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2150 if (alg == TEE_ALG_SHA512) 2151 goto check_element_none; 2152 } 2153 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2154 if (alg == TEE_ALG_MD5SHA1) 2155 goto check_element_none; 2156 } 2157 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2158 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2159 if (alg == TEE_ALG_HMAC_MD5) 2160 goto check_element_none; 2161 } 2162 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2163 if (alg == TEE_ALG_HMAC_SHA1) 2164 goto check_element_none; 2165 } 2166 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2167 if (alg == TEE_ALG_HMAC_SHA224) 2168 goto check_element_none; 2169 } 2170 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2171 if (alg == TEE_ALG_HMAC_SHA256) 2172 goto check_element_none; 2173 } 2174 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2175 if (alg == TEE_ALG_HMAC_SHA384) 2176 goto check_element_none; 2177 } 2178 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2179 if (alg == TEE_ALG_HMAC_SHA512) 2180 goto check_element_none; 2181 } 2182 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2183 if (alg == TEE_ALG_HMAC_SM3) 2184 goto check_element_none; 2185 } 2186 } 2187 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2188 if (alg == TEE_ALG_SM3) 2189 goto check_element_none; 2190 } 2191 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2192 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2193 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2194 goto check_element_none; 2195 } 2196 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2197 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2198 goto check_element_none; 2199 } 2200 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2201 if (alg == TEE_ALG_SM4_CTR) 2202 goto check_element_none; 2203 } 2204 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2205 if (alg == TEE_ALG_SM4_XTS) 2206 goto check_element_none; 2207 } 2208 } 2209 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2210 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2211 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 2212 goto check_element_none; 2213 } 2214 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2215 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2216 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2217 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2218 goto check_element_none; 2219 } 2220 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2221 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2222 goto check_element_none; 2223 } 2224 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2225 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2226 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2227 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2228 goto check_element_none; 2229 } 2230 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2231 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2232 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2233 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2234 goto check_element_none; 2235 } 2236 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2237 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2238 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2239 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2240 goto check_element_none; 2241 } 2242 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2243 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2244 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2245 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2246 goto check_element_none; 2247 } 2248 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2249 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2250 goto check_element_none; 2251 } 2252 if (alg == TEE_ALG_RSA_NOPAD) 2253 goto check_element_none; 2254 } 2255 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2256 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2257 if (alg == TEE_ALG_DSA_SHA1) 2258 goto check_element_none; 2259 } 2260 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2261 if (alg == TEE_ALG_DSA_SHA224) 2262 goto check_element_none; 2263 } 2264 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2265 if (alg == TEE_ALG_DSA_SHA256) 2266 goto check_element_none; 2267 } 2268 } 2269 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2270 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2271 goto check_element_none; 2272 } 2273 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2274 if ((alg == __OPTEE_ALG_ECDH_P192 || 2275 alg == __OPTEE_ALG_ECDSA_P192 || 2276 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2277 alg == TEE_ALG_ECDSA_SHA1) && 2278 element == TEE_ECC_CURVE_NIST_P192) 2279 return TEE_SUCCESS; 2280 if ((alg == __OPTEE_ALG_ECDH_P224 || 2281 alg == __OPTEE_ALG_ECDSA_P224 || 2282 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2283 alg == TEE_ALG_ECDSA_SHA224) && 2284 element == TEE_ECC_CURVE_NIST_P224) 2285 return TEE_SUCCESS; 2286 if ((alg == __OPTEE_ALG_ECDH_P256 || 2287 alg == __OPTEE_ALG_ECDSA_P256 || 2288 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2289 alg == TEE_ALG_ECDSA_SHA256) && 2290 element == TEE_ECC_CURVE_NIST_P256) 2291 return TEE_SUCCESS; 2292 if ((alg == __OPTEE_ALG_ECDH_P384 || 2293 alg == __OPTEE_ALG_ECDSA_P384 || 2294 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2295 alg == TEE_ALG_ECDSA_SHA384) && 2296 element == TEE_ECC_CURVE_NIST_P384) 2297 return TEE_SUCCESS; 2298 if ((alg == __OPTEE_ALG_ECDH_P521 || 2299 alg == __OPTEE_ALG_ECDSA_P521 || 2300 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2301 alg == TEE_ALG_ECDSA_SHA512) && 2302 element == TEE_ECC_CURVE_NIST_P521) 2303 return TEE_SUCCESS; 2304 } 2305 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2306 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2307 return TEE_SUCCESS; 2308 } 2309 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2310 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2311 return TEE_SUCCESS; 2312 } 2313 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2314 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2315 return TEE_SUCCESS; 2316 } 2317 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2318 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2319 return TEE_SUCCESS; 2320 } 2321 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2322 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2323 return TEE_SUCCESS; 2324 } 2325 2326 return TEE_ERROR_NOT_SUPPORTED; 2327 check_element_none: 2328 if (element == TEE_CRYPTO_ELEMENT_NONE) 2329 return TEE_SUCCESS; 2330 return TEE_ERROR_NOT_SUPPORTED; 2331 } 2332