1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <config.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <string_ext.h> 10 #include <tee_api.h> 11 #include <tee_api_defines_extensions.h> 12 #include <tee_internal_api_extensions.h> 13 #include <utee_syscalls.h> 14 #include <utee_defines.h> 15 #include <util.h> 16 #include "tee_api_private.h" 17 18 struct __TEE_OperationHandle { 19 TEE_OperationInfo info; 20 TEE_ObjectHandle key1; 21 TEE_ObjectHandle key2; 22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 23 uint8_t *buffer; /* buffer to collect complete blocks */ 24 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 25 size_t block_size; /* Block size of cipher */ 26 size_t buffer_offs; /* Offset in buffer */ 27 uint32_t state; /* Handle to state in TEE Core */ 28 }; 29 30 /* Cryptographic Operations API - Generic Operation Functions */ 31 32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 33 uint32_t algorithm, uint32_t mode, 34 uint32_t maxKeySize) 35 { 36 TEE_Result res; 37 TEE_OperationHandle op = TEE_HANDLE_NULL; 38 uint32_t handle_state = 0; 39 size_t block_size = 1; 40 uint32_t req_key_usage; 41 bool with_private_key = false; 42 bool buffer_two_blocks = false; 43 44 if (!operation) 45 TEE_Panic(0); 46 47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 48 algorithm == TEE_ALG_SM4_XTS) 49 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 50 51 /* Check algorithm max key size */ 52 switch (algorithm) { 53 case TEE_ALG_DSA_SHA1: 54 if (maxKeySize < 512) 55 return TEE_ERROR_NOT_SUPPORTED; 56 if (maxKeySize > 1024) 57 return TEE_ERROR_NOT_SUPPORTED; 58 if (maxKeySize % 64 != 0) 59 return TEE_ERROR_NOT_SUPPORTED; 60 break; 61 62 case TEE_ALG_DSA_SHA224: 63 if (maxKeySize != 2048) 64 return TEE_ERROR_NOT_SUPPORTED; 65 break; 66 67 case TEE_ALG_DSA_SHA256: 68 if (maxKeySize != 2048 && maxKeySize != 3072) 69 return TEE_ERROR_NOT_SUPPORTED; 70 break; 71 72 case TEE_ALG_ECDSA_P192: 73 case TEE_ALG_ECDH_P192: 74 if (maxKeySize != 192) 75 return TEE_ERROR_NOT_SUPPORTED; 76 break; 77 78 case TEE_ALG_ECDSA_P224: 79 case TEE_ALG_ECDH_P224: 80 if (maxKeySize != 224) 81 return TEE_ERROR_NOT_SUPPORTED; 82 break; 83 84 case TEE_ALG_ECDSA_P256: 85 case TEE_ALG_ECDH_P256: 86 case TEE_ALG_SM2_PKE: 87 case TEE_ALG_SM2_DSA_SM3: 88 if (maxKeySize != 256) 89 return TEE_ERROR_NOT_SUPPORTED; 90 break; 91 92 case TEE_ALG_SM2_KEP: 93 /* Two 256-bit keys */ 94 if (maxKeySize != 512) 95 return TEE_ERROR_NOT_SUPPORTED; 96 break; 97 98 case TEE_ALG_ECDSA_P384: 99 case TEE_ALG_ECDH_P384: 100 if (maxKeySize != 384) 101 return TEE_ERROR_NOT_SUPPORTED; 102 break; 103 104 case TEE_ALG_ECDSA_P521: 105 case TEE_ALG_ECDH_P521: 106 if (maxKeySize != 521) 107 return TEE_ERROR_NOT_SUPPORTED; 108 break; 109 case TEE_ALG_ED25519: 110 case TEE_ALG_X25519: 111 if (maxKeySize != 256) 112 return TEE_ERROR_NOT_SUPPORTED; 113 break; 114 default: 115 break; 116 } 117 118 /* Check algorithm mode (and maxKeySize for digests) */ 119 switch (algorithm) { 120 case TEE_ALG_AES_CTS: 121 case TEE_ALG_AES_XTS: 122 case TEE_ALG_SM4_XTS: 123 buffer_two_blocks = true; 124 fallthrough; 125 case TEE_ALG_AES_ECB_NOPAD: 126 case TEE_ALG_AES_CBC_NOPAD: 127 case TEE_ALG_AES_CCM: 128 case TEE_ALG_DES_ECB_NOPAD: 129 case TEE_ALG_DES_CBC_NOPAD: 130 case TEE_ALG_DES3_ECB_NOPAD: 131 case TEE_ALG_DES3_CBC_NOPAD: 132 case TEE_ALG_SM4_ECB_NOPAD: 133 case TEE_ALG_SM4_CBC_NOPAD: 134 case TEE_ALG_SM4_CTR: 135 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 136 block_size = TEE_AES_BLOCK_SIZE; 137 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 138 block_size = TEE_SM4_BLOCK_SIZE; 139 else 140 block_size = TEE_DES_BLOCK_SIZE; 141 fallthrough; 142 case TEE_ALG_AES_CTR: 143 case TEE_ALG_AES_GCM: 144 if (mode == TEE_MODE_ENCRYPT) 145 req_key_usage = TEE_USAGE_ENCRYPT; 146 else if (mode == TEE_MODE_DECRYPT) 147 req_key_usage = TEE_USAGE_DECRYPT; 148 else 149 return TEE_ERROR_NOT_SUPPORTED; 150 break; 151 152 #if defined(CFG_CRYPTO_RSASSA_NA1) 153 case TEE_ALG_RSASSA_PKCS1_V1_5: 154 #endif 155 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 160 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 165 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 166 case TEE_ALG_DSA_SHA1: 167 case TEE_ALG_DSA_SHA224: 168 case TEE_ALG_DSA_SHA256: 169 case TEE_ALG_ECDSA_P192: 170 case TEE_ALG_ECDSA_P224: 171 case TEE_ALG_ECDSA_P256: 172 case TEE_ALG_ECDSA_P384: 173 case TEE_ALG_ECDSA_P521: 174 case TEE_ALG_SM2_DSA_SM3: 175 case TEE_ALG_ED25519: 176 if (mode == TEE_MODE_SIGN) { 177 with_private_key = true; 178 req_key_usage = TEE_USAGE_SIGN; 179 } else if (mode == TEE_MODE_VERIFY) { 180 req_key_usage = TEE_USAGE_VERIFY; 181 } else { 182 return TEE_ERROR_NOT_SUPPORTED; 183 } 184 break; 185 186 case TEE_ALG_RSAES_PKCS1_V1_5: 187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 189 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 190 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 191 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 192 case TEE_ALG_SM2_PKE: 193 if (mode == TEE_MODE_ENCRYPT) { 194 req_key_usage = TEE_USAGE_ENCRYPT; 195 } else if (mode == TEE_MODE_DECRYPT) { 196 with_private_key = true; 197 req_key_usage = TEE_USAGE_DECRYPT; 198 } else { 199 return TEE_ERROR_NOT_SUPPORTED; 200 } 201 break; 202 203 case TEE_ALG_RSA_NOPAD: 204 if (mode == TEE_MODE_ENCRYPT) { 205 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 206 } else if (mode == TEE_MODE_DECRYPT) { 207 with_private_key = true; 208 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 209 } else { 210 return TEE_ERROR_NOT_SUPPORTED; 211 } 212 break; 213 214 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 215 case TEE_ALG_ECDH_P192: 216 case TEE_ALG_ECDH_P224: 217 case TEE_ALG_ECDH_P256: 218 case TEE_ALG_ECDH_P384: 219 case TEE_ALG_ECDH_P521: 220 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 221 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 222 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 223 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 224 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 225 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 226 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 227 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 228 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 229 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 230 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 231 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 232 case TEE_ALG_SM2_KEP: 233 case TEE_ALG_X25519: 234 if (mode != TEE_MODE_DERIVE) 235 return TEE_ERROR_NOT_SUPPORTED; 236 with_private_key = true; 237 req_key_usage = TEE_USAGE_DERIVE; 238 break; 239 240 case TEE_ALG_MD5: 241 case TEE_ALG_SHA1: 242 case TEE_ALG_SHA224: 243 case TEE_ALG_SHA256: 244 case TEE_ALG_SHA384: 245 case TEE_ALG_SHA512: 246 case TEE_ALG_SM3: 247 if (mode != TEE_MODE_DIGEST) 248 return TEE_ERROR_NOT_SUPPORTED; 249 if (maxKeySize) 250 return TEE_ERROR_NOT_SUPPORTED; 251 /* v1.1: flags always set for digest operations */ 252 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 253 req_key_usage = 0; 254 break; 255 256 case TEE_ALG_DES_CBC_MAC_NOPAD: 257 case TEE_ALG_AES_CBC_MAC_NOPAD: 258 case TEE_ALG_AES_CBC_MAC_PKCS5: 259 case TEE_ALG_AES_CMAC: 260 case TEE_ALG_DES_CBC_MAC_PKCS5: 261 case TEE_ALG_DES3_CBC_MAC_NOPAD: 262 case TEE_ALG_DES3_CBC_MAC_PKCS5: 263 case TEE_ALG_DES3_CMAC: 264 case TEE_ALG_HMAC_MD5: 265 case TEE_ALG_HMAC_SHA1: 266 case TEE_ALG_HMAC_SHA224: 267 case TEE_ALG_HMAC_SHA256: 268 case TEE_ALG_HMAC_SHA384: 269 case TEE_ALG_HMAC_SHA512: 270 case TEE_ALG_HMAC_SM3: 271 if (mode != TEE_MODE_MAC) 272 return TEE_ERROR_NOT_SUPPORTED; 273 req_key_usage = TEE_USAGE_MAC; 274 break; 275 276 default: 277 return TEE_ERROR_NOT_SUPPORTED; 278 } 279 280 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 281 if (!op) 282 return TEE_ERROR_OUT_OF_MEMORY; 283 284 op->info.algorithm = algorithm; 285 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 286 #ifdef CFG_CRYPTO_RSASSA_NA1 287 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 288 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 289 #endif 290 op->info.mode = mode; 291 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 292 op->info.maxKeySize = maxKeySize; 293 op->info.requiredKeyUsage = req_key_usage; 294 op->info.handleState = handle_state; 295 296 if (block_size > 1) { 297 size_t buffer_size = block_size; 298 299 if (buffer_two_blocks) 300 buffer_size *= 2; 301 302 op->buffer = TEE_Malloc(buffer_size, 303 TEE_USER_MEM_HINT_NO_FILL_ZERO); 304 if (op->buffer == NULL) { 305 res = TEE_ERROR_OUT_OF_MEMORY; 306 goto out; 307 } 308 } 309 op->block_size = block_size; 310 op->buffer_two_blocks = buffer_two_blocks; 311 312 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 313 uint32_t mks = maxKeySize; 314 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 315 with_private_key); 316 317 /* 318 * If two keys are expected the max key size is the sum of 319 * the size of both keys. 320 */ 321 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 322 mks /= 2; 323 324 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 325 if (res != TEE_SUCCESS) 326 goto out; 327 328 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 329 res = TEE_AllocateTransientObject(key_type, mks, 330 &op->key2); 331 if (res != TEE_SUCCESS) 332 goto out; 333 } 334 } 335 336 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 337 (unsigned long)op->key2, &op->state); 338 if (res != TEE_SUCCESS) 339 goto out; 340 341 /* 342 * Initialize digest operations 343 * Other multi-stage operations initialized w/ TEE_xxxInit functions 344 * Non-applicable on asymmetric operations 345 */ 346 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 347 res = _utee_hash_init(op->state, NULL, 0); 348 if (res != TEE_SUCCESS) 349 goto out; 350 /* v1.1: flags always set for digest operations */ 351 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 352 } 353 354 op->operationState = TEE_OPERATION_STATE_INITIAL; 355 356 *operation = op; 357 358 out: 359 if (res != TEE_SUCCESS) { 360 if (res != TEE_ERROR_OUT_OF_MEMORY && 361 res != TEE_ERROR_NOT_SUPPORTED) 362 TEE_Panic(res); 363 if (op) { 364 if (op->state) { 365 TEE_FreeOperation(op); 366 } else { 367 TEE_Free(op->buffer); 368 TEE_FreeTransientObject(op->key1); 369 TEE_FreeTransientObject(op->key2); 370 TEE_Free(op); 371 } 372 } 373 } 374 375 return res; 376 } 377 378 void TEE_FreeOperation(TEE_OperationHandle operation) 379 { 380 TEE_Result res; 381 382 if (operation == TEE_HANDLE_NULL) 383 TEE_Panic(0); 384 385 /* 386 * Note that keys should not be freed here, since they are 387 * claimed by the operation they will be freed by 388 * utee_cryp_state_free(). 389 */ 390 res = _utee_cryp_state_free(operation->state); 391 if (res != TEE_SUCCESS) 392 TEE_Panic(res); 393 394 TEE_Free(operation->buffer); 395 TEE_Free(operation); 396 } 397 398 void TEE_GetOperationInfo(TEE_OperationHandle operation, 399 TEE_OperationInfo *operationInfo) 400 { 401 if (operation == TEE_HANDLE_NULL) 402 TEE_Panic(0); 403 404 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 405 406 *operationInfo = operation->info; 407 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 408 operationInfo->keySize = 0; 409 operationInfo->requiredKeyUsage = 0; 410 } 411 } 412 413 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 414 TEE_OperationInfoMultiple *op_info, 415 uint32_t *size) 416 { 417 TEE_Result res = TEE_SUCCESS; 418 TEE_ObjectInfo kinfo = { }; 419 size_t max_key_count = 0; 420 bool two_keys = false; 421 422 if (op == TEE_HANDLE_NULL) { 423 res = TEE_ERROR_BAD_PARAMETERS; 424 goto out; 425 } 426 427 __utee_check_outbuf_annotation(op_info, size); 428 429 if (*size < sizeof(*op_info)) { 430 res = TEE_ERROR_BAD_PARAMETERS; 431 goto out; 432 } 433 max_key_count = (*size - sizeof(*op_info)) / 434 sizeof(TEE_OperationInfoKey); 435 436 TEE_MemFill(op_info, 0, *size); 437 438 /* Two keys flag (TEE_ALG_AES_XTS only) */ 439 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 440 441 if (op->info.mode == TEE_MODE_DIGEST) { 442 op_info->numberOfKeys = 0; 443 } else if (!two_keys) { 444 if (max_key_count < 1) { 445 res = TEE_ERROR_SHORT_BUFFER; 446 goto out; 447 } 448 449 res = TEE_GetObjectInfo1(op->key1, &kinfo); 450 /* Key1 is not a valid handle, "can't happen". */ 451 if (res) 452 goto out; 453 454 op_info->keyInformation[0].keySize = kinfo.keySize; 455 op_info->keyInformation[0].requiredKeyUsage = 456 op->info.requiredKeyUsage; 457 op_info->numberOfKeys = 1; 458 } else { 459 if (max_key_count < 2) { 460 res = TEE_ERROR_SHORT_BUFFER; 461 goto out; 462 } 463 464 res = TEE_GetObjectInfo1(op->key1, &kinfo); 465 /* Key1 is not a valid handle, "can't happen". */ 466 if (res) 467 goto out; 468 469 op_info->keyInformation[0].keySize = kinfo.keySize; 470 op_info->keyInformation[0].requiredKeyUsage = 471 op->info.requiredKeyUsage; 472 473 res = TEE_GetObjectInfo1(op->key2, &kinfo); 474 /* Key2 is not a valid handle, "can't happen". */ 475 if (res) 476 goto out; 477 478 op_info->keyInformation[1].keySize = kinfo.keySize; 479 op_info->keyInformation[1].requiredKeyUsage = 480 op->info.requiredKeyUsage; 481 482 op_info->numberOfKeys = 2; 483 } 484 485 op_info->algorithm = op->info.algorithm; 486 op_info->operationClass = op->info.operationClass; 487 op_info->mode = op->info.mode; 488 op_info->digestLength = op->info.digestLength; 489 op_info->maxKeySize = op->info.maxKeySize; 490 op_info->handleState = op->info.handleState; 491 op_info->operationState = op->operationState; 492 493 out: 494 if (res != TEE_SUCCESS && 495 res != TEE_ERROR_SHORT_BUFFER) 496 TEE_Panic(res); 497 498 return res; 499 } 500 501 void TEE_ResetOperation(TEE_OperationHandle operation) 502 { 503 TEE_Result res; 504 505 if (operation == TEE_HANDLE_NULL) 506 TEE_Panic(0); 507 508 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 509 TEE_Panic(0); 510 511 operation->operationState = TEE_OPERATION_STATE_INITIAL; 512 513 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 514 res = _utee_hash_init(operation->state, NULL, 0); 515 if (res != TEE_SUCCESS) 516 TEE_Panic(res); 517 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 518 } else { 519 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 520 } 521 } 522 523 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 524 TEE_ObjectHandle key) 525 { 526 TEE_Result res; 527 uint32_t key_size = 0; 528 TEE_ObjectInfo key_info; 529 530 if (operation == TEE_HANDLE_NULL) { 531 res = TEE_ERROR_BAD_PARAMETERS; 532 goto out; 533 } 534 535 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 536 res = TEE_ERROR_BAD_PARAMETERS; 537 goto out; 538 } 539 540 if (key == TEE_HANDLE_NULL) { 541 /* Operation key cleared */ 542 TEE_ResetTransientObject(operation->key1); 543 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 544 return TEE_SUCCESS; 545 } 546 547 /* No key for digest operation */ 548 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 549 res = TEE_ERROR_BAD_PARAMETERS; 550 goto out; 551 } 552 553 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 554 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 555 0) { 556 res = TEE_ERROR_BAD_PARAMETERS; 557 goto out; 558 } 559 560 res = TEE_GetObjectInfo1(key, &key_info); 561 /* Key is not a valid handle */ 562 if (res != TEE_SUCCESS) 563 goto out; 564 565 /* Supplied key has to meet required usage */ 566 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 567 operation->info.requiredKeyUsage) { 568 res = TEE_ERROR_BAD_PARAMETERS; 569 goto out; 570 } 571 572 if (operation->info.maxKeySize < key_info.keySize) { 573 res = TEE_ERROR_BAD_PARAMETERS; 574 goto out; 575 } 576 577 key_size = key_info.keySize; 578 579 TEE_ResetTransientObject(operation->key1); 580 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 581 582 res = TEE_CopyObjectAttributes1(operation->key1, key); 583 if (res != TEE_SUCCESS) 584 goto out; 585 586 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 587 588 operation->info.keySize = key_size; 589 590 out: 591 if (res != TEE_SUCCESS && 592 res != TEE_ERROR_CORRUPT_OBJECT && 593 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 594 TEE_Panic(res); 595 596 return res; 597 } 598 599 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 600 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 601 { 602 TEE_Result res; 603 uint32_t key_size = 0; 604 TEE_ObjectInfo key_info1; 605 TEE_ObjectInfo key_info2; 606 607 if (operation == TEE_HANDLE_NULL) { 608 res = TEE_ERROR_BAD_PARAMETERS; 609 goto out; 610 } 611 612 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 613 res = TEE_ERROR_BAD_PARAMETERS; 614 goto out; 615 } 616 617 /* 618 * Key1/Key2 and/or are not initialized and 619 * Either both keys are NULL or both are not NULL 620 */ 621 if (!key1 && !key2) { 622 /* Clear the keys */ 623 TEE_ResetTransientObject(operation->key1); 624 TEE_ResetTransientObject(operation->key2); 625 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 626 return TEE_SUCCESS; 627 } else if (!key1 || !key2) { 628 /* Both keys are obviously not valid. */ 629 res = TEE_ERROR_BAD_PARAMETERS; 630 goto out; 631 } 632 633 /* No key for digest operation */ 634 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 635 res = TEE_ERROR_BAD_PARAMETERS; 636 goto out; 637 } 638 639 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 640 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 641 0) { 642 res = TEE_ERROR_BAD_PARAMETERS; 643 goto out; 644 } 645 646 res = TEE_GetObjectInfo1(key1, &key_info1); 647 /* Key1 is not a valid handle */ 648 if (res != TEE_SUCCESS) 649 goto out; 650 651 /* Supplied key has to meet required usage */ 652 if ((key_info1.objectUsage & operation->info. 653 requiredKeyUsage) != operation->info.requiredKeyUsage) { 654 res = TEE_ERROR_BAD_PARAMETERS; 655 goto out; 656 } 657 658 res = TEE_GetObjectInfo1(key2, &key_info2); 659 /* Key2 is not a valid handle */ 660 if (res != TEE_SUCCESS) { 661 if (res == TEE_ERROR_CORRUPT_OBJECT) 662 res = TEE_ERROR_CORRUPT_OBJECT_2; 663 goto out; 664 } 665 666 /* Supplied key has to meet required usage */ 667 if ((key_info2.objectUsage & operation->info. 668 requiredKeyUsage) != operation->info.requiredKeyUsage) { 669 res = TEE_ERROR_BAD_PARAMETERS; 670 goto out; 671 } 672 673 /* 674 * All the multi key algorithm currently supported requires the keys to 675 * be of equal size. 676 */ 677 if (key_info1.keySize != key_info2.keySize) { 678 res = TEE_ERROR_BAD_PARAMETERS; 679 goto out; 680 681 } 682 683 if (operation->info.maxKeySize < key_info1.keySize) { 684 res = TEE_ERROR_BAD_PARAMETERS; 685 goto out; 686 } 687 688 /* 689 * Odd that only the size of one key should be reported while 690 * size of two key are used when allocating the operation. 691 */ 692 key_size = key_info1.keySize; 693 694 TEE_ResetTransientObject(operation->key1); 695 TEE_ResetTransientObject(operation->key2); 696 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 697 698 res = TEE_CopyObjectAttributes1(operation->key1, key1); 699 if (res != TEE_SUCCESS) 700 goto out; 701 res = TEE_CopyObjectAttributes1(operation->key2, key2); 702 if (res != TEE_SUCCESS) { 703 if (res == TEE_ERROR_CORRUPT_OBJECT) 704 res = TEE_ERROR_CORRUPT_OBJECT_2; 705 goto out; 706 } 707 708 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 709 710 operation->info.keySize = key_size; 711 712 out: 713 if (res != TEE_SUCCESS && 714 res != TEE_ERROR_CORRUPT_OBJECT && 715 res != TEE_ERROR_CORRUPT_OBJECT_2 && 716 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 717 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 718 TEE_Panic(res); 719 720 return res; 721 } 722 723 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 724 { 725 TEE_Result res; 726 727 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 728 TEE_Panic(0); 729 if (dst_op->info.algorithm != src_op->info.algorithm) 730 TEE_Panic(0); 731 if (dst_op->info.mode != src_op->info.mode) 732 TEE_Panic(0); 733 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 734 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 735 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 736 737 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 738 key1 = src_op->key1; 739 key2 = src_op->key2; 740 } 741 742 if ((src_op->info.handleState & 743 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 744 TEE_SetOperationKey(dst_op, key1); 745 } else { 746 TEE_SetOperationKey2(dst_op, key1, key2); 747 } 748 } 749 dst_op->info.handleState = src_op->info.handleState; 750 dst_op->info.keySize = src_op->info.keySize; 751 dst_op->info.digestLength = src_op->info.digestLength; 752 dst_op->operationState = src_op->operationState; 753 754 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 755 dst_op->block_size != src_op->block_size) 756 TEE_Panic(0); 757 758 if (dst_op->buffer != NULL) { 759 if (src_op->buffer == NULL) 760 TEE_Panic(0); 761 762 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs); 763 dst_op->buffer_offs = src_op->buffer_offs; 764 } else if (src_op->buffer != NULL) { 765 TEE_Panic(0); 766 } 767 768 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 769 if (res != TEE_SUCCESS) 770 TEE_Panic(res); 771 } 772 773 /* Cryptographic Operations API - Message Digest Functions */ 774 775 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 776 uint32_t IVLen) 777 { 778 TEE_Result res; 779 780 /* 781 * Note : IV and IVLen are never used in current implementation 782 * This is why coherent values of IV and IVLen are not checked 783 */ 784 res = _utee_hash_init(operation->state, IV, IVLen); 785 if (res != TEE_SUCCESS) 786 TEE_Panic(res); 787 operation->buffer_offs = 0; 788 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 789 } 790 791 void TEE_DigestUpdate(TEE_OperationHandle operation, 792 const void *chunk, uint32_t chunkSize) 793 { 794 TEE_Result res = TEE_ERROR_GENERIC; 795 796 if (operation == TEE_HANDLE_NULL || 797 operation->info.operationClass != TEE_OPERATION_DIGEST) 798 TEE_Panic(0); 799 800 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 801 802 res = _utee_hash_update(operation->state, chunk, chunkSize); 803 if (res != TEE_SUCCESS) 804 TEE_Panic(res); 805 } 806 807 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 808 uint32_t chunkLen, void *hash, uint32_t *hashLen) 809 { 810 TEE_Result res; 811 uint64_t hl; 812 813 if ((operation == TEE_HANDLE_NULL) || 814 (!chunk && chunkLen) || 815 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 816 res = TEE_ERROR_BAD_PARAMETERS; 817 goto out; 818 } 819 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 820 821 hl = *hashLen; 822 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl); 823 *hashLen = hl; 824 if (res != TEE_SUCCESS) 825 goto out; 826 827 /* Reset operation state */ 828 init_hash_operation(operation, NULL, 0); 829 830 operation->operationState = TEE_OPERATION_STATE_INITIAL; 831 832 out: 833 if (res != TEE_SUCCESS && 834 res != TEE_ERROR_SHORT_BUFFER) 835 TEE_Panic(res); 836 837 return res; 838 } 839 840 /* Cryptographic Operations API - Symmetric Cipher Functions */ 841 842 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 843 uint32_t IVLen) 844 { 845 TEE_Result res; 846 847 if (operation == TEE_HANDLE_NULL) 848 TEE_Panic(0); 849 850 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 851 TEE_Panic(0); 852 853 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 854 !(operation->key1)) 855 TEE_Panic(0); 856 857 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 858 TEE_ResetOperation(operation); 859 860 if (IV && IVLen) { 861 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 862 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 863 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 864 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 865 TEE_Panic(0); 866 } 867 868 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 869 870 res = _utee_cipher_init(operation->state, IV, IVLen); 871 if (res != TEE_SUCCESS) 872 TEE_Panic(res); 873 874 operation->buffer_offs = 0; 875 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 876 } 877 878 static TEE_Result tee_buffer_update( 879 TEE_OperationHandle op, 880 TEE_Result(*update_func)(unsigned long state, const void *src, 881 size_t slen, void *dst, uint64_t *dlen), 882 const void *src_data, size_t src_len, 883 void *dest_data, uint64_t *dest_len) 884 { 885 TEE_Result res; 886 const uint8_t *src = src_data; 887 size_t slen = src_len; 888 uint8_t *dst = dest_data; 889 size_t dlen = *dest_len; 890 size_t acc_dlen = 0; 891 uint64_t tmp_dlen; 892 size_t l; 893 size_t buffer_size; 894 size_t buffer_left; 895 896 if (!src) { 897 if (slen) 898 TEE_Panic(0); 899 goto out; 900 } 901 902 if (op->buffer_two_blocks) { 903 buffer_size = op->block_size * 2; 904 buffer_left = 1; 905 } else { 906 buffer_size = op->block_size; 907 buffer_left = 0; 908 } 909 910 if (op->buffer_offs > 0) { 911 /* Fill up complete block */ 912 if (op->buffer_offs < op->block_size) 913 l = MIN(slen, op->block_size - op->buffer_offs); 914 else 915 l = MIN(slen, buffer_size - op->buffer_offs); 916 memcpy(op->buffer + op->buffer_offs, src, l); 917 op->buffer_offs += l; 918 src += l; 919 slen -= l; 920 if ((op->buffer_offs % op->block_size) != 0) 921 goto out; /* Nothing left to do */ 922 } 923 924 /* If we can feed from buffer */ 925 if ((op->buffer_offs > 0) && 926 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 927 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 928 op->block_size); 929 l = MIN(op->buffer_offs, l); 930 tmp_dlen = dlen; 931 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 932 if (res != TEE_SUCCESS) 933 TEE_Panic(res); 934 dst += tmp_dlen; 935 dlen -= tmp_dlen; 936 acc_dlen += tmp_dlen; 937 op->buffer_offs -= l; 938 if (op->buffer_offs > 0) { 939 /* 940 * Slen is small enough to be contained in rest buffer. 941 */ 942 memcpy(op->buffer, op->buffer + l, buffer_size - l); 943 memcpy(op->buffer + op->buffer_offs, src, slen); 944 op->buffer_offs += slen; 945 goto out; /* Nothing left to do */ 946 } 947 } 948 949 if (slen >= (buffer_size + buffer_left)) { 950 /* Buffer is empty, feed as much as possible from src */ 951 if (op->info.algorithm == TEE_ALG_AES_CTS) 952 l = ROUNDUP(slen - buffer_size, op->block_size); 953 else 954 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 955 956 tmp_dlen = dlen; 957 res = update_func(op->state, src, l, dst, &tmp_dlen); 958 if (res != TEE_SUCCESS) 959 TEE_Panic(res); 960 src += l; 961 slen -= l; 962 dst += tmp_dlen; 963 dlen -= tmp_dlen; 964 acc_dlen += tmp_dlen; 965 } 966 967 /* Slen is small enough to be contained in buffer. */ 968 memcpy(op->buffer + op->buffer_offs, src, slen); 969 op->buffer_offs += slen; 970 971 out: 972 *dest_len = acc_dlen; 973 return TEE_SUCCESS; 974 } 975 976 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 977 uint32_t srcLen, void *destData, uint32_t *destLen) 978 { 979 TEE_Result res; 980 size_t req_dlen; 981 uint64_t dl; 982 983 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 984 res = TEE_ERROR_BAD_PARAMETERS; 985 goto out; 986 } 987 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 988 989 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 990 res = TEE_ERROR_BAD_PARAMETERS; 991 goto out; 992 } 993 994 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 995 res = TEE_ERROR_BAD_PARAMETERS; 996 goto out; 997 } 998 999 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1000 res = TEE_ERROR_BAD_PARAMETERS; 1001 goto out; 1002 } 1003 1004 if (!srcData && !srcLen) { 1005 *destLen = 0; 1006 res = TEE_SUCCESS; 1007 goto out; 1008 } 1009 1010 /* Calculate required dlen */ 1011 if (operation->block_size > 1) { 1012 req_dlen = ((operation->buffer_offs + srcLen) / 1013 operation->block_size) * operation->block_size; 1014 } else { 1015 req_dlen = srcLen; 1016 } 1017 if (operation->buffer_two_blocks) { 1018 if (req_dlen > operation->block_size * 2) 1019 req_dlen -= operation->block_size * 2; 1020 else 1021 req_dlen = 0; 1022 } 1023 /* 1024 * Check that required destLen is big enough before starting to feed 1025 * data to the algorithm. Errors during feeding of data are fatal as we 1026 * can't restore sync with this API. 1027 */ 1028 if (*destLen < req_dlen) { 1029 *destLen = req_dlen; 1030 res = TEE_ERROR_SHORT_BUFFER; 1031 goto out; 1032 } 1033 1034 dl = *destLen; 1035 if (operation->block_size > 1) { 1036 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1037 srcLen, destData, &dl); 1038 } else { 1039 if (srcLen > 0) { 1040 res = _utee_cipher_update(operation->state, srcData, 1041 srcLen, destData, &dl); 1042 } else { 1043 res = TEE_SUCCESS; 1044 dl = 0; 1045 } 1046 } 1047 *destLen = dl; 1048 1049 out: 1050 if (res != TEE_SUCCESS && 1051 res != TEE_ERROR_SHORT_BUFFER) 1052 TEE_Panic(res); 1053 1054 return res; 1055 } 1056 1057 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1058 const void *srcData, uint32_t srcLen, 1059 void *destData, uint32_t *destLen) 1060 { 1061 TEE_Result res = TEE_SUCCESS; 1062 uint8_t *dst = destData; 1063 size_t acc_dlen = 0; 1064 uint64_t tmp_dlen = 0; 1065 size_t req_dlen = 0; 1066 1067 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1068 res = TEE_ERROR_BAD_PARAMETERS; 1069 goto out; 1070 } 1071 if (destLen) 1072 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1073 1074 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1075 res = TEE_ERROR_BAD_PARAMETERS; 1076 goto out; 1077 } 1078 1079 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1080 res = TEE_ERROR_BAD_PARAMETERS; 1081 goto out; 1082 } 1083 1084 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1085 res = TEE_ERROR_BAD_PARAMETERS; 1086 goto out; 1087 } 1088 1089 /* 1090 * Check that the final block doesn't require padding for those 1091 * algorithms that requires client to supply padding. 1092 */ 1093 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1094 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1095 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1096 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1097 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1098 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1099 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1100 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1101 if (((operation->buffer_offs + srcLen) % operation->block_size) 1102 != 0) { 1103 res = TEE_ERROR_BAD_PARAMETERS; 1104 goto out; 1105 } 1106 } 1107 1108 /* 1109 * Check that required destLen is big enough before starting to feed 1110 * data to the algorithm. Errors during feeding of data are fatal as we 1111 * can't restore sync with this API. 1112 */ 1113 if (operation->block_size > 1) { 1114 req_dlen = operation->buffer_offs + srcLen; 1115 } else { 1116 req_dlen = srcLen; 1117 } 1118 if (destLen) 1119 tmp_dlen = *destLen; 1120 if (tmp_dlen < req_dlen) { 1121 if (destLen) 1122 *destLen = req_dlen; 1123 res = TEE_ERROR_SHORT_BUFFER; 1124 goto out; 1125 } 1126 1127 if (operation->block_size > 1) { 1128 if (srcLen) { 1129 res = tee_buffer_update(operation, _utee_cipher_update, 1130 srcData, srcLen, dst, 1131 &tmp_dlen); 1132 if (res != TEE_SUCCESS) 1133 goto out; 1134 1135 dst += tmp_dlen; 1136 acc_dlen += tmp_dlen; 1137 1138 tmp_dlen = *destLen - acc_dlen; 1139 } 1140 res = _utee_cipher_final(operation->state, operation->buffer, 1141 operation->buffer_offs, dst, 1142 &tmp_dlen); 1143 } else { 1144 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1145 &tmp_dlen); 1146 } 1147 if (res != TEE_SUCCESS) 1148 goto out; 1149 1150 acc_dlen += tmp_dlen; 1151 if (destLen) 1152 *destLen = acc_dlen; 1153 1154 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1155 1156 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1157 1158 out: 1159 if (res != TEE_SUCCESS && 1160 res != TEE_ERROR_SHORT_BUFFER) 1161 TEE_Panic(res); 1162 1163 return res; 1164 } 1165 1166 /* Cryptographic Operations API - MAC Functions */ 1167 1168 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen) 1169 { 1170 if (operation == TEE_HANDLE_NULL) 1171 TEE_Panic(0); 1172 1173 if (operation->info.operationClass != TEE_OPERATION_MAC) 1174 TEE_Panic(0); 1175 1176 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1177 !(operation->key1)) 1178 TEE_Panic(0); 1179 1180 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1181 TEE_ResetOperation(operation); 1182 1183 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1184 1185 init_hash_operation(operation, IV, IVLen); 1186 } 1187 1188 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1189 uint32_t chunkSize) 1190 { 1191 TEE_Result res; 1192 1193 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1194 TEE_Panic(0); 1195 1196 if (operation->info.operationClass != TEE_OPERATION_MAC) 1197 TEE_Panic(0); 1198 1199 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1200 TEE_Panic(0); 1201 1202 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1203 TEE_Panic(0); 1204 1205 res = _utee_hash_update(operation->state, chunk, chunkSize); 1206 if (res != TEE_SUCCESS) 1207 TEE_Panic(res); 1208 } 1209 1210 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1211 const void *message, uint32_t messageLen, 1212 void *mac, uint32_t *macLen) 1213 { 1214 TEE_Result res; 1215 uint64_t ml; 1216 1217 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1218 res = TEE_ERROR_BAD_PARAMETERS; 1219 goto out; 1220 } 1221 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1222 1223 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1224 res = TEE_ERROR_BAD_PARAMETERS; 1225 goto out; 1226 } 1227 1228 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1229 res = TEE_ERROR_BAD_PARAMETERS; 1230 goto out; 1231 } 1232 1233 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1234 res = TEE_ERROR_BAD_PARAMETERS; 1235 goto out; 1236 } 1237 1238 ml = *macLen; 1239 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1240 *macLen = ml; 1241 if (res != TEE_SUCCESS) 1242 goto out; 1243 1244 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1245 1246 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1247 1248 out: 1249 if (res != TEE_SUCCESS && 1250 res != TEE_ERROR_SHORT_BUFFER) 1251 TEE_Panic(res); 1252 1253 return res; 1254 } 1255 1256 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1257 const void *message, uint32_t messageLen, 1258 const void *mac, uint32_t macLen) 1259 { 1260 TEE_Result res; 1261 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1262 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 1263 1264 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1265 res = TEE_ERROR_BAD_PARAMETERS; 1266 goto out; 1267 } 1268 1269 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1270 res = TEE_ERROR_BAD_PARAMETERS; 1271 goto out; 1272 } 1273 1274 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1275 res = TEE_ERROR_BAD_PARAMETERS; 1276 goto out; 1277 } 1278 1279 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1280 &computed_mac_size); 1281 if (res != TEE_SUCCESS) 1282 goto out; 1283 1284 if (computed_mac_size != macLen) { 1285 res = TEE_ERROR_MAC_INVALID; 1286 goto out; 1287 } 1288 1289 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1290 res = TEE_ERROR_MAC_INVALID; 1291 goto out; 1292 } 1293 1294 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1295 1296 out: 1297 if (res != TEE_SUCCESS && 1298 res != TEE_ERROR_MAC_INVALID) 1299 TEE_Panic(res); 1300 1301 return res; 1302 } 1303 1304 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1305 1306 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1307 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, 1308 uint32_t payloadLen) 1309 { 1310 TEE_Result res; 1311 1312 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1313 res = TEE_ERROR_BAD_PARAMETERS; 1314 goto out; 1315 } 1316 1317 if (operation->info.operationClass != TEE_OPERATION_AE) { 1318 res = TEE_ERROR_BAD_PARAMETERS; 1319 goto out; 1320 } 1321 1322 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1323 res = TEE_ERROR_BAD_PARAMETERS; 1324 goto out; 1325 } 1326 1327 /* 1328 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1329 * in the implementation. But AES-GCM spec doesn't specify the tag len 1330 * according to the same principle so we have to check here instead to 1331 * be GP compliant. 1332 */ 1333 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1334 /* 1335 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1336 */ 1337 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1338 res = TEE_ERROR_NOT_SUPPORTED; 1339 goto out; 1340 } 1341 } 1342 1343 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1344 AADLen, payloadLen); 1345 if (res != TEE_SUCCESS) 1346 goto out; 1347 1348 operation->info.digestLength = tagLen / 8; 1349 operation->buffer_offs = 0; 1350 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1351 1352 out: 1353 if (res != TEE_SUCCESS && 1354 res != TEE_ERROR_NOT_SUPPORTED) 1355 TEE_Panic(res); 1356 1357 return res; 1358 } 1359 1360 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1361 uint32_t AADdataLen) 1362 { 1363 TEE_Result res; 1364 1365 if (operation == TEE_HANDLE_NULL || 1366 (AADdata == NULL && AADdataLen != 0)) 1367 TEE_Panic(0); 1368 1369 if (operation->info.operationClass != TEE_OPERATION_AE) 1370 TEE_Panic(0); 1371 1372 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1373 TEE_Panic(0); 1374 1375 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1376 1377 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1378 1379 if (res != TEE_SUCCESS) 1380 TEE_Panic(res); 1381 } 1382 1383 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1384 uint32_t srcLen, void *destData, uint32_t *destLen) 1385 { 1386 TEE_Result res = TEE_SUCCESS; 1387 size_t req_dlen = 0; 1388 uint64_t dl = 0; 1389 1390 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1391 res = TEE_ERROR_BAD_PARAMETERS; 1392 goto out; 1393 } 1394 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1395 1396 if (operation->info.operationClass != TEE_OPERATION_AE) { 1397 res = TEE_ERROR_BAD_PARAMETERS; 1398 goto out; 1399 } 1400 1401 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1402 res = TEE_ERROR_BAD_PARAMETERS; 1403 goto out; 1404 } 1405 1406 if (!srcData && !srcLen) { 1407 *destLen = 0; 1408 res = TEE_SUCCESS; 1409 goto out; 1410 } 1411 1412 /* 1413 * Check that required destLen is big enough before starting to feed 1414 * data to the algorithm. Errors during feeding of data are fatal as we 1415 * can't restore sync with this API. 1416 */ 1417 if (operation->block_size > 1) { 1418 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen, 1419 operation->block_size); 1420 } else { 1421 req_dlen = srcLen; 1422 } 1423 1424 dl = *destLen; 1425 if (dl < req_dlen) { 1426 *destLen = req_dlen; 1427 res = TEE_ERROR_SHORT_BUFFER; 1428 goto out; 1429 } 1430 1431 if (operation->block_size > 1) { 1432 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1433 srcData, srcLen, destData, &dl); 1434 } else { 1435 if (srcLen > 0) { 1436 res = _utee_authenc_update_payload(operation->state, 1437 srcData, srcLen, 1438 destData, &dl); 1439 } else { 1440 dl = 0; 1441 res = TEE_SUCCESS; 1442 } 1443 } 1444 if (res != TEE_SUCCESS) 1445 goto out; 1446 1447 *destLen = dl; 1448 1449 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1450 1451 out: 1452 if (res != TEE_SUCCESS && 1453 res != TEE_ERROR_SHORT_BUFFER) 1454 TEE_Panic(res); 1455 1456 return res; 1457 } 1458 1459 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1460 const void *srcData, uint32_t srcLen, 1461 void *destData, uint32_t *destLen, void *tag, 1462 uint32_t *tagLen) 1463 { 1464 TEE_Result res; 1465 uint8_t *dst = destData; 1466 size_t acc_dlen = 0; 1467 uint64_t tmp_dlen; 1468 size_t req_dlen; 1469 uint64_t tl; 1470 1471 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1472 res = TEE_ERROR_BAD_PARAMETERS; 1473 goto out; 1474 } 1475 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1476 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1477 1478 if (operation->info.operationClass != TEE_OPERATION_AE) { 1479 res = TEE_ERROR_BAD_PARAMETERS; 1480 goto out; 1481 } 1482 1483 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1484 res = TEE_ERROR_BAD_PARAMETERS; 1485 goto out; 1486 } 1487 1488 /* 1489 * Check that required destLen is big enough before starting to feed 1490 * data to the algorithm. Errors during feeding of data are fatal as we 1491 * can't restore sync with this API. 1492 * 1493 * Need to check this before update_payload since sync would be lost if 1494 * we return short buffer after that. 1495 */ 1496 res = TEE_ERROR_GENERIC; 1497 1498 req_dlen = operation->buffer_offs + srcLen; 1499 if (*destLen < req_dlen) { 1500 *destLen = req_dlen; 1501 res = TEE_ERROR_SHORT_BUFFER; 1502 } 1503 1504 if (*tagLen < operation->info.digestLength) { 1505 *tagLen = operation->info.digestLength; 1506 res = TEE_ERROR_SHORT_BUFFER; 1507 } 1508 1509 if (res == TEE_ERROR_SHORT_BUFFER) 1510 goto out; 1511 1512 tl = *tagLen; 1513 tmp_dlen = *destLen - acc_dlen; 1514 if (operation->block_size > 1) { 1515 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1516 srcData, srcLen, dst, &tmp_dlen); 1517 if (res != TEE_SUCCESS) 1518 goto out; 1519 1520 dst += tmp_dlen; 1521 acc_dlen += tmp_dlen; 1522 1523 tmp_dlen = *destLen - acc_dlen; 1524 res = _utee_authenc_enc_final(operation->state, 1525 operation->buffer, 1526 operation->buffer_offs, dst, 1527 &tmp_dlen, tag, &tl); 1528 } else { 1529 res = _utee_authenc_enc_final(operation->state, srcData, 1530 srcLen, dst, &tmp_dlen, 1531 tag, &tl); 1532 } 1533 *tagLen = tl; 1534 if (res != TEE_SUCCESS) 1535 goto out; 1536 1537 acc_dlen += tmp_dlen; 1538 *destLen = acc_dlen; 1539 1540 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1541 1542 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1543 1544 out: 1545 if (res != TEE_SUCCESS && 1546 res != TEE_ERROR_SHORT_BUFFER) 1547 TEE_Panic(res); 1548 1549 return res; 1550 } 1551 1552 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1553 const void *srcData, uint32_t srcLen, 1554 void *destData, uint32_t *destLen, void *tag, 1555 uint32_t tagLen) 1556 { 1557 TEE_Result res; 1558 uint8_t *dst = destData; 1559 size_t acc_dlen = 0; 1560 uint64_t tmp_dlen; 1561 size_t req_dlen; 1562 1563 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1564 res = TEE_ERROR_BAD_PARAMETERS; 1565 goto out; 1566 } 1567 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1568 1569 if (operation->info.operationClass != TEE_OPERATION_AE) { 1570 res = TEE_ERROR_BAD_PARAMETERS; 1571 goto out; 1572 } 1573 1574 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1575 res = TEE_ERROR_BAD_PARAMETERS; 1576 goto out; 1577 } 1578 1579 /* 1580 * Check that required destLen is big enough before starting to feed 1581 * data to the algorithm. Errors during feeding of data are fatal as we 1582 * can't restore sync with this API. 1583 */ 1584 req_dlen = operation->buffer_offs + srcLen; 1585 if (*destLen < req_dlen) { 1586 *destLen = req_dlen; 1587 res = TEE_ERROR_SHORT_BUFFER; 1588 goto out; 1589 } 1590 1591 tmp_dlen = *destLen - acc_dlen; 1592 if (operation->block_size > 1) { 1593 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1594 srcData, srcLen, dst, &tmp_dlen); 1595 if (res != TEE_SUCCESS) 1596 goto out; 1597 1598 dst += tmp_dlen; 1599 acc_dlen += tmp_dlen; 1600 1601 tmp_dlen = *destLen - acc_dlen; 1602 res = _utee_authenc_dec_final(operation->state, 1603 operation->buffer, 1604 operation->buffer_offs, dst, 1605 &tmp_dlen, tag, tagLen); 1606 } else { 1607 res = _utee_authenc_dec_final(operation->state, srcData, 1608 srcLen, dst, &tmp_dlen, 1609 tag, tagLen); 1610 } 1611 if (res != TEE_SUCCESS) 1612 goto out; 1613 1614 /* Supplied tagLen should match what we initiated with */ 1615 if (tagLen != operation->info.digestLength) 1616 res = TEE_ERROR_MAC_INVALID; 1617 1618 acc_dlen += tmp_dlen; 1619 *destLen = acc_dlen; 1620 1621 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1622 1623 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1624 1625 out: 1626 if (res != TEE_SUCCESS && 1627 res != TEE_ERROR_SHORT_BUFFER && 1628 res != TEE_ERROR_MAC_INVALID) 1629 TEE_Panic(res); 1630 1631 return res; 1632 } 1633 1634 /* Cryptographic Operations API - Asymmetric Functions */ 1635 1636 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 1637 const TEE_Attribute *params, 1638 uint32_t paramCount, const void *srcData, 1639 uint32_t srcLen, void *destData, 1640 uint32_t *destLen) 1641 { 1642 TEE_Result res = TEE_SUCCESS; 1643 struct utee_attribute ua[paramCount]; 1644 uint64_t dl = 0; 1645 1646 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1647 TEE_Panic(0); 1648 1649 __utee_check_attr_in_annotation(params, paramCount); 1650 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1651 1652 if (!operation->key1) 1653 TEE_Panic(0); 1654 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1655 TEE_Panic(0); 1656 if (operation->info.mode != TEE_MODE_ENCRYPT) 1657 TEE_Panic(0); 1658 1659 __utee_from_attr(ua, params, paramCount); 1660 dl = *destLen; 1661 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1662 srcLen, destData, &dl); 1663 *destLen = dl; 1664 1665 if (res != TEE_SUCCESS && 1666 res != TEE_ERROR_SHORT_BUFFER && 1667 res != TEE_ERROR_BAD_PARAMETERS) 1668 TEE_Panic(res); 1669 1670 return res; 1671 } 1672 1673 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 1674 const TEE_Attribute *params, 1675 uint32_t paramCount, const void *srcData, 1676 uint32_t srcLen, void *destData, 1677 uint32_t *destLen) 1678 { 1679 TEE_Result res = TEE_SUCCESS; 1680 struct utee_attribute ua[paramCount]; 1681 uint64_t dl = 0; 1682 1683 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 1684 TEE_Panic(0); 1685 1686 __utee_check_attr_in_annotation(params, paramCount); 1687 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1688 1689 if (!operation->key1) 1690 TEE_Panic(0); 1691 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 1692 TEE_Panic(0); 1693 if (operation->info.mode != TEE_MODE_DECRYPT) 1694 TEE_Panic(0); 1695 1696 __utee_from_attr(ua, params, paramCount); 1697 dl = *destLen; 1698 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 1699 srcLen, destData, &dl); 1700 *destLen = dl; 1701 1702 if (res != TEE_SUCCESS && 1703 res != TEE_ERROR_SHORT_BUFFER && 1704 res != TEE_ERROR_BAD_PARAMETERS) 1705 TEE_Panic(res); 1706 1707 return res; 1708 } 1709 1710 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 1711 const TEE_Attribute *params, 1712 uint32_t paramCount, const void *digest, 1713 uint32_t digestLen, void *signature, 1714 uint32_t *signatureLen) 1715 { 1716 TEE_Result res = TEE_SUCCESS; 1717 struct utee_attribute ua[paramCount]; 1718 uint64_t sl = 0; 1719 1720 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 1721 TEE_Panic(0); 1722 1723 __utee_check_attr_in_annotation(params, paramCount); 1724 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 1725 1726 if (!operation->key1) 1727 TEE_Panic(0); 1728 if (operation->info.operationClass != 1729 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1730 TEE_Panic(0); 1731 if (operation->info.mode != TEE_MODE_SIGN) 1732 TEE_Panic(0); 1733 1734 __utee_from_attr(ua, params, paramCount); 1735 sl = *signatureLen; 1736 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 1737 digestLen, signature, &sl); 1738 *signatureLen = sl; 1739 1740 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 1741 TEE_Panic(res); 1742 1743 return res; 1744 } 1745 1746 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 1747 const TEE_Attribute *params, 1748 uint32_t paramCount, const void *digest, 1749 uint32_t digestLen, 1750 const void *signature, 1751 uint32_t signatureLen) 1752 { 1753 TEE_Result res; 1754 struct utee_attribute ua[paramCount]; 1755 1756 if (operation == TEE_HANDLE_NULL || 1757 (digest == NULL && digestLen != 0) || 1758 (signature == NULL && signatureLen != 0)) 1759 TEE_Panic(0); 1760 1761 __utee_check_attr_in_annotation(params, paramCount); 1762 1763 if (!operation->key1) 1764 TEE_Panic(0); 1765 if (operation->info.operationClass != 1766 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 1767 TEE_Panic(0); 1768 if (operation->info.mode != TEE_MODE_VERIFY) 1769 TEE_Panic(0); 1770 1771 __utee_from_attr(ua, params, paramCount); 1772 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 1773 digestLen, signature, signatureLen); 1774 1775 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 1776 TEE_Panic(res); 1777 1778 return res; 1779 } 1780 1781 /* Cryptographic Operations API - Key Derivation Functions */ 1782 1783 void TEE_DeriveKey(TEE_OperationHandle operation, 1784 const TEE_Attribute *params, uint32_t paramCount, 1785 TEE_ObjectHandle derivedKey) 1786 { 1787 struct utee_attribute ua[paramCount]; 1788 struct utee_object_info key_info = { }; 1789 TEE_Result res = TEE_SUCCESS; 1790 1791 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 1792 TEE_Panic(0); 1793 1794 __utee_check_attr_in_annotation(params, paramCount); 1795 1796 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 1797 TEE_OPERATION_KEY_DERIVATION) 1798 TEE_Panic(0); 1799 1800 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 1801 TEE_Panic(0); 1802 if (!operation->key1) 1803 TEE_Panic(0); 1804 if (operation->info.mode != TEE_MODE_DERIVE) 1805 TEE_Panic(0); 1806 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 1807 TEE_Panic(0); 1808 1809 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 1810 if (res != TEE_SUCCESS) 1811 TEE_Panic(res); 1812 1813 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 1814 TEE_Panic(0); 1815 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 1816 TEE_Panic(0); 1817 1818 __utee_from_attr(ua, params, paramCount); 1819 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 1820 (unsigned long)derivedKey); 1821 if (res != TEE_SUCCESS) 1822 TEE_Panic(res); 1823 } 1824 1825 /* Cryptographic Operations API - Random Number Generation Functions */ 1826 1827 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 1828 { 1829 TEE_Result res; 1830 1831 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 1832 if (res != TEE_SUCCESS) 1833 TEE_Panic(res); 1834 } 1835 1836 int rand(void) 1837 { 1838 int rc; 1839 1840 TEE_GenerateRandom(&rc, sizeof(rc)); 1841 1842 /* 1843 * RAND_MAX is the larges int, INT_MAX which is all bits but the 1844 * highest bit set. 1845 */ 1846 return rc & RAND_MAX; 1847 } 1848 1849 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 1850 { 1851 if (IS_ENABLED(CFG_CRYPTO_AES)) { 1852 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1853 if (alg == TEE_ALG_AES_ECB_NOPAD) 1854 goto check_element_none; 1855 } 1856 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1857 if (alg == TEE_ALG_AES_CBC_NOPAD) 1858 goto check_element_none; 1859 } 1860 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1861 if (alg == TEE_ALG_AES_CTR) 1862 goto check_element_none; 1863 } 1864 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 1865 if (alg == TEE_ALG_AES_CTS) 1866 goto check_element_none; 1867 } 1868 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1869 if (alg == TEE_ALG_AES_XTS) 1870 goto check_element_none; 1871 } 1872 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1873 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 1874 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 1875 goto check_element_none; 1876 } 1877 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 1878 if (alg == TEE_ALG_AES_CMAC) 1879 goto check_element_none; 1880 } 1881 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 1882 if (alg == TEE_ALG_AES_CCM) 1883 goto check_element_none; 1884 } 1885 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 1886 if (alg == TEE_ALG_AES_GCM) 1887 goto check_element_none; 1888 } 1889 } 1890 if (IS_ENABLED(CFG_CRYPTO_DES)) { 1891 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1892 if (alg == TEE_ALG_DES_ECB_NOPAD || 1893 alg == TEE_ALG_DES3_ECB_NOPAD) 1894 goto check_element_none; 1895 } 1896 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1897 if (alg == TEE_ALG_DES_CBC_NOPAD || 1898 alg == TEE_ALG_DES3_CBC_NOPAD) 1899 goto check_element_none; 1900 } 1901 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 1902 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 1903 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 1904 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 1905 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 1906 goto check_element_none; 1907 } 1908 } 1909 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1910 if (alg == TEE_ALG_MD5) 1911 goto check_element_none; 1912 } 1913 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1914 if (alg == TEE_ALG_SHA1) 1915 goto check_element_none; 1916 } 1917 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1918 if (alg == TEE_ALG_SHA224) 1919 goto check_element_none; 1920 } 1921 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1922 if (alg == TEE_ALG_SHA256) 1923 goto check_element_none; 1924 } 1925 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1926 if (alg == TEE_ALG_SHA384) 1927 goto check_element_none; 1928 } 1929 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1930 if (alg == TEE_ALG_SHA512) 1931 goto check_element_none; 1932 } 1933 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 1934 if (alg == TEE_ALG_MD5SHA1) 1935 goto check_element_none; 1936 } 1937 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 1938 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1939 if (alg == TEE_ALG_HMAC_MD5) 1940 goto check_element_none; 1941 } 1942 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1943 if (alg == TEE_ALG_HMAC_SHA1) 1944 goto check_element_none; 1945 } 1946 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 1947 if (alg == TEE_ALG_HMAC_SHA224) 1948 goto check_element_none; 1949 } 1950 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 1951 if (alg == TEE_ALG_HMAC_SHA256) 1952 goto check_element_none; 1953 } 1954 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 1955 if (alg == TEE_ALG_HMAC_SHA384) 1956 goto check_element_none; 1957 } 1958 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 1959 if (alg == TEE_ALG_HMAC_SHA512) 1960 goto check_element_none; 1961 } 1962 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1963 if (alg == TEE_ALG_HMAC_SM3) 1964 goto check_element_none; 1965 } 1966 } 1967 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 1968 if (alg == TEE_ALG_SM3) 1969 goto check_element_none; 1970 } 1971 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 1972 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 1973 if (alg == TEE_ALG_SM4_ECB_NOPAD) 1974 goto check_element_none; 1975 } 1976 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 1977 if (alg == TEE_ALG_SM4_CBC_NOPAD) 1978 goto check_element_none; 1979 } 1980 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 1981 if (alg == TEE_ALG_SM4_CTR) 1982 goto check_element_none; 1983 } 1984 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 1985 if (alg == TEE_ALG_SM4_XTS) 1986 goto check_element_none; 1987 } 1988 } 1989 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 1990 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 1991 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5) 1992 goto check_element_none; 1993 } 1994 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 1995 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 1996 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 1997 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 1998 goto check_element_none; 1999 } 2000 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2001 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2002 goto check_element_none; 2003 } 2004 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2005 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2006 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2007 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2008 goto check_element_none; 2009 } 2010 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2011 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2012 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2013 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2014 goto check_element_none; 2015 } 2016 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2017 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2018 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2019 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2020 goto check_element_none; 2021 } 2022 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2023 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2024 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2025 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2026 goto check_element_none; 2027 } 2028 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2029 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2030 goto check_element_none; 2031 } 2032 if (alg == TEE_ALG_RSA_NOPAD) 2033 goto check_element_none; 2034 } 2035 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2036 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2037 if (alg == TEE_ALG_DSA_SHA1) 2038 goto check_element_none; 2039 } 2040 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2041 if (alg == TEE_ALG_DSA_SHA224) 2042 goto check_element_none; 2043 } 2044 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2045 if (alg == TEE_ALG_DSA_SHA256) 2046 goto check_element_none; 2047 } 2048 } 2049 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2050 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2051 goto check_element_none; 2052 } 2053 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2054 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) && 2055 element == TEE_ECC_CURVE_NIST_P192) 2056 return TEE_SUCCESS; 2057 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) && 2058 element == TEE_ECC_CURVE_NIST_P224) 2059 return TEE_SUCCESS; 2060 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) && 2061 element == TEE_ECC_CURVE_NIST_P256) 2062 return TEE_SUCCESS; 2063 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) && 2064 element == TEE_ECC_CURVE_NIST_P384) 2065 return TEE_SUCCESS; 2066 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) && 2067 element == TEE_ECC_CURVE_NIST_P521) 2068 return TEE_SUCCESS; 2069 } 2070 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2071 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2072 return TEE_SUCCESS; 2073 } 2074 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2075 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2076 return TEE_SUCCESS; 2077 } 2078 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2079 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2080 return TEE_SUCCESS; 2081 } 2082 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2083 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2084 return TEE_SUCCESS; 2085 } 2086 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2087 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2088 return TEE_SUCCESS; 2089 } 2090 2091 return TEE_ERROR_NOT_SUPPORTED; 2092 check_element_none: 2093 if (element == TEE_CRYPTO_ELEMENT_NONE) 2094 return TEE_SUCCESS; 2095 return TEE_ERROR_NOT_SUPPORTED; 2096 } 2097