1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 #include <assert.h> 7 #include <config.h> 8 #include <stdlib.h> 9 #include <string.h> 10 #include <string_ext.h> 11 #include <tee_api.h> 12 #include <tee_api_defines_extensions.h> 13 #include <tee_internal_api_extensions.h> 14 #include <utee_syscalls.h> 15 #include <utee_defines.h> 16 #include <util.h> 17 #include "tee_api_private.h" 18 19 struct __TEE_OperationHandle { 20 TEE_OperationInfo info; 21 TEE_ObjectHandle key1; 22 TEE_ObjectHandle key2; 23 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */ 24 25 /* 26 * buffer to collect complete blocks or to keep a complete digest 27 * for TEE_DigestExtract(). 28 */ 29 uint8_t *buffer; 30 bool buffer_two_blocks; /* True if two blocks need to be buffered */ 31 size_t block_size; /* Block size of cipher */ 32 size_t buffer_offs; /* Offset in buffer */ 33 uint32_t state; /* Handle to state in TEE Core */ 34 }; 35 36 /* Cryptographic Operations API - Generic Operation Functions */ 37 38 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation, 39 uint32_t algorithm, uint32_t mode, 40 uint32_t maxKeySize) 41 { 42 TEE_Result res; 43 TEE_OperationHandle op = TEE_HANDLE_NULL; 44 uint32_t handle_state = 0; 45 size_t block_size = 1; 46 uint32_t req_key_usage; 47 bool with_private_key = false; 48 bool buffer_two_blocks = false; 49 50 if (!operation) 51 TEE_Panic(0); 52 53 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP || 54 algorithm == TEE_ALG_SM4_XTS) 55 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 56 57 /* Check algorithm max key size */ 58 switch (algorithm) { 59 case TEE_ALG_DSA_SHA1: 60 if (maxKeySize < 512) 61 return TEE_ERROR_NOT_SUPPORTED; 62 if (maxKeySize > 1024) 63 return TEE_ERROR_NOT_SUPPORTED; 64 if (maxKeySize % 64 != 0) 65 return TEE_ERROR_NOT_SUPPORTED; 66 break; 67 68 case TEE_ALG_DSA_SHA224: 69 if (maxKeySize != 2048) 70 return TEE_ERROR_NOT_SUPPORTED; 71 break; 72 73 case TEE_ALG_DSA_SHA256: 74 if (maxKeySize != 2048 && maxKeySize != 3072) 75 return TEE_ERROR_NOT_SUPPORTED; 76 break; 77 78 case TEE_ALG_ECDSA_SHA1: 79 case __OPTEE_ALG_ECDSA_P192: 80 case __OPTEE_ALG_ECDH_P192: 81 if (maxKeySize != 192) 82 return TEE_ERROR_NOT_SUPPORTED; 83 break; 84 85 case TEE_ALG_ECDSA_SHA224: 86 case __OPTEE_ALG_ECDSA_P224: 87 case __OPTEE_ALG_ECDH_P224: 88 if (maxKeySize != 224) 89 return TEE_ERROR_NOT_SUPPORTED; 90 break; 91 92 case TEE_ALG_ECDSA_SHA256: 93 case __OPTEE_ALG_ECDSA_P256: 94 case __OPTEE_ALG_ECDH_P256: 95 case TEE_ALG_SM2_PKE: 96 case TEE_ALG_SM2_DSA_SM3: 97 if (maxKeySize != 256) 98 return TEE_ERROR_NOT_SUPPORTED; 99 break; 100 101 case TEE_ALG_SM2_KEP: 102 /* Two 256-bit keys */ 103 if (maxKeySize != 512) 104 return TEE_ERROR_NOT_SUPPORTED; 105 break; 106 107 case TEE_ALG_ECDSA_SHA384: 108 case __OPTEE_ALG_ECDSA_P384: 109 case __OPTEE_ALG_ECDH_P384: 110 if (maxKeySize != 384) 111 return TEE_ERROR_NOT_SUPPORTED; 112 break; 113 114 case TEE_ALG_ECDSA_SHA512: 115 case __OPTEE_ALG_ECDSA_P521: 116 case __OPTEE_ALG_ECDH_P521: 117 if (maxKeySize != 521) 118 return TEE_ERROR_NOT_SUPPORTED; 119 break; 120 121 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 122 if (maxKeySize > 521) 123 return TEE_ERROR_NOT_SUPPORTED; 124 break; 125 126 case TEE_ALG_ED25519: 127 case TEE_ALG_X25519: 128 if (maxKeySize != 256) 129 return TEE_ERROR_NOT_SUPPORTED; 130 break; 131 default: 132 break; 133 } 134 135 /* Check algorithm mode (and maxKeySize for digests) */ 136 switch (algorithm) { 137 case TEE_ALG_AES_CTS: 138 case TEE_ALG_AES_XTS: 139 case TEE_ALG_SM4_XTS: 140 buffer_two_blocks = true; 141 fallthrough; 142 case TEE_ALG_AES_ECB_NOPAD: 143 case TEE_ALG_AES_CBC_NOPAD: 144 case TEE_ALG_AES_CCM: 145 case TEE_ALG_DES_ECB_NOPAD: 146 case TEE_ALG_DES_CBC_NOPAD: 147 case TEE_ALG_DES3_ECB_NOPAD: 148 case TEE_ALG_DES3_CBC_NOPAD: 149 case TEE_ALG_SM4_ECB_NOPAD: 150 case TEE_ALG_SM4_CBC_NOPAD: 151 case TEE_ALG_SM4_CTR: 152 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES) 153 block_size = TEE_AES_BLOCK_SIZE; 154 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4) 155 block_size = TEE_SM4_BLOCK_SIZE; 156 else 157 block_size = TEE_DES_BLOCK_SIZE; 158 fallthrough; 159 case TEE_ALG_AES_CTR: 160 case TEE_ALG_AES_GCM: 161 if (mode == TEE_MODE_ENCRYPT) 162 req_key_usage = TEE_USAGE_ENCRYPT; 163 else if (mode == TEE_MODE_DECRYPT) 164 req_key_usage = TEE_USAGE_DECRYPT; 165 else 166 return TEE_ERROR_NOT_SUPPORTED; 167 break; 168 169 #if defined(CFG_CRYPTO_RSASSA_NA1) 170 case TEE_ALG_RSASSA_PKCS1_V1_5: 171 #endif 172 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: 173 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: 174 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: 175 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: 176 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: 177 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: 178 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5: 179 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 181 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 182 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 183 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 184 case TEE_ALG_DSA_SHA1: 185 case TEE_ALG_DSA_SHA224: 186 case TEE_ALG_DSA_SHA256: 187 case TEE_ALG_ECDSA_SHA1: 188 case TEE_ALG_ECDSA_SHA224: 189 case TEE_ALG_ECDSA_SHA256: 190 case TEE_ALG_ECDSA_SHA384: 191 case TEE_ALG_ECDSA_SHA512: 192 case __OPTEE_ALG_ECDSA_P192: 193 case __OPTEE_ALG_ECDSA_P224: 194 case __OPTEE_ALG_ECDSA_P256: 195 case __OPTEE_ALG_ECDSA_P384: 196 case __OPTEE_ALG_ECDSA_P521: 197 case TEE_ALG_SM2_DSA_SM3: 198 case TEE_ALG_ED25519: 199 if (mode == TEE_MODE_SIGN) { 200 with_private_key = true; 201 req_key_usage = TEE_USAGE_SIGN; 202 } else if (mode == TEE_MODE_VERIFY) { 203 req_key_usage = TEE_USAGE_VERIFY; 204 } else { 205 return TEE_ERROR_NOT_SUPPORTED; 206 } 207 break; 208 209 case TEE_ALG_RSAES_PKCS1_V1_5: 210 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5: 211 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: 212 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: 213 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: 214 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: 215 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: 216 case TEE_ALG_SM2_PKE: 217 if (mode == TEE_MODE_ENCRYPT) { 218 req_key_usage = TEE_USAGE_ENCRYPT; 219 } else if (mode == TEE_MODE_DECRYPT) { 220 with_private_key = true; 221 req_key_usage = TEE_USAGE_DECRYPT; 222 } else { 223 return TEE_ERROR_NOT_SUPPORTED; 224 } 225 break; 226 227 case TEE_ALG_RSA_NOPAD: 228 if (mode == TEE_MODE_ENCRYPT) { 229 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY; 230 } else if (mode == TEE_MODE_DECRYPT) { 231 with_private_key = true; 232 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN; 233 } else { 234 return TEE_ERROR_NOT_SUPPORTED; 235 } 236 break; 237 238 case TEE_ALG_DH_DERIVE_SHARED_SECRET: 239 case TEE_ALG_ECDH_DERIVE_SHARED_SECRET: 240 case __OPTEE_ALG_ECDH_P192: 241 case __OPTEE_ALG_ECDH_P224: 242 case __OPTEE_ALG_ECDH_P256: 243 case __OPTEE_ALG_ECDH_P384: 244 case __OPTEE_ALG_ECDH_P521: 245 case TEE_ALG_HKDF_MD5_DERIVE_KEY: 246 case TEE_ALG_HKDF_SHA1_DERIVE_KEY: 247 case TEE_ALG_HKDF_SHA224_DERIVE_KEY: 248 case TEE_ALG_HKDF_SHA256_DERIVE_KEY: 249 case TEE_ALG_HKDF_SHA384_DERIVE_KEY: 250 case TEE_ALG_HKDF_SHA512_DERIVE_KEY: 251 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY: 252 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY: 253 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY: 254 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY: 255 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY: 256 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY: 257 case TEE_ALG_SM2_KEP: 258 case TEE_ALG_X25519: 259 if (mode != TEE_MODE_DERIVE) 260 return TEE_ERROR_NOT_SUPPORTED; 261 with_private_key = true; 262 req_key_usage = TEE_USAGE_DERIVE; 263 break; 264 265 case TEE_ALG_MD5: 266 case TEE_ALG_SHA1: 267 case TEE_ALG_SHA224: 268 case TEE_ALG_SHA256: 269 case TEE_ALG_SHA384: 270 case TEE_ALG_SHA512: 271 case TEE_ALG_SHA3_224: 272 case TEE_ALG_SHA3_256: 273 case TEE_ALG_SHA3_384: 274 case TEE_ALG_SHA3_512: 275 case TEE_ALG_SHAKE128: 276 case TEE_ALG_SHAKE256: 277 case TEE_ALG_SM3: 278 if (mode != TEE_MODE_DIGEST) 279 return TEE_ERROR_NOT_SUPPORTED; 280 if (maxKeySize) 281 return TEE_ERROR_NOT_SUPPORTED; 282 /* v1.1: flags always set for digest operations */ 283 handle_state |= TEE_HANDLE_FLAG_KEY_SET; 284 req_key_usage = 0; 285 break; 286 287 case TEE_ALG_DES_CBC_MAC_NOPAD: 288 case TEE_ALG_AES_CBC_MAC_NOPAD: 289 case TEE_ALG_AES_CBC_MAC_PKCS5: 290 case TEE_ALG_AES_CMAC: 291 case TEE_ALG_DES_CBC_MAC_PKCS5: 292 case TEE_ALG_DES3_CBC_MAC_NOPAD: 293 case TEE_ALG_DES3_CBC_MAC_PKCS5: 294 case TEE_ALG_DES3_CMAC: 295 case TEE_ALG_HMAC_MD5: 296 case TEE_ALG_HMAC_SHA1: 297 case TEE_ALG_HMAC_SHA224: 298 case TEE_ALG_HMAC_SHA256: 299 case TEE_ALG_HMAC_SHA384: 300 case TEE_ALG_HMAC_SHA512: 301 case TEE_ALG_HMAC_SHA3_224: 302 case TEE_ALG_HMAC_SHA3_256: 303 case TEE_ALG_HMAC_SHA3_384: 304 case TEE_ALG_HMAC_SHA3_512: 305 case TEE_ALG_HMAC_SM3: 306 if (mode != TEE_MODE_MAC) 307 return TEE_ERROR_NOT_SUPPORTED; 308 req_key_usage = TEE_USAGE_MAC; 309 break; 310 311 default: 312 return TEE_ERROR_NOT_SUPPORTED; 313 } 314 315 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO); 316 if (!op) 317 return TEE_ERROR_OUT_OF_MEMORY; 318 319 op->info.algorithm = algorithm; 320 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); 321 #ifdef CFG_CRYPTO_RSASSA_NA1 322 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5) 323 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; 324 #endif 325 op->info.mode = mode; 326 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); 327 op->info.maxKeySize = maxKeySize; 328 op->info.requiredKeyUsage = req_key_usage; 329 op->info.handleState = handle_state; 330 331 /* 332 * Needed to buffer the digest if TEE_DigestExtract() doesn't 333 * retrieve the entire digest in one go. 334 */ 335 if (op->info.operationClass == TEE_OPERATION_DIGEST) 336 block_size = op->info.digestLength; 337 338 if (block_size > 1) { 339 size_t buffer_size = block_size; 340 341 if (buffer_two_blocks) 342 buffer_size *= 2; 343 344 op->buffer = TEE_Malloc(buffer_size, 345 TEE_USER_MEM_HINT_NO_FILL_ZERO); 346 if (op->buffer == NULL) { 347 res = TEE_ERROR_OUT_OF_MEMORY; 348 goto out; 349 } 350 } 351 op->block_size = block_size; 352 op->buffer_two_blocks = buffer_two_blocks; 353 354 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) { 355 uint32_t mks = maxKeySize; 356 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm, 357 with_private_key); 358 359 /* 360 * If two keys are expected the max key size is the sum of 361 * the size of both keys. 362 */ 363 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) 364 mks /= 2; 365 366 res = TEE_AllocateTransientObject(key_type, mks, &op->key1); 367 if (res != TEE_SUCCESS) 368 goto out; 369 370 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 371 res = TEE_AllocateTransientObject(key_type, mks, 372 &op->key2); 373 if (res != TEE_SUCCESS) 374 goto out; 375 } 376 } 377 378 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1, 379 (unsigned long)op->key2, &op->state); 380 if (res != TEE_SUCCESS) 381 goto out; 382 383 /* 384 * Initialize digest operations 385 * Other multi-stage operations initialized w/ TEE_xxxInit functions 386 * Non-applicable on asymmetric operations 387 */ 388 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) { 389 res = _utee_hash_init(op->state, NULL, 0); 390 if (res != TEE_SUCCESS) 391 goto out; 392 /* v1.1: flags always set for digest operations */ 393 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 394 } 395 396 op->operationState = TEE_OPERATION_STATE_INITIAL; 397 398 *operation = op; 399 400 out: 401 if (res != TEE_SUCCESS) { 402 if (res != TEE_ERROR_OUT_OF_MEMORY && 403 res != TEE_ERROR_NOT_SUPPORTED) 404 TEE_Panic(res); 405 if (op) { 406 if (op->state) { 407 TEE_FreeOperation(op); 408 } else { 409 TEE_Free(op->buffer); 410 TEE_FreeTransientObject(op->key1); 411 TEE_FreeTransientObject(op->key2); 412 TEE_Free(op); 413 } 414 } 415 } 416 417 return res; 418 } 419 420 void TEE_FreeOperation(TEE_OperationHandle operation) 421 { 422 TEE_Result res; 423 424 if (operation == TEE_HANDLE_NULL) 425 return; 426 427 /* 428 * Note that keys should not be freed here, since they are 429 * claimed by the operation they will be freed by 430 * utee_cryp_state_free(). 431 */ 432 res = _utee_cryp_state_free(operation->state); 433 if (res != TEE_SUCCESS) 434 TEE_Panic(res); 435 436 TEE_Free(operation->buffer); 437 TEE_Free(operation); 438 } 439 440 void __GP11_TEE_FreeOperation(TEE_OperationHandle operation) 441 { 442 if (operation == TEE_HANDLE_NULL) 443 TEE_Panic(0); 444 TEE_FreeOperation(operation); 445 } 446 447 void TEE_GetOperationInfo(TEE_OperationHandle operation, 448 TEE_OperationInfo *operationInfo) 449 { 450 if (operation == TEE_HANDLE_NULL) 451 TEE_Panic(0); 452 453 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo)); 454 455 *operationInfo = operation->info; 456 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) { 457 operationInfo->keySize = 0; 458 operationInfo->requiredKeyUsage = 0; 459 } 460 } 461 462 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op, 463 TEE_OperationInfoMultiple *op_info, 464 size_t *size) 465 { 466 TEE_Result res = TEE_SUCCESS; 467 TEE_ObjectInfo kinfo = { }; 468 size_t max_key_count = 0; 469 bool two_keys = false; 470 471 if (op == TEE_HANDLE_NULL) { 472 res = TEE_ERROR_BAD_PARAMETERS; 473 goto out; 474 } 475 476 __utee_check_outbuf_annotation(op_info, size); 477 478 if (*size < sizeof(*op_info)) { 479 res = TEE_ERROR_BAD_PARAMETERS; 480 goto out; 481 } 482 max_key_count = (*size - sizeof(*op_info)) / 483 sizeof(TEE_OperationInfoKey); 484 485 TEE_MemFill(op_info, 0, *size); 486 487 /* Two keys flag (TEE_ALG_AES_XTS only) */ 488 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS; 489 490 if (op->info.mode == TEE_MODE_DIGEST) { 491 op_info->numberOfKeys = 0; 492 } else if (!two_keys) { 493 if (max_key_count < 1) { 494 res = TEE_ERROR_SHORT_BUFFER; 495 goto out; 496 } 497 498 res = TEE_GetObjectInfo1(op->key1, &kinfo); 499 /* Key1 is not a valid handle, "can't happen". */ 500 if (res) 501 goto out; 502 503 op_info->keyInformation[0].keySize = kinfo.objectSize; 504 op_info->keyInformation[0].requiredKeyUsage = 505 op->info.requiredKeyUsage; 506 op_info->numberOfKeys = 1; 507 } else { 508 if (max_key_count < 2) { 509 res = TEE_ERROR_SHORT_BUFFER; 510 goto out; 511 } 512 513 res = TEE_GetObjectInfo1(op->key1, &kinfo); 514 /* Key1 is not a valid handle, "can't happen". */ 515 if (res) 516 goto out; 517 518 op_info->keyInformation[0].keySize = kinfo.objectSize; 519 op_info->keyInformation[0].requiredKeyUsage = 520 op->info.requiredKeyUsage; 521 522 res = TEE_GetObjectInfo1(op->key2, &kinfo); 523 /* Key2 is not a valid handle, "can't happen". */ 524 if (res) 525 goto out; 526 527 op_info->keyInformation[1].keySize = kinfo.objectSize; 528 op_info->keyInformation[1].requiredKeyUsage = 529 op->info.requiredKeyUsage; 530 531 op_info->numberOfKeys = 2; 532 } 533 534 op_info->algorithm = op->info.algorithm; 535 op_info->operationClass = op->info.operationClass; 536 op_info->mode = op->info.mode; 537 op_info->digestLength = op->info.digestLength; 538 op_info->maxKeySize = op->info.maxKeySize; 539 op_info->handleState = op->info.handleState; 540 op_info->operationState = op->operationState; 541 542 out: 543 if (res != TEE_SUCCESS && 544 res != TEE_ERROR_SHORT_BUFFER) 545 TEE_Panic(res); 546 547 return res; 548 } 549 550 TEE_Result 551 __GP11_TEE_GetOperationInfoMultiple(TEE_OperationHandle operation, 552 TEE_OperationInfoMultiple *info, 553 uint32_t *operationSize) 554 { 555 TEE_Result res = TEE_SUCCESS; 556 size_t s = 0; 557 558 __utee_check_gp11_outbuf_annotation(info, operationSize); 559 s = *operationSize; 560 res = TEE_GetOperationInfoMultiple(operation, info, &s); 561 *operationSize = s; 562 return res; 563 } 564 565 static void reset_operation_state(TEE_OperationHandle op) 566 { 567 op->operationState = TEE_OPERATION_STATE_INITIAL; 568 569 if (op->info.operationClass == TEE_OPERATION_DIGEST) { 570 TEE_Result res = _utee_hash_init(op->state, NULL, 0); 571 572 if (res != TEE_SUCCESS) 573 TEE_Panic(res); 574 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 575 } else { 576 op->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 577 } 578 } 579 580 void TEE_ResetOperation(TEE_OperationHandle operation) 581 { 582 if (operation == TEE_HANDLE_NULL) 583 TEE_Panic(0); 584 585 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) 586 TEE_Panic(0); 587 588 reset_operation_state(operation); 589 } 590 591 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation, 592 TEE_ObjectHandle key) 593 { 594 TEE_Result res; 595 uint32_t key_size = 0; 596 TEE_ObjectInfo key_info; 597 598 if (operation == TEE_HANDLE_NULL) { 599 res = TEE_ERROR_BAD_PARAMETERS; 600 goto out; 601 } 602 603 if (key == TEE_HANDLE_NULL) { 604 /* Operation key cleared */ 605 TEE_ResetTransientObject(operation->key1); 606 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 607 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 608 reset_operation_state(operation); 609 return TEE_SUCCESS; 610 } 611 612 /* No key for digest operation */ 613 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 614 res = TEE_ERROR_BAD_PARAMETERS; 615 goto out; 616 } 617 618 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */ 619 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) != 620 0) { 621 res = TEE_ERROR_BAD_PARAMETERS; 622 goto out; 623 } 624 625 res = TEE_GetObjectInfo1(key, &key_info); 626 /* Key is not a valid handle */ 627 if (res != TEE_SUCCESS) 628 goto out; 629 630 /* Supplied key has to meet required usage */ 631 if ((key_info.objectUsage & operation->info.requiredKeyUsage) != 632 operation->info.requiredKeyUsage) { 633 res = TEE_ERROR_BAD_PARAMETERS; 634 goto out; 635 } 636 637 if (operation->info.maxKeySize < key_info.objectSize) { 638 res = TEE_ERROR_BAD_PARAMETERS; 639 goto out; 640 } 641 642 key_size = key_info.objectSize; 643 644 TEE_ResetTransientObject(operation->key1); 645 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 646 647 res = TEE_CopyObjectAttributes1(operation->key1, key); 648 if (res != TEE_SUCCESS) 649 goto out; 650 651 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 652 653 operation->info.keySize = key_size; 654 655 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 656 reset_operation_state(operation); 657 658 out: 659 if (res != TEE_SUCCESS && 660 res != TEE_ERROR_CORRUPT_OBJECT && 661 res != TEE_ERROR_STORAGE_NOT_AVAILABLE) 662 TEE_Panic(res); 663 664 return res; 665 } 666 667 TEE_Result __GP11_TEE_SetOperationKey(TEE_OperationHandle operation, 668 TEE_ObjectHandle key) 669 { 670 if (operation == TEE_HANDLE_NULL || 671 operation->operationState != TEE_OPERATION_STATE_INITIAL) 672 TEE_Panic(0); 673 674 return TEE_SetOperationKey(operation, key); 675 } 676 677 static TEE_Result set_operation_key2(TEE_OperationHandle operation, 678 TEE_ObjectHandle key1, 679 TEE_ObjectHandle key2) 680 { 681 TEE_Result res; 682 uint32_t key_size = 0; 683 TEE_ObjectInfo key_info1; 684 TEE_ObjectInfo key_info2; 685 686 if (operation == TEE_HANDLE_NULL) { 687 res = TEE_ERROR_BAD_PARAMETERS; 688 goto out; 689 } 690 691 /* 692 * Key1/Key2 and/or are not initialized and 693 * Either both keys are NULL or both are not NULL 694 */ 695 if (!key1 && !key2) { 696 /* Clear the keys */ 697 TEE_ResetTransientObject(operation->key1); 698 TEE_ResetTransientObject(operation->key2); 699 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 700 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 701 reset_operation_state(operation); 702 return TEE_SUCCESS; 703 } else if (!key1 || !key2) { 704 /* Both keys are obviously not valid. */ 705 res = TEE_ERROR_BAD_PARAMETERS; 706 goto out; 707 } 708 709 /* No key for digest operation */ 710 if (operation->info.operationClass == TEE_OPERATION_DIGEST) { 711 res = TEE_ERROR_BAD_PARAMETERS; 712 goto out; 713 } 714 715 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */ 716 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 717 0) { 718 res = TEE_ERROR_BAD_PARAMETERS; 719 goto out; 720 } 721 722 res = TEE_GetObjectInfo1(key1, &key_info1); 723 /* Key1 is not a valid handle */ 724 if (res != TEE_SUCCESS) 725 goto out; 726 727 /* Supplied key has to meet required usage */ 728 if ((key_info1.objectUsage & operation->info. 729 requiredKeyUsage) != operation->info.requiredKeyUsage) { 730 res = TEE_ERROR_BAD_PARAMETERS; 731 goto out; 732 } 733 734 res = TEE_GetObjectInfo1(key2, &key_info2); 735 /* Key2 is not a valid handle */ 736 if (res != TEE_SUCCESS) { 737 if (res == TEE_ERROR_CORRUPT_OBJECT) 738 res = TEE_ERROR_CORRUPT_OBJECT_2; 739 goto out; 740 } 741 742 /* Supplied key has to meet required usage */ 743 if ((key_info2.objectUsage & operation->info. 744 requiredKeyUsage) != operation->info.requiredKeyUsage) { 745 res = TEE_ERROR_BAD_PARAMETERS; 746 goto out; 747 } 748 749 /* 750 * All the multi key algorithm currently supported requires the keys to 751 * be of equal size. 752 */ 753 if (key_info1.objectSize != key_info2.objectSize) { 754 res = TEE_ERROR_BAD_PARAMETERS; 755 goto out; 756 757 } 758 759 if (operation->info.maxKeySize < key_info1.objectSize) { 760 res = TEE_ERROR_BAD_PARAMETERS; 761 goto out; 762 } 763 764 /* 765 * Odd that only the size of one key should be reported while 766 * size of two key are used when allocating the operation. 767 */ 768 key_size = key_info1.objectSize; 769 770 TEE_ResetTransientObject(operation->key1); 771 TEE_ResetTransientObject(operation->key2); 772 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET; 773 774 res = TEE_CopyObjectAttributes1(operation->key1, key1); 775 if (res != TEE_SUCCESS) 776 goto out; 777 res = TEE_CopyObjectAttributes1(operation->key2, key2); 778 if (res != TEE_SUCCESS) { 779 if (res == TEE_ERROR_CORRUPT_OBJECT) 780 res = TEE_ERROR_CORRUPT_OBJECT_2; 781 goto out; 782 } 783 784 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET; 785 786 operation->info.keySize = key_size; 787 788 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 789 reset_operation_state(operation); 790 out: 791 if (res != TEE_SUCCESS && 792 res != TEE_ERROR_CORRUPT_OBJECT && 793 res != TEE_ERROR_CORRUPT_OBJECT_2 && 794 res != TEE_ERROR_STORAGE_NOT_AVAILABLE && 795 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2) 796 TEE_Panic(res); 797 798 return res; 799 } 800 801 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation, 802 TEE_ObjectHandle key1, TEE_ObjectHandle key2) 803 { 804 if (operation != TEE_HANDLE_NULL && key1 && key1 == key2) 805 return TEE_ERROR_SECURITY; 806 807 return set_operation_key2(operation, key1, key2); 808 } 809 810 TEE_Result __GP11_TEE_SetOperationKey2(TEE_OperationHandle operation, 811 TEE_ObjectHandle key1, 812 TEE_ObjectHandle key2) 813 { 814 if (operation == TEE_HANDLE_NULL || 815 operation->operationState != TEE_OPERATION_STATE_INITIAL) 816 TEE_Panic(0); 817 818 return set_operation_key2(operation, key1, key2); 819 } 820 821 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op) 822 { 823 TEE_Result res; 824 825 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL) 826 TEE_Panic(0); 827 if (dst_op->info.algorithm != src_op->info.algorithm) 828 TEE_Panic(0); 829 if (dst_op->info.mode != src_op->info.mode) 830 TEE_Panic(0); 831 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) { 832 TEE_ObjectHandle key1 = TEE_HANDLE_NULL; 833 TEE_ObjectHandle key2 = TEE_HANDLE_NULL; 834 835 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) { 836 key1 = src_op->key1; 837 key2 = src_op->key2; 838 } 839 840 if ((src_op->info.handleState & 841 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) { 842 TEE_SetOperationKey(dst_op, key1); 843 } else { 844 TEE_SetOperationKey2(dst_op, key1, key2); 845 } 846 } 847 dst_op->info.handleState = src_op->info.handleState; 848 dst_op->info.keySize = src_op->info.keySize; 849 dst_op->info.digestLength = src_op->info.digestLength; 850 dst_op->operationState = src_op->operationState; 851 852 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks || 853 dst_op->block_size != src_op->block_size) 854 TEE_Panic(0); 855 856 if (dst_op->buffer != NULL) { 857 size_t sz = src_op->block_size; 858 859 if (src_op->buffer == NULL) 860 TEE_Panic(0); 861 862 if (src_op->buffer_two_blocks) 863 sz *= 2; 864 memcpy(dst_op->buffer, src_op->buffer, sz); 865 dst_op->buffer_offs = src_op->buffer_offs; 866 } else if (src_op->buffer != NULL) { 867 TEE_Panic(0); 868 } 869 870 res = _utee_cryp_state_copy(dst_op->state, src_op->state); 871 if (res != TEE_SUCCESS) 872 TEE_Panic(res); 873 } 874 875 /* Cryptographic Operations API - Message Digest Functions */ 876 877 static void init_hash_operation(TEE_OperationHandle operation, const void *IV, 878 uint32_t IVLen) 879 { 880 TEE_Result res; 881 882 /* 883 * Note : IV and IVLen are never used in current implementation 884 * This is why coherent values of IV and IVLen are not checked 885 */ 886 res = _utee_hash_init(operation->state, IV, IVLen); 887 if (res != TEE_SUCCESS) 888 TEE_Panic(res); 889 operation->buffer_offs = 0; 890 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 891 } 892 893 void TEE_DigestUpdate(TEE_OperationHandle operation, 894 const void *chunk, size_t chunkSize) 895 { 896 TEE_Result res = TEE_ERROR_GENERIC; 897 898 if (operation == TEE_HANDLE_NULL || 899 operation->info.operationClass != TEE_OPERATION_DIGEST) 900 TEE_Panic(0); 901 902 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 903 904 res = _utee_hash_update(operation->state, chunk, chunkSize); 905 if (res != TEE_SUCCESS) 906 TEE_Panic(res); 907 } 908 909 void __GP11_TEE_DigestUpdate(TEE_OperationHandle operation, 910 const void *chunk, uint32_t chunkSize) 911 { 912 return TEE_DigestUpdate(operation, chunk, chunkSize); 913 } 914 915 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk, 916 size_t chunkLen, void *hash, size_t *hashLen) 917 { 918 TEE_Result res = TEE_SUCCESS; 919 uint64_t hl = 0; 920 size_t len = 0; 921 922 if ((operation == TEE_HANDLE_NULL) || 923 (!chunk && chunkLen) || 924 (operation->info.operationClass != TEE_OPERATION_DIGEST)) { 925 res = TEE_ERROR_BAD_PARAMETERS; 926 goto out; 927 } 928 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 929 chunkLen) { 930 res = TEE_ERROR_BAD_PARAMETERS; 931 goto out; 932 } 933 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 934 935 if (operation->operationState == TEE_OPERATION_STATE_EXTRACTING && 936 operation->buffer) { 937 /* 938 * This is not an Extendable-Output Function and we have 939 * already started extracting 940 */ 941 len = MIN(operation->block_size - operation->buffer_offs, 942 *hashLen); 943 memcpy(hash, operation->buffer + operation->buffer_offs, len); 944 *hashLen = len; 945 } else { 946 hl = *hashLen; 947 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, 948 &hl); 949 *hashLen = hl; 950 if (res) 951 goto out; 952 } 953 954 /* Reset operation state */ 955 init_hash_operation(operation, NULL, 0); 956 957 operation->operationState = TEE_OPERATION_STATE_INITIAL; 958 959 out: 960 if (res != TEE_SUCCESS && 961 res != TEE_ERROR_SHORT_BUFFER) 962 TEE_Panic(res); 963 964 return res; 965 } 966 967 TEE_Result __GP11_TEE_DigestDoFinal(TEE_OperationHandle operation, 968 const void *chunk, uint32_t chunkLen, 969 void *hash, uint32_t *hashLen) 970 { 971 TEE_Result res = TEE_SUCCESS; 972 size_t l = 0; 973 974 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 975 l = *hashLen; 976 res = TEE_DigestDoFinal(operation, chunk, chunkLen, hash, &l); 977 *hashLen = l; 978 return res; 979 } 980 981 TEE_Result TEE_DigestExtract(TEE_OperationHandle operation, void *hash, 982 size_t *hashLen) 983 { 984 TEE_Result res = TEE_SUCCESS; 985 uint64_t hl = 0; 986 size_t len = 0; 987 988 if (operation == TEE_HANDLE_NULL || 989 operation->info.operationClass != TEE_OPERATION_DIGEST) 990 TEE_Panic(0); 991 __utee_check_inout_annotation(hashLen, sizeof(*hashLen)); 992 993 if (!operation->buffer) { 994 /* This is an Extendable-Output Function */ 995 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 996 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 997 hl = *hashLen; 998 res = _utee_hash_final(operation->state, NULL, 0, hash, &hl); 999 if (res) 1000 TEE_Panic(0); 1001 *hashLen = hl; 1002 1003 return TEE_SUCCESS; 1004 } 1005 1006 if (operation->operationState != TEE_OPERATION_STATE_EXTRACTING) { 1007 hl = operation->block_size; 1008 res = _utee_hash_final(operation->state, NULL, 0, 1009 operation->buffer, &hl); 1010 if (res) 1011 TEE_Panic(0); 1012 if (hl != operation->block_size) 1013 TEE_Panic(0); 1014 assert(!operation->buffer_offs); 1015 operation->info.handleState |= TEE_HANDLE_FLAG_EXTRACTING; 1016 operation->operationState = TEE_OPERATION_STATE_EXTRACTING; 1017 } 1018 1019 len = MIN(operation->block_size - operation->buffer_offs, *hashLen); 1020 memcpy(hash, operation->buffer + operation->buffer_offs, len); 1021 *hashLen = len; 1022 operation->buffer_offs += len; 1023 1024 return TEE_SUCCESS; 1025 } 1026 1027 /* Cryptographic Operations API - Symmetric Cipher Functions */ 1028 1029 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1030 size_t IVLen) 1031 { 1032 TEE_Result res; 1033 1034 if (operation == TEE_HANDLE_NULL) 1035 TEE_Panic(0); 1036 1037 if (operation->info.operationClass != TEE_OPERATION_CIPHER) 1038 TEE_Panic(0); 1039 1040 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1041 !(operation->key1)) 1042 TEE_Panic(0); 1043 1044 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1045 TEE_ResetOperation(operation); 1046 1047 if (IV && IVLen) { 1048 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1049 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1050 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1051 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD) 1052 TEE_Panic(0); 1053 } 1054 1055 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1056 1057 res = _utee_cipher_init(operation->state, IV, IVLen); 1058 if (res != TEE_SUCCESS) 1059 TEE_Panic(res); 1060 1061 operation->buffer_offs = 0; 1062 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1063 } 1064 1065 void __GP11_TEE_CipherInit(TEE_OperationHandle operation, const void *IV, 1066 uint32_t IVLen) 1067 { 1068 return TEE_CipherInit(operation, IV, IVLen); 1069 } 1070 1071 static TEE_Result tee_buffer_update( 1072 TEE_OperationHandle op, 1073 TEE_Result(*update_func)(unsigned long state, const void *src, 1074 size_t slen, void *dst, uint64_t *dlen), 1075 const void *src_data, size_t src_len, 1076 void *dest_data, uint64_t *dest_len) 1077 { 1078 TEE_Result res; 1079 const uint8_t *src = src_data; 1080 size_t slen = src_len; 1081 uint8_t *dst = dest_data; 1082 size_t dlen = *dest_len; 1083 size_t acc_dlen = 0; 1084 uint64_t tmp_dlen; 1085 size_t l; 1086 size_t buffer_size; 1087 size_t buffer_left; 1088 1089 if (!src) { 1090 if (slen) 1091 TEE_Panic(0); 1092 goto out; 1093 } 1094 1095 if (op->buffer_two_blocks) { 1096 buffer_size = op->block_size * 2; 1097 buffer_left = 1; 1098 } else { 1099 buffer_size = op->block_size; 1100 buffer_left = 0; 1101 } 1102 1103 if (op->buffer_offs > 0) { 1104 /* Fill up complete block */ 1105 if (op->buffer_offs < op->block_size) 1106 l = MIN(slen, op->block_size - op->buffer_offs); 1107 else 1108 l = MIN(slen, buffer_size - op->buffer_offs); 1109 memcpy(op->buffer + op->buffer_offs, src, l); 1110 op->buffer_offs += l; 1111 src += l; 1112 slen -= l; 1113 if ((op->buffer_offs % op->block_size) != 0) 1114 goto out; /* Nothing left to do */ 1115 } 1116 1117 /* If we can feed from buffer */ 1118 if ((op->buffer_offs > 0) && 1119 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) { 1120 l = ROUNDUP(op->buffer_offs + slen - buffer_size, 1121 op->block_size); 1122 l = MIN(op->buffer_offs, l); 1123 tmp_dlen = dlen; 1124 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen); 1125 if (res != TEE_SUCCESS) 1126 TEE_Panic(res); 1127 dst += tmp_dlen; 1128 dlen -= tmp_dlen; 1129 acc_dlen += tmp_dlen; 1130 op->buffer_offs -= l; 1131 if (op->buffer_offs > 0) { 1132 /* 1133 * Slen is small enough to be contained in rest buffer. 1134 */ 1135 memcpy(op->buffer, op->buffer + l, buffer_size - l); 1136 memcpy(op->buffer + op->buffer_offs, src, slen); 1137 op->buffer_offs += slen; 1138 goto out; /* Nothing left to do */ 1139 } 1140 } 1141 1142 if (slen >= (buffer_size + buffer_left)) { 1143 /* Buffer is empty, feed as much as possible from src */ 1144 if (op->info.algorithm == TEE_ALG_AES_CTS) 1145 l = ROUNDUP(slen - buffer_size, op->block_size); 1146 else 1147 l = ROUNDUP(slen - buffer_size + 1, op->block_size); 1148 1149 tmp_dlen = dlen; 1150 res = update_func(op->state, src, l, dst, &tmp_dlen); 1151 if (res != TEE_SUCCESS) 1152 TEE_Panic(res); 1153 src += l; 1154 slen -= l; 1155 dst += tmp_dlen; 1156 dlen -= tmp_dlen; 1157 acc_dlen += tmp_dlen; 1158 } 1159 1160 /* Slen is small enough to be contained in buffer. */ 1161 memcpy(op->buffer + op->buffer_offs, src, slen); 1162 op->buffer_offs += slen; 1163 1164 out: 1165 *dest_len = acc_dlen; 1166 return TEE_SUCCESS; 1167 } 1168 1169 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData, 1170 size_t srcLen, void *destData, size_t *destLen) 1171 { 1172 TEE_Result res; 1173 size_t req_dlen; 1174 uint64_t dl; 1175 1176 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1177 res = TEE_ERROR_BAD_PARAMETERS; 1178 goto out; 1179 } 1180 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1181 1182 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1183 res = TEE_ERROR_BAD_PARAMETERS; 1184 goto out; 1185 } 1186 1187 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1188 res = TEE_ERROR_BAD_PARAMETERS; 1189 goto out; 1190 } 1191 1192 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1193 res = TEE_ERROR_BAD_PARAMETERS; 1194 goto out; 1195 } 1196 1197 if (!srcData && !srcLen) { 1198 *destLen = 0; 1199 res = TEE_SUCCESS; 1200 goto out; 1201 } 1202 1203 /* Calculate required dlen */ 1204 if (operation->block_size > 1) { 1205 req_dlen = ((operation->buffer_offs + srcLen) / 1206 operation->block_size) * operation->block_size; 1207 } else { 1208 req_dlen = srcLen; 1209 } 1210 if (operation->buffer_two_blocks) { 1211 if (req_dlen > operation->block_size * 2) 1212 req_dlen -= operation->block_size * 2; 1213 else 1214 req_dlen = 0; 1215 } 1216 /* 1217 * Check that required destLen is big enough before starting to feed 1218 * data to the algorithm. Errors during feeding of data are fatal as we 1219 * can't restore sync with this API. 1220 */ 1221 if (*destLen < req_dlen) { 1222 *destLen = req_dlen; 1223 res = TEE_ERROR_SHORT_BUFFER; 1224 goto out; 1225 } 1226 1227 dl = *destLen; 1228 if (operation->block_size > 1) { 1229 res = tee_buffer_update(operation, _utee_cipher_update, srcData, 1230 srcLen, destData, &dl); 1231 } else { 1232 if (srcLen > 0) { 1233 res = _utee_cipher_update(operation->state, srcData, 1234 srcLen, destData, &dl); 1235 } else { 1236 res = TEE_SUCCESS; 1237 dl = 0; 1238 } 1239 } 1240 *destLen = dl; 1241 1242 out: 1243 if (res != TEE_SUCCESS && 1244 res != TEE_ERROR_SHORT_BUFFER) 1245 TEE_Panic(res); 1246 1247 return res; 1248 } 1249 1250 TEE_Result __GP11_TEE_CipherUpdate(TEE_OperationHandle operation, 1251 const void *srcData, uint32_t srcLen, 1252 void *destData, uint32_t *destLen) 1253 { 1254 TEE_Result res = TEE_SUCCESS; 1255 size_t dl = 0; 1256 1257 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1258 dl = *destLen; 1259 res = TEE_CipherUpdate(operation, srcData, srcLen, destData, &dl); 1260 *destLen = dl; 1261 return res; 1262 } 1263 1264 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation, 1265 const void *srcData, size_t srcLen, 1266 void *destData, size_t *destLen) 1267 { 1268 TEE_Result res = TEE_SUCCESS; 1269 uint8_t *dst = destData; 1270 size_t acc_dlen = 0; 1271 uint64_t tmp_dlen = 0; 1272 size_t req_dlen = 0; 1273 1274 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1275 res = TEE_ERROR_BAD_PARAMETERS; 1276 goto out; 1277 } 1278 if (destLen) 1279 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1280 1281 if (operation->info.operationClass != TEE_OPERATION_CIPHER) { 1282 res = TEE_ERROR_BAD_PARAMETERS; 1283 goto out; 1284 } 1285 1286 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1287 res = TEE_ERROR_BAD_PARAMETERS; 1288 goto out; 1289 } 1290 1291 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1292 res = TEE_ERROR_BAD_PARAMETERS; 1293 goto out; 1294 } 1295 1296 /* 1297 * Check that the final block doesn't require padding for those 1298 * algorithms that requires client to supply padding. 1299 */ 1300 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD || 1301 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD || 1302 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD || 1303 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD || 1304 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD || 1305 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD || 1306 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD || 1307 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) { 1308 if (((operation->buffer_offs + srcLen) % operation->block_size) 1309 != 0) { 1310 res = TEE_ERROR_BAD_PARAMETERS; 1311 goto out; 1312 } 1313 } 1314 1315 /* 1316 * Check that required destLen is big enough before starting to feed 1317 * data to the algorithm. Errors during feeding of data are fatal as we 1318 * can't restore sync with this API. 1319 */ 1320 if (operation->block_size > 1) { 1321 req_dlen = operation->buffer_offs + srcLen; 1322 } else { 1323 req_dlen = srcLen; 1324 } 1325 if (destLen) 1326 tmp_dlen = *destLen; 1327 if (tmp_dlen < req_dlen) { 1328 if (destLen) 1329 *destLen = req_dlen; 1330 res = TEE_ERROR_SHORT_BUFFER; 1331 goto out; 1332 } 1333 1334 if (operation->block_size > 1) { 1335 if (srcLen) { 1336 res = tee_buffer_update(operation, _utee_cipher_update, 1337 srcData, srcLen, dst, 1338 &tmp_dlen); 1339 if (res != TEE_SUCCESS) 1340 goto out; 1341 1342 dst += tmp_dlen; 1343 acc_dlen += tmp_dlen; 1344 1345 tmp_dlen = *destLen - acc_dlen; 1346 } 1347 res = _utee_cipher_final(operation->state, operation->buffer, 1348 operation->buffer_offs, dst, 1349 &tmp_dlen); 1350 } else { 1351 res = _utee_cipher_final(operation->state, srcData, srcLen, dst, 1352 &tmp_dlen); 1353 } 1354 if (res != TEE_SUCCESS) 1355 goto out; 1356 1357 acc_dlen += tmp_dlen; 1358 if (destLen) 1359 *destLen = acc_dlen; 1360 1361 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1362 1363 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1364 1365 out: 1366 if (res != TEE_SUCCESS && 1367 res != TEE_ERROR_SHORT_BUFFER) 1368 TEE_Panic(res); 1369 1370 return res; 1371 } 1372 1373 TEE_Result __GP11_TEE_CipherDoFinal(TEE_OperationHandle operation, 1374 const void *srcData, uint32_t srcLen, 1375 void *destData, uint32_t *destLen) 1376 { 1377 TEE_Result res = TEE_SUCCESS; 1378 size_t dl = 0; 1379 1380 if (destLen) { 1381 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1382 dl = *destLen; 1383 } 1384 res = TEE_CipherDoFinal(operation, srcData, srcLen, destData, &dl); 1385 if (destLen) 1386 *destLen = dl; 1387 return res; 1388 } 1389 1390 /* Cryptographic Operations API - MAC Functions */ 1391 1392 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, size_t IVLen) 1393 { 1394 if (operation == TEE_HANDLE_NULL) 1395 TEE_Panic(0); 1396 1397 if (operation->info.operationClass != TEE_OPERATION_MAC) 1398 TEE_Panic(0); 1399 1400 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) || 1401 !(operation->key1)) 1402 TEE_Panic(0); 1403 1404 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1405 TEE_ResetOperation(operation); 1406 1407 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1408 1409 init_hash_operation(operation, IV, IVLen); 1410 } 1411 1412 void __GP11_TEE_MACInit(TEE_OperationHandle operation, const void *IV, 1413 uint32_t IVLen) 1414 { 1415 return TEE_MACInit(operation, IV, IVLen); 1416 } 1417 1418 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1419 size_t chunkSize) 1420 { 1421 TEE_Result res; 1422 1423 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0)) 1424 TEE_Panic(0); 1425 1426 if (operation->info.operationClass != TEE_OPERATION_MAC) 1427 TEE_Panic(0); 1428 1429 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1430 TEE_Panic(0); 1431 1432 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) 1433 TEE_Panic(0); 1434 1435 res = _utee_hash_update(operation->state, chunk, chunkSize); 1436 if (res != TEE_SUCCESS) 1437 TEE_Panic(res); 1438 } 1439 1440 void __GP11_TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk, 1441 uint32_t chunkSize) 1442 { 1443 return TEE_MACUpdate(operation, chunk, chunkSize); 1444 } 1445 1446 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation, 1447 const void *message, size_t messageLen, 1448 void *mac, size_t *macLen) 1449 { 1450 TEE_Result res; 1451 uint64_t ml; 1452 1453 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) { 1454 res = TEE_ERROR_BAD_PARAMETERS; 1455 goto out; 1456 } 1457 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1458 1459 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1460 res = TEE_ERROR_BAD_PARAMETERS; 1461 goto out; 1462 } 1463 1464 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1465 res = TEE_ERROR_BAD_PARAMETERS; 1466 goto out; 1467 } 1468 1469 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1470 res = TEE_ERROR_BAD_PARAMETERS; 1471 goto out; 1472 } 1473 1474 ml = *macLen; 1475 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml); 1476 *macLen = ml; 1477 if (res != TEE_SUCCESS) 1478 goto out; 1479 1480 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1481 1482 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1483 1484 out: 1485 if (res != TEE_SUCCESS && 1486 res != TEE_ERROR_SHORT_BUFFER) 1487 TEE_Panic(res); 1488 1489 return res; 1490 } 1491 1492 TEE_Result __GP11_TEE_MACComputeFinal(TEE_OperationHandle operation, 1493 const void *message, uint32_t messageLen, 1494 void *mac, uint32_t *macLen) 1495 { 1496 TEE_Result res = TEE_SUCCESS; 1497 size_t ml = 0; 1498 1499 __utee_check_inout_annotation(macLen, sizeof(*macLen)); 1500 ml = *macLen; 1501 res = TEE_MACComputeFinal(operation, message, messageLen, mac, &ml); 1502 *macLen = ml; 1503 return res; 1504 } 1505 1506 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation, 1507 const void *message, size_t messageLen, 1508 const void *mac, size_t macLen) 1509 { 1510 TEE_Result res; 1511 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 1512 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 1513 1514 if (operation->info.operationClass != TEE_OPERATION_MAC) { 1515 res = TEE_ERROR_BAD_PARAMETERS; 1516 goto out; 1517 } 1518 1519 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1520 res = TEE_ERROR_BAD_PARAMETERS; 1521 goto out; 1522 } 1523 1524 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) { 1525 res = TEE_ERROR_BAD_PARAMETERS; 1526 goto out; 1527 } 1528 1529 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac, 1530 &computed_mac_size); 1531 if (res != TEE_SUCCESS) 1532 goto out; 1533 1534 if (computed_mac_size != macLen) { 1535 res = TEE_ERROR_MAC_INVALID; 1536 goto out; 1537 } 1538 1539 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) { 1540 res = TEE_ERROR_MAC_INVALID; 1541 goto out; 1542 } 1543 1544 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1545 1546 out: 1547 if (res != TEE_SUCCESS && 1548 res != TEE_ERROR_MAC_INVALID) 1549 TEE_Panic(res); 1550 1551 return res; 1552 } 1553 1554 TEE_Result __GP11_TEE_MACCompareFinal(TEE_OperationHandle operation, 1555 const void *message, uint32_t messageLen, 1556 const void *mac, uint32_t macLen) 1557 { 1558 return TEE_MACCompareFinal(operation, message, messageLen, mac, macLen); 1559 } 1560 1561 /* Cryptographic Operations API - Authenticated Encryption Functions */ 1562 1563 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1564 size_t nonceLen, uint32_t tagLen, size_t AADLen, 1565 size_t payloadLen) 1566 { 1567 TEE_Result res; 1568 1569 if (operation == TEE_HANDLE_NULL || nonce == NULL) { 1570 res = TEE_ERROR_BAD_PARAMETERS; 1571 goto out; 1572 } 1573 1574 if (operation->info.operationClass != TEE_OPERATION_AE) { 1575 res = TEE_ERROR_BAD_PARAMETERS; 1576 goto out; 1577 } 1578 1579 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) { 1580 res = TEE_ERROR_BAD_PARAMETERS; 1581 goto out; 1582 } 1583 1584 /* 1585 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core 1586 * in the implementation. But AES-GCM spec doesn't specify the tag len 1587 * according to the same principle so we have to check here instead to 1588 * be GP compliant. 1589 */ 1590 if (operation->info.algorithm == TEE_ALG_AES_GCM) { 1591 /* 1592 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96 1593 */ 1594 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) { 1595 res = TEE_ERROR_NOT_SUPPORTED; 1596 goto out; 1597 } 1598 } 1599 1600 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8, 1601 AADLen, payloadLen); 1602 if (res != TEE_SUCCESS) 1603 goto out; 1604 1605 operation->info.digestLength = tagLen / 8; 1606 operation->buffer_offs = 0; 1607 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED; 1608 1609 out: 1610 if (res != TEE_SUCCESS && 1611 res != TEE_ERROR_NOT_SUPPORTED) 1612 TEE_Panic(res); 1613 1614 return res; 1615 } 1616 1617 TEE_Result __GP11_TEE_AEInit(TEE_OperationHandle operation, const void *nonce, 1618 uint32_t nonceLen, uint32_t tagLen, 1619 uint32_t AADLen, uint32_t payloadLen) 1620 { 1621 return TEE_AEInit(operation, nonce, nonceLen, tagLen, AADLen, 1622 payloadLen); 1623 } 1624 1625 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1626 size_t AADdataLen) 1627 { 1628 TEE_Result res = TEE_SUCCESS; 1629 1630 if (operation == TEE_HANDLE_NULL || (!AADdata && AADdataLen)) 1631 TEE_Panic(0); 1632 1633 if (operation->info.operationClass != TEE_OPERATION_AE) 1634 TEE_Panic(0); 1635 1636 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) 1637 TEE_Panic(0); 1638 1639 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1640 TEE_Panic(0); 1641 1642 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1643 if (res != TEE_SUCCESS) 1644 TEE_Panic(res); 1645 } 1646 1647 void __GP11_TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata, 1648 uint32_t AADdataLen) 1649 { 1650 TEE_Result res = TEE_SUCCESS; 1651 1652 if (operation == TEE_HANDLE_NULL || 1653 (AADdata == NULL && AADdataLen != 0)) 1654 TEE_Panic(0); 1655 1656 if (operation->info.operationClass != TEE_OPERATION_AE) 1657 TEE_Panic(0); 1658 1659 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) 1660 TEE_Panic(0); 1661 1662 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen); 1663 1664 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1665 1666 if (res != TEE_SUCCESS) 1667 TEE_Panic(res); 1668 } 1669 1670 static TEE_Result ae_update_helper(TEE_OperationHandle operation, 1671 const void *src, size_t slen, void *dst, 1672 size_t *dlen) 1673 { 1674 TEE_Result res = TEE_SUCCESS; 1675 size_t req_dlen = 0; 1676 uint64_t dl = 0; 1677 1678 if (!src && !slen) { 1679 *dlen = 0; 1680 return TEE_SUCCESS; 1681 } 1682 1683 /* 1684 * Check that required destLen is big enough before starting to feed 1685 * data to the algorithm. Errors during feeding of data are fatal as we 1686 * can't restore sync with this API. 1687 */ 1688 if (operation->block_size > 1) { 1689 req_dlen = ROUNDDOWN(operation->buffer_offs + slen, 1690 operation->block_size); 1691 } else { 1692 req_dlen = slen; 1693 } 1694 1695 dl = *dlen; 1696 if (dl < req_dlen) { 1697 *dlen = req_dlen; 1698 return TEE_ERROR_SHORT_BUFFER; 1699 } 1700 1701 if (operation->block_size > 1) { 1702 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1703 src, slen, dst, &dl); 1704 } else { 1705 if (slen > 0) { 1706 res = _utee_authenc_update_payload(operation->state, 1707 src, slen, dst, &dl); 1708 } else { 1709 dl = 0; 1710 res = TEE_SUCCESS; 1711 } 1712 } 1713 1714 if (!res) 1715 *dlen = dl; 1716 1717 return res; 1718 } 1719 1720 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData, 1721 size_t srcLen, void *destData, size_t *destLen) 1722 { 1723 TEE_Result res = TEE_SUCCESS; 1724 1725 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1726 res = TEE_ERROR_BAD_PARAMETERS; 1727 goto out; 1728 } 1729 __utee_check_outbuf_annotation(destData, destLen); 1730 1731 if (operation->info.operationClass != TEE_OPERATION_AE) { 1732 res = TEE_ERROR_BAD_PARAMETERS; 1733 goto out; 1734 } 1735 1736 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1737 res = TEE_ERROR_BAD_PARAMETERS; 1738 goto out; 1739 } 1740 1741 res = ae_update_helper(operation, srcData, srcLen, destData, destLen); 1742 if (res != TEE_ERROR_SHORT_BUFFER && srcLen) 1743 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1744 1745 out: 1746 if (res != TEE_SUCCESS && 1747 res != TEE_ERROR_SHORT_BUFFER) 1748 TEE_Panic(res); 1749 1750 return res; 1751 } 1752 1753 TEE_Result __GP11_TEE_AEUpdate(TEE_OperationHandle operation, 1754 const void *srcData, uint32_t srcLen, 1755 void *destData, uint32_t *destLen) 1756 { 1757 TEE_Result res = TEE_SUCCESS; 1758 size_t dl = 0; 1759 1760 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1761 res = TEE_ERROR_BAD_PARAMETERS; 1762 goto out; 1763 } 1764 __utee_check_gp11_outbuf_annotation(destData, destLen); 1765 1766 if (operation->info.operationClass != TEE_OPERATION_AE) { 1767 res = TEE_ERROR_BAD_PARAMETERS; 1768 goto out; 1769 } 1770 1771 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1772 res = TEE_ERROR_BAD_PARAMETERS; 1773 goto out; 1774 } 1775 1776 dl = *destLen; 1777 res = ae_update_helper(operation, srcData, srcLen, destData, &dl); 1778 *destLen = dl; 1779 1780 if (res != TEE_SUCCESS) 1781 goto out; 1782 1783 operation->operationState = TEE_OPERATION_STATE_ACTIVE; 1784 1785 out: 1786 if (res != TEE_SUCCESS && 1787 res != TEE_ERROR_SHORT_BUFFER) 1788 TEE_Panic(res); 1789 1790 return res; 1791 } 1792 1793 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, 1794 const void *srcData, size_t srcLen, 1795 void *destData, size_t *destLen, void *tag, 1796 size_t *tagLen) 1797 { 1798 TEE_Result res = TEE_SUCCESS; 1799 uint8_t *dst = destData; 1800 size_t acc_dlen = 0; 1801 uint64_t tmp_dlen = 0; 1802 size_t req_dlen = 0; 1803 uint64_t tl = 0; 1804 1805 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1806 res = TEE_ERROR_BAD_PARAMETERS; 1807 goto out; 1808 } 1809 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1810 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1811 1812 if (operation->info.operationClass != TEE_OPERATION_AE) { 1813 res = TEE_ERROR_BAD_PARAMETERS; 1814 goto out; 1815 } 1816 1817 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1818 res = TEE_ERROR_BAD_PARAMETERS; 1819 goto out; 1820 } 1821 1822 /* 1823 * Check that required destLen is big enough before starting to feed 1824 * data to the algorithm. Errors during feeding of data are fatal as we 1825 * can't restore sync with this API. 1826 * 1827 * Need to check this before update_payload since sync would be lost if 1828 * we return short buffer after that. 1829 */ 1830 res = TEE_ERROR_GENERIC; 1831 1832 req_dlen = operation->buffer_offs + srcLen; 1833 if (*destLen < req_dlen) { 1834 *destLen = req_dlen; 1835 res = TEE_ERROR_SHORT_BUFFER; 1836 } 1837 1838 if (*tagLen < operation->info.digestLength) { 1839 *tagLen = operation->info.digestLength; 1840 res = TEE_ERROR_SHORT_BUFFER; 1841 } 1842 1843 if (res == TEE_ERROR_SHORT_BUFFER) 1844 goto out; 1845 1846 tl = *tagLen; 1847 tmp_dlen = *destLen - acc_dlen; 1848 if (operation->block_size > 1) { 1849 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1850 srcData, srcLen, dst, &tmp_dlen); 1851 if (res != TEE_SUCCESS) 1852 goto out; 1853 1854 dst += tmp_dlen; 1855 acc_dlen += tmp_dlen; 1856 1857 tmp_dlen = *destLen - acc_dlen; 1858 res = _utee_authenc_enc_final(operation->state, 1859 operation->buffer, 1860 operation->buffer_offs, dst, 1861 &tmp_dlen, tag, &tl); 1862 } else { 1863 res = _utee_authenc_enc_final(operation->state, srcData, 1864 srcLen, dst, &tmp_dlen, 1865 tag, &tl); 1866 } 1867 *tagLen = tl; 1868 if (res != TEE_SUCCESS) 1869 goto out; 1870 1871 acc_dlen += tmp_dlen; 1872 *destLen = acc_dlen; 1873 1874 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1875 1876 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1877 1878 out: 1879 if (res != TEE_SUCCESS && 1880 res != TEE_ERROR_SHORT_BUFFER) 1881 TEE_Panic(res); 1882 1883 return res; 1884 } 1885 1886 TEE_Result __GP11_TEE_AEEncryptFinal(TEE_OperationHandle operation, 1887 const void *srcData, uint32_t srcLen, 1888 void *destData, uint32_t *destLen, 1889 void *tag, uint32_t *tagLen) 1890 { 1891 TEE_Result res = TEE_SUCCESS; 1892 size_t dl = 0; 1893 size_t tl = 0; 1894 1895 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1896 __utee_check_inout_annotation(tagLen, sizeof(*tagLen)); 1897 dl = *destLen; 1898 tl = *tagLen; 1899 res = TEE_AEEncryptFinal(operation, srcData, srcLen, destData, &dl, 1900 tag, &tl); 1901 *destLen = dl; 1902 *tagLen = tl; 1903 return res; 1904 } 1905 1906 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation, 1907 const void *srcData, size_t srcLen, 1908 void *destData, size_t *destLen, void *tag, 1909 size_t tagLen) 1910 { 1911 TEE_Result res = TEE_SUCCESS; 1912 uint8_t *dst = destData; 1913 size_t acc_dlen = 0; 1914 uint64_t tmp_dlen = 0; 1915 size_t req_dlen = 0; 1916 1917 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) { 1918 res = TEE_ERROR_BAD_PARAMETERS; 1919 goto out; 1920 } 1921 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1922 1923 if (operation->info.operationClass != TEE_OPERATION_AE) { 1924 res = TEE_ERROR_BAD_PARAMETERS; 1925 goto out; 1926 } 1927 1928 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) { 1929 res = TEE_ERROR_BAD_PARAMETERS; 1930 goto out; 1931 } 1932 1933 /* 1934 * Check that required destLen is big enough before starting to feed 1935 * data to the algorithm. Errors during feeding of data are fatal as we 1936 * can't restore sync with this API. 1937 */ 1938 req_dlen = operation->buffer_offs + srcLen; 1939 if (*destLen < req_dlen) { 1940 *destLen = req_dlen; 1941 res = TEE_ERROR_SHORT_BUFFER; 1942 goto out; 1943 } 1944 1945 tmp_dlen = *destLen - acc_dlen; 1946 if (operation->block_size > 1) { 1947 res = tee_buffer_update(operation, _utee_authenc_update_payload, 1948 srcData, srcLen, dst, &tmp_dlen); 1949 if (res != TEE_SUCCESS) 1950 goto out; 1951 1952 dst += tmp_dlen; 1953 acc_dlen += tmp_dlen; 1954 1955 tmp_dlen = *destLen - acc_dlen; 1956 res = _utee_authenc_dec_final(operation->state, 1957 operation->buffer, 1958 operation->buffer_offs, dst, 1959 &tmp_dlen, tag, tagLen); 1960 } else { 1961 res = _utee_authenc_dec_final(operation->state, srcData, 1962 srcLen, dst, &tmp_dlen, 1963 tag, tagLen); 1964 } 1965 if (res != TEE_SUCCESS) 1966 goto out; 1967 1968 /* Supplied tagLen should match what we initiated with */ 1969 if (tagLen != operation->info.digestLength) 1970 res = TEE_ERROR_MAC_INVALID; 1971 1972 acc_dlen += tmp_dlen; 1973 *destLen = acc_dlen; 1974 1975 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED; 1976 1977 operation->operationState = TEE_OPERATION_STATE_INITIAL; 1978 1979 out: 1980 if (res != TEE_SUCCESS && 1981 res != TEE_ERROR_SHORT_BUFFER && 1982 res != TEE_ERROR_MAC_INVALID) 1983 TEE_Panic(res); 1984 1985 return res; 1986 } 1987 1988 TEE_Result __GP11_TEE_AEDecryptFinal(TEE_OperationHandle operation, 1989 const void *srcData, uint32_t srcLen, 1990 void *destData, uint32_t *destLen, 1991 void *tag, uint32_t tagLen) 1992 { 1993 TEE_Result res = TEE_SUCCESS; 1994 size_t dl = 0; 1995 1996 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 1997 dl = *destLen; 1998 res = TEE_AEDecryptFinal(operation, srcData, srcLen, destData, &dl, 1999 tag, tagLen); 2000 *destLen = dl; 2001 return res; 2002 } 2003 2004 /* Cryptographic Operations API - Asymmetric Functions */ 2005 2006 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2007 const TEE_Attribute *params, 2008 uint32_t paramCount, const void *srcData, 2009 size_t srcLen, void *destData, 2010 size_t *destLen) 2011 { 2012 TEE_Result res = TEE_SUCCESS; 2013 struct utee_attribute ua[paramCount]; 2014 uint64_t dl = 0; 2015 2016 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2017 TEE_Panic(0); 2018 2019 __utee_check_attr_in_annotation(params, paramCount); 2020 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2021 2022 if (!operation->key1) 2023 TEE_Panic(0); 2024 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2025 TEE_Panic(0); 2026 if (operation->info.mode != TEE_MODE_ENCRYPT) 2027 TEE_Panic(0); 2028 2029 __utee_from_attr(ua, params, paramCount); 2030 dl = *destLen; 2031 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2032 srcLen, destData, &dl); 2033 *destLen = dl; 2034 2035 if (res != TEE_SUCCESS && 2036 res != TEE_ERROR_SHORT_BUFFER && 2037 res != TEE_ERROR_BAD_PARAMETERS && 2038 res != TEE_ERROR_CIPHERTEXT_INVALID && 2039 res != TEE_ERROR_NOT_SUPPORTED) 2040 TEE_Panic(res); 2041 2042 return res; 2043 } 2044 2045 TEE_Result __GP11_TEE_AsymmetricEncrypt(TEE_OperationHandle operation, 2046 const __GP11_TEE_Attribute *params, 2047 uint32_t paramCount, 2048 const void *srcData, uint32_t srcLen, 2049 void *destData, uint32_t *destLen) 2050 { 2051 TEE_Result res = TEE_SUCCESS; 2052 struct utee_attribute ua[paramCount]; 2053 uint64_t dl = 0; 2054 2055 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2056 TEE_Panic(0); 2057 2058 __utee_check_gp11_attr_in_annotation(params, paramCount); 2059 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2060 2061 if (!operation->key1) 2062 TEE_Panic(0); 2063 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2064 TEE_Panic(0); 2065 if (operation->info.mode != TEE_MODE_ENCRYPT) 2066 TEE_Panic(0); 2067 2068 __utee_from_gp11_attr(ua, params, paramCount); 2069 dl = *destLen; 2070 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2071 srcLen, destData, &dl); 2072 *destLen = dl; 2073 2074 if (res != TEE_SUCCESS && 2075 res != TEE_ERROR_SHORT_BUFFER && 2076 res != TEE_ERROR_BAD_PARAMETERS) 2077 TEE_Panic(res); 2078 2079 return res; 2080 } 2081 2082 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2083 const TEE_Attribute *params, 2084 uint32_t paramCount, const void *srcData, 2085 size_t srcLen, void *destData, 2086 size_t *destLen) 2087 { 2088 TEE_Result res = TEE_SUCCESS; 2089 struct utee_attribute ua[paramCount]; 2090 uint64_t dl = 0; 2091 2092 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2093 TEE_Panic(0); 2094 2095 __utee_check_attr_in_annotation(params, paramCount); 2096 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2097 2098 if (!operation->key1) 2099 TEE_Panic(0); 2100 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2101 TEE_Panic(0); 2102 if (operation->info.mode != TEE_MODE_DECRYPT) 2103 TEE_Panic(0); 2104 2105 __utee_from_attr(ua, params, paramCount); 2106 dl = *destLen; 2107 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2108 srcLen, destData, &dl); 2109 *destLen = dl; 2110 2111 if (res != TEE_SUCCESS && 2112 res != TEE_ERROR_SHORT_BUFFER && 2113 res != TEE_ERROR_BAD_PARAMETERS && 2114 res != TEE_ERROR_CIPHERTEXT_INVALID && 2115 res != TEE_ERROR_NOT_SUPPORTED) 2116 TEE_Panic(res); 2117 2118 return res; 2119 } 2120 2121 TEE_Result __GP11_TEE_AsymmetricDecrypt(TEE_OperationHandle operation, 2122 const __GP11_TEE_Attribute *params, 2123 uint32_t paramCount, 2124 const void *srcData, uint32_t srcLen, 2125 void *destData, uint32_t *destLen) 2126 { 2127 TEE_Result res = TEE_SUCCESS; 2128 struct utee_attribute ua[paramCount]; 2129 uint64_t dl = 0; 2130 2131 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) 2132 TEE_Panic(0); 2133 2134 __utee_check_gp11_attr_in_annotation(params, paramCount); 2135 __utee_check_inout_annotation(destLen, sizeof(*destLen)); 2136 2137 if (!operation->key1) 2138 TEE_Panic(0); 2139 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER) 2140 TEE_Panic(0); 2141 if (operation->info.mode != TEE_MODE_DECRYPT) 2142 TEE_Panic(0); 2143 2144 __utee_from_gp11_attr(ua, params, paramCount); 2145 dl = *destLen; 2146 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData, 2147 srcLen, destData, &dl); 2148 *destLen = dl; 2149 2150 if (res != TEE_SUCCESS && 2151 res != TEE_ERROR_SHORT_BUFFER && 2152 res != TEE_ERROR_BAD_PARAMETERS) 2153 TEE_Panic(res); 2154 2155 return res; 2156 } 2157 2158 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2159 const TEE_Attribute *params, 2160 uint32_t paramCount, const void *digest, 2161 size_t digestLen, void *signature, 2162 size_t *signatureLen) 2163 { 2164 TEE_Result res = TEE_SUCCESS; 2165 struct utee_attribute ua[paramCount]; 2166 uint64_t sl = 0; 2167 2168 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2169 TEE_Panic(0); 2170 2171 __utee_check_attr_in_annotation(params, paramCount); 2172 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2173 2174 if (!operation->key1) 2175 TEE_Panic(0); 2176 if (operation->info.operationClass != 2177 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2178 TEE_Panic(0); 2179 if (operation->info.mode != TEE_MODE_SIGN) 2180 TEE_Panic(0); 2181 2182 __utee_from_attr(ua, params, paramCount); 2183 sl = *signatureLen; 2184 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2185 digestLen, signature, &sl); 2186 *signatureLen = sl; 2187 2188 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2189 TEE_Panic(res); 2190 2191 return res; 2192 } 2193 2194 TEE_Result __GP11_TEE_AsymmetricSignDigest(TEE_OperationHandle operation, 2195 const __GP11_TEE_Attribute *params, 2196 uint32_t paramCount, 2197 const void *digest, 2198 uint32_t digestLen, void *signature, 2199 uint32_t *signatureLen) 2200 { 2201 TEE_Result res = TEE_SUCCESS; 2202 struct utee_attribute ua[paramCount]; 2203 uint64_t sl = 0; 2204 2205 if (operation == TEE_HANDLE_NULL || (!digest && digestLen)) 2206 TEE_Panic(0); 2207 2208 __utee_check_gp11_attr_in_annotation(params, paramCount); 2209 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen)); 2210 2211 if (!operation->key1) 2212 TEE_Panic(0); 2213 if (operation->info.operationClass != 2214 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2215 TEE_Panic(0); 2216 if (operation->info.mode != TEE_MODE_SIGN) 2217 TEE_Panic(0); 2218 2219 __utee_from_gp11_attr(ua, params, paramCount); 2220 sl = *signatureLen; 2221 res = _utee_asymm_operate(operation->state, ua, paramCount, digest, 2222 digestLen, signature, &sl); 2223 *signatureLen = sl; 2224 2225 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER) 2226 TEE_Panic(res); 2227 2228 return res; 2229 } 2230 2231 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2232 const TEE_Attribute *params, 2233 uint32_t paramCount, const void *digest, 2234 size_t digestLen, 2235 const void *signature, 2236 size_t signatureLen) 2237 { 2238 TEE_Result res; 2239 struct utee_attribute ua[paramCount]; 2240 2241 if (operation == TEE_HANDLE_NULL || 2242 (digest == NULL && digestLen != 0) || 2243 (signature == NULL && signatureLen != 0)) 2244 TEE_Panic(0); 2245 2246 __utee_check_attr_in_annotation(params, paramCount); 2247 2248 if (!operation->key1) 2249 TEE_Panic(0); 2250 if (operation->info.operationClass != 2251 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2252 TEE_Panic(0); 2253 if (operation->info.mode != TEE_MODE_VERIFY) 2254 TEE_Panic(0); 2255 2256 __utee_from_attr(ua, params, paramCount); 2257 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2258 digestLen, signature, signatureLen); 2259 2260 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2261 TEE_Panic(res); 2262 2263 return res; 2264 } 2265 2266 TEE_Result __GP11_TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, 2267 const __GP11_TEE_Attribute *params, 2268 uint32_t paramCount, 2269 const void *digest, 2270 uint32_t digestLen, 2271 const void *signature, 2272 uint32_t signatureLen) 2273 { 2274 TEE_Result res = TEE_SUCCESS; 2275 struct utee_attribute ua[paramCount]; 2276 2277 if (operation == TEE_HANDLE_NULL || (!digest && digestLen) || 2278 (!signature && signatureLen)) 2279 TEE_Panic(0); 2280 2281 __utee_check_gp11_attr_in_annotation(params, paramCount); 2282 2283 if (!operation->key1) 2284 TEE_Panic(0); 2285 if (operation->info.operationClass != 2286 TEE_OPERATION_ASYMMETRIC_SIGNATURE) 2287 TEE_Panic(0); 2288 if (operation->info.mode != TEE_MODE_VERIFY) 2289 TEE_Panic(0); 2290 2291 __utee_from_gp11_attr(ua, params, paramCount); 2292 res = _utee_asymm_verify(operation->state, ua, paramCount, digest, 2293 digestLen, signature, signatureLen); 2294 2295 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID) 2296 TEE_Panic(res); 2297 2298 return res; 2299 } 2300 2301 /* Cryptographic Operations API - Key Derivation Functions */ 2302 2303 void TEE_DeriveKey(TEE_OperationHandle operation, 2304 const TEE_Attribute *params, uint32_t paramCount, 2305 TEE_ObjectHandle derivedKey) 2306 { 2307 struct utee_attribute ua[paramCount]; 2308 struct utee_object_info key_info = { }; 2309 TEE_Result res = TEE_SUCCESS; 2310 2311 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2312 TEE_Panic(0); 2313 2314 __utee_check_attr_in_annotation(params, paramCount); 2315 2316 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2317 TEE_OPERATION_KEY_DERIVATION) 2318 TEE_Panic(0); 2319 2320 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2321 TEE_Panic(0); 2322 if (!operation->key1) 2323 TEE_Panic(0); 2324 if (operation->info.mode != TEE_MODE_DERIVE) 2325 TEE_Panic(0); 2326 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2327 TEE_Panic(0); 2328 2329 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2330 if (res != TEE_SUCCESS) 2331 TEE_Panic(res); 2332 2333 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2334 TEE_Panic(0); 2335 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2336 TEE_Panic(0); 2337 2338 __utee_from_attr(ua, params, paramCount); 2339 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2340 (unsigned long)derivedKey); 2341 if (res != TEE_SUCCESS) 2342 TEE_Panic(res); 2343 } 2344 2345 void __GP11_TEE_DeriveKey(TEE_OperationHandle operation, 2346 const __GP11_TEE_Attribute *params, 2347 uint32_t paramCount, TEE_ObjectHandle derivedKey) 2348 { 2349 struct utee_attribute ua[paramCount]; 2350 struct utee_object_info key_info = { }; 2351 TEE_Result res = TEE_SUCCESS; 2352 2353 if (operation == TEE_HANDLE_NULL || derivedKey == 0) 2354 TEE_Panic(0); 2355 2356 __utee_check_gp11_attr_in_annotation(params, paramCount); 2357 2358 if (TEE_ALG_GET_CLASS(operation->info.algorithm) != 2359 TEE_OPERATION_KEY_DERIVATION) 2360 TEE_Panic(0); 2361 2362 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION) 2363 TEE_Panic(0); 2364 if (!operation->key1) 2365 TEE_Panic(0); 2366 if (operation->info.mode != TEE_MODE_DERIVE) 2367 TEE_Panic(0); 2368 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0) 2369 TEE_Panic(0); 2370 2371 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info); 2372 if (res != TEE_SUCCESS) 2373 TEE_Panic(res); 2374 2375 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET) 2376 TEE_Panic(0); 2377 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0) 2378 TEE_Panic(0); 2379 2380 __utee_from_gp11_attr(ua, params, paramCount); 2381 res = _utee_cryp_derive_key(operation->state, ua, paramCount, 2382 (unsigned long)derivedKey); 2383 if (res != TEE_SUCCESS) 2384 TEE_Panic(res); 2385 } 2386 2387 /* Cryptographic Operations API - Random Number Generation Functions */ 2388 2389 void TEE_GenerateRandom(void *randomBuffer, size_t randomBufferLen) 2390 { 2391 TEE_Result res; 2392 2393 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen); 2394 if (res != TEE_SUCCESS) 2395 TEE_Panic(res); 2396 } 2397 2398 void __GP11_TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen) 2399 { 2400 TEE_GenerateRandom(randomBuffer, randomBufferLen); 2401 } 2402 2403 int rand(void) 2404 { 2405 int rc; 2406 2407 TEE_GenerateRandom(&rc, sizeof(rc)); 2408 2409 /* 2410 * RAND_MAX is the larges int, INT_MAX which is all bits but the 2411 * highest bit set. 2412 */ 2413 return rc & RAND_MAX; 2414 } 2415 2416 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element) 2417 { 2418 if (IS_ENABLED(CFG_CRYPTO_AES)) { 2419 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2420 if (alg == TEE_ALG_AES_ECB_NOPAD) 2421 goto check_element_none; 2422 } 2423 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2424 if (alg == TEE_ALG_AES_CBC_NOPAD) 2425 goto check_element_none; 2426 } 2427 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2428 if (alg == TEE_ALG_AES_CTR) 2429 goto check_element_none; 2430 } 2431 if (IS_ENABLED(CFG_CRYPTO_CTS)) { 2432 if (alg == TEE_ALG_AES_CTS) 2433 goto check_element_none; 2434 } 2435 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2436 if (alg == TEE_ALG_AES_XTS) 2437 goto check_element_none; 2438 } 2439 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2440 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD || 2441 alg == TEE_ALG_AES_CBC_MAC_PKCS5) 2442 goto check_element_none; 2443 } 2444 if (IS_ENABLED(CFG_CRYPTO_CMAC)) { 2445 if (alg == TEE_ALG_AES_CMAC) 2446 goto check_element_none; 2447 } 2448 if (IS_ENABLED(CFG_CRYPTO_CCM)) { 2449 if (alg == TEE_ALG_AES_CCM) 2450 goto check_element_none; 2451 } 2452 if (IS_ENABLED(CFG_CRYPTO_GCM)) { 2453 if (alg == TEE_ALG_AES_GCM) 2454 goto check_element_none; 2455 } 2456 } 2457 if (IS_ENABLED(CFG_CRYPTO_DES)) { 2458 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2459 if (alg == TEE_ALG_DES_ECB_NOPAD || 2460 alg == TEE_ALG_DES3_ECB_NOPAD) 2461 goto check_element_none; 2462 } 2463 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2464 if (alg == TEE_ALG_DES_CBC_NOPAD || 2465 alg == TEE_ALG_DES3_CBC_NOPAD) 2466 goto check_element_none; 2467 } 2468 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) { 2469 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD || 2470 alg == TEE_ALG_DES_CBC_MAC_PKCS5 || 2471 alg == TEE_ALG_DES3_CBC_MAC_NOPAD || 2472 alg == TEE_ALG_DES3_CBC_MAC_PKCS5) 2473 goto check_element_none; 2474 } 2475 } 2476 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2477 if (alg == TEE_ALG_MD5) 2478 goto check_element_none; 2479 } 2480 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2481 if (alg == TEE_ALG_SHA1) 2482 goto check_element_none; 2483 } 2484 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2485 if (alg == TEE_ALG_SHA224) 2486 goto check_element_none; 2487 } 2488 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2489 if (alg == TEE_ALG_SHA256) 2490 goto check_element_none; 2491 } 2492 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2493 if (alg == TEE_ALG_SHA384) 2494 goto check_element_none; 2495 } 2496 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2497 if (alg == TEE_ALG_SHA512) 2498 goto check_element_none; 2499 } 2500 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2501 if (alg == TEE_ALG_SHA3_224) 2502 goto check_element_none; 2503 } 2504 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2505 if (alg == TEE_ALG_SHA3_256) 2506 goto check_element_none; 2507 } 2508 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2509 if (alg == TEE_ALG_SHA3_384) 2510 goto check_element_none; 2511 } 2512 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2513 if (alg == TEE_ALG_SHA3_512) 2514 goto check_element_none; 2515 } 2516 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2517 if (alg == TEE_ALG_MD5SHA1) 2518 goto check_element_none; 2519 } 2520 if (IS_ENABLED(CFG_CRYPTO_HMAC)) { 2521 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2522 if (alg == TEE_ALG_HMAC_MD5) 2523 goto check_element_none; 2524 } 2525 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2526 if (alg == TEE_ALG_HMAC_SHA1) 2527 goto check_element_none; 2528 } 2529 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2530 if (alg == TEE_ALG_HMAC_SHA224) 2531 goto check_element_none; 2532 } 2533 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2534 if (alg == TEE_ALG_HMAC_SHA256) 2535 goto check_element_none; 2536 } 2537 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2538 if (alg == TEE_ALG_HMAC_SHA384) 2539 goto check_element_none; 2540 } 2541 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2542 if (alg == TEE_ALG_HMAC_SHA512) 2543 goto check_element_none; 2544 } 2545 if (IS_ENABLED(CFG_CRYPTO_SHA3_224)) { 2546 if (alg == TEE_ALG_HMAC_SHA3_224) 2547 goto check_element_none; 2548 } 2549 if (IS_ENABLED(CFG_CRYPTO_SHA3_256)) { 2550 if (alg == TEE_ALG_HMAC_SHA3_256) 2551 goto check_element_none; 2552 } 2553 if (IS_ENABLED(CFG_CRYPTO_SHA3_384)) { 2554 if (alg == TEE_ALG_HMAC_SHA3_384) 2555 goto check_element_none; 2556 } 2557 if (IS_ENABLED(CFG_CRYPTO_SHA3_512)) { 2558 if (alg == TEE_ALG_HMAC_SHA3_512) 2559 goto check_element_none; 2560 } 2561 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2562 if (alg == TEE_ALG_HMAC_SM3) 2563 goto check_element_none; 2564 } 2565 } 2566 if (IS_ENABLED(CFG_CRYPTO_SM3)) { 2567 if (alg == TEE_ALG_SM3) 2568 goto check_element_none; 2569 } 2570 if (IS_ENABLED(CFG_CRYPTO_SM4)) { 2571 if (IS_ENABLED(CFG_CRYPTO_ECB)) { 2572 if (alg == TEE_ALG_SM4_ECB_NOPAD) 2573 goto check_element_none; 2574 } 2575 if (IS_ENABLED(CFG_CRYPTO_CBC)) { 2576 if (alg == TEE_ALG_SM4_CBC_NOPAD) 2577 goto check_element_none; 2578 } 2579 if (IS_ENABLED(CFG_CRYPTO_CTR)) { 2580 if (alg == TEE_ALG_SM4_CTR) 2581 goto check_element_none; 2582 } 2583 if (IS_ENABLED(CFG_CRYPTO_XTS)) { 2584 if (alg == TEE_ALG_SM4_XTS) 2585 goto check_element_none; 2586 } 2587 } 2588 if (IS_ENABLED(CFG_CRYPTO_RSA)) { 2589 if (IS_ENABLED(CFG_CRYPTO_MD5)) { 2590 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5 || 2591 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 || 2592 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_MD5) 2593 goto check_element_none; 2594 } 2595 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2596 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 || 2597 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 || 2598 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1) 2599 goto check_element_none; 2600 } 2601 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) { 2602 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1) 2603 goto check_element_none; 2604 } 2605 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2606 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 || 2607 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 || 2608 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224) 2609 goto check_element_none; 2610 } 2611 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2612 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 || 2613 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 || 2614 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256) 2615 goto check_element_none; 2616 } 2617 if (IS_ENABLED(CFG_CRYPTO_SHA384)) { 2618 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 || 2619 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 || 2620 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384) 2621 goto check_element_none; 2622 } 2623 if (IS_ENABLED(CFG_CRYPTO_SHA512)) { 2624 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 || 2625 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 || 2626 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512) 2627 goto check_element_none; 2628 } 2629 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) { 2630 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5) 2631 goto check_element_none; 2632 } 2633 if (alg == TEE_ALG_RSA_NOPAD) 2634 goto check_element_none; 2635 } 2636 if (IS_ENABLED(CFG_CRYPTO_DSA)) { 2637 if (IS_ENABLED(CFG_CRYPTO_SHA1)) { 2638 if (alg == TEE_ALG_DSA_SHA1) 2639 goto check_element_none; 2640 } 2641 if (IS_ENABLED(CFG_CRYPTO_SHA224)) { 2642 if (alg == TEE_ALG_DSA_SHA224) 2643 goto check_element_none; 2644 } 2645 if (IS_ENABLED(CFG_CRYPTO_SHA256)) { 2646 if (alg == TEE_ALG_DSA_SHA256) 2647 goto check_element_none; 2648 } 2649 } 2650 if (IS_ENABLED(CFG_CRYPTO_DH)) { 2651 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET) 2652 goto check_element_none; 2653 } 2654 if (IS_ENABLED(CFG_CRYPTO_ECC)) { 2655 if ((alg == __OPTEE_ALG_ECDH_P192 || 2656 alg == __OPTEE_ALG_ECDSA_P192 || 2657 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2658 alg == TEE_ALG_ECDSA_SHA1) && 2659 element == TEE_ECC_CURVE_NIST_P192) 2660 return TEE_SUCCESS; 2661 if ((alg == __OPTEE_ALG_ECDH_P224 || 2662 alg == __OPTEE_ALG_ECDSA_P224 || 2663 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2664 alg == TEE_ALG_ECDSA_SHA224) && 2665 element == TEE_ECC_CURVE_NIST_P224) 2666 return TEE_SUCCESS; 2667 if ((alg == __OPTEE_ALG_ECDH_P256 || 2668 alg == __OPTEE_ALG_ECDSA_P256 || 2669 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2670 alg == TEE_ALG_ECDSA_SHA256) && 2671 element == TEE_ECC_CURVE_NIST_P256) 2672 return TEE_SUCCESS; 2673 if ((alg == __OPTEE_ALG_ECDH_P384 || 2674 alg == __OPTEE_ALG_ECDSA_P384 || 2675 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2676 alg == TEE_ALG_ECDSA_SHA384) && 2677 element == TEE_ECC_CURVE_NIST_P384) 2678 return TEE_SUCCESS; 2679 if ((alg == __OPTEE_ALG_ECDH_P521 || 2680 alg == __OPTEE_ALG_ECDSA_P521 || 2681 alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET || 2682 alg == TEE_ALG_ECDSA_SHA512) && 2683 element == TEE_ECC_CURVE_NIST_P521) 2684 return TEE_SUCCESS; 2685 } 2686 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) { 2687 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2) 2688 return TEE_SUCCESS; 2689 } 2690 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) { 2691 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2) 2692 return TEE_SUCCESS; 2693 } 2694 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) { 2695 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2) 2696 return TEE_SUCCESS; 2697 } 2698 if (IS_ENABLED(CFG_CRYPTO_X25519)) { 2699 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519) 2700 return TEE_SUCCESS; 2701 } 2702 if (IS_ENABLED(CFG_CRYPTO_ED25519)) { 2703 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519) 2704 return TEE_SUCCESS; 2705 } 2706 2707 return TEE_ERROR_NOT_SUPPORTED; 2708 check_element_none: 2709 if (element == TEE_CRYPTO_ELEMENT_NONE) 2710 return TEE_SUCCESS; 2711 return TEE_ERROR_NOT_SUPPORTED; 2712 } 2713