1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2018-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <compiler.h> 8 #include <tee_api_defines.h> 9 #include <tee_internal_api.h> 10 #include <tee_internal_api_extensions.h> 11 12 #include "attributes.h" 13 #include "pkcs11_helpers.h" 14 #include "pkcs11_token.h" 15 #include "processing.h" 16 #include "serializer.h" 17 18 bool processing_is_tee_asymm(uint32_t proc_id) 19 { 20 switch (proc_id) { 21 /* RSA flavors */ 22 case PKCS11_CKM_RSA_PKCS: 23 case PKCS11_CKM_RSA_PKCS_OAEP: 24 case PKCS11_CKM_RSA_PKCS_PSS: 25 case PKCS11_CKM_MD5_RSA_PKCS: 26 case PKCS11_CKM_SHA1_RSA_PKCS: 27 case PKCS11_CKM_SHA224_RSA_PKCS: 28 case PKCS11_CKM_SHA256_RSA_PKCS: 29 case PKCS11_CKM_SHA384_RSA_PKCS: 30 case PKCS11_CKM_SHA512_RSA_PKCS: 31 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 32 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 33 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 34 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 35 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 36 /* EC flavors */ 37 case PKCS11_CKM_ECDSA: 38 case PKCS11_CKM_ECDH1_DERIVE: 39 case PKCS11_CKM_ECDSA_SHA1: 40 case PKCS11_CKM_ECDSA_SHA224: 41 case PKCS11_CKM_ECDSA_SHA256: 42 case PKCS11_CKM_ECDSA_SHA384: 43 case PKCS11_CKM_ECDSA_SHA512: 44 return true; 45 default: 46 return false; 47 } 48 } 49 50 static enum pkcs11_rc 51 pkcs2tee_algorithm(uint32_t *tee_id, uint32_t *tee_hash_id, 52 enum processing_func function __unused, 53 struct pkcs11_attribute_head *proc_params, 54 struct pkcs11_object *obj) 55 { 56 static const struct { 57 enum pkcs11_mechanism_id mech_id; 58 uint32_t tee_id; 59 uint32_t tee_hash_id; 60 } pkcs2tee_algo[] = { 61 /* RSA flavors */ 62 { PKCS11_CKM_RSA_PKCS, TEE_ALG_RSAES_PKCS1_V1_5, 0 }, 63 { PKCS11_CKM_RSA_PKCS_OAEP, 1, 0 }, 64 { PKCS11_CKM_RSA_PKCS_PSS, 1, 0 }, 65 { PKCS11_CKM_MD5_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_MD5, 66 TEE_ALG_MD5 }, 67 { PKCS11_CKM_SHA1_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, 68 TEE_ALG_SHA1 }, 69 { PKCS11_CKM_SHA224_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, 70 TEE_ALG_SHA224 }, 71 { PKCS11_CKM_SHA256_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, 72 TEE_ALG_SHA256 }, 73 { PKCS11_CKM_SHA384_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, 74 TEE_ALG_SHA384 }, 75 { PKCS11_CKM_SHA512_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, 76 TEE_ALG_SHA512 }, 77 { PKCS11_CKM_SHA1_RSA_PKCS_PSS, 78 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_ALG_SHA1 }, 79 { PKCS11_CKM_SHA224_RSA_PKCS_PSS, 80 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_ALG_SHA224 }, 81 { PKCS11_CKM_SHA256_RSA_PKCS_PSS, 82 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_ALG_SHA256 }, 83 { PKCS11_CKM_SHA384_RSA_PKCS_PSS, 84 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_ALG_SHA384 }, 85 { PKCS11_CKM_SHA512_RSA_PKCS_PSS, 86 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_ALG_SHA512 }, 87 /* EC flavors (Must find key size from the object) */ 88 { PKCS11_CKM_ECDSA, 1, 0 }, 89 { PKCS11_CKM_ECDSA_SHA1, 1, TEE_ALG_SHA1 }, 90 { PKCS11_CKM_ECDSA_SHA224, 1, TEE_ALG_SHA224 }, 91 { PKCS11_CKM_ECDSA_SHA256, 1, TEE_ALG_SHA256 }, 92 { PKCS11_CKM_ECDSA_SHA384, 1, TEE_ALG_SHA384 }, 93 { PKCS11_CKM_ECDSA_SHA512, 1, TEE_ALG_SHA512 }, 94 { PKCS11_CKM_ECDH1_DERIVE, 1, 0 }, 95 }; 96 size_t n = 0; 97 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 98 99 for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) { 100 if (pkcs2tee_algo[n].mech_id == proc_params->id) { 101 *tee_id = pkcs2tee_algo[n].tee_id; 102 *tee_hash_id = pkcs2tee_algo[n].tee_hash_id; 103 break; 104 } 105 } 106 107 if (n == ARRAY_SIZE(pkcs2tee_algo)) 108 return PKCS11_RV_NOT_IMPLEMENTED; 109 110 switch (proc_params->id) { 111 case PKCS11_CKM_RSA_PKCS_PSS: 112 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 113 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 114 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 115 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 116 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 117 rc = pkcs2tee_algo_rsa_pss(tee_id, proc_params); 118 break; 119 case PKCS11_CKM_RSA_PKCS_OAEP: 120 rc = pkcs2tee_algo_rsa_oaep(tee_id, tee_hash_id, proc_params); 121 break; 122 case PKCS11_CKM_ECDSA: 123 case PKCS11_CKM_ECDSA_SHA1: 124 case PKCS11_CKM_ECDSA_SHA224: 125 case PKCS11_CKM_ECDSA_SHA256: 126 case PKCS11_CKM_ECDSA_SHA384: 127 case PKCS11_CKM_ECDSA_SHA512: 128 rc = pkcs2tee_algo_ecdsa(tee_id, proc_params, obj); 129 break; 130 case PKCS11_CKM_ECDH1_DERIVE: 131 rc = pkcs2tee_algo_ecdh(tee_id, proc_params, obj); 132 break; 133 default: 134 rc = PKCS11_CKR_OK; 135 break; 136 } 137 138 /* 139 * PKCS#11 uses single mechanism CKM_RSA_PKCS for both ciphering and 140 * authentication whereas GPD TEE expects TEE_ALG_RSAES_PKCS1_V1_5 for 141 * ciphering and TEE_ALG_RSASSA_PKCS1_V1_5 for authentication. 142 */ 143 if (*tee_id == TEE_ALG_RSAES_PKCS1_V1_5 && 144 (function == PKCS11_FUNCTION_SIGN || 145 function == PKCS11_FUNCTION_VERIFY)) 146 *tee_id = TEE_ALG_RSASSA_PKCS1_V1_5; 147 148 return rc; 149 } 150 151 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type, 152 struct pkcs11_object *obj, 153 enum processing_func function) 154 { 155 enum pkcs11_class_id class = get_class(obj->attributes); 156 enum pkcs11_key_type type = get_key_type(obj->attributes); 157 158 switch (class) { 159 case PKCS11_CKO_PUBLIC_KEY: 160 case PKCS11_CKO_PRIVATE_KEY: 161 break; 162 default: 163 TEE_Panic(class); 164 break; 165 } 166 167 switch (type) { 168 case PKCS11_CKK_EC: 169 if (class == PKCS11_CKO_PRIVATE_KEY) { 170 if (function == PKCS11_FUNCTION_DERIVE) 171 *tee_type = TEE_TYPE_ECDH_KEYPAIR; 172 else 173 *tee_type = TEE_TYPE_ECDSA_KEYPAIR; 174 } else { 175 if (function == PKCS11_FUNCTION_DERIVE) 176 *tee_type = TEE_TYPE_ECDH_PUBLIC_KEY; 177 else 178 *tee_type = TEE_TYPE_ECDSA_PUBLIC_KEY; 179 } 180 break; 181 case PKCS11_CKK_RSA: 182 if (class == PKCS11_CKO_PRIVATE_KEY) 183 *tee_type = TEE_TYPE_RSA_KEYPAIR; 184 else 185 *tee_type = TEE_TYPE_RSA_PUBLIC_KEY; 186 break; 187 default: 188 TEE_Panic(type); 189 break; 190 } 191 192 return PKCS11_CKR_OK; 193 } 194 195 static enum pkcs11_rc 196 allocate_tee_operation(struct pkcs11_session *session, 197 enum processing_func function, 198 struct pkcs11_attribute_head *params, 199 struct pkcs11_object *obj) 200 { 201 uint32_t size = (uint32_t)get_object_key_bit_size(obj); 202 uint32_t algo = 0; 203 uint32_t hash_algo = 0; 204 uint32_t mode = 0; 205 uint32_t hash_mode = 0; 206 TEE_Result res = TEE_ERROR_GENERIC; 207 struct active_processing *processing = session->processing; 208 209 assert(processing->tee_op_handle == TEE_HANDLE_NULL); 210 assert(processing->tee_hash_op_handle == TEE_HANDLE_NULL); 211 212 if (pkcs2tee_algorithm(&algo, &hash_algo, function, params, obj)) 213 return PKCS11_CKR_FUNCTION_FAILED; 214 215 pkcs2tee_mode(&mode, function); 216 217 if (hash_algo) { 218 pkcs2tee_mode(&hash_mode, PKCS11_FUNCTION_DIGEST); 219 220 res = TEE_AllocateOperation(&processing->tee_hash_op_handle, 221 hash_algo, hash_mode, 0); 222 if (res) { 223 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32, 224 hash_algo, hash_mode); 225 226 if (res == TEE_ERROR_NOT_SUPPORTED) 227 return PKCS11_CKR_MECHANISM_INVALID; 228 return tee2pkcs_error(res); 229 } 230 processing->tee_hash_algo = hash_algo; 231 } 232 233 res = TEE_AllocateOperation(&processing->tee_op_handle, 234 algo, mode, size); 235 if (res) 236 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32, 237 algo, mode, size); 238 239 if (res == TEE_ERROR_NOT_SUPPORTED) 240 return PKCS11_CKR_MECHANISM_INVALID; 241 242 if (res != TEE_SUCCESS && 243 processing->tee_hash_op_handle != TEE_HANDLE_NULL) { 244 TEE_FreeOperation(session->processing->tee_hash_op_handle); 245 processing->tee_hash_op_handle = TEE_HANDLE_NULL; 246 processing->tee_hash_algo = 0; 247 } 248 249 return tee2pkcs_error(res); 250 } 251 252 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session, 253 struct pkcs11_object *obj, 254 enum processing_func function) 255 { 256 TEE_Attribute *tee_attrs = NULL; 257 size_t tee_attrs_count = 0; 258 size_t object_size = 0; 259 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 260 TEE_Result res = TEE_ERROR_GENERIC; 261 enum pkcs11_class_id __maybe_unused class = get_class(obj->attributes); 262 enum pkcs11_key_type type = get_key_type(obj->attributes); 263 264 assert(class == PKCS11_CKO_PUBLIC_KEY || 265 class == PKCS11_CKO_PRIVATE_KEY); 266 267 if (obj->key_handle != TEE_HANDLE_NULL) { 268 switch (type) { 269 case PKCS11_CKK_RSA: 270 /* RSA loaded keys can be reused */ 271 assert((obj->key_type == TEE_TYPE_RSA_PUBLIC_KEY && 272 class == PKCS11_CKO_PUBLIC_KEY) || 273 (obj->key_type == TEE_TYPE_RSA_KEYPAIR && 274 class == PKCS11_CKO_PRIVATE_KEY)); 275 goto key_ready; 276 case PKCS11_CKK_EC: 277 /* Reuse EC TEE key only if already DSA or DH */ 278 switch (obj->key_type) { 279 case TEE_TYPE_ECDSA_PUBLIC_KEY: 280 case TEE_TYPE_ECDSA_KEYPAIR: 281 if (function != PKCS11_FUNCTION_DERIVE) 282 goto key_ready; 283 break; 284 case TEE_TYPE_ECDH_PUBLIC_KEY: 285 case TEE_TYPE_ECDH_KEYPAIR: 286 if (function == PKCS11_FUNCTION_DERIVE) 287 goto key_ready; 288 break; 289 default: 290 assert(0); 291 break; 292 } 293 break; 294 default: 295 assert(0); 296 break; 297 } 298 299 TEE_CloseObject(obj->key_handle); 300 obj->key_handle = TEE_HANDLE_NULL; 301 } 302 303 rc = pkcs2tee_key_type(&obj->key_type, obj, function); 304 if (rc) 305 return rc; 306 307 object_size = get_object_key_bit_size(obj); 308 if (!object_size) 309 return PKCS11_CKR_GENERAL_ERROR; 310 311 switch (type) { 312 case PKCS11_CKK_RSA: 313 rc = load_tee_rsa_key_attrs(&tee_attrs, &tee_attrs_count, obj); 314 break; 315 case PKCS11_CKK_EC: 316 rc = load_tee_ec_key_attrs(&tee_attrs, &tee_attrs_count, obj); 317 break; 318 default: 319 break; 320 } 321 if (rc) 322 return rc; 323 324 res = TEE_AllocateTransientObject(obj->key_type, object_size, 325 &obj->key_handle); 326 if (res) { 327 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 328 329 return tee2pkcs_error(res); 330 } 331 332 res = TEE_PopulateTransientObject(obj->key_handle, 333 tee_attrs, tee_attrs_count); 334 335 TEE_Free(tee_attrs); 336 337 if (res) { 338 DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res); 339 340 goto error; 341 } 342 343 key_ready: 344 res = TEE_SetOperationKey(session->processing->tee_op_handle, 345 obj->key_handle); 346 if (res) { 347 DMSG("TEE_SetOperationKey failed, %#"PRIx32, res); 348 349 goto error; 350 } 351 352 return PKCS11_CKR_OK; 353 354 error: 355 TEE_FreeTransientObject(obj->key_handle); 356 obj->key_handle = TEE_HANDLE_NULL; 357 return tee2pkcs_error(res); 358 } 359 360 static enum pkcs11_rc 361 init_tee_operation(struct pkcs11_session *session, 362 struct pkcs11_attribute_head *proc_params, 363 struct pkcs11_object *obj) 364 { 365 enum pkcs11_rc rc = PKCS11_CKR_OK; 366 struct active_processing *proc = session->processing; 367 368 switch (proc_params->id) { 369 case PKCS11_CKM_RSA_PKCS_PSS: 370 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 371 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 372 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 373 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 374 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 375 rc = pkcs2tee_proc_params_rsa_pss(proc, proc_params); 376 if (rc) 377 break; 378 379 rc = pkcs2tee_validate_rsa_pss(proc, obj); 380 break; 381 case PKCS11_CKM_RSA_PKCS_OAEP: 382 rc = pkcs2tee_proc_params_rsa_oaep(proc, proc_params); 383 break; 384 default: 385 break; 386 } 387 388 return rc; 389 } 390 391 enum pkcs11_rc init_asymm_operation(struct pkcs11_session *session, 392 enum processing_func function, 393 struct pkcs11_attribute_head *proc_params, 394 struct pkcs11_object *obj) 395 { 396 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 397 398 assert(processing_is_tee_asymm(proc_params->id)); 399 400 rc = allocate_tee_operation(session, function, proc_params, obj); 401 if (rc) 402 return rc; 403 404 rc = load_tee_key(session, obj, function); 405 if (rc) 406 return rc; 407 408 return init_tee_operation(session, proc_params, obj); 409 } 410 411 /* 412 * step_sym_step - step (update/oneshot/final) on a symmetric crypto operation 413 * 414 * @session - current session 415 * @function - processing function (encrypt, decrypt, sign, ...) 416 * @step - step ID in the processing (oneshot, update, final) 417 * @ptypes - invocation parameter types 418 * @params - invocation parameter references 419 */ 420 enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session, 421 enum processing_func function, 422 enum processing_step step, 423 uint32_t ptypes, TEE_Param *params) 424 { 425 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 426 TEE_Result res = TEE_ERROR_GENERIC; 427 void *in_buf = NULL; 428 void *in2_buf = NULL; 429 void *out_buf = NULL; 430 void *hash_buf = NULL; 431 uint32_t in_size = 0; 432 uint32_t in2_size = 0; 433 uint32_t out_size = 0; 434 uint32_t hash_size = 0; 435 TEE_Attribute *tee_attrs = NULL; 436 size_t tee_attrs_count = 0; 437 bool output_data = false; 438 struct active_processing *proc = session->processing; 439 struct rsa_oaep_processing_ctx *rsa_oaep_ctx = NULL; 440 struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL; 441 size_t sz = 0; 442 443 if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) { 444 in_buf = params[1].memref.buffer; 445 in_size = params[1].memref.size; 446 if (in_size && !in_buf) 447 return PKCS11_CKR_ARGUMENTS_BAD; 448 } 449 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) { 450 in2_buf = params[2].memref.buffer; 451 in2_size = params[2].memref.size; 452 if (in2_size && !in2_buf) 453 return PKCS11_CKR_ARGUMENTS_BAD; 454 } 455 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) { 456 out_buf = params[2].memref.buffer; 457 out_size = params[2].memref.size; 458 if (out_size && !out_buf) 459 return PKCS11_CKR_ARGUMENTS_BAD; 460 } 461 if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE) 462 return PKCS11_CKR_ARGUMENTS_BAD; 463 464 switch (step) { 465 case PKCS11_FUNC_STEP_ONESHOT: 466 case PKCS11_FUNC_STEP_UPDATE: 467 case PKCS11_FUNC_STEP_FINAL: 468 break; 469 default: 470 return PKCS11_CKR_GENERAL_ERROR; 471 } 472 473 /* TEE attribute(s) required by the operation */ 474 switch (proc->mecha_type) { 475 case PKCS11_CKM_RSA_PKCS_PSS: 476 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 477 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 478 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 479 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 480 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 481 tee_attrs = TEE_Malloc(sizeof(TEE_Attribute), 482 TEE_USER_MEM_HINT_NO_FILL_ZERO); 483 if (!tee_attrs) { 484 rc = PKCS11_CKR_DEVICE_MEMORY; 485 goto out; 486 } 487 488 rsa_pss_ctx = proc->extra_ctx; 489 490 TEE_InitValueAttribute(&tee_attrs[tee_attrs_count], 491 TEE_ATTR_RSA_PSS_SALT_LENGTH, 492 rsa_pss_ctx->salt_len, 0); 493 tee_attrs_count++; 494 break; 495 case PKCS11_CKM_RSA_PKCS_OAEP: 496 rsa_oaep_ctx = proc->extra_ctx; 497 498 if (!rsa_oaep_ctx->source_data_len) 499 break; 500 501 tee_attrs = TEE_Malloc(sizeof(TEE_Attribute), 502 TEE_USER_MEM_HINT_NO_FILL_ZERO); 503 if (!tee_attrs) { 504 rc = PKCS11_CKR_DEVICE_MEMORY; 505 goto out; 506 } 507 508 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 509 TEE_ATTR_RSA_OAEP_LABEL, 510 rsa_oaep_ctx->source_data, 511 rsa_oaep_ctx->source_data_len); 512 tee_attrs_count++; 513 break; 514 default: 515 break; 516 } 517 518 /* 519 * Handle multi stage update step for mechas needing hash 520 * calculation 521 */ 522 if (step == PKCS11_FUNC_STEP_UPDATE) { 523 switch (proc->mecha_type) { 524 case PKCS11_CKM_ECDSA_SHA1: 525 case PKCS11_CKM_ECDSA_SHA224: 526 case PKCS11_CKM_ECDSA_SHA256: 527 case PKCS11_CKM_ECDSA_SHA384: 528 case PKCS11_CKM_ECDSA_SHA512: 529 case PKCS11_CKM_MD5_RSA_PKCS: 530 case PKCS11_CKM_SHA1_RSA_PKCS: 531 case PKCS11_CKM_SHA224_RSA_PKCS: 532 case PKCS11_CKM_SHA256_RSA_PKCS: 533 case PKCS11_CKM_SHA384_RSA_PKCS: 534 case PKCS11_CKM_SHA512_RSA_PKCS: 535 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 536 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 537 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 538 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 539 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 540 assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL); 541 542 TEE_DigestUpdate(proc->tee_hash_op_handle, in_buf, 543 in_size); 544 rc = PKCS11_CKR_OK; 545 break; 546 default: 547 /* 548 * Other mechanism do not expect multi stage 549 * operation 550 */ 551 rc = PKCS11_CKR_GENERAL_ERROR; 552 break; 553 } 554 555 goto out; 556 } 557 558 /* 559 * Handle multi stage one shot and final steps for mechas needing hash 560 * calculation 561 */ 562 switch (proc->mecha_type) { 563 case PKCS11_CKM_ECDSA_SHA1: 564 case PKCS11_CKM_ECDSA_SHA224: 565 case PKCS11_CKM_ECDSA_SHA256: 566 case PKCS11_CKM_ECDSA_SHA384: 567 case PKCS11_CKM_ECDSA_SHA512: 568 case PKCS11_CKM_MD5_RSA_PKCS: 569 case PKCS11_CKM_SHA1_RSA_PKCS: 570 case PKCS11_CKM_SHA224_RSA_PKCS: 571 case PKCS11_CKM_SHA256_RSA_PKCS: 572 case PKCS11_CKM_SHA384_RSA_PKCS: 573 case PKCS11_CKM_SHA512_RSA_PKCS: 574 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 575 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 576 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 577 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 578 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 579 assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL); 580 581 hash_size = TEE_ALG_GET_DIGEST_SIZE(proc->tee_hash_algo); 582 hash_buf = TEE_Malloc(hash_size, 0); 583 if (!hash_buf) 584 return PKCS11_CKR_DEVICE_MEMORY; 585 586 res = TEE_DigestDoFinal(proc->tee_hash_op_handle, 587 in_buf, in_size, hash_buf, 588 &hash_size); 589 590 rc = tee2pkcs_error(res); 591 if (rc != PKCS11_CKR_OK) 592 goto out; 593 594 break; 595 default: 596 break; 597 } 598 599 /* 600 * Finalize either provided hash or calculated hash with signing 601 * operation 602 */ 603 604 /* First determine amount of bytes for signing operation */ 605 switch (proc->mecha_type) { 606 case PKCS11_CKM_ECDSA: 607 sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle); 608 if (!in_size || !sz) { 609 rc = PKCS11_CKR_FUNCTION_FAILED; 610 goto out; 611 } 612 613 /* 614 * Note 3) Input the entire raw digest. Internally, this will 615 * be truncated to the appropriate number of bits. 616 */ 617 if (in_size > sz) 618 in_size = sz; 619 620 if (function == PKCS11_FUNCTION_VERIFY && in2_size != 2 * sz) { 621 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 622 goto out; 623 } 624 break; 625 case PKCS11_CKM_ECDSA_SHA1: 626 case PKCS11_CKM_ECDSA_SHA224: 627 case PKCS11_CKM_ECDSA_SHA256: 628 case PKCS11_CKM_ECDSA_SHA384: 629 case PKCS11_CKM_ECDSA_SHA512: 630 /* Get key size in bytes */ 631 sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle); 632 if (!sz) { 633 rc = PKCS11_CKR_FUNCTION_FAILED; 634 goto out; 635 } 636 637 if (function == PKCS11_FUNCTION_VERIFY && 638 in2_size != 2 * sz) { 639 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 640 goto out; 641 } 642 break; 643 case PKCS11_CKM_RSA_PKCS: 644 case PKCS11_CKM_MD5_RSA_PKCS: 645 case PKCS11_CKM_SHA1_RSA_PKCS: 646 case PKCS11_CKM_SHA224_RSA_PKCS: 647 case PKCS11_CKM_SHA256_RSA_PKCS: 648 case PKCS11_CKM_SHA384_RSA_PKCS: 649 case PKCS11_CKM_SHA512_RSA_PKCS: 650 case PKCS11_CKM_RSA_PKCS_PSS: 651 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 652 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 653 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 654 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 655 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 656 /* Get key size in bytes */ 657 sz = rsa_get_input_max_byte_size(proc->tee_op_handle); 658 if (!sz) { 659 rc = PKCS11_CKR_FUNCTION_FAILED; 660 goto out; 661 } 662 663 if (function == PKCS11_FUNCTION_VERIFY && in2_size != sz) { 664 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 665 goto out; 666 } 667 break; 668 default: 669 break; 670 } 671 672 /* Next perform actual signing operation */ 673 switch (proc->mecha_type) { 674 case PKCS11_CKM_ECDSA: 675 case PKCS11_CKM_RSA_PKCS: 676 case PKCS11_CKM_RSA_PKCS_OAEP: 677 case PKCS11_CKM_RSA_PKCS_PSS: 678 /* For operations using provided input data */ 679 switch (function) { 680 case PKCS11_FUNCTION_ENCRYPT: 681 res = TEE_AsymmetricEncrypt(proc->tee_op_handle, 682 tee_attrs, tee_attrs_count, 683 in_buf, in_size, 684 out_buf, &out_size); 685 output_data = true; 686 rc = tee2pkcs_error(res); 687 if (rc == PKCS11_CKR_ARGUMENTS_BAD) 688 rc = PKCS11_CKR_DATA_LEN_RANGE; 689 break; 690 691 case PKCS11_FUNCTION_DECRYPT: 692 res = TEE_AsymmetricDecrypt(proc->tee_op_handle, 693 tee_attrs, tee_attrs_count, 694 in_buf, in_size, 695 out_buf, &out_size); 696 output_data = true; 697 rc = tee2pkcs_error(res); 698 if (rc == PKCS11_CKR_ARGUMENTS_BAD) 699 rc = PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 700 break; 701 702 case PKCS11_FUNCTION_SIGN: 703 res = TEE_AsymmetricSignDigest(proc->tee_op_handle, 704 tee_attrs, 705 tee_attrs_count, 706 in_buf, in_size, 707 out_buf, &out_size); 708 output_data = true; 709 rc = tee2pkcs_error(res); 710 break; 711 712 case PKCS11_FUNCTION_VERIFY: 713 res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle, 714 tee_attrs, 715 tee_attrs_count, 716 in_buf, in_size, 717 in2_buf, in2_size); 718 rc = tee2pkcs_error(res); 719 break; 720 721 default: 722 TEE_Panic(function); 723 break; 724 } 725 break; 726 case PKCS11_CKM_ECDSA_SHA1: 727 case PKCS11_CKM_ECDSA_SHA224: 728 case PKCS11_CKM_ECDSA_SHA256: 729 case PKCS11_CKM_ECDSA_SHA384: 730 case PKCS11_CKM_ECDSA_SHA512: 731 case PKCS11_CKM_MD5_RSA_PKCS: 732 case PKCS11_CKM_SHA1_RSA_PKCS: 733 case PKCS11_CKM_SHA224_RSA_PKCS: 734 case PKCS11_CKM_SHA256_RSA_PKCS: 735 case PKCS11_CKM_SHA384_RSA_PKCS: 736 case PKCS11_CKM_SHA512_RSA_PKCS: 737 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 738 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 739 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 740 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 741 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 742 /* For operations having hash operation use calculated hash */ 743 switch (function) { 744 case PKCS11_FUNCTION_SIGN: 745 res = TEE_AsymmetricSignDigest(proc->tee_op_handle, 746 tee_attrs, 747 tee_attrs_count, 748 hash_buf, hash_size, 749 out_buf, &out_size); 750 output_data = true; 751 rc = tee2pkcs_error(res); 752 break; 753 754 case PKCS11_FUNCTION_VERIFY: 755 res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle, 756 tee_attrs, 757 tee_attrs_count, 758 hash_buf, hash_size, 759 in2_buf, in2_size); 760 rc = tee2pkcs_error(res); 761 break; 762 763 default: 764 TEE_Panic(function); 765 break; 766 } 767 break; 768 default: 769 TEE_Panic(proc->mecha_type); 770 break; 771 } 772 773 out: 774 if (output_data && 775 (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) { 776 switch (TEE_PARAM_TYPE_GET(ptypes, 2)) { 777 case TEE_PARAM_TYPE_MEMREF_OUTPUT: 778 case TEE_PARAM_TYPE_MEMREF_INOUT: 779 params[2].memref.size = out_size; 780 break; 781 default: 782 rc = PKCS11_CKR_GENERAL_ERROR; 783 break; 784 } 785 } 786 787 TEE_Free(hash_buf); 788 TEE_Free(tee_attrs); 789 790 return rc; 791 } 792 793 enum pkcs11_rc do_asymm_derivation(struct pkcs11_session *session, 794 struct pkcs11_attribute_head *proc_params, 795 struct obj_attrs **head) 796 { 797 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 798 TEE_ObjectHandle out_handle = TEE_HANDLE_NULL; 799 TEE_Result res = TEE_ERROR_GENERIC; 800 TEE_Attribute tee_attrs[2] = { }; 801 size_t tee_attrs_count = 0; 802 uint32_t key_byte_size = 0; 803 uint32_t key_bit_size = 0; 804 void *a_ptr = NULL; 805 size_t a_size = 0; 806 807 /* Remove default attribute set at template sanitization */ 808 if (remove_empty_attribute(head, PKCS11_CKA_VALUE)) 809 return PKCS11_CKR_FUNCTION_FAILED; 810 811 rc = get_u32_attribute(*head, PKCS11_CKA_VALUE_LEN, &key_bit_size); 812 if (rc) 813 return rc; 814 815 key_bit_size *= 8; 816 key_byte_size = (key_bit_size + 7) / 8; 817 818 res = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, 819 key_byte_size * 8, &out_handle); 820 if (res) { 821 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 822 return tee2pkcs_error(res); 823 } 824 825 switch (proc_params->id) { 826 case PKCS11_CKM_ECDH1_DERIVE: 827 rc = pkcs2tee_param_ecdh(proc_params, &a_ptr, &a_size); 828 if (rc) 829 goto out; 830 831 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 832 TEE_ATTR_ECC_PUBLIC_VALUE_X, 833 a_ptr, a_size / 2); 834 tee_attrs_count++; 835 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 836 TEE_ATTR_ECC_PUBLIC_VALUE_Y, 837 (char *)a_ptr + a_size / 2, 838 a_size / 2); 839 tee_attrs_count++; 840 break; 841 default: 842 TEE_Panic(proc_params->id); 843 break; 844 } 845 846 TEE_DeriveKey(session->processing->tee_op_handle, &tee_attrs[0], 847 tee_attrs_count, out_handle); 848 849 rc = alloc_get_tee_attribute_data(out_handle, TEE_ATTR_SECRET_VALUE, 850 &a_ptr, &a_size); 851 if (rc) 852 goto out; 853 854 if (a_size * 8 < key_bit_size) 855 rc = PKCS11_CKR_KEY_SIZE_RANGE; 856 else 857 rc = add_attribute(head, PKCS11_CKA_VALUE, a_ptr, 858 key_byte_size); 859 TEE_Free(a_ptr); 860 out: 861 release_active_processing(session); 862 TEE_FreeTransientObject(out_handle); 863 864 return rc; 865 } 866