1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2018-2021, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <pkcs11_ta.h> 8 #include <tee_api_defines.h> 9 #include <tee_internal_api.h> 10 #include <tee_internal_api_extensions.h> 11 12 #include "attributes.h" 13 #include "object.h" 14 #include "pkcs11_token.h" 15 #include "processing.h" 16 17 enum pkcs11_rc 18 pkcs2tee_proc_params_rsa_pss(struct active_processing *proc, 19 struct pkcs11_attribute_head *proc_params) 20 { 21 struct serialargs args = { }; 22 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 23 struct rsa_pss_processing_ctx *ctx = NULL; 24 uint32_t hash = 0; 25 uint32_t mgf = 0; 26 uint32_t salt_len = 0; 27 28 serialargs_init(&args, proc_params->data, proc_params->size); 29 30 rc = serialargs_get_u32(&args, &hash); 31 if (rc) 32 return rc; 33 34 rc = serialargs_get_u32(&args, &mgf); 35 if (rc) 36 return rc; 37 38 rc = serialargs_get_u32(&args, &salt_len); 39 if (rc) 40 return rc; 41 42 if (serialargs_remaining_bytes(&args)) 43 return PKCS11_CKR_ARGUMENTS_BAD; 44 45 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_pss_processing_ctx), 46 TEE_USER_MEM_HINT_NO_FILL_ZERO); 47 if (!proc->extra_ctx) 48 return PKCS11_CKR_DEVICE_MEMORY; 49 50 ctx = proc->extra_ctx; 51 52 ctx->hash_alg = hash; 53 ctx->mgf_type = mgf; 54 ctx->salt_len = salt_len; 55 56 return PKCS11_CKR_OK; 57 } 58 59 enum pkcs11_rc pkcs2tee_validate_rsa_pss(struct active_processing *proc, 60 struct pkcs11_object *obj) 61 { 62 struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL; 63 size_t modulus_size = 0; 64 size_t hash_size = 0; 65 uint32_t k = 0; 66 67 rsa_pss_ctx = proc->extra_ctx; 68 assert(rsa_pss_ctx); 69 70 switch (rsa_pss_ctx->hash_alg) { 71 case PKCS11_CKM_SHA_1: 72 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA1); 73 break; 74 case PKCS11_CKM_SHA224: 75 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA224); 76 break; 77 case PKCS11_CKM_SHA256: 78 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA256); 79 break; 80 case PKCS11_CKM_SHA384: 81 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA384); 82 break; 83 case PKCS11_CKM_SHA512: 84 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA512); 85 break; 86 default: 87 assert(0); 88 break; 89 } 90 91 modulus_size = get_object_key_bit_size(obj); 92 93 /** 94 * The sLen field must be less than or equal to k*-2-hLen where 95 * hLen is the length in bytes of the hash value. k* is the 96 * length in bytes of the RSA modulus, except if the length in 97 * bits of the RSA modulus is one more than a multiple of 8, in 98 * which case k* is one less than the length in bytes of the 99 * RSA modulus. 100 */ 101 if ((modulus_size % 8) == 1) 102 k = modulus_size / 8; 103 else 104 k = ROUNDUP_DIV(modulus_size, 8); 105 106 if (rsa_pss_ctx->salt_len > (k - 2 - hash_size)) 107 return PKCS11_CKR_KEY_SIZE_RANGE; 108 109 return PKCS11_CKR_OK; 110 } 111 112 /* 113 * Check or set TEE algorithm identifier upon PKCS11 mechanism parameters 114 * @tee_id: Input and/or output TEE algorithm identifier 115 * @proc_params: PKCS11 processing parameters 116 */ 117 enum pkcs11_rc pkcs2tee_algo_rsa_pss(uint32_t *tee_id, 118 struct pkcs11_attribute_head *proc_params) 119 { 120 struct serialargs args = { }; 121 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 122 uint32_t hash = 0; 123 uint32_t mgf = 0; 124 uint32_t salt_len = 0; 125 126 serialargs_init(&args, proc_params->data, proc_params->size); 127 128 rc = serialargs_get_u32(&args, &hash); 129 if (rc) 130 return rc; 131 132 rc = serialargs_get_u32(&args, &mgf); 133 if (rc) 134 return rc; 135 136 rc = serialargs_get_u32(&args, &salt_len); 137 if (rc) 138 return rc; 139 140 if (serialargs_remaining_bytes(&args)) 141 return PKCS11_CKR_ARGUMENTS_BAD; 142 143 if (proc_params->id == PKCS11_CKM_RSA_PKCS_PSS) { 144 if (hash == PKCS11_CKM_SHA_1 && mgf == PKCS11_CKG_MGF1_SHA1) { 145 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1; 146 return PKCS11_CKR_OK; 147 } 148 if (hash == PKCS11_CKM_SHA224 && 149 mgf == PKCS11_CKG_MGF1_SHA224) { 150 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224; 151 return PKCS11_CKR_OK; 152 } 153 if (hash == PKCS11_CKM_SHA256 && 154 mgf == PKCS11_CKG_MGF1_SHA256) { 155 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256; 156 return PKCS11_CKR_OK; 157 } 158 if (hash == PKCS11_CKM_SHA384 && 159 mgf == PKCS11_CKG_MGF1_SHA384) { 160 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384; 161 return PKCS11_CKR_OK; 162 } 163 if (hash == PKCS11_CKM_SHA512 && 164 mgf == PKCS11_CKG_MGF1_SHA512) { 165 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512; 166 return PKCS11_CKR_OK; 167 } 168 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 169 } 170 171 switch (*tee_id) { 172 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 173 if (hash != PKCS11_CKM_SHA_1 || mgf != PKCS11_CKG_MGF1_SHA1) 174 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 175 break; 176 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 177 if (hash != PKCS11_CKM_SHA224 || mgf != PKCS11_CKG_MGF1_SHA224) 178 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 179 break; 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 181 if (hash != PKCS11_CKM_SHA256 || mgf != PKCS11_CKG_MGF1_SHA256) 182 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 183 break; 184 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 185 if (hash != PKCS11_CKM_SHA384 || mgf != PKCS11_CKG_MGF1_SHA384) 186 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 187 break; 188 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 189 if (hash != PKCS11_CKM_SHA512 || mgf != PKCS11_CKG_MGF1_SHA512) 190 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 191 break; 192 default: 193 return PKCS11_CKR_GENERAL_ERROR; 194 } 195 196 return PKCS11_CKR_OK; 197 } 198 199 enum pkcs11_rc 200 pkcs2tee_proc_params_rsa_oaep(struct active_processing *proc, 201 struct pkcs11_attribute_head *proc_params) 202 { 203 struct serialargs args = { }; 204 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 205 struct rsa_oaep_processing_ctx *ctx = NULL; 206 uint32_t hash = 0; 207 uint32_t mgf = 0; 208 uint32_t source_type = 0; 209 void *source_data = NULL; 210 uint32_t source_size = 0; 211 212 serialargs_init(&args, proc_params->data, proc_params->size); 213 214 rc = serialargs_get_u32(&args, &hash); 215 if (rc) 216 return rc; 217 218 rc = serialargs_get_u32(&args, &mgf); 219 if (rc) 220 return rc; 221 222 rc = serialargs_get_u32(&args, &source_type); 223 if (rc) 224 return rc; 225 226 rc = serialargs_get_u32(&args, &source_size); 227 if (rc) 228 return rc; 229 230 rc = serialargs_get_ptr(&args, &source_data, source_size); 231 if (rc) 232 return rc; 233 234 if (serialargs_remaining_bytes(&args)) 235 return PKCS11_CKR_ARGUMENTS_BAD; 236 237 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_oaep_processing_ctx) + 238 source_size, 239 TEE_USER_MEM_HINT_NO_FILL_ZERO); 240 if (!proc->extra_ctx) 241 return PKCS11_CKR_DEVICE_MEMORY; 242 243 ctx = proc->extra_ctx; 244 245 ctx->hash_alg = hash; 246 ctx->mgf_type = mgf; 247 ctx->source_type = source_type; 248 ctx->source_data_len = source_size; 249 TEE_MemMove(ctx->source_data, source_data, source_size); 250 251 return PKCS11_CKR_OK; 252 } 253 254 enum pkcs11_rc 255 pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing *proc, 256 struct pkcs11_attribute_head *proc_params) 257 { 258 struct serialargs args = { }; 259 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 260 struct rsa_aes_key_wrap_processing_ctx *ctx = NULL; 261 uint32_t aes_key_bits = 0; 262 uint32_t hash = 0; 263 uint32_t mgf = 0; 264 uint32_t source_type = 0; 265 void *source_data = NULL; 266 uint32_t source_size = 0; 267 268 serialargs_init(&args, proc_params->data, proc_params->size); 269 270 rc = serialargs_get_u32(&args, &aes_key_bits); 271 if (rc) 272 return rc; 273 274 rc = serialargs_get_u32(&args, &hash); 275 if (rc) 276 return rc; 277 278 rc = serialargs_get_u32(&args, &mgf); 279 if (rc) 280 return rc; 281 282 rc = serialargs_get_u32(&args, &source_type); 283 if (rc) 284 return rc; 285 286 rc = serialargs_get_u32(&args, &source_size); 287 if (rc) 288 return rc; 289 290 rc = serialargs_get_ptr(&args, &source_data, source_size); 291 if (rc) 292 return rc; 293 294 if (serialargs_remaining_bytes(&args)) 295 return PKCS11_CKR_ARGUMENTS_BAD; 296 297 proc->extra_ctx = 298 TEE_Malloc(sizeof(struct rsa_aes_key_wrap_processing_ctx) + 299 source_size, 300 TEE_USER_MEM_HINT_NO_FILL_ZERO); 301 if (!proc->extra_ctx) 302 return PKCS11_CKR_DEVICE_MEMORY; 303 304 ctx = proc->extra_ctx; 305 306 ctx->aes_key_bits = aes_key_bits; 307 ctx->hash_alg = hash; 308 ctx->mgf_type = mgf; 309 ctx->source_type = source_type; 310 ctx->source_data_len = source_size; 311 TEE_MemMove(ctx->source_data, source_data, source_size); 312 313 return PKCS11_CKR_OK; 314 } 315 316 /* 317 * Set TEE RSA OAEP algorithm identifier upon PKCS11 mechanism parameters 318 * @tee_id: output TEE RSA OAEP algorithm identifier 319 * @tee_hash_id: output TEE hash algorithm identifier 320 * @proc_params: PKCS11 processing parameters 321 */ 322 enum pkcs11_rc 323 pkcs2tee_algo_rsa_oaep(uint32_t *tee_id, uint32_t *tee_hash_id, 324 struct pkcs11_attribute_head *proc_params) 325 { 326 struct serialargs args = { }; 327 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 328 uint32_t hash = 0; 329 uint32_t mgf = 0; 330 uint32_t source_type = 0; 331 void *source_data = NULL; 332 uint32_t source_size = 0; 333 334 serialargs_init(&args, proc_params->data, proc_params->size); 335 336 rc = serialargs_get_u32(&args, &hash); 337 if (rc) 338 return rc; 339 340 rc = serialargs_get_u32(&args, &mgf); 341 if (rc) 342 return rc; 343 344 rc = serialargs_get_u32(&args, &source_type); 345 if (rc) 346 return rc; 347 348 rc = serialargs_get_u32(&args, &source_size); 349 if (rc) 350 return rc; 351 352 rc = serialargs_get_ptr(&args, &source_data, source_size); 353 if (rc) 354 return rc; 355 356 if (serialargs_remaining_bytes(&args)) 357 return PKCS11_CKR_ARGUMENTS_BAD; 358 359 if (source_type != PKCS11_CKZ_DATA_SPECIFIED) 360 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 361 362 switch (proc_params->id) { 363 case PKCS11_CKM_RSA_PKCS_OAEP: 364 switch (hash) { 365 case PKCS11_CKM_SHA_1: 366 if (mgf != PKCS11_CKG_MGF1_SHA1) 367 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 368 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1; 369 *tee_hash_id = TEE_ALG_SHA1; 370 break; 371 case PKCS11_CKM_SHA224: 372 if (mgf != PKCS11_CKG_MGF1_SHA224) 373 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 374 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224; 375 *tee_hash_id = TEE_ALG_SHA224; 376 break; 377 case PKCS11_CKM_SHA256: 378 if (mgf != PKCS11_CKG_MGF1_SHA256) 379 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 380 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256; 381 *tee_hash_id = TEE_ALG_SHA256; 382 break; 383 case PKCS11_CKM_SHA384: 384 if (mgf != PKCS11_CKG_MGF1_SHA384) 385 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 386 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384; 387 *tee_hash_id = TEE_ALG_SHA384; 388 break; 389 case PKCS11_CKM_SHA512: 390 if (mgf != PKCS11_CKG_MGF1_SHA512) 391 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 392 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512; 393 *tee_hash_id = TEE_ALG_SHA512; 394 break; 395 default: 396 EMSG("Unexpected %#"PRIx32"/%s", hash, 397 id2str_proc(hash)); 398 399 return PKCS11_CKR_GENERAL_ERROR; 400 } 401 break; 402 default: 403 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id, 404 id2str_proc(proc_params->id)); 405 406 return PKCS11_CKR_GENERAL_ERROR; 407 } 408 409 return PKCS11_CKR_OK; 410 } 411 412 enum pkcs11_rc 413 pkcs2tee_algo_rsa_aes_wrap(uint32_t *tee_id, uint32_t *tee_hash_id, 414 struct pkcs11_attribute_head *proc_params) 415 { 416 struct serialargs args = { }; 417 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 418 uint32_t aes_key_bits = 0; 419 uint32_t hash = 0; 420 uint32_t mgf = 0; 421 uint32_t source_type = 0; 422 void *source_data = NULL; 423 uint32_t source_size = 0; 424 425 serialargs_init(&args, proc_params->data, proc_params->size); 426 427 rc = serialargs_get_u32(&args, &aes_key_bits); 428 if (rc) 429 return rc; 430 431 rc = serialargs_get_u32(&args, &hash); 432 if (rc) 433 return rc; 434 435 rc = serialargs_get_u32(&args, &mgf); 436 if (rc) 437 return rc; 438 439 rc = serialargs_get_u32(&args, &source_type); 440 if (rc) 441 return rc; 442 443 rc = serialargs_get_u32(&args, &source_size); 444 if (rc) 445 return rc; 446 447 rc = serialargs_get_ptr(&args, &source_data, source_size); 448 if (rc) 449 return rc; 450 451 if (serialargs_remaining_bytes(&args)) 452 return PKCS11_CKR_ARGUMENTS_BAD; 453 454 if (source_type != PKCS11_CKZ_DATA_SPECIFIED) 455 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 456 457 switch (proc_params->id) { 458 case PKCS11_CKM_RSA_AES_KEY_WRAP: 459 switch (hash) { 460 case PKCS11_CKM_SHA_1: 461 if (mgf != PKCS11_CKG_MGF1_SHA1) 462 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 463 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1; 464 *tee_hash_id = TEE_ALG_SHA1; 465 break; 466 case PKCS11_CKM_SHA224: 467 if (mgf != PKCS11_CKG_MGF1_SHA224) 468 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 469 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224; 470 *tee_hash_id = TEE_ALG_SHA224; 471 break; 472 case PKCS11_CKM_SHA256: 473 if (mgf != PKCS11_CKG_MGF1_SHA256) 474 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 475 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256; 476 *tee_hash_id = TEE_ALG_SHA256; 477 break; 478 case PKCS11_CKM_SHA384: 479 if (mgf != PKCS11_CKG_MGF1_SHA384) 480 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 481 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384; 482 *tee_hash_id = TEE_ALG_SHA384; 483 break; 484 case PKCS11_CKM_SHA512: 485 if (mgf != PKCS11_CKG_MGF1_SHA512) 486 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 487 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512; 488 *tee_hash_id = TEE_ALG_SHA512; 489 break; 490 default: 491 EMSG("Unexpected %#"PRIx32"/%s", hash, 492 id2str_proc(hash)); 493 494 return PKCS11_CKR_GENERAL_ERROR; 495 } 496 break; 497 default: 498 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id, 499 id2str_proc(proc_params->id)); 500 501 return PKCS11_CKR_GENERAL_ERROR; 502 } 503 504 return PKCS11_CKR_OK; 505 } 506 507 static enum pkcs11_rc contains_all_rsa_crt_parameters(struct pkcs11_object *obj) 508 { 509 const uint32_t crt_attr[] = { 510 PKCS11_CKA_PRIME_1, PKCS11_CKA_PRIME_2, PKCS11_CKA_EXPONENT_1, 511 PKCS11_CKA_EXPONENT_2, PKCS11_CKA_COEFFICIENT, 512 }; 513 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 514 uint32_t a_size = 0; 515 void *a_ptr = NULL; 516 size_t count = 0; 517 size_t n = 0; 518 519 for (n = 0; n < ARRAY_SIZE(crt_attr); n++) { 520 rc = get_attribute_ptr(obj->attributes, crt_attr[n], &a_ptr, 521 &a_size); 522 if (rc != PKCS11_CKR_OK) 523 return rc; 524 if (a_ptr && a_size) 525 count++; 526 } 527 528 if (count != ARRAY_SIZE(crt_attr)) 529 return PKCS11_RV_NOT_FOUND; 530 531 return PKCS11_CKR_OK; 532 } 533 534 enum pkcs11_rc load_tee_rsa_key_attrs(TEE_Attribute **tee_attrs, 535 size_t *tee_count, 536 struct pkcs11_object *obj) 537 { 538 TEE_Attribute *attrs = NULL; 539 size_t count = 0; 540 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 541 542 assert(get_key_type(obj->attributes) == PKCS11_CKK_RSA); 543 544 switch (get_class(obj->attributes)) { 545 case PKCS11_CKO_PUBLIC_KEY: 546 attrs = TEE_Malloc(2 * sizeof(TEE_Attribute), 547 TEE_USER_MEM_HINT_NO_FILL_ZERO); 548 if (!attrs) 549 return PKCS11_CKR_DEVICE_MEMORY; 550 551 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS, 552 obj, PKCS11_CKA_MODULUS)) 553 count++; 554 555 if (pkcs2tee_load_attr(&attrs[count], 556 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj, 557 PKCS11_CKA_PUBLIC_EXPONENT)) 558 count++; 559 560 if (count == 2) 561 rc = PKCS11_CKR_OK; 562 563 break; 564 565 case PKCS11_CKO_PRIVATE_KEY: 566 attrs = TEE_Malloc(8 * sizeof(TEE_Attribute), 567 TEE_USER_MEM_HINT_NO_FILL_ZERO); 568 if (!attrs) 569 return PKCS11_CKR_DEVICE_MEMORY; 570 571 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS, 572 obj, PKCS11_CKA_MODULUS)) 573 count++; 574 575 if (pkcs2tee_load_attr(&attrs[count], 576 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj, 577 PKCS11_CKA_PUBLIC_EXPONENT)) 578 count++; 579 580 if (pkcs2tee_load_attr(&attrs[count], 581 TEE_ATTR_RSA_PRIVATE_EXPONENT, obj, 582 PKCS11_CKA_PRIVATE_EXPONENT)) 583 count++; 584 585 if (count != 3) 586 break; 587 588 /* 589 * If the pre-computed CRT parameters are present load them 590 * but only if they are all present since the GP TEE 591 * specification expects either the 5 are present 592 * or none is present. 593 */ 594 rc = contains_all_rsa_crt_parameters(obj); 595 if (rc != PKCS11_CKR_OK) { 596 if (rc == PKCS11_RV_NOT_FOUND) 597 rc = PKCS11_CKR_OK; 598 break; 599 } 600 601 rc = PKCS11_CKR_GENERAL_ERROR; 602 603 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME1, obj, 604 PKCS11_CKA_PRIME_1)) 605 count++; 606 607 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME2, obj, 608 PKCS11_CKA_PRIME_2)) 609 count++; 610 611 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT1, 612 obj, PKCS11_CKA_EXPONENT_1)) 613 count++; 614 615 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT2, 616 obj, PKCS11_CKA_EXPONENT_2)) 617 count++; 618 619 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_COEFFICIENT, 620 obj, PKCS11_CKA_COEFFICIENT)) 621 count++; 622 623 if (count == 8) 624 rc = PKCS11_CKR_OK; 625 626 break; 627 628 default: 629 assert(0); 630 break; 631 } 632 633 if (rc == PKCS11_CKR_OK) { 634 *tee_attrs = attrs; 635 *tee_count = count; 636 } else { 637 TEE_Free(attrs); 638 } 639 640 return rc; 641 } 642 643 static enum pkcs11_rc tee2pkcs_rsa_attributes(struct obj_attrs **pub_head, 644 struct obj_attrs **priv_head, 645 TEE_ObjectHandle tee_obj) 646 { 647 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 648 void *a_ptr = NULL; 649 650 rc = tee2pkcs_add_attribute(pub_head, PKCS11_CKA_MODULUS, tee_obj, 651 TEE_ATTR_RSA_MODULUS); 652 if (rc) 653 goto out; 654 655 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr, 656 NULL); 657 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 658 goto out; 659 660 if (rc == PKCS11_CKR_OK && !a_ptr) { 661 rc = remove_empty_attribute(pub_head, 662 PKCS11_CKA_PUBLIC_EXPONENT); 663 if (rc) 664 goto out; 665 rc = PKCS11_RV_NOT_FOUND; 666 } 667 668 if (rc == PKCS11_RV_NOT_FOUND) { 669 rc = tee2pkcs_add_attribute(pub_head, 670 PKCS11_CKA_PUBLIC_EXPONENT, 671 tee_obj, 672 TEE_ATTR_RSA_PUBLIC_EXPONENT); 673 if (rc) 674 goto out; 675 } 676 677 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_MODULUS, tee_obj, 678 TEE_ATTR_RSA_MODULUS); 679 if (rc) 680 goto out; 681 682 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT, 683 tee_obj, TEE_ATTR_RSA_PUBLIC_EXPONENT); 684 if (rc) 685 goto out; 686 687 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT, 688 tee_obj, TEE_ATTR_RSA_PRIVATE_EXPONENT); 689 if (rc) 690 goto out; 691 692 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_1, tee_obj, 693 TEE_ATTR_RSA_PRIME1); 694 if (rc) 695 goto out; 696 697 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_2, tee_obj, 698 TEE_ATTR_RSA_PRIME2); 699 if (rc) 700 goto out; 701 702 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_1, tee_obj, 703 TEE_ATTR_RSA_EXPONENT1); 704 if (rc) 705 goto out; 706 707 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_2, tee_obj, 708 TEE_ATTR_RSA_EXPONENT2); 709 if (rc) 710 goto out; 711 712 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_COEFFICIENT, tee_obj, 713 TEE_ATTR_RSA_COEFFICIENT); 714 out: 715 return rc; 716 } 717 718 enum pkcs11_rc generate_rsa_keys(struct pkcs11_attribute_head *proc_params, 719 struct obj_attrs **pub_head, 720 struct obj_attrs **priv_head) 721 { 722 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 723 void *a_ptr = NULL; 724 uint32_t a_size = 0; 725 TEE_ObjectHandle tee_obj = TEE_HANDLE_NULL; 726 TEE_Result res = TEE_ERROR_GENERIC; 727 uint32_t modulus_bits = 0; 728 TEE_Attribute tee_attrs[1] = { }; 729 uint32_t tee_count = 0; 730 731 if (!proc_params || !*pub_head || !*priv_head) 732 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 733 734 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_MODULUS_BITS, &a_ptr, 735 &a_size); 736 if (rc != PKCS11_CKR_OK || a_size != sizeof(uint32_t)) 737 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 738 739 TEE_MemMove(&modulus_bits, a_ptr, sizeof(uint32_t)); 740 741 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr, 742 &a_size); 743 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 744 return rc; 745 746 if (rc == PKCS11_CKR_OK && a_ptr) { 747 TEE_InitRefAttribute(&tee_attrs[tee_count], 748 TEE_ATTR_RSA_PUBLIC_EXPONENT, 749 a_ptr, a_size); 750 tee_count++; 751 } 752 753 if (remove_empty_attribute(priv_head, PKCS11_CKA_MODULUS) || 754 remove_empty_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT) || 755 remove_empty_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT) || 756 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_1) || 757 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_2) || 758 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_1) || 759 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_2) || 760 remove_empty_attribute(priv_head, PKCS11_CKA_COEFFICIENT)) { 761 EMSG("Unexpected attribute(s) found"); 762 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 763 goto out; 764 } 765 766 /* Create an RSA TEE key */ 767 res = TEE_AllocateTransientObject(TEE_TYPE_RSA_KEYPAIR, modulus_bits, 768 &tee_obj); 769 if (res) { 770 DMSG("TEE_AllocateTransientObject failed %#"PRIx32, res); 771 772 rc = tee2pkcs_error(res); 773 goto out; 774 } 775 776 res = TEE_RestrictObjectUsage1(tee_obj, TEE_USAGE_EXTRACTABLE); 777 if (res) { 778 DMSG("TEE_RestrictObjectUsage1 failed %#"PRIx32, res); 779 780 rc = tee2pkcs_error(res); 781 goto out; 782 } 783 784 res = TEE_GenerateKey(tee_obj, modulus_bits, tee_attrs, tee_count); 785 if (res) { 786 DMSG("TEE_GenerateKey failed %#"PRIx32, res); 787 788 rc = tee2pkcs_error(res); 789 goto out; 790 } 791 792 rc = tee2pkcs_rsa_attributes(pub_head, priv_head, tee_obj); 793 794 out: 795 if (tee_obj != TEE_HANDLE_NULL) 796 TEE_CloseObject(tee_obj); 797 798 return rc; 799 } 800 801 size_t rsa_get_input_max_byte_size(TEE_OperationHandle op) 802 { 803 TEE_OperationInfo info = { }; 804 805 TEE_GetOperationInfo(op, &info); 806 807 return info.maxKeySize / 8; 808 } 809 810 enum pkcs11_rc pkcs2tee_rsa_nopad_context(struct active_processing *proc) 811 { 812 size_t key_size = 0; 813 814 /* 815 * RSA no-pad (CKM_RSA_X_509) verify needs a buffer of the size 816 * of the key to safely run. 817 */ 818 key_size = rsa_get_input_max_byte_size(proc->tee_op_handle); 819 if (!key_size) 820 return PKCS11_CKR_GENERAL_ERROR; 821 822 proc->extra_ctx = TEE_Malloc(key_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 823 if (!proc->extra_ctx) 824 return PKCS11_CKR_DEVICE_MEMORY; 825 826 return PKCS11_CKR_OK; 827 } 828