1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2018-2021, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <pkcs11_ta.h> 8 #include <tee_api_defines.h> 9 #include <tee_internal_api.h> 10 #include <tee_internal_api_extensions.h> 11 12 #include "attributes.h" 13 #include "object.h" 14 #include "pkcs11_token.h" 15 #include "processing.h" 16 17 enum pkcs11_rc 18 pkcs2tee_proc_params_rsa_pss(struct active_processing *proc, 19 struct pkcs11_attribute_head *proc_params) 20 { 21 struct serialargs args = { }; 22 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 23 struct rsa_pss_processing_ctx *ctx = NULL; 24 uint32_t hash = 0; 25 uint32_t mgf = 0; 26 uint32_t salt_len = 0; 27 28 serialargs_init(&args, proc_params->data, proc_params->size); 29 30 rc = serialargs_get_u32(&args, &hash); 31 if (rc) 32 return rc; 33 34 rc = serialargs_get_u32(&args, &mgf); 35 if (rc) 36 return rc; 37 38 rc = serialargs_get_u32(&args, &salt_len); 39 if (rc) 40 return rc; 41 42 if (serialargs_remaining_bytes(&args)) 43 return PKCS11_CKR_ARGUMENTS_BAD; 44 45 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_pss_processing_ctx), 46 TEE_USER_MEM_HINT_NO_FILL_ZERO); 47 if (!proc->extra_ctx) 48 return PKCS11_CKR_DEVICE_MEMORY; 49 50 ctx = proc->extra_ctx; 51 52 ctx->hash_alg = hash; 53 ctx->mgf_type = mgf; 54 ctx->salt_len = salt_len; 55 56 return PKCS11_CKR_OK; 57 } 58 59 enum pkcs11_rc pkcs2tee_validate_rsa_pss(struct active_processing *proc, 60 struct pkcs11_object *obj) 61 { 62 struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL; 63 size_t modulus_size = 0; 64 size_t hash_size = 0; 65 uint32_t k = 0; 66 67 rsa_pss_ctx = proc->extra_ctx; 68 assert(rsa_pss_ctx); 69 70 switch (rsa_pss_ctx->hash_alg) { 71 case PKCS11_CKM_SHA_1: 72 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA1); 73 break; 74 case PKCS11_CKM_SHA224: 75 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA224); 76 break; 77 case PKCS11_CKM_SHA256: 78 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA256); 79 break; 80 case PKCS11_CKM_SHA384: 81 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA384); 82 break; 83 case PKCS11_CKM_SHA512: 84 hash_size = TEE_ALG_GET_DIGEST_SIZE(TEE_ALG_SHA512); 85 break; 86 default: 87 assert(0); 88 break; 89 } 90 91 modulus_size = get_object_key_bit_size(obj); 92 93 /** 94 * The sLen field must be less than or equal to k*-2-hLen where 95 * hLen is the length in bytes of the hash value. k* is the 96 * length in bytes of the RSA modulus, except if the length in 97 * bits of the RSA modulus is one more than a multiple of 8, in 98 * which case k* is one less than the length in bytes of the 99 * RSA modulus. 100 */ 101 if ((modulus_size % 8) == 1) 102 k = modulus_size / 8; 103 else 104 k = ROUNDUP_DIV(modulus_size, 8); 105 106 if (rsa_pss_ctx->salt_len > (k - 2 - hash_size)) 107 return PKCS11_CKR_KEY_SIZE_RANGE; 108 109 return PKCS11_CKR_OK; 110 } 111 112 /* 113 * Check or set TEE algorithm identifier upon PKCS11 mechanism parameters 114 * @tee_id: Input and/or output TEE algorithm identifier 115 * @proc_params: PKCS11 processing parameters 116 */ 117 enum pkcs11_rc pkcs2tee_algo_rsa_pss(uint32_t *tee_id, 118 struct pkcs11_attribute_head *proc_params) 119 { 120 struct serialargs args = { }; 121 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 122 uint32_t hash = 0; 123 uint32_t mgf = 0; 124 uint32_t salt_len = 0; 125 126 serialargs_init(&args, proc_params->data, proc_params->size); 127 128 rc = serialargs_get_u32(&args, &hash); 129 if (rc) 130 return rc; 131 132 rc = serialargs_get_u32(&args, &mgf); 133 if (rc) 134 return rc; 135 136 rc = serialargs_get_u32(&args, &salt_len); 137 if (rc) 138 return rc; 139 140 if (serialargs_remaining_bytes(&args)) 141 return PKCS11_CKR_ARGUMENTS_BAD; 142 143 if (proc_params->id == PKCS11_CKM_RSA_PKCS_PSS) { 144 if (hash == PKCS11_CKM_SHA_1 && mgf == PKCS11_CKG_MGF1_SHA1) { 145 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1; 146 return PKCS11_CKR_OK; 147 } 148 if (hash == PKCS11_CKM_SHA224 && 149 mgf == PKCS11_CKG_MGF1_SHA224) { 150 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224; 151 return PKCS11_CKR_OK; 152 } 153 if (hash == PKCS11_CKM_SHA256 && 154 mgf == PKCS11_CKG_MGF1_SHA256) { 155 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256; 156 return PKCS11_CKR_OK; 157 } 158 if (hash == PKCS11_CKM_SHA384 && 159 mgf == PKCS11_CKG_MGF1_SHA384) { 160 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384; 161 return PKCS11_CKR_OK; 162 } 163 if (hash == PKCS11_CKM_SHA512 && 164 mgf == PKCS11_CKG_MGF1_SHA512) { 165 *tee_id = TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512; 166 return PKCS11_CKR_OK; 167 } 168 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 169 } 170 171 switch (*tee_id) { 172 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: 173 if (hash != PKCS11_CKM_SHA_1 || mgf != PKCS11_CKG_MGF1_SHA1) 174 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 175 break; 176 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: 177 if (hash != PKCS11_CKM_SHA224 || mgf != PKCS11_CKG_MGF1_SHA224) 178 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 179 break; 180 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: 181 if (hash != PKCS11_CKM_SHA256 || mgf != PKCS11_CKG_MGF1_SHA256) 182 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 183 break; 184 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: 185 if (hash != PKCS11_CKM_SHA384 || mgf != PKCS11_CKG_MGF1_SHA384) 186 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 187 break; 188 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: 189 if (hash != PKCS11_CKM_SHA512 || mgf != PKCS11_CKG_MGF1_SHA512) 190 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 191 break; 192 default: 193 return PKCS11_CKR_GENERAL_ERROR; 194 } 195 196 return PKCS11_CKR_OK; 197 } 198 199 enum pkcs11_rc 200 pkcs2tee_proc_params_rsa_oaep(struct active_processing *proc, 201 struct pkcs11_attribute_head *proc_params) 202 { 203 struct serialargs args = { }; 204 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 205 struct rsa_oaep_processing_ctx *ctx = NULL; 206 uint32_t hash = 0; 207 uint32_t mgf = 0; 208 uint32_t source_type = 0; 209 void *source_data = NULL; 210 uint32_t source_size = 0; 211 212 serialargs_init(&args, proc_params->data, proc_params->size); 213 214 rc = serialargs_get_u32(&args, &hash); 215 if (rc) 216 return rc; 217 218 rc = serialargs_get_u32(&args, &mgf); 219 if (rc) 220 return rc; 221 222 rc = serialargs_get_u32(&args, &source_type); 223 if (rc) 224 return rc; 225 226 rc = serialargs_get_u32(&args, &source_size); 227 if (rc) 228 return rc; 229 230 rc = serialargs_get_ptr(&args, &source_data, source_size); 231 if (rc) 232 return rc; 233 234 if (serialargs_remaining_bytes(&args)) 235 return PKCS11_CKR_ARGUMENTS_BAD; 236 237 proc->extra_ctx = TEE_Malloc(sizeof(struct rsa_oaep_processing_ctx) + 238 source_size, 239 TEE_USER_MEM_HINT_NO_FILL_ZERO); 240 if (!proc->extra_ctx) 241 return PKCS11_CKR_DEVICE_MEMORY; 242 243 ctx = proc->extra_ctx; 244 245 ctx->hash_alg = hash; 246 ctx->mgf_type = mgf; 247 ctx->source_type = source_type; 248 ctx->source_data_len = source_size; 249 TEE_MemMove(ctx->source_data, source_data, source_size); 250 251 return PKCS11_CKR_OK; 252 } 253 254 enum pkcs11_rc 255 pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing *proc, 256 struct pkcs11_attribute_head *proc_params) 257 { 258 struct serialargs args = { }; 259 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 260 struct rsa_aes_key_wrap_processing_ctx *ctx = NULL; 261 uint32_t aes_key_bits = 0; 262 uint32_t hash = 0; 263 uint32_t mgf = 0; 264 uint32_t source_type = 0; 265 void *source_data = NULL; 266 uint32_t source_size = 0; 267 268 serialargs_init(&args, proc_params->data, proc_params->size); 269 270 rc = serialargs_get_u32(&args, &aes_key_bits); 271 if (rc) 272 return rc; 273 274 rc = serialargs_get_u32(&args, &hash); 275 if (rc) 276 return rc; 277 278 rc = serialargs_get_u32(&args, &mgf); 279 if (rc) 280 return rc; 281 282 rc = serialargs_get_u32(&args, &source_type); 283 if (rc) 284 return rc; 285 286 rc = serialargs_get_u32(&args, &source_size); 287 if (rc) 288 return rc; 289 290 rc = serialargs_get_ptr(&args, &source_data, source_size); 291 if (rc) 292 return rc; 293 294 if (serialargs_remaining_bytes(&args)) 295 return PKCS11_CKR_ARGUMENTS_BAD; 296 297 proc->extra_ctx = 298 TEE_Malloc(sizeof(struct rsa_aes_key_wrap_processing_ctx) + 299 source_size, 300 TEE_USER_MEM_HINT_NO_FILL_ZERO); 301 if (!proc->extra_ctx) 302 return PKCS11_CKR_DEVICE_MEMORY; 303 304 ctx = proc->extra_ctx; 305 306 ctx->aes_key_bits = aes_key_bits; 307 ctx->hash_alg = hash; 308 ctx->mgf_type = mgf; 309 ctx->source_type = source_type; 310 ctx->source_data_len = source_size; 311 TEE_MemMove(ctx->source_data, source_data, source_size); 312 313 return PKCS11_CKR_OK; 314 } 315 316 /* 317 * Set TEE RSA OAEP algorithm identifier upon PKCS11 mechanism parameters 318 * @tee_id: output TEE RSA OAEP algorithm identifier 319 * @tee_hash_id: output TEE hash algorithm identifier 320 * @proc_params: PKCS11 processing parameters 321 */ 322 enum pkcs11_rc 323 pkcs2tee_algo_rsa_oaep(uint32_t *tee_id, uint32_t *tee_hash_id, 324 struct pkcs11_attribute_head *proc_params) 325 { 326 struct serialargs args = { }; 327 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 328 uint32_t hash = 0; 329 uint32_t mgf = 0; 330 uint32_t source_type = 0; 331 void *source_data = NULL; 332 uint32_t source_size = 0; 333 334 serialargs_init(&args, proc_params->data, proc_params->size); 335 336 rc = serialargs_get_u32(&args, &hash); 337 if (rc) 338 return rc; 339 340 rc = serialargs_get_u32(&args, &mgf); 341 if (rc) 342 return rc; 343 344 rc = serialargs_get_u32(&args, &source_type); 345 if (rc) 346 return rc; 347 348 rc = serialargs_get_u32(&args, &source_size); 349 if (rc) 350 return rc; 351 352 rc = serialargs_get_ptr(&args, &source_data, source_size); 353 if (rc) 354 return rc; 355 356 if (serialargs_remaining_bytes(&args)) 357 return PKCS11_CKR_ARGUMENTS_BAD; 358 359 if (source_type != PKCS11_CKZ_DATA_SPECIFIED) 360 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 361 362 switch (proc_params->id) { 363 case PKCS11_CKM_RSA_PKCS_OAEP: 364 switch (hash) { 365 case PKCS11_CKM_SHA_1: 366 if (mgf != PKCS11_CKG_MGF1_SHA1) 367 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 368 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1; 369 *tee_hash_id = TEE_ALG_SHA1; 370 break; 371 case PKCS11_CKM_SHA224: 372 if (mgf != PKCS11_CKG_MGF1_SHA224) 373 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 374 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224; 375 *tee_hash_id = TEE_ALG_SHA224; 376 break; 377 case PKCS11_CKM_SHA256: 378 if (mgf != PKCS11_CKG_MGF1_SHA256) 379 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 380 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256; 381 *tee_hash_id = TEE_ALG_SHA256; 382 break; 383 case PKCS11_CKM_SHA384: 384 if (mgf != PKCS11_CKG_MGF1_SHA384) 385 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 386 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384; 387 *tee_hash_id = TEE_ALG_SHA384; 388 break; 389 case PKCS11_CKM_SHA512: 390 if (mgf != PKCS11_CKG_MGF1_SHA512) 391 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 392 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512; 393 *tee_hash_id = TEE_ALG_SHA512; 394 break; 395 default: 396 EMSG("Unexpected %#"PRIx32"/%s", hash, 397 id2str_proc(hash)); 398 399 return PKCS11_CKR_GENERAL_ERROR; 400 } 401 break; 402 default: 403 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id, 404 id2str_proc(proc_params->id)); 405 406 return PKCS11_CKR_GENERAL_ERROR; 407 } 408 409 return PKCS11_CKR_OK; 410 } 411 412 enum pkcs11_rc 413 pkcs2tee_algo_rsa_aes_wrap(uint32_t *tee_id, uint32_t *tee_hash_id, 414 struct pkcs11_attribute_head *proc_params) 415 { 416 struct serialargs args = { }; 417 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 418 uint32_t aes_key_bits = 0; 419 uint32_t hash = 0; 420 uint32_t mgf = 0; 421 uint32_t source_type = 0; 422 void *source_data = NULL; 423 uint32_t source_size = 0; 424 425 serialargs_init(&args, proc_params->data, proc_params->size); 426 427 rc = serialargs_get_u32(&args, &aes_key_bits); 428 if (rc) 429 return rc; 430 431 rc = serialargs_get_u32(&args, &hash); 432 if (rc) 433 return rc; 434 435 rc = serialargs_get_u32(&args, &mgf); 436 if (rc) 437 return rc; 438 439 rc = serialargs_get_u32(&args, &source_type); 440 if (rc) 441 return rc; 442 443 rc = serialargs_get_u32(&args, &source_size); 444 if (rc) 445 return rc; 446 447 rc = serialargs_get_ptr(&args, &source_data, source_size); 448 if (rc) 449 return rc; 450 451 if (serialargs_remaining_bytes(&args)) 452 return PKCS11_CKR_ARGUMENTS_BAD; 453 454 if (source_type != PKCS11_CKZ_DATA_SPECIFIED) 455 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 456 457 switch (proc_params->id) { 458 case PKCS11_CKM_RSA_AES_KEY_WRAP: 459 switch (hash) { 460 case PKCS11_CKM_SHA_1: 461 if (mgf != PKCS11_CKG_MGF1_SHA1) 462 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 463 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1; 464 *tee_hash_id = TEE_ALG_SHA1; 465 break; 466 case PKCS11_CKM_SHA224: 467 if (mgf != PKCS11_CKG_MGF1_SHA224) 468 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 469 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224; 470 *tee_hash_id = TEE_ALG_SHA224; 471 break; 472 case PKCS11_CKM_SHA256: 473 if (mgf != PKCS11_CKG_MGF1_SHA256) 474 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 475 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256; 476 *tee_hash_id = TEE_ALG_SHA256; 477 break; 478 case PKCS11_CKM_SHA384: 479 if (mgf != PKCS11_CKG_MGF1_SHA384) 480 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 481 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384; 482 *tee_hash_id = TEE_ALG_SHA384; 483 break; 484 case PKCS11_CKM_SHA512: 485 if (mgf != PKCS11_CKG_MGF1_SHA512) 486 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 487 *tee_id = TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512; 488 *tee_hash_id = TEE_ALG_SHA512; 489 break; 490 default: 491 EMSG("Unexpected %#"PRIx32"/%s", hash, 492 id2str_proc(hash)); 493 494 return PKCS11_CKR_GENERAL_ERROR; 495 } 496 break; 497 default: 498 EMSG("Unexpected mechanism %#"PRIx32"/%s", proc_params->id, 499 id2str_proc(proc_params->id)); 500 501 return PKCS11_CKR_GENERAL_ERROR; 502 } 503 504 return PKCS11_CKR_OK; 505 } 506 507 enum pkcs11_rc load_tee_rsa_key_attrs(TEE_Attribute **tee_attrs, 508 size_t *tee_count, 509 struct pkcs11_object *obj) 510 { 511 TEE_Attribute *attrs = NULL; 512 size_t count = 0; 513 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 514 void *a_ptr = NULL; 515 516 assert(get_key_type(obj->attributes) == PKCS11_CKK_RSA); 517 518 switch (get_class(obj->attributes)) { 519 case PKCS11_CKO_PUBLIC_KEY: 520 attrs = TEE_Malloc(2 * sizeof(TEE_Attribute), 521 TEE_USER_MEM_HINT_NO_FILL_ZERO); 522 if (!attrs) 523 return PKCS11_CKR_DEVICE_MEMORY; 524 525 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS, 526 obj, PKCS11_CKA_MODULUS)) 527 count++; 528 529 if (pkcs2tee_load_attr(&attrs[count], 530 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj, 531 PKCS11_CKA_PUBLIC_EXPONENT)) 532 count++; 533 534 if (count == 2) 535 rc = PKCS11_CKR_OK; 536 537 break; 538 539 case PKCS11_CKO_PRIVATE_KEY: 540 attrs = TEE_Malloc(8 * sizeof(TEE_Attribute), 541 TEE_USER_MEM_HINT_NO_FILL_ZERO); 542 if (!attrs) 543 return PKCS11_CKR_DEVICE_MEMORY; 544 545 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_MODULUS, 546 obj, PKCS11_CKA_MODULUS)) 547 count++; 548 549 if (pkcs2tee_load_attr(&attrs[count], 550 TEE_ATTR_RSA_PUBLIC_EXPONENT, obj, 551 PKCS11_CKA_PUBLIC_EXPONENT)) 552 count++; 553 554 if (pkcs2tee_load_attr(&attrs[count], 555 TEE_ATTR_RSA_PRIVATE_EXPONENT, obj, 556 PKCS11_CKA_PRIVATE_EXPONENT)) 557 count++; 558 559 if (count != 3) 560 break; 561 562 /* If pre-computed values are present load those */ 563 rc = get_attribute_ptr(obj->attributes, PKCS11_CKA_PRIME_1, 564 &a_ptr, NULL); 565 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 566 break; 567 if (rc == PKCS11_RV_NOT_FOUND || !a_ptr) { 568 rc = PKCS11_CKR_OK; 569 break; 570 } 571 572 rc = PKCS11_CKR_GENERAL_ERROR; 573 574 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME1, obj, 575 PKCS11_CKA_PRIME_1)) 576 count++; 577 578 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_PRIME2, obj, 579 PKCS11_CKA_PRIME_2)) 580 count++; 581 582 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT1, 583 obj, PKCS11_CKA_EXPONENT_1)) 584 count++; 585 586 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_EXPONENT2, 587 obj, PKCS11_CKA_EXPONENT_2)) 588 count++; 589 590 if (pkcs2tee_load_attr(&attrs[count], TEE_ATTR_RSA_COEFFICIENT, 591 obj, PKCS11_CKA_COEFFICIENT)) 592 count++; 593 594 if (count == 8) 595 rc = PKCS11_CKR_OK; 596 597 break; 598 599 default: 600 assert(0); 601 break; 602 } 603 604 if (rc == PKCS11_CKR_OK) { 605 *tee_attrs = attrs; 606 *tee_count = count; 607 } else { 608 TEE_Free(attrs); 609 } 610 611 return rc; 612 } 613 614 static enum pkcs11_rc tee2pkcs_rsa_attributes(struct obj_attrs **pub_head, 615 struct obj_attrs **priv_head, 616 TEE_ObjectHandle tee_obj) 617 { 618 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 619 void *a_ptr = NULL; 620 621 rc = tee2pkcs_add_attribute(pub_head, PKCS11_CKA_MODULUS, tee_obj, 622 TEE_ATTR_RSA_MODULUS); 623 if (rc) 624 goto out; 625 626 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr, 627 NULL); 628 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 629 goto out; 630 631 if (rc == PKCS11_CKR_OK && !a_ptr) { 632 rc = remove_empty_attribute(pub_head, 633 PKCS11_CKA_PUBLIC_EXPONENT); 634 if (rc) 635 goto out; 636 rc = PKCS11_RV_NOT_FOUND; 637 } 638 639 if (rc == PKCS11_RV_NOT_FOUND) { 640 rc = tee2pkcs_add_attribute(pub_head, 641 PKCS11_CKA_PUBLIC_EXPONENT, 642 tee_obj, 643 TEE_ATTR_RSA_PUBLIC_EXPONENT); 644 if (rc) 645 goto out; 646 } 647 648 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_MODULUS, tee_obj, 649 TEE_ATTR_RSA_MODULUS); 650 if (rc) 651 goto out; 652 653 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT, 654 tee_obj, TEE_ATTR_RSA_PUBLIC_EXPONENT); 655 if (rc) 656 goto out; 657 658 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT, 659 tee_obj, TEE_ATTR_RSA_PRIVATE_EXPONENT); 660 if (rc) 661 goto out; 662 663 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_1, tee_obj, 664 TEE_ATTR_RSA_PRIME1); 665 if (rc) 666 goto out; 667 668 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_PRIME_2, tee_obj, 669 TEE_ATTR_RSA_PRIME2); 670 if (rc) 671 goto out; 672 673 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_1, tee_obj, 674 TEE_ATTR_RSA_EXPONENT1); 675 if (rc) 676 goto out; 677 678 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_EXPONENT_2, tee_obj, 679 TEE_ATTR_RSA_EXPONENT2); 680 if (rc) 681 goto out; 682 683 rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_COEFFICIENT, tee_obj, 684 TEE_ATTR_RSA_COEFFICIENT); 685 out: 686 return rc; 687 } 688 689 enum pkcs11_rc generate_rsa_keys(struct pkcs11_attribute_head *proc_params, 690 struct obj_attrs **pub_head, 691 struct obj_attrs **priv_head) 692 { 693 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 694 void *a_ptr = NULL; 695 uint32_t a_size = 0; 696 TEE_ObjectHandle tee_obj = TEE_HANDLE_NULL; 697 TEE_Result res = TEE_ERROR_GENERIC; 698 uint32_t modulus_bits = 0; 699 TEE_Attribute tee_attrs[1] = { }; 700 uint32_t tee_count = 0; 701 702 if (!proc_params || !*pub_head || !*priv_head) 703 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 704 705 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_MODULUS_BITS, &a_ptr, 706 &a_size); 707 if (rc != PKCS11_CKR_OK || a_size != sizeof(uint32_t)) 708 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 709 710 TEE_MemMove(&modulus_bits, a_ptr, sizeof(uint32_t)); 711 712 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_PUBLIC_EXPONENT, &a_ptr, 713 &a_size); 714 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 715 return rc; 716 717 if (rc == PKCS11_CKR_OK && a_ptr) { 718 TEE_InitRefAttribute(&tee_attrs[tee_count], 719 TEE_ATTR_RSA_PUBLIC_EXPONENT, 720 a_ptr, a_size); 721 tee_count++; 722 } 723 724 if (remove_empty_attribute(priv_head, PKCS11_CKA_MODULUS) || 725 remove_empty_attribute(priv_head, PKCS11_CKA_PUBLIC_EXPONENT) || 726 remove_empty_attribute(priv_head, PKCS11_CKA_PRIVATE_EXPONENT) || 727 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_1) || 728 remove_empty_attribute(priv_head, PKCS11_CKA_PRIME_2) || 729 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_1) || 730 remove_empty_attribute(priv_head, PKCS11_CKA_EXPONENT_2) || 731 remove_empty_attribute(priv_head, PKCS11_CKA_COEFFICIENT)) { 732 EMSG("Unexpected attribute(s) found"); 733 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 734 goto out; 735 } 736 737 /* Create an RSA TEE key */ 738 res = TEE_AllocateTransientObject(TEE_TYPE_RSA_KEYPAIR, modulus_bits, 739 &tee_obj); 740 if (res) { 741 DMSG("TEE_AllocateTransientObject failed %#"PRIx32, res); 742 743 rc = tee2pkcs_error(res); 744 goto out; 745 } 746 747 res = TEE_RestrictObjectUsage1(tee_obj, TEE_USAGE_EXTRACTABLE); 748 if (res) { 749 DMSG("TEE_RestrictObjectUsage1 failed %#"PRIx32, res); 750 751 rc = tee2pkcs_error(res); 752 goto out; 753 } 754 755 res = TEE_GenerateKey(tee_obj, modulus_bits, tee_attrs, tee_count); 756 if (res) { 757 DMSG("TEE_GenerateKey failed %#"PRIx32, res); 758 759 rc = tee2pkcs_error(res); 760 goto out; 761 } 762 763 rc = tee2pkcs_rsa_attributes(pub_head, priv_head, tee_obj); 764 765 out: 766 if (tee_obj != TEE_HANDLE_NULL) 767 TEE_CloseObject(tee_obj); 768 769 return rc; 770 } 771 772 size_t rsa_get_input_max_byte_size(TEE_OperationHandle op) 773 { 774 TEE_OperationInfo info = { }; 775 776 TEE_GetOperationInfo(op, &info); 777 778 return info.maxKeySize / 8; 779 } 780 781 enum pkcs11_rc pkcs2tee_rsa_nopad_context(struct active_processing *proc) 782 { 783 size_t key_size = 0; 784 785 /* 786 * RSA no-pad (CKM_RSA_X_509) verify needs a buffer of the size 787 * of the key to safely run. 788 */ 789 key_size = rsa_get_input_max_byte_size(proc->tee_op_handle); 790 if (!key_size) 791 return PKCS11_CKR_GENERAL_ERROR; 792 793 proc->extra_ctx = TEE_Malloc(key_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 794 if (!proc->extra_ctx) 795 return PKCS11_CKR_DEVICE_MEMORY; 796 797 return PKCS11_CKR_OK; 798 } 799