1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <pkcs11_ta.h> 8 #include <string.h> 9 #include <tee_api_defines.h> 10 #include <tee_internal_api.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_defines.h> 13 #include <util.h> 14 15 #include "attributes.h" 16 #include "object.h" 17 #include "pkcs11_attributes.h" 18 #include "pkcs11_helpers.h" 19 #include "pkcs11_token.h" 20 #include "processing.h" 21 #include "serializer.h" 22 23 struct input_data_ref { 24 size_t size; 25 void *data; 26 }; 27 28 bool processing_is_tee_symm(enum pkcs11_mechanism_id proc_id) 29 { 30 switch (proc_id) { 31 /* Authentication */ 32 case PKCS11_CKM_AES_CMAC: 33 case PKCS11_CKM_MD5_HMAC: 34 case PKCS11_CKM_SHA_1_HMAC: 35 case PKCS11_CKM_SHA224_HMAC: 36 case PKCS11_CKM_SHA256_HMAC: 37 case PKCS11_CKM_SHA384_HMAC: 38 case PKCS11_CKM_SHA512_HMAC: 39 case PKCS11_CKM_AES_CMAC_GENERAL: 40 case PKCS11_CKM_MD5_HMAC_GENERAL: 41 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 42 case PKCS11_CKM_SHA224_HMAC_GENERAL: 43 case PKCS11_CKM_SHA256_HMAC_GENERAL: 44 case PKCS11_CKM_SHA384_HMAC_GENERAL: 45 case PKCS11_CKM_SHA512_HMAC_GENERAL: 46 /* Ciphering */ 47 case PKCS11_CKM_AES_ECB: 48 case PKCS11_CKM_AES_CBC: 49 case PKCS11_CKM_AES_CTS: 50 case PKCS11_CKM_AES_CTR: 51 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 52 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 53 return true; 54 default: 55 return false; 56 } 57 } 58 59 static enum pkcs11_rc 60 pkcs2tee_algorithm(uint32_t *tee_id, struct pkcs11_attribute_head *proc_params) 61 { 62 static const struct { 63 enum pkcs11_mechanism_id mech_id; 64 uint32_t tee_id; 65 } pkcs2tee_algo[] = { 66 /* AES flavors */ 67 { PKCS11_CKM_AES_ECB, TEE_ALG_AES_ECB_NOPAD }, 68 { PKCS11_CKM_AES_CBC, TEE_ALG_AES_CBC_NOPAD }, 69 { PKCS11_CKM_AES_ECB_ENCRYPT_DATA, TEE_ALG_AES_ECB_NOPAD }, 70 { PKCS11_CKM_AES_CBC_ENCRYPT_DATA, TEE_ALG_AES_CBC_NOPAD }, 71 { PKCS11_CKM_AES_CTR, TEE_ALG_AES_CTR }, 72 { PKCS11_CKM_AES_CTS, TEE_ALG_AES_CTS }, 73 { PKCS11_CKM_AES_CMAC, TEE_ALG_AES_CMAC }, 74 { PKCS11_CKM_AES_CMAC_GENERAL, TEE_ALG_AES_CMAC }, 75 /* HMAC flavors */ 76 { PKCS11_CKM_MD5_HMAC, TEE_ALG_HMAC_MD5 }, 77 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_HMAC_SHA1 }, 78 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_HMAC_SHA224 }, 79 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_HMAC_SHA256 }, 80 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_HMAC_SHA384 }, 81 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_HMAC_SHA512 }, 82 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_HMAC_MD5 }, 83 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_HMAC_SHA1 }, 84 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_HMAC_SHA224 }, 85 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_HMAC_SHA256 }, 86 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_HMAC_SHA384 }, 87 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_HMAC_SHA512 }, 88 }; 89 size_t n = 0; 90 91 for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) { 92 if (proc_params->id == pkcs2tee_algo[n].mech_id) { 93 *tee_id = pkcs2tee_algo[n].tee_id; 94 return PKCS11_CKR_OK; 95 } 96 } 97 98 return PKCS11_RV_NOT_IMPLEMENTED; 99 } 100 101 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type, 102 struct pkcs11_object *obj) 103 { 104 static const struct { 105 enum pkcs11_key_type key_type; 106 uint32_t tee_id; 107 } pkcs2tee_key_type[] = { 108 { PKCS11_CKK_AES, TEE_TYPE_AES }, 109 { PKCS11_CKK_GENERIC_SECRET, TEE_TYPE_GENERIC_SECRET }, 110 { PKCS11_CKK_MD5_HMAC, TEE_TYPE_HMAC_MD5 }, 111 { PKCS11_CKK_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 }, 112 { PKCS11_CKK_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 }, 113 { PKCS11_CKK_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 }, 114 { PKCS11_CKK_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 }, 115 { PKCS11_CKK_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 }, 116 }; 117 size_t n = 0; 118 enum pkcs11_key_type key_type = get_key_type(obj->attributes); 119 120 assert(get_class(obj->attributes) == PKCS11_CKO_SECRET_KEY); 121 122 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) { 123 if (pkcs2tee_key_type[n].key_type == key_type) { 124 *tee_type = pkcs2tee_key_type[n].tee_id; 125 return PKCS11_CKR_OK; 126 } 127 } 128 129 return PKCS11_RV_NOT_FOUND; 130 } 131 132 static enum pkcs11_rc pkcsmech2tee_key_type(uint32_t *tee_type, 133 enum pkcs11_mechanism_id mech_id) 134 { 135 static const struct { 136 enum pkcs11_mechanism_id mech; 137 uint32_t tee_id; 138 } pkcs2tee_key_type[] = { 139 { PKCS11_CKM_MD5_HMAC, TEE_TYPE_HMAC_MD5 }, 140 { PKCS11_CKM_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 }, 141 { PKCS11_CKM_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 }, 142 { PKCS11_CKM_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 }, 143 { PKCS11_CKM_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 }, 144 { PKCS11_CKM_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 }, 145 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_TYPE_HMAC_MD5 }, 146 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_TYPE_HMAC_SHA1 }, 147 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_TYPE_HMAC_SHA224 }, 148 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_TYPE_HMAC_SHA256 }, 149 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_TYPE_HMAC_SHA384 }, 150 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_TYPE_HMAC_SHA512 }, 151 }; 152 size_t n = 0; 153 154 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) { 155 if (pkcs2tee_key_type[n].mech == mech_id) { 156 *tee_type = pkcs2tee_key_type[n].tee_id; 157 return PKCS11_CKR_OK; 158 } 159 } 160 161 return PKCS11_RV_NOT_FOUND; 162 } 163 164 static enum pkcs11_rc hmac_to_tee_hash(uint32_t *algo, 165 enum pkcs11_mechanism_id mech_id) 166 { 167 static const struct { 168 enum pkcs11_mechanism_id mech; 169 uint32_t tee_id; 170 } hmac_hash[] = { 171 { PKCS11_CKM_MD5_HMAC, TEE_ALG_MD5 }, 172 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_SHA1 }, 173 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_SHA224 }, 174 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_SHA256 }, 175 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_SHA384 }, 176 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_SHA512 }, 177 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_MD5 }, 178 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_SHA1 }, 179 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_SHA224 }, 180 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_SHA256 }, 181 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_SHA384 }, 182 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_SHA512 }, 183 }; 184 size_t n = 0; 185 186 for (n = 0; n < ARRAY_SIZE(hmac_hash); n++) { 187 if (hmac_hash[n].mech == mech_id) { 188 *algo = hmac_hash[n].tee_id; 189 return PKCS11_CKR_OK; 190 } 191 } 192 193 return PKCS11_RV_NOT_FOUND; 194 } 195 196 static enum pkcs11_rc 197 allocate_tee_operation(struct pkcs11_session *session, 198 enum processing_func function, 199 struct pkcs11_attribute_head *params, 200 struct pkcs11_object *obj) 201 { 202 uint32_t size = (uint32_t)get_object_key_bit_size(obj); 203 uint32_t key_size = size / 8; 204 uint32_t algo = 0; 205 uint32_t mode = 0; 206 uint32_t max_key_size = 0; 207 uint32_t min_key_size = 0; 208 TEE_Result res = TEE_ERROR_GENERIC; 209 210 assert(session->processing->tee_op_handle == TEE_HANDLE_NULL); 211 212 if (pkcs2tee_algorithm(&algo, params)) 213 return PKCS11_CKR_FUNCTION_FAILED; 214 215 /* Sign/Verify with AES or generic key relate to TEE MAC operation */ 216 switch (params->id) { 217 case PKCS11_CKM_MD5_HMAC: 218 case PKCS11_CKM_SHA_1_HMAC: 219 case PKCS11_CKM_SHA224_HMAC: 220 case PKCS11_CKM_SHA256_HMAC: 221 case PKCS11_CKM_SHA384_HMAC: 222 case PKCS11_CKM_SHA512_HMAC: 223 case PKCS11_CKM_MD5_HMAC_GENERAL: 224 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 225 case PKCS11_CKM_SHA224_HMAC_GENERAL: 226 case PKCS11_CKM_SHA256_HMAC_GENERAL: 227 case PKCS11_CKM_SHA384_HMAC_GENERAL: 228 case PKCS11_CKM_SHA512_HMAC_GENERAL: 229 mechanism_supported_key_sizes_bytes(params->id, &min_key_size, 230 &max_key_size); 231 if (key_size < min_key_size) 232 return PKCS11_CKR_KEY_SIZE_RANGE; 233 234 /* 235 * If size of generic key is greater than the size 236 * supported by TEE API, this is not considered an 237 * error. When loading TEE key, we will hash the key 238 * to generate the appropriate key for HMAC operation. 239 * This key size will not be greater than the 240 * max_key_size. So we can use max_key_size for 241 * TEE_AllocateOperation(). 242 */ 243 if (key_size > max_key_size) 244 size = max_key_size * 8; 245 246 mode = TEE_MODE_MAC; 247 break; 248 case PKCS11_CKM_AES_CMAC: 249 case PKCS11_CKM_AES_CMAC_GENERAL: 250 mode = TEE_MODE_MAC; 251 break; 252 default: 253 pkcs2tee_mode(&mode, function); 254 break; 255 } 256 257 res = TEE_AllocateOperation(&session->processing->tee_op_handle, 258 algo, mode, size); 259 if (res) 260 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32, 261 algo, mode, size); 262 263 if (res == TEE_ERROR_NOT_SUPPORTED) 264 return PKCS11_CKR_MECHANISM_INVALID; 265 266 return tee2pkcs_error(res); 267 } 268 269 static enum pkcs11_rc hash_secret_helper(enum pkcs11_mechanism_id mech_id, 270 struct pkcs11_object *obj, 271 TEE_Attribute *tee_attr, 272 void **ctx, 273 size_t *object_size_bits) 274 { 275 uint32_t algo = 0; 276 void *hash_ptr = NULL; 277 uint32_t hash_size = 0; 278 enum pkcs11_rc rc = PKCS11_CKR_OK; 279 280 rc = hmac_to_tee_hash(&algo, mech_id); 281 if (rc) 282 return rc; 283 284 hash_size = TEE_ALG_GET_DIGEST_SIZE(algo); 285 hash_ptr = TEE_Malloc(hash_size, 0); 286 if (!hash_ptr) 287 return PKCS11_CKR_DEVICE_MEMORY; 288 289 rc = pkcs2tee_load_hashed_attr(tee_attr, TEE_ATTR_SECRET_VALUE, obj, 290 PKCS11_CKA_VALUE, algo, hash_ptr, 291 &hash_size); 292 if (rc) { 293 EMSG("No secret/hash error"); 294 TEE_Free(hash_ptr); 295 return rc; 296 } 297 298 *ctx = hash_ptr; 299 300 *object_size_bits = hash_size * 8; 301 302 return PKCS11_CKR_OK; 303 } 304 305 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session, 306 struct pkcs11_object *obj, 307 struct pkcs11_attribute_head *proc_params) 308 { 309 TEE_Attribute tee_attr = { }; 310 size_t object_size = 0; 311 uint32_t tee_key_type = 0; 312 enum pkcs11_key_type key_type = 0; 313 enum pkcs11_rc rc = PKCS11_CKR_OK; 314 TEE_Result res = TEE_ERROR_GENERIC; 315 uint32_t max_key_size = 0; 316 uint32_t min_key_size = 0; 317 318 if (obj->key_handle != TEE_HANDLE_NULL) { 319 /* Key was already loaded and fits current need */ 320 goto key_ready; 321 } 322 323 object_size = get_object_key_bit_size(obj); 324 if (!object_size) 325 return PKCS11_CKR_GENERAL_ERROR; 326 327 switch (proc_params->id) { 328 case PKCS11_CKM_MD5_HMAC: 329 case PKCS11_CKM_SHA_1_HMAC: 330 case PKCS11_CKM_SHA224_HMAC: 331 case PKCS11_CKM_SHA256_HMAC: 332 case PKCS11_CKM_SHA384_HMAC: 333 case PKCS11_CKM_SHA512_HMAC: 334 case PKCS11_CKM_MD5_HMAC_GENERAL: 335 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 336 case PKCS11_CKM_SHA224_HMAC_GENERAL: 337 case PKCS11_CKM_SHA256_HMAC_GENERAL: 338 case PKCS11_CKM_SHA384_HMAC_GENERAL: 339 case PKCS11_CKM_SHA512_HMAC_GENERAL: 340 key_type = get_key_type(obj->attributes); 341 /* 342 * If Object Key type is PKCS11_CKK_GENERIC_SECRET, 343 * determine the tee_key_type using the 344 * mechanism instead of object key_type. 345 */ 346 if (key_type == PKCS11_CKK_GENERIC_SECRET) 347 rc = pkcsmech2tee_key_type(&tee_key_type, 348 proc_params->id); 349 else 350 rc = pkcs2tee_key_type(&tee_key_type, obj); 351 352 if (rc) 353 return rc; 354 355 mechanism_supported_key_sizes_bytes(proc_params->id, 356 &min_key_size, 357 &max_key_size); 358 359 if ((object_size / 8) > max_key_size) { 360 rc = hash_secret_helper(proc_params->id, obj, &tee_attr, 361 &session->processing->extra_ctx, 362 &object_size); 363 if (rc) 364 return rc; 365 } else { 366 if (!pkcs2tee_load_attr(&tee_attr, 367 TEE_ATTR_SECRET_VALUE, 368 obj, 369 PKCS11_CKA_VALUE)) { 370 EMSG("No secret found"); 371 return PKCS11_CKR_FUNCTION_FAILED; 372 } 373 } 374 break; 375 376 default: 377 rc = pkcs2tee_key_type(&tee_key_type, obj); 378 if (rc) 379 return rc; 380 381 if (!pkcs2tee_load_attr(&tee_attr, TEE_ATTR_SECRET_VALUE, 382 obj, PKCS11_CKA_VALUE)) { 383 EMSG("No secret found"); 384 return PKCS11_CKR_FUNCTION_FAILED; 385 } 386 break; 387 } 388 389 res = TEE_AllocateTransientObject(tee_key_type, object_size, 390 &obj->key_handle); 391 if (res) { 392 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 393 return tee2pkcs_error(res); 394 } 395 396 res = TEE_PopulateTransientObject(obj->key_handle, &tee_attr, 1); 397 if (res) { 398 DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res); 399 goto error; 400 } 401 402 key_ready: 403 res = TEE_SetOperationKey(session->processing->tee_op_handle, 404 obj->key_handle); 405 if (res) { 406 DMSG("TEE_SetOperationKey failed, %#"PRIx32, res); 407 goto error; 408 } 409 410 return PKCS11_CKR_OK; 411 412 error: 413 TEE_FreeTransientObject(obj->key_handle); 414 obj->key_handle = TEE_HANDLE_NULL; 415 416 return tee2pkcs_error(res); 417 } 418 419 static enum pkcs11_rc 420 tee_init_derive_symm(struct active_processing *processing, 421 struct pkcs11_attribute_head *proc_params) 422 { 423 struct serialargs args = { }; 424 enum pkcs11_rc rc = PKCS11_CKR_OK; 425 struct input_data_ref *param = NULL; 426 void *iv = NULL; 427 428 if (!proc_params) 429 return PKCS11_CKR_ARGUMENTS_BAD; 430 431 param = TEE_Malloc(sizeof(struct input_data_ref), TEE_MALLOC_FILL_ZERO); 432 if (!param) 433 return PKCS11_CKR_DEVICE_MEMORY; 434 435 serialargs_init(&args, proc_params->data, proc_params->size); 436 437 switch (proc_params->id) { 438 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 439 rc = serialargs_get_ptr(&args, &iv, 16); 440 if (rc) 441 goto err; 442 break; 443 default: 444 break; 445 } 446 447 rc = serialargs_get(&args, ¶m->size, sizeof(uint32_t)); 448 if (rc) 449 goto err; 450 451 rc = serialargs_get_ptr(&args, ¶m->data, param->size); 452 if (rc) 453 goto err; 454 455 if (serialargs_remaining_bytes(&args)) { 456 rc = PKCS11_CKR_ARGUMENTS_BAD; 457 goto err; 458 } 459 460 processing->extra_ctx = param; 461 462 switch (proc_params->id) { 463 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 464 if (param->size % TEE_AES_BLOCK_SIZE) { 465 rc = PKCS11_CKR_DATA_LEN_RANGE; 466 goto err; 467 } 468 TEE_CipherInit(processing->tee_op_handle, NULL, 0); 469 break; 470 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 471 if (param->size % TEE_AES_BLOCK_SIZE) { 472 rc = PKCS11_CKR_DATA_LEN_RANGE; 473 goto err; 474 } 475 TEE_CipherInit(processing->tee_op_handle, iv, 16); 476 break; 477 default: 478 TEE_Panic(proc_params->id); 479 break; 480 } 481 482 return PKCS11_CKR_OK; 483 484 err: 485 processing->extra_ctx = NULL; 486 TEE_Free(param); 487 return rc; 488 } 489 490 static enum pkcs11_rc 491 input_hmac_len_is_valid(struct pkcs11_attribute_head *proc_params, 492 uint32_t hmac_len) 493 { 494 uint32_t sign_sz = 0; 495 496 switch (proc_params->id) { 497 case PKCS11_CKM_MD5_HMAC_GENERAL: 498 sign_sz = TEE_MD5_HASH_SIZE; 499 break; 500 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 501 sign_sz = TEE_SHA1_HASH_SIZE; 502 break; 503 case PKCS11_CKM_SHA224_HMAC_GENERAL: 504 sign_sz = TEE_SHA224_HASH_SIZE; 505 break; 506 case PKCS11_CKM_SHA256_HMAC_GENERAL: 507 sign_sz = TEE_SHA256_HASH_SIZE; 508 break; 509 case PKCS11_CKM_SHA384_HMAC_GENERAL: 510 sign_sz = TEE_SHA384_HASH_SIZE; 511 break; 512 case PKCS11_CKM_SHA512_HMAC_GENERAL: 513 sign_sz = TEE_SHA512_HASH_SIZE; 514 break; 515 case PKCS11_CKM_AES_CMAC_GENERAL: 516 sign_sz = TEE_AES_BLOCK_SIZE; 517 break; 518 default: 519 return PKCS11_CKR_MECHANISM_INVALID; 520 } 521 522 if (!hmac_len || hmac_len > sign_sz) 523 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 524 525 return PKCS11_CKR_OK; 526 } 527 528 static enum pkcs11_rc 529 init_tee_operation(struct pkcs11_session *session, 530 struct pkcs11_attribute_head *proc_params) 531 { 532 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 533 uint32_t *pkcs11_data = NULL; 534 535 switch (proc_params->id) { 536 case PKCS11_CKM_AES_CMAC: 537 case PKCS11_CKM_MD5_HMAC: 538 case PKCS11_CKM_SHA_1_HMAC: 539 case PKCS11_CKM_SHA224_HMAC: 540 case PKCS11_CKM_SHA256_HMAC: 541 case PKCS11_CKM_SHA384_HMAC: 542 case PKCS11_CKM_SHA512_HMAC: 543 if (proc_params->size) 544 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 545 546 TEE_MACInit(session->processing->tee_op_handle, NULL, 0); 547 rc = PKCS11_CKR_OK; 548 break; 549 case PKCS11_CKM_AES_CMAC_GENERAL: 550 case PKCS11_CKM_MD5_HMAC_GENERAL: 551 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 552 case PKCS11_CKM_SHA224_HMAC_GENERAL: 553 case PKCS11_CKM_SHA256_HMAC_GENERAL: 554 case PKCS11_CKM_SHA384_HMAC_GENERAL: 555 case PKCS11_CKM_SHA512_HMAC_GENERAL: 556 if (proc_params->size != sizeof(uint32_t)) 557 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 558 559 pkcs11_data = TEE_Malloc(sizeof(uint32_t), 560 TEE_MALLOC_FILL_ZERO); 561 if (!pkcs11_data) 562 return PKCS11_CKR_DEVICE_MEMORY; 563 564 TEE_MemMove(pkcs11_data, proc_params->data, sizeof(uint32_t)); 565 566 rc = input_hmac_len_is_valid(proc_params, *pkcs11_data); 567 if (rc) { 568 TEE_Free(pkcs11_data); 569 return rc; 570 } 571 572 session->processing->extra_ctx = (void *)pkcs11_data; 573 574 TEE_MACInit(session->processing->tee_op_handle, NULL, 0); 575 rc = PKCS11_CKR_OK; 576 break; 577 case PKCS11_CKM_AES_ECB: 578 if (proc_params->size) 579 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 580 581 TEE_CipherInit(session->processing->tee_op_handle, NULL, 0); 582 rc = PKCS11_CKR_OK; 583 break; 584 case PKCS11_CKM_AES_CBC: 585 case PKCS11_CKM_AES_CTS: 586 if (proc_params->size != 16) 587 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 588 589 TEE_CipherInit(session->processing->tee_op_handle, 590 proc_params->data, 16); 591 rc = PKCS11_CKR_OK; 592 break; 593 case PKCS11_CKM_AES_CTR: 594 rc = tee_init_ctr_operation(session->processing, 595 proc_params->data, 596 proc_params->size); 597 break; 598 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 599 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 600 rc = tee_init_derive_symm(session->processing, proc_params); 601 break; 602 default: 603 TEE_Panic(proc_params->id); 604 break; 605 } 606 607 return rc; 608 } 609 610 enum pkcs11_rc init_symm_operation(struct pkcs11_session *session, 611 enum processing_func function, 612 struct pkcs11_attribute_head *proc_params, 613 struct pkcs11_object *obj) 614 { 615 enum pkcs11_rc rc = PKCS11_CKR_OK; 616 617 assert(processing_is_tee_symm(proc_params->id)); 618 619 rc = allocate_tee_operation(session, function, proc_params, obj); 620 if (rc) 621 return rc; 622 623 rc = load_tee_key(session, obj, proc_params); 624 if (rc) 625 return rc; 626 627 rc = init_tee_operation(session, proc_params); 628 if (!rc) 629 session->processing->mecha_type = proc_params->id; 630 631 return rc; 632 } 633 634 /* Validate input buffer size as per PKCS#11 constraints */ 635 static enum pkcs11_rc input_data_size_is_valid(struct active_processing *proc, 636 enum processing_func function, 637 size_t in_size) 638 { 639 switch (proc->mecha_type) { 640 case PKCS11_CKM_AES_ECB: 641 case PKCS11_CKM_AES_CBC: 642 if (function == PKCS11_FUNCTION_ENCRYPT && 643 in_size % TEE_AES_BLOCK_SIZE) 644 return PKCS11_CKR_DATA_LEN_RANGE; 645 if (function == PKCS11_FUNCTION_DECRYPT && 646 in_size % TEE_AES_BLOCK_SIZE) 647 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 648 break; 649 case PKCS11_CKM_AES_CTS: 650 if (function == PKCS11_FUNCTION_ENCRYPT && 651 in_size < TEE_AES_BLOCK_SIZE) 652 return PKCS11_CKR_DATA_LEN_RANGE; 653 if (function == PKCS11_FUNCTION_DECRYPT && 654 in_size < TEE_AES_BLOCK_SIZE) 655 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 656 break; 657 default: 658 break; 659 } 660 661 return PKCS11_CKR_OK; 662 } 663 664 /* Validate input buffer size as per PKCS#11 constraints */ 665 static enum pkcs11_rc input_sign_size_is_valid(struct active_processing *proc, 666 size_t in_size) 667 { 668 size_t sign_sz = 0; 669 670 switch (proc->mecha_type) { 671 case PKCS11_CKM_MD5_HMAC: 672 sign_sz = TEE_MD5_HASH_SIZE; 673 break; 674 case PKCS11_CKM_SHA_1_HMAC: 675 sign_sz = TEE_SHA1_HASH_SIZE; 676 break; 677 case PKCS11_CKM_SHA224_HMAC: 678 sign_sz = TEE_SHA224_HASH_SIZE; 679 break; 680 case PKCS11_CKM_SHA256_HMAC: 681 sign_sz = TEE_SHA256_HASH_SIZE; 682 break; 683 case PKCS11_CKM_SHA384_HMAC: 684 sign_sz = TEE_SHA384_HASH_SIZE; 685 break; 686 case PKCS11_CKM_SHA512_HMAC: 687 sign_sz = TEE_SHA512_HASH_SIZE; 688 break; 689 case PKCS11_CKM_AES_CMAC: 690 sign_sz = TEE_AES_BLOCK_SIZE; 691 break; 692 default: 693 return PKCS11_CKR_GENERAL_ERROR; 694 } 695 696 if (in_size != sign_sz) 697 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 698 699 return PKCS11_CKR_OK; 700 } 701 702 /* 703 * step_sym_cipher - processing symmetric (and related) cipher operation step 704 * 705 * @session - current session 706 * @function - processing function (encrypt, decrypt, sign, ...) 707 * @step - step ID in the processing (oneshot, update, final) 708 * @ptype - invocation parameter types 709 * @params - invocation parameter references 710 */ 711 enum pkcs11_rc step_symm_operation(struct pkcs11_session *session, 712 enum processing_func function, 713 enum processing_step step, 714 uint32_t ptypes, TEE_Param *params) 715 { 716 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 717 TEE_Result res = TEE_ERROR_GENERIC; 718 void *in_buf = NULL; 719 size_t in_size = 0; 720 void *out_buf = NULL; 721 size_t out_size = 0; 722 void *in2_buf = NULL; 723 uint32_t in2_size = 0; 724 bool output_data = false; 725 struct active_processing *proc = session->processing; 726 uint32_t hmac_len = 0; 727 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 728 size_t computed_mac_size = TEE_MAX_HASH_SIZE; 729 730 if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) { 731 in_buf = params[1].memref.buffer; 732 in_size = params[1].memref.size; 733 if (in_size && !in_buf) 734 return PKCS11_CKR_ARGUMENTS_BAD; 735 } 736 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) { 737 in2_buf = params[2].memref.buffer; 738 in2_size = params[2].memref.size; 739 if (in2_size && !in2_buf) 740 return PKCS11_CKR_ARGUMENTS_BAD; 741 } 742 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) { 743 out_buf = params[2].memref.buffer; 744 out_size = params[2].memref.size; 745 if (out_size && !out_buf) 746 return PKCS11_CKR_ARGUMENTS_BAD; 747 } 748 if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE) 749 return PKCS11_CKR_ARGUMENTS_BAD; 750 751 switch (step) { 752 case PKCS11_FUNC_STEP_ONESHOT: 753 case PKCS11_FUNC_STEP_UPDATE: 754 case PKCS11_FUNC_STEP_FINAL: 755 break; 756 default: 757 return PKCS11_CKR_GENERAL_ERROR; 758 } 759 760 if (step != PKCS11_FUNC_STEP_FINAL) { 761 rc = input_data_size_is_valid(proc, function, in_size); 762 if (rc) 763 return rc; 764 } 765 766 /* 767 * Feed active operation with data 768 */ 769 switch (proc->mecha_type) { 770 case PKCS11_CKM_AES_CMAC: 771 case PKCS11_CKM_MD5_HMAC: 772 case PKCS11_CKM_SHA_1_HMAC: 773 case PKCS11_CKM_SHA224_HMAC: 774 case PKCS11_CKM_SHA256_HMAC: 775 case PKCS11_CKM_SHA384_HMAC: 776 case PKCS11_CKM_SHA512_HMAC: 777 case PKCS11_CKM_AES_CMAC_GENERAL: 778 case PKCS11_CKM_MD5_HMAC_GENERAL: 779 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 780 case PKCS11_CKM_SHA224_HMAC_GENERAL: 781 case PKCS11_CKM_SHA256_HMAC_GENERAL: 782 case PKCS11_CKM_SHA384_HMAC_GENERAL: 783 case PKCS11_CKM_SHA512_HMAC_GENERAL: 784 if (step == PKCS11_FUNC_STEP_FINAL || 785 step == PKCS11_FUNC_STEP_ONESHOT) 786 break; 787 788 if (!in_buf) { 789 DMSG("No input data"); 790 return PKCS11_CKR_ARGUMENTS_BAD; 791 } 792 793 switch (function) { 794 case PKCS11_FUNCTION_SIGN: 795 case PKCS11_FUNCTION_VERIFY: 796 TEE_MACUpdate(proc->tee_op_handle, in_buf, in_size); 797 rc = PKCS11_CKR_OK; 798 break; 799 default: 800 TEE_Panic(function); 801 break; 802 } 803 break; 804 805 case PKCS11_CKM_AES_ECB: 806 case PKCS11_CKM_AES_CBC: 807 case PKCS11_CKM_AES_CTS: 808 case PKCS11_CKM_AES_CTR: 809 if (step == PKCS11_FUNC_STEP_FINAL || 810 step == PKCS11_FUNC_STEP_ONESHOT) 811 break; 812 813 if (!in_buf) { 814 EMSG("No input data"); 815 return PKCS11_CKR_ARGUMENTS_BAD; 816 } 817 818 switch (function) { 819 case PKCS11_FUNCTION_ENCRYPT: 820 case PKCS11_FUNCTION_DECRYPT: 821 res = TEE_CipherUpdate(proc->tee_op_handle, 822 in_buf, in_size, 823 out_buf, &out_size); 824 output_data = true; 825 rc = tee2pkcs_error(res); 826 break; 827 default: 828 TEE_Panic(function); 829 break; 830 } 831 break; 832 833 default: 834 TEE_Panic(proc->mecha_type); 835 break; 836 } 837 838 if (step == PKCS11_FUNC_STEP_UPDATE) 839 goto out; 840 841 /* 842 * Finalize (PKCS11_FUNC_STEP_ONESHOT/_FINAL) operation 843 */ 844 switch (session->processing->mecha_type) { 845 case PKCS11_CKM_AES_CMAC: 846 case PKCS11_CKM_MD5_HMAC: 847 case PKCS11_CKM_SHA_1_HMAC: 848 case PKCS11_CKM_SHA224_HMAC: 849 case PKCS11_CKM_SHA256_HMAC: 850 case PKCS11_CKM_SHA384_HMAC: 851 case PKCS11_CKM_SHA512_HMAC: 852 switch (function) { 853 case PKCS11_FUNCTION_SIGN: 854 res = TEE_MACComputeFinal(proc->tee_op_handle, 855 in_buf, in_size, out_buf, 856 &out_size); 857 output_data = true; 858 rc = tee2pkcs_error(res); 859 break; 860 case PKCS11_FUNCTION_VERIFY: 861 rc = input_sign_size_is_valid(proc, in2_size); 862 if (rc) 863 return rc; 864 res = TEE_MACCompareFinal(proc->tee_op_handle, 865 in_buf, in_size, in2_buf, 866 in2_size); 867 rc = tee2pkcs_error(res); 868 break; 869 default: 870 TEE_Panic(function); 871 break; 872 } 873 874 break; 875 876 case PKCS11_CKM_AES_CMAC_GENERAL: 877 case PKCS11_CKM_MD5_HMAC_GENERAL: 878 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 879 case PKCS11_CKM_SHA224_HMAC_GENERAL: 880 case PKCS11_CKM_SHA256_HMAC_GENERAL: 881 case PKCS11_CKM_SHA384_HMAC_GENERAL: 882 case PKCS11_CKM_SHA512_HMAC_GENERAL: 883 assert(session->processing->extra_ctx); 884 hmac_len = *(uint32_t *)session->processing->extra_ctx; 885 886 switch (function) { 887 case PKCS11_FUNCTION_SIGN: 888 if (out_size < hmac_len) { 889 /* inform client of required size */ 890 out_size = hmac_len; 891 output_data = true; 892 rc = PKCS11_CKR_BUFFER_TOO_SMALL; 893 goto out; 894 } 895 896 res = TEE_MACComputeFinal(proc->tee_op_handle, 897 in_buf, in_size, 898 computed_mac, 899 &computed_mac_size); 900 if (res == TEE_SUCCESS) { 901 /* truncate to hmac_len */ 902 TEE_MemMove(out_buf, computed_mac, hmac_len); 903 output_data = true; 904 } 905 906 /* inform client of required size */ 907 out_size = hmac_len; 908 rc = tee2pkcs_error(res); 909 break; 910 case PKCS11_FUNCTION_VERIFY: 911 /* must compute full MAC before comparing partial */ 912 res = TEE_MACComputeFinal(proc->tee_op_handle, in_buf, 913 in_size, computed_mac, 914 &computed_mac_size); 915 916 if (!in2_size || in2_size > computed_mac_size) { 917 EMSG("Invalid signature size: %"PRIu32, 918 in2_size); 919 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 920 } 921 922 if (res == TEE_SUCCESS) { 923 /* 924 * Only the first in2_size bytes of the 925 * signature to be verified is passed in from 926 * caller 927 */ 928 if (TEE_MemCompare(in2_buf, computed_mac, 929 in2_size)) { 930 res = TEE_ERROR_MAC_INVALID; 931 } 932 } 933 934 rc = tee2pkcs_error(res); 935 break; 936 default: 937 TEE_Panic(function); 938 break; 939 } 940 941 break; 942 943 case PKCS11_CKM_AES_ECB: 944 case PKCS11_CKM_AES_CBC: 945 case PKCS11_CKM_AES_CTS: 946 case PKCS11_CKM_AES_CTR: 947 if (step == PKCS11_FUNC_STEP_ONESHOT && !in_buf) { 948 EMSG("No input data"); 949 return PKCS11_CKR_ARGUMENTS_BAD; 950 } 951 952 switch (function) { 953 case PKCS11_FUNCTION_ENCRYPT: 954 case PKCS11_FUNCTION_DECRYPT: 955 res = TEE_CipherDoFinal(proc->tee_op_handle, 956 in_buf, in_size, 957 out_buf, &out_size); 958 output_data = true; 959 rc = tee2pkcs_error(res); 960 break; 961 default: 962 TEE_Panic(function); 963 break; 964 } 965 break; 966 default: 967 TEE_Panic(proc->mecha_type); 968 break; 969 } 970 971 out: 972 if (output_data && 973 (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) { 974 switch (TEE_PARAM_TYPE_GET(ptypes, 2)) { 975 case TEE_PARAM_TYPE_MEMREF_OUTPUT: 976 case TEE_PARAM_TYPE_MEMREF_INOUT: 977 params[2].memref.size = out_size; 978 break; 979 default: 980 rc = PKCS11_CKR_ARGUMENTS_BAD; 981 break; 982 } 983 } 984 985 return rc; 986 } 987 988 enum pkcs11_rc derive_key_by_symm_enc(struct pkcs11_session *session, 989 void **out_buf, uint32_t *out_size) 990 { 991 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 992 TEE_Result res = TEE_ERROR_GENERIC; 993 struct active_processing *proc = session->processing; 994 struct input_data_ref *input = proc->extra_ctx; 995 void *in_buf = NULL; 996 void *dest_buf = NULL; 997 uint32_t in_size = 0; 998 size_t tmp_sz = 0; 999 1000 switch (proc->mecha_type) { 1001 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 1002 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 1003 if (!proc->extra_ctx) 1004 return PKCS11_CKR_ARGUMENTS_BAD; 1005 1006 in_buf = input->data; 1007 in_size = input->size; 1008 1009 *out_size = in_size; 1010 dest_buf = TEE_Malloc(*out_size, 0); 1011 if (!dest_buf) 1012 return PKCS11_CKR_DEVICE_MEMORY; 1013 1014 tmp_sz = *out_size; 1015 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_size, 1016 dest_buf, &tmp_sz); 1017 *out_size = tmp_sz; 1018 rc = tee2pkcs_error(res); 1019 if (rc) { 1020 TEE_Free(dest_buf); 1021 return rc; 1022 } 1023 1024 *out_buf = dest_buf; 1025 break; 1026 default: 1027 return PKCS11_CKR_MECHANISM_INVALID; 1028 } 1029 1030 return rc; 1031 } 1032 1033 enum pkcs11_rc wrap_data_by_symm_enc(struct pkcs11_session *session, 1034 void *data, uint32_t data_sz, 1035 void *out_buf, uint32_t *out_sz) 1036 { 1037 TEE_Result res = TEE_ERROR_GENERIC; 1038 struct active_processing *proc = session->processing; 1039 void *in_buf = NULL; 1040 uint32_t align = 0; 1041 uint32_t in_sz = data_sz; 1042 size_t tmp_sz = *out_sz; 1043 uint8_t *tmp_buf = out_buf; 1044 1045 switch (proc->mecha_type) { 1046 case PKCS11_CKM_AES_ECB: 1047 case PKCS11_CKM_AES_CBC: 1048 align = data_sz % TEE_AES_BLOCK_SIZE; 1049 if (align) 1050 in_sz = data_sz + (TEE_AES_BLOCK_SIZE - align); 1051 1052 if (*out_sz < in_sz) { 1053 *out_sz = in_sz; 1054 return PKCS11_CKR_BUFFER_TOO_SMALL; 1055 } 1056 1057 if (align) { 1058 if (data_sz > TEE_AES_BLOCK_SIZE) { 1059 in_sz = data_sz - align; 1060 res = TEE_CipherUpdate(proc->tee_op_handle, 1061 data, in_sz, tmp_buf, 1062 &tmp_sz); 1063 if (res) { 1064 assert(res != TEE_ERROR_SHORT_BUFFER); 1065 return tee2pkcs_error(res); 1066 } 1067 tmp_buf += tmp_sz; 1068 tmp_sz = *out_sz - tmp_sz; 1069 } else { 1070 in_sz = 0; 1071 } 1072 1073 in_buf = TEE_Malloc(TEE_AES_BLOCK_SIZE, 1074 TEE_MALLOC_FILL_ZERO); 1075 if (!in_buf) 1076 return PKCS11_CKR_DEVICE_MEMORY; 1077 1078 TEE_MemMove(in_buf, (uint8_t *)data + in_sz, align); 1079 in_sz = TEE_AES_BLOCK_SIZE; 1080 } else { 1081 in_buf = data; 1082 in_sz = data_sz; 1083 } 1084 1085 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_sz, 1086 tmp_buf, &tmp_sz); 1087 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 1088 *out_sz = tmp_sz; 1089 if (align) 1090 *out_sz += tmp_buf - (uint8_t *)out_buf; 1091 } 1092 1093 if (align) 1094 TEE_Free(in_buf); 1095 1096 return tee2pkcs_error(res); 1097 default: 1098 return PKCS11_CKR_MECHANISM_INVALID; 1099 } 1100 1101 return PKCS11_CKR_GENERAL_ERROR; 1102 } 1103 1104 enum pkcs11_rc unwrap_key_by_symm(struct pkcs11_session *session, void *data, 1105 uint32_t data_sz, void **out_buf, 1106 uint32_t *out_sz) 1107 { 1108 TEE_Result res = TEE_ERROR_GENERIC; 1109 struct active_processing *proc = session->processing; 1110 size_t tmp_sz = 0; 1111 1112 if (input_data_size_is_valid(proc, PKCS11_FUNCTION_DECRYPT, data_sz)) 1113 return PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 1114 1115 switch (proc->mecha_type) { 1116 case PKCS11_CKM_AES_ECB: 1117 case PKCS11_CKM_AES_CBC: 1118 *out_sz = 0; 1119 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz, 1120 NULL, &tmp_sz); 1121 *out_sz = tmp_sz; 1122 if (res != TEE_ERROR_SHORT_BUFFER) { 1123 DMSG("TEE_CipherDoFinal() issue: %#"PRIx32, res); 1124 return PKCS11_CKR_GENERAL_ERROR; 1125 } 1126 1127 *out_buf = TEE_Malloc(*out_sz, TEE_MALLOC_FILL_ZERO); 1128 if (!*out_buf) 1129 return PKCS11_CKR_DEVICE_MEMORY; 1130 1131 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz, 1132 *out_buf, &tmp_sz); 1133 *out_sz = tmp_sz; 1134 if (tee2pkcs_error(res)) { 1135 TEE_Free(*out_buf); 1136 *out_buf = NULL; 1137 return PKCS11_CKR_WRAPPED_KEY_INVALID; 1138 } 1139 break; 1140 default: 1141 return PKCS11_CKR_MECHANISM_INVALID; 1142 } 1143 1144 return PKCS11_CKR_OK; 1145 } 1146