1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <pkcs11_ta.h> 8 #include <string.h> 9 #include <tee_api_defines.h> 10 #include <tee_internal_api.h> 11 #include <tee_internal_api_extensions.h> 12 #include <utee_defines.h> 13 #include <util.h> 14 15 #include "attributes.h" 16 #include "object.h" 17 #include "pkcs11_attributes.h" 18 #include "pkcs11_helpers.h" 19 #include "pkcs11_token.h" 20 #include "processing.h" 21 #include "serializer.h" 22 23 struct input_data_ref { 24 size_t size; 25 void *data; 26 }; 27 28 bool processing_is_tee_symm(enum pkcs11_mechanism_id proc_id) 29 { 30 switch (proc_id) { 31 /* Authentication */ 32 case PKCS11_CKM_MD5_HMAC: 33 case PKCS11_CKM_SHA_1_HMAC: 34 case PKCS11_CKM_SHA224_HMAC: 35 case PKCS11_CKM_SHA256_HMAC: 36 case PKCS11_CKM_SHA384_HMAC: 37 case PKCS11_CKM_SHA512_HMAC: 38 case PKCS11_CKM_MD5_HMAC_GENERAL: 39 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 40 case PKCS11_CKM_SHA224_HMAC_GENERAL: 41 case PKCS11_CKM_SHA256_HMAC_GENERAL: 42 case PKCS11_CKM_SHA384_HMAC_GENERAL: 43 case PKCS11_CKM_SHA512_HMAC_GENERAL: 44 /* Ciphering */ 45 case PKCS11_CKM_AES_ECB: 46 case PKCS11_CKM_AES_CBC: 47 case PKCS11_CKM_AES_CBC_PAD: 48 case PKCS11_CKM_AES_CTS: 49 case PKCS11_CKM_AES_CTR: 50 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 51 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 52 return true; 53 default: 54 return false; 55 } 56 } 57 58 static enum pkcs11_rc 59 pkcs2tee_algorithm(uint32_t *tee_id, struct pkcs11_attribute_head *proc_params) 60 { 61 static const struct { 62 enum pkcs11_mechanism_id mech_id; 63 uint32_t tee_id; 64 } pkcs2tee_algo[] = { 65 /* AES flavors */ 66 { PKCS11_CKM_AES_ECB, TEE_ALG_AES_ECB_NOPAD }, 67 { PKCS11_CKM_AES_CBC, TEE_ALG_AES_CBC_NOPAD }, 68 { PKCS11_CKM_AES_CBC_PAD, TEE_ALG_AES_CBC_NOPAD }, 69 { PKCS11_CKM_AES_ECB_ENCRYPT_DATA, TEE_ALG_AES_ECB_NOPAD }, 70 { PKCS11_CKM_AES_CBC_ENCRYPT_DATA, TEE_ALG_AES_CBC_NOPAD }, 71 { PKCS11_CKM_AES_CTR, TEE_ALG_AES_CTR }, 72 { PKCS11_CKM_AES_CTS, TEE_ALG_AES_CTS }, 73 /* HMAC flavors */ 74 { PKCS11_CKM_MD5_HMAC, TEE_ALG_HMAC_MD5 }, 75 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_HMAC_SHA1 }, 76 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_HMAC_SHA224 }, 77 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_HMAC_SHA256 }, 78 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_HMAC_SHA384 }, 79 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_HMAC_SHA512 }, 80 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_HMAC_MD5 }, 81 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_HMAC_SHA1 }, 82 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_HMAC_SHA224 }, 83 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_HMAC_SHA256 }, 84 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_HMAC_SHA384 }, 85 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_HMAC_SHA512 }, 86 }; 87 size_t n = 0; 88 89 for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) { 90 if (proc_params->id == pkcs2tee_algo[n].mech_id) { 91 *tee_id = pkcs2tee_algo[n].tee_id; 92 return PKCS11_CKR_OK; 93 } 94 } 95 96 return PKCS11_RV_NOT_IMPLEMENTED; 97 } 98 99 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type, 100 struct pkcs11_object *obj) 101 { 102 static const struct { 103 enum pkcs11_key_type key_type; 104 uint32_t tee_id; 105 } pkcs2tee_key_type[] = { 106 { PKCS11_CKK_AES, TEE_TYPE_AES }, 107 { PKCS11_CKK_GENERIC_SECRET, TEE_TYPE_GENERIC_SECRET }, 108 { PKCS11_CKK_MD5_HMAC, TEE_TYPE_HMAC_MD5 }, 109 { PKCS11_CKK_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 }, 110 { PKCS11_CKK_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 }, 111 { PKCS11_CKK_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 }, 112 { PKCS11_CKK_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 }, 113 { PKCS11_CKK_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 }, 114 }; 115 size_t n = 0; 116 enum pkcs11_key_type key_type = get_key_type(obj->attributes); 117 118 assert(get_class(obj->attributes) == PKCS11_CKO_SECRET_KEY); 119 120 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) { 121 if (pkcs2tee_key_type[n].key_type == key_type) { 122 *tee_type = pkcs2tee_key_type[n].tee_id; 123 return PKCS11_CKR_OK; 124 } 125 } 126 127 return PKCS11_RV_NOT_FOUND; 128 } 129 130 static enum pkcs11_rc pkcsmech2tee_key_type(uint32_t *tee_type, 131 enum pkcs11_mechanism_id mech_id) 132 { 133 static const struct { 134 enum pkcs11_mechanism_id mech; 135 uint32_t tee_id; 136 } pkcs2tee_key_type[] = { 137 { PKCS11_CKM_MD5_HMAC, TEE_TYPE_HMAC_MD5 }, 138 { PKCS11_CKM_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 }, 139 { PKCS11_CKM_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 }, 140 { PKCS11_CKM_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 }, 141 { PKCS11_CKM_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 }, 142 { PKCS11_CKM_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 }, 143 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_TYPE_HMAC_MD5 }, 144 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_TYPE_HMAC_SHA1 }, 145 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_TYPE_HMAC_SHA224 }, 146 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_TYPE_HMAC_SHA256 }, 147 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_TYPE_HMAC_SHA384 }, 148 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_TYPE_HMAC_SHA512 }, 149 }; 150 size_t n = 0; 151 152 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) { 153 if (pkcs2tee_key_type[n].mech == mech_id) { 154 *tee_type = pkcs2tee_key_type[n].tee_id; 155 return PKCS11_CKR_OK; 156 } 157 } 158 159 return PKCS11_RV_NOT_FOUND; 160 } 161 162 static enum pkcs11_rc hmac_to_tee_hash(uint32_t *algo, 163 enum pkcs11_mechanism_id mech_id) 164 { 165 static const struct { 166 enum pkcs11_mechanism_id mech; 167 uint32_t tee_id; 168 } hmac_hash[] = { 169 { PKCS11_CKM_MD5_HMAC, TEE_ALG_MD5 }, 170 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_SHA1 }, 171 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_SHA224 }, 172 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_SHA256 }, 173 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_SHA384 }, 174 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_SHA512 }, 175 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_MD5 }, 176 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_SHA1 }, 177 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_SHA224 }, 178 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_SHA256 }, 179 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_SHA384 }, 180 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_SHA512 }, 181 }; 182 size_t n = 0; 183 184 for (n = 0; n < ARRAY_SIZE(hmac_hash); n++) { 185 if (hmac_hash[n].mech == mech_id) { 186 *algo = hmac_hash[n].tee_id; 187 return PKCS11_CKR_OK; 188 } 189 } 190 191 return PKCS11_RV_NOT_FOUND; 192 } 193 194 static enum pkcs11_rc 195 allocate_tee_operation(struct pkcs11_session *session, 196 enum processing_func function, 197 struct pkcs11_attribute_head *params, 198 struct pkcs11_object *obj) 199 { 200 uint32_t size = (uint32_t)get_object_key_bit_size(obj); 201 uint32_t key_size = size / 8; 202 uint32_t algo = 0; 203 uint32_t mode = 0; 204 uint32_t max_key_size = 0; 205 uint32_t min_key_size = 0; 206 TEE_Result res = TEE_ERROR_GENERIC; 207 208 assert(session->processing->tee_op_handle == TEE_HANDLE_NULL); 209 210 if (pkcs2tee_algorithm(&algo, params)) 211 return PKCS11_CKR_FUNCTION_FAILED; 212 213 /* Sign/Verify with AES or generic key relate to TEE MAC operation */ 214 switch (params->id) { 215 case PKCS11_CKM_MD5_HMAC: 216 case PKCS11_CKM_SHA_1_HMAC: 217 case PKCS11_CKM_SHA224_HMAC: 218 case PKCS11_CKM_SHA256_HMAC: 219 case PKCS11_CKM_SHA384_HMAC: 220 case PKCS11_CKM_SHA512_HMAC: 221 case PKCS11_CKM_MD5_HMAC_GENERAL: 222 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 223 case PKCS11_CKM_SHA224_HMAC_GENERAL: 224 case PKCS11_CKM_SHA256_HMAC_GENERAL: 225 case PKCS11_CKM_SHA384_HMAC_GENERAL: 226 case PKCS11_CKM_SHA512_HMAC_GENERAL: 227 mechanism_supported_key_sizes_bytes(params->id, &min_key_size, 228 &max_key_size); 229 if (key_size < min_key_size) 230 return PKCS11_CKR_KEY_SIZE_RANGE; 231 232 /* 233 * If size of generic key is greater than the size 234 * supported by TEE API, this is not considered an 235 * error. When loading TEE key, we will hash the key 236 * to generate the appropriate key for HMAC operation. 237 * This key size will not be greater than the 238 * max_key_size. So we can use max_key_size for 239 * TEE_AllocateOperation(). 240 */ 241 if (key_size > max_key_size) 242 size = max_key_size * 8; 243 244 mode = TEE_MODE_MAC; 245 break; 246 default: 247 pkcs2tee_mode(&mode, function); 248 break; 249 } 250 251 res = TEE_AllocateOperation(&session->processing->tee_op_handle, 252 algo, mode, size); 253 if (res) 254 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32, 255 algo, mode, size); 256 257 if (res == TEE_ERROR_NOT_SUPPORTED) 258 return PKCS11_CKR_MECHANISM_INVALID; 259 260 return tee2pkcs_error(res); 261 } 262 263 static enum pkcs11_rc hash_secret_helper(enum pkcs11_mechanism_id mech_id, 264 struct pkcs11_object *obj, 265 TEE_Attribute *tee_attr, 266 void **ctx, 267 size_t *object_size_bits) 268 { 269 uint32_t algo = 0; 270 void *hash_ptr = NULL; 271 uint32_t hash_size = 0; 272 enum pkcs11_rc rc = PKCS11_CKR_OK; 273 274 rc = hmac_to_tee_hash(&algo, mech_id); 275 if (rc) 276 return rc; 277 278 hash_size = TEE_ALG_GET_DIGEST_SIZE(algo); 279 hash_ptr = TEE_Malloc(hash_size, 0); 280 if (!hash_ptr) 281 return PKCS11_CKR_DEVICE_MEMORY; 282 283 rc = pkcs2tee_load_hashed_attr(tee_attr, TEE_ATTR_SECRET_VALUE, obj, 284 PKCS11_CKA_VALUE, algo, hash_ptr, 285 &hash_size); 286 if (rc) { 287 EMSG("No secret/hash error"); 288 TEE_Free(hash_ptr); 289 return rc; 290 } 291 292 *ctx = hash_ptr; 293 294 *object_size_bits = hash_size * 8; 295 296 return PKCS11_CKR_OK; 297 } 298 299 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session, 300 struct pkcs11_object *obj, 301 struct pkcs11_attribute_head *proc_params) 302 { 303 TEE_Attribute tee_attr = { }; 304 size_t object_size = 0; 305 uint32_t tee_key_type = 0; 306 enum pkcs11_key_type key_type = 0; 307 enum pkcs11_rc rc = PKCS11_CKR_OK; 308 TEE_Result res = TEE_ERROR_GENERIC; 309 uint32_t max_key_size = 0; 310 uint32_t min_key_size = 0; 311 312 if (obj->key_handle != TEE_HANDLE_NULL) { 313 /* Key was already loaded and fits current need */ 314 goto key_ready; 315 } 316 317 object_size = get_object_key_bit_size(obj); 318 if (!object_size) 319 return PKCS11_CKR_GENERAL_ERROR; 320 321 switch (proc_params->id) { 322 case PKCS11_CKM_MD5_HMAC: 323 case PKCS11_CKM_SHA_1_HMAC: 324 case PKCS11_CKM_SHA224_HMAC: 325 case PKCS11_CKM_SHA256_HMAC: 326 case PKCS11_CKM_SHA384_HMAC: 327 case PKCS11_CKM_SHA512_HMAC: 328 case PKCS11_CKM_MD5_HMAC_GENERAL: 329 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 330 case PKCS11_CKM_SHA224_HMAC_GENERAL: 331 case PKCS11_CKM_SHA256_HMAC_GENERAL: 332 case PKCS11_CKM_SHA384_HMAC_GENERAL: 333 case PKCS11_CKM_SHA512_HMAC_GENERAL: 334 key_type = get_key_type(obj->attributes); 335 /* 336 * If Object Key type is PKCS11_CKK_GENERIC_SECRET, 337 * determine the tee_key_type using the 338 * mechanism instead of object key_type. 339 */ 340 if (key_type == PKCS11_CKK_GENERIC_SECRET) 341 rc = pkcsmech2tee_key_type(&tee_key_type, 342 proc_params->id); 343 else 344 rc = pkcs2tee_key_type(&tee_key_type, obj); 345 346 if (rc) 347 return rc; 348 349 mechanism_supported_key_sizes_bytes(proc_params->id, 350 &min_key_size, 351 &max_key_size); 352 353 if ((object_size / 8) > max_key_size) { 354 rc = hash_secret_helper(proc_params->id, obj, &tee_attr, 355 &session->processing->extra_ctx, 356 &object_size); 357 if (rc) 358 return rc; 359 } else { 360 if (!pkcs2tee_load_attr(&tee_attr, 361 TEE_ATTR_SECRET_VALUE, 362 obj, 363 PKCS11_CKA_VALUE)) { 364 EMSG("No secret found"); 365 return PKCS11_CKR_FUNCTION_FAILED; 366 } 367 } 368 break; 369 370 default: 371 rc = pkcs2tee_key_type(&tee_key_type, obj); 372 if (rc) 373 return rc; 374 375 if (!pkcs2tee_load_attr(&tee_attr, TEE_ATTR_SECRET_VALUE, 376 obj, PKCS11_CKA_VALUE)) { 377 EMSG("No secret found"); 378 return PKCS11_CKR_FUNCTION_FAILED; 379 } 380 break; 381 } 382 383 res = TEE_AllocateTransientObject(tee_key_type, object_size, 384 &obj->key_handle); 385 if (res) { 386 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 387 return tee2pkcs_error(res); 388 } 389 390 res = TEE_PopulateTransientObject(obj->key_handle, &tee_attr, 1); 391 if (res) { 392 DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res); 393 goto error; 394 } 395 396 key_ready: 397 res = TEE_SetOperationKey(session->processing->tee_op_handle, 398 obj->key_handle); 399 if (res) { 400 DMSG("TEE_SetOperationKey failed, %#"PRIx32, res); 401 goto error; 402 } 403 404 return PKCS11_CKR_OK; 405 406 error: 407 TEE_FreeTransientObject(obj->key_handle); 408 obj->key_handle = TEE_HANDLE_NULL; 409 410 return tee2pkcs_error(res); 411 } 412 413 static enum pkcs11_rc 414 tee_init_derive_symm(struct active_processing *processing, 415 struct pkcs11_attribute_head *proc_params) 416 { 417 struct serialargs args = { }; 418 enum pkcs11_rc rc = PKCS11_CKR_OK; 419 struct input_data_ref *param = NULL; 420 void *iv = NULL; 421 422 if (!proc_params) 423 return PKCS11_CKR_ARGUMENTS_BAD; 424 425 param = TEE_Malloc(sizeof(struct input_data_ref), TEE_MALLOC_FILL_ZERO); 426 if (!param) 427 return PKCS11_CKR_DEVICE_MEMORY; 428 429 serialargs_init(&args, proc_params->data, proc_params->size); 430 431 switch (proc_params->id) { 432 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 433 rc = serialargs_get_ptr(&args, &iv, 16); 434 if (rc) 435 goto err; 436 break; 437 default: 438 break; 439 } 440 441 rc = serialargs_get(&args, ¶m->size, sizeof(uint32_t)); 442 if (rc) 443 goto err; 444 445 rc = serialargs_get_ptr(&args, ¶m->data, param->size); 446 if (rc) 447 goto err; 448 449 if (serialargs_remaining_bytes(&args)) { 450 rc = PKCS11_CKR_ARGUMENTS_BAD; 451 goto err; 452 } 453 454 processing->extra_ctx = param; 455 456 switch (proc_params->id) { 457 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 458 if (param->size % TEE_AES_BLOCK_SIZE) { 459 rc = PKCS11_CKR_DATA_LEN_RANGE; 460 goto err; 461 } 462 TEE_CipherInit(processing->tee_op_handle, NULL, 0); 463 break; 464 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 465 if (param->size % TEE_AES_BLOCK_SIZE) { 466 rc = PKCS11_CKR_DATA_LEN_RANGE; 467 goto err; 468 } 469 TEE_CipherInit(processing->tee_op_handle, iv, 16); 470 break; 471 default: 472 TEE_Panic(proc_params->id); 473 break; 474 } 475 476 return PKCS11_CKR_OK; 477 478 err: 479 processing->extra_ctx = NULL; 480 TEE_Free(param); 481 return rc; 482 } 483 484 static enum pkcs11_rc 485 input_hmac_len_is_valid(struct pkcs11_attribute_head *proc_params, 486 uint32_t hmac_len) 487 { 488 uint32_t sign_sz = 0; 489 490 switch (proc_params->id) { 491 case PKCS11_CKM_MD5_HMAC_GENERAL: 492 sign_sz = TEE_MD5_HASH_SIZE; 493 break; 494 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 495 sign_sz = TEE_SHA1_HASH_SIZE; 496 break; 497 case PKCS11_CKM_SHA224_HMAC_GENERAL: 498 sign_sz = TEE_SHA224_HASH_SIZE; 499 break; 500 case PKCS11_CKM_SHA256_HMAC_GENERAL: 501 sign_sz = TEE_SHA256_HASH_SIZE; 502 break; 503 case PKCS11_CKM_SHA384_HMAC_GENERAL: 504 sign_sz = TEE_SHA384_HASH_SIZE; 505 break; 506 case PKCS11_CKM_SHA512_HMAC_GENERAL: 507 sign_sz = TEE_SHA512_HASH_SIZE; 508 break; 509 default: 510 return PKCS11_CKR_MECHANISM_INVALID; 511 } 512 513 if (!hmac_len || hmac_len > sign_sz) 514 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 515 516 return PKCS11_CKR_OK; 517 } 518 519 static enum pkcs11_rc 520 init_tee_operation(struct pkcs11_session *session, 521 struct pkcs11_attribute_head *proc_params) 522 { 523 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 524 uint32_t *pkcs11_data = NULL; 525 526 switch (proc_params->id) { 527 case PKCS11_CKM_MD5_HMAC: 528 case PKCS11_CKM_SHA_1_HMAC: 529 case PKCS11_CKM_SHA224_HMAC: 530 case PKCS11_CKM_SHA256_HMAC: 531 case PKCS11_CKM_SHA384_HMAC: 532 case PKCS11_CKM_SHA512_HMAC: 533 if (proc_params->size) 534 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 535 536 TEE_MACInit(session->processing->tee_op_handle, NULL, 0); 537 rc = PKCS11_CKR_OK; 538 break; 539 case PKCS11_CKM_MD5_HMAC_GENERAL: 540 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 541 case PKCS11_CKM_SHA224_HMAC_GENERAL: 542 case PKCS11_CKM_SHA256_HMAC_GENERAL: 543 case PKCS11_CKM_SHA384_HMAC_GENERAL: 544 case PKCS11_CKM_SHA512_HMAC_GENERAL: 545 if (proc_params->size != sizeof(uint32_t)) 546 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 547 548 pkcs11_data = TEE_Malloc(sizeof(uint32_t), 549 TEE_MALLOC_FILL_ZERO); 550 if (!pkcs11_data) 551 return PKCS11_CKR_DEVICE_MEMORY; 552 553 TEE_MemMove(pkcs11_data, proc_params->data, sizeof(uint32_t)); 554 555 rc = input_hmac_len_is_valid(proc_params, *pkcs11_data); 556 if (rc) { 557 TEE_Free(pkcs11_data); 558 return rc; 559 } 560 561 session->processing->extra_ctx = (void *)pkcs11_data; 562 563 TEE_MACInit(session->processing->tee_op_handle, NULL, 0); 564 rc = PKCS11_CKR_OK; 565 break; 566 case PKCS11_CKM_AES_ECB: 567 if (proc_params->size) 568 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 569 570 TEE_CipherInit(session->processing->tee_op_handle, NULL, 0); 571 rc = PKCS11_CKR_OK; 572 break; 573 case PKCS11_CKM_AES_CBC: 574 case PKCS11_CKM_AES_CBC_PAD: 575 case PKCS11_CKM_AES_CTS: 576 if (proc_params->size != 16) 577 return PKCS11_CKR_MECHANISM_PARAM_INVALID; 578 579 TEE_CipherInit(session->processing->tee_op_handle, 580 proc_params->data, 16); 581 rc = PKCS11_CKR_OK; 582 break; 583 case PKCS11_CKM_AES_CTR: 584 rc = tee_init_ctr_operation(session->processing, 585 proc_params->data, 586 proc_params->size); 587 break; 588 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 589 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 590 rc = tee_init_derive_symm(session->processing, proc_params); 591 break; 592 default: 593 TEE_Panic(proc_params->id); 594 break; 595 } 596 597 return rc; 598 } 599 600 enum pkcs11_rc init_symm_operation(struct pkcs11_session *session, 601 enum processing_func function, 602 struct pkcs11_attribute_head *proc_params, 603 struct pkcs11_object *obj) 604 { 605 enum pkcs11_rc rc = PKCS11_CKR_OK; 606 607 assert(processing_is_tee_symm(proc_params->id)); 608 609 rc = allocate_tee_operation(session, function, proc_params, obj); 610 if (rc) 611 return rc; 612 613 rc = load_tee_key(session, obj, proc_params); 614 if (rc) 615 return rc; 616 617 return init_tee_operation(session, proc_params); 618 } 619 620 /* Validate input buffer size as per PKCS#11 constraints */ 621 static enum pkcs11_rc input_data_size_is_valid(struct active_processing *proc, 622 enum processing_func function, 623 size_t in_size) 624 { 625 switch (proc->mecha_type) { 626 case PKCS11_CKM_AES_ECB: 627 case PKCS11_CKM_AES_CBC: 628 if (function == PKCS11_FUNCTION_ENCRYPT && 629 in_size % TEE_AES_BLOCK_SIZE) 630 return PKCS11_CKR_DATA_LEN_RANGE; 631 if (function == PKCS11_FUNCTION_DECRYPT && 632 in_size % TEE_AES_BLOCK_SIZE) 633 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 634 break; 635 case PKCS11_CKM_AES_CBC_PAD: 636 if (function == PKCS11_FUNCTION_DECRYPT && 637 in_size % TEE_AES_BLOCK_SIZE) 638 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 639 break; 640 case PKCS11_CKM_AES_CTS: 641 if (function == PKCS11_FUNCTION_ENCRYPT && 642 in_size < TEE_AES_BLOCK_SIZE) 643 return PKCS11_CKR_DATA_LEN_RANGE; 644 if (function == PKCS11_FUNCTION_DECRYPT && 645 in_size < TEE_AES_BLOCK_SIZE) 646 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 647 break; 648 default: 649 break; 650 } 651 652 return PKCS11_CKR_OK; 653 } 654 655 /* Validate input buffer size as per PKCS#11 constraints */ 656 static enum pkcs11_rc input_sign_size_is_valid(struct active_processing *proc, 657 size_t in_size) 658 { 659 size_t sign_sz = 0; 660 661 switch (proc->mecha_type) { 662 case PKCS11_CKM_MD5_HMAC: 663 sign_sz = TEE_MD5_HASH_SIZE; 664 break; 665 case PKCS11_CKM_SHA_1_HMAC: 666 sign_sz = TEE_SHA1_HASH_SIZE; 667 break; 668 case PKCS11_CKM_SHA224_HMAC: 669 sign_sz = TEE_SHA224_HASH_SIZE; 670 break; 671 case PKCS11_CKM_SHA256_HMAC: 672 sign_sz = TEE_SHA256_HASH_SIZE; 673 break; 674 case PKCS11_CKM_SHA384_HMAC: 675 sign_sz = TEE_SHA384_HASH_SIZE; 676 break; 677 case PKCS11_CKM_SHA512_HMAC: 678 sign_sz = TEE_SHA512_HASH_SIZE; 679 break; 680 default: 681 return PKCS11_CKR_GENERAL_ERROR; 682 } 683 684 if (in_size != sign_sz) 685 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 686 687 return PKCS11_CKR_OK; 688 } 689 690 /* 691 * step_sym_cipher - processing symmetric (and related) cipher operation step 692 * 693 * @session - current session 694 * @function - processing function (encrypt, decrypt, sign, ...) 695 * @step - step ID in the processing (oneshot, update, final) 696 * @ptype - invocation parameter types 697 * @params - invocation parameter references 698 */ 699 enum pkcs11_rc step_symm_operation(struct pkcs11_session *session, 700 enum processing_func function, 701 enum processing_step step, 702 uint32_t ptypes, TEE_Param *params) 703 { 704 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 705 TEE_Result res = TEE_ERROR_GENERIC; 706 void *in_buf = NULL; 707 size_t in_size = 0; 708 void *out_buf = NULL; 709 uint32_t out_size = 0; 710 void *in2_buf = NULL; 711 uint32_t in2_size = 0; 712 bool output_data = false; 713 struct active_processing *proc = session->processing; 714 uint32_t hmac_len = 0; 715 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 }; 716 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE; 717 718 if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) { 719 in_buf = params[1].memref.buffer; 720 in_size = params[1].memref.size; 721 if (in_size && !in_buf) 722 return PKCS11_CKR_ARGUMENTS_BAD; 723 } 724 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) { 725 in2_buf = params[2].memref.buffer; 726 in2_size = params[2].memref.size; 727 if (in2_size && !in2_buf) 728 return PKCS11_CKR_ARGUMENTS_BAD; 729 } 730 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) { 731 out_buf = params[2].memref.buffer; 732 out_size = params[2].memref.size; 733 if (out_size && !out_buf) 734 return PKCS11_CKR_ARGUMENTS_BAD; 735 } 736 if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE) 737 return PKCS11_CKR_ARGUMENTS_BAD; 738 739 switch (step) { 740 case PKCS11_FUNC_STEP_ONESHOT: 741 case PKCS11_FUNC_STEP_UPDATE: 742 case PKCS11_FUNC_STEP_FINAL: 743 break; 744 default: 745 return PKCS11_CKR_GENERAL_ERROR; 746 } 747 748 if (step != PKCS11_FUNC_STEP_FINAL) { 749 rc = input_data_size_is_valid(proc, function, in_size); 750 if (rc) 751 return rc; 752 } 753 754 /* 755 * Feed active operation with data 756 */ 757 switch (proc->mecha_type) { 758 case PKCS11_CKM_MD5_HMAC: 759 case PKCS11_CKM_SHA_1_HMAC: 760 case PKCS11_CKM_SHA224_HMAC: 761 case PKCS11_CKM_SHA256_HMAC: 762 case PKCS11_CKM_SHA384_HMAC: 763 case PKCS11_CKM_SHA512_HMAC: 764 case PKCS11_CKM_MD5_HMAC_GENERAL: 765 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 766 case PKCS11_CKM_SHA224_HMAC_GENERAL: 767 case PKCS11_CKM_SHA256_HMAC_GENERAL: 768 case PKCS11_CKM_SHA384_HMAC_GENERAL: 769 case PKCS11_CKM_SHA512_HMAC_GENERAL: 770 if (step == PKCS11_FUNC_STEP_FINAL || 771 step == PKCS11_FUNC_STEP_ONESHOT) 772 break; 773 774 if (!in_buf) { 775 DMSG("No input data"); 776 return PKCS11_CKR_ARGUMENTS_BAD; 777 } 778 779 switch (function) { 780 case PKCS11_FUNCTION_SIGN: 781 case PKCS11_FUNCTION_VERIFY: 782 TEE_MACUpdate(proc->tee_op_handle, in_buf, in_size); 783 rc = PKCS11_CKR_OK; 784 break; 785 default: 786 TEE_Panic(function); 787 break; 788 } 789 break; 790 791 case PKCS11_CKM_AES_ECB: 792 case PKCS11_CKM_AES_CBC: 793 case PKCS11_CKM_AES_CBC_PAD: 794 case PKCS11_CKM_AES_CTS: 795 case PKCS11_CKM_AES_CTR: 796 if (step == PKCS11_FUNC_STEP_FINAL || 797 step == PKCS11_FUNC_STEP_ONESHOT) 798 break; 799 800 if (!in_buf) { 801 EMSG("No input data"); 802 return PKCS11_CKR_ARGUMENTS_BAD; 803 } 804 805 switch (function) { 806 case PKCS11_FUNCTION_ENCRYPT: 807 case PKCS11_FUNCTION_DECRYPT: 808 res = TEE_CipherUpdate(proc->tee_op_handle, 809 in_buf, in_size, 810 out_buf, &out_size); 811 output_data = true; 812 rc = tee2pkcs_error(res); 813 break; 814 default: 815 TEE_Panic(function); 816 break; 817 } 818 break; 819 820 default: 821 TEE_Panic(proc->mecha_type); 822 break; 823 } 824 825 if (step == PKCS11_FUNC_STEP_UPDATE) 826 goto out; 827 828 /* 829 * Finalize (PKCS11_FUNC_STEP_ONESHOT/_FINAL) operation 830 */ 831 switch (session->processing->mecha_type) { 832 case PKCS11_CKM_MD5_HMAC: 833 case PKCS11_CKM_SHA_1_HMAC: 834 case PKCS11_CKM_SHA224_HMAC: 835 case PKCS11_CKM_SHA256_HMAC: 836 case PKCS11_CKM_SHA384_HMAC: 837 case PKCS11_CKM_SHA512_HMAC: 838 switch (function) { 839 case PKCS11_FUNCTION_SIGN: 840 res = TEE_MACComputeFinal(proc->tee_op_handle, 841 in_buf, in_size, out_buf, 842 &out_size); 843 output_data = true; 844 rc = tee2pkcs_error(res); 845 break; 846 case PKCS11_FUNCTION_VERIFY: 847 rc = input_sign_size_is_valid(proc, in2_size); 848 if (rc) 849 return rc; 850 res = TEE_MACCompareFinal(proc->tee_op_handle, 851 in_buf, in_size, in2_buf, 852 in2_size); 853 rc = tee2pkcs_error(res); 854 break; 855 default: 856 TEE_Panic(function); 857 break; 858 } 859 860 break; 861 862 case PKCS11_CKM_MD5_HMAC_GENERAL: 863 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 864 case PKCS11_CKM_SHA224_HMAC_GENERAL: 865 case PKCS11_CKM_SHA256_HMAC_GENERAL: 866 case PKCS11_CKM_SHA384_HMAC_GENERAL: 867 case PKCS11_CKM_SHA512_HMAC_GENERAL: 868 assert(session->processing->extra_ctx); 869 hmac_len = *(uint32_t *)session->processing->extra_ctx; 870 871 switch (function) { 872 case PKCS11_FUNCTION_SIGN: 873 if (out_size < hmac_len) { 874 /* inform client of required size */ 875 out_size = hmac_len; 876 output_data = true; 877 rc = PKCS11_CKR_BUFFER_TOO_SMALL; 878 goto out; 879 } 880 881 res = TEE_MACComputeFinal(proc->tee_op_handle, 882 in_buf, in_size, 883 computed_mac, 884 &computed_mac_size); 885 if (res == TEE_SUCCESS) { 886 /* truncate to hmac_len */ 887 TEE_MemMove(out_buf, computed_mac, hmac_len); 888 output_data = true; 889 } 890 891 /* inform client of required size */ 892 out_size = hmac_len; 893 rc = tee2pkcs_error(res); 894 break; 895 case PKCS11_FUNCTION_VERIFY: 896 /* must compute full MAC before comparing partial */ 897 res = TEE_MACComputeFinal(proc->tee_op_handle, in_buf, 898 in_size, computed_mac, 899 &computed_mac_size); 900 901 if (!in2_size || in2_size > computed_mac_size) { 902 EMSG("Invalid signature size: %"PRIu32, 903 in2_size); 904 return PKCS11_CKR_SIGNATURE_LEN_RANGE; 905 } 906 907 if (res == TEE_SUCCESS) { 908 /* 909 * Only the first in2_size bytes of the 910 * signature to be verified is passed in from 911 * caller 912 */ 913 if (TEE_MemCompare(in2_buf, computed_mac, 914 in2_size)) { 915 res = TEE_ERROR_MAC_INVALID; 916 } 917 } 918 919 rc = tee2pkcs_error(res); 920 break; 921 default: 922 TEE_Panic(function); 923 break; 924 } 925 926 break; 927 928 case PKCS11_CKM_AES_ECB: 929 case PKCS11_CKM_AES_CBC: 930 case PKCS11_CKM_AES_CBC_PAD: 931 case PKCS11_CKM_AES_CTS: 932 case PKCS11_CKM_AES_CTR: 933 if (step == PKCS11_FUNC_STEP_ONESHOT && !in_buf) { 934 EMSG("No input data"); 935 return PKCS11_CKR_ARGUMENTS_BAD; 936 } 937 938 switch (function) { 939 case PKCS11_FUNCTION_ENCRYPT: 940 case PKCS11_FUNCTION_DECRYPT: 941 res = TEE_CipherDoFinal(proc->tee_op_handle, 942 in_buf, in_size, 943 out_buf, &out_size); 944 output_data = true; 945 rc = tee2pkcs_error(res); 946 break; 947 default: 948 TEE_Panic(function); 949 break; 950 } 951 break; 952 default: 953 TEE_Panic(proc->mecha_type); 954 break; 955 } 956 957 out: 958 if (output_data && 959 (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) { 960 switch (TEE_PARAM_TYPE_GET(ptypes, 2)) { 961 case TEE_PARAM_TYPE_MEMREF_OUTPUT: 962 case TEE_PARAM_TYPE_MEMREF_INOUT: 963 params[2].memref.size = out_size; 964 break; 965 default: 966 rc = PKCS11_CKR_ARGUMENTS_BAD; 967 break; 968 } 969 } 970 971 return rc; 972 } 973 974 enum pkcs11_rc derive_key_by_symm_enc(struct pkcs11_session *session, 975 void **out_buf, uint32_t *out_size) 976 { 977 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 978 TEE_Result res = TEE_ERROR_GENERIC; 979 struct active_processing *proc = session->processing; 980 struct input_data_ref *input = proc->extra_ctx; 981 void *in_buf = NULL; 982 uint32_t in_size = 0; 983 984 switch (proc->mecha_type) { 985 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 986 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 987 if (!proc->extra_ctx) 988 return PKCS11_CKR_ARGUMENTS_BAD; 989 990 in_buf = input->data; 991 in_size = input->size; 992 993 *out_size = in_size; 994 *out_buf = TEE_Malloc(*out_size, 0); 995 if (!*out_buf) 996 return PKCS11_CKR_DEVICE_MEMORY; 997 998 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_size, 999 *out_buf, out_size); 1000 rc = tee2pkcs_error(res); 1001 if (rc) 1002 TEE_Free(*out_buf); 1003 break; 1004 default: 1005 return PKCS11_CKR_MECHANISM_INVALID; 1006 } 1007 1008 return rc; 1009 } 1010 1011 enum pkcs11_rc wrap_data_by_symm_enc(struct pkcs11_session *session, 1012 void *data, uint32_t data_sz, 1013 void *out_buf, uint32_t *out_sz) 1014 { 1015 TEE_Result res = TEE_ERROR_GENERIC; 1016 struct active_processing *proc = session->processing; 1017 void *in_buf = NULL; 1018 uint32_t align = 0; 1019 uint32_t in_sz = data_sz; 1020 uint32_t tmp_sz = *out_sz; 1021 uint8_t *tmp_buf = out_buf; 1022 1023 switch (proc->mecha_type) { 1024 case PKCS11_CKM_AES_ECB: 1025 case PKCS11_CKM_AES_CBC: 1026 align = data_sz % TEE_AES_BLOCK_SIZE; 1027 if (align) 1028 in_sz = data_sz + (TEE_AES_BLOCK_SIZE - align); 1029 1030 if (*out_sz < in_sz) { 1031 *out_sz = in_sz; 1032 return PKCS11_CKR_BUFFER_TOO_SMALL; 1033 } 1034 1035 if (align) { 1036 if (data_sz > TEE_AES_BLOCK_SIZE) { 1037 in_sz = data_sz - align; 1038 res = TEE_CipherUpdate(proc->tee_op_handle, 1039 data, in_sz, tmp_buf, 1040 &tmp_sz); 1041 if (res) { 1042 assert(res != TEE_ERROR_SHORT_BUFFER); 1043 return tee2pkcs_error(res); 1044 } 1045 tmp_buf += tmp_sz; 1046 tmp_sz = *out_sz - tmp_sz; 1047 } else { 1048 in_sz = 0; 1049 } 1050 1051 in_buf = TEE_Malloc(TEE_AES_BLOCK_SIZE, 1052 TEE_MALLOC_FILL_ZERO); 1053 if (!in_buf) 1054 return PKCS11_CKR_DEVICE_MEMORY; 1055 1056 TEE_MemMove(in_buf, (uint8_t *)data + in_sz, align); 1057 in_sz = TEE_AES_BLOCK_SIZE; 1058 } else { 1059 in_buf = data; 1060 in_sz = data_sz; 1061 } 1062 1063 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_sz, 1064 tmp_buf, &tmp_sz); 1065 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { 1066 *out_sz = tmp_sz; 1067 if (align) 1068 *out_sz += tmp_buf - (uint8_t *)out_buf; 1069 } 1070 1071 if (align) 1072 TEE_Free(in_buf); 1073 1074 return tee2pkcs_error(res); 1075 default: 1076 return PKCS11_CKR_MECHANISM_INVALID; 1077 } 1078 1079 return PKCS11_CKR_GENERAL_ERROR; 1080 } 1081 1082 enum pkcs11_rc unwrap_key_by_symm(struct pkcs11_session *session, void *data, 1083 uint32_t data_sz, void **out_buf, 1084 uint32_t *out_sz) 1085 { 1086 TEE_Result res = TEE_ERROR_GENERIC; 1087 struct active_processing *proc = session->processing; 1088 1089 if (input_data_size_is_valid(proc, PKCS11_FUNCTION_DECRYPT, data_sz)) 1090 return PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 1091 1092 switch (proc->mecha_type) { 1093 case PKCS11_CKM_AES_ECB: 1094 case PKCS11_CKM_AES_CBC: 1095 *out_sz = 0; 1096 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz, 1097 NULL, out_sz); 1098 if (res != TEE_ERROR_SHORT_BUFFER) { 1099 DMSG("TEE_CipherDoFinal() issue: %#"PRIx32, res); 1100 return PKCS11_CKR_GENERAL_ERROR; 1101 } 1102 1103 *out_buf = TEE_Malloc(*out_sz, TEE_MALLOC_FILL_ZERO); 1104 if (!*out_buf) 1105 return PKCS11_CKR_DEVICE_MEMORY; 1106 1107 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz, 1108 *out_buf, out_sz); 1109 if (tee2pkcs_error(res)) { 1110 TEE_Free(*out_buf); 1111 *out_buf = NULL; 1112 return PKCS11_CKR_WRAPPED_KEY_INVALID; 1113 } 1114 break; 1115 default: 1116 return PKCS11_CKR_MECHANISM_INVALID; 1117 } 1118 1119 return PKCS11_CKR_OK; 1120 } 1121