1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2014, STMicroelectronics International N.V.
4 * Copyright (c) 2021, SumUp Services GmbH
5 */
6 #include <config.h>
7 #include <stdlib.h>
8 #include <string.h>
9 #include <string_ext.h>
10 #include <tee_api.h>
11 #include <tee_api_defines_extensions.h>
12 #include <tee_internal_api_extensions.h>
13 #include <utee_syscalls.h>
14 #include <utee_defines.h>
15 #include <util.h>
16 #include "tee_api_private.h"
17
18 struct __TEE_OperationHandle {
19 TEE_OperationInfo info;
20 TEE_ObjectHandle key1;
21 TEE_ObjectHandle key2;
22 uint32_t operationState;/* Operation state : INITIAL or ACTIVE */
23 uint8_t *buffer; /* buffer to collect complete blocks */
24 bool buffer_two_blocks; /* True if two blocks need to be buffered */
25 size_t block_size; /* Block size of cipher */
26 size_t buffer_offs; /* Offset in buffer */
27 uint32_t state; /* Handle to state in TEE Core */
28 };
29
30 /* Cryptographic Operations API - Generic Operation Functions */
31
TEE_AllocateOperation(TEE_OperationHandle * operation,uint32_t algorithm,uint32_t mode,uint32_t maxKeySize)32 TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation,
33 uint32_t algorithm, uint32_t mode,
34 uint32_t maxKeySize)
35 {
36 TEE_Result res;
37 TEE_OperationHandle op = TEE_HANDLE_NULL;
38 uint32_t handle_state = 0;
39 size_t block_size = 1;
40 uint32_t req_key_usage;
41 bool with_private_key = false;
42 bool buffer_two_blocks = false;
43
44 if (!operation)
45 TEE_Panic(0);
46
47 if (algorithm == TEE_ALG_AES_XTS || algorithm == TEE_ALG_SM2_KEP ||
48 algorithm == TEE_ALG_SM4_XTS)
49 handle_state = TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
50
51 /* Check algorithm max key size */
52 switch (algorithm) {
53 case TEE_ALG_DSA_SHA1:
54 if (maxKeySize < 512)
55 return TEE_ERROR_NOT_SUPPORTED;
56 if (maxKeySize > 1024)
57 return TEE_ERROR_NOT_SUPPORTED;
58 if (maxKeySize % 64 != 0)
59 return TEE_ERROR_NOT_SUPPORTED;
60 break;
61
62 case TEE_ALG_DSA_SHA224:
63 if (maxKeySize != 2048)
64 return TEE_ERROR_NOT_SUPPORTED;
65 break;
66
67 case TEE_ALG_DSA_SHA256:
68 if (maxKeySize != 2048 && maxKeySize != 3072)
69 return TEE_ERROR_NOT_SUPPORTED;
70 break;
71
72 case TEE_ALG_ECDSA_P192:
73 case TEE_ALG_ECDH_P192:
74 if (maxKeySize != 192)
75 return TEE_ERROR_NOT_SUPPORTED;
76 break;
77
78 case TEE_ALG_ECDSA_P224:
79 case TEE_ALG_ECDH_P224:
80 if (maxKeySize != 224)
81 return TEE_ERROR_NOT_SUPPORTED;
82 break;
83
84 case TEE_ALG_ECDSA_P256:
85 case TEE_ALG_ECDH_P256:
86 case TEE_ALG_SM2_PKE:
87 case TEE_ALG_SM2_DSA_SM3:
88 if (maxKeySize != 256)
89 return TEE_ERROR_NOT_SUPPORTED;
90 break;
91
92 case TEE_ALG_SM2_KEP:
93 /* Two 256-bit keys */
94 if (maxKeySize != 512)
95 return TEE_ERROR_NOT_SUPPORTED;
96 break;
97
98 case TEE_ALG_ECDSA_P384:
99 case TEE_ALG_ECDH_P384:
100 if (maxKeySize != 384)
101 return TEE_ERROR_NOT_SUPPORTED;
102 break;
103
104 case TEE_ALG_ECDSA_P521:
105 case TEE_ALG_ECDH_P521:
106 if (maxKeySize != 521)
107 return TEE_ERROR_NOT_SUPPORTED;
108 break;
109 case TEE_ALG_ED25519:
110 case TEE_ALG_X25519:
111 if (maxKeySize != 256)
112 return TEE_ERROR_NOT_SUPPORTED;
113 break;
114 default:
115 break;
116 }
117
118 /* Check algorithm mode (and maxKeySize for digests) */
119 switch (algorithm) {
120 case TEE_ALG_AES_CTS:
121 case TEE_ALG_AES_XTS:
122 case TEE_ALG_SM4_XTS:
123 buffer_two_blocks = true;
124 fallthrough;
125 case TEE_ALG_AES_ECB_NOPAD:
126 case TEE_ALG_AES_CBC_NOPAD:
127 case TEE_ALG_AES_CCM:
128 case TEE_ALG_DES_ECB_NOPAD:
129 case TEE_ALG_DES_CBC_NOPAD:
130 case TEE_ALG_DES3_ECB_NOPAD:
131 case TEE_ALG_DES3_CBC_NOPAD:
132 case TEE_ALG_SM4_ECB_NOPAD:
133 case TEE_ALG_SM4_CBC_NOPAD:
134 case TEE_ALG_SM4_CTR:
135 if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_AES)
136 block_size = TEE_AES_BLOCK_SIZE;
137 else if (TEE_ALG_GET_MAIN_ALG(algorithm) == TEE_MAIN_ALGO_SM4)
138 block_size = TEE_SM4_BLOCK_SIZE;
139 else
140 block_size = TEE_DES_BLOCK_SIZE;
141 fallthrough;
142 case TEE_ALG_AES_CTR:
143 case TEE_ALG_AES_GCM:
144 if (mode == TEE_MODE_ENCRYPT)
145 req_key_usage = TEE_USAGE_ENCRYPT;
146 else if (mode == TEE_MODE_DECRYPT)
147 req_key_usage = TEE_USAGE_DECRYPT;
148 else
149 return TEE_ERROR_NOT_SUPPORTED;
150 break;
151
152 #if defined(CFG_CRYPTO_RSASSA_NA1)
153 case TEE_ALG_RSASSA_PKCS1_V1_5:
154 #endif
155 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
156 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
157 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
158 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
159 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
160 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
161 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
162 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
163 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
164 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
165 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
166 case TEE_ALG_DSA_SHA1:
167 case TEE_ALG_DSA_SHA224:
168 case TEE_ALG_DSA_SHA256:
169 case TEE_ALG_ECDSA_P192:
170 case TEE_ALG_ECDSA_P224:
171 case TEE_ALG_ECDSA_P256:
172 case TEE_ALG_ECDSA_P384:
173 case TEE_ALG_ECDSA_P521:
174 case TEE_ALG_SM2_DSA_SM3:
175 case TEE_ALG_ED25519:
176 if (mode == TEE_MODE_SIGN) {
177 with_private_key = true;
178 req_key_usage = TEE_USAGE_SIGN;
179 } else if (mode == TEE_MODE_VERIFY) {
180 req_key_usage = TEE_USAGE_VERIFY;
181 } else {
182 return TEE_ERROR_NOT_SUPPORTED;
183 }
184 break;
185
186 case TEE_ALG_RSAES_PKCS1_V1_5:
187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
189 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
190 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
191 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
192 case TEE_ALG_SM2_PKE:
193 if (mode == TEE_MODE_ENCRYPT) {
194 req_key_usage = TEE_USAGE_ENCRYPT;
195 } else if (mode == TEE_MODE_DECRYPT) {
196 with_private_key = true;
197 req_key_usage = TEE_USAGE_DECRYPT;
198 } else {
199 return TEE_ERROR_NOT_SUPPORTED;
200 }
201 break;
202
203 case TEE_ALG_RSA_NOPAD:
204 if (mode == TEE_MODE_ENCRYPT) {
205 req_key_usage = TEE_USAGE_ENCRYPT | TEE_USAGE_VERIFY;
206 } else if (mode == TEE_MODE_DECRYPT) {
207 with_private_key = true;
208 req_key_usage = TEE_USAGE_DECRYPT | TEE_USAGE_SIGN;
209 } else {
210 return TEE_ERROR_NOT_SUPPORTED;
211 }
212 break;
213
214 case TEE_ALG_DH_DERIVE_SHARED_SECRET:
215 case TEE_ALG_ECDH_P192:
216 case TEE_ALG_ECDH_P224:
217 case TEE_ALG_ECDH_P256:
218 case TEE_ALG_ECDH_P384:
219 case TEE_ALG_ECDH_P521:
220 case TEE_ALG_HKDF_MD5_DERIVE_KEY:
221 case TEE_ALG_HKDF_SHA1_DERIVE_KEY:
222 case TEE_ALG_HKDF_SHA224_DERIVE_KEY:
223 case TEE_ALG_HKDF_SHA256_DERIVE_KEY:
224 case TEE_ALG_HKDF_SHA384_DERIVE_KEY:
225 case TEE_ALG_HKDF_SHA512_DERIVE_KEY:
226 case TEE_ALG_CONCAT_KDF_SHA1_DERIVE_KEY:
227 case TEE_ALG_CONCAT_KDF_SHA224_DERIVE_KEY:
228 case TEE_ALG_CONCAT_KDF_SHA256_DERIVE_KEY:
229 case TEE_ALG_CONCAT_KDF_SHA384_DERIVE_KEY:
230 case TEE_ALG_CONCAT_KDF_SHA512_DERIVE_KEY:
231 case TEE_ALG_PBKDF2_HMAC_SHA1_DERIVE_KEY:
232 case TEE_ALG_SM2_KEP:
233 case TEE_ALG_X25519:
234 if (mode != TEE_MODE_DERIVE)
235 return TEE_ERROR_NOT_SUPPORTED;
236 with_private_key = true;
237 req_key_usage = TEE_USAGE_DERIVE;
238 break;
239
240 case TEE_ALG_MD5:
241 case TEE_ALG_SHA1:
242 case TEE_ALG_SHA224:
243 case TEE_ALG_SHA256:
244 case TEE_ALG_SHA384:
245 case TEE_ALG_SHA512:
246 case TEE_ALG_SM3:
247 if (mode != TEE_MODE_DIGEST)
248 return TEE_ERROR_NOT_SUPPORTED;
249 if (maxKeySize)
250 return TEE_ERROR_NOT_SUPPORTED;
251 /* v1.1: flags always set for digest operations */
252 handle_state |= TEE_HANDLE_FLAG_KEY_SET;
253 req_key_usage = 0;
254 break;
255
256 case TEE_ALG_DES_CBC_MAC_NOPAD:
257 case TEE_ALG_AES_CBC_MAC_NOPAD:
258 case TEE_ALG_AES_CBC_MAC_PKCS5:
259 case TEE_ALG_AES_CMAC:
260 case TEE_ALG_DES_CBC_MAC_PKCS5:
261 case TEE_ALG_DES3_CBC_MAC_NOPAD:
262 case TEE_ALG_DES3_CBC_MAC_PKCS5:
263 case TEE_ALG_DES3_CMAC:
264 case TEE_ALG_HMAC_MD5:
265 case TEE_ALG_HMAC_SHA1:
266 case TEE_ALG_HMAC_SHA224:
267 case TEE_ALG_HMAC_SHA256:
268 case TEE_ALG_HMAC_SHA384:
269 case TEE_ALG_HMAC_SHA512:
270 case TEE_ALG_HMAC_SM3:
271 if (mode != TEE_MODE_MAC)
272 return TEE_ERROR_NOT_SUPPORTED;
273 req_key_usage = TEE_USAGE_MAC;
274 break;
275
276 default:
277 return TEE_ERROR_NOT_SUPPORTED;
278 }
279
280 op = TEE_Malloc(sizeof(*op), TEE_MALLOC_FILL_ZERO);
281 if (!op)
282 return TEE_ERROR_OUT_OF_MEMORY;
283
284 op->info.algorithm = algorithm;
285 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm);
286 #ifdef CFG_CRYPTO_RSASSA_NA1
287 if (algorithm == TEE_ALG_RSASSA_PKCS1_V1_5)
288 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE;
289 #endif
290 op->info.mode = mode;
291 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm);
292 op->info.maxKeySize = maxKeySize;
293 op->info.requiredKeyUsage = req_key_usage;
294 op->info.handleState = handle_state;
295
296 if (block_size > 1) {
297 size_t buffer_size = block_size;
298
299 if (buffer_two_blocks)
300 buffer_size *= 2;
301
302 op->buffer = TEE_Malloc(buffer_size,
303 TEE_USER_MEM_HINT_NO_FILL_ZERO);
304 if (op->buffer == NULL) {
305 res = TEE_ERROR_OUT_OF_MEMORY;
306 goto out;
307 }
308 }
309 op->block_size = block_size;
310 op->buffer_two_blocks = buffer_two_blocks;
311
312 if (TEE_ALG_GET_CLASS(algorithm) != TEE_OPERATION_DIGEST) {
313 uint32_t mks = maxKeySize;
314 TEE_ObjectType key_type = TEE_ALG_GET_KEY_TYPE(algorithm,
315 with_private_key);
316
317 /*
318 * If two keys are expected the max key size is the sum of
319 * the size of both keys.
320 */
321 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS)
322 mks /= 2;
323
324 res = TEE_AllocateTransientObject(key_type, mks, &op->key1);
325 if (res != TEE_SUCCESS)
326 goto out;
327
328 if (op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
329 res = TEE_AllocateTransientObject(key_type, mks,
330 &op->key2);
331 if (res != TEE_SUCCESS)
332 goto out;
333 }
334 }
335
336 res = _utee_cryp_state_alloc(algorithm, mode, (unsigned long)op->key1,
337 (unsigned long)op->key2, &op->state);
338 if (res != TEE_SUCCESS)
339 goto out;
340
341 /*
342 * Initialize digest operations
343 * Other multi-stage operations initialized w/ TEE_xxxInit functions
344 * Non-applicable on asymmetric operations
345 */
346 if (TEE_ALG_GET_CLASS(algorithm) == TEE_OPERATION_DIGEST) {
347 res = _utee_hash_init(op->state, NULL, 0);
348 if (res != TEE_SUCCESS)
349 goto out;
350 /* v1.1: flags always set for digest operations */
351 op->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
352 }
353
354 op->operationState = TEE_OPERATION_STATE_INITIAL;
355
356 *operation = op;
357
358 out:
359 if (res != TEE_SUCCESS) {
360 if (res != TEE_ERROR_OUT_OF_MEMORY &&
361 res != TEE_ERROR_NOT_SUPPORTED)
362 TEE_Panic(res);
363 if (op) {
364 if (op->state) {
365 TEE_FreeOperation(op);
366 } else {
367 TEE_Free(op->buffer);
368 TEE_FreeTransientObject(op->key1);
369 TEE_FreeTransientObject(op->key2);
370 TEE_Free(op);
371 }
372 }
373 }
374
375 return res;
376 }
377
TEE_FreeOperation(TEE_OperationHandle operation)378 void TEE_FreeOperation(TEE_OperationHandle operation)
379 {
380 TEE_Result res;
381
382 if (operation == TEE_HANDLE_NULL)
383 TEE_Panic(0);
384
385 /*
386 * Note that keys should not be freed here, since they are
387 * claimed by the operation they will be freed by
388 * utee_cryp_state_free().
389 */
390 res = _utee_cryp_state_free(operation->state);
391 if (res != TEE_SUCCESS)
392 TEE_Panic(res);
393
394 TEE_Free(operation->buffer);
395 TEE_Free(operation);
396 }
397
TEE_GetOperationInfo(TEE_OperationHandle operation,TEE_OperationInfo * operationInfo)398 void TEE_GetOperationInfo(TEE_OperationHandle operation,
399 TEE_OperationInfo *operationInfo)
400 {
401 if (operation == TEE_HANDLE_NULL)
402 TEE_Panic(0);
403
404 __utee_check_out_annotation(operationInfo, sizeof(*operationInfo));
405
406 *operationInfo = operation->info;
407 if (operationInfo->handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) {
408 operationInfo->keySize = 0;
409 operationInfo->requiredKeyUsage = 0;
410 }
411 }
412
TEE_GetOperationInfoMultiple(TEE_OperationHandle op,TEE_OperationInfoMultiple * op_info,uint32_t * size)413 TEE_Result TEE_GetOperationInfoMultiple(TEE_OperationHandle op,
414 TEE_OperationInfoMultiple *op_info,
415 uint32_t *size)
416 {
417 TEE_Result res = TEE_SUCCESS;
418 TEE_ObjectInfo kinfo = { };
419 size_t max_key_count = 0;
420 bool two_keys = false;
421
422 if (op == TEE_HANDLE_NULL) {
423 res = TEE_ERROR_BAD_PARAMETERS;
424 goto out;
425 }
426
427 __utee_check_outbuf_annotation(op_info, size);
428
429 if (*size < sizeof(*op_info)) {
430 res = TEE_ERROR_BAD_PARAMETERS;
431 goto out;
432 }
433 max_key_count = (*size - sizeof(*op_info)) /
434 sizeof(TEE_OperationInfoKey);
435
436 TEE_MemFill(op_info, 0, *size);
437
438 /* Two keys flag (TEE_ALG_AES_XTS only) */
439 two_keys = op->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS;
440
441 if (op->info.mode == TEE_MODE_DIGEST) {
442 op_info->numberOfKeys = 0;
443 } else if (!two_keys) {
444 if (max_key_count < 1) {
445 res = TEE_ERROR_SHORT_BUFFER;
446 goto out;
447 }
448
449 res = TEE_GetObjectInfo1(op->key1, &kinfo);
450 /* Key1 is not a valid handle, "can't happen". */
451 if (res)
452 goto out;
453
454 op_info->keyInformation[0].keySize = kinfo.keySize;
455 op_info->keyInformation[0].requiredKeyUsage =
456 op->info.requiredKeyUsage;
457 op_info->numberOfKeys = 1;
458 } else {
459 if (max_key_count < 2) {
460 res = TEE_ERROR_SHORT_BUFFER;
461 goto out;
462 }
463
464 res = TEE_GetObjectInfo1(op->key1, &kinfo);
465 /* Key1 is not a valid handle, "can't happen". */
466 if (res)
467 goto out;
468
469 op_info->keyInformation[0].keySize = kinfo.keySize;
470 op_info->keyInformation[0].requiredKeyUsage =
471 op->info.requiredKeyUsage;
472
473 res = TEE_GetObjectInfo1(op->key2, &kinfo);
474 /* Key2 is not a valid handle, "can't happen". */
475 if (res)
476 goto out;
477
478 op_info->keyInformation[1].keySize = kinfo.keySize;
479 op_info->keyInformation[1].requiredKeyUsage =
480 op->info.requiredKeyUsage;
481
482 op_info->numberOfKeys = 2;
483 }
484
485 op_info->algorithm = op->info.algorithm;
486 op_info->operationClass = op->info.operationClass;
487 op_info->mode = op->info.mode;
488 op_info->digestLength = op->info.digestLength;
489 op_info->maxKeySize = op->info.maxKeySize;
490 op_info->handleState = op->info.handleState;
491 op_info->operationState = op->operationState;
492
493 out:
494 if (res != TEE_SUCCESS &&
495 res != TEE_ERROR_SHORT_BUFFER)
496 TEE_Panic(res);
497
498 return res;
499 }
500
TEE_ResetOperation(TEE_OperationHandle operation)501 void TEE_ResetOperation(TEE_OperationHandle operation)
502 {
503 TEE_Result res;
504
505 if (operation == TEE_HANDLE_NULL)
506 TEE_Panic(0);
507
508 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET))
509 TEE_Panic(0);
510
511 operation->operationState = TEE_OPERATION_STATE_INITIAL;
512
513 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
514 res = _utee_hash_init(operation->state, NULL, 0);
515 if (res != TEE_SUCCESS)
516 TEE_Panic(res);
517 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
518 } else {
519 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
520 }
521 }
522
TEE_SetOperationKey(TEE_OperationHandle operation,TEE_ObjectHandle key)523 TEE_Result TEE_SetOperationKey(TEE_OperationHandle operation,
524 TEE_ObjectHandle key)
525 {
526 TEE_Result res;
527 uint32_t key_size = 0;
528 TEE_ObjectInfo key_info;
529
530 if (operation == TEE_HANDLE_NULL) {
531 res = TEE_ERROR_BAD_PARAMETERS;
532 goto out;
533 }
534
535 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) {
536 res = TEE_ERROR_BAD_PARAMETERS;
537 goto out;
538 }
539
540 if (key == TEE_HANDLE_NULL) {
541 /* Operation key cleared */
542 TEE_ResetTransientObject(operation->key1);
543 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
544 return TEE_SUCCESS;
545 }
546
547 /* No key for digest operation */
548 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
549 res = TEE_ERROR_BAD_PARAMETERS;
550 goto out;
551 }
552
553 /* Two keys flag not expected (TEE_ALG_AES_XTS excluded) */
554 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) !=
555 0) {
556 res = TEE_ERROR_BAD_PARAMETERS;
557 goto out;
558 }
559
560 res = TEE_GetObjectInfo1(key, &key_info);
561 /* Key is not a valid handle */
562 if (res != TEE_SUCCESS)
563 goto out;
564
565 /* Supplied key has to meet required usage */
566 if ((key_info.objectUsage & operation->info.requiredKeyUsage) !=
567 operation->info.requiredKeyUsage) {
568 res = TEE_ERROR_BAD_PARAMETERS;
569 goto out;
570 }
571
572 if (operation->info.maxKeySize < key_info.keySize) {
573 res = TEE_ERROR_BAD_PARAMETERS;
574 goto out;
575 }
576
577 key_size = key_info.keySize;
578
579 TEE_ResetTransientObject(operation->key1);
580 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
581
582 res = TEE_CopyObjectAttributes1(operation->key1, key);
583 if (res != TEE_SUCCESS)
584 goto out;
585
586 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
587
588 operation->info.keySize = key_size;
589
590 out:
591 if (res != TEE_SUCCESS &&
592 res != TEE_ERROR_CORRUPT_OBJECT &&
593 res != TEE_ERROR_STORAGE_NOT_AVAILABLE)
594 TEE_Panic(res);
595
596 return res;
597 }
598
TEE_SetOperationKey2(TEE_OperationHandle operation,TEE_ObjectHandle key1,TEE_ObjectHandle key2)599 TEE_Result TEE_SetOperationKey2(TEE_OperationHandle operation,
600 TEE_ObjectHandle key1, TEE_ObjectHandle key2)
601 {
602 TEE_Result res;
603 uint32_t key_size = 0;
604 TEE_ObjectInfo key_info1;
605 TEE_ObjectInfo key_info2;
606
607 if (operation == TEE_HANDLE_NULL) {
608 res = TEE_ERROR_BAD_PARAMETERS;
609 goto out;
610 }
611
612 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) {
613 res = TEE_ERROR_BAD_PARAMETERS;
614 goto out;
615 }
616
617 /*
618 * Key1/Key2 and/or are not initialized and
619 * Either both keys are NULL or both are not NULL
620 */
621 if (!key1 && !key2) {
622 /* Clear the keys */
623 TEE_ResetTransientObject(operation->key1);
624 TEE_ResetTransientObject(operation->key2);
625 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
626 return TEE_SUCCESS;
627 } else if (!key1 || !key2) {
628 /* Both keys are obviously not valid. */
629 res = TEE_ERROR_BAD_PARAMETERS;
630 goto out;
631 }
632
633 /* No key for digest operation */
634 if (operation->info.operationClass == TEE_OPERATION_DIGEST) {
635 res = TEE_ERROR_BAD_PARAMETERS;
636 goto out;
637 }
638
639 /* Two keys flag expected (TEE_ALG_AES_XTS and TEE_ALG_SM2_KEP only) */
640 if ((operation->info.handleState & TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) ==
641 0) {
642 res = TEE_ERROR_BAD_PARAMETERS;
643 goto out;
644 }
645
646 res = TEE_GetObjectInfo1(key1, &key_info1);
647 /* Key1 is not a valid handle */
648 if (res != TEE_SUCCESS)
649 goto out;
650
651 /* Supplied key has to meet required usage */
652 if ((key_info1.objectUsage & operation->info.
653 requiredKeyUsage) != operation->info.requiredKeyUsage) {
654 res = TEE_ERROR_BAD_PARAMETERS;
655 goto out;
656 }
657
658 res = TEE_GetObjectInfo1(key2, &key_info2);
659 /* Key2 is not a valid handle */
660 if (res != TEE_SUCCESS) {
661 if (res == TEE_ERROR_CORRUPT_OBJECT)
662 res = TEE_ERROR_CORRUPT_OBJECT_2;
663 goto out;
664 }
665
666 /* Supplied key has to meet required usage */
667 if ((key_info2.objectUsage & operation->info.
668 requiredKeyUsage) != operation->info.requiredKeyUsage) {
669 res = TEE_ERROR_BAD_PARAMETERS;
670 goto out;
671 }
672
673 /*
674 * All the multi key algorithm currently supported requires the keys to
675 * be of equal size.
676 */
677 if (key_info1.keySize != key_info2.keySize) {
678 res = TEE_ERROR_BAD_PARAMETERS;
679 goto out;
680
681 }
682
683 if (operation->info.maxKeySize < key_info1.keySize) {
684 res = TEE_ERROR_BAD_PARAMETERS;
685 goto out;
686 }
687
688 /*
689 * Odd that only the size of one key should be reported while
690 * size of two key are used when allocating the operation.
691 */
692 key_size = key_info1.keySize;
693
694 TEE_ResetTransientObject(operation->key1);
695 TEE_ResetTransientObject(operation->key2);
696 operation->info.handleState &= ~TEE_HANDLE_FLAG_KEY_SET;
697
698 res = TEE_CopyObjectAttributes1(operation->key1, key1);
699 if (res != TEE_SUCCESS)
700 goto out;
701 res = TEE_CopyObjectAttributes1(operation->key2, key2);
702 if (res != TEE_SUCCESS) {
703 if (res == TEE_ERROR_CORRUPT_OBJECT)
704 res = TEE_ERROR_CORRUPT_OBJECT_2;
705 goto out;
706 }
707
708 operation->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
709
710 operation->info.keySize = key_size;
711
712 out:
713 if (res != TEE_SUCCESS &&
714 res != TEE_ERROR_CORRUPT_OBJECT &&
715 res != TEE_ERROR_CORRUPT_OBJECT_2 &&
716 res != TEE_ERROR_STORAGE_NOT_AVAILABLE &&
717 res != TEE_ERROR_STORAGE_NOT_AVAILABLE_2)
718 TEE_Panic(res);
719
720 return res;
721 }
722
TEE_CopyOperation(TEE_OperationHandle dst_op,TEE_OperationHandle src_op)723 void TEE_CopyOperation(TEE_OperationHandle dst_op, TEE_OperationHandle src_op)
724 {
725 TEE_Result res;
726
727 if (dst_op == TEE_HANDLE_NULL || src_op == TEE_HANDLE_NULL)
728 TEE_Panic(0);
729 if (dst_op->info.algorithm != src_op->info.algorithm)
730 TEE_Panic(0);
731 if (dst_op->info.mode != src_op->info.mode)
732 TEE_Panic(0);
733 if (src_op->info.operationClass != TEE_OPERATION_DIGEST) {
734 TEE_ObjectHandle key1 = TEE_HANDLE_NULL;
735 TEE_ObjectHandle key2 = TEE_HANDLE_NULL;
736
737 if (src_op->info.handleState & TEE_HANDLE_FLAG_KEY_SET) {
738 key1 = src_op->key1;
739 key2 = src_op->key2;
740 }
741
742 if ((src_op->info.handleState &
743 TEE_HANDLE_FLAG_EXPECT_TWO_KEYS) == 0) {
744 TEE_SetOperationKey(dst_op, key1);
745 } else {
746 TEE_SetOperationKey2(dst_op, key1, key2);
747 }
748 }
749 dst_op->info.handleState = src_op->info.handleState;
750 dst_op->info.keySize = src_op->info.keySize;
751 dst_op->info.digestLength = src_op->info.digestLength;
752 dst_op->operationState = src_op->operationState;
753
754 if (dst_op->buffer_two_blocks != src_op->buffer_two_blocks ||
755 dst_op->block_size != src_op->block_size)
756 TEE_Panic(0);
757
758 if (dst_op->buffer != NULL) {
759 if (src_op->buffer == NULL)
760 TEE_Panic(0);
761
762 memcpy(dst_op->buffer, src_op->buffer, src_op->buffer_offs);
763 dst_op->buffer_offs = src_op->buffer_offs;
764 } else if (src_op->buffer != NULL) {
765 TEE_Panic(0);
766 }
767
768 res = _utee_cryp_state_copy(dst_op->state, src_op->state);
769 if (res != TEE_SUCCESS)
770 TEE_Panic(res);
771 }
772
773 /* Cryptographic Operations API - Message Digest Functions */
774
init_hash_operation(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)775 static void init_hash_operation(TEE_OperationHandle operation, const void *IV,
776 uint32_t IVLen)
777 {
778 TEE_Result res;
779
780 /*
781 * Note : IV and IVLen are never used in current implementation
782 * This is why coherent values of IV and IVLen are not checked
783 */
784 res = _utee_hash_init(operation->state, IV, IVLen);
785 if (res != TEE_SUCCESS)
786 TEE_Panic(res);
787 operation->buffer_offs = 0;
788 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
789 }
790
TEE_DigestUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)791 void TEE_DigestUpdate(TEE_OperationHandle operation,
792 const void *chunk, uint32_t chunkSize)
793 {
794 TEE_Result res = TEE_ERROR_GENERIC;
795
796 if (operation == TEE_HANDLE_NULL ||
797 operation->info.operationClass != TEE_OPERATION_DIGEST)
798 TEE_Panic(0);
799
800 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
801
802 res = _utee_hash_update(operation->state, chunk, chunkSize);
803 if (res != TEE_SUCCESS)
804 TEE_Panic(res);
805 }
806
TEE_DigestDoFinal(TEE_OperationHandle operation,const void * chunk,uint32_t chunkLen,void * hash,uint32_t * hashLen)807 TEE_Result TEE_DigestDoFinal(TEE_OperationHandle operation, const void *chunk,
808 uint32_t chunkLen, void *hash, uint32_t *hashLen)
809 {
810 TEE_Result res;
811 uint64_t hl;
812
813 if ((operation == TEE_HANDLE_NULL) ||
814 (!chunk && chunkLen) ||
815 (operation->info.operationClass != TEE_OPERATION_DIGEST)) {
816 res = TEE_ERROR_BAD_PARAMETERS;
817 goto out;
818 }
819 __utee_check_inout_annotation(hashLen, sizeof(*hashLen));
820
821 hl = *hashLen;
822 res = _utee_hash_final(operation->state, chunk, chunkLen, hash, &hl);
823 *hashLen = hl;
824 if (res != TEE_SUCCESS)
825 goto out;
826
827 /* Reset operation state */
828 init_hash_operation(operation, NULL, 0);
829
830 operation->operationState = TEE_OPERATION_STATE_INITIAL;
831
832 out:
833 if (res != TEE_SUCCESS &&
834 res != TEE_ERROR_SHORT_BUFFER)
835 TEE_Panic(res);
836
837 return res;
838 }
839
840 /* Cryptographic Operations API - Symmetric Cipher Functions */
841
TEE_CipherInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)842 void TEE_CipherInit(TEE_OperationHandle operation, const void *IV,
843 uint32_t IVLen)
844 {
845 TEE_Result res;
846
847 if (operation == TEE_HANDLE_NULL)
848 TEE_Panic(0);
849
850 if (operation->info.operationClass != TEE_OPERATION_CIPHER)
851 TEE_Panic(0);
852
853 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
854 !(operation->key1))
855 TEE_Panic(0);
856
857 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
858 TEE_ResetOperation(operation);
859
860 if (IV && IVLen) {
861 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
862 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
863 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
864 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD)
865 TEE_Panic(0);
866 }
867
868 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
869
870 res = _utee_cipher_init(operation->state, IV, IVLen);
871 if (res != TEE_SUCCESS)
872 TEE_Panic(res);
873
874 operation->buffer_offs = 0;
875 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
876 }
877
tee_buffer_update(TEE_OperationHandle op,TEE_Result (* update_func)(unsigned long state,const void * src,size_t slen,void * dst,uint64_t * dlen),const void * src_data,size_t src_len,void * dest_data,uint64_t * dest_len)878 static TEE_Result tee_buffer_update(
879 TEE_OperationHandle op,
880 TEE_Result(*update_func)(unsigned long state, const void *src,
881 size_t slen, void *dst, uint64_t *dlen),
882 const void *src_data, size_t src_len,
883 void *dest_data, uint64_t *dest_len)
884 {
885 TEE_Result res;
886 const uint8_t *src = src_data;
887 size_t slen = src_len;
888 uint8_t *dst = dest_data;
889 size_t dlen = *dest_len;
890 size_t acc_dlen = 0;
891 uint64_t tmp_dlen;
892 size_t l;
893 size_t buffer_size;
894 size_t buffer_left;
895
896 if (!src) {
897 if (slen)
898 TEE_Panic(0);
899 goto out;
900 }
901
902 if (op->buffer_two_blocks) {
903 buffer_size = op->block_size * 2;
904 buffer_left = 1;
905 } else {
906 buffer_size = op->block_size;
907 buffer_left = 0;
908 }
909
910 if (op->buffer_offs > 0) {
911 /* Fill up complete block */
912 if (op->buffer_offs < op->block_size)
913 l = MIN(slen, op->block_size - op->buffer_offs);
914 else
915 l = MIN(slen, buffer_size - op->buffer_offs);
916 memcpy(op->buffer + op->buffer_offs, src, l);
917 op->buffer_offs += l;
918 src += l;
919 slen -= l;
920 if ((op->buffer_offs % op->block_size) != 0)
921 goto out; /* Nothing left to do */
922 }
923
924 /* If we can feed from buffer */
925 if ((op->buffer_offs > 0) &&
926 ((op->buffer_offs + slen) >= (buffer_size + buffer_left))) {
927 l = ROUNDUP(op->buffer_offs + slen - buffer_size,
928 op->block_size);
929 l = MIN(op->buffer_offs, l);
930 tmp_dlen = dlen;
931 res = update_func(op->state, op->buffer, l, dst, &tmp_dlen);
932 if (res != TEE_SUCCESS)
933 TEE_Panic(res);
934 dst += tmp_dlen;
935 dlen -= tmp_dlen;
936 acc_dlen += tmp_dlen;
937 op->buffer_offs -= l;
938 if (op->buffer_offs > 0) {
939 /*
940 * Slen is small enough to be contained in rest buffer.
941 */
942 memcpy(op->buffer, op->buffer + l, buffer_size - l);
943 memcpy(op->buffer + op->buffer_offs, src, slen);
944 op->buffer_offs += slen;
945 goto out; /* Nothing left to do */
946 }
947 }
948
949 if (slen >= (buffer_size + buffer_left)) {
950 /* Buffer is empty, feed as much as possible from src */
951 if (op->info.algorithm == TEE_ALG_AES_CTS)
952 l = ROUNDUP(slen - buffer_size, op->block_size);
953 else
954 l = ROUNDUP(slen - buffer_size + 1, op->block_size);
955
956 tmp_dlen = dlen;
957 res = update_func(op->state, src, l, dst, &tmp_dlen);
958 if (res != TEE_SUCCESS)
959 TEE_Panic(res);
960 src += l;
961 slen -= l;
962 dst += tmp_dlen;
963 dlen -= tmp_dlen;
964 acc_dlen += tmp_dlen;
965 }
966
967 /* Slen is small enough to be contained in buffer. */
968 memcpy(op->buffer + op->buffer_offs, src, slen);
969 op->buffer_offs += slen;
970
971 out:
972 *dest_len = acc_dlen;
973 return TEE_SUCCESS;
974 }
975
TEE_CipherUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)976 TEE_Result TEE_CipherUpdate(TEE_OperationHandle operation, const void *srcData,
977 uint32_t srcLen, void *destData, uint32_t *destLen)
978 {
979 TEE_Result res;
980 size_t req_dlen;
981 uint64_t dl;
982
983 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
984 res = TEE_ERROR_BAD_PARAMETERS;
985 goto out;
986 }
987 __utee_check_inout_annotation(destLen, sizeof(*destLen));
988
989 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
990 res = TEE_ERROR_BAD_PARAMETERS;
991 goto out;
992 }
993
994 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
995 res = TEE_ERROR_BAD_PARAMETERS;
996 goto out;
997 }
998
999 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1000 res = TEE_ERROR_BAD_PARAMETERS;
1001 goto out;
1002 }
1003
1004 if (!srcData && !srcLen) {
1005 *destLen = 0;
1006 res = TEE_SUCCESS;
1007 goto out;
1008 }
1009
1010 /* Calculate required dlen */
1011 if (operation->block_size > 1) {
1012 req_dlen = ((operation->buffer_offs + srcLen) /
1013 operation->block_size) * operation->block_size;
1014 } else {
1015 req_dlen = srcLen;
1016 }
1017 if (operation->buffer_two_blocks) {
1018 if (req_dlen > operation->block_size * 2)
1019 req_dlen -= operation->block_size * 2;
1020 else
1021 req_dlen = 0;
1022 }
1023 /*
1024 * Check that required destLen is big enough before starting to feed
1025 * data to the algorithm. Errors during feeding of data are fatal as we
1026 * can't restore sync with this API.
1027 */
1028 if (*destLen < req_dlen) {
1029 *destLen = req_dlen;
1030 res = TEE_ERROR_SHORT_BUFFER;
1031 goto out;
1032 }
1033
1034 dl = *destLen;
1035 if (operation->block_size > 1) {
1036 res = tee_buffer_update(operation, _utee_cipher_update, srcData,
1037 srcLen, destData, &dl);
1038 } else {
1039 if (srcLen > 0) {
1040 res = _utee_cipher_update(operation->state, srcData,
1041 srcLen, destData, &dl);
1042 } else {
1043 res = TEE_SUCCESS;
1044 dl = 0;
1045 }
1046 }
1047 *destLen = dl;
1048
1049 out:
1050 if (res != TEE_SUCCESS &&
1051 res != TEE_ERROR_SHORT_BUFFER)
1052 TEE_Panic(res);
1053
1054 return res;
1055 }
1056
TEE_CipherDoFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1057 TEE_Result TEE_CipherDoFinal(TEE_OperationHandle operation,
1058 const void *srcData, uint32_t srcLen,
1059 void *destData, uint32_t *destLen)
1060 {
1061 TEE_Result res = TEE_SUCCESS;
1062 uint8_t *dst = destData;
1063 size_t acc_dlen = 0;
1064 uint64_t tmp_dlen = 0;
1065 size_t req_dlen = 0;
1066
1067 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1068 res = TEE_ERROR_BAD_PARAMETERS;
1069 goto out;
1070 }
1071 if (destLen)
1072 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1073
1074 if (operation->info.operationClass != TEE_OPERATION_CIPHER) {
1075 res = TEE_ERROR_BAD_PARAMETERS;
1076 goto out;
1077 }
1078
1079 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1080 res = TEE_ERROR_BAD_PARAMETERS;
1081 goto out;
1082 }
1083
1084 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1085 res = TEE_ERROR_BAD_PARAMETERS;
1086 goto out;
1087 }
1088
1089 /*
1090 * Check that the final block doesn't require padding for those
1091 * algorithms that requires client to supply padding.
1092 */
1093 if (operation->info.algorithm == TEE_ALG_AES_ECB_NOPAD ||
1094 operation->info.algorithm == TEE_ALG_AES_CBC_NOPAD ||
1095 operation->info.algorithm == TEE_ALG_DES_ECB_NOPAD ||
1096 operation->info.algorithm == TEE_ALG_DES_CBC_NOPAD ||
1097 operation->info.algorithm == TEE_ALG_DES3_ECB_NOPAD ||
1098 operation->info.algorithm == TEE_ALG_DES3_CBC_NOPAD ||
1099 operation->info.algorithm == TEE_ALG_SM4_ECB_NOPAD ||
1100 operation->info.algorithm == TEE_ALG_SM4_CBC_NOPAD) {
1101 if (((operation->buffer_offs + srcLen) % operation->block_size)
1102 != 0) {
1103 res = TEE_ERROR_BAD_PARAMETERS;
1104 goto out;
1105 }
1106 }
1107
1108 /*
1109 * Check that required destLen is big enough before starting to feed
1110 * data to the algorithm. Errors during feeding of data are fatal as we
1111 * can't restore sync with this API.
1112 */
1113 if (operation->block_size > 1) {
1114 req_dlen = operation->buffer_offs + srcLen;
1115 } else {
1116 req_dlen = srcLen;
1117 }
1118 if (destLen)
1119 tmp_dlen = *destLen;
1120 if (tmp_dlen < req_dlen) {
1121 if (destLen)
1122 *destLen = req_dlen;
1123 res = TEE_ERROR_SHORT_BUFFER;
1124 goto out;
1125 }
1126
1127 if (operation->block_size > 1) {
1128 if (srcLen) {
1129 res = tee_buffer_update(operation, _utee_cipher_update,
1130 srcData, srcLen, dst,
1131 &tmp_dlen);
1132 if (res != TEE_SUCCESS)
1133 goto out;
1134
1135 dst += tmp_dlen;
1136 acc_dlen += tmp_dlen;
1137
1138 tmp_dlen = *destLen - acc_dlen;
1139 }
1140 res = _utee_cipher_final(operation->state, operation->buffer,
1141 operation->buffer_offs, dst,
1142 &tmp_dlen);
1143 } else {
1144 res = _utee_cipher_final(operation->state, srcData, srcLen, dst,
1145 &tmp_dlen);
1146 }
1147 if (res != TEE_SUCCESS)
1148 goto out;
1149
1150 acc_dlen += tmp_dlen;
1151 if (destLen)
1152 *destLen = acc_dlen;
1153
1154 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1155
1156 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1157
1158 out:
1159 if (res != TEE_SUCCESS &&
1160 res != TEE_ERROR_SHORT_BUFFER)
1161 TEE_Panic(res);
1162
1163 return res;
1164 }
1165
1166 /* Cryptographic Operations API - MAC Functions */
1167
TEE_MACInit(TEE_OperationHandle operation,const void * IV,uint32_t IVLen)1168 void TEE_MACInit(TEE_OperationHandle operation, const void *IV, uint32_t IVLen)
1169 {
1170 if (operation == TEE_HANDLE_NULL)
1171 TEE_Panic(0);
1172
1173 if (operation->info.operationClass != TEE_OPERATION_MAC)
1174 TEE_Panic(0);
1175
1176 if (!(operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) ||
1177 !(operation->key1))
1178 TEE_Panic(0);
1179
1180 if (operation->operationState != TEE_OPERATION_STATE_INITIAL)
1181 TEE_ResetOperation(operation);
1182
1183 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1184
1185 init_hash_operation(operation, IV, IVLen);
1186 }
1187
TEE_MACUpdate(TEE_OperationHandle operation,const void * chunk,uint32_t chunkSize)1188 void TEE_MACUpdate(TEE_OperationHandle operation, const void *chunk,
1189 uint32_t chunkSize)
1190 {
1191 TEE_Result res;
1192
1193 if (operation == TEE_HANDLE_NULL || (chunk == NULL && chunkSize != 0))
1194 TEE_Panic(0);
1195
1196 if (operation->info.operationClass != TEE_OPERATION_MAC)
1197 TEE_Panic(0);
1198
1199 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1200 TEE_Panic(0);
1201
1202 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE)
1203 TEE_Panic(0);
1204
1205 res = _utee_hash_update(operation->state, chunk, chunkSize);
1206 if (res != TEE_SUCCESS)
1207 TEE_Panic(res);
1208 }
1209
TEE_MACComputeFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,void * mac,uint32_t * macLen)1210 TEE_Result TEE_MACComputeFinal(TEE_OperationHandle operation,
1211 const void *message, uint32_t messageLen,
1212 void *mac, uint32_t *macLen)
1213 {
1214 TEE_Result res;
1215 uint64_t ml;
1216
1217 if (operation == TEE_HANDLE_NULL || (!message && messageLen)) {
1218 res = TEE_ERROR_BAD_PARAMETERS;
1219 goto out;
1220 }
1221 __utee_check_inout_annotation(macLen, sizeof(*macLen));
1222
1223 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1224 res = TEE_ERROR_BAD_PARAMETERS;
1225 goto out;
1226 }
1227
1228 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1229 res = TEE_ERROR_BAD_PARAMETERS;
1230 goto out;
1231 }
1232
1233 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1234 res = TEE_ERROR_BAD_PARAMETERS;
1235 goto out;
1236 }
1237
1238 ml = *macLen;
1239 res = _utee_hash_final(operation->state, message, messageLen, mac, &ml);
1240 *macLen = ml;
1241 if (res != TEE_SUCCESS)
1242 goto out;
1243
1244 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1245
1246 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1247
1248 out:
1249 if (res != TEE_SUCCESS &&
1250 res != TEE_ERROR_SHORT_BUFFER)
1251 TEE_Panic(res);
1252
1253 return res;
1254 }
1255
TEE_MACCompareFinal(TEE_OperationHandle operation,const void * message,uint32_t messageLen,const void * mac,uint32_t macLen)1256 TEE_Result TEE_MACCompareFinal(TEE_OperationHandle operation,
1257 const void *message, uint32_t messageLen,
1258 const void *mac, uint32_t macLen)
1259 {
1260 TEE_Result res;
1261 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 };
1262 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE;
1263
1264 if (operation->info.operationClass != TEE_OPERATION_MAC) {
1265 res = TEE_ERROR_BAD_PARAMETERS;
1266 goto out;
1267 }
1268
1269 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1270 res = TEE_ERROR_BAD_PARAMETERS;
1271 goto out;
1272 }
1273
1274 if (operation->operationState != TEE_OPERATION_STATE_ACTIVE) {
1275 res = TEE_ERROR_BAD_PARAMETERS;
1276 goto out;
1277 }
1278
1279 res = TEE_MACComputeFinal(operation, message, messageLen, computed_mac,
1280 &computed_mac_size);
1281 if (res != TEE_SUCCESS)
1282 goto out;
1283
1284 if (computed_mac_size != macLen) {
1285 res = TEE_ERROR_MAC_INVALID;
1286 goto out;
1287 }
1288
1289 if (consttime_memcmp(mac, computed_mac, computed_mac_size) != 0) {
1290 res = TEE_ERROR_MAC_INVALID;
1291 goto out;
1292 }
1293
1294 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1295
1296 out:
1297 if (res != TEE_SUCCESS &&
1298 res != TEE_ERROR_MAC_INVALID)
1299 TEE_Panic(res);
1300
1301 return res;
1302 }
1303
1304 /* Cryptographic Operations API - Authenticated Encryption Functions */
1305
TEE_AEInit(TEE_OperationHandle operation,const void * nonce,uint32_t nonceLen,uint32_t tagLen,uint32_t AADLen,uint32_t payloadLen)1306 TEE_Result TEE_AEInit(TEE_OperationHandle operation, const void *nonce,
1307 uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen,
1308 uint32_t payloadLen)
1309 {
1310 TEE_Result res;
1311
1312 if (operation == TEE_HANDLE_NULL || nonce == NULL) {
1313 res = TEE_ERROR_BAD_PARAMETERS;
1314 goto out;
1315 }
1316
1317 if (operation->info.operationClass != TEE_OPERATION_AE) {
1318 res = TEE_ERROR_BAD_PARAMETERS;
1319 goto out;
1320 }
1321
1322 if (operation->operationState != TEE_OPERATION_STATE_INITIAL) {
1323 res = TEE_ERROR_BAD_PARAMETERS;
1324 goto out;
1325 }
1326
1327 /*
1328 * AES-CCM tag len is specified by AES-CCM spec and handled in TEE Core
1329 * in the implementation. But AES-GCM spec doesn't specify the tag len
1330 * according to the same principle so we have to check here instead to
1331 * be GP compliant.
1332 */
1333 if (operation->info.algorithm == TEE_ALG_AES_GCM) {
1334 /*
1335 * From GP spec: For AES-GCM, can be 128, 120, 112, 104, or 96
1336 */
1337 if (tagLen < 96 || tagLen > 128 || (tagLen % 8 != 0)) {
1338 res = TEE_ERROR_NOT_SUPPORTED;
1339 goto out;
1340 }
1341 }
1342
1343 res = _utee_authenc_init(operation->state, nonce, nonceLen, tagLen / 8,
1344 AADLen, payloadLen);
1345 if (res != TEE_SUCCESS)
1346 goto out;
1347
1348 operation->info.digestLength = tagLen / 8;
1349 operation->buffer_offs = 0;
1350 operation->info.handleState |= TEE_HANDLE_FLAG_INITIALIZED;
1351
1352 out:
1353 if (res != TEE_SUCCESS &&
1354 res != TEE_ERROR_NOT_SUPPORTED)
1355 TEE_Panic(res);
1356
1357 return res;
1358 }
1359
TEE_AEUpdateAAD(TEE_OperationHandle operation,const void * AADdata,uint32_t AADdataLen)1360 void TEE_AEUpdateAAD(TEE_OperationHandle operation, const void *AADdata,
1361 uint32_t AADdataLen)
1362 {
1363 TEE_Result res;
1364
1365 if (operation == TEE_HANDLE_NULL ||
1366 (AADdata == NULL && AADdataLen != 0))
1367 TEE_Panic(0);
1368
1369 if (operation->info.operationClass != TEE_OPERATION_AE)
1370 TEE_Panic(0);
1371
1372 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0)
1373 TEE_Panic(0);
1374
1375 res = _utee_authenc_update_aad(operation->state, AADdata, AADdataLen);
1376
1377 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1378
1379 if (res != TEE_SUCCESS)
1380 TEE_Panic(res);
1381 }
1382
TEE_AEUpdate(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1383 TEE_Result TEE_AEUpdate(TEE_OperationHandle operation, const void *srcData,
1384 uint32_t srcLen, void *destData, uint32_t *destLen)
1385 {
1386 TEE_Result res = TEE_SUCCESS;
1387 size_t req_dlen = 0;
1388 uint64_t dl = 0;
1389
1390 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1391 res = TEE_ERROR_BAD_PARAMETERS;
1392 goto out;
1393 }
1394 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1395
1396 if (operation->info.operationClass != TEE_OPERATION_AE) {
1397 res = TEE_ERROR_BAD_PARAMETERS;
1398 goto out;
1399 }
1400
1401 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1402 res = TEE_ERROR_BAD_PARAMETERS;
1403 goto out;
1404 }
1405
1406 if (!srcData && !srcLen) {
1407 *destLen = 0;
1408 res = TEE_SUCCESS;
1409 goto out;
1410 }
1411
1412 /*
1413 * Check that required destLen is big enough before starting to feed
1414 * data to the algorithm. Errors during feeding of data are fatal as we
1415 * can't restore sync with this API.
1416 */
1417 if (operation->block_size > 1) {
1418 req_dlen = ROUNDDOWN(operation->buffer_offs + srcLen,
1419 operation->block_size);
1420 } else {
1421 req_dlen = srcLen;
1422 }
1423
1424 dl = *destLen;
1425 if (dl < req_dlen) {
1426 *destLen = req_dlen;
1427 res = TEE_ERROR_SHORT_BUFFER;
1428 goto out;
1429 }
1430
1431 if (operation->block_size > 1) {
1432 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1433 srcData, srcLen, destData, &dl);
1434 } else {
1435 if (srcLen > 0) {
1436 res = _utee_authenc_update_payload(operation->state,
1437 srcData, srcLen,
1438 destData, &dl);
1439 } else {
1440 dl = 0;
1441 res = TEE_SUCCESS;
1442 }
1443 }
1444 if (res != TEE_SUCCESS)
1445 goto out;
1446
1447 *destLen = dl;
1448
1449 operation->operationState = TEE_OPERATION_STATE_ACTIVE;
1450
1451 out:
1452 if (res != TEE_SUCCESS &&
1453 res != TEE_ERROR_SHORT_BUFFER)
1454 TEE_Panic(res);
1455
1456 return res;
1457 }
1458
TEE_AEEncryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t * tagLen)1459 TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation,
1460 const void *srcData, uint32_t srcLen,
1461 void *destData, uint32_t *destLen, void *tag,
1462 uint32_t *tagLen)
1463 {
1464 TEE_Result res;
1465 uint8_t *dst = destData;
1466 size_t acc_dlen = 0;
1467 uint64_t tmp_dlen;
1468 size_t req_dlen;
1469 uint64_t tl;
1470
1471 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1472 res = TEE_ERROR_BAD_PARAMETERS;
1473 goto out;
1474 }
1475 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1476 __utee_check_inout_annotation(tagLen, sizeof(*tagLen));
1477
1478 if (operation->info.operationClass != TEE_OPERATION_AE) {
1479 res = TEE_ERROR_BAD_PARAMETERS;
1480 goto out;
1481 }
1482
1483 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1484 res = TEE_ERROR_BAD_PARAMETERS;
1485 goto out;
1486 }
1487
1488 /*
1489 * Check that required destLen is big enough before starting to feed
1490 * data to the algorithm. Errors during feeding of data are fatal as we
1491 * can't restore sync with this API.
1492 *
1493 * Need to check this before update_payload since sync would be lost if
1494 * we return short buffer after that.
1495 */
1496 res = TEE_ERROR_GENERIC;
1497
1498 req_dlen = operation->buffer_offs + srcLen;
1499 if (*destLen < req_dlen) {
1500 *destLen = req_dlen;
1501 res = TEE_ERROR_SHORT_BUFFER;
1502 }
1503
1504 if (*tagLen < operation->info.digestLength) {
1505 *tagLen = operation->info.digestLength;
1506 res = TEE_ERROR_SHORT_BUFFER;
1507 }
1508
1509 if (res == TEE_ERROR_SHORT_BUFFER)
1510 goto out;
1511
1512 tl = *tagLen;
1513 tmp_dlen = *destLen - acc_dlen;
1514 if (operation->block_size > 1) {
1515 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1516 srcData, srcLen, dst, &tmp_dlen);
1517 if (res != TEE_SUCCESS)
1518 goto out;
1519
1520 dst += tmp_dlen;
1521 acc_dlen += tmp_dlen;
1522
1523 tmp_dlen = *destLen - acc_dlen;
1524 res = _utee_authenc_enc_final(operation->state,
1525 operation->buffer,
1526 operation->buffer_offs, dst,
1527 &tmp_dlen, tag, &tl);
1528 } else {
1529 res = _utee_authenc_enc_final(operation->state, srcData,
1530 srcLen, dst, &tmp_dlen,
1531 tag, &tl);
1532 }
1533 *tagLen = tl;
1534 if (res != TEE_SUCCESS)
1535 goto out;
1536
1537 acc_dlen += tmp_dlen;
1538 *destLen = acc_dlen;
1539
1540 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1541
1542 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1543
1544 out:
1545 if (res != TEE_SUCCESS &&
1546 res != TEE_ERROR_SHORT_BUFFER)
1547 TEE_Panic(res);
1548
1549 return res;
1550 }
1551
TEE_AEDecryptFinal(TEE_OperationHandle operation,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen,void * tag,uint32_t tagLen)1552 TEE_Result TEE_AEDecryptFinal(TEE_OperationHandle operation,
1553 const void *srcData, uint32_t srcLen,
1554 void *destData, uint32_t *destLen, void *tag,
1555 uint32_t tagLen)
1556 {
1557 TEE_Result res;
1558 uint8_t *dst = destData;
1559 size_t acc_dlen = 0;
1560 uint64_t tmp_dlen;
1561 size_t req_dlen;
1562
1563 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen)) {
1564 res = TEE_ERROR_BAD_PARAMETERS;
1565 goto out;
1566 }
1567 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1568
1569 if (operation->info.operationClass != TEE_OPERATION_AE) {
1570 res = TEE_ERROR_BAD_PARAMETERS;
1571 goto out;
1572 }
1573
1574 if ((operation->info.handleState & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
1575 res = TEE_ERROR_BAD_PARAMETERS;
1576 goto out;
1577 }
1578
1579 /*
1580 * Check that required destLen is big enough before starting to feed
1581 * data to the algorithm. Errors during feeding of data are fatal as we
1582 * can't restore sync with this API.
1583 */
1584 req_dlen = operation->buffer_offs + srcLen;
1585 if (*destLen < req_dlen) {
1586 *destLen = req_dlen;
1587 res = TEE_ERROR_SHORT_BUFFER;
1588 goto out;
1589 }
1590
1591 tmp_dlen = *destLen - acc_dlen;
1592 if (operation->block_size > 1) {
1593 res = tee_buffer_update(operation, _utee_authenc_update_payload,
1594 srcData, srcLen, dst, &tmp_dlen);
1595 if (res != TEE_SUCCESS)
1596 goto out;
1597
1598 dst += tmp_dlen;
1599 acc_dlen += tmp_dlen;
1600
1601 tmp_dlen = *destLen - acc_dlen;
1602 res = _utee_authenc_dec_final(operation->state,
1603 operation->buffer,
1604 operation->buffer_offs, dst,
1605 &tmp_dlen, tag, tagLen);
1606 } else {
1607 res = _utee_authenc_dec_final(operation->state, srcData,
1608 srcLen, dst, &tmp_dlen,
1609 tag, tagLen);
1610 }
1611 if (res != TEE_SUCCESS)
1612 goto out;
1613
1614 /* Supplied tagLen should match what we initiated with */
1615 if (tagLen != operation->info.digestLength)
1616 res = TEE_ERROR_MAC_INVALID;
1617
1618 acc_dlen += tmp_dlen;
1619 *destLen = acc_dlen;
1620
1621 operation->info.handleState &= ~TEE_HANDLE_FLAG_INITIALIZED;
1622
1623 operation->operationState = TEE_OPERATION_STATE_INITIAL;
1624
1625 out:
1626 if (res != TEE_SUCCESS &&
1627 res != TEE_ERROR_SHORT_BUFFER &&
1628 res != TEE_ERROR_MAC_INVALID)
1629 TEE_Panic(res);
1630
1631 return res;
1632 }
1633
1634 /* Cryptographic Operations API - Asymmetric Functions */
1635
TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1636 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation,
1637 const TEE_Attribute *params,
1638 uint32_t paramCount, const void *srcData,
1639 uint32_t srcLen, void *destData,
1640 uint32_t *destLen)
1641 {
1642 TEE_Result res = TEE_SUCCESS;
1643 struct utee_attribute ua[paramCount];
1644 uint64_t dl = 0;
1645
1646 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
1647 TEE_Panic(0);
1648
1649 __utee_check_attr_in_annotation(params, paramCount);
1650 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1651
1652 if (!operation->key1)
1653 TEE_Panic(0);
1654 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
1655 TEE_Panic(0);
1656 if (operation->info.mode != TEE_MODE_ENCRYPT)
1657 TEE_Panic(0);
1658
1659 __utee_from_attr(ua, params, paramCount);
1660 dl = *destLen;
1661 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
1662 srcLen, destData, &dl);
1663 *destLen = dl;
1664
1665 if (res != TEE_SUCCESS &&
1666 res != TEE_ERROR_SHORT_BUFFER &&
1667 res != TEE_ERROR_BAD_PARAMETERS)
1668 TEE_Panic(res);
1669
1670 return res;
1671 }
1672
TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * srcData,uint32_t srcLen,void * destData,uint32_t * destLen)1673 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation,
1674 const TEE_Attribute *params,
1675 uint32_t paramCount, const void *srcData,
1676 uint32_t srcLen, void *destData,
1677 uint32_t *destLen)
1678 {
1679 TEE_Result res = TEE_SUCCESS;
1680 struct utee_attribute ua[paramCount];
1681 uint64_t dl = 0;
1682
1683 if (operation == TEE_HANDLE_NULL || (!srcData && srcLen))
1684 TEE_Panic(0);
1685
1686 __utee_check_attr_in_annotation(params, paramCount);
1687 __utee_check_inout_annotation(destLen, sizeof(*destLen));
1688
1689 if (!operation->key1)
1690 TEE_Panic(0);
1691 if (operation->info.operationClass != TEE_OPERATION_ASYMMETRIC_CIPHER)
1692 TEE_Panic(0);
1693 if (operation->info.mode != TEE_MODE_DECRYPT)
1694 TEE_Panic(0);
1695
1696 __utee_from_attr(ua, params, paramCount);
1697 dl = *destLen;
1698 res = _utee_asymm_operate(operation->state, ua, paramCount, srcData,
1699 srcLen, destData, &dl);
1700 *destLen = dl;
1701
1702 if (res != TEE_SUCCESS &&
1703 res != TEE_ERROR_SHORT_BUFFER &&
1704 res != TEE_ERROR_BAD_PARAMETERS)
1705 TEE_Panic(res);
1706
1707 return res;
1708 }
1709
TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,void * signature,uint32_t * signatureLen)1710 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation,
1711 const TEE_Attribute *params,
1712 uint32_t paramCount, const void *digest,
1713 uint32_t digestLen, void *signature,
1714 uint32_t *signatureLen)
1715 {
1716 TEE_Result res = TEE_SUCCESS;
1717 struct utee_attribute ua[paramCount];
1718 uint64_t sl = 0;
1719
1720 if (operation == TEE_HANDLE_NULL || (!digest && digestLen))
1721 TEE_Panic(0);
1722
1723 __utee_check_attr_in_annotation(params, paramCount);
1724 __utee_check_inout_annotation(signatureLen, sizeof(*signatureLen));
1725
1726 if (!operation->key1)
1727 TEE_Panic(0);
1728 if (operation->info.operationClass !=
1729 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
1730 TEE_Panic(0);
1731 if (operation->info.mode != TEE_MODE_SIGN)
1732 TEE_Panic(0);
1733
1734 __utee_from_attr(ua, params, paramCount);
1735 sl = *signatureLen;
1736 res = _utee_asymm_operate(operation->state, ua, paramCount, digest,
1737 digestLen, signature, &sl);
1738 *signatureLen = sl;
1739
1740 if (res != TEE_SUCCESS && res != TEE_ERROR_SHORT_BUFFER)
1741 TEE_Panic(res);
1742
1743 return res;
1744 }
1745
TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,const void * digest,uint32_t digestLen,const void * signature,uint32_t signatureLen)1746 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,
1747 const TEE_Attribute *params,
1748 uint32_t paramCount, const void *digest,
1749 uint32_t digestLen,
1750 const void *signature,
1751 uint32_t signatureLen)
1752 {
1753 TEE_Result res;
1754 struct utee_attribute ua[paramCount];
1755
1756 if (operation == TEE_HANDLE_NULL ||
1757 (digest == NULL && digestLen != 0) ||
1758 (signature == NULL && signatureLen != 0))
1759 TEE_Panic(0);
1760
1761 __utee_check_attr_in_annotation(params, paramCount);
1762
1763 if (!operation->key1)
1764 TEE_Panic(0);
1765 if (operation->info.operationClass !=
1766 TEE_OPERATION_ASYMMETRIC_SIGNATURE)
1767 TEE_Panic(0);
1768 if (operation->info.mode != TEE_MODE_VERIFY)
1769 TEE_Panic(0);
1770
1771 __utee_from_attr(ua, params, paramCount);
1772 res = _utee_asymm_verify(operation->state, ua, paramCount, digest,
1773 digestLen, signature, signatureLen);
1774
1775 if (res != TEE_SUCCESS && res != TEE_ERROR_SIGNATURE_INVALID)
1776 TEE_Panic(res);
1777
1778 return res;
1779 }
1780
1781 /* Cryptographic Operations API - Key Derivation Functions */
1782
TEE_DeriveKey(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,TEE_ObjectHandle derivedKey)1783 void TEE_DeriveKey(TEE_OperationHandle operation,
1784 const TEE_Attribute *params, uint32_t paramCount,
1785 TEE_ObjectHandle derivedKey)
1786 {
1787 struct utee_attribute ua[paramCount];
1788 struct utee_object_info key_info = { };
1789 TEE_Result res = TEE_SUCCESS;
1790
1791 if (operation == TEE_HANDLE_NULL || derivedKey == 0)
1792 TEE_Panic(0);
1793
1794 __utee_check_attr_in_annotation(params, paramCount);
1795
1796 if (TEE_ALG_GET_CLASS(operation->info.algorithm) !=
1797 TEE_OPERATION_KEY_DERIVATION)
1798 TEE_Panic(0);
1799
1800 if (operation->info.operationClass != TEE_OPERATION_KEY_DERIVATION)
1801 TEE_Panic(0);
1802 if (!operation->key1)
1803 TEE_Panic(0);
1804 if (operation->info.mode != TEE_MODE_DERIVE)
1805 TEE_Panic(0);
1806 if ((operation->info.handleState & TEE_HANDLE_FLAG_KEY_SET) == 0)
1807 TEE_Panic(0);
1808
1809 res = _utee_cryp_obj_get_info((unsigned long)derivedKey, &key_info);
1810 if (res != TEE_SUCCESS)
1811 TEE_Panic(res);
1812
1813 if (key_info.obj_type != TEE_TYPE_GENERIC_SECRET)
1814 TEE_Panic(0);
1815 if ((key_info.handle_flags & TEE_HANDLE_FLAG_INITIALIZED) != 0)
1816 TEE_Panic(0);
1817
1818 __utee_from_attr(ua, params, paramCount);
1819 res = _utee_cryp_derive_key(operation->state, ua, paramCount,
1820 (unsigned long)derivedKey);
1821 if (res != TEE_SUCCESS)
1822 TEE_Panic(res);
1823 }
1824
1825 /* Cryptographic Operations API - Random Number Generation Functions */
1826
TEE_GenerateRandom(void * randomBuffer,uint32_t randomBufferLen)1827 void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen)
1828 {
1829 TEE_Result res;
1830
1831 res = _utee_cryp_random_number_generate(randomBuffer, randomBufferLen);
1832 if (res != TEE_SUCCESS)
1833 TEE_Panic(res);
1834 }
1835
rand(void)1836 int rand(void)
1837 {
1838 int rc;
1839
1840 TEE_GenerateRandom(&rc, sizeof(rc));
1841
1842 /*
1843 * RAND_MAX is the larges int, INT_MAX which is all bits but the
1844 * highest bit set.
1845 */
1846 return rc & RAND_MAX;
1847 }
1848
TEE_IsAlgorithmSupported(uint32_t alg,uint32_t element)1849 TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element)
1850 {
1851 if (IS_ENABLED(CFG_CRYPTO_AES)) {
1852 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
1853 if (alg == TEE_ALG_AES_ECB_NOPAD)
1854 goto check_element_none;
1855 }
1856 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
1857 if (alg == TEE_ALG_AES_CBC_NOPAD)
1858 goto check_element_none;
1859 }
1860 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
1861 if (alg == TEE_ALG_AES_CTR)
1862 goto check_element_none;
1863 }
1864 if (IS_ENABLED(CFG_CRYPTO_CTS)) {
1865 if (alg == TEE_ALG_AES_CTS)
1866 goto check_element_none;
1867 }
1868 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
1869 if (alg == TEE_ALG_AES_XTS)
1870 goto check_element_none;
1871 }
1872 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
1873 if (alg == TEE_ALG_AES_CBC_MAC_NOPAD ||
1874 alg == TEE_ALG_AES_CBC_MAC_PKCS5)
1875 goto check_element_none;
1876 }
1877 if (IS_ENABLED(CFG_CRYPTO_CMAC)) {
1878 if (alg == TEE_ALG_AES_CMAC)
1879 goto check_element_none;
1880 }
1881 if (IS_ENABLED(CFG_CRYPTO_CCM)) {
1882 if (alg == TEE_ALG_AES_CCM)
1883 goto check_element_none;
1884 }
1885 if (IS_ENABLED(CFG_CRYPTO_GCM)) {
1886 if (alg == TEE_ALG_AES_GCM)
1887 goto check_element_none;
1888 }
1889 }
1890 if (IS_ENABLED(CFG_CRYPTO_DES)) {
1891 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
1892 if (alg == TEE_ALG_DES_ECB_NOPAD ||
1893 alg == TEE_ALG_DES3_ECB_NOPAD)
1894 goto check_element_none;
1895 }
1896 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
1897 if (alg == TEE_ALG_DES_CBC_NOPAD ||
1898 alg == TEE_ALG_DES3_CBC_NOPAD)
1899 goto check_element_none;
1900 }
1901 if (IS_ENABLED(CFG_CRYPTO_CBC_MAC)) {
1902 if (alg == TEE_ALG_DES_CBC_MAC_NOPAD ||
1903 alg == TEE_ALG_DES_CBC_MAC_PKCS5 ||
1904 alg == TEE_ALG_DES3_CBC_MAC_NOPAD ||
1905 alg == TEE_ALG_DES3_CBC_MAC_PKCS5)
1906 goto check_element_none;
1907 }
1908 }
1909 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
1910 if (alg == TEE_ALG_MD5)
1911 goto check_element_none;
1912 }
1913 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
1914 if (alg == TEE_ALG_SHA1)
1915 goto check_element_none;
1916 }
1917 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
1918 if (alg == TEE_ALG_SHA224)
1919 goto check_element_none;
1920 }
1921 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
1922 if (alg == TEE_ALG_SHA256)
1923 goto check_element_none;
1924 }
1925 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
1926 if (alg == TEE_ALG_SHA384)
1927 goto check_element_none;
1928 }
1929 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
1930 if (alg == TEE_ALG_SHA512)
1931 goto check_element_none;
1932 }
1933 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
1934 if (alg == TEE_ALG_MD5SHA1)
1935 goto check_element_none;
1936 }
1937 if (IS_ENABLED(CFG_CRYPTO_HMAC)) {
1938 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
1939 if (alg == TEE_ALG_HMAC_MD5)
1940 goto check_element_none;
1941 }
1942 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
1943 if (alg == TEE_ALG_HMAC_SHA1)
1944 goto check_element_none;
1945 }
1946 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
1947 if (alg == TEE_ALG_HMAC_SHA224)
1948 goto check_element_none;
1949 }
1950 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
1951 if (alg == TEE_ALG_HMAC_SHA256)
1952 goto check_element_none;
1953 }
1954 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
1955 if (alg == TEE_ALG_HMAC_SHA384)
1956 goto check_element_none;
1957 }
1958 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
1959 if (alg == TEE_ALG_HMAC_SHA512)
1960 goto check_element_none;
1961 }
1962 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
1963 if (alg == TEE_ALG_HMAC_SM3)
1964 goto check_element_none;
1965 }
1966 }
1967 if (IS_ENABLED(CFG_CRYPTO_SM3)) {
1968 if (alg == TEE_ALG_SM3)
1969 goto check_element_none;
1970 }
1971 if (IS_ENABLED(CFG_CRYPTO_SM4)) {
1972 if (IS_ENABLED(CFG_CRYPTO_ECB)) {
1973 if (alg == TEE_ALG_SM4_ECB_NOPAD)
1974 goto check_element_none;
1975 }
1976 if (IS_ENABLED(CFG_CRYPTO_CBC)) {
1977 if (alg == TEE_ALG_SM4_CBC_NOPAD)
1978 goto check_element_none;
1979 }
1980 if (IS_ENABLED(CFG_CRYPTO_CTR)) {
1981 if (alg == TEE_ALG_SM4_CTR)
1982 goto check_element_none;
1983 }
1984 if (IS_ENABLED(CFG_CRYPTO_XTS)) {
1985 if (alg == TEE_ALG_SM4_XTS)
1986 goto check_element_none;
1987 }
1988 }
1989 if (IS_ENABLED(CFG_CRYPTO_RSA)) {
1990 if (IS_ENABLED(CFG_CRYPTO_MD5)) {
1991 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5)
1992 goto check_element_none;
1993 }
1994 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
1995 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA1 ||
1996 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 ||
1997 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1)
1998 goto check_element_none;
1999 }
2000 if (IS_ENABLED(CFG_CRYPTO_MD5) && IS_ENABLED(CFG_CRYPTO_SHA1)) {
2001 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_MD5SHA1)
2002 goto check_element_none;
2003 }
2004 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2005 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA224 ||
2006 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 ||
2007 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224)
2008 goto check_element_none;
2009 }
2010 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2011 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 ||
2012 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 ||
2013 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256)
2014 goto check_element_none;
2015 }
2016 if (IS_ENABLED(CFG_CRYPTO_SHA384)) {
2017 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA384 ||
2018 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 ||
2019 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384)
2020 goto check_element_none;
2021 }
2022 if (IS_ENABLED(CFG_CRYPTO_SHA512)) {
2023 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5_SHA512 ||
2024 alg == TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512 ||
2025 alg == TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512)
2026 goto check_element_none;
2027 }
2028 if (IS_ENABLED(CFG_CRYPTO_RSASSA_NA1)) {
2029 if (alg == TEE_ALG_RSASSA_PKCS1_V1_5)
2030 goto check_element_none;
2031 }
2032 if (alg == TEE_ALG_RSA_NOPAD)
2033 goto check_element_none;
2034 }
2035 if (IS_ENABLED(CFG_CRYPTO_DSA)) {
2036 if (IS_ENABLED(CFG_CRYPTO_SHA1)) {
2037 if (alg == TEE_ALG_DSA_SHA1)
2038 goto check_element_none;
2039 }
2040 if (IS_ENABLED(CFG_CRYPTO_SHA224)) {
2041 if (alg == TEE_ALG_DSA_SHA224)
2042 goto check_element_none;
2043 }
2044 if (IS_ENABLED(CFG_CRYPTO_SHA256)) {
2045 if (alg == TEE_ALG_DSA_SHA256)
2046 goto check_element_none;
2047 }
2048 }
2049 if (IS_ENABLED(CFG_CRYPTO_DH)) {
2050 if (alg == TEE_ALG_DH_DERIVE_SHARED_SECRET)
2051 goto check_element_none;
2052 }
2053 if (IS_ENABLED(CFG_CRYPTO_ECC)) {
2054 if ((alg == TEE_ALG_ECDH_P192 || alg == TEE_ALG_ECDSA_P192) &&
2055 element == TEE_ECC_CURVE_NIST_P192)
2056 return TEE_SUCCESS;
2057 if ((alg == TEE_ALG_ECDH_P224 || alg == TEE_ALG_ECDSA_P224) &&
2058 element == TEE_ECC_CURVE_NIST_P224)
2059 return TEE_SUCCESS;
2060 if ((alg == TEE_ALG_ECDH_P256 || alg == TEE_ALG_ECDSA_P256) &&
2061 element == TEE_ECC_CURVE_NIST_P256)
2062 return TEE_SUCCESS;
2063 if ((alg == TEE_ALG_ECDH_P384 || alg == TEE_ALG_ECDSA_P384) &&
2064 element == TEE_ECC_CURVE_NIST_P384)
2065 return TEE_SUCCESS;
2066 if ((alg == TEE_ALG_ECDH_P521 || alg == TEE_ALG_ECDSA_P521) &&
2067 element == TEE_ECC_CURVE_NIST_P521)
2068 return TEE_SUCCESS;
2069 }
2070 if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) {
2071 if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2)
2072 return TEE_SUCCESS;
2073 }
2074 if (IS_ENABLED(CFG_CRYPTO_SM2_KEP)) {
2075 if (alg == TEE_ALG_SM2_KEP && element == TEE_ECC_CURVE_SM2)
2076 return TEE_SUCCESS;
2077 }
2078 if (IS_ENABLED(CFG_CRYPTO_SM2_PKE)) {
2079 if (alg == TEE_ALG_SM2_PKE && element == TEE_ECC_CURVE_SM2)
2080 return TEE_SUCCESS;
2081 }
2082 if (IS_ENABLED(CFG_CRYPTO_X25519)) {
2083 if (alg == TEE_ALG_X25519 && element == TEE_ECC_CURVE_25519)
2084 return TEE_SUCCESS;
2085 }
2086 if (IS_ENABLED(CFG_CRYPTO_ED25519)) {
2087 if (alg == TEE_ALG_ED25519 && element == TEE_ECC_CURVE_25519)
2088 return TEE_SUCCESS;
2089 }
2090
2091 return TEE_ERROR_NOT_SUPPORTED;
2092 check_element_none:
2093 if (element == TEE_CRYPTO_ELEMENT_NONE)
2094 return TEE_SUCCESS;
2095 return TEE_ERROR_NOT_SUPPORTED;
2096 }
2097