1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright 2018-2020 NXP
4 *
5 * Crypto RSA interface implementation to enable HW driver.
6 */
7 #include <crypto/crypto.h>
8 #include <crypto/crypto_impl.h>
9 #include <drvcrypt.h>
10 #include <fault_mitigation.h>
11 #include <tee_api_defines_extensions.h>
12 #include <tee/tee_cryp_utl.h>
13 #include <utee_defines.h>
14
15 #include "local.h"
16
crypto_acipher_alloc_rsa_keypair(struct rsa_keypair * key,size_t size_bits)17 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *key,
18 size_t size_bits)
19 {
20 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
21
22 struct drvcrypt_rsa *rsa = NULL;
23
24 if (!key || !size_bits) {
25 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
26 size_bits);
27 return TEE_ERROR_BAD_PARAMETERS;
28 }
29
30 rsa = drvcrypt_get_ops(CRYPTO_RSA);
31 if (rsa)
32 ret = rsa->alloc_keypair(key, size_bits);
33
34 CRYPTO_TRACE("RSA Keypair (%zu bits) alloc ret = 0x%" PRIx32, size_bits,
35 ret);
36 return ret;
37 }
38
crypto_acipher_alloc_rsa_public_key(struct rsa_public_key * key,size_t size_bits)39 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *key,
40 size_t size_bits)
41 {
42 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
43 struct drvcrypt_rsa *rsa = NULL;
44
45 if (!key || !size_bits) {
46 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
47 size_bits);
48 return TEE_ERROR_BAD_PARAMETERS;
49 }
50
51 rsa = drvcrypt_get_ops(CRYPTO_RSA);
52 if (rsa)
53 ret = rsa->alloc_publickey(key, size_bits);
54
55 CRYPTO_TRACE("RSA Public Key (%zu bits) alloc ret = 0x%" PRIx32,
56 size_bits, ret);
57 return ret;
58 }
59
crypto_acipher_free_rsa_public_key(struct rsa_public_key * key)60 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *key)
61 {
62 struct drvcrypt_rsa *rsa = NULL;
63
64 if (key) {
65 rsa = drvcrypt_get_ops(CRYPTO_RSA);
66 if (rsa) {
67 CRYPTO_TRACE("RSA Public Key free");
68 rsa->free_publickey(key);
69 }
70 }
71 }
72
crypto_acipher_free_rsa_keypair(struct rsa_keypair * key)73 void crypto_acipher_free_rsa_keypair(struct rsa_keypair *key)
74 {
75 struct drvcrypt_rsa *rsa = NULL;
76
77 if (key) {
78 rsa = drvcrypt_get_ops(CRYPTO_RSA);
79 if (rsa) {
80 CRYPTO_TRACE("RSA Keypair free");
81 rsa->free_keypair(key);
82 }
83 }
84 }
85
crypto_acipher_gen_rsa_key(struct rsa_keypair * key,size_t size_bits)86 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t size_bits)
87 {
88 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
89 struct drvcrypt_rsa *rsa = NULL;
90
91 if (!key || !size_bits) {
92 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits) ",
93 key, size_bits);
94 return TEE_ERROR_BAD_PARAMETERS;
95 }
96
97 rsa = drvcrypt_get_ops(CRYPTO_RSA);
98 if (rsa)
99 ret = rsa->gen_keypair(key, size_bits);
100
101 CRYPTO_TRACE("RSA Keypair (%zu bits) generate ret = 0x%" PRIx32,
102 size_bits, ret);
103
104 return ret;
105 }
106
crypto_acipher_rsanopad_decrypt(struct rsa_keypair * key,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)107 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key,
108 const uint8_t *cipher,
109 size_t cipher_len, uint8_t *msg,
110 size_t *msg_len)
111 {
112 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
113 struct drvcrypt_rsa *rsa = NULL;
114 struct drvcrypt_rsa_ed rsa_data = { };
115
116 if (!key || !msg || !cipher || !msg_len) {
117 CRYPTO_TRACE("Parameters error (key @%p)\n"
118 "(msg @%p size %zu bytes)\n"
119 "(cipher @0%p size %zu bytes)",
120 key, msg, msg_len ? *msg_len : 0,
121 cipher, cipher_len);
122 return TEE_ERROR_BAD_PARAMETERS;
123 }
124
125 rsa_data.key.key = key;
126 rsa_data.key.isprivate = true;
127 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
128
129 rsa = drvcrypt_get_ops(CRYPTO_RSA);
130 if (rsa) {
131 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
132 rsa_data.message.data = msg;
133 rsa_data.message.length = *msg_len;
134 rsa_data.cipher.data = (uint8_t *)cipher;
135 rsa_data.cipher.length = cipher_len;
136
137 ret = rsa->decrypt(&rsa_data);
138
139 *msg_len = rsa_data.message.length;
140 }
141
142 CRYPTO_TRACE("RSA Decrypt NO PAD ret = 0x%" PRIx32, ret);
143
144 return ret;
145 }
146
crypto_acipher_rsanopad_encrypt(struct rsa_public_key * key,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)147 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key,
148 const uint8_t *msg, size_t msg_len,
149 uint8_t *cipher, size_t *cipher_len)
150 {
151 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
152 struct drvcrypt_rsa *rsa = NULL;
153 struct drvcrypt_rsa_ed rsa_data = { };
154
155 if (!key || !msg || !cipher_len) {
156 CRYPTO_TRACE("Parameters error (key @%p)\n"
157 "(msg @%p size %zu bytes)\n"
158 "(cipher @%p size %zu bytes)",
159 key, msg, msg_len,
160 cipher, cipher_len ? *cipher_len : 0);
161 return TEE_ERROR_BAD_PARAMETERS;
162 }
163
164 rsa_data.key.key = key;
165 rsa_data.key.isprivate = false;
166 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
167
168 if (rsa_data.key.n_size > *cipher_len) {
169 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
170 *cipher_len, rsa_data.key.n_size);
171 *cipher_len = rsa_data.key.n_size;
172 return TEE_ERROR_SHORT_BUFFER;
173 }
174
175 if (!cipher) {
176 CRYPTO_TRACE("Parameter \"cipher\" reference error");
177 return TEE_ERROR_BAD_PARAMETERS;
178 }
179
180 rsa = drvcrypt_get_ops(CRYPTO_RSA);
181 if (rsa) {
182 /* Prepare the encryption data parameters */
183 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
184 rsa_data.message.data = (uint8_t *)msg;
185 rsa_data.message.length = msg_len;
186 rsa_data.cipher.data = cipher;
187 rsa_data.cipher.length = *cipher_len;
188
189 ret = rsa->encrypt(&rsa_data);
190
191 /* Set the cipher size */
192 *cipher_len = rsa_data.cipher.length;
193 }
194
195 CRYPTO_TRACE("RSA Encrypt NO PAD ret = 0x%" PRIx32, ret);
196
197 return ret;
198 }
199
crypto_acipher_rsaes_decrypt(uint32_t algo,struct rsa_keypair * key,const uint8_t * label,size_t label_len,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)200 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key,
201 const uint8_t *label, size_t label_len,
202 const uint8_t *cipher,
203 size_t cipher_len, uint8_t *msg,
204 size_t *msg_len)
205 {
206 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
207 struct drvcrypt_rsa *rsa = NULL;
208 struct drvcrypt_rsa_ed rsa_data = { };
209
210 if (!key || !msg || !cipher || !msg_len || (!label && label_len)) {
211 CRYPTO_TRACE("Parameters error (key @%p)\n"
212 "(msg @%p size %zu bytes)\n"
213 "(cipher @%p size %zu bytes)\n"
214 "(label @%p size %zu bytes)",
215 key, msg, msg_len ? *msg_len : 0,
216 cipher, cipher_len, label, label_len);
217 return TEE_ERROR_BAD_PARAMETERS;
218 }
219
220 rsa = drvcrypt_get_ops(CRYPTO_RSA);
221 if (rsa) {
222 /* Prepare the encryption data parameters */
223 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
224 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
225 } else {
226 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
227 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
228
229 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
230 &rsa_data.digest_size);
231 if (ret != TEE_SUCCESS)
232 return ret;
233
234 rsa_data.mgf = &drvcrypt_rsa_mgf1;
235 }
236
237 rsa_data.key.key = key;
238 rsa_data.key.isprivate = true;
239 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
240
241 rsa_data.message.data = msg;
242 rsa_data.message.length = *msg_len;
243 rsa_data.cipher.data = (uint8_t *)cipher;
244 rsa_data.cipher.length = cipher_len;
245 rsa_data.label.data =
246 ((label_len > 0) ? (uint8_t *)label : NULL);
247 rsa_data.label.length = label_len;
248 rsa_data.algo = algo;
249
250 ret = rsa->decrypt(&rsa_data);
251
252 /* Set the message size */
253 *msg_len = rsa_data.message.length;
254 }
255
256 CRYPTO_TRACE("RSAES Decrypt ret = 0x%" PRIx32, ret);
257
258 return ret;
259 }
260
crypto_acipher_rsaes_encrypt(uint32_t algo,struct rsa_public_key * key,const uint8_t * label,size_t label_len,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)261 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo,
262 struct rsa_public_key *key,
263 const uint8_t *label, size_t label_len,
264 const uint8_t *msg, size_t msg_len,
265 uint8_t *cipher, size_t *cipher_len)
266 {
267 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
268 struct drvcrypt_rsa *rsa = NULL;
269 struct drvcrypt_rsa_ed rsa_data = { };
270
271 if (!key || !msg || !cipher_len || (!label && label_len)) {
272 CRYPTO_TRACE("Parameters error (key @%p\n"
273 "(msg @%p size %zu bytes)\n"
274 "(cipher @%p size %zu bytes)\n"
275 "(label @%p size %zu bytes)",
276 key, msg, msg_len,
277 cipher, cipher_len ? *cipher_len : 0,
278 label, label_len);
279 return TEE_ERROR_BAD_PARAMETERS;
280 }
281
282 rsa_data.key.key = key;
283 rsa_data.key.isprivate = false;
284 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
285
286 if (rsa_data.key.n_size > *cipher_len) {
287 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
288 *cipher_len, rsa_data.key.n_size);
289 *cipher_len = rsa_data.key.n_size;
290 return TEE_ERROR_SHORT_BUFFER;
291 }
292
293 if (!cipher) {
294 CRYPTO_TRACE("Parameter \"cipher\" reference error");
295 return TEE_ERROR_BAD_PARAMETERS;
296 }
297
298 rsa = drvcrypt_get_ops(CRYPTO_RSA);
299 if (rsa) {
300 /* Prepare the encryption data parameters */
301 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
302 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
303
304 /* Message length <= (modulus_size - 11) */
305 if (msg_len > rsa_data.key.n_size - 11)
306 return TEE_ERROR_BAD_PARAMETERS;
307
308 } else {
309 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
310 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
311
312 /* Message length <= (modulus_size - 2 * hLength - 2) */
313 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
314 &rsa_data.digest_size);
315 if (ret != TEE_SUCCESS)
316 return ret;
317
318 if (2 * rsa_data.digest_size >= rsa_data.key.n_size - 2)
319 return TEE_ERROR_BAD_PARAMETERS;
320
321 if (msg_len >
322 rsa_data.key.n_size - 2 * rsa_data.digest_size - 2)
323 return TEE_ERROR_BAD_PARAMETERS;
324
325 rsa_data.mgf = &drvcrypt_rsa_mgf1;
326 }
327
328 rsa_data.message.data = (uint8_t *)msg;
329 rsa_data.message.length = msg_len;
330 rsa_data.cipher.data = cipher;
331 rsa_data.cipher.length = rsa_data.key.n_size;
332 rsa_data.label.data = (label_len > 0) ? (uint8_t *)label : NULL;
333 rsa_data.label.length = label_len;
334 rsa_data.algo = algo;
335
336 ret = rsa->encrypt(&rsa_data);
337
338 /* Set the cipher size */
339 *cipher_len = rsa_data.cipher.length;
340 }
341
342 CRYPTO_TRACE("RSAES Encrypt ret = 0x%" PRIx32, ret);
343
344 return ret;
345 }
346
crypto_acipher_rsassa_sign(uint32_t algo,struct rsa_keypair * key,int salt_len,const uint8_t * msg,size_t msg_len,uint8_t * sig,size_t * sig_len)347 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key,
348 int salt_len, const uint8_t *msg,
349 size_t msg_len, uint8_t *sig,
350 size_t *sig_len)
351 {
352 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
353 struct drvcrypt_rsa *rsa = NULL;
354 struct drvcrypt_rsa_ssa rsa_ssa = { };
355
356 if (!key || !msg || !sig_len) {
357 CRYPTO_TRACE("Input parameters reference error");
358 return ret;
359 }
360
361 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
362 /* Prepare the Digest */
363 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
364
365 /* Check if the message length is digest hash size */
366 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
367 &rsa_ssa.digest_size);
368 if (ret != TEE_SUCCESS)
369 return ret;
370
371 if (msg_len != rsa_ssa.digest_size) {
372 CRYPTO_TRACE("Msg length (%zu expected %zu)", msg_len,
373 rsa_ssa.digest_size);
374 return TEE_ERROR_BAD_PARAMETERS;
375 }
376 } else {
377 rsa_ssa.hash_algo = 0;
378 rsa_ssa.digest_size = 0;
379 }
380
381 /* Prepare the Key */
382 rsa_ssa.key.key = key;
383 rsa_ssa.key.isprivate = true;
384 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
385
386 if (rsa_ssa.key.n_size > *sig_len) {
387 CRYPTO_TRACE("Sign length (%zu) too short must be %zu bytes",
388 *sig_len, rsa_ssa.key.n_size);
389 *sig_len = rsa_ssa.key.n_size;
390 return TEE_ERROR_SHORT_BUFFER;
391 }
392
393 if (!sig) {
394 CRYPTO_TRACE("Parameter \"sig\" reference error");
395 return TEE_ERROR_BAD_PARAMETERS;
396 }
397
398 rsa = drvcrypt_get_ops(CRYPTO_RSA);
399 if (rsa) {
400 /* Prepare the Encoded Signature structure data */
401 rsa_ssa.algo = algo;
402 rsa_ssa.message.data = (uint8_t *)msg;
403 rsa_ssa.message.length = msg_len;
404 rsa_ssa.signature.data = (uint8_t *)sig;
405 rsa_ssa.signature.length = rsa_ssa.key.n_size;
406 rsa_ssa.salt_len = salt_len;
407 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
408
409 ret = TEE_ERROR_NOT_IMPLEMENTED;
410 if (rsa->optional.ssa_sign)
411 ret = rsa->optional.ssa_sign(&rsa_ssa);
412
413 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
414 ret = drvcrypt_rsassa_sign(&rsa_ssa);
415
416 /* Set the signature length */
417 *sig_len = rsa_ssa.signature.length;
418 } else {
419 ret = TEE_ERROR_NOT_IMPLEMENTED;
420 }
421
422 CRYPTO_TRACE("Encode signature algo (0x%" PRIx32
423 ") returned 0x%" PRIx32,
424 algo, ret);
425 return ret;
426 }
427
crypto_acipher_rsassa_verify(uint32_t algo,struct rsa_public_key * key,int salt_len,const uint8_t * msg,size_t msg_len,const uint8_t * sig,size_t sig_len)428 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo,
429 struct rsa_public_key *key,
430 int salt_len, const uint8_t *msg,
431 size_t msg_len, const uint8_t *sig,
432 size_t sig_len)
433 {
434 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
435 struct drvcrypt_rsa *rsa = NULL;
436 struct drvcrypt_rsa_ssa rsa_ssa = { };
437
438 if (!key || !msg || !sig) {
439 CRYPTO_TRACE("Input parameters reference error");
440 goto out;
441 }
442
443 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
444 /* Prepare the Digest */
445 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
446
447 /* Check if the message length is digest hash size */
448 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
449 &rsa_ssa.digest_size);
450 if (ret != TEE_SUCCESS)
451 goto out;
452
453 if (msg_len != rsa_ssa.digest_size) {
454 CRYPTO_TRACE("Input msg length (%zu expected %zu)",
455 msg_len, rsa_ssa.digest_size);
456 ret = TEE_ERROR_BAD_PARAMETERS;
457 goto out;
458 }
459 } else {
460 rsa_ssa.hash_algo = 0;
461 rsa_ssa.digest_size = 0;
462 }
463
464 /* Prepare the Key */
465 rsa_ssa.key.key = key;
466 rsa_ssa.key.isprivate = false;
467 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
468
469 if (rsa_ssa.key.n_size > sig_len) {
470 CRYPTO_TRACE("Signature length expected %zu",
471 rsa_ssa.key.n_size);
472 ret = TEE_ERROR_SIGNATURE_INVALID;
473 goto out;
474 }
475
476 rsa = drvcrypt_get_ops(CRYPTO_RSA);
477 if (rsa) {
478 /* Prepare the Encoded Signature structure data */
479 rsa_ssa.algo = algo;
480 rsa_ssa.message.data = (uint8_t *)msg;
481 rsa_ssa.message.length = msg_len;
482 rsa_ssa.signature.data = (uint8_t *)sig;
483 rsa_ssa.signature.length = sig_len;
484 rsa_ssa.salt_len = salt_len;
485 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
486
487 ret = TEE_ERROR_NOT_IMPLEMENTED;
488 if (rsa->optional.ssa_verify)
489 ret = rsa->optional.ssa_verify(&rsa_ssa);
490
491 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
492 ret = drvcrypt_rsassa_verify(&rsa_ssa);
493
494 } else {
495 ret = TEE_ERROR_NOT_IMPLEMENTED;
496 }
497
498 CRYPTO_TRACE("Signature verif algo (0x%" PRIx32 ") returned 0x%" PRIx32,
499 algo, ret);
500
501 out:
502 FTMN_CALLEE_DONE(ret);
503 return ret;
504 }
505