1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright 2018-2020 NXP
4 *
5 * Crypto RSA interface implementation to enable HW driver.
6 */
7 #include <crypto/crypto.h>
8 #include <crypto/crypto_impl.h>
9 #include <drvcrypt.h>
10 #include <fault_mitigation.h>
11 #include <tee_api_defines_extensions.h>
12 #include <tee/tee_cryp_utl.h>
13 #include <utee_defines.h>
14
15 #include "local.h"
16
crypto_acipher_alloc_rsa_keypair(struct rsa_keypair * key,size_t size_bits)17 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *key,
18 size_t size_bits)
19 {
20 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
21
22 struct drvcrypt_rsa *rsa = NULL;
23
24 if (!key || !size_bits) {
25 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
26 size_bits);
27 return TEE_ERROR_BAD_PARAMETERS;
28 }
29
30 rsa = drvcrypt_get_ops(CRYPTO_RSA);
31 if (rsa)
32 ret = rsa->alloc_keypair(key, size_bits);
33
34 CRYPTO_TRACE("RSA Keypair (%zu bits) alloc ret = 0x%" PRIx32, size_bits,
35 ret);
36 return ret;
37 }
38
crypto_acipher_alloc_rsa_public_key(struct rsa_public_key * key,size_t size_bits)39 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *key,
40 size_t size_bits)
41 {
42 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
43 struct drvcrypt_rsa *rsa = NULL;
44
45 if (!key || !size_bits) {
46 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
47 size_bits);
48 return TEE_ERROR_BAD_PARAMETERS;
49 }
50
51 rsa = drvcrypt_get_ops(CRYPTO_RSA);
52 if (rsa)
53 ret = rsa->alloc_publickey(key, size_bits);
54
55 CRYPTO_TRACE("RSA Public Key (%zu bits) alloc ret = 0x%" PRIx32,
56 size_bits, ret);
57 return ret;
58 }
59
crypto_acipher_free_rsa_public_key(struct rsa_public_key * key)60 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *key)
61 {
62 struct drvcrypt_rsa *rsa = NULL;
63
64 if (key) {
65 rsa = drvcrypt_get_ops(CRYPTO_RSA);
66 if (rsa) {
67 CRYPTO_TRACE("RSA Public Key free");
68 rsa->free_publickey(key);
69 }
70 }
71 }
72
crypto_acipher_free_rsa_keypair(struct rsa_keypair * key)73 void crypto_acipher_free_rsa_keypair(struct rsa_keypair *key)
74 {
75 struct drvcrypt_rsa *rsa = NULL;
76
77 if (key) {
78 rsa = drvcrypt_get_ops(CRYPTO_RSA);
79 if (rsa) {
80 CRYPTO_TRACE("RSA Keypair free");
81 rsa->free_keypair(key);
82 }
83 }
84 }
85
crypto_acipher_gen_rsa_key(struct rsa_keypair * key,size_t size_bits)86 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t size_bits)
87 {
88 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
89 struct drvcrypt_rsa *rsa = NULL;
90
91 if (!key || !size_bits) {
92 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits) ",
93 key, size_bits);
94 return TEE_ERROR_BAD_PARAMETERS;
95 }
96
97 rsa = drvcrypt_get_ops(CRYPTO_RSA);
98 if (rsa)
99 ret = rsa->gen_keypair(key, size_bits);
100
101 CRYPTO_TRACE("RSA Keypair (%zu bits) generate ret = 0x%" PRIx32,
102 size_bits, ret);
103
104 return ret;
105 }
106
crypto_acipher_rsanopad_decrypt(struct rsa_keypair * key,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)107 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key,
108 const uint8_t *cipher,
109 size_t cipher_len, uint8_t *msg,
110 size_t *msg_len)
111 {
112 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
113 struct drvcrypt_rsa *rsa = NULL;
114 struct drvcrypt_rsa_ed rsa_data = { };
115
116 if (!key || !msg || !cipher || !msg_len) {
117 CRYPTO_TRACE("Parameters error (key @%p)\n"
118 "(msg @%p size %zu bytes)\n"
119 "(cipher @0%p size %zu bytes)",
120 key, msg, msg_len ? *msg_len : 0,
121 cipher, cipher_len);
122 return TEE_ERROR_BAD_PARAMETERS;
123 }
124
125 rsa_data.key.key = key;
126 rsa_data.key.isprivate = true;
127 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
128
129 rsa = drvcrypt_get_ops(CRYPTO_RSA);
130 if (rsa) {
131 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
132 rsa_data.message.data = msg;
133 rsa_data.message.length = *msg_len;
134 rsa_data.cipher.data = (uint8_t *)cipher;
135 rsa_data.cipher.length = cipher_len;
136
137 ret = rsa->decrypt(&rsa_data);
138
139 *msg_len = rsa_data.message.length;
140 }
141
142 CRYPTO_TRACE("RSA Decrypt NO PAD ret = 0x%" PRIx32, ret);
143
144 return ret;
145 }
146
crypto_acipher_rsanopad_encrypt(struct rsa_public_key * key,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)147 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key,
148 const uint8_t *msg, size_t msg_len,
149 uint8_t *cipher, size_t *cipher_len)
150 {
151 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
152 struct drvcrypt_rsa *rsa = NULL;
153 struct drvcrypt_rsa_ed rsa_data = { };
154
155 if (!key || !msg || !cipher_len) {
156 CRYPTO_TRACE("Parameters error (key @%p)\n"
157 "(msg @%p size %zu bytes)\n"
158 "(cipher @%p size %zu bytes)",
159 key, msg, msg_len,
160 cipher, cipher_len ? *cipher_len : 0);
161 return TEE_ERROR_BAD_PARAMETERS;
162 }
163
164 rsa_data.key.key = key;
165 rsa_data.key.isprivate = false;
166 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
167
168 if (rsa_data.key.n_size > *cipher_len) {
169 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
170 *cipher_len, rsa_data.key.n_size);
171 *cipher_len = rsa_data.key.n_size;
172 return TEE_ERROR_SHORT_BUFFER;
173 }
174
175 if (!cipher) {
176 CRYPTO_TRACE("Parameter \"cipher\" reference error");
177 return TEE_ERROR_BAD_PARAMETERS;
178 }
179
180 rsa = drvcrypt_get_ops(CRYPTO_RSA);
181 if (rsa) {
182 /* Prepare the encryption data parameters */
183 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
184 rsa_data.message.data = (uint8_t *)msg;
185 rsa_data.message.length = msg_len;
186 rsa_data.cipher.data = cipher;
187 rsa_data.cipher.length = *cipher_len;
188
189 ret = rsa->encrypt(&rsa_data);
190
191 /* Set the cipher size */
192 *cipher_len = rsa_data.cipher.length;
193 }
194
195 CRYPTO_TRACE("RSA Encrypt NO PAD ret = 0x%" PRIx32, ret);
196
197 return ret;
198 }
199
crypto_acipher_rsaes_decrypt(uint32_t algo,struct rsa_keypair * key,const uint8_t * label,size_t label_len,uint32_t mgf_algo,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)200 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key,
201 const uint8_t *label, size_t label_len,
202 uint32_t mgf_algo,
203 const uint8_t *cipher,
204 size_t cipher_len, uint8_t *msg,
205 size_t *msg_len)
206 {
207 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
208 struct drvcrypt_rsa *rsa = NULL;
209 struct drvcrypt_rsa_ed rsa_data = { };
210
211 if (!key || !msg || !cipher || !msg_len || (!label && label_len)) {
212 CRYPTO_TRACE("Parameters error (key @%p)\n"
213 "(msg @%p size %zu bytes)\n"
214 "(cipher @%p size %zu bytes)\n"
215 "(label @%p size %zu bytes)",
216 key, msg, msg_len ? *msg_len : 0,
217 cipher, cipher_len, label, label_len);
218 return TEE_ERROR_BAD_PARAMETERS;
219 }
220
221 rsa = drvcrypt_get_ops(CRYPTO_RSA);
222 if (rsa) {
223 /* Prepare the encryption data parameters */
224 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
225 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
226 } else {
227 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
228 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
229
230 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
231 &rsa_data.digest_size);
232 if (ret != TEE_SUCCESS)
233 return ret;
234
235 rsa_data.mgf_algo = mgf_algo;
236 ret = tee_alg_get_digest_size(rsa_data.mgf_algo,
237 &rsa_data.mgf_size);
238 if (ret != TEE_SUCCESS)
239 return ret;
240
241 rsa_data.mgf = &drvcrypt_rsa_mgf1;
242 }
243
244 rsa_data.key.key = key;
245 rsa_data.key.isprivate = true;
246 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
247
248 rsa_data.message.data = msg;
249 rsa_data.message.length = *msg_len;
250 rsa_data.cipher.data = (uint8_t *)cipher;
251 rsa_data.cipher.length = cipher_len;
252 rsa_data.label.data =
253 ((label_len > 0) ? (uint8_t *)label : NULL);
254 rsa_data.label.length = label_len;
255 rsa_data.algo = algo;
256
257 ret = rsa->decrypt(&rsa_data);
258
259 /* Set the message size */
260 *msg_len = rsa_data.message.length;
261 }
262
263 CRYPTO_TRACE("RSAES Decrypt ret = 0x%" PRIx32, ret);
264
265 return ret;
266 }
267
crypto_acipher_rsaes_encrypt(uint32_t algo,struct rsa_public_key * key,const uint8_t * label,size_t label_len,uint32_t mgf_algo,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)268 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo,
269 struct rsa_public_key *key,
270 const uint8_t *label, size_t label_len,
271 uint32_t mgf_algo,
272 const uint8_t *msg, size_t msg_len,
273 uint8_t *cipher, size_t *cipher_len)
274 {
275 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
276 struct drvcrypt_rsa *rsa = NULL;
277 struct drvcrypt_rsa_ed rsa_data = { };
278
279 if (!key || !msg || !cipher_len || (!label && label_len)) {
280 CRYPTO_TRACE("Parameters error (key @%p\n"
281 "(msg @%p size %zu bytes)\n"
282 "(cipher @%p size %zu bytes)\n"
283 "(label @%p size %zu bytes)",
284 key, msg, msg_len,
285 cipher, cipher_len ? *cipher_len : 0,
286 label, label_len);
287 return TEE_ERROR_BAD_PARAMETERS;
288 }
289
290 rsa_data.key.key = key;
291 rsa_data.key.isprivate = false;
292 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
293
294 if (rsa_data.key.n_size > *cipher_len) {
295 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
296 *cipher_len, rsa_data.key.n_size);
297 *cipher_len = rsa_data.key.n_size;
298 return TEE_ERROR_SHORT_BUFFER;
299 }
300
301 if (!cipher) {
302 CRYPTO_TRACE("Parameter \"cipher\" reference error");
303 return TEE_ERROR_BAD_PARAMETERS;
304 }
305
306 rsa = drvcrypt_get_ops(CRYPTO_RSA);
307 if (rsa) {
308 /* Prepare the encryption data parameters */
309 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
310 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
311
312 /* Message length <= (modulus_size - 11) */
313 if (msg_len > rsa_data.key.n_size - 11)
314 return TEE_ERROR_BAD_PARAMETERS;
315
316 } else {
317 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
318 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
319
320 /* Message length <= (modulus_size - 2 * hLength - 2) */
321 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
322 &rsa_data.digest_size);
323 if (ret != TEE_SUCCESS)
324 return ret;
325
326 if (2 * rsa_data.digest_size >= rsa_data.key.n_size - 2)
327 return TEE_ERROR_BAD_PARAMETERS;
328
329 if (msg_len >
330 rsa_data.key.n_size - 2 * rsa_data.digest_size - 2)
331 return TEE_ERROR_BAD_PARAMETERS;
332
333 rsa_data.mgf_algo = mgf_algo;
334 ret = tee_alg_get_digest_size(rsa_data.mgf_algo,
335 &rsa_data.mgf_size);
336 if (ret != TEE_SUCCESS)
337 return ret;
338
339 rsa_data.mgf = &drvcrypt_rsa_mgf1;
340 }
341
342 rsa_data.message.data = (uint8_t *)msg;
343 rsa_data.message.length = msg_len;
344 rsa_data.cipher.data = cipher;
345 rsa_data.cipher.length = rsa_data.key.n_size;
346 rsa_data.label.data = (label_len > 0) ? (uint8_t *)label : NULL;
347 rsa_data.label.length = label_len;
348 rsa_data.algo = algo;
349
350 ret = rsa->encrypt(&rsa_data);
351
352 /* Set the cipher size */
353 *cipher_len = rsa_data.cipher.length;
354 }
355
356 CRYPTO_TRACE("RSAES Encrypt ret = 0x%" PRIx32, ret);
357
358 return ret;
359 }
360
crypto_acipher_rsassa_sign(uint32_t algo,struct rsa_keypair * key,int salt_len,const uint8_t * msg,size_t msg_len,uint8_t * sig,size_t * sig_len)361 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key,
362 int salt_len, const uint8_t *msg,
363 size_t msg_len, uint8_t *sig,
364 size_t *sig_len)
365 {
366 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
367 struct drvcrypt_rsa *rsa = NULL;
368 struct drvcrypt_rsa_ssa rsa_ssa = { };
369
370 if (!key || !msg || !sig_len) {
371 CRYPTO_TRACE("Input parameters reference error");
372 return ret;
373 }
374
375 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
376 /* Prepare the Digest */
377 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
378
379 /* Check if the message length is digest hash size */
380 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
381 &rsa_ssa.digest_size);
382 if (ret != TEE_SUCCESS)
383 return ret;
384
385 if (msg_len != rsa_ssa.digest_size) {
386 CRYPTO_TRACE("Msg length (%zu expected %zu)", msg_len,
387 rsa_ssa.digest_size);
388 return TEE_ERROR_BAD_PARAMETERS;
389 }
390 } else {
391 rsa_ssa.hash_algo = 0;
392 rsa_ssa.digest_size = 0;
393 }
394
395 /* Prepare the Key */
396 rsa_ssa.key.key = key;
397 rsa_ssa.key.isprivate = true;
398 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
399
400 if (rsa_ssa.key.n_size > *sig_len) {
401 CRYPTO_TRACE("Sign length (%zu) too short must be %zu bytes",
402 *sig_len, rsa_ssa.key.n_size);
403 *sig_len = rsa_ssa.key.n_size;
404 return TEE_ERROR_SHORT_BUFFER;
405 }
406
407 if (!sig) {
408 CRYPTO_TRACE("Parameter \"sig\" reference error");
409 return TEE_ERROR_BAD_PARAMETERS;
410 }
411
412 rsa = drvcrypt_get_ops(CRYPTO_RSA);
413 if (rsa) {
414 /* Prepare the Encoded Signature structure data */
415 rsa_ssa.algo = algo;
416 rsa_ssa.message.data = (uint8_t *)msg;
417 rsa_ssa.message.length = msg_len;
418 rsa_ssa.signature.data = (uint8_t *)sig;
419 rsa_ssa.signature.length = rsa_ssa.key.n_size;
420 rsa_ssa.salt_len = salt_len;
421 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
422
423 ret = TEE_ERROR_NOT_IMPLEMENTED;
424 if (rsa->optional.ssa_sign)
425 ret = rsa->optional.ssa_sign(&rsa_ssa);
426
427 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
428 ret = drvcrypt_rsassa_sign(&rsa_ssa);
429
430 /* Set the signature length */
431 *sig_len = rsa_ssa.signature.length;
432 } else {
433 ret = TEE_ERROR_NOT_IMPLEMENTED;
434 }
435
436 CRYPTO_TRACE("Encode signature algo (0x%" PRIx32
437 ") returned 0x%" PRIx32,
438 algo, ret);
439 return ret;
440 }
441
crypto_acipher_rsassa_verify(uint32_t algo,struct rsa_public_key * key,int salt_len,const uint8_t * msg,size_t msg_len,const uint8_t * sig,size_t sig_len)442 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo,
443 struct rsa_public_key *key,
444 int salt_len, const uint8_t *msg,
445 size_t msg_len, const uint8_t *sig,
446 size_t sig_len)
447 {
448 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
449 struct drvcrypt_rsa *rsa = NULL;
450 struct drvcrypt_rsa_ssa rsa_ssa = { };
451
452 if (!key || !msg || !sig) {
453 CRYPTO_TRACE("Input parameters reference error");
454 goto out;
455 }
456
457 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
458 /* Prepare the Digest */
459 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
460
461 /* Check if the message length is digest hash size */
462 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
463 &rsa_ssa.digest_size);
464 if (ret != TEE_SUCCESS)
465 goto out;
466
467 if (msg_len != rsa_ssa.digest_size) {
468 CRYPTO_TRACE("Input msg length (%zu expected %zu)",
469 msg_len, rsa_ssa.digest_size);
470 ret = TEE_ERROR_BAD_PARAMETERS;
471 goto out;
472 }
473 } else {
474 rsa_ssa.hash_algo = 0;
475 rsa_ssa.digest_size = 0;
476 }
477
478 /* Prepare the Key */
479 rsa_ssa.key.key = key;
480 rsa_ssa.key.isprivate = false;
481 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
482
483 if (rsa_ssa.key.n_size > sig_len) {
484 CRYPTO_TRACE("Signature length expected %zu",
485 rsa_ssa.key.n_size);
486 ret = TEE_ERROR_SIGNATURE_INVALID;
487 goto out;
488 }
489
490 rsa = drvcrypt_get_ops(CRYPTO_RSA);
491 if (rsa) {
492 /* Prepare the Encoded Signature structure data */
493 rsa_ssa.algo = algo;
494 rsa_ssa.message.data = (uint8_t *)msg;
495 rsa_ssa.message.length = msg_len;
496 rsa_ssa.signature.data = (uint8_t *)sig;
497 rsa_ssa.signature.length = sig_len;
498 rsa_ssa.salt_len = salt_len;
499 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
500
501 ret = TEE_ERROR_NOT_IMPLEMENTED;
502 if (rsa->optional.ssa_verify)
503 ret = rsa->optional.ssa_verify(&rsa_ssa);
504
505 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
506 ret = drvcrypt_rsassa_verify(&rsa_ssa);
507
508 } else {
509 ret = TEE_ERROR_NOT_IMPLEMENTED;
510 }
511
512 CRYPTO_TRACE("Signature verif algo (0x%" PRIx32 ") returned 0x%" PRIx32,
513 algo, ret);
514
515 out:
516 FTMN_CALLEE_DONE(ret);
517 return ret;
518 }
519