1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include "tee_crypto_api.h"
13 #include <string.h>
14 #include <tee_log.h>
15 #include <tee_property_inner.h>
16 #include <tee_object_api.h>
17 #include <crypto_inner_defines.h>
18 #include <crypto_hal_rsa.h>
19 #include <crypto_hal_ec.h>
20 #include <crypto_driver_adaptor.h>
21 #include "tee_operation.h"
22
23 #define ENCRYPT_TYPE 0
24 #define DECRYPT_TYPE 1
25 /* For GP compatible, we add some panic when there is some error, For common use, we need to disable this panic */
26 #ifndef GP_COMPATIBLE
27 #define TEE_Panic(x) \
28 do { \
29 } while (0)
30 #endif
31
32 struct asymmetric_cipher_op_config_s {
33 uint32_t expect_class;
34 uint32_t expect_mode[MAX_MODE_NUM];
35 uint32_t algorithm;
36 };
37
38 static const struct asymmetric_cipher_op_config_s g_asymmetric_cipher_config[] = {
39 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_SM2_PKE },
40 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_V1_5 },
41 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1 },
42 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224 },
43 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256 },
44 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384 },
45 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512 },
46 { TEE_OPERATION_ASYMMETRIC_CIPHER, { TEE_MODE_ENCRYPT, TEE_MODE_DECRYPT }, TEE_ALG_RSA_NOPAD },
47 };
48
asymmetric_cipher_operation_check_config(const TEE_OperationHandle operation,uint32_t type)49 static TEE_Result asymmetric_cipher_operation_check_config(const TEE_OperationHandle operation, uint32_t type)
50 {
51 const struct asymmetric_cipher_op_config_s *config = NULL;
52 uint32_t index;
53
54 for (index = 0; index < ELEM_NUM(g_asymmetric_cipher_config); index++) {
55 if (operation->algorithm == g_asymmetric_cipher_config[index].algorithm) {
56 config = &g_asymmetric_cipher_config[index];
57 break;
58 }
59 }
60
61 bool check = (config == NULL || operation->operationClass != config->expect_class ||
62 type >= ELEM_NUM(config->expect_mode) || operation->mode != config->expect_mode[type]);
63 if (check) {
64 tloge("Invalid param of this operation!\n");
65 return TEE_ERROR_BAD_PARAMETERS;
66 }
67
68 return TEE_SUCCESS;
69 }
70
asymmetric_cipher_operation_state_check(const TEE_OperationHandle operation,uint32_t type)71 static TEE_Result asymmetric_cipher_operation_state_check(const TEE_OperationHandle operation, uint32_t type)
72 {
73 uint32_t api_level = tee_get_ta_api_level();
74 if (api_level >= API_LEVEL1_1_1) {
75 if ((operation->handleState & TEE_HANDLE_FLAG_KEY_SET) != TEE_HANDLE_FLAG_KEY_SET) {
76 tloge("Invalid operation key state for this operation\n");
77 return TEE_ERROR_BAD_STATE;
78 }
79 }
80
81 bool check = (operation->publicKey == NULL && operation->privateKey == NULL);
82 if (check) {
83 tloge("Please setup the key first for this operation\n");
84 return TEE_ERROR_BAD_PARAMETERS;
85 }
86
87 return asymmetric_cipher_operation_check_config(operation, type);
88 }
89
change_digest_mode(struct crypto_attribute_t * tmp_attribute,uint32_t i)90 static void change_digest_mode(struct crypto_attribute_t *tmp_attribute, uint32_t i)
91 {
92 crypto_uint2uint get_rsa_mgf1_hash[] = {
93 { TEE_DH_HASH_SHA1_mode, CRYPTO_TYPE_DIGEST_SHA1 },
94 { TEE_DH_HASH_SHA224_mode, CRYPTO_TYPE_DIGEST_SHA224 },
95 { TEE_DH_HASH_SHA256_mode, CRYPTO_TYPE_DIGEST_SHA256 },
96 { TEE_DH_HASH_SHA384_mode, CRYPTO_TYPE_DIGEST_SHA384 },
97 { TEE_DH_HASH_SHA512_mode, CRYPTO_TYPE_DIGEST_SHA512 },
98 };
99
100 for (uint32_t j = 0; j < ELEM_NUM(get_rsa_mgf1_hash); j++) {
101 if (get_rsa_mgf1_hash[j].src == tmp_attribute[i].content.value.a) {
102 tmp_attribute[i].content.value.a = get_rsa_mgf1_hash[j].dest;
103 return;
104 }
105 }
106 }
107
refresh_attribute_value(struct asymmetric_params_t * rsa_params)108 static void refresh_attribute_value(struct asymmetric_params_t *rsa_params)
109 {
110 if (rsa_params == NULL)
111 return;
112 if (rsa_params->param_count > TEE_PARAM_COUNT_MAX) {
113 tloge("the param_count is too big param_count = %u", rsa_params->param_count);
114 return;
115 }
116
117 struct crypto_attribute_t *tmp_attribute = NULL;
118 tmp_attribute = (struct crypto_attribute_t *)(uintptr_t)(rsa_params->attribute);
119 for (uint32_t i = 0; i < rsa_params->param_count; i++) {
120 if (tmp_attribute[i].attribute_id != CRYPTO_ATTR_RSA_MGF1_HASH)
121 continue;
122 change_digest_mode(tmp_attribute, i);
123 return;
124 }
125 }
126
change_digest_mode_bak(struct crypto_attribute_t * tmp_attribute,uint32_t i)127 static void change_digest_mode_bak(struct crypto_attribute_t *tmp_attribute, uint32_t i)
128 {
129 crypto_uint2uint get_rsa_mgf1_hash[] = {
130 { CRYPTO_TYPE_DIGEST_SHA1, TEE_DH_HASH_SHA1_mode },
131 { CRYPTO_TYPE_DIGEST_SHA224, TEE_DH_HASH_SHA224_mode },
132 { CRYPTO_TYPE_DIGEST_SHA256, TEE_DH_HASH_SHA256_mode },
133 { CRYPTO_TYPE_DIGEST_SHA384, TEE_DH_HASH_SHA384_mode },
134 { CRYPTO_TYPE_DIGEST_SHA512, TEE_DH_HASH_SHA512_mode },
135 };
136
137 for (uint32_t j = 0; j < ELEM_NUM(get_rsa_mgf1_hash); j++) {
138 if (get_rsa_mgf1_hash[j].src == tmp_attribute[i].content.value.a) {
139 tmp_attribute[i].content.value.a = get_rsa_mgf1_hash[j].dest;
140 return;
141 }
142 }
143 }
144
refresh_attribute_value_back(struct asymmetric_params_t * rsa_params)145 static void refresh_attribute_value_back(struct asymmetric_params_t *rsa_params)
146 {
147 if (rsa_params == NULL)
148 return;
149
150 struct crypto_attribute_t *tmp_attribute = NULL;
151 tmp_attribute = (struct crypto_attribute_t *)(uintptr_t)(rsa_params->attribute);
152 for (uint32_t i = 0; i < rsa_params->param_count; i++) {
153 if (tmp_attribute[i].attribute_id != CRYPTO_ATTR_RSA_MGF1_HASH)
154 continue;
155 change_digest_mode_bak(tmp_attribute, i);
156 return;
157 }
158 }
159
rsa_encrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out,uint32_t engine)160 static TEE_Result rsa_encrypt_hal(TEE_OperationHandle operation, struct asymmetric_params_t *extra_params,
161 struct memref_t *data_in, struct memref_t *data_out, uint32_t engine)
162 {
163 refresh_attribute_value(extra_params);
164 int32_t ret = tee_crypto_rsa_encrypt(operation->algorithm,
165 (const struct rsa_pub_key_t *)(operation->publicKey), extra_params, data_in, data_out, engine);
166 refresh_attribute_value_back(extra_params);
167 return change_hal_ret_to_gp(ret);
168 }
169
sm2_encrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out,uint32_t engine)170 static TEE_Result sm2_encrypt_hal(TEE_OperationHandle operation, struct asymmetric_params_t *extra_params,
171 struct memref_t *data_in, struct memref_t *data_out, uint32_t engine)
172 {
173 int32_t ret = tee_crypto_ecc_encrypt(operation->algorithm,
174 (const struct ecc_pub_key_t *)(operation->publicKey), extra_params, data_in, data_out, engine);
175 return change_hal_ret_to_gp(ret);
176 }
177
asymmetric_encrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out)178 static TEE_Result asymmetric_encrypt_hal(TEE_OperationHandle operation,
179 struct asymmetric_params_t *extra_params,
180 struct memref_t *data_in, struct memref_t *data_out)
181 {
182 uint32_t engine = ((crypto_hal_info *)(operation->hal_info))->crypto_flag;
183
184 switch (operation->algorithm) {
185 case TEE_ALG_RSA_NOPAD:
186 case TEE_ALG_RSAES_PKCS1_V1_5:
187 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
188 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
189 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
190 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
191 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
192 return rsa_encrypt_hal(operation, extra_params, data_in, data_out, engine);
193 case TEE_ALG_SM2_PKE:
194 return sm2_encrypt_hal(operation, extra_params, data_in, data_out, engine);
195 default:
196 tloge("the algorithm is not support");
197 break;
198 }
199 return TEE_ERROR_NOT_SUPPORTED;
200 }
201
asymmetric_process_hal(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t param_count,operation_src_dest * data,TEE_Result (* asymmetric_hal_handle_ptr)(TEE_OperationHandle,struct asymmetric_params_t *,struct memref_t *,struct memref_t *))202 static TEE_Result asymmetric_process_hal(TEE_OperationHandle operation, const TEE_Attribute *params,
203 uint32_t param_count, operation_src_dest *data,
204 TEE_Result (* asymmetric_hal_handle_ptr)(TEE_OperationHandle, struct asymmetric_params_t *,
205 struct memref_t *, struct memref_t *))
206 {
207 struct asymmetric_params_t *extra_params = NULL;
208 struct crypto_attribute_t *tmp_attribute = NULL;
209 TEE_Result ret;
210 bool check = (params != NULL && param_count != 0);
211 if (check) {
212 extra_params = TEE_Malloc(sizeof(*extra_params), 0);
213 if (extra_params == NULL) {
214 tloge("malloc extra params failed!");
215 return TEE_ERROR_SECURITY;
216 }
217 tmp_attribute = TEE_Malloc(param_count * sizeof(*tmp_attribute), 0);
218 if (tmp_attribute == NULL) {
219 tloge("malloc tmp attr failed!");
220 TEE_Free(extra_params);
221 return TEE_ERROR_SECURITY;
222 }
223 for (uint32_t i = 0; i < param_count; i++) {
224 tmp_attribute[i].attribute_id = params[i].attributeID;
225 tmp_attribute[i].content.value.a = params[i].content.value.a;
226 tmp_attribute[i].content.value.b = params[i].content.value.b;
227 }
228 extra_params->attribute = (uint64_t)(uintptr_t)tmp_attribute;
229 extra_params->param_count = param_count;
230 }
231
232 struct memref_t data_in = {0};
233 data_in.buffer = (uint64_t)(uintptr_t)(data->src_data);
234 data_in.size = (uint32_t)data->src_len;
235
236 struct memref_t data_out = {0};
237 data_out.buffer = (uint64_t)(uintptr_t)(data->dest_data);
238 data_out.size = (uint32_t)(*(data->dest_len));
239
240 ret = asymmetric_hal_handle_ptr(operation, extra_params, &data_in, &data_out);
241 TEE_Free(extra_params);
242 extra_params = NULL;
243 TEE_Free(tmp_attribute);
244 tmp_attribute = NULL;
245 if (ret != TEE_SUCCESS) {
246 tloge("asymmetric failed, ret is 0x%x", ret);
247 return ret;
248 }
249 *(data->dest_len) = (size_t)data_out.size;
250 return TEE_SUCCESS;
251 }
252
TEE_AsymmetricEncrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,void * srcData,size_t srcLen,void * destData,size_t * destLen)253 TEE_Result TEE_AsymmetricEncrypt(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount,
254 void *srcData, size_t srcLen, void *destData, size_t *destLen)
255 {
256 bool check = (operation == NULL || srcData == NULL || srcLen == 0 || destData == NULL || destLen == NULL ||
257 *destLen == 0 || (check_operation((const TEE_OperationHandle)operation) != TEE_SUCCESS));
258 if (check) {
259 tloge("bad params");
260 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
261 return TEE_ERROR_BAD_PARAMETERS;
262 }
263 if (*destLen < srcLen) {
264 tloge("Output buffer is too short\n");
265 return TEE_ERROR_SHORT_BUFFER;
266 }
267
268 if (paramCount > MAX_EXTRA_PARAM_COUNT) {
269 tloge("param count is invalid");
270 return TEE_ERROR_BAD_PARAMETERS;
271 }
272
273 if (crypto_lock_operation(operation) != TEE_SUCCESS)
274 return TEE_ERROR_GENERIC;
275
276 TEE_Result ret = asymmetric_cipher_operation_state_check((const TEE_OperationHandle)operation, ENCRYPT_TYPE);
277 if (ret != TEE_SUCCESS) {
278 crypto_unlock_operation(operation);
279 TEE_Panic(ret);
280 return ret;
281 }
282
283 operation_src_dest src_dest_param = { 0 };
284 fill_src_dest_param(&src_dest_param, srcData, srcLen, destData, destLen);
285 ret = asymmetric_process_hal(operation, params, paramCount, &src_dest_param, asymmetric_encrypt_hal);
286 crypto_unlock_operation(operation);
287 if (ret != TEE_SUCCESS) {
288 if (ret != TEE_ERROR_SHORT_BUFFER)
289 TEE_Panic(ret);
290 }
291 return ret;
292 }
293
rsa_decrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out,uint32_t engine)294 static TEE_Result rsa_decrypt_hal(TEE_OperationHandle operation, struct asymmetric_params_t *extra_params,
295 struct memref_t *data_in, struct memref_t *data_out, uint32_t engine)
296 {
297 refresh_attribute_value(extra_params);
298 int32_t ret = tee_crypto_rsa_decrypt(operation->algorithm,
299 (const struct rsa_priv_key_t *)(operation->privateKey), extra_params, data_in, data_out, engine);
300 refresh_attribute_value_back(extra_params);
301 return change_hal_ret_to_gp(ret);
302 }
303
sm2_decrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out,uint32_t engine)304 static TEE_Result sm2_decrypt_hal(TEE_OperationHandle operation, struct asymmetric_params_t *extra_params,
305 struct memref_t *data_in, struct memref_t *data_out, uint32_t engine)
306 {
307 int32_t ret = tee_crypto_ecc_decrypt(operation->algorithm,
308 (const struct ecc_priv_key_t *)(operation->privateKey), extra_params, data_in, data_out, engine);
309 return change_hal_ret_to_gp(ret);
310 }
311
asymmetric_decrypt_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out)312 static TEE_Result asymmetric_decrypt_hal(TEE_OperationHandle operation,
313 struct asymmetric_params_t *extra_params,
314 struct memref_t *data_in, struct memref_t *data_out)
315 {
316 uint32_t engine = ((crypto_hal_info *)(operation->hal_info))->crypto_flag;
317
318 switch (operation->algorithm) {
319 case TEE_ALG_RSAES_PKCS1_V1_5:
320 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1:
321 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224:
322 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
323 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
324 case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
325 case TEE_ALG_RSA_NOPAD:
326 return rsa_decrypt_hal(operation, extra_params, data_in, data_out, engine);
327 case TEE_ALG_SM2_PKE:
328 return sm2_decrypt_hal(operation, extra_params, data_in, data_out, engine);
329 default:
330 tloge("the algorithm is not support");
331 break;
332 }
333 return TEE_ERROR_NOT_SUPPORTED;
334 }
335
TEE_AsymmetricDecrypt(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,void * srcData,size_t srcLen,void * destData,size_t * destLen)336 TEE_Result TEE_AsymmetricDecrypt(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount,
337 void *srcData, size_t srcLen, void *destData, size_t *destLen)
338 {
339 bool check = (operation == NULL || srcData == NULL || srcLen == 0 || destData == NULL || destLen == NULL ||
340 *destLen == 0 || (check_operation((const TEE_OperationHandle)operation) != TEE_SUCCESS));
341 if (check) {
342 tloge("bad params");
343 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
344 return TEE_ERROR_BAD_PARAMETERS;
345 }
346 if (*destLen <= 0) {
347 tloge("Output buffer is too short\n");
348 return TEE_ERROR_SHORT_BUFFER;
349 }
350
351 if (paramCount > MAX_EXTRA_PARAM_COUNT) {
352 tloge("param count is invalid");
353 return TEE_ERROR_BAD_PARAMETERS;
354 }
355 if (crypto_lock_operation(operation) != TEE_SUCCESS)
356 return TEE_ERROR_GENERIC;
357
358 TEE_Result ret = asymmetric_cipher_operation_state_check((const TEE_OperationHandle)operation, DECRYPT_TYPE);
359 if (ret != TEE_SUCCESS) {
360 crypto_unlock_operation(operation);
361 TEE_Panic(ret);
362 return ret;
363 }
364
365 operation_src_dest src_dest_param = { 0 };
366 fill_src_dest_param(&src_dest_param, srcData, srcLen, destData, destLen);
367 ret = asymmetric_process_hal(operation, params, paramCount, &src_dest_param, asymmetric_decrypt_hal);
368 crypto_unlock_operation(operation);
369 if (ret != TEE_SUCCESS)
370 TEE_Panic(ret);
371 return ret;
372 }
373
374 static const uint32_t g_support_signature_algs[] = {
375 TEE_ALG_RSASSA_PKCS1_V1_5_MD5,
376 TEE_ALG_RSASSA_PKCS1_V1_5_SHA1,
377 TEE_ALG_RSASSA_PKCS1_V1_5_SHA224,
378 TEE_ALG_RSASSA_PKCS1_V1_5_SHA256,
379 TEE_ALG_RSASSA_PKCS1_V1_5_SHA384,
380 TEE_ALG_RSASSA_PKCS1_V1_5_SHA512,
381 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5,
382 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1,
383 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224,
384 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
385 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384,
386 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512,
387 TEE_ALG_ECDSA_SHA1,
388 TEE_ALG_ECDSA_SHA224,
389 TEE_ALG_ECDSA_SHA256,
390 TEE_ALG_ECDSA_SHA384,
391 TEE_ALG_ECDSA_SHA512,
392 TEE_ALG_SM2_DSA_SM3,
393 TEE_ALG_ED25519,
394 };
395
signature_operation_state_check(const TEE_OperationHandle operation,uint32_t expect_mode)396 static TEE_Result signature_operation_state_check(const TEE_OperationHandle operation, uint32_t expect_mode)
397 {
398 bool is_support_alg = false;
399 if (tee_get_ta_api_level() >= API_LEVEL1_1_1) {
400 if ((operation->handleState & TEE_HANDLE_FLAG_KEY_SET) != TEE_HANDLE_FLAG_KEY_SET) {
401 tloge("Invalid operation key state for this operation\n");
402 return TEE_ERROR_BAD_STATE;
403 }
404 }
405
406 /* Some algorithm use only public key for sign and verify operation */
407 bool check = ((operation->publicKey == NULL) && (operation->privateKey == NULL));
408 if (check) {
409 tloge("Please setup the key first for this operation\n");
410 return TEE_ERROR_BAD_PARAMETERS;
411 }
412
413 for (uint32_t i = 0; i < sizeof(g_support_signature_algs) / sizeof(g_support_signature_algs[0]); i++) {
414 if (g_support_signature_algs[i] == operation->algorithm) {
415 is_support_alg = true;
416 break;
417 }
418 }
419
420 check = (!is_support_alg || operation->operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE ||
421 operation->mode != expect_mode);
422 if (check) {
423 tloge("Invalid param for this operation\n");
424 return TEE_ERROR_BAD_PARAMETERS;
425 }
426
427 return TEE_SUCCESS;
428 }
429
get_expect_digest_len_from_algorithm(uint32_t algorithm,uint32_t api_level)430 static uint32_t get_expect_digest_len_from_algorithm(uint32_t algorithm, uint32_t api_level)
431 {
432 size_t i = 0;
433 crypto_uint2uint digest_len[] = { { TEE_ALG_RSASSA_PKCS1_V1_5_MD5, MD5_OUTPUT_LEN },
434 { TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, SHA1_OUTPUT_LEN },
435 { TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, SHA224_OUTPUT_LEN },
436 { TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, SHA256_OUTPUT_LEN },
437 { TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, SHA384_OUTPUT_LEN },
438 { TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, SHA512_OUTPUT_LEN },
439 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5, MD5_OUTPUT_LEN },
440 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, SHA1_OUTPUT_LEN },
441 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, SHA224_OUTPUT_LEN },
442 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, SHA256_OUTPUT_LEN },
443 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, SHA384_OUTPUT_LEN },
444 { TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, SHA512_OUTPUT_LEN } };
445
446 size_t total_map_num = sizeof(digest_len) / sizeof(digest_len[0]);
447 for (; i < total_map_num; i++) {
448 if (digest_len[i].src == algorithm)
449 return digest_len[i].dest;
450 }
451
452 if (api_level > API_LEVEL1_0) {
453 crypto_uint2uint get_ecc_digest_len[] = {
454 { TEE_ALG_ECDSA_SHA1, SHA1_OUTPUT_LEN },
455 { TEE_ALG_ECDSA_SHA224, SHA224_OUTPUT_LEN },
456 { TEE_ALG_ECDSA_SHA256, SHA256_OUTPUT_LEN },
457 { TEE_ALG_ECDSA_SHA384, SHA384_OUTPUT_LEN },
458 { TEE_ALG_ECDSA_SHA512, SHA512_OUTPUT_LEN },
459 };
460
461 total_map_num = sizeof(get_ecc_digest_len) / sizeof(get_ecc_digest_len[0]);
462 for (i = 0; i < total_map_num; i++) {
463 if (get_ecc_digest_len[i].src == algorithm)
464 return get_ecc_digest_len[i].dest;
465 }
466 }
467 return 0;
468 }
469
470 /* This special procedure is just aim to rsa */
pre_proc_digest_len(uint32_t algorithm,uint32_t digest_len,uint32_t * expect_digest_len,uint32_t api_level)471 static TEE_Result pre_proc_digest_len(uint32_t algorithm, uint32_t digest_len, uint32_t *expect_digest_len,
472 uint32_t api_level)
473 {
474 *expect_digest_len = get_expect_digest_len_from_algorithm(algorithm, api_level);
475 if (*expect_digest_len == 0) {
476 *expect_digest_len = digest_len;
477 return TEE_SUCCESS;
478 }
479 if (digest_len != *expect_digest_len) {
480 if (api_level > API_LEVEL1_0) {
481 tloge("The digest len is Invalid");
482 return TEE_ERROR_BAD_PARAMETERS;
483 }
484 if (digest_len < *expect_digest_len) {
485 tloge("The digest len is too small, digest_len = 0x%x, expect_digest_len = 0x%x\n", digest_len,
486 *expect_digest_len);
487 return TEE_ERROR_BAD_PARAMETERS;
488 }
489 }
490 return TEE_SUCCESS;
491 }
492
check_pss_param(const TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t param_count,uint32_t api_level)493 static TEE_Result check_pss_param(const TEE_OperationHandle operation, const TEE_Attribute *params,
494 uint32_t param_count, uint32_t api_level)
495 {
496 /*
497 * when params is not given, paramCount is 0
498 * when params is given, paramCount is 1
499 */
500 if (api_level < API_LEVEL1_1_1)
501 return TEE_SUCCESS;
502
503 bool check = (params == NULL || param_count == 0 || param_count == 1);
504 if (check)
505 return TEE_SUCCESS;
506
507 check = (operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5 &&
508 operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1 &&
509 operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224 &&
510 operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 &&
511 operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384 &&
512 operation->algorithm != TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512);
513 if (check)
514 return TEE_SUCCESS;
515
516 tloge("check pss param error!\n");
517 return TEE_ERROR_BAD_PARAMETERS;
518 }
519
asymmetric_sign_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out)520 static TEE_Result asymmetric_sign_hal(TEE_OperationHandle operation,
521 struct asymmetric_params_t *extra_params, struct memref_t *data_in, struct memref_t *data_out)
522 {
523 int32_t ret;
524 uint32_t engine = ((crypto_hal_info *)(operation->hal_info))->crypto_flag;
525
526 switch (operation->algorithm) {
527 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5:
528 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
529 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
530 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
531 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
532 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
533 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
534 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
535 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
536 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
537 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
538 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
539 refresh_attribute_value(extra_params);
540 ret = tee_crypto_rsa_sign_digest(operation->algorithm,
541 (const struct rsa_priv_key_t*)(operation->privateKey), extra_params, data_in, data_out, engine);
542 refresh_attribute_value_back(extra_params);
543 return change_hal_ret_to_gp(ret);
544 case TEE_ALG_ECDSA_SHA1:
545 case TEE_ALG_ECDSA_SHA224:
546 case TEE_ALG_ECDSA_SHA256:
547 case TEE_ALG_ECDSA_SHA384:
548 case TEE_ALG_ECDSA_SHA512:
549 case TEE_ALG_SM2_DSA_SM3:
550 case TEE_ALG_ED25519:
551 ret = tee_crypto_ecc_sign_digest(operation->algorithm,
552 (const struct ecc_priv_key_t*)(operation->privateKey), extra_params, data_in, data_out, engine);
553 return change_hal_ret_to_gp(ret);
554 default:
555 tloge("the algorithm is not support");
556 return TEE_ERROR_NOT_SUPPORTED;
557 }
558 }
559
TEE_AsymmetricSignDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,void * digest,size_t digestLen,void * signature,size_t * signatureLen)560 TEE_Result TEE_AsymmetricSignDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount,
561 void *digest, size_t digestLen, void *signature, size_t *signatureLen)
562 {
563 bool check = (operation == NULL || digest == NULL || digestLen == 0 || signature == NULL || signatureLen == NULL ||
564 *signatureLen == 0 || (check_operation((const TEE_OperationHandle)operation) != TEE_SUCCESS));
565 if (check) {
566 tloge("The params is invalid");
567 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
568 return TEE_ERROR_BAD_PARAMETERS;
569 }
570
571 if (paramCount > MAX_EXTRA_PARAM_COUNT) {
572 tloge("The param count is invalid");
573 return TEE_ERROR_BAD_PARAMETERS;
574 }
575
576 if (crypto_lock_operation(operation) != TEE_SUCCESS)
577 return TEE_ERROR_GENERIC;
578
579 TEE_Result ret = signature_operation_state_check(operation, TEE_MODE_SIGN);
580 if (ret != TEE_SUCCESS)
581 goto exit;
582
583 uint32_t api_level = tee_get_ta_api_level();
584 ret = check_pss_param(operation, params, paramCount, api_level);
585 if (ret != TEE_SUCCESS)
586 goto exit;
587
588 uint32_t expect_digest_len = digestLen;
589
590 ret = pre_proc_digest_len(operation->algorithm, digestLen, &expect_digest_len, api_level);
591 if (ret != TEE_SUCCESS)
592 goto exit;
593
594 operation_src_dest src_dest_param = { 0 };
595 fill_src_dest_param(&src_dest_param, digest, expect_digest_len, signature, signatureLen);
596 ret = asymmetric_process_hal(operation, params, paramCount, &src_dest_param, asymmetric_sign_hal);
597 crypto_unlock_operation(operation);
598 if (ret != TEE_SUCCESS)
599 TEE_Panic(ret);
600 return ret;
601
602 exit:
603 crypto_unlock_operation(operation);
604 TEE_Panic(ret);
605 return ret;
606 }
607
asymmetric_verify_hal(TEE_OperationHandle operation,struct asymmetric_params_t * extra_params,struct memref_t * data_in,struct memref_t * data_out)608 static TEE_Result asymmetric_verify_hal(TEE_OperationHandle operation,
609 struct asymmetric_params_t *extra_params, struct memref_t *data_in, struct memref_t *data_out)
610 {
611 int32_t ret;
612 uint32_t engine = ((crypto_hal_info *)(operation->hal_info))->crypto_flag;
613
614 switch (operation->algorithm) {
615 case TEE_ALG_RSASSA_PKCS1_V1_5_MD5:
616 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1:
617 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224:
618 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256:
619 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384:
620 case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512:
621 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_MD5:
622 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1:
623 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224:
624 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
625 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
626 case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
627 refresh_attribute_value(extra_params);
628 ret = tee_crypto_rsa_verify_digest(operation->algorithm,
629 (const struct rsa_pub_key_t *)(operation->publicKey), extra_params, data_in, data_out, engine);
630 refresh_attribute_value_back(extra_params);
631 return change_hal_ret_to_gp(ret);
632 case TEE_ALG_ECDSA_SHA1:
633 case TEE_ALG_ECDSA_SHA224:
634 case TEE_ALG_ECDSA_SHA256:
635 case TEE_ALG_ECDSA_SHA384:
636 case TEE_ALG_ECDSA_SHA512:
637 case TEE_ALG_SM2_DSA_SM3:
638 case TEE_ALG_ED25519:
639 ret = tee_crypto_ecc_verify_digest(operation->algorithm,
640 (const struct ecc_pub_key_t *)(operation->publicKey), extra_params, data_in, data_out, engine);
641 return change_hal_ret_to_gp(ret);
642 default:
643 tloge("the algorithm is not support");
644 return TEE_ERROR_NOT_SUPPORTED;
645 }
646 }
647
TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation,const TEE_Attribute * params,uint32_t paramCount,void * digest,size_t digestLen,void * signature,size_t signatureLen)648 TEE_Result TEE_AsymmetricVerifyDigest(TEE_OperationHandle operation, const TEE_Attribute *params, uint32_t paramCount,
649 void *digest, size_t digestLen, void *signature, size_t signatureLen)
650 {
651 bool check = (operation == NULL || digest == NULL || digestLen == 0 || signature == NULL || signatureLen == 0 ||
652 (check_operation((const TEE_OperationHandle)operation) != TEE_SUCCESS));
653 if (check) {
654 tloge("bad params");
655 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
656 return TEE_ERROR_BAD_PARAMETERS;
657 }
658
659 if (paramCount > MAX_EXTRA_PARAM_COUNT) {
660 tloge("param count is invalid");
661 return TEE_ERROR_BAD_PARAMETERS;
662 }
663
664 if (crypto_lock_operation(operation) != TEE_SUCCESS)
665 return TEE_ERROR_GENERIC;
666
667 TEE_Result ret = signature_operation_state_check(operation, TEE_MODE_VERIFY);
668 if (ret != TEE_SUCCESS)
669 goto exit;
670
671 uint32_t api_level = tee_get_ta_api_level();
672 ret = check_pss_param(operation, params, paramCount, api_level);
673 if (ret != TEE_SUCCESS)
674 goto exit;
675
676 crypto_hal_info *crypto_hal_data = (crypto_hal_info *)(operation->hal_info);
677 if (crypto_hal_data == NULL) {
678 ret = TEE_ERROR_BAD_PARAMETERS;
679 goto exit;
680 }
681 uint32_t expect_digest_len = digestLen;
682
683 ret = pre_proc_digest_len(operation->algorithm, digestLen, &expect_digest_len, api_level);
684 if (ret != TEE_SUCCESS) {
685 crypto_unlock_operation(operation);
686 TEE_Panic(ret);
687 return ret;
688 }
689
690 operation_src_dest src_dest_param = { 0 };
691 fill_src_dest_param(&src_dest_param, digest, expect_digest_len, signature, &signatureLen);
692 ret = asymmetric_process_hal(operation, params, paramCount, &src_dest_param, asymmetric_verify_hal);
693 crypto_unlock_operation(operation);
694 if (ret != TEE_SUCCESS)
695 TEE_Panic(ret);
696 return ret;
697 exit:
698 crypto_unlock_operation(operation);
699 TEE_Panic(ret);
700 return ret;
701 }
702