1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include "tee_object_api.h"
13 #include <stdarg.h>
14 #include "ta_framework.h"
15 #include "tee_ss_agent_api.h"
16 #include "tee_log.h"
17 #include "tee_obj.h"
18 #include "securec.h"
19 #include "tee_property_inner.h"
20 #include <crypto_inner_defines.h>
21 #include <crypto_hal_derive_key.h>
22 #include <crypto_hal_rsa.h>
23 #include <crypto_hal_ec.h>
24 #include <crypto_hal.h>
25 #include <crypto_alg_config.h>
26 #include <crypto_manager.h>
27 #include "tee_obj_attr.h"
28
29 typedef TEE_Result (*attr_mem_func)(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc);
30 struct attr_mem_alloc_t {
31 uint32_t obj_type;
32 attr_mem_func fn;
33 };
34
35 #define MAX_KEY_SIZE 0x000001000
36 #define DES_BLOCK 8
37 #define TEE_ATTR_ANAY 0
38 #define RSA_CRT_PARAM 2
39 #define RSA_EXPONENT 65537
40 #define HEX_VALUE 16
41 #define DH_PARAM_COUNT 3
42 #define DH_MIN_KEY_SIZE_IN_BIT 256
43 #define DH_MAX_KEY_SIZE_IN_BIT 2048
44 #define ECKEY_FIX_ATTRI_LEN 4
45 #define KEY_25519_FIX_ATTR_LEN 2
46 #define ECC_192_KEY_SIZE 192U
47 #define ECC_224_KEY_SIZE 224U
48 #define ECC_256_KEY_SIZE 256U
49 #define ECC_384_KEY_SIZE 384U
50 #define ECC_521_KEY_SIZE 521U
51 #define ECC_DEFAULT_KEY_SIZE 0U
52 #define DH_MIN_L 2048
53
54 struct object_max_key_size_s {
55 uint32_t object_type;
56 uint32_t attribute_id;
57 uint32_t max_key_size_1_0;
58 uint32_t max_key_size_1_2;
59 };
60
61 static const struct object_max_key_size_s g_max_key_size[] = {
62 {TEE_TYPE_AES, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_AES, OBJ_MAX_SIZE_AES},
63 {TEE_TYPE_DES, TEE_ATTR_SECRET_VALUE, OBJ_SIZE_DES, OBJ_SIZE_DES},
64 {TEE_TYPE_DES3, TEE_ATTR_SECRET_VALUE, OBJ_SIZE_DES3, OBJ_SIZE_DES3},
65 {TEE_TYPE_SM4, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_SM4, OBJ_SIZE_SM4},
66 {TEE_TYPE_HMAC_SM3, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC_SM3, OBJ_MAX_SIZE_HMAC_SM3},
67 {TEE_TYPE_HMAC_MD5, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
68 {TEE_TYPE_HMAC_SHA1, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
69 {TEE_TYPE_HMAC_SHA224, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
70 {TEE_TYPE_HMAC_SHA256, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
71 {TEE_TYPE_HMAC_SHA384, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
72 {TEE_TYPE_HMAC_SHA512, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_HMAC, OBJ_MAX_SIZE_HMAC},
73 {TEE_TYPE_PBKDF2_HMAC, TEE_ATTR_SECRET_VALUE, OBJ_MAX_SIZE_PBKDF2, OBJ_MAX_SIZE_PBKDF2},
74 {TEE_TYPE_SIP_HASH, TEE_ATTR_SECRET_VALUE, OBJ_SIZE_SIP_HASH, OBJ_SIZE_SIP_HASH},
75 {TEE_TYPE_RSA_PUBLIC_KEY, TEE_ATTR_RSA_PUBLIC_EXPONENT, OBJ_SIZE_RSA_PUB_EXPONENT, OBJ_SIZE_RSA_PUB_EXPONENT},
76 {TEE_TYPE_RSA_PUBLIC_KEY, TEE_ATTR_RSA_MODULUS, OBJ_MAX_SIZE_RSA_PUB_KEY, OBJ_MAX_SIZE_RSA_PUB_KEY},
77 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_MODULUS, OBJ_MAX_SIZE_RSA_KEY_PAIR, OBJ_MAX_SIZE_RSA_KEY_PAIR},
78 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_PRIVATE_EXPONENT, OBJ_MAX_SIZE_RSA_KEY_PAIR, OBJ_MAX_SIZE_RSA_KEY_PAIR},
79 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_PUBLIC_EXPONENT, OBJ_SIZE_RSA_PUB_EXPONENT, OBJ_SIZE_RSA_PUB_EXPONENT},
80 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_PRIME1, OBJ_MAX_SIZE_RSA_CRT_ATTR, OBJ_MAX_SIZE_RSA_CRT_ATTR},
81 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_PRIME2, OBJ_MAX_SIZE_RSA_CRT_ATTR, OBJ_MAX_SIZE_RSA_CRT_ATTR},
82 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_EXPONENT1, OBJ_MAX_SIZE_RSA_CRT_ATTR, OBJ_MAX_SIZE_RSA_CRT_ATTR},
83 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_EXPONENT2, OBJ_MAX_SIZE_RSA_CRT_ATTR, OBJ_MAX_SIZE_RSA_CRT_ATTR},
84 {TEE_TYPE_RSA_KEYPAIR, TEE_ATTR_RSA_COEFFICIENT, OBJ_MAX_SIZE_RSA_CRT_ATTR, OBJ_MAX_SIZE_RSA_CRT_ATTR},
85 {TEE_TYPE_DSA_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_DSA_PUB_KEY, OBJ_MAX_SIZE_DSA_PUB_KEY},
86 {TEE_TYPE_DSA_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_DSA_KEY_PAIR, OBJ_MAX_SIZE_DSA_KEY_PAIR},
87 {TEE_TYPE_DH_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_DH_KEY_PAIR, OBJ_MAX_SIZE_DH_KEY_PAIR},
88 {TEE_TYPE_GENERIC_SECRET, TEE_ATTR_ANAY, OBJ_MAX_SIZE_GENERIC_SECRET, OBJ_MAX_SIZE_GENERIC_SECRET},
89 {TEE_TYPE_ECDSA_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ECDSA_PUB_KEY, OBJ_MAX_SIZE_ECDSA_PUB_KEY},
90 {TEE_TYPE_ECDSA_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ECDSA_KEY_PAIR, OBJ_MAX_SIZE_ECDSA_KEY_PAIR},
91 {TEE_TYPE_ECDH_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ECDH_PUB_KEY, OBJ_MAX_SIZE_ECDH_PUB_KEY},
92 {TEE_TYPE_ECDH_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ECDH_KEY_PAIR, OBJ_MAX_SIZE_ECDH_KEY_PAIR},
93 {TEE_TYPE_X25519_KEYPAIR, TEE_ATTR_ANAY, OBJ_SIZE_X25519_PUB_KEY, OBJ_SIZE_X25519_PUB_KEY},
94 {TEE_TYPE_X25519_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_SIZE_X25519_KEY_PAIR, OBJ_SIZE_X25519_KEY_PAIR},
95 {TEE_TYPE_ED25519_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ED25519_KEY_PAIR, OBJ_MAX_SIZE_ED25519_KEY_PAIR},
96 {TEE_TYPE_ED25519_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_ED25519_PUB_KEY, OBJ_SIZE_ED25519_PUB_KEY},
97 {TEE_TYPE_SM2_DSA_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
98 {TEE_TYPE_SM2_DSA_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
99 {TEE_TYPE_SM2_KEP_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
100 {TEE_TYPE_SM2_KEP_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
101 {TEE_TYPE_SM2_PKE_PUBLIC_KEY, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
102 {TEE_TYPE_SM2_PKE_KEYPAIR, TEE_ATTR_ANAY, OBJ_MAX_SIZE_SM2, OBJ_SIZE_SM2},
103 };
104
object_max_size_of_object_type(uint32_t object_type,uint32_t attribute_id)105 static uint32_t object_max_size_of_object_type(uint32_t object_type, uint32_t attribute_id)
106 {
107 uint32_t api_level = tee_get_ta_api_level();
108 bool check = false;
109
110 for (uint32_t index = 0; index < ELEM_NUM(g_max_key_size); index++) {
111 check = (g_max_key_size[index].object_type == object_type) &&
112 ((g_max_key_size[index].attribute_id == TEE_ATTR_ANAY) ||
113 (g_max_key_size[index].attribute_id == attribute_id));
114 if (check) {
115 if (api_level > API_LEVEL1_0)
116 return g_max_key_size[index].max_key_size_1_2;
117 else
118 return g_max_key_size[index].max_key_size_1_0;
119 }
120 }
121 return 0;
122 }
123
124 /* check if the real max_key_size is biger than object_max_key_size */
get_attribute_length(uint32_t api_level,uint32_t object_type,uint32_t para,uint32_t max_key_size)125 static uint32_t get_attribute_length(uint32_t api_level, uint32_t object_type, uint32_t para, uint32_t max_key_size)
126 {
127 uint32_t object_max_size = object_max_size_of_object_type(object_type, para);
128
129 if (api_level == API_LEVEL1_0)
130 return object_max_size;
131
132 switch (object_type) {
133 case TEE_TYPE_RSA_PUBLIC_KEY:
134 if (para == TEE_ATTR_RSA_PUBLIC_EXPONENT)
135 max_key_size = OBJ_SIZE_RSA_PUB_EXPONENT;
136 break;
137 case TEE_TYPE_RSA_KEYPAIR:
138 if (para == TEE_ATTR_RSA_PUBLIC_EXPONENT) {
139 max_key_size = OBJ_SIZE_RSA_PUB_EXPONENT;
140 break;
141 }
142 if (para != TEE_ATTR_RSA_MODULUS && para != TEE_ATTR_RSA_PRIVATE_EXPONENT) {
143 max_key_size = max_key_size / RSA_CRT_PARAM;
144 break;
145 }
146 break;
147 case TEE_TYPE_ED25519_KEYPAIR:
148 if (para == TEE_ATTR_ED25519_PRIVATE_VALUE)
149 max_key_size = OBJ_MAX_SIZE_ED25519_KEY_PAIR;
150 /* fall-through */
151 default:
152 break;
153 }
154
155 if (max_key_size > object_max_size) {
156 tloge("max_key_size %u is larger than the max key size %u", max_key_size, object_max_size);
157 return 0;
158 }
159
160 return max_key_size;
161 }
162
163 /* check if the real key_size is small than object_min_key_size */
check_object_min_size(uint32_t object_type,uint32_t para,uint32_t key_size)164 static TEE_Result check_object_min_size(uint32_t object_type, uint32_t para, uint32_t key_size)
165 {
166 bool check = (((object_type == TEE_TYPE_RSA_PUBLIC_KEY) || (object_type == TEE_TYPE_RSA_KEYPAIR)) &&
167 (para != TEE_ATTR_RSA_MODULUS));
168 if (check)
169 return TEE_SUCCESS;
170
171 uint32_t object_min_size = get_object_size(object_type);
172 if (key_size < object_min_size) {
173 tloge("keysize %u is smaller than the min_object key size %u", key_size, object_min_size);
174 return TEE_ERROR_BAD_PARAMETERS;
175 }
176
177 return TEE_SUCCESS;
178 }
179
get_max_key_size(uint32_t * max_key_size,const TEE_ObjectHandle * object,uint32_t api_level)180 static void get_max_key_size(uint32_t *max_key_size, const TEE_ObjectHandle *object, uint32_t api_level)
181 {
182 if (api_level > API_LEVEL1_0) {
183 #ifndef GP_SUPPORT
184 *max_key_size = (*object)->ObjectInfo->maxObjectSize;
185 #else
186 *max_key_size = (*object)->ObjectInfo->maxKeySize;
187 #endif
188 }
189 }
190
allocate_attribute(uint32_t api_level,TEE_ObjectHandle * object,uint32_t count,...)191 static TEE_Result allocate_attribute(uint32_t api_level, TEE_ObjectHandle *object, uint32_t count, ...)
192 {
193 uint32_t i = 0;
194 va_list argp = {0};
195 uint32_t para;
196 uint32_t max_key_size = 0;
197
198 /* eID use SM2_PKE algo but use SM2_KEP key,so SM2_KEP key should be supported at API_LEVEL1_0 */
199 bool check = ((api_level > API_LEVEL1_0) && (((*object)->ObjectInfo->objectType == TEE_TYPE_SM2_KEP_PUBLIC_KEY) ||
200 ((*object)->ObjectInfo->objectType == TEE_TYPE_SM2_KEP_KEYPAIR)));
201 if (check) {
202 tloge("the object type is not supported! objectType = %u\n", (*object)->ObjectInfo->objectType);
203 return TEE_ERROR_NOT_SUPPORTED;
204 }
205 (*object)->Attribute = (TEE_Attribute *)TEE_Malloc(count * sizeof(TEE_Attribute), 0);
206 if (((*object)->Attribute) == NULL)
207 return TEE_ERROR_OUT_OF_MEMORY;
208
209 (void)va_start(argp, count);
210
211 get_max_key_size(&max_key_size, object, api_level);
212
213 while (i < count) {
214 para = (uint32_t)va_arg(argp, uint32_t);
215 (*object)->Attribute[i].attributeID = para;
216
217 if (TEE_ATTR_IS_BUFFER((*object)->Attribute[i].attributeID)) {
218 (*object)->Attribute[i].content.ref.length = get_attribute_length(api_level,
219 (*object)->ObjectInfo->objectType, para, max_key_size);
220
221 (*object)->Attribute[i].content.ref.buffer =
222 TEE_Malloc((*object)->Attribute[i].content.ref.length, 0);
223 if ((*object)->Attribute[i].content.ref.buffer == NULL)
224 goto malloc_buf_error;
225 } else {
226 (*object)->Attribute[i].content.value.a = 0;
227 (*object)->Attribute[i].content.value.b = 0;
228 }
229 i++;
230 }
231 va_end(argp);
232 (*object)->attributesLen = count;
233 return TEE_SUCCESS;
234
235 malloc_buf_error:
236 va_end(argp);
237 tloge("Failed to allocate memory for object attribute:ref buffer.\n");
238 while (i > 0) {
239 i--;
240 if (TEE_ATTR_IS_BUFFER((*object)->Attribute[i].attributeID)) {
241 TEE_Free((*object)->Attribute[i].content.ref.buffer);
242 (*object)->Attribute[i].content.ref.buffer = NULL;
243 }
244 }
245 TEE_Free((*object)->Attribute);
246 (*object)->Attribute = NULL;
247
248 return TEE_ERROR_OUT_OF_MEMORY;
249 }
250
free_attribute(TEE_ObjectHandle object,uint32_t attrc)251 static void free_attribute(TEE_ObjectHandle object, uint32_t attrc)
252 {
253 if (object->Attribute == NULL) {
254 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
255 return;
256 }
257
258 tlogd("Need to free attribute!\n");
259 uint32_t i = 0;
260 int32_t rc;
261 uint32_t max_key_size = 0;
262 uint32_t malloc_size;
263 uint32_t api_level = tee_get_ta_api_level();
264 if (api_level > API_LEVEL1_0) {
265 #ifndef GP_SUPPORT
266 max_key_size = object->ObjectInfo->maxObjectSize;
267 #else
268 max_key_size = object->ObjectInfo->maxKeySize;
269 #endif
270 }
271
272 while (i < attrc) {
273 if (TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID) &&
274 object->Attribute[i].content.ref.buffer != NULL) {
275 if (api_level > API_LEVEL1_0) {
276 malloc_size = get_attribute_length(api_level, object->ObjectInfo->objectType,
277 object->Attribute[i].attributeID, max_key_size);
278 } else {
279 max_key_size = object->Attribute[i].content.ref.length;
280 malloc_size = max_key_size;
281 }
282 rc = memset_s(object->Attribute[i].content.ref.buffer, malloc_size, 0x0,
283 object->Attribute[i].content.ref.length);
284 if (rc != 0)
285 /* Ignore the failure and continue the traversal */
286 tlogw("memset_s failed!\n");
287 TEE_Free(object->Attribute[i].content.ref.buffer);
288 object->Attribute[i].content.ref.buffer = NULL;
289 }
290 i++;
291 }
292 TEE_Free((void *)object->Attribute);
293 object->Attribute = NULL;
294 return;
295 }
296
297 /*
298 * Set transient object to unintialized state.
299 * Called by TEE_AllocateTransientObject.
300 * object->Attribute[i].attributeID and object->attributesLen not changed.
301 * object->Attribute[i].content.ref.length not changed
302 */
transient_object_uninitialized_state(TEE_ObjectHandle object,uint32_t object_type,uint32_t max_object_size)303 static void transient_object_uninitialized_state(
304 TEE_ObjectHandle object,
305 uint32_t object_type,
306 uint32_t max_object_size)
307 {
308 uint32_t i;
309 errno_t rc;
310
311 object->dataPtr = NULL;
312 object->dataLen = 0;
313 rc = memset_s(object->dataName, sizeof(object->dataName), 0, sizeof(object->dataName));
314 if (rc != EOK) {
315 tloge("memset failed\n");
316 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
317 return;
318 }
319
320 object->ObjectInfo->objectType = object_type;
321 /* Set to 0 for an uninitialized object */
322 #ifndef GP_SUPPORT
323 object->ObjectInfo->objectSize = 0;
324 object->ObjectInfo->maxObjectSize = max_object_size;
325 #else
326 object->ObjectInfo->keySize = 0;
327 object->ObjectInfo->maxKeySize = max_object_size;
328 #endif
329 object->ObjectInfo->objectUsage = (uint32_t)TEE_USAGE_DEFAULT;
330 /* For a transient object, always set to 0 */
331 object->ObjectInfo->dataSize = 0;
332 /* For a transient object, set to 0 */
333 object->ObjectInfo->dataPosition = 0;
334 /* For a transient object, TEE_HANDLE_FLAG_INITIALIZED initially cleared,
335 * then set when the object becomes initialized */
336 object->ObjectInfo->handleFlags = 0;
337
338 if (object->Attribute == NULL)
339 return;
340 for (i = 0; i < (object->attributesLen); i++) {
341 if (TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID)) {
342 if (object->Attribute[i].content.ref.buffer != NULL)
343 rc = memset_s(object->Attribute[i].content.ref.buffer,
344 object->Attribute[i].content.ref.length,
345 0, object->Attribute[i].content.ref.length);
346 if (rc != EOK) {
347 tloge("memset failed\n");
348 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
349 }
350 } else {
351 object->Attribute[i].content.value.a = 0;
352 object->Attribute[i].content.value.b = 0;
353 }
354 }
355 return;
356 }
357
358 static uint32_t g_aes_key_size[] = {128, 192, 256};
check_valid_key_size_for_aes(uint32_t max_key_size)359 static TEE_Result check_valid_key_size_for_aes(uint32_t max_key_size)
360 {
361 /* aes key can only be 128/192/256 bit */
362 for (uint32_t i = 0; i < sizeof(g_aes_key_size) / sizeof(g_aes_key_size[0]); i++) {
363 if (max_key_size == g_aes_key_size[i])
364 return TEE_SUCCESS;
365 }
366
367 return TEE_ERROR_NOT_SUPPORTED;
368 }
369
check_valid_key_size_for_rsa(uint32_t max_key_size)370 static TEE_Result check_valid_key_size_for_rsa(uint32_t max_key_size)
371 {
372 if (max_key_size >= RSA_KEY_MIN && max_key_size <= RSA_KEY_MAX &&
373 max_key_size % RSA_KEY_BLOCK == 0)
374 return TEE_SUCCESS;
375 return TEE_ERROR_NOT_SUPPORTED;
376 }
377
378 static uint32_t g_ec_key_size[] = {224, 256, 384, 521};
check_valid_key_size_for_ec(uint32_t max_key_size)379 static TEE_Result check_valid_key_size_for_ec(uint32_t max_key_size)
380 {
381 /* ec key can only be 224/256/384/521 bit */
382 for (uint32_t i = 0; i < sizeof(g_ec_key_size) / sizeof(g_ec_key_size[0]); i++) {
383 if (max_key_size == g_ec_key_size[i])
384 return TEE_SUCCESS;
385 }
386
387 return TEE_ERROR_NOT_SUPPORTED;
388 }
389
check_valid_key_size_for_pbkdf2(uint32_t max_key_size)390 static TEE_Result check_valid_key_size_for_pbkdf2(uint32_t max_key_size)
391 {
392 if (max_key_size >= PBKDF2_MIN_KEY_SIZE * BIT_TO_BYTE && max_key_size <= PBKDF2_MAX_KEY_SIZE * BIT_TO_BYTE)
393 return TEE_SUCCESS;
394 return TEE_ERROR_NOT_SUPPORTED;
395 }
396
check_valid_key_size_for_dh(uint32_t max_key_size)397 static TEE_Result check_valid_key_size_for_dh(uint32_t max_key_size)
398 {
399 if (max_key_size >= DH_MIN_KEY_SIZE_IN_BIT && max_key_size <= DH_MAX_KEY_SIZE_IN_BIT &&
400 max_key_size % DH_BLOCK_SIZE == 0)
401 return TEE_SUCCESS;
402 return TEE_ERROR_NOT_SUPPORTED;
403 }
404
405 typedef TEE_Result (*obj_key_size_check)(uint32_t max_key_size);
406
407 struct object_key_size_s {
408 uint32_t type;
409 obj_key_size_check check_key_size_func;
410 };
411
412 static const struct object_key_size_s g_object_key_size[] = {
413 { TEE_TYPE_AES, check_valid_key_size_for_aes },
414 { TEE_TYPE_RSA_PUBLIC_KEY, check_valid_key_size_for_rsa },
415 { TEE_TYPE_RSA_KEYPAIR, check_valid_key_size_for_rsa },
416 { TEE_TYPE_ECDSA_PUBLIC_KEY, check_valid_key_size_for_ec },
417 { TEE_TYPE_ECDSA_KEYPAIR, check_valid_key_size_for_ec },
418 { TEE_TYPE_DH_KEYPAIR, check_valid_key_size_for_dh },
419 { TEE_TYPE_ECDH_PUBLIC_KEY, check_valid_key_size_for_ec },
420 { TEE_TYPE_ECDH_KEYPAIR, check_valid_key_size_for_ec },
421 { TEE_TYPE_PBKDF2_HMAC, check_valid_key_size_for_pbkdf2 },
422 };
423
check_max_object_size(uint32_t object_type,uint32_t max_object_size)424 static TEE_Result check_max_object_size(uint32_t object_type, uint32_t max_object_size)
425 {
426 for (uint32_t i = 0; i < ELEM_NUM(g_object_key_size); i++) {
427 if (object_type == g_object_key_size[i].type)
428 return g_object_key_size[i].check_key_size_func(max_object_size);
429 }
430
431 if ((max_object_size % BIT_TO_BYTE) != 0) {
432 tloge("maxObjectSize is invalid! maxObjectSize = %u", max_object_size);
433 return TEE_ERROR_NOT_SUPPORTED;
434 }
435
436 if (object_type == TEE_TYPE_ED25519_KEYPAIR && (max_object_size / BIT_TO_BYTE) != OBJ_SIZE_ED25519_KEY_PAIR) {
437 tloge("ED25519 maxObjectSize is invalid! maxObjectSize = %u", max_object_size);
438 return TEE_ERROR_NOT_SUPPORTED;
439 }
440
441 if (object_type == TEE_TYPE_SIP_HASH && (max_object_size / BIT_TO_BYTE) != OBJ_SIZE_SIP_HASH) {
442 tloge("sip hash maxObjectSize is invalid! maxObjectSize = %u", max_object_size);
443 return TEE_ERROR_NOT_SUPPORTED;
444 }
445
446 return TEE_SUCCESS;
447 }
448
check_param_allocatetransientobject(uint32_t type,uint32_t * object_size,const TEE_ObjectHandle * object,uint32_t * api_level)449 static TEE_Result check_param_allocatetransientobject(uint32_t type, uint32_t *object_size,
450 const TEE_ObjectHandle *object, uint32_t *api_level)
451 {
452 TEE_Result ret = TEE_SUCCESS;
453 if (object == NULL) {
454 tloge("TEE_AllocateTransientObject:bad object parameter!\n");
455 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
456 return TEE_ERROR_BAD_PARAMETERS;
457 }
458
459 if (type == TEE_TYPE_DATA)
460 return TEE_SUCCESS;
461
462 *api_level = tee_get_ta_api_level();
463 if (*api_level > API_LEVEL1_0) {
464 ret = check_max_object_size(type, *object_size);
465 if (ret != TEE_SUCCESS) {
466 tloge("maxObjectsize is Invalid\n");
467 return ret;
468 }
469 /* maxObjectSize is byte now */
470 *object_size = (*object_size + BIT_NUMBER_SEVEN) >> BIT_TO_BYTE_MOVE_THREE;
471 }
472
473 uint32_t min_object_size = get_object_size(type);
474 if (*object_size < min_object_size) {
475 tloge("maxObjectsize is too small\n");
476 return TEE_ERROR_NOT_SUPPORTED;
477 }
478
479 if (*object_size > MAX_KEY_SIZE) {
480 tloge("maxObjectsize is too big\n");
481 return TEE_ERROR_NOT_SUPPORTED;
482 }
483
484 return ret;
485 }
486
ae_attribute_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)487 static TEE_Result ae_attribute_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
488 {
489 return allocate_attribute(api_level, object, attrc, TEE_ATTR_SECRET_VALUE);
490 }
491
rsa_pub_key_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)492 static TEE_Result rsa_pub_key_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
493 {
494 return allocate_attribute(api_level, object, attrc, TEE_ATTR_RSA_MODULUS, TEE_ATTR_RSA_PUBLIC_EXPONENT);
495 }
496
rsa_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)497 static TEE_Result rsa_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
498 {
499 return allocate_attribute(api_level, object, attrc,
500 TEE_ATTR_RSA_MODULUS,
501 TEE_ATTR_RSA_PUBLIC_EXPONENT,
502 TEE_ATTR_RSA_PRIVATE_EXPONENT,
503 TEE_ATTR_RSA_PRIME1,
504 TEE_ATTR_RSA_PRIME2,
505 TEE_ATTR_RSA_EXPONENT1,
506 TEE_ATTR_RSA_EXPONENT2,
507 TEE_ATTR_RSA_COEFFICIENT);
508 }
509
dh_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)510 static TEE_Result dh_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
511 {
512 return allocate_attribute(api_level, object, attrc,
513 TEE_ATTR_DH_PRIME,
514 TEE_ATTR_DH_BASE,
515 TEE_ATTR_DH_PUBLIC_VALUE,
516 TEE_ATTR_DH_PRIVATE_VALUE,
517 TEE_ATTR_DH_SUBPRIME,
518 TEE_ATTR_DH_X_BITS);
519 }
520
dsa_attribute_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)521 static TEE_Result dsa_attribute_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
522 {
523 (void)api_level;
524 (void)object;
525 (void)attrc;
526 tloge("Allocate memory for DSA.Not supported\n");
527 return TEE_ERROR_NOT_SUPPORTED;
528 }
529
ec_pub_key_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)530 static TEE_Result ec_pub_key_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
531 {
532 return allocate_attribute(api_level, object, attrc,
533 TEE_ATTR_ECC_PUBLIC_VALUE_X,
534 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
535 TEE_ATTR_ECC_CURVE);
536 }
537
ec_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)538 static TEE_Result ec_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
539 {
540 return allocate_attribute(api_level, object, attrc,
541 TEE_ATTR_ECC_PUBLIC_VALUE_X,
542 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
543 TEE_ATTR_ECC_PRIVATE_VALUE,
544 TEE_ATTR_ECC_CURVE);
545 }
546
ed25519_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)547 static TEE_Result ed25519_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
548 {
549 return allocate_attribute(api_level, object, attrc,
550 TEE_ATTR_ED25519_PUBLIC_VALUE,
551 TEE_ATTR_ED25519_PRIVATE_VALUE);
552 }
553
ed25519_pub_key_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)554 static TEE_Result ed25519_pub_key_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
555 {
556 return allocate_attribute(api_level, object, attrc, TEE_ATTR_ED25519_PUBLIC_VALUE);
557 }
558
x25519_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)559 static TEE_Result x25519_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
560 {
561 return allocate_attribute(api_level, object, attrc,
562 TEE_ATTR_X25519_PUBLIC_VALUE,
563 TEE_ATTR_X25519_PRIVATE_VALUE);
564 }
565
x25519_pub_key_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)566 static TEE_Result x25519_pub_key_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
567 {
568 return allocate_attribute(api_level, object, attrc, TEE_ATTR_X25519_PUBLIC_VALUE);
569 }
570
sm2_pub_key_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)571 static TEE_Result sm2_pub_key_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
572 {
573 return allocate_attribute(api_level, object, attrc,
574 TEE_ATTR_ECC_PUBLIC_VALUE_X,
575 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
576 TEE_ATTR_ECC_CURVE);
577 }
578
sm2_keypair_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)579 static TEE_Result sm2_keypair_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
580 {
581 return allocate_attribute(api_level, object, attrc,
582 TEE_ATTR_ECC_PUBLIC_VALUE_X,
583 TEE_ATTR_ECC_PUBLIC_VALUE_Y,
584 TEE_ATTR_ECC_PRIVATE_VALUE,
585 TEE_ATTR_ECC_CURVE);
586 }
587
data_attribute_alloc(uint32_t api_level,TEE_ObjectHandle * object,uint32_t attrc)588 static TEE_Result data_attribute_alloc(uint32_t api_level, TEE_ObjectHandle *object, uint32_t attrc)
589 {
590 (void)api_level;
591 (void)object;
592 (void)attrc;
593 tlogd("Object type %u need no key.\n", (*object)->ObjectInfo->objectType);
594 return TEE_SUCCESS;
595 }
596
597 static const struct attr_mem_alloc_t g_attr_mem_tal[] = {
598 { TEE_TYPE_AES, ae_attribute_alloc },
599 { TEE_TYPE_DES, ae_attribute_alloc },
600 { TEE_TYPE_DES3, ae_attribute_alloc },
601 { TEE_TYPE_SM4, ae_attribute_alloc },
602 { TEE_TYPE_HMAC_SM3, ae_attribute_alloc },
603 { TEE_TYPE_HMAC_MD5, ae_attribute_alloc },
604 { TEE_TYPE_HMAC_SHA1, ae_attribute_alloc },
605 { TEE_TYPE_HMAC_SHA224, ae_attribute_alloc },
606 { TEE_TYPE_HMAC_SHA256, ae_attribute_alloc },
607 { TEE_TYPE_HMAC_SHA384, ae_attribute_alloc },
608 { TEE_TYPE_HMAC_SHA512, ae_attribute_alloc },
609 { TEE_TYPE_GENERIC_SECRET, ae_attribute_alloc },
610 { TEE_TYPE_PBKDF2_HMAC, ae_attribute_alloc },
611 { TEE_TYPE_SIP_HASH, ae_attribute_alloc },
612 { TEE_TYPE_RSA_PUBLIC_KEY, rsa_pub_key_alloc },
613 { TEE_TYPE_RSA_KEYPAIR, rsa_keypair_alloc },
614 { TEE_TYPE_DH_KEYPAIR, dh_keypair_alloc },
615 { TEE_TYPE_DSA_PUBLIC_KEY, dsa_attribute_alloc },
616 { TEE_TYPE_DSA_KEYPAIR, dsa_attribute_alloc },
617 { TEE_TYPE_ECDSA_PUBLIC_KEY, ec_pub_key_alloc },
618 { TEE_TYPE_ECDH_PUBLIC_KEY, ec_pub_key_alloc },
619 { TEE_TYPE_ECDSA_KEYPAIR, ec_keypair_alloc },
620 { TEE_TYPE_ECDH_KEYPAIR, ec_keypair_alloc },
621 { TEE_TYPE_ED25519_KEYPAIR, ed25519_keypair_alloc },
622 { TEE_TYPE_ED25519_PUBLIC_KEY, ed25519_pub_key_alloc },
623 { TEE_TYPE_X25519_KEYPAIR, x25519_keypair_alloc },
624 { TEE_TYPE_X25519_PUBLIC_KEY, x25519_pub_key_alloc },
625 { TEE_TYPE_SM2_DSA_PUBLIC_KEY, sm2_pub_key_alloc },
626 { TEE_TYPE_SM2_PKE_PUBLIC_KEY, sm2_pub_key_alloc },
627 { TEE_TYPE_SM2_KEP_PUBLIC_KEY, sm2_pub_key_alloc },
628 { TEE_TYPE_SM2_DSA_KEYPAIR, sm2_keypair_alloc },
629 { TEE_TYPE_SM2_PKE_KEYPAIR, sm2_keypair_alloc },
630 { TEE_TYPE_SM2_KEP_KEYPAIR, sm2_keypair_alloc },
631 { TEE_TYPE_DATA, data_attribute_alloc },
632 { TEE_TYPE_DATA_GP1_1, data_attribute_alloc },
633 };
634
alloc_attr_mem(uint32_t object_type,TEE_ObjectHandle * object,uint32_t attrc,uint32_t api_level)635 static TEE_Result alloc_attr_mem(uint32_t object_type, TEE_ObjectHandle *object,
636 uint32_t attrc, uint32_t api_level)
637 {
638 TEE_Result ret;
639 uint32_t num = sizeof(g_attr_mem_tal) / sizeof(g_attr_mem_tal[0]);
640 for (uint32_t i = 0; i < num; i++) {
641 if (object_type == g_attr_mem_tal[i].obj_type) {
642 ret = g_attr_mem_tal[i].fn(api_level, object, attrc);
643 if (ret != TEE_SUCCESS) {
644 tloge("Failed to allocate transient object, ret 0x%x\n", ret);
645 (void)tee_obj_free(object);
646 }
647 return ret;
648 }
649 }
650
651 tloge("Object type unsupported %u.\n", object_type);
652 (void)tee_obj_free(object);
653 TEE_Panic(TEE_ERROR_NOT_SUPPORTED);
654 return TEE_ERROR_NOT_SUPPORTED;
655 }
656
check_alg_compliance(uint32_t obj_type,uint32_t key_size)657 static TEE_Result check_alg_compliance(uint32_t obj_type, uint32_t key_size)
658 {
659 uint32_t api_level = tee_get_ta_api_level();
660 if (api_level == API_LEVEL1_0)
661 key_size *= BIT_TO_BYTE;
662
663 if (check_if_unsafe_type(obj_type, key_size) != TEE_SUCCESS) {
664 tloge("object type 0x%x is unsafe and not support\n", obj_type);
665 return TEE_ERROR_NOT_SUPPORTED;
666 }
667
668 return TEE_SUCCESS;
669 }
670
TEE_AllocateTransientObject(uint32_t objectType,uint32_t maxObjectSize,TEE_ObjectHandle * object)671 TEE_Result TEE_AllocateTransientObject(
672 uint32_t objectType,
673 uint32_t maxObjectSize, /* here should be maxKeySize */
674 TEE_ObjectHandle *object)
675 {
676 uint32_t attrc;
677 TEE_Result ret;
678 uint32_t api_level;
679
680 bool check = crypto_object_type_supported(objectType);
681 if (!check) {
682 tloge("object type 0x%x is not supported!", objectType);
683 return TEE_ERROR_NOT_SUPPORTED;
684 }
685
686 if (check_alg_compliance(objectType, maxObjectSize) != TEE_SUCCESS)
687 return TEE_ERROR_NOT_SUPPORTED;
688
689 ret = check_param_allocatetransientobject(objectType, &maxObjectSize, object, &api_level);
690 if (ret != TEE_SUCCESS) {
691 tloge("bad object parameter!\n");
692 return ret;
693 }
694
695 if (tee_obj_new(object) != TEE_SUCCESS) {
696 tloge("not available to allocate the object handle\n");
697 return TEE_ERROR_OUT_OF_MEMORY;
698 }
699
700 attrc = get_attr_count_for_object_type(objectType);
701 #ifndef GP_SUPPORT
702 (*object)->ObjectInfo->maxObjectSize = maxObjectSize;
703 #else
704 (*object)->ObjectInfo->maxKeySize = maxObjectSize;
705 #endif
706 (*object)->ObjectInfo->objectType = objectType;
707
708 /* allocate memory for TEE_Attribute */
709 ret = alloc_attr_mem(objectType, object, attrc, api_level);
710 if (ret != TEE_SUCCESS) {
711 tloge("Failed to allocate transient object, ret 0x%x\n", ret);
712 return ret;
713 }
714 /* an uninitialized transient object */
715 transient_object_uninitialized_state(*object, objectType, maxObjectSize);
716
717 ret = add_object(*object);
718 if (ret != TEE_SUCCESS) {
719 tloge("insert new object to list failed\n");
720 free_attribute(*object, attrc);
721 (void)tee_obj_free(object);
722 TEE_Panic(TEE_ERROR_GENERIC);
723 return TEE_ERROR_GENERIC;
724 }
725 (*object)->generate_flag = crypto_get_default_generate_key_engine(objectType);
726
727 return TEE_SUCCESS;
728 }
729
tee_free_attribute(TEE_ObjectHandle object,uint32_t attrc)730 static void tee_free_attribute(TEE_ObjectHandle object, uint32_t attrc)
731 {
732 switch (object->ObjectInfo->objectType) {
733 case (uint32_t)TEE_TYPE_DATA:
734 case (uint32_t)TEE_TYPE_DATA_GP1_1:
735 tlogd("TEE_FreeTransientObject:data object type!\n");
736 break;
737 case (uint32_t)TEE_TYPE_AES:
738 case (uint32_t)TEE_TYPE_DES:
739 case (uint32_t)TEE_TYPE_DES3:
740 case (uint32_t)TEE_TYPE_HMAC_MD5:
741 case (uint32_t)TEE_TYPE_HMAC_SHA1:
742 case (uint32_t)TEE_TYPE_HMAC_SHA224:
743 case (uint32_t)TEE_TYPE_HMAC_SHA256:
744 case (uint32_t)TEE_TYPE_HMAC_SHA384:
745 case (uint32_t)TEE_TYPE_HMAC_SHA512:
746 case (uint32_t)TEE_TYPE_GENERIC_SECRET:
747 case (uint32_t)TEE_TYPE_DH_KEYPAIR:
748 case (uint32_t)TEE_TYPE_RSA_PUBLIC_KEY:
749 case (uint32_t)TEE_TYPE_RSA_KEYPAIR:
750 case (uint32_t)TEE_TYPE_ECDSA_PUBLIC_KEY:
751 case (uint32_t)TEE_TYPE_ECDSA_KEYPAIR:
752 case (uint32_t)TEE_TYPE_ECDH_PUBLIC_KEY:
753 case (uint32_t)TEE_TYPE_ECDH_KEYPAIR:
754 case (uint32_t)TEE_TYPE_ED25519_PUBLIC_KEY:
755 case (uint32_t)TEE_TYPE_ED25519_KEYPAIR:
756 case (uint32_t)TEE_TYPE_X25519_PUBLIC_KEY:
757 case (uint32_t)TEE_TYPE_X25519_KEYPAIR:
758 case (uint32_t)TEE_TYPE_SM4:
759 case (uint32_t)TEE_TYPE_HMAC_SM3:
760 case (uint32_t)TEE_TYPE_SM2_DSA_PUBLIC_KEY:
761 case (uint32_t)TEE_TYPE_SM2_KEP_PUBLIC_KEY:
762 case (uint32_t)TEE_TYPE_SM2_PKE_PUBLIC_KEY:
763 case (uint32_t)TEE_TYPE_SM2_DSA_KEYPAIR:
764 case (uint32_t)TEE_TYPE_SM2_KEP_KEYPAIR:
765 case (uint32_t)TEE_TYPE_SM2_PKE_KEYPAIR:
766 case (uint32_t)TEE_TYPE_SIP_HASH:
767 case (uint32_t)TEE_TYPE_PBKDF2_HMAC:
768 /* free DSA attributes */
769 case (uint32_t)TEE_TYPE_DSA_PUBLIC_KEY:
770 case (uint32_t)TEE_TYPE_DSA_KEYPAIR:
771 free_attribute(object, attrc);
772 break;
773 default:
774 tloge("TEE_FreeTransientObject:not supported object type , 0x%x\n", object->ObjectInfo->objectType);
775 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
776 break;
777 }
778 }
779
TEE_FreeTransientObject(TEE_ObjectHandle object)780 void TEE_FreeTransientObject(TEE_ObjectHandle object)
781 {
782 uint32_t attrc;
783
784 /* Make sure the object is not persistent object */
785 if (object == NULL)
786 return;
787
788 if (check_object(object) != TEE_SUCCESS) {
789 tloge("object is invalid\n");
790 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
791 return;
792 }
793 if (object->ObjectInfo == NULL) {
794 tloge("objectInfo in obj is invalid\n");
795 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
796 return;
797 }
798 if (TEE_HANDLE_FLAG_PERSISTENT ==
799 (object->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_PERSISTENT)) {
800 tloge("obj is persistent\n");
801 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
802 return;
803 }
804
805 attrc = get_attr_count_for_object_type(object->ObjectInfo->objectType);
806
807 /* free TEE_Attribute */
808 tee_free_attribute(object, attrc);
809
810 tlogd("we will remove the obj in list\n");
811 if (delete_object(object)) {
812 tloge("TEE_FreeTransientObject: delete_object failed.\n");
813 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
814 }
815
816 /* free TEE_ObjectInfo */
817 if (tee_obj_free(&object)) {
818 tloge("TEE_FreeTransientObject: tee_obj_free failed.\n");
819 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
820 }
821
822 #ifdef OPENSSL_ENABLE
823 tee_crypto_free_openssl_drbg();
824 #endif
825 tlogd("TEE_FreeTransientObject end!\n");
826 return;
827 }
828
TEE_ResetTransientObject(TEE_ObjectHandle object)829 void TEE_ResetTransientObject(TEE_ObjectHandle object)
830 {
831 tlogd("TEE_ResetTransientObject start!\n");
832
833 /* Check the validation of input param */
834 /* Make sure the object is not persistent object */
835 if (object == NULL)
836 return;
837
838 if (check_object(object) != TEE_SUCCESS) {
839 tloge("object is invalid\n");
840 return;
841 }
842 if (object->ObjectInfo == NULL) {
843 tloge("objectInfo in obj is invalid\n");
844 return;
845 }
846 if (TEE_HANDLE_FLAG_PERSISTENT ==
847 (object->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_PERSISTENT)) {
848 tloge("obj is persistent\n");
849 return;
850 }
851
852 if (object->Attribute != NULL) {
853 tlogd("reset transient object\n");
854
855 uint32_t api_level = tee_get_ta_api_level();
856 if (api_level > API_LEVEL1_0) {
857 #ifndef GP_SUPPORT
858 object->Attribute->content.ref.length = object->ObjectInfo->maxObjectSize;
859 #else
860 object->Attribute->content.ref.length = object->ObjectInfo->maxKeySize;
861 #endif
862 } else {
863 object->Attribute->content.ref.length = object_max_size_of_object_type(
864 object->ObjectInfo->objectType, (uint32_t)TEE_ATTR_SECRET_VALUE);
865 }
866
867 transient_object_uninitialized_state(
868 object,
869 object->ObjectInfo->objectType,
870 #ifndef GP_SUPPORT
871 object->ObjectInfo->maxObjectSize);
872 #else
873 object->ObjectInfo->maxKeySize);
874 #endif
875 }
876 }
877
check_attr_id_exist(const TEE_Attribute * attrs,uint32_t attr_count,uint32_t attr_id)878 static TEE_Result check_attr_id_exist(const TEE_Attribute *attrs, uint32_t attr_count, uint32_t attr_id)
879 {
880 uint32_t index;
881
882 for (index = 0; index < attr_count; index++) {
883 if (attrs[index].attributeID == attr_id)
884 return TEE_SUCCESS;
885 }
886
887 return TEE_ERROR_BAD_PARAMETERS;
888 }
889
check_attr(const TEE_ObjectHandle object,const TEE_Attribute * attrs,uint32_t attr_count,uint32_t api_level)890 static TEE_Result check_attr(const TEE_ObjectHandle object, const TEE_Attribute *attrs, uint32_t attr_count,
891 uint32_t api_level)
892 {
893 const struct obj_attr_conf_s *config = NULL;
894 uint32_t index;
895 TEE_Result ret;
896
897 if (object == NULL || object->ObjectInfo == NULL || attrs == NULL || attr_count == 0) {
898 tloge("invalid input");
899 return TEE_ERROR_BAD_PARAMETERS;
900 }
901
902 config = get_object_attr_conf(object);
903
904 for (index = 0; (config != NULL) && (index < config->min_attr_count); index++) {
905 if (api_level > API_LEVEL1_0) {
906 bool check = ((object->ObjectInfo->objectType == TEE_TYPE_RSA_KEYPAIR) &&
907 (attr_count != config->max_attr_count) && (attr_count != config->min_attr_count));
908 if (check) {
909 tloge("RSA key pair need 3 or 8 attrs!");
910 return TEE_ERROR_BAD_PARAMETERS;
911 }
912 }
913 ret = check_attr_id_exist(attrs, attr_count, config->min_attr_array[index]);
914 if (ret != TEE_SUCCESS) {
915 tloge("Specified attribute ID: 0x%x doesn't exist\n", config->min_attr_array[index]);
916 return ret;
917 }
918 }
919
920 return TEE_SUCCESS;
921 }
922
check_3des_key(const TEE_Attribute * attrs)923 static TEE_Result check_3des_key(const TEE_Attribute *attrs)
924 {
925 char *key1 = attrs->content.ref.buffer;
926 char *key2 = key1 + DES_BLOCK;
927 char *key3 = key2 + DES_BLOCK;
928 int32_t rc = TEE_MemCompare(key1, key2, DES_BLOCK);
929 if (rc == 0) {
930 tloge("des key1 is equal to key2!");
931 return TEE_ERROR_BAD_PARAMETERS;
932 }
933
934 rc = TEE_MemCompare(key2, key3, DES_BLOCK);
935 if (rc == 0) {
936 tloge("des key2 is equal to key3!");
937 return TEE_ERROR_BAD_PARAMETERS;
938 }
939
940 rc = TEE_MemCompare(key1, key3, DES_BLOCK);
941 if (rc == 0) {
942 tloge("des key1 is equal to key3!");
943 return TEE_ERROR_BAD_PARAMETERS;
944 }
945
946 return TEE_SUCCESS;
947 }
948
check_populate_object_size(uint32_t api_level,uint32_t object_type,uint32_t attr,uint32_t object_size)949 static TEE_Result check_populate_object_size(uint32_t api_level, uint32_t object_type,
950 uint32_t attr, uint32_t object_size)
951 {
952 TEE_Result ret;
953 if (api_level <= API_LEVEL1_0)
954 return TEE_SUCCESS;
955
956 switch (object_type) {
957 case TEE_TYPE_ECDSA_PUBLIC_KEY:
958 case TEE_TYPE_ECDSA_KEYPAIR:
959 case TEE_TYPE_ECDH_PUBLIC_KEY:
960 case TEE_TYPE_ECDH_KEYPAIR:
961 if (object_size == OBJ_MAX_SIZE_ECDSA_PUB_KEY)
962 return TEE_SUCCESS;
963 break;
964 case TEE_TYPE_RSA_PUBLIC_KEY:
965 case TEE_TYPE_RSA_KEYPAIR:
966 if ((attr != TEE_ATTR_RSA_MODULUS))
967 return TEE_SUCCESS;
968 break;
969 default:
970 break;
971 }
972
973 if (object_size > (UINT32_MAX / BIT_TO_BYTE)) {
974 tloge("object_size is too large!");
975 return TEE_ERROR_NOT_SUPPORTED;
976 }
977
978 uint32_t temp_size = object_size * BIT_TO_BYTE;
979 for (uint32_t i = 0; i < ELEM_NUM(g_object_key_size); i++) {
980 if (object_type != g_object_key_size[i].type)
981 continue;
982 ret = g_object_key_size[i].check_key_size_func(temp_size);
983 if (ret != TEE_SUCCESS)
984 return ret;
985 }
986
987 bool check = ((object_size > object_max_size_of_object_type(object_type, attr)) ||
988 (check_object_min_size(object_type, attr, object_size) != TEE_SUCCESS));
989 if (check) {
990 tloge("attrs.content.ref.length is too small\n");
991 return TEE_ERROR_BAD_PARAMETERS;
992 }
993 return TEE_SUCCESS;
994 }
995
populate_trasient_object(TEE_ObjectHandle object,uint32_t count,const TEE_Attribute * attrs,uint32_t attr_count,bool function)996 static TEE_Result populate_trasient_object(TEE_ObjectHandle object, uint32_t count,
997 const TEE_Attribute *attrs, uint32_t attr_count, bool function)
998 {
999 bool attribute_flag = false;
1000 uint32_t api_level = tee_get_ta_api_level();
1001
1002 TEE_Result ret = check_attr(object, attrs, attr_count, api_level);
1003 if (ret != TEE_SUCCESS)
1004 return ret;
1005
1006 /* Populate the attrs to object */
1007 for (uint32_t j = 0; j < attr_count; j++) { /* attrs */
1008 attribute_flag = false;
1009 for (uint32_t i = 0; i < count; i++) { /* object */
1010 if (object->Attribute[i].attributeID != attrs[j].attributeID)
1011 continue;
1012
1013 attribute_flag = true;
1014 if (!TEE_ATTR_IS_BUFFER(object->Attribute[i].attributeID)) {
1015 /* value attribute */
1016 object->Attribute[i].content.value.a = attrs[j].content.value.a;
1017 object->Attribute[i].content.value.b = attrs[j].content.value.b;
1018 break;
1019 }
1020 if (attrs[j].content.ref.buffer == NULL)
1021 return TEE_ERROR_BAD_PARAMETERS;
1022
1023 ret = check_populate_object_size(api_level, object->ObjectInfo->objectType, attrs[j].attributeID,
1024 attrs[j].content.ref.length);
1025 if (ret != TEE_SUCCESS)
1026 return ret;
1027
1028 if (memmove_s(object->Attribute[i].content.ref.buffer, object->Attribute[i].content.ref.length,
1029 attrs[j].content.ref.buffer, attrs[j].content.ref.length) != EOK)
1030 return TEE_ERROR_SECURITY;
1031 object->Attribute[i].content.ref.length = attrs[j].content.ref.length;
1032 break;
1033 }
1034
1035 /*
1036 * function true means populate, function false means copy
1037 * populate should ret error and
1038 * copy can return success
1039 */
1040 if ((api_level > API_LEVEL1_0)) {
1041 if ((!attribute_flag) && (function)) {
1042 tloge("attrs[%u].attributeID %u is invalid !", j, attrs[j].attributeID);
1043 return TEE_ERROR_BAD_PARAMETERS;
1044 }
1045 }
1046 }
1047
1048 /* object is initialized */
1049 object->attributesLen = attr_count <= count ? attr_count : count;
1050 object->ObjectInfo->handleFlags |= TEE_HANDLE_FLAG_INITIALIZED;
1051 return TEE_SUCCESS;
1052 }
1053
populate_param_check(TEE_ObjectHandle object,const TEE_Attribute * attrs)1054 static TEE_Result populate_param_check(TEE_ObjectHandle object, const TEE_Attribute *attrs)
1055 {
1056 bool check = (attrs == NULL || object == NULL);
1057 if (check) {
1058 tloge("invalid input param\n");
1059 return TEE_ERROR_BAD_PARAMETERS;
1060 }
1061
1062 if (check_object(object) != TEE_SUCCESS) {
1063 tloge("object is invalid\n");
1064 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1065 return TEE_ERROR_BAD_PARAMETERS;
1066 }
1067
1068 check = (object->ObjectInfo == NULL || object->Attribute == NULL);
1069 if (check) {
1070 tloge("invalid ObjectInfo or Attribute\n");
1071 return TEE_ERROR_BAD_PARAMETERS;
1072 }
1073
1074 /* Make sure the object is not a persistent object */
1075 if ((object->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_PERSISTENT) ==
1076 TEE_HANDLE_FLAG_PERSISTENT) {
1077 tloge("this is a Persistent Object, so not supported to Free\n");
1078 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1079 return TEE_ERROR_BAD_PARAMETERS;
1080 }
1081 if ((object->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_INITIALIZED) ==
1082 TEE_HANDLE_FLAG_INITIALIZED) {
1083 tloge("object is not a uninitialized object, so should panic!\n ");
1084 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1085 return TEE_ERROR_BAD_PARAMETERS;
1086 }
1087
1088 return TEE_SUCCESS;
1089 }
1090
TEE_PopulateTransientObject(TEE_ObjectHandle object,TEE_Attribute * attrs,uint32_t attrCount)1091 TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Attribute *attrs, uint32_t attrCount)
1092 {
1093 TEE_Result ret;
1094
1095 ret = populate_param_check(object, attrs);
1096 if (ret != TEE_SUCCESS)
1097 return ret;
1098
1099 uint32_t count = get_attr_count_for_object_type(object->ObjectInfo->objectType);
1100 if (attrCount > count || attrCount == 0) {
1101 tloge("attrCount is wrong\n");
1102 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1103 return TEE_ERROR_BAD_PARAMETERS;
1104 }
1105 uint32_t api_level = tee_get_ta_api_level();
1106 bool check = (api_level > API_LEVEL1_0) && (object->ObjectInfo->objectType == TEE_TYPE_DES3);
1107 if (check) {
1108 if (attrs->content.ref.length != OBJ_SIZE_DES3) {
1109 tloge("3des key length is invalid!\n");
1110 return TEE_ERROR_BAD_PARAMETERS;
1111 }
1112
1113 ret = check_3des_key(attrs);
1114 if (ret != TEE_SUCCESS) {
1115 tloge("attrs is not valid!\n");
1116 return ret;
1117 }
1118 }
1119
1120 ret = populate_trasient_object(object, count, attrs, attrCount, true);
1121 if (ret != TEE_SUCCESS) {
1122 tloge("Failed to populate trasient object.\n");
1123 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1124 return ret;
1125 }
1126
1127 return TEE_SUCCESS;
1128 }
1129
TEE_InitRefAttribute(TEE_Attribute * attr,uint32_t attributeID,void * buffer,size_t length)1130 void TEE_InitRefAttribute(TEE_Attribute *attr, uint32_t attributeID, void *buffer, size_t length)
1131 {
1132 if (buffer == NULL || attr == NULL || TEE_ATTR_IS_VALUE(attributeID)) {
1133 tloge("Invalid buffer and attr and attributeID\n");
1134 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1135 return;
1136 }
1137 attr->attributeID = attributeID;
1138 attr->content.ref.length = length;
1139 attr->content.ref.buffer = buffer;
1140 }
1141
TEE_InitValueAttribute(TEE_Attribute * attr,uint32_t attributeID,uint32_t a,uint32_t b)1142 void TEE_InitValueAttribute(TEE_Attribute *attr, uint32_t attributeID, uint32_t a, uint32_t b)
1143 {
1144 if (attr == NULL || TEE_ATTR_IS_BUFFER(attributeID)) {
1145 tloge("Invalid buffer and attr and attributeID\n");
1146 return;
1147 }
1148
1149 attr->attributeID = attributeID;
1150 attr->content.value.a = a;
1151 attr->content.value.b = b;
1152 }
1153
check_object_valid_panic(TEE_ObjectHandle object)1154 static TEE_Result check_object_valid_panic(TEE_ObjectHandle object)
1155 {
1156 if (object == TEE_HANDLE_NULL) {
1157 tloge("Bad Parameter:ObjectHandle is NULL!\n");
1158 return TEE_ERROR_BAD_PARAMETERS;
1159 }
1160
1161 if (check_object(object) != TEE_SUCCESS) {
1162 tloge("Object is invalid\n");
1163 #ifdef SUPPORT_GP_PANIC
1164 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1165 #endif
1166 return TEE_ERROR_BAD_PARAMETERS;
1167 }
1168
1169 if (object->ObjectInfo == NULL) {
1170 tloge("Object is invalid\n");
1171 return TEE_ERROR_BAD_PARAMETERS;
1172 }
1173
1174 return TEE_SUCCESS;
1175 }
1176
copy_obj_attr1_check(TEE_ObjectHandle dest_object,TEE_ObjectHandle src_object)1177 static TEE_Result copy_obj_attr1_check(TEE_ObjectHandle dest_object, TEE_ObjectHandle src_object)
1178 {
1179 if (check_object_valid_panic(dest_object) != TEE_SUCCESS) {
1180 tloge("dest object is invalid\n");
1181 return TEE_ERROR_BAD_PARAMETERS;
1182 }
1183
1184 if (check_object_valid_panic(src_object) != TEE_SUCCESS) {
1185 tloge("src object is invalid\n");
1186 return TEE_ERROR_BAD_PARAMETERS;
1187 }
1188
1189 bool attribute_invalid = (dest_object->Attribute == NULL || src_object->Attribute == NULL);
1190 if (attribute_invalid) {
1191 tloge("Invalid dest Object Attribute or src Object Attribute\n");
1192 return TEE_ERROR_BAD_PARAMETERS;
1193 }
1194 /* The source and destination objects must have compatible types */
1195 bool object_type_valid = (src_object->ObjectInfo->objectType == dest_object->ObjectInfo->objectType
1196 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_RSA_KEYPAIR &&
1197 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_RSA_PUBLIC_KEY)
1198 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_DSA_KEYPAIR &&
1199 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_DSA_PUBLIC_KEY)
1200 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ECDSA_KEYPAIR &&
1201 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ECDSA_PUBLIC_KEY)
1202 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ECDH_KEYPAIR &&
1203 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ECDH_PUBLIC_KEY)
1204 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ED25519_KEYPAIR &&
1205 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_ED25519_PUBLIC_KEY)
1206 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_X25519_KEYPAIR &&
1207 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_X25519_PUBLIC_KEY)
1208 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_DSA_KEYPAIR &&
1209 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_DSA_PUBLIC_KEY)
1210 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_KEP_KEYPAIR &&
1211 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_KEP_PUBLIC_KEY)
1212 || (src_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_PKE_KEYPAIR &&
1213 dest_object->ObjectInfo->objectType == (uint32_t)TEE_TYPE_SM2_PKE_PUBLIC_KEY));
1214 if (object_type_valid) {
1215 tlogd("The type of dest Object is a subtype of src Object.\n");
1216 } else {
1217 tloge("Invalid input param:The type of dest Object is a subtype of src Object.\n");
1218 #ifdef SUPPORT_GP_PANIC
1219 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1220 #endif
1221 return TEE_ERROR_BAD_PARAMETERS;
1222 }
1223
1224 return TEE_SUCCESS;
1225 }
1226
TEE_CopyObjectAttributes1(TEE_ObjectHandle destObject,TEE_ObjectHandle srcObject)1227 TEE_Result TEE_CopyObjectAttributes1(TEE_ObjectHandle destObject, TEE_ObjectHandle srcObject)
1228 {
1229 TEE_Result ret = copy_obj_attr1_check(destObject, srcObject);
1230 if (ret != TEE_SUCCESS)
1231 return ret;
1232
1233 /* Make sure destObject is uninitialized transient object and srdObject is initialized */
1234 if ((destObject->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == TEE_HANDLE_FLAG_INITIALIZED ||
1235 (destObject->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_PERSISTENT) == TEE_HANDLE_FLAG_PERSISTENT ||
1236 (srcObject->ObjectInfo->handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != TEE_HANDLE_FLAG_INITIALIZED) {
1237 tloge("destObject is an initialized object or src is an uninitialized object.\n");
1238 #ifdef SUPPORT_GP_PANIC
1239 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1240 #endif
1241 return TEE_ERROR_BAD_PARAMETERS;
1242 }
1243
1244 /* The effect of this function on destObject
1245 * is identical to the function TEE_PopulateTransientObject
1246 * except that the attributes are taken from srcObject instead of from parameters. */
1247 TEE_Attribute *attrs = srcObject->Attribute;
1248 uint32_t attr_count = get_attr_count_for_object_type(srcObject->ObjectInfo->objectType);
1249 uint32_t dest_count = get_attr_count_for_object_type(destObject->ObjectInfo->objectType);
1250 if (dest_count == 0)
1251 return TEE_ERROR_BAD_PARAMETERS;
1252
1253 ret = populate_trasient_object(destObject, dest_count, attrs, attr_count, false);
1254 if (ret != TEE_SUCCESS) {
1255 tloge("TEE_CopyObjectAttributes:Failed to TEE_PopulateTransientObject.\n");
1256 return ret;
1257 }
1258
1259 destObject->CRTMode = srcObject->CRTMode;
1260 destObject->ObjectInfo->objectUsage &= srcObject->ObjectInfo->objectUsage;
1261 return TEE_SUCCESS;
1262 }
1263
is_params_attribute_id_valid(uint32_t attribute_id,uint32_t params_index)1264 static bool is_params_attribute_id_valid(uint32_t attribute_id, uint32_t params_index)
1265 {
1266 uint32_t i = 0;
1267 uint32_t attribute_id_set[] = {
1268 TEE_ATTR_RSA_MODULUS,
1269 TEE_ATTR_RSA_PUBLIC_EXPONENT,
1270 TEE_ATTR_RSA_PRIVATE_EXPONENT,
1271 TEE_ATTR_RSA_PRIME1,
1272 TEE_ATTR_RSA_PRIME2,
1273 TEE_ATTR_RSA_EXPONENT1,
1274 TEE_ATTR_RSA_EXPONENT2,
1275 TEE_ATTR_RSA_COEFFICIENT,
1276 };
1277 uint32_t total_array_num = sizeof(attribute_id_set) / sizeof(uint32_t);
1278 for (; i < total_array_num; i++) {
1279 if (attribute_id_set[i] == attribute_id && i == params_index)
1280 return true;
1281 }
1282
1283 return false;
1284 }
1285
check_rsa_key_params_valid(const TEE_Attribute * params,uint32_t attribute_count)1286 TEE_Result check_rsa_key_params_valid(const TEE_Attribute *params, uint32_t attribute_count)
1287 {
1288 if (params == NULL) {
1289 tloge("The params is null\n");
1290 return TEE_ERROR_BAD_PARAMETERS;
1291 }
1292
1293 if (attribute_count > RSA_KEY_PAIR_ATTRIBUTE_COUNT) {
1294 tloge("The attributes count is invalid, attributes_count=0x%x\n", attribute_count);
1295 return TEE_ERROR_BAD_PARAMETERS;
1296 }
1297
1298 uint32_t i = (attribute_count == RSA_CRT_KEY_ATTRIBUTE_COUNT) ? RSA_CRT_KEY_BASE_INDEX : 0;
1299 for (; i < attribute_count; i++) {
1300 if (params[i].content.ref.buffer == NULL || !(is_params_attribute_id_valid(params[i].attributeID, i))) {
1301 tloge("Attribute param is not valid, attribute_type=0x%x\n", params[i].attributeID);
1302 return TEE_ERROR_BAD_PARAMETERS;
1303 }
1304 }
1305
1306 return TEE_SUCCESS;
1307 }
1308
builed_dh_generator(struct dh_key_t * dh_generate_key_data,const TEE_Attribute * params,uint32_t param_count)1309 static TEE_Result builed_dh_generator(struct dh_key_t *dh_generate_key_data, const TEE_Attribute *params,
1310 uint32_t param_count)
1311 {
1312 int32_t index = get_attr_index_by_id(TEE_ATTR_DH_PRIME, params, param_count);
1313 int32_t index_2 = get_attr_index_by_id(TEE_ATTR_DH_BASE, params, param_count);
1314 if (index < 0 || index_2 < 0) {
1315 tloge("dh param is invalid");
1316 return TEE_ERROR_BAD_PARAMETERS;
1317 }
1318 dh_generate_key_data->prime = (uint64_t)(uintptr_t)params[index].content.ref.buffer;
1319 dh_generate_key_data->prime_size = params[index].content.ref.length;
1320 dh_generate_key_data->generator = (uint64_t)(uintptr_t)params[index_2].content.ref.buffer;
1321 dh_generate_key_data->generator_size = params[index_2].content.ref.length;
1322
1323 index = get_attr_index_by_id(TEE_ATTR_DH_SUBPRIME, params, param_count);
1324 if (index >= 0) {
1325 dh_generate_key_data->dh_param.generate_key_t.q = (uint64_t)(uintptr_t)params[index].content.ref.buffer;
1326 dh_generate_key_data->dh_param.generate_key_t.q_size = params[index].content.ref.length;
1327 }
1328
1329 index = get_attr_index_by_id(TEE_ATTR_DH_X_BITS, params, param_count);
1330 if (index < 0) {
1331 tloge("dh param is invalid");
1332 return TEE_ERROR_BAD_PARAMETERS;
1333 } else if (params[index].content.value.a < DH_MIN_L) {
1334 tloge("the parameter L should >= %d\n", DH_MIN_L);
1335 return TEE_ERROR_BAD_PARAMETERS;
1336 }
1337 dh_generate_key_data->dh_param.generate_key_t.l = params[index].content.value.a;
1338 dh_generate_key_data->dh_param.generate_key_t.dh_mode = DH_PKCS3_MODE;
1339 return TEE_SUCCESS;
1340 }
1341
copy_single_key_to_object(TEE_ObjectHandle object,uint32_t id,const uint8_t * key,uint32_t key_len)1342 static TEE_Result copy_single_key_to_object(TEE_ObjectHandle object, uint32_t id, const uint8_t *key, uint32_t key_len)
1343 {
1344 int32_t index = get_attr_index_by_id(id, object->Attribute, object->attributesLen);
1345 if (index < 0 || object->Attribute[index].content.ref.length < key_len) {
1346 tloge("object is invalid");
1347 return TEE_ERROR_BAD_PARAMETERS;
1348 }
1349
1350 errno_t res = memcpy_s(object->Attribute[index].content.ref.buffer, object->Attribute[index].content.ref.length,
1351 key, key_len);
1352 if (res != EOK) {
1353 tloge("memcpy failed");
1354 return TEE_ERROR_SECURITY;
1355 }
1356 object->Attribute[index].content.ref.length = key_len;
1357 return TEE_SUCCESS;
1358 }
1359
convert_dh_keypair_to_object(TEE_ObjectHandle object,const struct memref_t * pub_key,const struct memref_t * priv_key,const TEE_Attribute * params,uint32_t param_count)1360 static TEE_Result convert_dh_keypair_to_object(TEE_ObjectHandle object, const struct memref_t *pub_key,
1361 const struct memref_t *priv_key, const TEE_Attribute *params, uint32_t param_count)
1362 {
1363 int32_t index = get_attr_index_by_id(TEE_ATTR_DH_X_BITS, params, param_count);
1364 if (index < 0)
1365 return TEE_ERROR_BAD_PARAMETERS;
1366
1367 int32_t index_2 = get_attr_index_by_id(TEE_ATTR_DH_X_BITS, object->Attribute, object->attributesLen);
1368 if (index_2 < 0)
1369 return TEE_ERROR_BAD_PARAMETERS;
1370
1371 object->Attribute[index_2].content.value.a = params[index].content.value.a;
1372
1373 index = get_attr_index_by_id(TEE_ATTR_DH_PRIME, params, param_count);
1374 if (index < 0)
1375 return TEE_ERROR_BAD_PARAMETERS;
1376
1377 TEE_Result ret = copy_single_key_to_object(object, TEE_ATTR_DH_PRIME,
1378 (const uint8_t *)params[index].content.ref.buffer, params[index].content.ref.length);
1379 if (ret != TEE_SUCCESS) {
1380 tloge("copy dh prime failed");
1381 return ret;
1382 }
1383
1384 index = get_attr_index_by_id(TEE_ATTR_DH_BASE, params, param_count);
1385 if (index < 0)
1386 return TEE_ERROR_BAD_PARAMETERS;
1387
1388 ret = copy_single_key_to_object(object, TEE_ATTR_DH_BASE,
1389 (const uint8_t *)params[index].content.ref.buffer, params[index].content.ref.length);
1390 if (ret != TEE_SUCCESS) {
1391 tloge("copy dh base failed");
1392 return ret;
1393 }
1394
1395 ret = copy_single_key_to_object(object, TEE_ATTR_DH_PUBLIC_VALUE,
1396 (const uint8_t *)(uintptr_t)(pub_key->buffer), pub_key->size);
1397 if (ret != TEE_SUCCESS) {
1398 tloge("copy dh public failed");
1399 return ret;
1400 }
1401
1402 ret = copy_single_key_to_object(object, TEE_ATTR_DH_PRIVATE_VALUE,
1403 (const uint8_t *)(uintptr_t)(priv_key->buffer), priv_key->size);
1404 if (ret != TEE_SUCCESS) {
1405 tloge("copy dh private failed");
1406 return ret;
1407 }
1408
1409 return TEE_SUCCESS;
1410 }
1411
generate_dh_keypair_hal(TEE_ObjectHandle object,const TEE_Attribute * params,uint32_t param_count)1412 static TEE_Result generate_dh_keypair_hal(TEE_ObjectHandle object, const TEE_Attribute *params, uint32_t param_count)
1413 {
1414 if (param_count < DH_PARAM_COUNT)
1415 return TEE_ERROR_BAD_PARAMETERS;
1416
1417 struct dh_key_t dh_generate_key_data = {0};
1418 struct memref_t pub_key = {0};
1419 struct memref_t priv_key = {0};
1420
1421 pub_key.buffer = (uint64_t)(uintptr_t)TEE_Malloc(DH_MAX_KEY_SIZE, 0);
1422 if (pub_key.buffer == 0) {
1423 tloge("malloc dh key failed");
1424 return TEE_ERROR_OUT_OF_MEMORY;
1425 }
1426 priv_key.buffer = (uint64_t)(uintptr_t)TEE_Malloc(DH_MAX_KEY_SIZE, 0);
1427 if (priv_key.buffer == 0) {
1428 tloge("malloc dh key failed");
1429 TEE_Free((void *)(uintptr_t)(pub_key.buffer));
1430 pub_key.buffer = 0;
1431 return TEE_ERROR_OUT_OF_MEMORY;
1432 }
1433 pub_key.size = DH_MAX_KEY_SIZE;
1434 priv_key.size = DH_MAX_KEY_SIZE;
1435 TEE_Result ret = builed_dh_generator(&dh_generate_key_data, params, param_count);
1436 if (ret != TEE_SUCCESS) {
1437 tloge("builed dh generator failed");
1438 goto free_key;
1439 }
1440
1441 int32_t rc = tee_crypto_dh_generate_key(&dh_generate_key_data, &pub_key, &priv_key, object->generate_flag);
1442 if (rc != TEE_SUCCESS) {
1443 tloge("generate dh keypair failed");
1444 ret = change_hal_ret_to_gp(rc);
1445 goto free_key;
1446 }
1447
1448 ret = convert_dh_keypair_to_object(object, &pub_key, &priv_key, params, param_count);
1449
1450 free_key:
1451 TEE_Free((void *)(uintptr_t)pub_key.buffer);
1452 pub_key.buffer = 0;
1453
1454 (void)memset_s((void *)(uintptr_t)priv_key.buffer, DH_MAX_KEY_SIZE, 0x0, DH_MAX_KEY_SIZE);
1455 TEE_Free((void *)(uintptr_t)priv_key.buffer);
1456 priv_key.buffer = 0;
1457 return ret;
1458 }
1459
copy_public_key_to_object(TEE_ObjectHandle object,const struct rsa_priv_key_t * keypair)1460 static TEE_Result copy_public_key_to_object(TEE_ObjectHandle object, const struct rsa_priv_key_t *keypair)
1461 {
1462 TEE_Result ret;
1463
1464 /* copy rsa modulus */
1465 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_MODULUS, keypair->n, keypair->n_len);
1466 if (ret != TEE_SUCCESS)
1467 return ret;
1468
1469 /* copy rsa public exponent */
1470 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_PUBLIC_EXPONENT, keypair->e, keypair->e_len);
1471 if (ret != TEE_SUCCESS)
1472 return ret;
1473
1474 return TEE_SUCCESS;
1475 }
1476
copy_private_key_to_object(TEE_ObjectHandle object,const struct rsa_priv_key_t * keypair)1477 static TEE_Result copy_private_key_to_object(TEE_ObjectHandle object, const struct rsa_priv_key_t *keypair)
1478 {
1479 return copy_single_key_to_object(object, TEE_ATTR_RSA_PRIVATE_EXPONENT, keypair->d, keypair->d_len);
1480 }
1481
copy_private_key_to_object_crt(TEE_ObjectHandle object,const struct rsa_priv_key_t * keypair)1482 static TEE_Result copy_private_key_to_object_crt(TEE_ObjectHandle object, const struct rsa_priv_key_t *keypair)
1483 {
1484 TEE_Result ret;
1485
1486 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_PRIME1, keypair->p, keypair->p_len);
1487 if (ret != TEE_SUCCESS)
1488 return ret;
1489
1490 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_PRIME2, keypair->q, keypair->q_len);
1491 if (ret != TEE_SUCCESS)
1492 return ret;
1493
1494 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_EXPONENT1, keypair->dp, keypair->dp_len);
1495 if (ret != TEE_SUCCESS)
1496 return ret;
1497
1498 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_EXPONENT2, keypair->dq, keypair->dq_len);
1499 if (ret != TEE_SUCCESS)
1500 return ret;
1501
1502 ret = copy_single_key_to_object(object, TEE_ATTR_RSA_COEFFICIENT, keypair->qinv, keypair->qinv_len);
1503 if (ret != TEE_SUCCESS)
1504 return ret;
1505
1506 return TEE_SUCCESS;
1507 }
1508
generate_rsa_keypair_hal(TEE_ObjectHandle object,uint32_t key_size,const uint8_t * key_e,uint32_t e_size)1509 static TEE_Result generate_rsa_keypair_hal(TEE_ObjectHandle object, uint32_t key_size,
1510 const uint8_t *key_e, uint32_t e_size)
1511 {
1512 struct memref_t e_data = {0};
1513 e_data.buffer = (uint64_t)(uintptr_t)key_e;
1514 e_data.size = e_size;
1515 struct rsa_priv_key_t keypair = {0};
1516
1517 TEE_Result ret = check_rsa_key_params_valid(object->Attribute, RSA_KEY_PAIR_ATTRIBUTE_COUNT);
1518 if (ret != TEE_SUCCESS) {
1519 tloge("Check object params failed, ret=0x%x\n", ret);
1520 return ret;
1521 }
1522
1523 int32_t rc = tee_crypto_rsa_generate_keypair(key_size, &e_data, object->CRTMode, &keypair, object->generate_flag);
1524 if (rc != TEE_SUCCESS) {
1525 tloge("generate rsa keypair failed");
1526 return change_hal_ret_to_gp(rc);
1527 }
1528
1529 ret = copy_public_key_to_object(object, &keypair);
1530 if (ret != TEE_SUCCESS) {
1531 tloge("convert rsa key failed, ret = 0x%x", ret);
1532 (void)memset_s(&keypair, sizeof(keypair), 0x0, sizeof(keypair));
1533 return ret;
1534 }
1535
1536 ret = copy_private_key_to_object(object, &keypair);
1537 if (ret != TEE_SUCCESS) {
1538 tloge("convert rsa key failed, ret = 0x%x", ret);
1539 (void)memset_s(&keypair, sizeof(keypair), 0x0, sizeof(keypair));
1540 return ret;
1541 }
1542 if (object->CRTMode)
1543 ret = copy_private_key_to_object_crt(object, &keypair);
1544
1545 (void)memset_s(&keypair, sizeof(keypair), 0x0, sizeof(keypair));
1546 object->ObjectInfo->objectSize = key_size;
1547 return ret;
1548 }
1549
tee_gen_rsa_key_pair_2(TEE_ObjectHandle object,uint32_t key_size,const TEE_Attribute * params,uint32_t param_count)1550 static TEE_Result tee_gen_rsa_key_pair_2(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
1551 uint32_t param_count)
1552 {
1553 int32_t index = get_attr_index_by_id(TEE_ATTR_RSA_PUBLIC_EXPONENT, params, param_count);
1554 if (index < 0) {
1555 tloge("get rsa exponent failed");
1556 return TEE_ERROR_BAD_PARAMETERS;
1557 }
1558
1559 uint8_t *key_e = params[index].content.ref.buffer;
1560 uint32_t e_size = params[index].content.ref.length;
1561 return generate_rsa_keypair_hal(object, key_size, key_e, e_size);
1562 }
1563
tee_gen_rsa_key_pair(TEE_ObjectHandle object,uint32_t key_size,const TEE_Attribute * params,uint32_t param_count,uint32_t api_level)1564 static TEE_Result tee_gen_rsa_key_pair(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
1565 uint32_t param_count, uint32_t api_level)
1566 {
1567 uint8_t key_e[] = { 0x01, 0x00, 0x01 }; /* default rsa exponent */
1568 uint32_t e_size = sizeof(key_e);
1569
1570 if (api_level > API_LEVEL1_0) {
1571 key_size = (key_size + BIT_NUMBER_SEVEN) >> BIT_TO_BYTE_MOVE_THREE;
1572 if (params != NULL && param_count != 0)
1573 return tee_gen_rsa_key_pair_2(object, key_size, params, param_count);
1574 }
1575
1576 return generate_rsa_keypair_hal(object, key_size, key_e, e_size);
1577 }
1578
copy_ed25519_key_to_object(TEE_ObjectHandle object,const struct ecc_pub_key_t * public_key,const struct ecc_priv_key_t * private_key)1579 static TEE_Result copy_ed25519_key_to_object(TEE_ObjectHandle object, const struct ecc_pub_key_t *public_key,
1580 const struct ecc_priv_key_t *private_key)
1581 {
1582 TEE_Result ret;
1583
1584 ret = copy_single_key_to_object(object, TEE_ATTR_ED25519_PUBLIC_VALUE, public_key->x, public_key->x_len);
1585 if (ret != TEE_SUCCESS)
1586 return ret;
1587
1588 ret = copy_single_key_to_object(object, TEE_ATTR_ED25519_PRIVATE_VALUE, private_key->r, private_key->r_len);
1589 if (ret != TEE_SUCCESS)
1590 return ret;
1591
1592 return TEE_SUCCESS;
1593 }
1594
copy_x25519_key_to_object(TEE_ObjectHandle object,const struct ecc_pub_key_t * public_key,const struct ecc_priv_key_t * private_key)1595 static TEE_Result copy_x25519_key_to_object(TEE_ObjectHandle object, const struct ecc_pub_key_t *public_key,
1596 const struct ecc_priv_key_t *private_key)
1597 {
1598 TEE_Result ret;
1599
1600 ret = copy_single_key_to_object(object, TEE_ATTR_X25519_PUBLIC_VALUE, public_key->x, public_key->x_len);
1601 if (ret != TEE_SUCCESS)
1602 return ret;
1603
1604 ret = copy_single_key_to_object(object, TEE_ATTR_X25519_PRIVATE_VALUE, private_key->r, private_key->r_len);
1605 if (ret != TEE_SUCCESS)
1606 return ret;
1607
1608 return TEE_SUCCESS;
1609 }
1610
copy_ecc_key_to_object(TEE_ObjectHandle object,const struct ecc_pub_key_t * public_key,const struct ecc_priv_key_t * private_key)1611 static TEE_Result copy_ecc_key_to_object(TEE_ObjectHandle object, const struct ecc_pub_key_t *public_key,
1612 const struct ecc_priv_key_t *private_key)
1613 {
1614 TEE_Result ret;
1615
1616 ret = copy_single_key_to_object(object, TEE_ATTR_ECC_PUBLIC_VALUE_X, public_key->x, public_key->x_len);
1617 if (ret != TEE_SUCCESS)
1618 return ret;
1619
1620 ret = copy_single_key_to_object(object, TEE_ATTR_ECC_PUBLIC_VALUE_Y, public_key->y, public_key->y_len);
1621 if (ret != TEE_SUCCESS)
1622 return ret;
1623
1624 ret = copy_single_key_to_object(object, TEE_ATTR_ECC_PRIVATE_VALUE, private_key->r, private_key->r_len);
1625 if (ret != TEE_SUCCESS)
1626 return ret;
1627
1628 return TEE_SUCCESS;
1629 }
1630
is_sm2_key_type(uint32_t key_type)1631 static bool is_sm2_key_type(uint32_t key_type)
1632 {
1633 bool check = (
1634 key_type == TEE_TYPE_SM2_DSA_KEYPAIR ||
1635 key_type == TEE_TYPE_SM2_DSA_PUBLIC_KEY ||
1636 key_type == TEE_TYPE_SM2_KEP_KEYPAIR ||
1637 key_type == TEE_TYPE_SM2_KEP_PUBLIC_KEY ||
1638 key_type == TEE_TYPE_SM2_PKE_KEYPAIR ||
1639 key_type == TEE_TYPE_SM2_PKE_PUBLIC_KEY);
1640 if (check)
1641 return true;
1642 return false;
1643 }
1644
get_curve_from_keysize(uint32_t object_type,uint32_t key_size)1645 static uint32_t get_curve_from_keysize(uint32_t object_type, uint32_t key_size)
1646 {
1647 if (is_sm2_key_type(object_type))
1648 return ECC_CURVE_SM2;
1649 switch (key_size) {
1650 case ECC_192_KEY_SIZE:
1651 return TEE_ECC_CURVE_NIST_P192;
1652 case ECC_224_KEY_SIZE:
1653 return TEE_ECC_CURVE_NIST_P224;
1654 case ECC_256_KEY_SIZE:
1655 case ECC_DEFAULT_KEY_SIZE:
1656 return TEE_ECC_CURVE_NIST_P256;
1657 case ECC_384_KEY_SIZE:
1658 return TEE_ECC_CURVE_NIST_P384;
1659 case ECC_521_KEY_SIZE:
1660 return TEE_ECC_CURVE_NIST_P521;
1661 default:
1662 return 0;
1663 }
1664 }
1665
generate_ec_keypair_hal(TEE_ObjectHandle object,uint32_t key_size,uint32_t ecc_curve)1666 static TEE_Result generate_ec_keypair_hal(TEE_ObjectHandle object, uint32_t key_size, uint32_t ecc_curve)
1667 {
1668 bool check = (object->Attribute == NULL || object->ObjectInfo == NULL ||
1669 (ecc_curve == TEE_ECC_CURVE_25519 && object->attributesLen != KEY_25519_FIX_ATTR_LEN) ||
1670 (ecc_curve != TEE_ECC_CURVE_25519 && object->attributesLen != ECKEY_FIX_ATTRI_LEN));
1671 if (check) {
1672 tloge("input error\n");
1673 return TEE_ERROR_BAD_PARAMETERS;
1674 }
1675
1676 if (ecc_curve == 0)
1677 ecc_curve = get_curve_from_keysize(object->ObjectInfo->objectType, key_size);
1678
1679 struct ecc_pub_key_t public_key = {0};
1680 struct ecc_priv_key_t private_key = {0};
1681 uint32_t curve;
1682 if (object->ObjectInfo->objectType == TEE_TYPE_ED25519_KEYPAIR)
1683 curve = ECC_CURVE_ED25519;
1684 else if (object->ObjectInfo->objectType == TEE_TYPE_X25519_KEYPAIR)
1685 curve = ECC_CURVE_X25519;
1686 else if (is_sm2_key_type(object->ObjectInfo->objectType))
1687 curve = get_sm2_domain(ecc_curve);
1688 else
1689 curve = get_ecc_domain(ecc_curve);
1690
1691 int32_t rc = tee_crypto_ecc_generate_keypair(key_size, curve, &public_key,
1692 &private_key, object->generate_flag);
1693 if (rc != TEE_SUCCESS) {
1694 tloge("generate ecc keypair failed");
1695 return change_hal_ret_to_gp(rc);
1696 }
1697
1698 TEE_Result ret;
1699 if (object->ObjectInfo->objectType == TEE_TYPE_ED25519_KEYPAIR) {
1700 ret = copy_ed25519_key_to_object(object, &public_key, &private_key);
1701 } else if (object->ObjectInfo->objectType == TEE_TYPE_X25519_KEYPAIR) {
1702 ret = copy_x25519_key_to_object(object, &public_key, &private_key);
1703 } else {
1704 ret = copy_ecc_key_to_object(object, &public_key, &private_key);
1705 (void)memset_s(&private_key, sizeof(private_key), 0x0, sizeof(private_key));
1706
1707 int32_t index = get_attr_index_by_id(TEE_ATTR_ECC_CURVE, object->Attribute, object->attributesLen);
1708 if (index >= 0)
1709 object->Attribute[index].content.value.a = ecc_curve;
1710 else
1711 return TEE_ERROR_BAD_PARAMETERS;
1712 }
1713 object->ObjectInfo->objectSize = key_size;
1714 return ret;
1715 }
1716
tee_gen_ecdsa_keypair_2(uint32_t key_size,const TEE_Attribute * params,uint32_t param_count,uint32_t * ecc_curve,uint32_t api_level)1717 static TEE_Result tee_gen_ecdsa_keypair_2(uint32_t key_size, const TEE_Attribute *params,
1718 uint32_t param_count, uint32_t *ecc_curve, uint32_t api_level)
1719 {
1720 if (api_level <= API_LEVEL1_0)
1721 return TEE_SUCCESS;
1722
1723 if (params == NULL)
1724 return TEE_ERROR_BAD_PARAMETERS;
1725
1726 int32_t index = get_attr_index_by_id(TEE_ATTR_ECC_CURVE, params, param_count);
1727 if (index >= 0)
1728 *ecc_curve = params[index].content.value.a;
1729
1730 if (index < 0) {
1731 tloge("get ecc curve failed");
1732 return TEE_ERROR_BAD_PARAMETERS;
1733 }
1734
1735 /* only support four CURVE */
1736 crypto_uint2uint keysize_to_curve[] = {
1737 { 224, TEE_ECC_CURVE_NIST_P224 },
1738 { 256, TEE_ECC_CURVE_NIST_P256 },
1739 { 384, TEE_ECC_CURVE_NIST_P384 },
1740 { 521, TEE_ECC_CURVE_NIST_P521 },
1741 };
1742
1743 for (uint32_t i = 0; i < sizeof(keysize_to_curve) / sizeof(keysize_to_curve[0]); i++) {
1744 if (key_size == keysize_to_curve[i].src) {
1745 if (*ecc_curve != keysize_to_curve[i].dest)
1746 return TEE_ERROR_NOT_SUPPORTED;
1747 else
1748 return TEE_SUCCESS;
1749 }
1750 }
1751 return TEE_ERROR_NOT_SUPPORTED;
1752 }
1753
tee_gen_ecdsa_keypair(TEE_ObjectHandle object,uint32_t key_size,const TEE_Attribute * params,uint32_t param_count,uint32_t api_level)1754 static TEE_Result tee_gen_ecdsa_keypair(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
1755 uint32_t param_count, uint32_t api_level)
1756 {
1757 uint32_t ecc_curve = 0;
1758 TEE_Result ret = tee_gen_ecdsa_keypair_2(key_size, params, param_count, &ecc_curve, api_level);
1759 if (ret != TEE_SUCCESS) {
1760 tloge("key size and curve is not match");
1761 return ret;
1762 }
1763
1764 return generate_ec_keypair_hal(object, key_size, ecc_curve);
1765 }
1766
generate_sm2_keypair(TEE_ObjectHandle object,uint32_t key_size,uint32_t param_count,uint32_t api_level)1767 static TEE_Result generate_sm2_keypair(TEE_ObjectHandle object, uint32_t key_size,
1768 uint32_t param_count, uint32_t api_level)
1769 {
1770 if (api_level == API_LEVEL1_0)
1771 return generate_ec_keypair_hal(object, key_size, param_count);
1772 else
1773 return generate_ec_keypair_hal(object, key_size, TEE_ECC_CURVE_SM2);
1774 }
1775
tee_generate_3des_key(TEE_ObjectHandle object,uint32_t key_size,uint32_t api_level)1776 static TEE_Result tee_generate_3des_key(TEE_ObjectHandle object, uint32_t key_size, uint32_t api_level)
1777 {
1778 TEE_Result ret;
1779 if (api_level > API_LEVEL1_0)
1780 key_size = key_size >> BIT_TO_BYTE_MOVE_THREE;
1781
1782 bool check = (object->Attribute == NULL) || (object->Attribute->content.ref.length != OBJ_SIZE_DES3) ||
1783 (key_size != OBJ_SIZE_DES3);
1784 if (check) {
1785 tloge("ref length or key_size is not valid\n");
1786 return TEE_ERROR_BAD_PARAMETERS;
1787 }
1788
1789 int i = 0;
1790 do {
1791 i++;
1792 TEE_GenerateRandom(object->Attribute->content.ref.buffer,
1793 object->Attribute->content.ref.length);
1794 ret = check_3des_key(object->Attribute);
1795 } while ((ret != TEE_SUCCESS) && (i <= 5)); /* at most loop 5 times */
1796 return ret;
1797 }
1798
get_pbkdf2_buffer_attribute(const TEE_Attribute * params,uint32_t param_count,struct memref_t * password,struct memref_t * salt)1799 static TEE_Result get_pbkdf2_buffer_attribute(const TEE_Attribute *params, uint32_t param_count,
1800 struct memref_t *password, struct memref_t *salt)
1801 {
1802 int32_t index;
1803
1804 index = get_attr_index_by_id(TEE_ATTR_PBKDF2_HMAC_PASSWORD, params, param_count);
1805 if (index < 0) {
1806 tloge("get attribute PBKDF2_HMAC_PASSWORD failed!");
1807 return TEE_ERROR_BAD_PARAMETERS;
1808 }
1809
1810 password->buffer = (uint64_t)(uintptr_t)params[index].content.ref.buffer;
1811 password->size = params[index].content.ref.length;
1812
1813 index = get_attr_index_by_id(TEE_ATTR_PBKDF2_HMAC_SALT, params, param_count);
1814 if (index < 0) {
1815 tloge("get attribute PBKDF2_HMAC_SALT failed!");
1816 return TEE_ERROR_BAD_PARAMETERS;
1817 }
1818
1819 salt->buffer = (uint64_t)(uintptr_t)params[index].content.ref.buffer;
1820 salt->size = params[index].content.ref.length;
1821
1822 return TEE_SUCCESS;
1823 }
1824
check_pbkdf2_digest_type(uint32_t digest_type)1825 static TEE_Result check_pbkdf2_digest_type(uint32_t digest_type)
1826 {
1827 switch (digest_type) {
1828 case CRYPTO_TYPE_DIGEST_SHA1:
1829 case CRYPTO_TYPE_DIGEST_SHA224:
1830 case CRYPTO_TYPE_DIGEST_SHA256:
1831 case CRYPTO_TYPE_DIGEST_SHA384:
1832 case CRYPTO_TYPE_DIGEST_SHA512:
1833 return TEE_SUCCESS;
1834 default:
1835 return TEE_ERROR_BAD_PARAMETERS;
1836 }
1837 }
1838
get_pbkdf2_value_attribute(const TEE_Attribute * params,uint32_t param_count,uint32_t * iterations,uint32_t * digest_type)1839 static TEE_Result get_pbkdf2_value_attribute(const TEE_Attribute *params, uint32_t param_count,
1840 uint32_t *iterations, uint32_t *digest_type)
1841 {
1842 int32_t index;
1843
1844 index = get_attr_index_by_id(TEE_ATTR_PBKDF2_HMAC_DIGEST, params, param_count);
1845 if (index < 0) {
1846 tloge("get attribute PBKDF2_HMAC_DIGEST failed!");
1847 return TEE_ERROR_BAD_PARAMETERS;
1848 }
1849
1850 *iterations = params[index].content.value.a;
1851 if (*iterations == 0) {
1852 tloge("The number of iterations cannot be 0!");
1853 return TEE_ERROR_BAD_PARAMETERS;
1854 }
1855
1856 uint32_t digest = params[index].content.value.b;
1857 TEE_Result ret = check_pbkdf2_digest_type(digest);
1858 if (ret != TEE_SUCCESS) {
1859 tloge("pbkdf2 digest type invalid! digest_type = 0x%x", digest);
1860 return ret;
1861 }
1862
1863 *digest_type = digest;
1864 return ret;
1865 }
1866
tee_generate_pbkdf2_key_hal(TEE_ObjectHandle object,uint32_t key_size,const TEE_Attribute * params,uint32_t param_count)1867 static TEE_Result tee_generate_pbkdf2_key_hal(TEE_ObjectHandle object, uint32_t key_size,
1868 const TEE_Attribute *params, uint32_t param_count)
1869 {
1870 struct memref_t password = {0};
1871 struct memref_t salt = {0};
1872 uint32_t iterations = 0;
1873 uint32_t digest_type = 0;
1874
1875 TEE_Result ret = get_pbkdf2_buffer_attribute(params, param_count, &password, &salt);
1876 if (ret != TEE_SUCCESS) {
1877 tloge("get pbkdf2 password or salt failed!");
1878 return ret;
1879 }
1880
1881 ret = get_pbkdf2_value_attribute(params, param_count, &iterations, &digest_type);
1882 if (ret != TEE_SUCCESS) {
1883 tloge("get pbkdf2 iterations or digest_type failed!");
1884 return ret;
1885 }
1886
1887 struct memref_t secret = {0};
1888 secret.buffer = (uint64_t)(uintptr_t)object->Attribute->content.ref.buffer;
1889 secret.size = key_size;
1890
1891 int32_t res = tee_crypto_pbkdf2_derive_key(&password, &salt, iterations, digest_type, &secret,
1892 object->generate_flag);
1893 ret = change_hal_ret_to_gp(res);
1894 if (ret != TEE_SUCCESS) {
1895 tloge("pbkdf2 generate key failed! ret = 0x%x", ret);
1896 return ret;
1897 }
1898
1899 return TEE_SUCCESS;
1900 }
1901
tee_generate_pbkdf2_key(TEE_ObjectHandle object,uint32_t key_size,const TEE_Attribute * params,uint32_t param_count,uint32_t api_level)1902 static TEE_Result tee_generate_pbkdf2_key(TEE_ObjectHandle object, uint32_t key_size,
1903 const TEE_Attribute *params, uint32_t param_count, uint32_t api_level)
1904 {
1905 bool check = (object == NULL || object->Attribute == NULL || param_count == 0 ||
1906 param_count > PBKDF2_ATTRIBUTE_TOTAL || params == NULL);
1907 if (check) {
1908 tloge("Attribute of object or params is null or params count error, params_count = %u\n", param_count);
1909 return TEE_ERROR_BAD_PARAMETERS;
1910 }
1911
1912 uint32_t max_pbkdf2_key_size = (uint32_t)object->Attribute->content.ref.length;
1913 uint32_t key_size_byte;
1914 if (api_level <= API_LEVEL1_0)
1915 key_size_byte = key_size;
1916 else
1917 key_size_byte = (key_size + BIT_NUMBER_SEVEN) >> BIT_TO_BYTE_MOVE_THREE;
1918 if (key_size_byte > max_pbkdf2_key_size) {
1919 tloge("key size is too large! key_size = %u, max_key_size = %u\n", key_size_byte, max_pbkdf2_key_size);
1920 return TEE_ERROR_BAD_PARAMETERS;
1921 }
1922
1923 TEE_Result ret = tee_generate_pbkdf2_key_hal(object, key_size_byte, params, param_count);
1924 if (ret != TEE_SUCCESS)
1925 tloge("generate pbkdf2 key failed! ret = %x\n", ret);
1926 return ret;
1927 }
1928
1929 struct algo_key_size_low_s {
1930 uint32_t type;
1931 uint32_t min_key_size;
1932 };
1933
1934 #define ECDH_MIN_KEY_SIZE_IN_BIT 224
1935 #define ECDSA_MIN_KEY_SIZE_IN_BIT 224
1936 static const struct algo_key_size_low_s g_algo_low_lev_key_size_config[] = {
1937 { TEE_TYPE_RSA_PUBLIC_KEY, RSA_MIN_KEY_SIZE },
1938 { TEE_TYPE_RSA_KEYPAIR, RSA_MIN_KEY_SIZE },
1939 { TEE_TYPE_ECDSA_PUBLIC_KEY, ECDSA_MIN_KEY_SIZE_IN_BIT },
1940 { TEE_TYPE_ECDSA_KEYPAIR, ECDSA_MIN_KEY_SIZE_IN_BIT },
1941 { TEE_TYPE_DH_KEYPAIR, DH_MIN_KEY_SIZE_IN_BIT },
1942 { TEE_TYPE_ECDH_PUBLIC_KEY, ECDH_MIN_KEY_SIZE_IN_BIT },
1943 { TEE_TYPE_ECDH_KEYPAIR, ECDH_MIN_KEY_SIZE_IN_BIT },
1944 { TEE_TYPE_PBKDF2_HMAC, PBKDF2_MIN_KEY_SIZE },
1945 };
1946
check_low_lev_key_size_for_alg(uint32_t type,uint32_t key_size)1947 static TEE_Result check_low_lev_key_size_for_alg(uint32_t type, uint32_t key_size)
1948 {
1949 for (size_t index = 0; index < ELEM_NUM(g_algo_low_lev_key_size_config); index++) {
1950 if (type == g_algo_low_lev_key_size_config[index].type) {
1951 if (key_size >= g_algo_low_lev_key_size_config[index].min_key_size) {
1952 return TEE_SUCCESS;
1953 } else {
1954 tloge("the key size is invalid\n");
1955 return TEE_ERROR_NOT_SUPPORTED;
1956 }
1957 }
1958 }
1959 if (type == TEE_TYPE_SIP_HASH && key_size != OBJ_SIZE_SIP_HASH) {
1960 tloge("sip hash key_size is invalid! key_size = %u\n", key_size);
1961 return TEE_ERROR_NOT_SUPPORTED;
1962 }
1963 return TEE_SUCCESS;
1964 }
1965
tee_generate_key_check(TEE_ObjectHandle object,uint32_t key_size,uint32_t * api_level)1966 static TEE_Result tee_generate_key_check(TEE_ObjectHandle object,
1967 uint32_t key_size, uint32_t *api_level)
1968 {
1969 if (check_object_valid(object) != TEE_SUCCESS) {
1970 tloge("object is invalid\n");
1971 return TEE_ERROR_BAD_PARAMETERS;
1972 }
1973
1974 *api_level = tee_get_ta_api_level();
1975 if (*api_level <= API_LEVEL1_0)
1976 return check_low_lev_key_size_for_alg(object->ObjectInfo->objectType, key_size);
1977
1978 TEE_ObjectInfo *object_info = object->ObjectInfo;
1979 if ((object_info->handleFlags & TEE_HANDLE_FLAG_PERSISTENT) == TEE_HANDLE_FLAG_PERSISTENT) {
1980 tloge("this is a Persistent Object, so not supported to Generate Key\n");
1981 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1982 return TEE_ERROR_BAD_PARAMETERS;
1983 }
1984
1985 if ((object_info->handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == TEE_HANDLE_FLAG_INITIALIZED) {
1986 tloge("object is not a uninitialized object, so should panic!\n ");
1987 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1988 return TEE_ERROR_BAD_PARAMETERS;
1989 }
1990
1991 TEE_Result ret = check_max_object_size(object_info->objectType, key_size);
1992 if (ret != TEE_SUCCESS) {
1993 tloge("keysize is Invalid!keysize = %u\n", key_size);
1994 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
1995 return ret;
1996 }
1997 uint32_t object_size = get_object_size(object_info->objectType);
1998 uint32_t max_key_size;
1999 #ifndef GP_SUPPORT
2000 max_key_size = object_info->maxObjectSize;
2001 #else
2002 max_key_size = object_info->maxKeySize;
2003 #endif
2004 uint32_t key_size_byte = (key_size + BIT_NUMBER_SEVEN) >> BIT_TO_BYTE_MOVE_THREE;
2005 bool check = (key_size_byte > max_key_size || key_size_byte < object_size);
2006 if (check) {
2007 tloge("GenerateKey:Invalid keySize, key_size_byte = %u\n", key_size_byte);
2008 TEE_Panic(TEE_ERROR_BAD_PARAMETERS);
2009 return TEE_ERROR_BAD_PARAMETERS;
2010 }
2011
2012 return TEE_SUCCESS;
2013 }
2014
tee_generate_symmetric_key(TEE_ObjectHandle object,uint32_t key_size,uint32_t api_level)2015 TEE_Result tee_generate_symmetric_key(TEE_ObjectHandle object, uint32_t key_size, uint32_t api_level)
2016 {
2017 bool check = (object->Attribute == NULL || object->Attribute->content.ref.buffer == NULL);
2018 if (check) {
2019 tloge("object is null");
2020 return TEE_ERROR_BAD_PARAMETERS;
2021 }
2022
2023 if (api_level == API_LEVEL1_0)
2024 key_size = object->Attribute->content.ref.length;
2025 else
2026 key_size = key_size >> BIT_TO_BYTE_MOVE_THREE;
2027
2028 tlogd("Use hardware CC IP to get random.\n");
2029 TEE_GenerateRandom(object->Attribute->content.ref.buffer, key_size);
2030 if (api_level > API_LEVEL1_0)
2031 object->Attribute->content.ref.length = key_size;
2032 object->Attribute->attributeID = (uint32_t)TEE_ATTR_SECRET_VALUE;
2033
2034 return TEE_SUCCESS;
2035 }
2036
2037 #define ECDH_DCDSA_KEY_MIN 224
tee_generate_key(TEE_ObjectHandle object,uint32_t key_size,TEE_Attribute * params,uint32_t param_count,uint32_t api_level)2038 static TEE_Result tee_generate_key(TEE_ObjectHandle object, uint32_t key_size,
2039 TEE_Attribute *params, uint32_t param_count, uint32_t api_level)
2040 {
2041 switch (object->ObjectInfo->objectType) {
2042 case (uint32_t)TEE_TYPE_AES:
2043 case (uint32_t)TEE_TYPE_DES:
2044 case (uint32_t)TEE_TYPE_SM4:
2045 case (uint32_t)TEE_TYPE_HMAC_SM3:
2046 case (uint32_t)TEE_TYPE_HMAC_MD5:
2047 case (uint32_t)TEE_TYPE_HMAC_SHA1:
2048 case (uint32_t)TEE_TYPE_HMAC_SHA224:
2049 case (uint32_t)TEE_TYPE_HMAC_SHA256:
2050 case (uint32_t)TEE_TYPE_HMAC_SHA384:
2051 case (uint32_t)TEE_TYPE_HMAC_SHA512:
2052 case (uint32_t)TEE_TYPE_GENERIC_SECRET:
2053 case (uint32_t)TEE_TYPE_SIP_HASH:
2054 return tee_generate_symmetric_key(object, key_size, api_level);
2055 case (uint32_t)TEE_TYPE_DES3:
2056 return tee_generate_3des_key(object, key_size, api_level);
2057 case (uint32_t)TEE_TYPE_RSA_KEYPAIR:
2058 return tee_gen_rsa_key_pair(object, key_size, params, param_count, api_level);
2059 case (uint32_t)TEE_TYPE_DH_KEYPAIR:
2060 return generate_dh_keypair_hal(object, params, param_count);
2061 case (uint32_t)TEE_TYPE_DSA_KEYPAIR:
2062 return TEE_ERROR_NOT_SUPPORTED;
2063 case (uint32_t)TEE_TYPE_ECDSA_KEYPAIR:
2064 case (uint32_t)TEE_TYPE_ECDH_KEYPAIR:
2065 if (key_size < ECDH_DCDSA_KEY_MIN)
2066 return TEE_ERROR_NOT_SUPPORTED;
2067 return tee_gen_ecdsa_keypair(object, key_size, params, param_count, api_level);
2068 case (uint32_t)TEE_TYPE_ED25519_KEYPAIR:
2069 case (uint32_t)TEE_TYPE_X25519_KEYPAIR:
2070 return generate_ec_keypair_hal(object, key_size, TEE_ECC_CURVE_25519);
2071 case (uint32_t)TEE_TYPE_SM2_DSA_KEYPAIR:
2072 case (uint32_t)TEE_TYPE_SM2_KEP_KEYPAIR:
2073 case (uint32_t)TEE_TYPE_SM2_PKE_KEYPAIR:
2074 return generate_sm2_keypair(object, key_size, param_count, api_level);
2075 case (uint32_t)TEE_TYPE_PBKDF2_HMAC:
2076 return tee_generate_pbkdf2_key(object, key_size, params, param_count, api_level);
2077 default:
2078 tlogd("object type is not correct\n");
2079 return TEE_ERROR_BAD_PARAMETERS;
2080 }
2081 }
2082
TEE_GenerateKey(TEE_ObjectHandle object,uint32_t keySize,TEE_Attribute * params,uint32_t paramCount)2083 TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize,
2084 TEE_Attribute *params, uint32_t paramCount)
2085 {
2086 uint32_t api_level = 0;
2087
2088 TEE_Result ret = tee_generate_key_check(object, keySize, &api_level);
2089 if (ret != TEE_SUCCESS) {
2090 tloge("Invalid keySize");
2091 return TEE_ERROR_BAD_PARAMETERS;
2092 }
2093
2094 object->ObjectInfo->handleFlags |= TEE_HANDLE_FLAG_INITIALIZED;
2095
2096 ret = tee_generate_key(object, keySize, params, paramCount, api_level);
2097 if (ret == TEE_ERROR_NOT_SUPPORTED) {
2098 tloge("the parameter is invalid!\n");
2099 return TEE_ERROR_BAD_PARAMETERS;
2100 }
2101 if (ret != TEE_SUCCESS) {
2102 tloge("TEE_GenerateKey failed!ret = %x\n", ret);
2103 TEE_Panic(ret);
2104 }
2105 return ret;
2106 }
2107
TEE_InfoObjectData(TEE_ObjectHandle object,uint32_t * pos,uint32_t * len)2108 TEE_Result TEE_InfoObjectData(TEE_ObjectHandle object, uint32_t *pos, uint32_t *len)
2109 {
2110 if (object == NULL || pos == NULL || len == NULL) {
2111 tloge("bad parameter!\n");
2112 return TEE_ERROR_BAD_PARAMETERS;
2113 }
2114
2115 if (check_object(object) != TEE_SUCCESS) {
2116 tloge("object is invalid\n");
2117 return TEE_ERROR_BAD_PARAMETERS;
2118 }
2119
2120 return ss_agent_get_object_info(object, pos, len);
2121 }
2122