1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include "tee_load_key_ops.h"
13 #include <tee_crypto_api.h>
14 #include "tee_elf_verify.h"
15 #include "ta_load_key.h"
16 #include "ta_verify_key.h"
17 #include "ta_framework.h"
18 #include "tee_mem_mgmt_api.h"
19 #include "tee_log.h"
20 #include "securec.h"
21 #include "crypto_inner_interface.h"
22 #include "tee_crypto_hal.h"
23 #include "ta_load_config.h"
24 #include "tee_elf_verify_openssl.h"
25 #include <tee_crypto_signature_verify.h>
26
get_ta_verify_key(void)27 RSA *get_ta_verify_key(void)
28 {
29 struct ta_verify_key verify_key = { PUB_KEY_2048_BITS, PUB_KEY_RELEASE, NULL};
30
31 TEE_Result ret = get_ta_verify_pubkey(&verify_key);
32 if (ret != TEE_SUCCESS || verify_key.key == NULL)
33 return NULL;
34
35 return rsa_build_public_key(verify_key.key);
36 }
37
38 /* Process steps:
39 * 1, Get public key,
40 * 2, Verify the signature using the public key,
41 */
tee_secure_ta_release_verify(const uint8_t * hash,uint32_t hash_size,const uint8_t * signature,uint32_t signature_size)42 TEE_Result tee_secure_ta_release_verify(const uint8_t *hash, uint32_t hash_size, const uint8_t *signature,
43 uint32_t signature_size)
44 {
45 /* This is for 3rd party to developing TA with signature check off */
46 if (get_ta_signature_ctrl()) {
47 tloge("DEBUG_VERSION: signature VerifyDigest is OFF\n");
48 return TEE_SUCCESS;
49 }
50
51 return tee_secure_img_release_verify(hash, hash_size, signature, signature_size, get_ta_verify_key());
52 }
53
tee_secure_img_hash_ops(const uint8_t * data,size_t data_size,uint8_t * hash,size_t hash_size)54 TEE_Result tee_secure_img_hash_ops(const uint8_t *data, size_t data_size, uint8_t *hash, size_t hash_size)
55 {
56 uint32_t alg_type;
57 TEE_OperationHandle hash_op = NULL;
58 int32_t per_op_len;
59
60 bool check = (data == NULL || hash == NULL || data_size == 0);
61 if (check)
62 return TEE_ERROR_BAD_PARAMETERS;
63
64 if (hash_size == SHA256_LEN) {
65 alg_type = TEE_ALG_SHA256;
66 } else {
67 alg_type = TEE_ALG_SHA512;
68 }
69
70 TEE_Result ret = TEE_AllocateOperation(&hash_op, alg_type, TEE_MODE_DIGEST, 0);
71 if (ret != TEE_SUCCESS) {
72 tloge("Allocate Operation, fail 0x%x\n", ret);
73 return ret;
74 }
75 ret = TEE_SetCryptoFlag(hash_op, SOFT_CRYPTO);
76 if (ret != TEE_SUCCESS) {
77 TEE_FreeOperation(hash_op);
78 tloge("set soft engine failed ret = 0x%x\n", ret);
79 return ret;
80 }
81
82 while (data_size > 0) {
83 per_op_len = (int32_t)(data_size > HASH_UPDATA_LEN ? HASH_UPDATA_LEN : data_size);
84 ret = TEE_DigestUpdate(hash_op, data, per_op_len);
85 if (ret != TEE_SUCCESS) {
86 TEE_FreeOperation(hash_op);
87 tloge("Failed to call digest update\n");
88 return TEE_ERROR_GENERIC;
89 }
90 data_size -= (size_t)per_op_len;
91 data += per_op_len;
92 }
93
94 ret = TEE_DigestDoFinal(hash_op, NULL, 0, hash, &hash_size);
95 if (ret != TEE_SUCCESS) {
96 tloge("Digest Do Final, fail ret=0x%x, srclen=0x%x, dst_len=0x%x\n",
97 ret, (data_size % HASH_UPDATA_LEN), hash_size);
98 TEE_FreeOperation(hash_op);
99 return ret;
100 }
101
102 TEE_FreeOperation(hash_op);
103
104 return TEE_SUCCESS;
105 }
106