1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright 2018-2020 NXP
4 *
5 * Crypto RSA interface implementation to enable HW driver.
6 */
7 #include <drvcrypt.h>
8 #include <crypto/crypto.h>
9 #include <tee_api_defines_extensions.h>
10 #include <tee/tee_cryp_utl.h>
11 #include <utee_defines.h>
12
13 #include "local.h"
14
crypto_acipher_alloc_rsa_keypair(struct rsa_keypair * key,size_t size_bits)15 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *key,
16 size_t size_bits)
17 {
18 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
19
20 struct drvcrypt_rsa *rsa = NULL;
21
22 if (!key || !size_bits) {
23 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
24 size_bits);
25 return TEE_ERROR_BAD_PARAMETERS;
26 }
27
28 rsa = drvcrypt_get_ops(CRYPTO_RSA);
29 if (rsa)
30 ret = rsa->alloc_keypair(key, size_bits);
31
32 CRYPTO_TRACE("RSA Keypair (%zu bits) alloc ret = 0x%" PRIx32, size_bits,
33 ret);
34 return ret;
35 }
36
crypto_acipher_alloc_rsa_public_key(struct rsa_public_key * key,size_t size_bits)37 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *key,
38 size_t size_bits)
39 {
40 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
41 struct drvcrypt_rsa *rsa = NULL;
42
43 if (!key || !size_bits) {
44 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits)", key,
45 size_bits);
46 return TEE_ERROR_BAD_PARAMETERS;
47 }
48
49 rsa = drvcrypt_get_ops(CRYPTO_RSA);
50 if (rsa)
51 ret = rsa->alloc_publickey(key, size_bits);
52
53 CRYPTO_TRACE("RSA Public Key (%zu bits) alloc ret = 0x%" PRIx32,
54 size_bits, ret);
55 return ret;
56 }
57
crypto_acipher_free_rsa_public_key(struct rsa_public_key * key)58 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *key)
59 {
60 struct drvcrypt_rsa *rsa = NULL;
61
62 if (key) {
63 rsa = drvcrypt_get_ops(CRYPTO_RSA);
64 if (rsa) {
65 CRYPTO_TRACE("RSA Public Key free");
66 rsa->free_publickey(key);
67 }
68 }
69 }
70
crypto_acipher_free_rsa_keypair(struct rsa_keypair * key)71 void crypto_acipher_free_rsa_keypair(struct rsa_keypair *key)
72 {
73 struct drvcrypt_rsa *rsa = NULL;
74
75 if (key) {
76 rsa = drvcrypt_get_ops(CRYPTO_RSA);
77 if (rsa) {
78 CRYPTO_TRACE("RSA Keypair free");
79 rsa->free_keypair(key);
80 }
81 }
82 }
83
crypto_acipher_gen_rsa_key(struct rsa_keypair * key,size_t size_bits)84 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t size_bits)
85 {
86 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
87 struct drvcrypt_rsa *rsa = NULL;
88
89 if (!key || !size_bits) {
90 CRYPTO_TRACE("Parameters error (key @%p) (size %zu bits) ",
91 key, size_bits);
92 return TEE_ERROR_BAD_PARAMETERS;
93 }
94
95 rsa = drvcrypt_get_ops(CRYPTO_RSA);
96 if (rsa)
97 ret = rsa->gen_keypair(key, size_bits);
98
99 CRYPTO_TRACE("RSA Keypair (%zu bits) generate ret = 0x%" PRIx32,
100 size_bits, ret);
101
102 return ret;
103 }
104
crypto_acipher_rsanopad_decrypt(struct rsa_keypair * key,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)105 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key,
106 const uint8_t *cipher,
107 size_t cipher_len, uint8_t *msg,
108 size_t *msg_len)
109 {
110 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
111 struct drvcrypt_rsa *rsa = NULL;
112 struct drvcrypt_rsa_ed rsa_data = { };
113
114 if (!key || !msg || !cipher || !msg_len) {
115 CRYPTO_TRACE("Parameters error (key @%p)\n"
116 "(msg @%p size %zu bytes)\n"
117 "(cipher @0%p size %zu bytes)",
118 key, msg, msg_len ? *msg_len : 0,
119 cipher, cipher_len);
120 return TEE_ERROR_BAD_PARAMETERS;
121 }
122
123 rsa_data.key.key = key;
124 rsa_data.key.isprivate = true;
125 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
126
127 rsa = drvcrypt_get_ops(CRYPTO_RSA);
128 if (rsa) {
129 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
130 rsa_data.message.data = msg;
131 rsa_data.message.length = *msg_len;
132 rsa_data.cipher.data = (uint8_t *)cipher;
133 rsa_data.cipher.length = cipher_len;
134
135 ret = rsa->decrypt(&rsa_data);
136
137 *msg_len = rsa_data.message.length;
138 }
139
140 CRYPTO_TRACE("RSA Decrypt NO PAD ret = 0x%" PRIx32, ret);
141
142 return ret;
143 }
144
crypto_acipher_rsanopad_encrypt(struct rsa_public_key * key,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)145 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key,
146 const uint8_t *msg, size_t msg_len,
147 uint8_t *cipher, size_t *cipher_len)
148 {
149 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
150 struct drvcrypt_rsa *rsa = NULL;
151 struct drvcrypt_rsa_ed rsa_data = { };
152
153 if (!key || !msg || !cipher_len) {
154 CRYPTO_TRACE("Parameters error (key @%p)\n"
155 "(msg @%p size %zu bytes)\n"
156 "(cipher @%p size %zu bytes)",
157 key, msg, msg_len,
158 cipher, cipher_len ? *cipher_len : 0);
159 return TEE_ERROR_BAD_PARAMETERS;
160 }
161
162 rsa_data.key.key = key;
163 rsa_data.key.isprivate = false;
164 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
165
166 if (rsa_data.key.n_size > *cipher_len) {
167 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
168 *cipher_len, rsa_data.key.n_size);
169 *cipher_len = rsa_data.key.n_size;
170 return TEE_ERROR_SHORT_BUFFER;
171 }
172
173 if (!cipher) {
174 CRYPTO_TRACE("Parameter \"cipher\" reference error");
175 return TEE_ERROR_BAD_PARAMETERS;
176 }
177
178 rsa = drvcrypt_get_ops(CRYPTO_RSA);
179 if (rsa) {
180 /* Prepare the encryption data parameters */
181 rsa_data.rsa_id = DRVCRYPT_RSA_NOPAD;
182 rsa_data.message.data = (uint8_t *)msg;
183 rsa_data.message.length = msg_len;
184 rsa_data.cipher.data = cipher;
185 rsa_data.cipher.length = *cipher_len;
186
187 ret = rsa->encrypt(&rsa_data);
188
189 /* Set the cipher size */
190 *cipher_len = rsa_data.cipher.length;
191 }
192
193 CRYPTO_TRACE("RSA Encrypt NO PAD ret = 0x%" PRIx32, ret);
194
195 return ret;
196 }
197
crypto_acipher_rsaes_decrypt(uint32_t algo,struct rsa_keypair * key,const uint8_t * label,size_t label_len,const uint8_t * cipher,size_t cipher_len,uint8_t * msg,size_t * msg_len)198 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key,
199 const uint8_t *label, size_t label_len,
200 const uint8_t *cipher,
201 size_t cipher_len, uint8_t *msg,
202 size_t *msg_len)
203 {
204 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
205 struct drvcrypt_rsa *rsa = NULL;
206 struct drvcrypt_rsa_ed rsa_data = { };
207
208 if (!key || !msg || !cipher || !msg_len || (!label && label_len)) {
209 CRYPTO_TRACE("Parameters error (key @%p)\n"
210 "(msg @%p size %zu bytes)\n"
211 "(cipher @%p size %zu bytes)\n"
212 "(label @%p size %zu bytes)",
213 key, msg, msg_len ? *msg_len : 0,
214 cipher, cipher_len, label, label_len);
215 return TEE_ERROR_BAD_PARAMETERS;
216 }
217
218 rsa = drvcrypt_get_ops(CRYPTO_RSA);
219 if (rsa) {
220 /* Prepare the encryption data parameters */
221 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
222 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
223 } else {
224 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
225 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
226
227 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
228 &rsa_data.digest_size);
229 if (ret != TEE_SUCCESS)
230 return ret;
231
232 rsa_data.mgf = &drvcrypt_rsa_mgf1;
233 }
234
235 rsa_data.key.key = key;
236 rsa_data.key.isprivate = true;
237 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
238
239 rsa_data.message.data = msg;
240 rsa_data.message.length = *msg_len;
241 rsa_data.cipher.data = (uint8_t *)cipher;
242 rsa_data.cipher.length = cipher_len;
243 rsa_data.label.data =
244 ((label_len > 0) ? (uint8_t *)label : NULL);
245 rsa_data.label.length = label_len;
246
247 ret = rsa->decrypt(&rsa_data);
248
249 /* Set the message size */
250 *msg_len = rsa_data.message.length;
251 }
252
253 CRYPTO_TRACE("RSAES Decrypt ret = 0x%" PRIx32, ret);
254
255 return ret;
256 }
257
crypto_acipher_rsaes_encrypt(uint32_t algo,struct rsa_public_key * key,const uint8_t * label,size_t label_len,const uint8_t * msg,size_t msg_len,uint8_t * cipher,size_t * cipher_len)258 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo,
259 struct rsa_public_key *key,
260 const uint8_t *label, size_t label_len,
261 const uint8_t *msg, size_t msg_len,
262 uint8_t *cipher, size_t *cipher_len)
263 {
264 TEE_Result ret = TEE_ERROR_NOT_IMPLEMENTED;
265 struct drvcrypt_rsa *rsa = NULL;
266 struct drvcrypt_rsa_ed rsa_data = { };
267
268 if (!key || !msg || !cipher_len || (!label && label_len)) {
269 CRYPTO_TRACE("Parameters error (key @%p\n"
270 "(msg @%p size %zu bytes)\n"
271 "(cipher @%p size %zu bytes)\n"
272 "(label @%p size %zu bytes)",
273 key, msg, msg_len,
274 cipher, cipher_len ? *cipher_len : 0,
275 label, label_len);
276 return TEE_ERROR_BAD_PARAMETERS;
277 }
278
279 rsa_data.key.key = key;
280 rsa_data.key.isprivate = false;
281 rsa_data.key.n_size = crypto_bignum_num_bytes(key->n);
282
283 if (rsa_data.key.n_size > *cipher_len) {
284 CRYPTO_TRACE("Cipher length (%zu) too short expected %zu bytes",
285 *cipher_len, rsa_data.key.n_size);
286 *cipher_len = rsa_data.key.n_size;
287 return TEE_ERROR_SHORT_BUFFER;
288 }
289
290 if (!cipher) {
291 CRYPTO_TRACE("Parameter \"cipher\" reference error");
292 return TEE_ERROR_BAD_PARAMETERS;
293 }
294
295 rsa = drvcrypt_get_ops(CRYPTO_RSA);
296 if (rsa) {
297 /* Prepare the encryption data parameters */
298 if (algo == TEE_ALG_RSAES_PKCS1_V1_5) {
299 rsa_data.rsa_id = DRVCRYPT_RSA_PKCS_V1_5;
300
301 /* Message length <= (modulus_size - 11) */
302 if (msg_len > rsa_data.key.n_size - 11)
303 return TEE_ERROR_BAD_PARAMETERS;
304
305 } else {
306 rsa_data.rsa_id = DRVCRYPT_RSA_OAEP;
307 rsa_data.hash_algo = TEE_INTERNAL_HASH_TO_ALGO(algo);
308
309 /* Message length <= (modulus_size - 2 * hLength - 2) */
310 ret = tee_alg_get_digest_size(rsa_data.hash_algo,
311 &rsa_data.digest_size);
312 if (ret != TEE_SUCCESS)
313 return ret;
314
315 if (2 * rsa_data.digest_size >= rsa_data.key.n_size - 2)
316 return TEE_ERROR_BAD_PARAMETERS;
317
318 if (msg_len >
319 rsa_data.key.n_size - 2 * rsa_data.digest_size - 2)
320 return TEE_ERROR_BAD_PARAMETERS;
321
322 rsa_data.mgf = &drvcrypt_rsa_mgf1;
323 }
324
325 rsa_data.message.data = (uint8_t *)msg;
326 rsa_data.message.length = msg_len;
327 rsa_data.cipher.data = cipher;
328 rsa_data.cipher.length = rsa_data.key.n_size;
329 rsa_data.label.data = (label_len > 0) ? (uint8_t *)label : NULL;
330 rsa_data.label.length = label_len;
331
332 ret = rsa->encrypt(&rsa_data);
333
334 /* Set the cipher size */
335 *cipher_len = rsa_data.cipher.length;
336 }
337
338 CRYPTO_TRACE("RSAES Encrypt ret = 0x%" PRIx32, ret);
339
340 return ret;
341 }
342
crypto_acipher_rsassa_sign(uint32_t algo,struct rsa_keypair * key,int salt_len,const uint8_t * msg,size_t msg_len,uint8_t * sig,size_t * sig_len)343 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key,
344 int salt_len, const uint8_t *msg,
345 size_t msg_len, uint8_t *sig,
346 size_t *sig_len)
347 {
348 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
349 struct drvcrypt_rsa *rsa = NULL;
350 struct drvcrypt_rsa_ssa rsa_ssa = { };
351
352 if (!key || !msg || !sig_len) {
353 CRYPTO_TRACE("Input parameters reference error");
354 return ret;
355 }
356
357 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
358 /* Prepare the Digest */
359 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
360
361 /* Check if the message length is digest hash size */
362 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
363 &rsa_ssa.digest_size);
364 if (ret != TEE_SUCCESS)
365 return ret;
366
367 if (msg_len != rsa_ssa.digest_size) {
368 CRYPTO_TRACE("Msg length (%zu expected %zu)", msg_len,
369 rsa_ssa.digest_size);
370 return TEE_ERROR_BAD_PARAMETERS;
371 }
372 } else {
373 rsa_ssa.hash_algo = 0;
374 rsa_ssa.digest_size = 0;
375 }
376
377 /* Prepare the Key */
378 rsa_ssa.key.key = key;
379 rsa_ssa.key.isprivate = true;
380 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
381
382 if (rsa_ssa.key.n_size > *sig_len) {
383 CRYPTO_TRACE("Sign length (%zu) too short must be %zu bytes",
384 *sig_len, rsa_ssa.key.n_size);
385 *sig_len = rsa_ssa.key.n_size;
386 return TEE_ERROR_SHORT_BUFFER;
387 }
388
389 if (!sig) {
390 CRYPTO_TRACE("Parameter \"sig\" reference error");
391 return TEE_ERROR_BAD_PARAMETERS;
392 }
393
394 rsa = drvcrypt_get_ops(CRYPTO_RSA);
395 if (rsa) {
396 /* Prepare the Encoded Signature structure data */
397 rsa_ssa.algo = algo;
398 rsa_ssa.message.data = (uint8_t *)msg;
399 rsa_ssa.message.length = msg_len;
400 rsa_ssa.signature.data = (uint8_t *)sig;
401 rsa_ssa.signature.length = rsa_ssa.key.n_size;
402 rsa_ssa.salt_len = salt_len;
403 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
404
405 ret = TEE_ERROR_NOT_IMPLEMENTED;
406 if (rsa->optional.ssa_sign)
407 ret = rsa->optional.ssa_sign(&rsa_ssa);
408
409 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
410 ret = drvcrypt_rsassa_sign(&rsa_ssa);
411
412 /* Set the signature length */
413 *sig_len = rsa_ssa.signature.length;
414 } else {
415 ret = TEE_ERROR_NOT_IMPLEMENTED;
416 }
417
418 CRYPTO_TRACE("Encode signature algo (0x%" PRIx32
419 ") returned 0x%" PRIx32,
420 algo, ret);
421 return ret;
422 }
423
crypto_acipher_rsassa_verify(uint32_t algo,struct rsa_public_key * key,int salt_len,const uint8_t * msg,size_t msg_len,const uint8_t * sig,size_t sig_len)424 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo,
425 struct rsa_public_key *key,
426 int salt_len, const uint8_t *msg,
427 size_t msg_len, const uint8_t *sig,
428 size_t sig_len)
429 {
430 TEE_Result ret = TEE_ERROR_BAD_PARAMETERS;
431 struct drvcrypt_rsa *rsa = NULL;
432 struct drvcrypt_rsa_ssa rsa_ssa = { };
433
434 if (!key || !msg || !sig) {
435 CRYPTO_TRACE("Input parameters reference error");
436 return ret;
437 }
438
439 if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) {
440 /* Prepare the Digest */
441 rsa_ssa.hash_algo = TEE_DIGEST_HASH_TO_ALGO(algo);
442
443 /* Check if the message length is digest hash size */
444 ret = tee_alg_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo),
445 &rsa_ssa.digest_size);
446 if (ret != TEE_SUCCESS)
447 return ret;
448
449 if (msg_len != rsa_ssa.digest_size) {
450 CRYPTO_TRACE("Input msg length (%zu expected %zu)",
451 msg_len, rsa_ssa.digest_size);
452 return TEE_ERROR_BAD_PARAMETERS;
453 }
454 } else {
455 rsa_ssa.hash_algo = 0;
456 rsa_ssa.digest_size = 0;
457 }
458
459 /* Prepare the Key */
460 rsa_ssa.key.key = key;
461 rsa_ssa.key.isprivate = false;
462 rsa_ssa.key.n_size = crypto_bignum_num_bytes(key->n);
463
464 if (rsa_ssa.key.n_size > sig_len) {
465 CRYPTO_TRACE("Signature length expected %zu",
466 rsa_ssa.key.n_size);
467 return TEE_ERROR_SIGNATURE_INVALID;
468 }
469
470 rsa = drvcrypt_get_ops(CRYPTO_RSA);
471 if (rsa) {
472 /* Prepare the Encoded Signature structure data */
473 rsa_ssa.algo = algo;
474 rsa_ssa.message.data = (uint8_t *)msg;
475 rsa_ssa.message.length = msg_len;
476 rsa_ssa.signature.data = (uint8_t *)sig;
477 rsa_ssa.signature.length = sig_len;
478 rsa_ssa.salt_len = salt_len;
479 rsa_ssa.mgf = &drvcrypt_rsa_mgf1;
480
481 ret = TEE_ERROR_NOT_IMPLEMENTED;
482 if (rsa->optional.ssa_verify)
483 ret = rsa->optional.ssa_verify(&rsa_ssa);
484
485 if (ret == TEE_ERROR_NOT_IMPLEMENTED)
486 ret = drvcrypt_rsassa_verify(&rsa_ssa);
487
488 } else {
489 ret = TEE_ERROR_NOT_IMPLEMENTED;
490 }
491
492 CRYPTO_TRACE("Signature verif algo (0x%" PRIx32 ") returned 0x%" PRIx32,
493 algo, ret);
494
495 return ret;
496 }
497