diff options
| -rw-r--r-- | core/lib/libtomcrypt/src/tee_ltc_provider.c | 58 | ||||
| -rw-r--r-- | core/tee/tee_svc_cryp.c | 35 |
2 files changed, 59 insertions, 34 deletions
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index 7aef0492..686f7112 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -12,6 +12,7 @@ #include <string_ext.h> #include <string.h> #include <tee_api_types.h> +#include <tee_api_defines_extensions.h> #include <tee/tee_cryp_utl.h> #include <tomcrypt.h> #include "tomcrypt_mp.h" @@ -196,6 +197,7 @@ static TEE_Result tee_algo_to_ltc_hashindex(uint32_t algo, int *ltc_hashindex) *ltc_hashindex = find_hash("sha512"); break; #endif + case TEE_ALG_RSASSA_PKCS1_V1_5: case TEE_ALG_RSAES_PKCS1_V1_5: /* invalid one. but it should not be used anyway */ *ltc_hashindex = -1; @@ -814,6 +816,9 @@ TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, } switch (algo) { + case TEE_ALG_RSASSA_PKCS1_V1_5: + ltc_rsa_algo = LTC_PKCS_1_V1_5_NA1; + break; case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: @@ -834,20 +839,22 @@ TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, goto err; } - ltc_res = tee_algo_to_ltc_hashindex(algo, <c_hashindex); - if (ltc_res != CRYPT_OK) { - res = TEE_ERROR_BAD_PARAMETERS; - goto err; - } + if (ltc_rsa_algo != LTC_PKCS_1_V1_5_NA1) { + ltc_res = tee_algo_to_ltc_hashindex(algo, <c_hashindex); + if (ltc_res != CRYPT_OK) { + res = TEE_ERROR_BAD_PARAMETERS; + goto err; + } - res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo), - &hash_size); - if (res != TEE_SUCCESS) - goto err; + res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo), + &hash_size); + if (res != TEE_SUCCESS) + goto err; - if (msg_len != hash_size) { - res = TEE_ERROR_BAD_PARAMETERS; - goto err; + if (msg_len != hash_size) { + res = TEE_ERROR_BAD_PARAMETERS; + goto err; + } } mod_size = ltc_mp.unsigned_size((void *)(ltc_key.N)); @@ -892,14 +899,16 @@ TEE_Result crypto_acipher_rsassa_verify(uint32_t algo, .N = key->n }; - res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo), - &hash_size); - if (res != TEE_SUCCESS) - goto err; + if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) { + res = tee_hash_get_digest_size(TEE_DIGEST_HASH_TO_ALGO(algo), + &hash_size); + if (res != TEE_SUCCESS) + goto err; - if (msg_len != hash_size) { - res = TEE_ERROR_BAD_PARAMETERS; - goto err; + if (msg_len != hash_size) { + res = TEE_ERROR_BAD_PARAMETERS; + goto err; + } } bigint_size = ltc_mp.unsigned_size(ltc_key.N); @@ -909,11 +918,16 @@ TEE_Result crypto_acipher_rsassa_verify(uint32_t algo, } /* Get the algorithm */ - res = tee_algo_to_ltc_hashindex(algo, <c_hashindex); - if (res != TEE_SUCCESS) - goto err; + if (algo != TEE_ALG_RSASSA_PKCS1_V1_5) { + res = tee_algo_to_ltc_hashindex(algo, <c_hashindex); + if (res != TEE_SUCCESS) + goto err; + } switch (algo) { + case TEE_ALG_RSASSA_PKCS1_V1_5: + ltc_rsa_algo = LTC_PKCS_1_V1_5_NA1; + break; case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 8c63463e..b47a45dd 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -18,10 +18,7 @@ #include <trace.h> #include <utee_defines.h> #include <util.h> -#if defined(CFG_CRYPTO_HKDF) || defined(CFG_CRYPTO_CONCAT_KDF) || \ - defined(CFG_CRYPTO_PBKDF2) #include <tee_api_defines_extensions.h> -#endif #if defined(CFG_CRYPTO_HKDF) #include <tee/tee_cryp_hkdf.h> #endif @@ -2023,6 +2020,13 @@ TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode, cs->mode = mode; switch (TEE_ALG_GET_CLASS(algo)) { + case TEE_OPERATION_EXTENSION: +#ifdef CFG_CRYPTO_RSASSA_NA1 + if (algo == TEE_ALG_RSASSA_PKCS1_V1_5) + goto rsassa_na1; +#endif + res = TEE_ERROR_NOT_SUPPORTED; + break; case TEE_OPERATION_CIPHER: if ((algo == TEE_ALG_AES_XTS && (key1 == 0 || key2 == 0)) || (algo != TEE_ALG_AES_XTS && (key1 == 0 || key2 != 0))) { @@ -2062,6 +2066,7 @@ TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode, break; case TEE_OPERATION_ASYMMETRIC_CIPHER: case TEE_OPERATION_ASYMMETRIC_SIGNATURE: +rsassa_na1: __maybe_unused if (key1 == 0 || key2 != 0) res = TEE_ERROR_BAD_PARAMETERS; break; @@ -3314,6 +3319,9 @@ TEE_Result syscall_asymm_operate(unsigned long state, } break; +#if defined(CFG_CRYPTO_RSASSA_NA1) + case TEE_ALG_RSASSA_PKCS1_V1_5: +#endif case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: @@ -3380,7 +3388,7 @@ TEE_Result syscall_asymm_verify(unsigned long state, struct tee_ta_session *sess; struct tee_obj *o; size_t hash_size; - int salt_len; + int salt_len = 0; TEE_Attribute *params = NULL; uint32_t hash_algo; struct user_ta_ctx *utc; @@ -3428,15 +3436,18 @@ TEE_Result syscall_asymm_verify(unsigned long state, switch (TEE_ALG_GET_MAIN_ALG(cs->algo)) { case TEE_MAIN_ALGO_RSA: - hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); - res = tee_hash_get_digest_size(hash_algo, &hash_size); - if (res != TEE_SUCCESS) - break; - if (data_len != hash_size) { - res = TEE_ERROR_BAD_PARAMETERS; - break; + if (cs->algo != TEE_ALG_RSASSA_PKCS1_V1_5) { + hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); + res = tee_hash_get_digest_size(hash_algo, &hash_size); + if (res != TEE_SUCCESS) + break; + if (data_len != hash_size) { + res = TEE_ERROR_BAD_PARAMETERS; + break; + } + salt_len = pkcs1_get_salt_len(params, num_params, + hash_size); } - salt_len = pkcs1_get_salt_len(params, num_params, hash_size); res = crypto_acipher_rsassa_verify(cs->algo, o->attr, salt_len, data, data_len, sig, sig_len); |