diff options
-rw-r--r-- | core/arch/arm/kernel/ree_fs_ta.c | 17 | ||||
-rw-r--r-- | core/crypto/crypto.c | 32 | ||||
-rw-r--r-- | core/crypto/sub.mk | 1 | ||||
-rw-r--r-- | core/include/tee/tee_cryp_provider.h | 20 | ||||
-rw-r--r-- | core/lib/libtomcrypt/src/tee_ltc_provider.c | 22 | ||||
-rw-r--r-- | core/sub.mk | 1 | ||||
-rw-r--r-- | core/tee/fs_htree.c | 26 | ||||
-rw-r--r-- | core/tee/tee_cryp_concat_kdf.c | 19 | ||||
-rw-r--r-- | core/tee/tee_cryp_utl.c | 14 | ||||
-rw-r--r-- | core/tee/tee_fs_key_manager.c | 8 | ||||
-rw-r--r-- | core/tee/tee_svc_cryp.c | 24 |
11 files changed, 84 insertions, 100 deletions
diff --git a/core/arch/arm/kernel/ree_fs_ta.c b/core/arch/arm/kernel/ree_fs_ta.c index 888bcfcd..cc5b4b1a 100644 --- a/core/arch/arm/kernel/ree_fs_ta.c +++ b/core/arch/arm/kernel/ree_fs_ta.c @@ -187,11 +187,6 @@ static TEE_Result ta_open(const TEE_UUID *uuid, uint64_t cookie = 0; TEE_Result res; - if (!crypto_ops.hash.get_ctx_size || - !crypto_ops.hash.init || - !crypto_ops.hash.update) - return TEE_ERROR_NOT_SUPPORTED; - handle = calloc(1, sizeof(*handle)); if (!handle) return TEE_ERROR_OUT_OF_MEMORY; @@ -216,7 +211,7 @@ static TEE_Result ta_open(const TEE_UUID *uuid, * header (less the final file hash and its signature of course) */ hash_algo = TEE_DIGEST_HASH_TO_ALGO(shdr->algo); - res = crypto_ops.hash.get_ctx_size(hash_algo, &hash_ctx_size); + res = crypto_hash_get_ctx_size(hash_algo, &hash_ctx_size); if (res != TEE_SUCCESS) goto error_free_payload; hash_ctx = malloc(hash_ctx_size); @@ -224,10 +219,10 @@ static TEE_Result ta_open(const TEE_UUID *uuid, res = TEE_ERROR_OUT_OF_MEMORY; goto error_free_payload; } - res = crypto_ops.hash.init(hash_ctx, hash_algo); + res = crypto_hash_init(hash_ctx, hash_algo); if (res != TEE_SUCCESS) goto error_free_payload; - res = crypto_ops.hash.update(hash_ctx, hash_algo, (uint8_t *)shdr, + res = crypto_hash_update(hash_ctx, hash_algo, (uint8_t *)shdr, sizeof(*shdr)); if (res != TEE_SUCCESS) goto error_free_payload; @@ -269,12 +264,10 @@ static TEE_Result check_digest(struct user_ta_store_handle *h) void *digest = NULL; TEE_Result res; - if (!crypto_ops.hash.final) - return TEE_ERROR_NOT_SUPPORTED; digest = malloc(h->shdr->hash_size); if (!digest) return TEE_ERROR_OUT_OF_MEMORY; - res = crypto_ops.hash.final(h->hash_ctx, h->hash_algo, digest, + res = crypto_hash_final(h->hash_ctx, h->hash_algo, digest, h->shdr->hash_size); if (res != TEE_SUCCESS) { res = TEE_ERROR_SECURITY; @@ -300,7 +293,7 @@ static TEE_Result ta_read(struct user_ta_store_handle *h, void *data, dst = data; /* Hash secure buffer (shm might be modified) */ memcpy(dst, src, len); } - res = crypto_ops.hash.update(h->hash_ctx, h->hash_algo, dst, len); + res = crypto_hash_update(h->hash_ctx, h->hash_algo, dst, len); if (res != TEE_SUCCESS) return TEE_ERROR_SECURITY; h->offs += len; diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c new file mode 100644 index 00000000..91b325b3 --- /dev/null +++ b/core/crypto/crypto.c @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <compiler.h> +#include <tee/tee_cryp_provider.h> + +#if !defined(_CFG_CRYPTO_WITH_HASH) +TEE_Result crypto_hash_get_ctx_size(uint32_t algo __unused, + size_t *size __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED; +} + +TEE_Result crypto_hash_init(void *ctx __unused, uint32_t algo __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED; +} +TEE_Result crypto_hash_update(void *ctx __unused, uint32_t algo __unused, + const uint8_t *data __unused, size_t len __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED; +} +TEE_Result crypto_hash_final(void *ctx __unused, uint32_t algo __unused, + uint8_t *digest __unused, size_t len __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED; +} +#endif /*_CFG_CRYPTO_WITH_HASH*/ diff --git a/core/crypto/sub.mk b/core/crypto/sub.mk new file mode 100644 index 00000000..7f72ebd0 --- /dev/null +++ b/core/crypto/sub.mk @@ -0,0 +1 @@ +srcs-y += crypto.c diff --git a/core/include/tee/tee_cryp_provider.h b/core/include/tee/tee_cryp_provider.h index c6db4e1a..81915aa9 100644 --- a/core/include/tee/tee_cryp_provider.h +++ b/core/include/tee/tee_cryp_provider.h @@ -47,16 +47,6 @@ #include <tee_api_types.h> -/* Message digest functions */ -struct hash_ops { - TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size); - TEE_Result (*init)(void *ctx, uint32_t algo); - TEE_Result (*update)(void *ctx, uint32_t algo, - const uint8_t *data, size_t len); - TEE_Result (*final)(void *ctx, uint32_t algo, uint8_t *digest, - size_t len); -}; - /* Symmetric ciphers */ struct cipher_ops { TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size); @@ -285,7 +275,6 @@ struct crypto_ops { const char *name; TEE_Result (*init)(void); - struct hash_ops hash; struct cipher_ops cipher; struct mac_ops mac; struct authenc_ops authenc; @@ -295,6 +284,15 @@ struct crypto_ops { extern const struct crypto_ops crypto_ops; + +/* Message digest functions */ +TEE_Result crypto_hash_get_ctx_size(uint32_t algo, size_t *size); +TEE_Result crypto_hash_init(void *ctx, uint32_t algo); +TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, + size_t len); +TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, + size_t len); + /* * Verifies a SHA-256 hash, doesn't require tee_cryp_init() to be called in * advance and has as few dependencies as possible. diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index fc062a50..5e8ce255 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -369,8 +369,7 @@ static TEE_Result tee_algo_to_ltc_cipherindex(uint32_t algo, ******************************************************************************/ #if defined(_CFG_CRYPTO_WITH_HASH) - -static TEE_Result hash_get_ctx_size(uint32_t algo, size_t *size) +TEE_Result crypto_hash_get_ctx_size(uint32_t algo, size_t *size) { switch (algo) { #if defined(CFG_CRYPTO_MD5) @@ -400,7 +399,7 @@ static TEE_Result hash_get_ctx_size(uint32_t algo, size_t *size) return TEE_SUCCESS; } -static TEE_Result hash_init(void *ctx, uint32_t algo) +TEE_Result crypto_hash_init(void *ctx, uint32_t algo) { int ltc_res; int ltc_hashindex; @@ -415,7 +414,7 @@ static TEE_Result hash_init(void *ctx, uint32_t algo) return TEE_ERROR_BAD_STATE; } -static TEE_Result hash_update(void *ctx, uint32_t algo, +TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, size_t len) { int ltc_res; @@ -431,8 +430,8 @@ static TEE_Result hash_update(void *ctx, uint32_t algo, return TEE_ERROR_BAD_STATE; } -static TEE_Result hash_final(void *ctx, uint32_t algo, uint8_t *digest, - size_t len) +TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, + size_t len) { int ltc_res; int ltc_hashindex; @@ -465,8 +464,7 @@ static TEE_Result hash_final(void *ctx, uint32_t algo, uint8_t *digest, return TEE_SUCCESS; } - -#endif /* _CFG_CRYPTO_WITH_HASH */ +#endif /*_CFG_CRYPTO_WITH_HASH*/ /****************************************************************************** * Asymmetric algorithms @@ -2982,14 +2980,6 @@ static TEE_Result tee_ltc_init(void) const struct crypto_ops crypto_ops = { .name = "LibTomCrypt provider", .init = tee_ltc_init, -#if defined(_CFG_CRYPTO_WITH_HASH) - .hash = { - .get_ctx_size = hash_get_ctx_size, - .init = hash_init, - .update = hash_update, - .final = hash_final, - }, -#endif #if defined(_CFG_CRYPTO_WITH_CIPHER) .cipher = { .final = cipher_final, diff --git a/core/sub.mk b/core/sub.mk index 20f97e17..7e8b61bd 100644 --- a/core/sub.mk +++ b/core/sub.mk @@ -1,4 +1,5 @@ subdirs-y += kernel +subdirs-y += crypto subdirs-y += tee subdirs-y += drivers diff --git a/core/tee/fs_htree.c b/core/tee/fs_htree.c index 31d412cd..e91a8a97 100644 --- a/core/tee/fs_htree.c +++ b/core/tee/fs_htree.c @@ -427,31 +427,29 @@ static TEE_Result calc_node_hash(struct htree_node *node, void *ctx, uint8_t *ndata = (uint8_t *)&node->node + sizeof(node->node.hash); size_t nsize = sizeof(node->node) - sizeof(node->node.hash); - res = crypto_ops.hash.init(ctx, alg); + res = crypto_hash_init(ctx, alg); if (res != TEE_SUCCESS) return res; - res = crypto_ops.hash.update(ctx, alg, ndata, nsize); + res = crypto_hash_update(ctx, alg, ndata, nsize); if (res != TEE_SUCCESS) return res; if (node->child[0]) { - res = crypto_ops.hash.update(ctx, alg, - node->child[0]->node.hash, - sizeof(node->child[0]->node.hash)); + res = crypto_hash_update(ctx, alg, node->child[0]->node.hash, + sizeof(node->child[0]->node.hash)); if (res != TEE_SUCCESS) return res; } if (node->child[1]) { - res = crypto_ops.hash.update(ctx, alg, - node->child[1]->node.hash, - sizeof(node->child[1]->node.hash)); + res = crypto_hash_update(ctx, alg, node->child[1]->node.hash, + sizeof(node->child[1]->node.hash)); if (res != TEE_SUCCESS) return res; } - return crypto_ops.hash.final(ctx, alg, digest, TEE_FS_HTREE_HASH_SIZE); + return crypto_hash_final(ctx, alg, digest, TEE_FS_HTREE_HASH_SIZE); } static TEE_Result authenc_init(void **ctx_ret, TEE_OperationMode mode, @@ -609,11 +607,7 @@ static TEE_Result verify_tree(struct tee_fs_htree *ht) size_t size; void *ctx; - if (!crypto_ops.hash.get_ctx_size || !crypto_ops.hash.init || - !crypto_ops.hash.update || !crypto_ops.hash.final) - return TEE_ERROR_NOT_SUPPORTED; - - res = crypto_ops.hash.get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); + res = crypto_hash_get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); if (res != TEE_SUCCESS) return res; @@ -633,7 +627,7 @@ static TEE_Result init_root_node(struct tee_fs_htree *ht) size_t size; void *ctx; - res = crypto_ops.hash.get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); + res = crypto_hash_get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); if (res != TEE_SUCCESS) return res; ctx = malloc(size); @@ -797,7 +791,7 @@ TEE_Result tee_fs_htree_sync_to_storage(struct tee_fs_htree **ht_arg, if (!ht->dirty) return TEE_SUCCESS; - res = crypto_ops.hash.get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); + res = crypto_hash_get_ctx_size(TEE_FS_HTREE_HASH_ALG, &size); if (res != TEE_SUCCESS) return res; ctx = malloc(size); diff --git a/core/tee/tee_cryp_concat_kdf.c b/core/tee/tee_cryp_concat_kdf.c index b0c7c3d4..a68dbd6b 100644 --- a/core/tee/tee_cryp_concat_kdf.c +++ b/core/tee/tee_cryp_concat_kdf.c @@ -45,15 +45,8 @@ TEE_Result tee_cryp_concat_kdf(uint32_t hash_id, const uint8_t *shared_secret, uint32_t be_count; uint8_t *out = derived_key; uint32_t hash_algo = TEE_ALG_HASH_ALGO(hash_id); - const struct hash_ops *hash = &crypto_ops.hash; - if (!hash->get_ctx_size || !hash->init || !hash->update || - !hash->final) { - res = TEE_ERROR_NOT_IMPLEMENTED; - goto out; - } - - res = hash->get_ctx_size(hash_algo, &ctx_size); + res = crypto_hash_get_ctx_size(hash_algo, &ctx_size); if (res != TEE_SUCCESS) goto out; @@ -72,24 +65,24 @@ TEE_Result tee_cryp_concat_kdf(uint32_t hash_id, const uint8_t *shared_secret, for (i = 1; i <= n + 1; i++) { be_count = TEE_U32_TO_BIG_ENDIAN(i); - res = hash->init(ctx, hash_algo); + res = crypto_hash_init(ctx, hash_algo); if (res != TEE_SUCCESS) goto out; - res = hash->update(ctx, hash_algo, (uint8_t *)&be_count, + res = crypto_hash_update(ctx, hash_algo, (uint8_t *)&be_count, sizeof(be_count)); if (res != TEE_SUCCESS) goto out; - res = hash->update(ctx, hash_algo, shared_secret, + res = crypto_hash_update(ctx, hash_algo, shared_secret, shared_secret_len); if (res != TEE_SUCCESS) goto out; if (other_info && other_info_len) { - res = hash->update(ctx, hash_algo, other_info, + res = crypto_hash_update(ctx, hash_algo, other_info, other_info_len); if (res != TEE_SUCCESS) goto out; } - res = hash->final(ctx, hash_algo, tmp, sizeof(tmp)); + res = crypto_hash_final(ctx, hash_algo, tmp, sizeof(tmp)); if (res != TEE_SUCCESS) goto out; diff --git a/core/tee/tee_cryp_utl.c b/core/tee/tee_cryp_utl.c index a40ec9ad..e40a6850 100644 --- a/core/tee/tee_cryp_utl.c +++ b/core/tee/tee_cryp_utl.c @@ -97,13 +97,7 @@ TEE_Result tee_hash_createdigest(uint32_t algo, const uint8_t *data, void *ctx = NULL; size_t ctxsize; - if (crypto_ops.hash.get_ctx_size == NULL || - crypto_ops.hash.init == NULL || - crypto_ops.hash.update == NULL || - crypto_ops.hash.final == NULL) - return TEE_ERROR_NOT_IMPLEMENTED; - - if (crypto_ops.hash.get_ctx_size(algo, &ctxsize) != TEE_SUCCESS) { + if (crypto_hash_get_ctx_size(algo, &ctxsize) != TEE_SUCCESS) { res = TEE_ERROR_NOT_SUPPORTED; goto out; } @@ -114,16 +108,16 @@ TEE_Result tee_hash_createdigest(uint32_t algo, const uint8_t *data, goto out; } - if (crypto_ops.hash.init(ctx, algo) != TEE_SUCCESS) + if (crypto_hash_init(ctx, algo) != TEE_SUCCESS) goto out; if (datalen != 0) { - if (crypto_ops.hash.update(ctx, algo, data, datalen) + if (crypto_hash_update(ctx, algo, data, datalen) != TEE_SUCCESS) goto out; } - if (crypto_ops.hash.final(ctx, algo, digest, digestlen) != TEE_SUCCESS) + if (crypto_hash_final(ctx, algo, digest, digestlen) != TEE_SUCCESS) goto out; res = TEE_SUCCESS; diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index e42e7315..4a834a9b 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -221,7 +221,7 @@ static TEE_Result sha256(uint8_t *out, size_t out_size, const uint8_t *in, size_t ctx_size; uint32_t algo = TEE_ALG_SHA256; - res = crypto_ops.hash.get_ctx_size(algo, &ctx_size); + res = crypto_hash_get_ctx_size(algo, &ctx_size); if (res != TEE_SUCCESS) return res; @@ -229,15 +229,15 @@ static TEE_Result sha256(uint8_t *out, size_t out_size, const uint8_t *in, if (!ctx) return TEE_ERROR_OUT_OF_MEMORY; - res = crypto_ops.hash.init(ctx, algo); + res = crypto_hash_init(ctx, algo); if (res != TEE_SUCCESS) goto out; - res = crypto_ops.hash.update(ctx, algo, in, in_size); + res = crypto_hash_update(ctx, algo, in, in_size); if (res != TEE_SUCCESS) goto out; - res = crypto_ops.hash.final(ctx, algo, out, out_size); + res = crypto_hash_final(ctx, algo, out, out_size); out: free(ctx); diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 05c6fcfd..81473743 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -2076,11 +2076,7 @@ TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode, if (key1 != 0 || key2 != 0) { res = TEE_ERROR_BAD_PARAMETERS; } else { - if (crypto_ops.hash.get_ctx_size) - res = crypto_ops.hash.get_ctx_size(algo, - &cs->ctx_size); - else - res = TEE_ERROR_NOT_IMPLEMENTED; + res = crypto_hash_get_ctx_size(algo, &cs->ctx_size); if (res != TEE_SUCCESS) break; cs->ctx = calloc(1, cs->ctx_size); @@ -2195,9 +2191,7 @@ TEE_Result syscall_hash_init(unsigned long state, switch (TEE_ALG_GET_CLASS(cs->algo)) { case TEE_OPERATION_DIGEST: - if (!crypto_ops.hash.init) - return TEE_ERROR_NOT_IMPLEMENTED; - res = crypto_ops.hash.init(cs->ctx, cs->algo); + res = crypto_hash_init(cs->ctx, cs->algo); if (res != TEE_SUCCESS) return res; break; @@ -2263,10 +2257,7 @@ TEE_Result syscall_hash_update(unsigned long state, const void *chunk, switch (TEE_ALG_GET_CLASS(cs->algo)) { case TEE_OPERATION_DIGEST: - if (!crypto_ops.hash.update) - return TEE_ERROR_NOT_IMPLEMENTED; - res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, - chunk_size); + res = crypto_hash_update(cs->ctx, cs->algo, chunk, chunk_size); if (res != TEE_SUCCESS) return res; break; @@ -2327,8 +2318,6 @@ TEE_Result syscall_hash_final(unsigned long state, const void *chunk, switch (TEE_ALG_GET_CLASS(cs->algo)) { case TEE_OPERATION_DIGEST: - if (!crypto_ops.hash.update || !crypto_ops.hash.final) - return TEE_ERROR_NOT_IMPLEMENTED; res = tee_hash_get_digest_size(cs->algo, &hash_size); if (res != TEE_SUCCESS) return res; @@ -2338,14 +2327,13 @@ TEE_Result syscall_hash_final(unsigned long state, const void *chunk, } if (chunk_size) { - res = crypto_ops.hash.update(cs->ctx, cs->algo, chunk, - chunk_size); + res = crypto_hash_update(cs->ctx, cs->algo, chunk, + chunk_size); if (res != TEE_SUCCESS) return res; } - res = crypto_ops.hash.final(cs->ctx, cs->algo, hash, - hash_size); + res = crypto_hash_final(cs->ctx, cs->algo, hash, hash_size); if (res != TEE_SUCCESS) return res; break; |