diff options
author | Jens Wiklander <jens.wiklander@linaro.org> | 2017-11-09 23:06:30 +0100 |
---|---|---|
committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2017-11-14 13:48:32 +0100 |
commit | 82d91db11f0188df939ce52f6106a39f026de74c (patch) | |
tree | 2b740aba5310154be0fb0f9e94eabd139eb65eb0 /core | |
parent | b887bd8f271b056210e964fe7e86dbafe7f6d752 (diff) |
Replace struct cipher_ops with function interface
Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing struct cipher_ops in
crypto_ops.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/crypto/crypto.c | 38 | ||||
-rw-r--r-- | core/include/tee/tee_cryp_provider.h | 29 | ||||
-rw-r--r-- | core/lib/libtomcrypt/src/tee_ltc_provider.c | 33 | ||||
-rw-r--r-- | core/tee/tee_cryp_utl.c | 6 | ||||
-rw-r--r-- | core/tee/tee_fs_key_manager.c | 34 | ||||
-rw-r--r-- | core/tee/tee_svc_cryp.c | 30 |
6 files changed, 89 insertions, 81 deletions
diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c index 91b325b3..b1a1baf5 100644 --- a/core/crypto/crypto.c +++ b/core/crypto/crypto.c @@ -30,3 +30,41 @@ TEE_Result crypto_hash_final(void *ctx __unused, uint32_t algo __unused, return TEE_ERROR_NOT_IMPLEMENTED; } #endif /*_CFG_CRYPTO_WITH_HASH*/ + +#if !defined(_CFG_CRYPTO_WITH_CIPHER) +TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size) +{ + return TEE_ERROR_NOT_IMPLEMENTED +} + +TEE_Result crypto_cipher_init(void *ctx __unused, uint32_t algo __unused, + TEE_OperationMode mode __unused, + const uint8_t *key1 __unused, + size_t key1_len __unused, + const uint8_t *key2 __unused, + size_t key2_len __unused, + const uint8_t *iv __unused, + size_t iv_len __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED +} + +TEE_Result crypto_cipher_update(void *ctx __unused, uint32_t algo __unused, + TEE_OperationMode mode __unused, + bool last_block __unused, + const uint8_t *data __unused, + size_t len __unused, uint8_t *dst __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED +} + +void crypto_cipher_final(void *ctx __unused, uint32_t algo __unused) +{ +} + +TEE_Result crypto_cipher_get_block_size(uint32_t algo __unused, + size_t *size __unused) +{ + return TEE_ERROR_NOT_IMPLEMENTED +} +#endif /*_CFG_CRYPTO_WITH_CIPHER*/ diff --git a/core/include/tee/tee_cryp_provider.h b/core/include/tee/tee_cryp_provider.h index 81915aa9..3ab70416 100644 --- a/core/include/tee/tee_cryp_provider.h +++ b/core/include/tee/tee_cryp_provider.h @@ -47,22 +47,6 @@ #include <tee_api_types.h> -/* Symmetric ciphers */ -struct cipher_ops { - TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size); - TEE_Result (*init)(void *ctx, uint32_t algo, - TEE_OperationMode mode, - const uint8_t *key1, size_t key1_len, - const uint8_t *key2, size_t key2_len, - const uint8_t *iv, size_t iv_len); - TEE_Result (*update)(void *ctx, uint32_t algo, - TEE_OperationMode mode, - bool last_block, const uint8_t *data, - size_t len, uint8_t *dst); - void (*final)(void *ctx, uint32_t algo); - TEE_Result (*get_block_size)(uint32_t algo, size_t *size); -}; - /* Message Authentication Code functions */ struct mac_ops { TEE_Result (*get_ctx_size)(uint32_t algo, size_t *size); @@ -275,7 +259,6 @@ struct crypto_ops { const char *name; TEE_Result (*init)(void); - struct cipher_ops cipher; struct mac_ops mac; struct authenc_ops authenc; struct acipher_ops acipher; @@ -293,6 +276,18 @@ TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, size_t len); +/* Symmetric ciphers */ +TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size); +TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode, + const uint8_t *key1, size_t key1_len, + const uint8_t *key2, size_t key2_len, + const uint8_t *iv, size_t iv_len); +TEE_Result crypto_cipher_update(void *ctx, uint32_t algo, + TEE_OperationMode mode, bool last_block, + const uint8_t *data, size_t len, uint8_t *dst); +void crypto_cipher_final(void *ctx, uint32_t algo); +TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size); + /* * Verifies a SHA-256 hash, doesn't require tee_cryp_init() to be called in * advance and has as few dependencies as possible. diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index 5e8ce255..a26b8522 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -1922,7 +1922,7 @@ static TEE_Result cipher_get_block_size(uint32_t algo, size_t *size) return TEE_SUCCESS; } -static TEE_Result cipher_get_ctx_size(uint32_t algo, size_t *size) +TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size) { switch (algo) { #if defined(CFG_CRYPTO_AES) @@ -1999,7 +1999,7 @@ static void get_des2_key(const uint8_t *key, size_t key_len, } } -static TEE_Result cipher_init(void *ctx, uint32_t algo, +TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode __maybe_unused, const uint8_t *key1, size_t key1_len, const uint8_t *key2 __maybe_unused, @@ -2076,16 +2076,14 @@ static TEE_Result cipher_init(void *ctx, uint32_t algo, #if defined(CFG_CRYPTO_CTS) case TEE_ALG_AES_CTS: cts = ctx; - res = cipher_init((void *)(&(cts->ecb)), - TEE_ALG_AES_ECB_NOPAD, mode, key1, - key1_len, key2, key2_len, iv, - iv_len); + res = crypto_cipher_init((void *)(&(cts->ecb)), + TEE_ALG_AES_ECB_NOPAD, mode, key1, + key1_len, key2, key2_len, iv, iv_len); if (res != TEE_SUCCESS) return res; - res = cipher_init((void *)(&(cts->cbc)), - TEE_ALG_AES_CBC_NOPAD, mode, key1, - key1_len, key2, key2_len, iv, - iv_len); + res = crypto_cipher_init((void *)(&(cts->cbc)), + TEE_ALG_AES_CBC_NOPAD, mode, key1, + key1_len, key2, key2_len, iv, iv_len); if (res != TEE_SUCCESS) return res; ltc_res = CRYPT_OK; @@ -2118,7 +2116,7 @@ static TEE_Result cipher_init(void *ctx, uint32_t algo, return TEE_ERROR_BAD_STATE; } -static TEE_Result cipher_update(void *ctx, uint32_t algo, +TEE_Result crypto_cipher_update(void *ctx, uint32_t algo, TEE_OperationMode mode, bool last_block __maybe_unused, const uint8_t *data, size_t len, uint8_t *dst) @@ -2187,7 +2185,7 @@ static TEE_Result cipher_update(void *ctx, uint32_t algo, return TEE_ERROR_BAD_STATE; } -static void cipher_final(void *ctx, uint32_t algo) +void crypto_cipher_final(void *ctx, uint32_t algo) { switch (algo) { #if defined(CFG_CRYPTO_ECB) @@ -2509,7 +2507,7 @@ static TEE_Result mac_final(void *ctx, uint32_t algo, uint8_t *digest, memcpy(digest, cbc->digest, MIN(ltc_digest_len, cbc->block_len)); - cipher_final(&cbc->cbc, algo); + crypto_cipher_final(&cbc->cbc, algo); break; #endif #if defined(CFG_CRYPTO_CMAC) @@ -2980,15 +2978,6 @@ static TEE_Result tee_ltc_init(void) const struct crypto_ops crypto_ops = { .name = "LibTomCrypt provider", .init = tee_ltc_init, -#if defined(_CFG_CRYPTO_WITH_CIPHER) - .cipher = { - .final = cipher_final, - .get_block_size = cipher_get_block_size, - .get_ctx_size = cipher_get_ctx_size, - .init = cipher_init, - .update = cipher_update, - }, -#endif #if defined(_CFG_CRYPTO_WITH_MAC) .mac = { .get_ctx_size = mac_get_ctx_size, diff --git a/core/tee/tee_cryp_utl.c b/core/tee/tee_cryp_utl.c index e40a6850..9cc736c4 100644 --- a/core/tee/tee_cryp_utl.c +++ b/core/tee/tee_cryp_utl.c @@ -199,8 +199,6 @@ TEE_Result tee_do_cipher_update(void *ctx, uint32_t algo, if (mode != TEE_MODE_ENCRYPT && mode != TEE_MODE_DECRYPT) return TEE_ERROR_BAD_PARAMETERS; - if (crypto_ops.cipher.update == NULL) - return TEE_ERROR_NOT_IMPLEMENTED; /* * Check that the block contains the correct number of data, apart * for the last block in some XTS / CTR / XTS mode @@ -242,8 +240,8 @@ TEE_Result tee_do_cipher_update(void *ctx, uint32_t algo, } } - return crypto_ops.cipher.update(ctx, algo, mode, last_block, data, len, - dst); + return crypto_cipher_update(ctx, algo, mode, last_block, data, len, + dst); } /* diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index 4a834a9b..9afd186b 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -136,7 +136,7 @@ TEE_Result tee_fs_fek_crypt(const TEE_UUID *uuid, TEE_OperationMode mode, return res; } - res = crypto_ops.cipher.get_ctx_size(TEE_FS_KM_ENC_FEK_ALG, &ctx_size); + res = crypto_cipher_get_ctx_size(TEE_FS_KM_ENC_FEK_ALG, &ctx_size); if (res != TEE_SUCCESS) return res; @@ -144,17 +144,17 @@ TEE_Result tee_fs_fek_crypt(const TEE_UUID *uuid, TEE_OperationMode mode, if (!ctx) return TEE_ERROR_OUT_OF_MEMORY; - res = crypto_ops.cipher.init(ctx, TEE_FS_KM_ENC_FEK_ALG, mode, tsk, - sizeof(tsk), NULL, 0, NULL, 0); + res = crypto_cipher_init(ctx, TEE_FS_KM_ENC_FEK_ALG, mode, tsk, + sizeof(tsk), NULL, 0, NULL, 0); if (res != TEE_SUCCESS) goto exit; - res = crypto_ops.cipher.update(ctx, TEE_FS_KM_ENC_FEK_ALG, - mode, true, in_key, size, dst_key); + res = crypto_cipher_update(ctx, TEE_FS_KM_ENC_FEK_ALG, + mode, true, in_key, size, dst_key); if (res != TEE_SUCCESS) goto exit; - crypto_ops.cipher.final(ctx, TEE_FS_KM_ENC_FEK_ALG); + crypto_cipher_final(ctx, TEE_FS_KM_ENC_FEK_ALG); memcpy(out_key, dst_key, sizeof(dst_key)); @@ -253,7 +253,7 @@ static TEE_Result aes_ecb(uint8_t out[TEE_AES_BLOCK_SIZE], size_t ctx_size; uint32_t algo = TEE_ALG_AES_ECB_NOPAD; - res = crypto_ops.cipher.get_ctx_size(algo, &ctx_size); + res = crypto_cipher_get_ctx_size(algo, &ctx_size); if (res != TEE_SUCCESS) return res; @@ -261,17 +261,17 @@ static TEE_Result aes_ecb(uint8_t out[TEE_AES_BLOCK_SIZE], if (!ctx) return TEE_ERROR_OUT_OF_MEMORY; - res = crypto_ops.cipher.init(ctx, algo, TEE_MODE_ENCRYPT, key, - key_size, NULL, 0, NULL, 0); + res = crypto_cipher_init(ctx, algo, TEE_MODE_ENCRYPT, key, + key_size, NULL, 0, NULL, 0); if (res != TEE_SUCCESS) goto out; - res = crypto_ops.cipher.update(ctx, algo, TEE_MODE_ENCRYPT, true, in, - TEE_AES_BLOCK_SIZE, out); + res = crypto_cipher_update(ctx, algo, TEE_MODE_ENCRYPT, true, in, + TEE_AES_BLOCK_SIZE, out); if (res != TEE_SUCCESS) goto out; - crypto_ops.cipher.final(ctx, algo); + crypto_cipher_final(ctx, algo); res = TEE_SUCCESS; out: @@ -325,22 +325,22 @@ TEE_Result tee_fs_crypt_block(const TEE_UUID *uuid, uint8_t *out, res = essiv(iv, fek, blk_idx); /* Run AES CBC */ - res = crypto_ops.cipher.get_ctx_size(algo, &ctx_size); + res = crypto_cipher_get_ctx_size(algo, &ctx_size); if (res != TEE_SUCCESS) return res; ctx = malloc(ctx_size); if (!ctx) return TEE_ERROR_OUT_OF_MEMORY; - res = crypto_ops.cipher.init(ctx, algo, mode, fek, sizeof(fek), NULL, - 0, iv, TEE_AES_BLOCK_SIZE); + res = crypto_cipher_init(ctx, algo, mode, fek, sizeof(fek), NULL, + 0, iv, TEE_AES_BLOCK_SIZE); if (res != TEE_SUCCESS) goto exit; - res = crypto_ops.cipher.update(ctx, algo, mode, true, in, size, out); + res = crypto_cipher_update(ctx, algo, mode, true, in, size, out); if (res != TEE_SUCCESS) goto exit; - crypto_ops.cipher.final(ctx, algo); + crypto_cipher_final(ctx, algo); exit: free(ctx); diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 81473743..570c5ed1 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -2028,11 +2028,7 @@ TEE_Result syscall_cryp_state_alloc(unsigned long algo, unsigned long mode, (algo != TEE_ALG_AES_XTS && (key1 == 0 || key2 != 0))) { res = TEE_ERROR_BAD_PARAMETERS; } else { - if (crypto_ops.cipher.get_ctx_size) - res = crypto_ops.cipher.get_ctx_size(algo, - &cs->ctx_size); - else - res = TEE_ERROR_NOT_IMPLEMENTED; + res = crypto_cipher_get_ctx_size(algo, &cs->ctx_size); if (res != TEE_SUCCESS) break; cs->ctx = calloc(1, cs->ctx_size); @@ -2406,33 +2402,25 @@ TEE_Result syscall_cipher_init(unsigned long state, const void *iv, key1 = o->attr; - if (!crypto_ops.cipher.init) - return TEE_ERROR_NOT_IMPLEMENTED; - if (tee_obj_get(utc, cs->key2, &o) == TEE_SUCCESS) { struct tee_cryp_obj_secret *key2 = o->attr; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) return TEE_ERROR_BAD_PARAMETERS; - res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, - (uint8_t *)(key1 + 1), - key1->key_size, - (uint8_t *)(key2 + 1), - key2->key_size, - iv, iv_len); + res = crypto_cipher_init(cs->ctx, cs->algo, cs->mode, + (uint8_t *)(key1 + 1), key1->key_size, + (uint8_t *)(key2 + 1), key2->key_size, + iv, iv_len); } else { - res = crypto_ops.cipher.init(cs->ctx, cs->algo, cs->mode, - (uint8_t *)(key1 + 1), - key1->key_size, - NULL, - 0, - iv, iv_len); + res = crypto_cipher_init(cs->ctx, cs->algo, cs->mode, + (uint8_t *)(key1 + 1), key1->key_size, + NULL, 0, iv, iv_len); } if (res != TEE_SUCCESS) return res; - cs->ctx_finalize = crypto_ops.cipher.final; + cs->ctx_finalize = crypto_cipher_final; return TEE_SUCCESS; } |