summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/crypto/crypto.c13
-rw-r--r--core/include/crypto/crypto.h13
-rw-r--r--core/kernel/huk_subkey.c19
-rw-r--r--core/tee/tee_cryp_hkdf.c20
-rw-r--r--core/tee/tee_cryp_pbkdf2.c17
-rw-r--r--core/tee/tee_fs_key_manager.c8
-rw-r--r--core/tee/tee_rpmb_fs.c22
-rw-r--r--core/tee/tee_svc_cryp.c15
8 files changed, 54 insertions, 73 deletions
diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c
index 8755a889..a912d808 100644
--- a/core/crypto/crypto.c
+++ b/core/crypto/crypto.c
@@ -261,25 +261,23 @@ static const struct crypto_mac_ops *mac_ops(void *ctx)
return c->ops;
}
-void crypto_mac_free_ctx(void *ctx, uint32_t algo __unused)
+void crypto_mac_free_ctx(void *ctx)
{
if (ctx)
mac_ops(ctx)->free_ctx(ctx);
}
-void crypto_mac_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo __unused)
+void crypto_mac_copy_state(void *dst_ctx, void *src_ctx)
{
mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx);
}
-TEE_Result crypto_mac_init(void *ctx, uint32_t algo __unused,
- const uint8_t *key, size_t len)
+TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len)
{
return mac_ops(ctx)->init(ctx, key, len);
}
-TEE_Result crypto_mac_update(void *ctx, uint32_t algo __unused,
- const uint8_t *data, size_t len)
+TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len)
{
if (!len)
return TEE_SUCCESS;
@@ -287,8 +285,7 @@ TEE_Result crypto_mac_update(void *ctx, uint32_t algo __unused,
return mac_ops(ctx)->update(ctx, data, len);
}
-TEE_Result crypto_mac_final(void *ctx, uint32_t algo __unused,
- uint8_t *digest, size_t digest_len)
+TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len)
{
return mac_ops(ctx)->final(ctx, digest, digest_len);
}
diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h
index da4613b6..84a34397 100644
--- a/core/include/crypto/crypto.h
+++ b/core/include/crypto/crypto.h
@@ -50,14 +50,11 @@ void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx);
/* Message Authentication Code functions */
TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo);
-TEE_Result crypto_mac_init(void *ctx, uint32_t algo, const uint8_t *key,
- size_t len);
-TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data,
- size_t len);
-TEE_Result crypto_mac_final(void *ctx, uint32_t algo, uint8_t *digest,
- size_t digest_len);
-void crypto_mac_free_ctx(void *ctx, uint32_t algo);
-void crypto_mac_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo);
+TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len);
+TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len);
+TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len);
+void crypto_mac_free_ctx(void *ctx);
+void crypto_mac_copy_state(void *dst_ctx, void *src_ctx);
/* Authenticated encryption */
TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo);
diff --git a/core/kernel/huk_subkey.c b/core/kernel/huk_subkey.c
index 9bf8547c..826a9fa9 100644
--- a/core/kernel/huk_subkey.c
+++ b/core/kernel/huk_subkey.c
@@ -11,8 +11,7 @@
static TEE_Result mac_usage(void *ctx, uint32_t usage)
{
- return crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
- (const void *)&usage, sizeof(usage));
+ return crypto_mac_update(ctx, (const void *)&usage, sizeof(usage));
}
#ifdef CFG_CORE_HUK_SUBKEY_COMPAT
@@ -44,12 +43,10 @@ static TEE_Result huk_compat(void *ctx, enum huk_subkey_usage usage)
return TEE_SUCCESS;
case HUK_SUBKEY_SSK:
get_dummy_die_id(chip_id, sizeof(chip_id));
- res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
- chip_id, sizeof(chip_id));
+ res = crypto_mac_update(ctx, chip_id, sizeof(chip_id));
if (res)
return res;
- return crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
- ssk_str, sizeof(ssk_str));
+ return crypto_mac_update(ctx, ssk_str, sizeof(ssk_str));
default:
return mac_usage(ctx, usage);
}
@@ -78,8 +75,7 @@ TEE_Result huk_subkey_derive(enum huk_subkey_usage usage,
if (res)
goto out;
- res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, huk.data,
- sizeof(huk.data));
+ res = crypto_mac_init(ctx, huk.data, sizeof(huk.data));
if (res)
goto out;
@@ -92,17 +88,16 @@ TEE_Result huk_subkey_derive(enum huk_subkey_usage usage,
goto out;
if (const_data) {
- res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, const_data,
- const_data_len);
+ res = crypto_mac_update(ctx, const_data, const_data_len);
if (res)
goto out;
}
- res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, subkey, subkey_len);
+ res = crypto_mac_final(ctx, subkey, subkey_len);
out:
if (res)
memzero_explicit(subkey, subkey_len);
memzero_explicit(&huk, sizeof(huk));
- crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256);
+ crypto_mac_free_ctx(ctx);
return res;
}
diff --git a/core/tee/tee_cryp_hkdf.c b/core/tee/tee_cryp_hkdf.c
index 01f37f1f..1713ccf5 100644
--- a/core/tee/tee_cryp_hkdf.c
+++ b/core/tee/tee_cryp_hkdf.c
@@ -44,21 +44,21 @@ static TEE_Result hkdf_extract(uint32_t hash_id, const uint8_t *ikm,
* Therefore, salt is the HMAC key in the formula from section 2.2:
* "PRK = HMAC-Hash(salt, IKM)"
*/
- res = crypto_mac_init(ctx, hmac_algo, salt, salt_len);
+ res = crypto_mac_init(ctx, salt, salt_len);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_update(ctx, hmac_algo, ikm, ikm_len);
+ res = crypto_mac_update(ctx, ikm, ikm_len);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_final(ctx, hmac_algo, prk, *prk_len);
+ res = crypto_mac_final(ctx, prk, *prk_len);
if (res != TEE_SUCCESS)
goto out;
res = tee_hash_get_digest_size(hash_algo, prk_len);
out:
- crypto_mac_free_ctx(ctx, hmac_algo);
+ crypto_mac_free_ctx(ctx);
return res;
}
@@ -115,19 +115,19 @@ static TEE_Result hkdf_expand(uint32_t hash_id, const uint8_t *prk,
for (i = 1; i <= n; i++) {
uint8_t c = i;
- res = crypto_mac_init(ctx, hmac_algo, prk, prk_len);
+ res = crypto_mac_init(ctx, prk, prk_len);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_update(ctx, hmac_algo, tn, tn_len);
+ res = crypto_mac_update(ctx, tn, tn_len);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_update(ctx, hmac_algo, info, info_len);
+ res = crypto_mac_update(ctx, info, info_len);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_update(ctx, hmac_algo, &c, 1);
+ res = crypto_mac_update(ctx, &c, 1);
if (res != TEE_SUCCESS)
goto out;
- res = crypto_mac_final(ctx, hmac_algo, tn, sizeof(tn));
+ res = crypto_mac_final(ctx, tn, sizeof(tn));
if (res != TEE_SUCCESS)
goto out;
@@ -137,7 +137,7 @@ static TEE_Result hkdf_expand(uint32_t hash_id, const uint8_t *prk,
}
out:
- crypto_mac_free_ctx(ctx, hmac_algo);
+ crypto_mac_free_ctx(ctx);
return res;
}
diff --git a/core/tee/tee_cryp_pbkdf2.c b/core/tee/tee_cryp_pbkdf2.c
index f9e44291..f6ab74a4 100644
--- a/core/tee/tee_cryp_pbkdf2.c
+++ b/core/tee/tee_cryp_pbkdf2.c
@@ -34,34 +34,31 @@ static TEE_Result pbkdf2_f(uint8_t *out, size_t len, uint32_t idx,
memset(out, 0, len);
for (i = 1; i <= p->iteration_count; i++) {
- res = crypto_mac_init(h->ctx, h->algo, p->password,
- p->password_len);
+ res = crypto_mac_init(h->ctx, p->password, p->password_len);
if (res != TEE_SUCCESS)
return res;
if (i == 1) {
if (p->salt && p->salt_len) {
- res = crypto_mac_update(h->ctx, h->algo,
- p->salt, p->salt_len);
+ res = crypto_mac_update(h->ctx, p->salt,
+ p->salt_len);
if (res != TEE_SUCCESS)
return res;
}
be_index = TEE_U32_TO_BIG_ENDIAN(idx);
- res = crypto_mac_update(h->ctx, h->algo,
- (uint8_t *)&be_index,
+ res = crypto_mac_update(h->ctx, (uint8_t *)&be_index,
sizeof(be_index));
if (res != TEE_SUCCESS)
return res;
} else {
- res = crypto_mac_update(h->ctx, h->algo, u,
- h->hash_len);
+ res = crypto_mac_update(h->ctx, u, h->hash_len);
if (res != TEE_SUCCESS)
return res;
}
- res = crypto_mac_final(h->ctx, h->algo, u, sizeof(u));
+ res = crypto_mac_final(h->ctx, u, sizeof(u));
if (res != TEE_SUCCESS)
return res;
@@ -112,6 +109,6 @@ TEE_Result tee_cryp_pbkdf2(uint32_t hash_id, const uint8_t *password,
res = pbkdf2_f(out, r, i, &hmac_parms, &pbkdf2_parms);
out:
- crypto_mac_free_ctx(hmac_parms.ctx, hmac_parms.algo);
+ crypto_mac_free_ctx(hmac_parms.ctx);
return res;
}
diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c
index dfe8454f..00bafca2 100644
--- a/core/tee/tee_fs_key_manager.c
+++ b/core/tee/tee_fs_key_manager.c
@@ -52,22 +52,22 @@ static TEE_Result do_hmac(void *out_key, size_t out_key_size,
if (res != TEE_SUCCESS)
return res;
- res = crypto_mac_init(ctx, TEE_FS_KM_HMAC_ALG, in_key, in_key_size);
+ res = crypto_mac_init(ctx, in_key, in_key_size);
if (res != TEE_SUCCESS)
goto exit;
- res = crypto_mac_update(ctx, TEE_FS_KM_HMAC_ALG, message, message_size);
+ res = crypto_mac_update(ctx, message, message_size);
if (res != TEE_SUCCESS)
goto exit;
- res = crypto_mac_final(ctx, TEE_FS_KM_HMAC_ALG, out_key, out_key_size);
+ res = crypto_mac_final(ctx, out_key, out_key_size);
if (res != TEE_SUCCESS)
goto exit;
res = TEE_SUCCESS;
exit:
- crypto_mac_free_ctx(ctx, TEE_FS_KM_HMAC_ALG);
+ crypto_mac_free_ctx(ctx);
return res;
}
diff --git a/core/tee/tee_rpmb_fs.c b/core/tee/tee_rpmb_fs.c
index c263e919..906b2371 100644
--- a/core/tee/tee_rpmb_fs.c
+++ b/core/tee/tee_rpmb_fs.c
@@ -343,26 +343,25 @@ static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize,
if (res)
return res;
- res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, key, keysize);
+ res = crypto_mac_init(ctx, key, keysize);
if (res != TEE_SUCCESS)
goto func_exit;
for (i = 0; i < blkcnt; i++) {
- res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
- datafrms[i].data,
+ res = crypto_mac_update(ctx, datafrms[i].data,
RPMB_MAC_PROTECT_DATA_SIZE);
if (res != TEE_SUCCESS)
goto func_exit;
}
- res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize);
+ res = crypto_mac_final(ctx, mac, macsize);
if (res != TEE_SUCCESS)
goto func_exit;
res = TEE_SUCCESS;
func_exit:
- crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256);
+ crypto_mac_free_ctx(ctx);
return res;
}
@@ -655,8 +654,7 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm,
if (res)
goto func_exit;
- res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key,
- RPMB_KEY_MAC_SIZE);
+ res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE);
if (res != TEE_SUCCESS)
goto func_exit;
@@ -676,7 +674,7 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm,
*/
memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE);
- res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, localfrm.data,
+ res = crypto_mac_update(ctx, localfrm.data,
RPMB_MAC_PROTECT_DATA_SIZE);
if (res != TEE_SUCCESS)
goto func_exit;
@@ -709,20 +707,18 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm,
goto func_exit;
/* Update MAC against the last block */
- res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data,
- RPMB_MAC_PROTECT_DATA_SIZE);
+ res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE);
if (res != TEE_SUCCESS)
goto func_exit;
- res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac,
- RPMB_KEY_MAC_SIZE);
+ res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE);
if (res != TEE_SUCCESS)
goto func_exit;
res = TEE_SUCCESS;
func_exit:
- crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256);
+ crypto_mac_free_ctx(ctx);
return res;
}
diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
index 206f3ee5..74a53621 100644
--- a/core/tee/tee_svc_cryp.c
+++ b/core/tee/tee_svc_cryp.c
@@ -1929,7 +1929,7 @@ static void cryp_state_free(struct user_ta_ctx *utc, struct tee_cryp_state *cs)
crypto_hash_free_ctx(cs->ctx);
break;
case TEE_OPERATION_MAC:
- crypto_mac_free_ctx(cs->ctx, cs->algo);
+ crypto_mac_free_ctx(cs->ctx);
break;
default:
assert(!cs->ctx);
@@ -2179,7 +2179,7 @@ TEE_Result syscall_cryp_state_copy(unsigned long dst, unsigned long src)
crypto_hash_copy_state(cs_dst->ctx, cs_src->ctx);
break;
case TEE_OPERATION_MAC:
- crypto_mac_copy_state(cs_dst->ctx, cs_src->ctx, cs_src->algo);
+ crypto_mac_copy_state(cs_dst->ctx, cs_src->ctx);
break;
default:
return TEE_ERROR_BAD_STATE;
@@ -2251,8 +2251,8 @@ TEE_Result syscall_hash_init(unsigned long state,
return TEE_ERROR_BAD_PARAMETERS;
key = (struct tee_cryp_obj_secret *)o->attr;
- res = crypto_mac_init(cs->ctx, cs->algo,
- (void *)(key + 1), key->key_size);
+ res = crypto_mac_init(cs->ctx, (void *)(key + 1),
+ key->key_size);
if (res != TEE_SUCCESS)
return res;
break;
@@ -2306,7 +2306,7 @@ TEE_Result syscall_hash_update(unsigned long state, const void *chunk,
return res;
break;
case TEE_OPERATION_MAC:
- res = crypto_mac_update(cs->ctx, cs->algo, chunk, chunk_size);
+ res = crypto_mac_update(cs->ctx, chunk, chunk_size);
if (res != TEE_SUCCESS)
return res;
break;
@@ -2391,13 +2391,12 @@ TEE_Result syscall_hash_final(unsigned long state, const void *chunk,
}
if (chunk_size) {
- res = crypto_mac_update(cs->ctx, cs->algo, chunk,
- chunk_size);
+ res = crypto_mac_update(cs->ctx, chunk, chunk_size);
if (res != TEE_SUCCESS)
return res;
}
- res = crypto_mac_final(cs->ctx, cs->algo, hash, hash_size);
+ res = crypto_mac_final(cs->ctx, hash, hash_size);
if (res != TEE_SUCCESS)
return res;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 08:56:59 +0000