diff options
-rw-r--r-- | core/crypto/crypto.c | 13 | ||||
-rw-r--r-- | core/include/crypto/crypto.h | 13 | ||||
-rw-r--r-- | core/kernel/huk_subkey.c | 19 | ||||
-rw-r--r-- | core/tee/tee_cryp_hkdf.c | 20 | ||||
-rw-r--r-- | core/tee/tee_cryp_pbkdf2.c | 17 | ||||
-rw-r--r-- | core/tee/tee_fs_key_manager.c | 8 | ||||
-rw-r--r-- | core/tee/tee_rpmb_fs.c | 22 | ||||
-rw-r--r-- | core/tee/tee_svc_cryp.c | 15 |
8 files changed, 54 insertions, 73 deletions
diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c index 8755a889..a912d808 100644 --- a/core/crypto/crypto.c +++ b/core/crypto/crypto.c @@ -261,25 +261,23 @@ static const struct crypto_mac_ops *mac_ops(void *ctx) return c->ops; } -void crypto_mac_free_ctx(void *ctx, uint32_t algo __unused) +void crypto_mac_free_ctx(void *ctx) { if (ctx) mac_ops(ctx)->free_ctx(ctx); } -void crypto_mac_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo __unused) +void crypto_mac_copy_state(void *dst_ctx, void *src_ctx) { mac_ops(dst_ctx)->copy_state(dst_ctx, src_ctx); } -TEE_Result crypto_mac_init(void *ctx, uint32_t algo __unused, - const uint8_t *key, size_t len) +TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len) { return mac_ops(ctx)->init(ctx, key, len); } -TEE_Result crypto_mac_update(void *ctx, uint32_t algo __unused, - const uint8_t *data, size_t len) +TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len) { if (!len) return TEE_SUCCESS; @@ -287,8 +285,7 @@ TEE_Result crypto_mac_update(void *ctx, uint32_t algo __unused, return mac_ops(ctx)->update(ctx, data, len); } -TEE_Result crypto_mac_final(void *ctx, uint32_t algo __unused, - uint8_t *digest, size_t digest_len) +TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len) { return mac_ops(ctx)->final(ctx, digest, digest_len); } diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h index da4613b6..84a34397 100644 --- a/core/include/crypto/crypto.h +++ b/core/include/crypto/crypto.h @@ -50,14 +50,11 @@ void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx); /* Message Authentication Code functions */ TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo); -TEE_Result crypto_mac_init(void *ctx, uint32_t algo, const uint8_t *key, - size_t len); -TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data, - size_t len); -TEE_Result crypto_mac_final(void *ctx, uint32_t algo, uint8_t *digest, - size_t digest_len); -void crypto_mac_free_ctx(void *ctx, uint32_t algo); -void crypto_mac_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo); +TEE_Result crypto_mac_init(void *ctx, const uint8_t *key, size_t len); +TEE_Result crypto_mac_update(void *ctx, const uint8_t *data, size_t len); +TEE_Result crypto_mac_final(void *ctx, uint8_t *digest, size_t digest_len); +void crypto_mac_free_ctx(void *ctx); +void crypto_mac_copy_state(void *dst_ctx, void *src_ctx); /* Authenticated encryption */ TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo); diff --git a/core/kernel/huk_subkey.c b/core/kernel/huk_subkey.c index 9bf8547c..826a9fa9 100644 --- a/core/kernel/huk_subkey.c +++ b/core/kernel/huk_subkey.c @@ -11,8 +11,7 @@ static TEE_Result mac_usage(void *ctx, uint32_t usage) { - return crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, - (const void *)&usage, sizeof(usage)); + return crypto_mac_update(ctx, (const void *)&usage, sizeof(usage)); } #ifdef CFG_CORE_HUK_SUBKEY_COMPAT @@ -44,12 +43,10 @@ static TEE_Result huk_compat(void *ctx, enum huk_subkey_usage usage) return TEE_SUCCESS; case HUK_SUBKEY_SSK: get_dummy_die_id(chip_id, sizeof(chip_id)); - res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, - chip_id, sizeof(chip_id)); + res = crypto_mac_update(ctx, chip_id, sizeof(chip_id)); if (res) return res; - return crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, - ssk_str, sizeof(ssk_str)); + return crypto_mac_update(ctx, ssk_str, sizeof(ssk_str)); default: return mac_usage(ctx, usage); } @@ -78,8 +75,7 @@ TEE_Result huk_subkey_derive(enum huk_subkey_usage usage, if (res) goto out; - res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, huk.data, - sizeof(huk.data)); + res = crypto_mac_init(ctx, huk.data, sizeof(huk.data)); if (res) goto out; @@ -92,17 +88,16 @@ TEE_Result huk_subkey_derive(enum huk_subkey_usage usage, goto out; if (const_data) { - res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, const_data, - const_data_len); + res = crypto_mac_update(ctx, const_data, const_data_len); if (res) goto out; } - res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, subkey, subkey_len); + res = crypto_mac_final(ctx, subkey, subkey_len); out: if (res) memzero_explicit(subkey, subkey_len); memzero_explicit(&huk, sizeof(huk)); - crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); + crypto_mac_free_ctx(ctx); return res; } diff --git a/core/tee/tee_cryp_hkdf.c b/core/tee/tee_cryp_hkdf.c index 01f37f1f..1713ccf5 100644 --- a/core/tee/tee_cryp_hkdf.c +++ b/core/tee/tee_cryp_hkdf.c @@ -44,21 +44,21 @@ static TEE_Result hkdf_extract(uint32_t hash_id, const uint8_t *ikm, * Therefore, salt is the HMAC key in the formula from section 2.2: * "PRK = HMAC-Hash(salt, IKM)" */ - res = crypto_mac_init(ctx, hmac_algo, salt, salt_len); + res = crypto_mac_init(ctx, salt, salt_len); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_update(ctx, hmac_algo, ikm, ikm_len); + res = crypto_mac_update(ctx, ikm, ikm_len); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_final(ctx, hmac_algo, prk, *prk_len); + res = crypto_mac_final(ctx, prk, *prk_len); if (res != TEE_SUCCESS) goto out; res = tee_hash_get_digest_size(hash_algo, prk_len); out: - crypto_mac_free_ctx(ctx, hmac_algo); + crypto_mac_free_ctx(ctx); return res; } @@ -115,19 +115,19 @@ static TEE_Result hkdf_expand(uint32_t hash_id, const uint8_t *prk, for (i = 1; i <= n; i++) { uint8_t c = i; - res = crypto_mac_init(ctx, hmac_algo, prk, prk_len); + res = crypto_mac_init(ctx, prk, prk_len); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_update(ctx, hmac_algo, tn, tn_len); + res = crypto_mac_update(ctx, tn, tn_len); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_update(ctx, hmac_algo, info, info_len); + res = crypto_mac_update(ctx, info, info_len); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_update(ctx, hmac_algo, &c, 1); + res = crypto_mac_update(ctx, &c, 1); if (res != TEE_SUCCESS) goto out; - res = crypto_mac_final(ctx, hmac_algo, tn, sizeof(tn)); + res = crypto_mac_final(ctx, tn, sizeof(tn)); if (res != TEE_SUCCESS) goto out; @@ -137,7 +137,7 @@ static TEE_Result hkdf_expand(uint32_t hash_id, const uint8_t *prk, } out: - crypto_mac_free_ctx(ctx, hmac_algo); + crypto_mac_free_ctx(ctx); return res; } diff --git a/core/tee/tee_cryp_pbkdf2.c b/core/tee/tee_cryp_pbkdf2.c index f9e44291..f6ab74a4 100644 --- a/core/tee/tee_cryp_pbkdf2.c +++ b/core/tee/tee_cryp_pbkdf2.c @@ -34,34 +34,31 @@ static TEE_Result pbkdf2_f(uint8_t *out, size_t len, uint32_t idx, memset(out, 0, len); for (i = 1; i <= p->iteration_count; i++) { - res = crypto_mac_init(h->ctx, h->algo, p->password, - p->password_len); + res = crypto_mac_init(h->ctx, p->password, p->password_len); if (res != TEE_SUCCESS) return res; if (i == 1) { if (p->salt && p->salt_len) { - res = crypto_mac_update(h->ctx, h->algo, - p->salt, p->salt_len); + res = crypto_mac_update(h->ctx, p->salt, + p->salt_len); if (res != TEE_SUCCESS) return res; } be_index = TEE_U32_TO_BIG_ENDIAN(idx); - res = crypto_mac_update(h->ctx, h->algo, - (uint8_t *)&be_index, + res = crypto_mac_update(h->ctx, (uint8_t *)&be_index, sizeof(be_index)); if (res != TEE_SUCCESS) return res; } else { - res = crypto_mac_update(h->ctx, h->algo, u, - h->hash_len); + res = crypto_mac_update(h->ctx, u, h->hash_len); if (res != TEE_SUCCESS) return res; } - res = crypto_mac_final(h->ctx, h->algo, u, sizeof(u)); + res = crypto_mac_final(h->ctx, u, sizeof(u)); if (res != TEE_SUCCESS) return res; @@ -112,6 +109,6 @@ TEE_Result tee_cryp_pbkdf2(uint32_t hash_id, const uint8_t *password, res = pbkdf2_f(out, r, i, &hmac_parms, &pbkdf2_parms); out: - crypto_mac_free_ctx(hmac_parms.ctx, hmac_parms.algo); + crypto_mac_free_ctx(hmac_parms.ctx); return res; } diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index dfe8454f..00bafca2 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -52,22 +52,22 @@ static TEE_Result do_hmac(void *out_key, size_t out_key_size, if (res != TEE_SUCCESS) return res; - res = crypto_mac_init(ctx, TEE_FS_KM_HMAC_ALG, in_key, in_key_size); + res = crypto_mac_init(ctx, in_key, in_key_size); if (res != TEE_SUCCESS) goto exit; - res = crypto_mac_update(ctx, TEE_FS_KM_HMAC_ALG, message, message_size); + res = crypto_mac_update(ctx, message, message_size); if (res != TEE_SUCCESS) goto exit; - res = crypto_mac_final(ctx, TEE_FS_KM_HMAC_ALG, out_key, out_key_size); + res = crypto_mac_final(ctx, out_key, out_key_size); if (res != TEE_SUCCESS) goto exit; res = TEE_SUCCESS; exit: - crypto_mac_free_ctx(ctx, TEE_FS_KM_HMAC_ALG); + crypto_mac_free_ctx(ctx); return res; } diff --git a/core/tee/tee_rpmb_fs.c b/core/tee/tee_rpmb_fs.c index c263e919..906b2371 100644 --- a/core/tee/tee_rpmb_fs.c +++ b/core/tee/tee_rpmb_fs.c @@ -343,26 +343,25 @@ static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, if (res) return res; - res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, key, keysize); + res = crypto_mac_init(ctx, key, keysize); if (res != TEE_SUCCESS) goto func_exit; for (i = 0; i < blkcnt; i++) { - res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, - datafrms[i].data, + res = crypto_mac_update(ctx, datafrms[i].data, RPMB_MAC_PROTECT_DATA_SIZE); if (res != TEE_SUCCESS) goto func_exit; } - res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize); + res = crypto_mac_final(ctx, mac, macsize); if (res != TEE_SUCCESS) goto func_exit; res = TEE_SUCCESS; func_exit: - crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); + crypto_mac_free_ctx(ctx); return res; } @@ -655,8 +654,7 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, if (res) goto func_exit; - res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key, - RPMB_KEY_MAC_SIZE); + res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); if (res != TEE_SUCCESS) goto func_exit; @@ -676,7 +674,7 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, */ memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); - res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, localfrm.data, + res = crypto_mac_update(ctx, localfrm.data, RPMB_MAC_PROTECT_DATA_SIZE); if (res != TEE_SUCCESS) goto func_exit; @@ -709,20 +707,18 @@ static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, goto func_exit; /* Update MAC against the last block */ - res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data, - RPMB_MAC_PROTECT_DATA_SIZE); + res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); if (res != TEE_SUCCESS) goto func_exit; - res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac, - RPMB_KEY_MAC_SIZE); + res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); if (res != TEE_SUCCESS) goto func_exit; res = TEE_SUCCESS; func_exit: - crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); + crypto_mac_free_ctx(ctx); return res; } diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 206f3ee5..74a53621 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -1929,7 +1929,7 @@ static void cryp_state_free(struct user_ta_ctx *utc, struct tee_cryp_state *cs) crypto_hash_free_ctx(cs->ctx); break; case TEE_OPERATION_MAC: - crypto_mac_free_ctx(cs->ctx, cs->algo); + crypto_mac_free_ctx(cs->ctx); break; default: assert(!cs->ctx); @@ -2179,7 +2179,7 @@ TEE_Result syscall_cryp_state_copy(unsigned long dst, unsigned long src) crypto_hash_copy_state(cs_dst->ctx, cs_src->ctx); break; case TEE_OPERATION_MAC: - crypto_mac_copy_state(cs_dst->ctx, cs_src->ctx, cs_src->algo); + crypto_mac_copy_state(cs_dst->ctx, cs_src->ctx); break; default: return TEE_ERROR_BAD_STATE; @@ -2251,8 +2251,8 @@ TEE_Result syscall_hash_init(unsigned long state, return TEE_ERROR_BAD_PARAMETERS; key = (struct tee_cryp_obj_secret *)o->attr; - res = crypto_mac_init(cs->ctx, cs->algo, - (void *)(key + 1), key->key_size); + res = crypto_mac_init(cs->ctx, (void *)(key + 1), + key->key_size); if (res != TEE_SUCCESS) return res; break; @@ -2306,7 +2306,7 @@ TEE_Result syscall_hash_update(unsigned long state, const void *chunk, return res; break; case TEE_OPERATION_MAC: - res = crypto_mac_update(cs->ctx, cs->algo, chunk, chunk_size); + res = crypto_mac_update(cs->ctx, chunk, chunk_size); if (res != TEE_SUCCESS) return res; break; @@ -2391,13 +2391,12 @@ TEE_Result syscall_hash_final(unsigned long state, const void *chunk, } if (chunk_size) { - res = crypto_mac_update(cs->ctx, cs->algo, chunk, - chunk_size); + res = crypto_mac_update(cs->ctx, chunk, chunk_size); if (res != TEE_SUCCESS) return res; } - res = crypto_mac_final(cs->ctx, cs->algo, hash, hash_size); + res = crypto_mac_final(cs->ctx, hash, hash_size); if (res != TEE_SUCCESS) return res; break; |