From: Lukasz Kostyra Date: Thu, 17 Aug 2017 09:47:09 +0000 (+0200) Subject: ssflib: Remove HW crypto routines X-Git-Tag: submit/tizen/20170914.115510~13 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F26%2F144726%2F2;p=platform%2Fcore%2Fsecurity%2Ftef-simulator.git ssflib: Remove HW crypto routines ssflib had various leftovers from old implementation using hardware to perform crypto operations. The hardware is not supported on simulator, these code blocks were commented out, or put in "#if 0...#endif" blocks, so for easier maintenance they were removed. Change-Id: If1ccb76dce0cb63f567de314acc30e8b83cdd9f5 --- diff --git a/ssflib/inc/ssf_storage.h b/ssflib/inc/ssf_storage.h index c5fb4be..7b39767 100644 --- a/ssflib/inc/ssf_storage.h +++ b/ssflib/inc/ssf_storage.h @@ -145,44 +145,6 @@ extern po_list_node g_po_list; extern po_info_file g_po_info_file; -#if 0 -// Generic Object Functions -void TEE_GetObjectInfo(TEE_ObjectHandle object, TEE_ObjectInfo* objectInfo); -void TEE_RestrictObjectUsage(TEE_ObjectHandle object, uint32_t objectUsage); -TEE_Result TEE_GetObjectBufferAttribute(TEE_ObjectHandle object, uint32_t attributeID, void* buffer, size_t* size); -TEE_Result TEE_GetObjectValueAttribute(TEE_ObjectHandle object, uint32_t attributeID, uint32_t* a, uint32_t* b); -void TEE_CloseObject(TEE_ObjectHandle object); - -// Transient Object Functions -TEE_Result TEE_AllocateTransientObject(uint32_t objectType, uint32_t maxObjectSize, TEE_ObjectHandle* object); -void TEE_FreeTransientObject(TEE_ObjectHandle object); -void TEE_ResetTransientObject(TEE_ObjectHandle object); -TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Attribute* attrs, uint32_t attrCount); -void TEE_InitRefAttribute(TEE_Attribute* attr, uint32_t attributeID, void* buffer, size_t length); -void TEE_InitValueAttribute(TEE_Attribute* attr, uint32_t attributeID, uint32_t a, uint32_t b); -void TEE_CopyObjectAttributes(TEE_ObjectHandle destObject, TEE_ObjectHandle srcObject); -TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_Attribute* params, uint32_t paramCount); - -// Persistent Object Functions -TEE_Result TEE_CreatePersistentObject(uint32_t storageID, void* objectID, size_t objectIDLen, uint32_t flags, TEE_ObjectHandle attributes, void* initialData, size_t initialDataLen, TEE_ObjectHandle* object); -TEE_Result TEE_OpenPersistentObject(uint32_t storageID, void* objectID, size_t objectIDLen, uint32_t flags, TEE_ObjectHandle* object); -void TEE_CloseAndDeletePersistentObject(TEE_ObjectHandle object); -TEE_Result TEE_RenamePersistentObject(TEE_ObjectHandle object, void* newObjectID, size_t newObjectIDLen); - -// Persistent Object Enumeration Functions -TEE_Result TEE_AllocatePersistentObjectEnumerator(TEE_ObjectEnumHandle* objectEnumerator); -void TEE_FreePersistentObjectEnumerator(TEE_ObjectEnumHandle objectEnumerator); -void TEE_ResetPersistentObjectEnumerator(TEE_ObjectEnumHandle objectEnumerator); -TEE_Result TEE_StartPersistentObjectEnumerator(TEE_ObjectEnumHandle objectEnumerator, uint32_t storageID); -TEE_Result TEE_GetNextPersistentObject(TEE_ObjectEnumHandle objectEnumerator, TEE_ObjectInfo* objectInfo, void* objectID, size_t* objectIDLen); - -// Data Stream Access Functions -TEE_Result TEE_ReadObjectData(TEE_ObjectHandle object, void* buffer, size_t size, uint32_t* count); -TEE_Result TEE_WriteObjectData(TEE_ObjectHandle object, void* buffer, size_t size); -TEE_Result TEE_TruncateObjectData(TEE_ObjectHandle object, uint32_t size); -TEE_Result TEE_SeekObjectData(TEE_ObjectHandle object, int32_t offset, TEE_Whence whence); -#endif - // attribute operations TEE_Result copy_attribute(TEE_Attribute* dest, TEE_Attribute* src); void free_attribute(TEE_Attribute* attr); diff --git a/ssflib/src/ssf_crypto.cpp b/ssflib/src/ssf_crypto.cpp index 083c9f9..c856318 100644 --- a/ssflib/src/ssf_crypto.cpp +++ b/ssflib/src/ssf_crypto.cpp @@ -29,8 +29,6 @@ #include "CC_API.h" -// #include - #define TAG "TEE:Crypto" #define CRYPTO_PANIC do{LOGE(SSF_LIB, "This Line!");TEE_Panic(0);}while(0) @@ -79,8 +77,6 @@ struct __TEE_OperationHandle TEE_OperationInfo info; }; -//static int crypto_engine_type = CRYPTO_USE_SW_ENGINE; - static int sw_crypto_ioctl_init(crypto_internal_operation *operation, crypto_internal_keystruct *key, unsigned char *ivec, unsigned int ivec_len) { (void)ivec_len; /* actually always==16 */ @@ -94,7 +90,7 @@ static int sw_crypto_ioctl_init(crypto_internal_operation *operation, crypto_int /* TEE_OPERATION_CIPHER */ case TEE_ALG_AES_ECB_NOPAD: if(operation->info.mode == TEE_MODE_ENCRYPT) mode=ID_ENC_ECB; - else mode=ID_DEC_ECB; + else mode=ID_DEC_ECB; padding = ID_NO_PADDING; rc=handle->SE_init(handle, mode, padding, key->secret.buffer, key->secret.size, ivec); break; @@ -885,7 +881,7 @@ static int sw_crypto_open(crypto_internal_operation *operation) } operation->crypto=(int)create_CryptoCoreContainer(alg); - + if(operation->crypto==0) { goto error; } @@ -905,263 +901,23 @@ static int sw_crypto_close(crypto_internal_operation *operation) return rc; } -#if 0 -static int hw_crypto_ioctl_init(crypto_internal_operation *operation, crypto_internal_keystruct *key, unsigned char *ivec, unsigned int ivec_len) -{ - int rc; - unsigned int mode = 0; - struct crypt_info info; - memset(&info, 0, sizeof(info)); - - switch(operation->info.algorithm) - { - /* TEE_OPERATION_CIPHER */ - case TEE_ALG_AES_ECB_NOPAD: - case TEE_ALG_AES_ECB_PKCS5: - case TEE_ALG_AES_ECB_PKCS7: - case TEE_ALG_AES_ECB_ISO9797_M1: - case TEE_ALG_AES_ECB_ISO9797_M2: - mode=MI_AES_ECB; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_AES_CBC_NOPAD: - case TEE_ALG_AES_CBC_PKCS5: - case TEE_ALG_AES_CBC_PKCS7: - case TEE_ALG_AES_CBC_ISO9797_M1: - case TEE_ALG_AES_CBC_ISO9797_M2: - mode=MI_AES_CBC; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_AES_CTR: - case TEE_ALG_AES_CTR_NOPAD: - mode=MI_AES_CTR; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_AES_CTS: - case TEE_ALG_AES_XTS: - break; - - case TEE_ALG_DES_ECB_NOPAD: - mode=MI_DES_ECB; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_DES3_ECB_NOPAD: - mode=MI_TDES_ECB; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_DES_CBC_NOPAD: - mode=MI_DES_CBC; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_DES3_CBC_NOPAD: - mode=MI_TDES_CBC; - if (operation->info.mode == TEE_MODE_DECRYPT) { - mode |= _MODE_DEC_; - } - break; - - case TEE_ALG_MD5: - mode=MI_MD5; - break; - - case TEE_ALG_SHA1: - mode=MI_SHA1; - break; - - case TEE_ALG_SHA224: - mode=MI_SHA224; - break; - - case TEE_ALG_SHA256: - mode=MI_HMAC_SHA256; - break; - - case TEE_ALG_SHA384: - mode=MI_SHA384; - break; - - case TEE_ALG_SHA512: - mode=MI_SHA512; - break; - - case TEE_ALG_RSA_NOPAD: - case TEE_ALG_RSAES_PKCS1_V1_5: - case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: - case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: - case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: - case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: - case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: - case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: - case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: - case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: - case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: - case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: - case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: - case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: - case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: - case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: - case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: - case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: - case TEE_ALG_DSA_SHA1: - case TEE_ALG_GENERATE_SECRET_KEY: - case TEE_ALG_GENERATE_RSA_KEY: - LOGE(SSF_LIB, "Not Support Algorithm : %X ", operation->info.algorithm); - break; - - default: - LOGE(SSF_LIB, "Not Support Algorithm : %X ", operation->info.algorithm); - break; - } - - if(mode==0) - { - rc = -1; - } - else - { - /* Set Key Type */ - info.keytype = KEYID_USER_KEY; - info.mode = mode; - /* Set Key */ - if(key->secret.buffer && key->secret.size !=0 && key->secret.size < MAX_KEY_LEN) { - info.keylen = key->secret.size; - memcpy(info.key, key->secret.buffer, key->secret.size); - } - /* Set IV */ - if(ivec && ivec_len !=0 && ivec_len < MAX_IV_LEN) { - info.ivlen = ivec_len; - memcpy(info.iv, ivec, ivec_len); - } - rc= ioctl(operation->crypto, IOCTL_CRYPTO_INIT, (unsigned long)&info); - } - - CRYPTO_INTERNAL_LOG("rc=%d ", rc); - return rc; -} - -static int hw_crypto_ioctl_update(crypto_internal_operation *operation, unsigned char* src_addr, unsigned int src_size, unsigned char* dst_addr, unsigned int* dst_size) -{ - int ret; - struct crypt_oper oper; - - oper.src_addr=src_addr; - oper.dst_addr=dst_addr; - oper.src_len=src_size; - oper.dst_len=dst_size; - oper.final=0; - - ret = ioctl(operation->crypto, IOCTL_CRYPTO_CRYPT, (unsigned long)&oper); - return ret; -} - -static int hw_crypto_ioctl_final(crypto_internal_operation *operation, unsigned char* src_addr, unsigned int src_size, unsigned char* dst_addr, unsigned int* dst_size) -{ - int ret; - struct crypt_oper oper; - - oper.src_addr=src_addr; - oper.dst_addr=dst_addr; - oper.src_len=src_size; - oper.dst_len=dst_size; - oper.final=1; - - ret = ioctl(operation->crypto, IOCTL_CRYPTO_CRYPT, (unsigned long)&oper); - return ret; -} - -static int hw_crypto_open(crypto_internal_operation *operation) -{ - operation->crypto = open("/dev/crypto", 0, 0); - if(operation->crypto) { - return 0; - } - return -1; -} - -static int hw_crypto_close(crypto_internal_operation *operation) -{ - close(operation->crypto); - operation->crypto=-1; - return 0; -} - -static crypto_internal_engine crypto_internal_select_engine(uint32_t alg) -{ - return CRYPTO_SW_ENGINE; -} - -void crypto_internal_set_engine(int set) -{ - crypto_engine_type=set; -} -#endif - int crypto_internal_open(crypto_internal_operation *operation) { - int rc = -1; - /*crypto_internal_engine engine; - - engine=crypto_internal_select_engine(operation->info.algorithm); - if (engine==CRYPTO_HW_ENGINE) { - rc=hw_crypto_open(operation); - } - else if (engine==CRYPTO_SW_ENGINE) {*/ - rc=sw_crypto_open(operation); - //} - return rc; + return sw_crypto_open(operation); } int crypto_internal_close(crypto_internal_operation *operation) { - int rc = -1; - /*crypto_internal_engine engine; - - engine=crypto_internal_select_engine(operation->info.algorithm); - if (engine==CRYPTO_HW_ENGINE) { - rc=hw_crypto_close(operation); - } - else if (engine==CRYPTO_SW_ENGINE) {*/ - rc=sw_crypto_close(operation); - //} - return rc; + return sw_crypto_close(operation); } int crypto_internal_init(crypto_internal_operation *operation, crypto_internal_keystruct *key, unsigned char *ivec, size_t ivec_len) { - int rc = -1; - /*crypto_internal_engine engine; - - engine=crypto_internal_select_engine(operation->info.algorithm); - if (engine==CRYPTO_HW_ENGINE) { - rc = hw_crypto_ioctl_init(operation, key, ivec, ivec_len); - } - else if (engine==CRYPTO_SW_ENGINE) {*/ - rc=sw_crypto_ioctl_init(operation, key, ivec, ivec_len); - //} - return rc; + return sw_crypto_ioctl_init(operation, key, ivec, ivec_len); } int crypto_internal_update(crypto_internal_operation *operation, unsigned char *src_data, size_t src_len, unsigned char *dst_data, size_t *dst_len) { - //crypto_internal_engine engine; unsigned char* in_data=NULL; unsigned char* out_data=NULL; unsigned int in_size=0; @@ -1171,16 +927,7 @@ int crypto_internal_update(crypto_internal_operation *operation, unsigned char * unsigned int total_processing_len=0; int (*crypto_update_engine)(crypto_internal_operation *, unsigned char *, unsigned int, unsigned char *, unsigned int*); - /*engine=crypto_internal_select_engine(operation->info.algorithm); - if (engine==CRYPTO_HW_ENGINE) { - crypto_update_engine=hw_crypto_ioctl_update; - } - else if (engine==CRYPTO_SW_ENGINE) {*/ - crypto_update_engine=sw_crypto_ioctl_update; - //} - //else { - // goto error; - //} + crypto_update_engine=sw_crypto_ioctl_update; if(src_data) { in_data=(unsigned char*)src_data; @@ -1332,7 +1079,6 @@ error: int crypto_internal_final(crypto_internal_operation *operation, unsigned char *src_data, size_t src_len, unsigned char *dst_data, size_t *dst_len) { - //crypto_internal_engine engine; unsigned char* in_data=NULL; unsigned char* out_data=NULL; unsigned int in_size=0; @@ -1343,18 +1089,8 @@ int crypto_internal_final(crypto_internal_operation *operation, unsigned char *s int (*crypto_update_engine)(crypto_internal_operation *, unsigned char *, unsigned int, unsigned char *, unsigned int*); int (*crypto_final_engine)(crypto_internal_operation *, unsigned char *, unsigned int, unsigned char *, unsigned int*); - /*engine=crypto_internal_select_engine(operation->info.algorithm); - if (engine==CRYPTO_HW_ENGINE) { - crypto_update_engine=hw_crypto_ioctl_update; - crypto_final_engine=hw_crypto_ioctl_final; - } - else if (engine==CRYPTO_SW_ENGINE) {*/ - crypto_update_engine=sw_crypto_ioctl_update; - crypto_final_engine=sw_crypto_ioctl_final; - /*} - else { - goto error; - }*/ + crypto_update_engine=sw_crypto_ioctl_update; + crypto_final_engine=sw_crypto_ioctl_final; if(src_data) { in_data=(unsigned char*)src_data;