crypto_api: acipher: rsa: provide a software implementation

Provide a software implementation via LTC to unsupported operations. Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
ldts · Jun 26, 2022 · 9d2ea9b · 9d2ea9b
1 parent d31a488
commit 9d2ea9b
Show file tree

Hide file tree

Showing 3 changed files with 220 additions and 21 deletions.
diff --git a/core/drivers/crypto/crypto_api/acipher/rsa.c b/core/drivers/crypto/crypto_api/acipher/rsa.c
@@ -6,6 +6,7 @@
  */
 #include <drvcrypt.h>
 #include <crypto/crypto.h>
+#include <crypto/crypto_impl.h>
 #include <tee_api_defines_extensions.h>
 #include <tee/tee_cryp_utl.h>
 #include <utee_defines.h>
@@ -29,6 +30,9 @@ TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *key,
 	if (rsa)
 		ret = rsa->alloc_keypair(key, size_bits);
 
+	if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+		ret = sw_crypto_acipher_alloc_rsa_keypair(key, size_bits);
+
 	CRYPTO_TRACE("RSA Keypair (%zu bits) alloc ret = 0x%" PRIx32, size_bits,
 		     ret);
 	return ret;
@@ -50,6 +54,9 @@ TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *key,
 	if (rsa)
 		ret = rsa->alloc_publickey(key, size_bits);
 
+	if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+		ret = sw_crypto_acipher_alloc_rsa_public_key(key, size_bits);
+
 	CRYPTO_TRACE("RSA Public Key (%zu bits) alloc ret = 0x%" PRIx32,
 		     size_bits, ret);
 	return ret;
@@ -96,6 +103,9 @@ TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t size_bits)
 	if (rsa)
 		ret = rsa->gen_keypair(key, size_bits);
 
+	if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+		ret = sw_crypto_acipher_gen_rsa_key(key, size_bits);
+
 	CRYPTO_TRACE("RSA Keypair (%zu bits) generate ret = 0x%" PRIx32,
 		     size_bits, ret);
 
@@ -134,7 +144,12 @@ TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key,
 
 		ret = rsa->decrypt(&rsa_data);
 
-		*msg_len = rsa_data.message.length;
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsanopad_decrypt(key, cipher,
+								 cipher_len,
+								 msg, msg_len);
+		else
+			*msg_len = rsa_data.message.length;
 	}
 
 	CRYPTO_TRACE("RSA Decrypt NO PAD ret = 0x%" PRIx32, ret);
@@ -186,8 +201,14 @@ TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key,
 
 		ret = rsa->encrypt(&rsa_data);
 
-		/* Set the cipher size */
-		*cipher_len = rsa_data.cipher.length;
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsanopad_encrypt(key, msg,
+								 msg_len,
+								 cipher,
+								 cipher_len);
+		else
+			/* Set the cipher size */
+			*cipher_len = rsa_data.cipher.length;
 	}
 
 	CRYPTO_TRACE("RSA Encrypt NO PAD ret = 0x%" PRIx32, ret);
@@ -245,9 +266,14 @@ TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key,
 		rsa_data.label.length = label_len;
 
 		ret = rsa->decrypt(&rsa_data);
-
-		/* Set the message size */
-		*msg_len = rsa_data.message.length;
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsaes_decrypt(algo, key, label,
+							      label_len, cipher,
+							      cipher_len, msg,
+							      msg_len);
+		else
+			/* Set the message size */
+			*msg_len = rsa_data.message.length;
 	}
 
 	CRYPTO_TRACE("RSAES Decrypt ret = 0x%" PRIx32, ret);
@@ -331,8 +357,14 @@ TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo,
 
 		ret = rsa->encrypt(&rsa_data);
 
-		/* Set the cipher size */
-		*cipher_len = rsa_data.cipher.length;
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsaes_encrypt(algo, key, label,
+							      label_len, msg,
+							      msg_len, cipher,
+							      cipher_len);
+		else
+			/* Set the cipher size */
+			*cipher_len = rsa_data.cipher.length;
 	}
 
 	CRYPTO_TRACE("RSAES Encrypt ret = 0x%" PRIx32, ret);
@@ -406,6 +438,11 @@ TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key,
 		if (rsa->optional.ssa_sign)
 			ret = rsa->optional.ssa_sign(&rsa_ssa);
 
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsassa_sign(algo, key, salt_len,
+							    msg, msg_len, sig,
+							    sig_len);
+
 		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
 			ret = drvcrypt_rsassa_sign(&rsa_ssa);
 
@@ -482,6 +519,12 @@ TEE_Result crypto_acipher_rsassa_verify(uint32_t algo,
 		if (rsa->optional.ssa_verify)
 			ret = rsa->optional.ssa_verify(&rsa_ssa);
 
+		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
+			ret = sw_crypto_acipher_rsassa_verify(algo, key,
+							      salt_len, msg,
+							      msg_len, sig,
+							      sig_len);
+
 		if (ret == TEE_ERROR_NOT_IMPLEMENTED)
 			ret = drvcrypt_rsassa_verify(&rsa_ssa);
 

diff --git a/core/include/crypto/crypto_impl.h b/core/include/crypto/crypto_impl.h
@@ -403,4 +403,158 @@ drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused,
 	return TEE_ERROR_NOT_IMPLEMENTED;
 }
 #endif /* CFG_CRYPTO_DRV_ECC */
+
+#if defined(CFG_CRYPTO_DRV_RSA)
+#define SW(__x) sw_## __x
+
+TEE_Result
+sw_crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s,
+				    size_t key_size_bits);
+TEE_Result
+sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
+				       size_t key_size_bits);
+
+void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s);
+
+void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s);
+
+TEE_Result
+sw_crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t key_size);
+
+TEE_Result
+sw_crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key,
+				   const uint8_t *src, size_t src_len,
+					   uint8_t *dst, size_t *dst_len);
+TEE_Result
+sw_crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key,
+				   const uint8_t *src, size_t src_len,
+				   uint8_t *dst, size_t *dst_len);
+
+TEE_Result
+sw_crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key,
+				const uint8_t *label, size_t label_len,
+				const uint8_t *src, size_t src_len,
+				uint8_t *dst, size_t *dst_len);
+
+TEE_Result
+sw_crypto_acipher_rsaes_encrypt(uint32_t algo, struct rsa_public_key *key,
+				const uint8_t *label, size_t label_len,
+				const uint8_t *src, size_t src_len,
+				uint8_t *dst, size_t *dst_len);
+
+TEE_Result
+sw_crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key,
+			      int salt_len, const uint8_t *msg,
+			      size_t msg_len, uint8_t *sig, size_t *sig_len);
+
+TEE_Result
+sw_crypto_acipher_rsassa_verify(uint32_t algo, struct rsa_public_key *key,
+				int salt_len, const uint8_t *msg,
+				size_t msg_len, const uint8_t *sig,
+				size_t sig_len);
+#else
+#define SW(__x) __x
+
+static inline TEE_Result
+sw_crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s __unused,
+				    size_t key_size_bits __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s __unused,
+				       size_t key_size_bits __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline void
+sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s __unused)
+{
+}
+
+static inline void
+sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s __unused)
+{
+}
+
+static inline TEE_Result
+sw_crypto_acipher_gen_rsa_key(struct rsa_keypair *key __unused,
+			      size_t key_size __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key __unused,
+				   const uint8_t *src __unused,
+				   size_t src_len __unused,
+				   uint8_t *dst __unused,
+				   size_t *dst_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key __unused,
+				   const uint8_t *src __unused,
+				   size_t src_len __unused,
+				   uint8_t *dst __unused,
+				   size_t *dst_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsaes_decrypt(uint32_t algo __unused,
+				struct rsa_keypair *key __unused,
+				const uint8_t *label __unused,
+				size_t label_len __unused,
+				const uint8_t *src __unused,
+				size_t src_len __unused,
+				uint8_t *dst __unused,
+				size_t *dst_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsaes_encrypt(uint32_t algo __unused,
+				struct rsa_public_key *key __unused,
+				const uint8_t *label __unused,
+				size_t label_len __unused,
+				const uint8_t *src __unused,
+				size_t src_len __unused,
+				uint8_t *dst __unused,
+				size_t *dst_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsassa_sign(uint32_t algo __unused,
+			      struct rsa_keypair *key __unused,
+			      int salt_len __unused,
+			      const uint8_t *msg __unused,
+			      size_t msg_len __unused,
+			      uint8_t *sig __unused,
+			      size_t *sig_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+static inline TEE_Result
+sw_crypto_acipher_rsassa_verify(uint32_t algo __unused,
+				struct rsa_public_key *key __unused,
+				int salt_len __unused,
+				const uint8_t *msg __unused,
+				size_t msg_len __unused,
+				const uint8_t *sig __unused,
+				size_t sig_len __unused)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+
+#endif
 #endif /*__CRYPTO_CRYPTO_IMPL_H*/