1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
From f6ba4b6f808158a9daf39bc7224da806a9e3547d Mon Sep 17 00:00:00 2001
From: Tomohiro Fujiwara <tomohiro.fujiwara.cw@hitachi.com>
Date: Wed, 26 Sep 2018 23:12:17 +0900
Subject: [PATCH 2/2] [OPTEE_PROVIDER][#188122] Fix to exclusive control for
RSA/ECDSA
This commit fixes to be exclusive in order to other processes are not
executed between build key process and sign/verify/enc/dec process.
Signed-off-by: Tomohiro Fujiwara <tomohiro.fujiwara.cw@hitachi.com>
---
core/lib/libcryptoengine/tee_pka_provider.c | 4 ++++
core/lib/libcryptoengine/tee_provider_common.h | 1 +
core/lib/libcryptoengine/tee_ss_provider.c | 6 ++++++
3 files changed, 11 insertions(+)
diff --git a/core/lib/libcryptoengine/tee_pka_provider.c b/core/lib/libcryptoengine/tee_pka_provider.c
index 453bc31a..c5df6737 100644
--- a/core/lib/libcryptoengine/tee_pka_provider.c
+++ b/core/lib/libcryptoengine/tee_pka_provider.c
@@ -20,6 +20,8 @@ static SSError_t pka_get_ecc_keysize(uint32_t curve,
static void userProcessCompletedFunc(CRYSError_t opStatus __unused,
void* pVerifContext __unused);
+static struct mutex pka_ecdsa_mutex = MUTEX_INITIALIZER;
+
/*
* brief: Translate CRYS API AES error into SS provider error.
*
@@ -239,6 +241,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg,
res = pka_get_ecc_digest(messageSizeInBytes, &eccHash);
}
+ mutex_lock(&pka_ecdsa_mutex);
if (res == SS_SUCCESS) {
/* build public key */
*publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed;
@@ -274,6 +277,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg,
res = pka_translate_error_pka2ss_ecc(pka_res);
PROV_DMSG("Result: res=0x%08x\n", res);
}
+ mutex_unlock(&pka_ecdsa_mutex);
ss_free((void *)publKeyX_ptr);
ss_free((void *)publKeyY_ptr);
diff --git a/core/lib/libcryptoengine/tee_provider_common.h b/core/lib/libcryptoengine/tee_provider_common.h
index 823c7bfa..ed2de568 100644
--- a/core/lib/libcryptoengine/tee_provider_common.h
+++ b/core/lib/libcryptoengine/tee_provider_common.h
@@ -8,6 +8,7 @@
#include <crypto/crypto.h>
#include <tee/tee_cryp_utl.h>
+#include <kernel/mutex.h>
#include <mpalib.h>
#include <stdlib.h>
#include <string.h>
diff --git a/core/lib/libcryptoengine/tee_ss_provider.c b/core/lib/libcryptoengine/tee_ss_provider.c
index 77a12d7c..3e9f93a1 100644
--- a/core/lib/libcryptoengine/tee_ss_provider.c
+++ b/core/lib/libcryptoengine/tee_ss_provider.c
@@ -282,6 +282,8 @@ static SSError_t ss_crys_aesccm_update(void *ctx, uint8_t *dataIn_ptr,
static void ss_backup_cb(enum suspend_to_ram_state state, uint32_t cpu_id);
static TEE_Result crypto_hw_init_crypto_engine(void);
+static struct mutex secure_ecdsa_mutex = MUTEX_INITIALIZER;
+
static SSError_t ss_crys_aes_update(void *ctx, uint8_t *dataIn_ptr,
uint32_t dataInSize, uint8_t *dataOut_ptr, CRYSError_t *crysRes)
{
@@ -3090,6 +3092,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key,
res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode);
}
+ mutex_lock(&secure_ecdsa_mutex);
if (res == SS_SUCCESS) {
PROV_DMSG("CALL: CRYS_ECPKI_BuildPrivKey()\n");
crys_res = CRYS_ECPKI_BuildPrivKey(domain_id, privKeySizeIn_ptr,
@@ -3107,6 +3110,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key,
res = ss_translate_error_crys2ss_ecc(crys_res);
PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n",crys_res,res);
}
+ mutex_unlock(&secure_ecdsa_mutex);
ss_free((void *)signUserContext_ptr);
ss_free((void *)privKeySizeIn_ptr);
@@ -3193,6 +3197,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key,
res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode);
}
+ mutex_lock(&secure_ecdsa_mutex);
if (res == SS_SUCCESS) {
/* build public key */
*publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed;
@@ -3217,6 +3222,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key,
PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n", crys_res,
res);
}
+ mutex_unlock(&secure_ecdsa_mutex);
ss_free((void *)publKeyX_ptr);
ss_free((void *)publKeyY_ptr);
--
2.14.1.windows.1
|
