From f6ba4b6f808158a9daf39bc7224da806a9e3547d Mon Sep 17 00:00:00 2001 From: Tomohiro Fujiwara Date: Wed, 26 Sep 2018 23:12:17 +0900 Subject: [PATCH 2/2] [OPTEE_PROVIDER][#188122] Fix to exclusive control for RSA/ECDSA This commit fixes to be exclusive in order to other processes are not executed between build key process and sign/verify/enc/dec process. Signed-off-by: Tomohiro Fujiwara --- core/lib/libcryptoengine/tee_pka_provider.c | 4 ++++ core/lib/libcryptoengine/tee_provider_common.h | 1 + core/lib/libcryptoengine/tee_ss_provider.c | 6 ++++++ 3 files changed, 11 insertions(+) diff --git a/core/lib/libcryptoengine/tee_pka_provider.c b/core/lib/libcryptoengine/tee_pka_provider.c index 453bc31a..c5df6737 100644 --- a/core/lib/libcryptoengine/tee_pka_provider.c +++ b/core/lib/libcryptoengine/tee_pka_provider.c @@ -20,6 +20,8 @@ static SSError_t pka_get_ecc_keysize(uint32_t curve, static void userProcessCompletedFunc(CRYSError_t opStatus __unused, void* pVerifContext __unused); +static struct mutex pka_ecdsa_mutex = MUTEX_INITIALIZER; + /* * brief: Translate CRYS API AES error into SS provider error. * @@ -239,6 +241,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg, res = pka_get_ecc_digest(messageSizeInBytes, &eccHash); } + mutex_lock(&pka_ecdsa_mutex); if (res == SS_SUCCESS) { /* build public key */ *publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed; @@ -274,6 +277,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg, res = pka_translate_error_pka2ss_ecc(pka_res); PROV_DMSG("Result: res=0x%08x\n", res); } + mutex_unlock(&pka_ecdsa_mutex); ss_free((void *)publKeyX_ptr); ss_free((void *)publKeyY_ptr); diff --git a/core/lib/libcryptoengine/tee_provider_common.h b/core/lib/libcryptoengine/tee_provider_common.h index 823c7bfa..ed2de568 100644 --- a/core/lib/libcryptoengine/tee_provider_common.h +++ b/core/lib/libcryptoengine/tee_provider_common.h @@ -8,6 +8,7 @@ #include #include +#include #include #include #include diff --git a/core/lib/libcryptoengine/tee_ss_provider.c b/core/lib/libcryptoengine/tee_ss_provider.c index 77a12d7c..3e9f93a1 100644 --- a/core/lib/libcryptoengine/tee_ss_provider.c +++ b/core/lib/libcryptoengine/tee_ss_provider.c @@ -282,6 +282,8 @@ static SSError_t ss_crys_aesccm_update(void *ctx, uint8_t *dataIn_ptr, static void ss_backup_cb(enum suspend_to_ram_state state, uint32_t cpu_id); static TEE_Result crypto_hw_init_crypto_engine(void); +static struct mutex secure_ecdsa_mutex = MUTEX_INITIALIZER; + static SSError_t ss_crys_aes_update(void *ctx, uint8_t *dataIn_ptr, uint32_t dataInSize, uint8_t *dataOut_ptr, CRYSError_t *crysRes) { @@ -3090,6 +3092,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key, res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode); } + mutex_lock(&secure_ecdsa_mutex); if (res == SS_SUCCESS) { PROV_DMSG("CALL: CRYS_ECPKI_BuildPrivKey()\n"); crys_res = CRYS_ECPKI_BuildPrivKey(domain_id, privKeySizeIn_ptr, @@ -3107,6 +3110,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key, res = ss_translate_error_crys2ss_ecc(crys_res); PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n",crys_res,res); } + mutex_unlock(&secure_ecdsa_mutex); ss_free((void *)signUserContext_ptr); ss_free((void *)privKeySizeIn_ptr); @@ -3193,6 +3197,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key, res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode); } + mutex_lock(&secure_ecdsa_mutex); if (res == SS_SUCCESS) { /* build public key */ *publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed; @@ -3217,6 +3222,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key, PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n", crys_res, res); } + mutex_unlock(&secure_ecdsa_mutex); ss_free((void *)publKeyX_ptr); ss_free((void *)publKeyY_ptr); -- 2.14.1.windows.1