summaryrefslogtreecommitdiffstats
path: root/meta-rcar-gen3/recipes-bsp/optee/optee-os/0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch
blob: bac23ad95c8c044a982ec2b2ba3660b8d66ddf59 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
From f6ba4b6f808158a9daf39bc7224da806a9e3547d Mon Sep 17 00:00:00 2001
From: Tomohiro Fujiwara <tomohiro.fujiwara.cw@hitachi.com>
Date: Wed, 26 Sep 2018 23:12:17 +0900
Subject: [PATCH 2/2] [OPTEE_PROVIDER][#188122] Fix to exclusive control for
 RSA/ECDSA

This commit fixes to be exclusive in order to other processes are not
executed between build key process and sign/verify/enc/dec process.

Signed-off-by: Tomohiro Fujiwara <tomohiro.fujiwara.cw@hitachi.com>
---
 core/lib/libcryptoengine/tee_pka_provider.c    | 4 ++++
 core/lib/libcryptoengine/tee_provider_common.h | 1 +
 core/lib/libcryptoengine/tee_ss_provider.c     | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/core/lib/libcryptoengine/tee_pka_provider.c b/core/lib/libcryptoengine/tee_pka_provider.c
index 453bc31a..c5df6737 100644
--- a/core/lib/libcryptoengine/tee_pka_provider.c
+++ b/core/lib/libcryptoengine/tee_pka_provider.c
@@ -20,6 +20,8 @@ static SSError_t pka_get_ecc_keysize(uint32_t curve,
 static void userProcessCompletedFunc(CRYSError_t opStatus __unused,
 		void* pVerifContext __unused);
 
+static struct mutex pka_ecdsa_mutex = MUTEX_INITIALIZER;
+
 /*
  * brief:	Translate  CRYS API AES error into SS provider error.
  *
@@ -239,6 +241,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg,
 		res = pka_get_ecc_digest(messageSizeInBytes, &eccHash);
 	}
 
+	mutex_lock(&pka_ecdsa_mutex);
 	if (res == SS_SUCCESS) {
 		/* build public key */
 		*publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed;
@@ -274,6 +277,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg,
 		res = pka_translate_error_pka2ss_ecc(pka_res);
 		PROV_DMSG("Result: res=0x%08x\n", res);
 	}
+	mutex_unlock(&pka_ecdsa_mutex);
 
 	ss_free((void *)publKeyX_ptr);
 	ss_free((void *)publKeyY_ptr);
diff --git a/core/lib/libcryptoengine/tee_provider_common.h b/core/lib/libcryptoengine/tee_provider_common.h
index 823c7bfa..ed2de568 100644
--- a/core/lib/libcryptoengine/tee_provider_common.h
+++ b/core/lib/libcryptoengine/tee_provider_common.h
@@ -8,6 +8,7 @@
 
 #include <crypto/crypto.h>
 #include <tee/tee_cryp_utl.h>
+#include <kernel/mutex.h>
 #include <mpalib.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/core/lib/libcryptoengine/tee_ss_provider.c b/core/lib/libcryptoengine/tee_ss_provider.c
index 77a12d7c..3e9f93a1 100644
--- a/core/lib/libcryptoengine/tee_ss_provider.c
+++ b/core/lib/libcryptoengine/tee_ss_provider.c
@@ -282,6 +282,8 @@ static SSError_t ss_crys_aesccm_update(void *ctx, uint8_t *dataIn_ptr,
 static void ss_backup_cb(enum suspend_to_ram_state state, uint32_t cpu_id);
 static TEE_Result crypto_hw_init_crypto_engine(void);
 
+static struct mutex secure_ecdsa_mutex = MUTEX_INITIALIZER;
+
 static SSError_t ss_crys_aes_update(void *ctx, uint8_t *dataIn_ptr,
 		uint32_t dataInSize, uint8_t *dataOut_ptr, CRYSError_t *crysRes)
 {
@@ -3090,6 +3092,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key,
 		res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode);
 	}
 
+	mutex_lock(&secure_ecdsa_mutex);
 	if (res == SS_SUCCESS) {
 		PROV_DMSG("CALL:  CRYS_ECPKI_BuildPrivKey()\n");
 		crys_res = CRYS_ECPKI_BuildPrivKey(domain_id, privKeySizeIn_ptr,
@@ -3107,6 +3110,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key,
 		res = ss_translate_error_crys2ss_ecc(crys_res);
 		PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n",crys_res,res);
 	}
+	mutex_unlock(&secure_ecdsa_mutex);
 
 	ss_free((void *)signUserContext_ptr);
 	ss_free((void *)privKeySizeIn_ptr);
@@ -3193,6 +3197,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key,
 		res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode);
 	}
 
+	mutex_lock(&secure_ecdsa_mutex);
 	if (res == SS_SUCCESS) {
 		/* build public key */
 		*publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed;
@@ -3217,6 +3222,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key,
 		PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n", crys_res,
 				res);
 	}
+	mutex_unlock(&secure_ecdsa_mutex);
 
 	ss_free((void *)publKeyX_ptr);
 	ss_free((void *)publKeyY_ptr);
-- 
2.14.1.windows.1