#include "tee_api_types.h"
#include "tee-common.h"
#include "tee-ta-internal.h"
#include "edger/Enclave_t.h"
#include "syscall.h"
#include "report.h"
#include <string.h>
#include <stdlib.h>

Include dependency graph for tee-internal-api-cryptlib.c:

Functions
void	wolfSSL_Free (void *p)

void *	wolfSSL_Malloc (size_t n)

TEE_Result	TEE_AllocateOperation (TEE_OperationHandle *operation, uint32_t algorithm, uint32_t mode, uint32_t maxKeySize)
	Crypto, for all Crypto Functions. More...

void	TEE_FreeOperation (TEE_OperationHandle operation)
	Crypto, for all Crypto Functions. More...

void	TEE_DigestUpdate (TEE_OperationHandle operation, const void *chunk, uint32_t chunkSize)
	Crypto, Message Digest Functions. More...

TEE_Result	TEE_DigestDoFinal (TEE_OperationHandle operation, const void chunk, uint32_t chunkLen, void hash, uint32_t *hashLen)

TEE_Result	TEE_SetOperationKey (TEE_OperationHandle operation, TEE_ObjectHandle key)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEInit (TEE_OperationHandle operation, const void *nonce, uint32_t nonceLen, uint32_t tagLen, uint32_t AADLen, uint32_t payloadLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

void	TEE_AEUpdateAAD (TEE_OperationHandle operation, const void *AADdata, uint32_t AADdataLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEUpdate (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t *destLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEEncryptFinal (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t destLen, void tag, uint32_t *tagLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_AEDecryptFinal (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t destLen, void tag, uint32_t tagLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

void	TEE_CipherInit (TEE_OperationHandle operation, const void *nonce, uint32_t nonceLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_CipherUpdate (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t *destLen)
	Crypto, Authenticated Encryption with Symmetric key Verification Functions. More...

TEE_Result	TEE_CipherDoFinal (TEE_OperationHandle operation, const void srcData, uint32_t srcLen, void destData, uint32_t *destLen)

TEE_Result	TEE_GenerateKey (TEE_ObjectHandle object, uint32_t keySize, const TEE_Attribute *params, uint32_t paramCount)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AllocateTransientObject (TEE_ObjectType objectType, uint32_t maxKeySize, TEE_ObjectHandle *object)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_InitRefAttribute (TEE_Attribute attr, uint32_t attributeID, const void buffer, uint32_t length)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_InitValueAttribute (TEE_Attribute *attr, uint32_t attributeID, uint32_t a, uint32_t b)
	Crypto, Asymmetric key Verification Functions. More...

void	TEE_FreeTransientObject (TEE_ObjectHandle object)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AsymmetricSignDigest (TEE_OperationHandle operation, const TEE_Attribute params, uint32_t paramCount, const void digest, uint32_t digestLen, void signature, uint32_t signatureLen)
	Crypto, Asymmetric key Verification Functions. More...

TEE_Result	TEE_AsymmetricVerifyDigest (TEE_OperationHandle operation, const TEE_Attribute params, uint32_t paramCount, const void digest, uint32_t digestLen, const void *signature, uint32_t signatureLen)
	Crypto, Asymmetric key Verification Functions. More...

Function Documentation

◆ TEE_AEDecryptFinal()

TEE_Result TEE_AEDecryptFinal	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen,
		void *	tag,
		uint32_t	tagLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_AEDecryptFinal() - Processes data that has not been processed by previous calls to TEE_AEUpdate as well as data supplied in srcData.

This function completes the AE operation and compares the computed tag with the tag supplied in the parameter tag .The operation handle can be reused or newly initialized.The buffers srcData and destData shall be either completely disjoint or equal in their starting positions.The operation may be in either initial or active state and enters initial state afterwards.

Parameters

operation	Handle of a running AE operation
srcData	Reference to final chunk of input data to be encrypted
srcLen	length of the input data
destData	Output buffer. Can be omitted if the output is to be discarded.
destLen	length of the buffer.
tag	Output buffer filled with the computed tag
tagLen	length of the tag.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER If the output buffer is not large enough to contain the output; TEE_ERROR_MAC_INVALID If the computed tag does not match the supplied tag

◆ TEE_AEEncryptFinal()

TEE_Result TEE_AEEncryptFinal	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen,
		void *	tag,
		uint32_t *	tagLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_AEEncryptFinal() - processes data that has not been processed by previous calls to TEE_AEUpdate as well as data supplied in srcData .

TEE_AEEncryptFinal completes the AE operation and computes the tag. The operation handle can be reused or newly initialized. The buffers srcData and destData SHALL be either completely disjoint or equal in their starting positions.The operation may be in either initial or active state and enters initial state afterwards.

Parameters

operation	Handle of a running AE operation
srcData	Reference to final chunk of input data to be encrypted
srcLen	length of the input data
destData	Output buffer. Can be omitted if the output is to be discarded.
destLen	length of the buffer.
tag	Output buffer filled with the computed tag
tagLen	length of the tag.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER If the output or tag buffer is not large enoughto contain the output.

◆ TEE_AEInit()

TEE_Result TEE_AEInit	(	TEE_OperationHandle	operation,
		const void *	nonce,
		uint32_t	nonceLen,
		uint32_t	tagLen,
		uint32_t	AADLen,
		uint32_t	payloadLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_AEInit() - Initializes an Authentication Encryption operation.

The operation must be in initial state and remains in the initial state afterwards.

Parameters

operation	A handle on the operation.
nonce	The operation nonce or IV
nonceLen	length of nonce
tagLen	Size in bits of the tag
AADLen	Length in bytes of the AAD
payloadLen	Length in bytes of the payload.

Returns: 0 on success.; TEE_ERROR_NOT_SUPPORTED If the tag length is not supported by the algorithm.

◆ TEE_AEUpdate()

TEE_Result TEE_AEUpdate	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_AEUpdate() - Accumulates data for an Authentication Encryption operation

This function describes Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data,no output is generated. when using this routine to decrypt the returned data may be corrupt since the integrity check is not performed until all the data has been processed. If this is a concern then only use the TEE_AEDecryptFinal routine.

Parameters

operation	Handle of a running AE operation.
srcData	Input data buffer to be encrypted or decrypted
srcLen	length of the input buffer.
destData	Output buffer
destLen	length of the out put buffer.

Returns: 0 on success.; TEE_ERROR_SHORT_BUFFER if the output buffer is not large enough to contain the output.

◆ TEE_AEUpdateAAD()

void TEE_AEUpdateAAD	(	TEE_OperationHandle	operation,
		const void *	AADdata,
		uint32_t	AADdataLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_AEUpdateAAD() - Feeds a new chunk of Additional Authentication Data (AAD) to the AE operation. Subsequent calls to this function are possible.

The TEE_AEUpdateAAD function feeds a new chunk of Additional Authentication Data (AAD) to the AE operation. Subsequent calls to this function are possible.The buffers srcData and destData shall be either completely disjoint or equal in their starting positions.The operation SHALL be in initial state and remains in initial state afterwards.

Parameters

operation	Handle on the AE operation
AADdata	Input buffer containing the chunk of AAD
AADdataLen	length of the chunk of AAD.

◆ TEE_AllocateOperation()

TEE_Result TEE_AllocateOperation	(	TEE_OperationHandle *	operation,
		uint32_t	algorithm,
		uint32_t	mode,
		uint32_t	maxKeySize
	)

Crypto, for all Crypto Functions.

TEE_AllocateOperation() - Allocates a handle for a new cryptographic operation and sets the mode and algorithm type.

If this function does not return with TEE_SUCCESS then there is no valid handle value.Once a cryptographic operation has been created, the implementation shall guarantee that all resources necessary for the operation are allocated and that any operation with a key of at most maxKeySize bits can be performed. For algorithms that take multiple keys, for example the AES XTS algorithm, the maxKeySize parameter specifies the size of the largest key. It is up to the implementation to properly allocate space for multiple keys if the algorithm so requires.

Parameters

operation	reference to generated operation handle.
algorithm	One of the cipher algorithms.
mode	The operation mode.
maxKeySize	Maximum key size in bits for the operation.

Returns: 0 in case of success; TEE_ERROR_OUT_OF_MEMORY If there are not enough resources to allocate the operation.; TEE_ERROR_NOT_SUPPORTED If the mode is not compatible with the algorithm or key size or if the algorithm is not one of the listed algorithms or if maxKeySize is not appropriate for the algorithm.

◆ TEE_AllocateTransientObject()

TEE_Result TEE_AllocateTransientObject	(	TEE_ObjectType	objectType,
		uint32_t	maxKeySize,
		TEE_ObjectHandle *	object
	)

Crypto, Asymmetric key Verification Functions.

TEE_AllocateTransientObject() - Allocates an uninitialized transient object. Transient objects are used to hold a cryptographic object (key or key-pair).

The value TEE_KEYSIZE_NO_KEY should be used for maxObjectSize for object types that do not require a key so that all the container resources can be pre-allocated. As allocated, the container is uninitialized. It can be initialized by subsequently importing the object material,generating an object, deriving an object, or loading an object from the Trusted Storage.

Parameters

objectType	Type of uninitialized object container to be created
maxKeySize	Key Size of the object.
object	Filled with a handle on the newly created key container.

Returns: 0 on success; TEE_ERROR_OUT_OF_MEMORY If not enough resources are available to allocate the object handle.; TEE_ERROR_NOT_SUPPORTED If the key size is not supported or the object
type is not supported.

◆ TEE_AsymmetricSignDigest()

TEE_Result TEE_AsymmetricSignDigest	(	TEE_OperationHandle	operation,
		const TEE_Attribute *	params,
		uint32_t	paramCount,
		const void *	digest,
		uint32_t	digestLen,
		void *	signature,
		uint32_t *	signatureLen
	)

Crypto, Asymmetric key Verification Functions.

TEE_AsymmetricSignDigest() - Signs a message digest within an asymmetric operation.

Parameters

operation	Handle on the operation, which SHALL have been suitably set up with an operation key.
params	Optional operation parameters
paramCount	size of param
digest	Input buffer containing the input message digest
digestLen	length of input buffer.
signature	Output buffer written with the signature of the digest
signatureLen	length of output buffer.

Returns: 0 on sccess; TEE_ERROR_SHORT_BUFFER If the signature buffer is not large enough to hold the result

◆ TEE_AsymmetricVerifyDigest()

TEE_Result TEE_AsymmetricVerifyDigest	(	TEE_OperationHandle	operation,
		const TEE_Attribute *	params,
		uint32_t	paramCount,
		const void *	digest,
		uint32_t	digestLen,
		const void *	signature,
		uint32_t	signatureLen
	)

Crypto, Asymmetric key Verification Functions.

TEE_AsymmetricVerifyDigest() - verifies a message digest signature within an asymmetric operation.

This function describes the message digest signature verify by calling ed25519_verify().

Parameters

operation	Handle on the operation, which SHALL have been suitably set up with an operation key.
params	Optional operation parameters
paramCount	size of param.
digest	Input buffer containing the input message digest
digestLen	length of input buffer.
signature	Output buffer written with the signature of the digest
signatureLen	length of output buffer.

Returns: TEE_SUCCESS on success; TEE_ERROR_SIGNATURE_INVALID if the signature is invalid.

◆ TEE_CipherDoFinal()

TEE_Result TEE_CipherDoFinal	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen
	)

TEE_CipherDoFinal() - Finalizes the cipher operation, processing data that has not been processed by previous calls to TEE_CipherUpdate as well as data supplied in srcData .

This function describes The operation handle can be reused or re-initialized. The buffers srcData and destData shall be either completely disjoint or equal in their starting positions.The operation SHALL be in active state and is set to initial state afterwards.

Parameters

operation	Handle of a running Cipher operation
srcData	Input data buffer to be encrypted or decrypted
srcLen	length of input buffer
destData	output buffer
destLen	ouput buffer length.

Returns: 0 on success; TEE_ERROR_SHORT_BUFFER If the output buffer is not large enough to contain the output

◆ TEE_CipherInit()

void TEE_CipherInit	(	TEE_OperationHandle	operation,
		const void *	nonce,
		uint32_t	nonceLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_CipherInit() - starts the symmetric cipher operation.

The operation shall have been associated with a key. If the operation is in active state, it is reset and then initialized. If the operation is in initial state, it is moved to active state.

Parameters

operation	A handle on an opened cipher operation setup with a key
nonce	Buffer containing the operation Initialization Vector as appropriate.
nonceLen	length of the buffer

◆ TEE_CipherUpdate()

TEE_Result TEE_CipherUpdate	(	TEE_OperationHandle	operation,
		const void *	srcData,
		uint32_t	srcLen,
		void *	destData,
		uint32_t *	destLen
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_CipherUpdate() - encrypts or decrypts input data.

Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. Unless one or more calls of this function have supplied sufficient input data, no output is generated. The cipher operation is finalized with a call to TEE_CipherDoFinal .The buffers srcData and destData SHALL be either completely disjoint or equal in their starting positions.The operation SHALL be in active state.

Parameters

operation	Handle of a running Cipher operation
srcData	Input data buffer to be encrypted or decrypted
srcLen	length of input buffer
destData	output buffer
destLen	ouput buffer length.

Returns: 0 on success else; TEE_ERROR_SHORT_BUFFER If the output buffer is not large enough to contain the output. In this case, the input is not fed into the algorithm.

◆ TEE_DigestDoFinal()

TEE_Result TEE_DigestDoFinal	(	TEE_OperationHandle	operation,
		const void *	chunk,
		uint32_t	chunkLen,
		void *	hash,
		uint32_t *	hashLen
	)

TEE_DigestDoFinal() - Finalizes the message digest operation and produces the message hash.

This function finalizes the message digest operation and produces the message hash. Afterwards the Message Digest operation is reset to initial state and can be reused.

Parameters

operation	Handle of a running Message Digest operation.
chunk	Chunk of data to be hashed.
chunkLen	size of the chunk.
hash	Output buffer filled with the message hash.
hashLen	lenth of the mesaage hash.

Returns: 0 on success; TEE_ERROR_SHORT_BUFFER If the output buffer is too small. In this case, the operation is not finalized.

◆ TEE_DigestUpdate()

void TEE_DigestUpdate	(	TEE_OperationHandle	operation,
		const void *	chunk,
		uint32_t	chunkSize
	)

Crypto, Message Digest Functions.

TEE_DigestUpdate()- Accumulates message data for hashing.

This function describes the message does not have to be block aligned. Subsequent calls to this function are possible.The operation may be in either initial or active state and becomes active.

Parameters

operation	Handle of a running Message Digest operation.
chunk	Chunk of data to be hashed
chunkSize	size of the chunk.

◆ TEE_FreeOperation()

void TEE_FreeOperation ( TEE_OperationHandle operation )

Crypto, for all Crypto Functions.

TEE_FreeOperation() - Deallocates all resources associated with an operation handle.

This function deallocates all resources associated with an operation handle. After this function is called, the operation handle is no longer valid. All cryptographic material in the operation is destroyed. The function does nothing if operation is TEE_HANDLE_NULL.

Parameters

operation Reference to operation handle.

Returns: nothing after the operation free.

◆ TEE_FreeTransientObject()

void TEE_FreeTransientObject ( TEE_ObjectHandle object )

Crypto, Asymmetric key Verification Functions.

TEE_FreeTransientObject() - Deallocates a transient object previously allocated with TEE_AllocateTransientObject .

this function describes the object handle is no longer valid and all resources associated with the transient object shall have been reclaimed after the TEE_AllocateTransientObject() call.

Parameters

object Handle on the object to free.

◆ TEE_GenerateKey()

TEE_Result TEE_GenerateKey	(	TEE_ObjectHandle	object,
		uint32_t	keySize,
		const TEE_Attribute *	params,
		uint32_t	paramCount
	)

Crypto, Asymmetric key Verification Functions.

TEE_GenerateKey () - Generates a random key or a key-pair and populates a transient key object with the generated key material.

The size of the desired key is passed in the keySize parameter and shall be less than or equal to the maximum key size specified when the transient object was created.

Parameters

object	Handle on an uninitialized transient key to populate with the generated key.
keySize	Requested key size shall be less than or equal to the maximum key size specified when the object container was created
params	Parameters for the key generation.
paramCount	The values of all parameters are copied nto the object so that the params array and all the memory buffers it points to may be freed after this routine returns without affecting the object.

Returns: 0 on succes; TEE_ERROR_BAD_PARAMETERS If an incorrect or inconsistent attribute is detected. The checks that are performed depend on the implementation.

◆ TEE_InitRefAttribute()

void TEE_InitRefAttribute	(	TEE_Attribute *	attr,
		uint32_t	attributeID,
		const void *	buffer,
		uint32_t	length
	)

Crypto, Asymmetric key Verification Functions.

TEE_InitRefAttribute() - The helper function can be used to populate a single attribute either with a reference to a buffer or with integer values.

In TEE_InitRefAttribute () only the buffer pointer is copied, not the content of the buffer. This means that the attribute structure maintains a pointer back to the supplied buffer. It is the responsibility of the TA author to ensure that the contents of the buffer maintain their value until the attributes array is no longer in use.

Parameters

attr	attribute structure to initialize.
attributeID	Identifier of the attribute to populate.
buffer	input buffer that holds the content of the attribute.
length	buffer length.

◆ TEE_InitValueAttribute()

void TEE_InitValueAttribute	(	TEE_Attribute *	attr,
		uint32_t	attributeID,
		uint32_t	a,
		uint32_t	b
	)

Crypto, Asymmetric key Verification Functions.

TEE_InitValueAttribute() - The helper function can be used to populate a single attribute either with a reference to a buffer or with integer values.

Parameters

attr	attribute structure to initialize.
attributeID	Identifier of the attribute to populate.
a	unsigned integer value to assign to the a member of the attribute structure.
b	unsigned integer value to assign to the b member of the attribute structure

◆ TEE_SetOperationKey()

TEE_Result TEE_SetOperationKey	(	TEE_OperationHandle	operation,
		TEE_ObjectHandle	key
	)

Crypto, Authenticated Encryption with Symmetric key Verification Functions.

TEE_SetOperationKey() - Programs the key of an operation; that is, it associates an operation with a key.

The key material is copied from the key object handle into the operation. After the key has been set, there is no longer any link between the operation and the key object. The object handle can be closed or reset and this will not affect the operation. This copied material exists until the operation is freed using TEE_FreeOperation or another key is set into the operation.

Parameters

operation	Operation handle.
key	A handle on a key object.

Returns: 0 on success return; TEE_ERROR_CORRUPT_OBJECT If the object is corrupt. The object handle is closed.; TEE_ERROR_STORAGE_NOT_AVAILABLE If the persistent object is stored in a storage area which is currently inaccessible.

◆ wolfSSL_Free()

void wolfSSL_Free ( void * p )

wolfSSL_Free() - Deallocates the memory which allocated previously.

Parameters

p	This is the pointer to a memory block.

◆ wolfSSL_Malloc()

void * wolfSSL_Malloc ( size_t n )

wolfSSL_Malloc() - Allocates the requested memory and returns a pointer to it.

Parameters

n	size of the memory block.