diff --git a/src/api/tee_api_operations.rs b/src/api/tee_api_operations.rs index 2be25783bf0c59a87bb4d8ed2df1eb2c70dd73ce..97fb07d0fc2eacb10e273b8c13adbecb39431549 100644 --- a/src/api/tee_api_operations.rs +++ b/src/api/tee_api_operations.rs @@ -367,7 +367,7 @@ fn validate_algorithm_params( } // CTR 和 GCM 模式 - TEE_ALG_AES_CTR | TEE_ALG_AES_GCM => { + TEE_ALG_AES_CTR | TEE_ALG_AES_GCM | TEE_ALG_SM4_GCM => { let block_size = 16; match mode { TEE_MODE_ENCRYPT => Ok(OperationConfig::Cipher { @@ -514,8 +514,6 @@ pub extern "C" fn TEE_AllocateOperation( algorithm: u32, mode: u32, max_key_size: u32, - key1: TEE_ObjectHandle, - key2: TEE_ObjectHandle, ) -> TEE_Result { use crate::tee_api_defines::*; @@ -525,6 +523,9 @@ pub extern "C" fn TEE_AllocateOperation( return TEE_ERROR_GENERIC; } + let key1 = unsafe{&**operation}.key1; + let key2 = unsafe{&**operation}.key2; + // 验证算法参数 let config = match validate_algorithm_params(algorithm, mode, max_key_size) { Ok(c) => c, @@ -695,11 +696,9 @@ pub extern "C" fn TEE_FreeOperation(operation: *mut TEE_OperationHandle) { * utee_cryp_state_free(). */ // 释放加密状态 - if op_handle.state != 0 { - let res = unsafe { _utee_cryp_state_free(op_handle.state as u64) }; - if res != TEE_SUCCESS as usize { - TEE_Panic(res as u32); - } + let res = unsafe { _utee_cryp_state_free(op_handle.state as u64) }; + if res != TEE_SUCCESS as usize { + TEE_Panic(res as u32); } } @@ -3248,11 +3247,6 @@ pub extern "C" fn TEE_AEDecryptFinal( return res; } - // 检查提供的标签长度是否与初始化时的长度匹配 - if tag_len != op_handle.info.digestLength as usize { - res = TEE_ERROR_MAC_INVALID; - } - acc_dlen += tmp_dlen as usize; unsafe { *dest_len = acc_dlen; diff --git a/src/bin/cryp_test.rs b/src/bin/cryp_test.rs index 59761c339c0eba16b43d04099934105e38ac8c13..8eb1f554a4b880e272b7fb4173a469b61d3f9c2b 100644 --- a/src/bin/cryp_test.rs +++ b/src/bin/cryp_test.rs @@ -2,47 +2,49 @@ use rust_utee::{ api::{ tee_api_objects::{TEE_AllocateTransientObject, TEE_GenerateKey}, tee_api_operations::{ + TEE_AEDecryptFinal, TEE_AEEncryptFinal, TEE_AEInit, TEE_AEUpdate, TEE_AEUpdateAAD, TEE_AllocateOperation, TEE_CipherDoFinal, TEE_CipherInit, TEE_CipherUpdate, TEE_DigestDoFinal, TEE_DigestUpdate, TEE_FreeOperation, TEE_MACComputeFinal, TEE_MACInit, TEE_MACUpdate, }, }, tee_api_defines::{ - TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_DECRYPT, TEE_MODE_DIGEST, - TEE_MODE_ENCRYPT, TEE_MODE_MAC, TEE_SUCCESS, TEE_TYPE_HMAC_SM3, TEE_TYPE_SM4, + TEE_ALG_HMAC_SM3, TEE_ALG_SM3, TEE_ALG_SM4_CBC_NOPAD, TEE_ALG_SM4_ECB_NOPAD, + TEE_ALG_SM4_GCM, TEE_MODE_DECRYPT, TEE_MODE_DIGEST, TEE_MODE_ENCRYPT, TEE_MODE_MAC, + TEE_SUCCESS, TEE_TYPE_HMAC_SM3, TEE_TYPE_SM4, }, tee_api_types::{TEE_ObjectHandle, TEE_OperationHandle, TEE_Result}, }; // #[unsafe(no_mangle)] fn main() { - assert_eq!(cryp_hash_sm3_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM3 Hash ------------------------------------ Success" - ); - assert_eq!(cryp_hmac_sm3_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM3 Hmac ------------------------------------ Success" - ); - assert_eq!(cryp_sm4_ecb_test(), TEE_SUCCESS); - println!( - "{}", - "TA Test: SM4 ECB ------------------------------------ Success" - ); + let test_func = [ + cryp_hash_sm3_test, + cryp_hmac_sm3_test, + cryp_sm4_ecb_test, + cryp_sm4_cbc_test, + cryp_sm4_gcm_test, + ]; + + for func in &test_func { + let res = func(); + if res == TEE_SUCCESS { + println!("<<< test success"); + } else { + eprintln!("<<< test failed"); + } + } } fn cryp_hash_sm3_test() -> TEE_Result { - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM3, TEE_MODE_DIGEST, 0, - core::ptr::null_mut(), - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -70,6 +72,9 @@ fn cryp_hash_sm3_test() -> TEE_Result { 0x8f, 0x4b, 0xa8, 0xe0 ] ); + + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } @@ -85,15 +90,15 @@ fn cryp_hmac_sm3_test() -> TEE_Result { assert_eq!(res, TEE_SUCCESS); assert!(!key1.is_null()); - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_HMAC_SM3, TEE_MODE_MAC, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -114,6 +119,8 @@ fn cryp_hmac_sm3_test() -> TEE_Result { ); assert_eq!(res, 0); + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } @@ -130,15 +137,15 @@ fn cryp_sm4_ecb_test() -> TEE_Result { assert!(!key1.is_null()); // Encrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_ENCRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -187,15 +194,15 @@ fn cryp_sm4_ecb_test() -> TEE_Result { TEE_FreeOperation(operation_ptr); // Decrypt - let mut operation_ptr: *mut TEE_OperationHandle = std::ptr::null_mut(); + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; let res = TEE_AllocateOperation( &mut operation_ptr, TEE_ALG_SM4_ECB_NOPAD, TEE_MODE_DECRYPT, 128, - key1, - core::ptr::null_mut(), ); assert_eq!(res, 0); @@ -244,5 +251,274 @@ fn cryp_sm4_ecb_test() -> TEE_Result { let data = &dec_output[..32]; assert_eq!(data, enc_data); + TEE_FreeOperation(operation_ptr); + + TEE_SUCCESS +} + +fn cryp_sm4_cbc_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_SM4, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm4 key + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // Encrypt + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_CBC_NOPAD, + TEE_MODE_ENCRYPT, + 128, + ); + assert_eq!(res, 0); + + let enc_data = b"abcdefghabcdefgh1234567890987654"; + let iv = b"1234qwerasdfzxcv"; + let enc_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = enc_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, iv.as_ptr() as _, iv.len()); + + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[..16].as_ptr() as _, + enc_data[..16].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + enc_data[16..].as_ptr() as _, + enc_data[16..].len(), + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = enc_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + enc_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + TEE_FreeOperation(operation_ptr); + + // Decrypt + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_CBC_NOPAD, + TEE_MODE_DECRYPT, + 128, + ); + assert_eq!(res, 0); + + let dec_data = &enc_output[..32]; + let dec_output = [0u8; 48]; + let mut total_len = 0; + let mut d_len = dec_output[total_len..].len(); + + TEE_CipherInit(operation_ptr, iv.as_ptr() as _, iv.len()); + + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[..16].as_ptr() as _, + dec_data[..16].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 16); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherUpdate( + operation_ptr, + dec_data[16..].as_ptr() as _, + dec_data[16..].len(), + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + d_len = dec_output[total_len..].len(); + let res = TEE_CipherDoFinal( + operation_ptr, + core::ptr::null(), + 0, + dec_output[total_len..].as_ptr() as _, + &mut d_len, + ); + total_len += d_len; + assert_eq!(res, 0); + assert_eq!(total_len, 32); + + let data = &dec_output[..32]; + assert_eq!(data, enc_data); + + TEE_FreeOperation(operation_ptr); + + TEE_SUCCESS +} + +fn cryp_sm4_gcm_test() -> TEE_Result { + // alloc a transient object + let mut key1: TEE_ObjectHandle = core::ptr::null_mut(); + let res = TEE_AllocateTransientObject(TEE_TYPE_SM4, 128, &mut key1); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // generate a sm4 key + let res = TEE_GenerateKey(key1, 128, core::ptr::null(), 0); + assert_eq!(res, TEE_SUCCESS); + assert!(!key1.is_null()); + + // Encrypt + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_GCM, + TEE_MODE_ENCRYPT, + 128, + ); + assert_eq!(res, 0); + + let data: [u8; 64] = [ + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, + ]; + let nonce: [u8; 12] = [ + 0xA3, 0x33, 0x06, 0x38, 0xA8, 0x09, 0xBA, 0x35, 0x8D, 0x6C, 0x09, 0x8E, + ]; + let ad: [u8; 20] = [ + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, + 0xEF, 0xAB, 0xAD, 0xDA, 0xD2, + ]; + let tag: [u8; 16] = [0u8; 16]; + let enc_output = [0u8; 80]; + let mut total_len = 0; + let mut enc_len = enc_output[total_len..].len(); + + // 后三个参数不起作用 + let res = TEE_AEInit(operation_ptr, nonce.as_ptr() as _, nonce.len(), 0, 0, 0); + assert_eq!(res, 0); + + TEE_AEUpdateAAD(operation_ptr, ad.as_ptr() as _, ad.len()); + + let res = TEE_AEUpdate( + operation_ptr, + data[..32].as_ptr() as _, + data[..32].len(), + enc_output[total_len..].as_ptr() as _, + &mut enc_len, + ); + assert_eq!(res, 0); + total_len += enc_len; + assert_eq!(total_len, 32); + + // TAG长度是固定的16Bytes,因此实际上不会返回tag长度 + enc_len = enc_output[total_len..].len(); + let res = TEE_AEEncryptFinal( + operation_ptr, + data[32..].as_ptr() as _, + data[32..].len(), + enc_output[total_len..].as_ptr() as _, + &mut enc_len, + tag.as_ptr() as _, + &mut tag.len(), + ); + assert_eq!(res, 0); + total_len += enc_len; + assert_eq!(total_len, 64); + + TEE_FreeOperation(operation_ptr); + + // Decrypt + let mut operation = TEE_OperationHandle::default(); + operation.key1 = key1; + let mut operation_ptr: *mut TEE_OperationHandle = &mut operation; + + let res = TEE_AllocateOperation( + &mut operation_ptr, + TEE_ALG_SM4_GCM, + TEE_MODE_DECRYPT, + 128, + ); + assert_eq!(res, 0); + + let dec_data = &enc_output[..64]; + let dec_output = [0u8; 80]; + let mut total_len = 0; + let mut dec_len = enc_output[total_len..].len(); + + // 后三个参数不起作用 + let res = TEE_AEInit(operation_ptr, nonce.as_ptr() as _, nonce.len(), 0, 0, 0); + assert_eq!(res, 0); + + TEE_AEUpdateAAD(operation_ptr, ad.as_ptr() as _, ad.len()); + + let res = TEE_AEUpdate( + operation_ptr, + dec_data[..32].as_ptr() as _, + dec_data[..32].len(), + dec_output[total_len..].as_ptr() as _, + &mut dec_len, + ); + assert_eq!(res, 0); + total_len += dec_len; + assert_eq!(total_len, 32); + + // TAG长度是固定的16Bytes,因此实际上不会返回tag长度 + dec_len = dec_output[total_len..].len(); + let res = TEE_AEDecryptFinal( + operation_ptr, + dec_data[32..].as_ptr() as _, + dec_data[32..].len(), + dec_output[total_len..].as_ptr() as _, + &mut dec_len, + tag.as_ptr() as _, + tag.len(), + ); + assert_eq!(res, 0); + total_len += dec_len; + assert_eq!(total_len, 64); + assert_eq!(&dec_output[..64], data); + + TEE_FreeOperation(operation_ptr); + TEE_SUCCESS } diff --git a/src/tee_api_defines.rs b/src/tee_api_defines.rs index d94b1741df06a20f0d94fc6f02b5d258b8eee009..e8eb2fffe24245f959a4cab5eff80f630aee4fc9 100644 --- a/src/tee_api_defines.rs +++ b/src/tee_api_defines.rs @@ -163,6 +163,9 @@ pub const TEE_ALG_DES3_CBC_MAC_PKCS5: u32 = 0x30000513; pub const TEE_ALG_SM4_ECB_NOPAD: u32 = 0x10000014; pub const TEE_ALG_SM4_CBC_NOPAD: u32 = 0x10000114; pub const TEE_ALG_SM4_CTR: u32 = 0x10000214; +pub const TEE_ALG_SM4_CMAC: u32 = 0x30000614; // 对GP标准扩充 +pub const TEE_ALG_SM4_CCM: u32 = 0x40000714; // 对GP标准扩充 +pub const TEE_ALG_SM4_GCM: u32 = 0x40000814; // 对GP标准扩充 pub const TEE_ALG_RSASSA_PKCS1_V1_5_MD5: u32 = 0x70001830; pub const TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: u32 = 0x70002830; pub const TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: u32 = 0x70003830;