1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2018-2020, Linaro Limited
4  */
5 
6 #include <assert.h>
7 #include <compiler.h>
8 #include <tee_api_defines.h>
9 #include <tee_internal_api.h>
10 #include <tee_internal_api_extensions.h>
11 
12 #include "attributes.h"
13 #include "pkcs11_helpers.h"
14 #include "pkcs11_token.h"
15 #include "processing.h"
16 #include "serializer.h"
17 
processing_is_tee_asymm(uint32_t proc_id)18 bool processing_is_tee_asymm(uint32_t proc_id)
19 {
20 	switch (proc_id) {
21 	/* RSA flavors */
22 	case PKCS11_CKM_RSA_PKCS:
23 	case PKCS11_CKM_RSA_PKCS_OAEP:
24 	case PKCS11_CKM_RSA_PKCS_PSS:
25 	case PKCS11_CKM_MD5_RSA_PKCS:
26 	case PKCS11_CKM_SHA1_RSA_PKCS:
27 	case PKCS11_CKM_SHA224_RSA_PKCS:
28 	case PKCS11_CKM_SHA256_RSA_PKCS:
29 	case PKCS11_CKM_SHA384_RSA_PKCS:
30 	case PKCS11_CKM_SHA512_RSA_PKCS:
31 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
32 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
33 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
34 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
35 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
36 	/* EC flavors */
37 	case PKCS11_CKM_ECDSA:
38 	case PKCS11_CKM_ECDSA_SHA1:
39 	case PKCS11_CKM_ECDSA_SHA224:
40 	case PKCS11_CKM_ECDSA_SHA256:
41 	case PKCS11_CKM_ECDSA_SHA384:
42 	case PKCS11_CKM_ECDSA_SHA512:
43 		return true;
44 	default:
45 		return false;
46 	}
47 }
48 
49 static enum pkcs11_rc
pkcs2tee_algorithm(uint32_t * tee_id,uint32_t * tee_hash_id,enum processing_func function __unused,struct pkcs11_attribute_head * proc_params,struct pkcs11_object * obj)50 pkcs2tee_algorithm(uint32_t *tee_id, uint32_t *tee_hash_id,
51 		   enum processing_func function __unused,
52 		   struct pkcs11_attribute_head *proc_params,
53 		   struct pkcs11_object *obj)
54 {
55 	static const struct {
56 		enum pkcs11_mechanism_id mech_id;
57 		uint32_t tee_id;
58 		uint32_t tee_hash_id;
59 	} pkcs2tee_algo[] = {
60 		/* RSA flavors */
61 		{ PKCS11_CKM_RSA_PKCS, TEE_ALG_RSAES_PKCS1_V1_5, 0 },
62 		{ PKCS11_CKM_RSA_PKCS_OAEP, 1, 0 },
63 		{ PKCS11_CKM_RSA_PKCS_PSS, 1, 0 },
64 		{ PKCS11_CKM_MD5_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_MD5,
65 		  TEE_ALG_MD5 },
66 		{ PKCS11_CKM_SHA1_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1,
67 		  TEE_ALG_SHA1 },
68 		{ PKCS11_CKM_SHA224_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA224,
69 		  TEE_ALG_SHA224 },
70 		{ PKCS11_CKM_SHA256_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256,
71 		  TEE_ALG_SHA256 },
72 		{ PKCS11_CKM_SHA384_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384,
73 		  TEE_ALG_SHA384 },
74 		{ PKCS11_CKM_SHA512_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512,
75 		  TEE_ALG_SHA512 },
76 		{ PKCS11_CKM_SHA1_RSA_PKCS_PSS,
77 		  TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_ALG_SHA1 },
78 		{ PKCS11_CKM_SHA224_RSA_PKCS_PSS,
79 		  TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_ALG_SHA224 },
80 		{ PKCS11_CKM_SHA256_RSA_PKCS_PSS,
81 		  TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_ALG_SHA256 },
82 		{ PKCS11_CKM_SHA384_RSA_PKCS_PSS,
83 		  TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_ALG_SHA384 },
84 		{ PKCS11_CKM_SHA512_RSA_PKCS_PSS,
85 		  TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_ALG_SHA512 },
86 		/* EC flavors (Must find key size from the object) */
87 		{ PKCS11_CKM_ECDSA, 1, 0 },
88 		{ PKCS11_CKM_ECDSA_SHA1, 1, TEE_ALG_SHA1 },
89 		{ PKCS11_CKM_ECDSA_SHA224, 1, TEE_ALG_SHA224 },
90 		{ PKCS11_CKM_ECDSA_SHA256, 1, TEE_ALG_SHA256 },
91 		{ PKCS11_CKM_ECDSA_SHA384, 1, TEE_ALG_SHA384 },
92 		{ PKCS11_CKM_ECDSA_SHA512, 1, TEE_ALG_SHA512 },
93 	};
94 	size_t n = 0;
95 	enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
96 
97 	for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) {
98 		if (pkcs2tee_algo[n].mech_id == proc_params->id) {
99 			*tee_id = pkcs2tee_algo[n].tee_id;
100 			*tee_hash_id = pkcs2tee_algo[n].tee_hash_id;
101 			break;
102 		}
103 	}
104 
105 	if (n == ARRAY_SIZE(pkcs2tee_algo))
106 		return PKCS11_RV_NOT_IMPLEMENTED;
107 
108 	switch (proc_params->id) {
109 	case PKCS11_CKM_RSA_PKCS_PSS:
110 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
111 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
112 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
113 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
114 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
115 		rc = pkcs2tee_algo_rsa_pss(tee_id, proc_params);
116 		break;
117 	case PKCS11_CKM_RSA_PKCS_OAEP:
118 		rc = pkcs2tee_algo_rsa_oaep(tee_id, tee_hash_id, proc_params);
119 		break;
120 	case PKCS11_CKM_ECDSA:
121 	case PKCS11_CKM_ECDSA_SHA1:
122 	case PKCS11_CKM_ECDSA_SHA224:
123 	case PKCS11_CKM_ECDSA_SHA256:
124 	case PKCS11_CKM_ECDSA_SHA384:
125 	case PKCS11_CKM_ECDSA_SHA512:
126 		rc = pkcs2tee_algo_ecdsa(tee_id, proc_params, obj);
127 		break;
128 	default:
129 		rc = PKCS11_CKR_OK;
130 		break;
131 	}
132 
133 	/*
134 	 * PKCS#11 uses single mechanism CKM_RSA_PKCS for both ciphering and
135 	 * authentication whereas GPD TEE expects TEE_ALG_RSAES_PKCS1_V1_5 for
136 	 * ciphering and TEE_ALG_RSASSA_PKCS1_V1_5 for authentication.
137 	 */
138 	if (*tee_id == TEE_ALG_RSAES_PKCS1_V1_5 &&
139 	    (function == PKCS11_FUNCTION_SIGN ||
140 	     function == PKCS11_FUNCTION_VERIFY))
141 		*tee_id = TEE_ALG_RSASSA_PKCS1_V1_5;
142 
143 	return rc;
144 }
145 
pkcs2tee_key_type(uint32_t * tee_type,struct pkcs11_object * obj,enum processing_func function)146 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type,
147 					struct pkcs11_object *obj,
148 					enum processing_func function)
149 {
150 	enum pkcs11_class_id class = get_class(obj->attributes);
151 	enum pkcs11_key_type type = get_key_type(obj->attributes);
152 
153 	switch (class) {
154 	case PKCS11_CKO_PUBLIC_KEY:
155 	case PKCS11_CKO_PRIVATE_KEY:
156 		break;
157 	default:
158 		TEE_Panic(class);
159 		break;
160 	}
161 
162 	switch (type) {
163 	case PKCS11_CKK_EC:
164 		assert(function != PKCS11_FUNCTION_DERIVE);
165 
166 		if (class == PKCS11_CKO_PRIVATE_KEY)
167 			*tee_type = TEE_TYPE_ECDSA_KEYPAIR;
168 		else
169 			*tee_type = TEE_TYPE_ECDSA_PUBLIC_KEY;
170 		break;
171 	case PKCS11_CKK_RSA:
172 		if (class == PKCS11_CKO_PRIVATE_KEY)
173 			*tee_type = TEE_TYPE_RSA_KEYPAIR;
174 		else
175 			*tee_type = TEE_TYPE_RSA_PUBLIC_KEY;
176 		break;
177 	default:
178 		TEE_Panic(type);
179 		break;
180 	}
181 
182 	return PKCS11_CKR_OK;
183 }
184 
185 static enum pkcs11_rc
allocate_tee_operation(struct pkcs11_session * session,enum processing_func function,struct pkcs11_attribute_head * params,struct pkcs11_object * obj)186 allocate_tee_operation(struct pkcs11_session *session,
187 		       enum processing_func function,
188 		       struct pkcs11_attribute_head *params,
189 		       struct pkcs11_object *obj)
190 {
191 	uint32_t size = (uint32_t)get_object_key_bit_size(obj);
192 	uint32_t algo = 0;
193 	uint32_t hash_algo = 0;
194 	uint32_t mode = 0;
195 	uint32_t hash_mode = 0;
196 	TEE_Result res = TEE_ERROR_GENERIC;
197 	struct active_processing *processing = session->processing;
198 
199 	assert(processing->tee_op_handle == TEE_HANDLE_NULL);
200 	assert(processing->tee_hash_op_handle == TEE_HANDLE_NULL);
201 
202 	if (pkcs2tee_algorithm(&algo, &hash_algo, function, params, obj))
203 		return PKCS11_CKR_FUNCTION_FAILED;
204 
205 	pkcs2tee_mode(&mode, function);
206 
207 	if (hash_algo) {
208 		pkcs2tee_mode(&hash_mode, PKCS11_FUNCTION_DIGEST);
209 
210 		res = TEE_AllocateOperation(&processing->tee_hash_op_handle,
211 					    hash_algo, hash_mode, 0);
212 		if (res) {
213 			EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32,
214 			     hash_algo, hash_mode);
215 
216 			if (res == TEE_ERROR_NOT_SUPPORTED)
217 				return PKCS11_CKR_MECHANISM_INVALID;
218 			return tee2pkcs_error(res);
219 		}
220 		processing->tee_hash_algo = hash_algo;
221 	}
222 
223 	res = TEE_AllocateOperation(&processing->tee_op_handle,
224 				    algo, mode, size);
225 	if (res)
226 		EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32,
227 		     algo, mode, size);
228 
229 	if (res == TEE_ERROR_NOT_SUPPORTED)
230 		return PKCS11_CKR_MECHANISM_INVALID;
231 
232 	if (res != TEE_SUCCESS &&
233 	    processing->tee_hash_op_handle != TEE_HANDLE_NULL) {
234 		TEE_FreeOperation(session->processing->tee_hash_op_handle);
235 		processing->tee_hash_op_handle = TEE_HANDLE_NULL;
236 		processing->tee_hash_algo = 0;
237 	}
238 
239 	return tee2pkcs_error(res);
240 }
241 
load_tee_key(struct pkcs11_session * session,struct pkcs11_object * obj,enum processing_func function)242 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session,
243 				   struct pkcs11_object *obj,
244 				   enum processing_func function)
245 {
246 	TEE_Attribute *tee_attrs = NULL;
247 	size_t tee_attrs_count = 0;
248 	size_t object_size = 0;
249 	enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
250 	TEE_Result res = TEE_ERROR_GENERIC;
251 	enum pkcs11_class_id __maybe_unused class = get_class(obj->attributes);
252 	enum pkcs11_key_type type = get_key_type(obj->attributes);
253 
254 	assert(class == PKCS11_CKO_PUBLIC_KEY ||
255 	       class == PKCS11_CKO_PRIVATE_KEY);
256 
257 	if (obj->key_handle != TEE_HANDLE_NULL) {
258 		switch (type) {
259 		case PKCS11_CKK_RSA:
260 			/* RSA loaded keys can be reused */
261 			assert((obj->key_type == TEE_TYPE_RSA_PUBLIC_KEY &&
262 				class == PKCS11_CKO_PUBLIC_KEY) ||
263 			       (obj->key_type == TEE_TYPE_RSA_KEYPAIR &&
264 				class == PKCS11_CKO_PRIVATE_KEY));
265 			goto key_ready;
266 		case PKCS11_CKK_EC:
267 			/* Reuse EC TEE key only if already DSA or DH */
268 			switch (obj->key_type) {
269 			case TEE_TYPE_ECDSA_PUBLIC_KEY:
270 			case TEE_TYPE_ECDSA_KEYPAIR:
271 				if (function != PKCS11_FUNCTION_DERIVE)
272 					goto key_ready;
273 				break;
274 			default:
275 				assert(0);
276 				break;
277 			}
278 			break;
279 		default:
280 			assert(0);
281 			break;
282 		}
283 
284 		TEE_CloseObject(obj->key_handle);
285 		obj->key_handle = TEE_HANDLE_NULL;
286 	}
287 
288 	rc = pkcs2tee_key_type(&obj->key_type, obj, function);
289 	if (rc)
290 		return rc;
291 
292 	object_size = get_object_key_bit_size(obj);
293 	if (!object_size)
294 		return PKCS11_CKR_GENERAL_ERROR;
295 
296 	switch (type) {
297 	case PKCS11_CKK_RSA:
298 		rc = load_tee_rsa_key_attrs(&tee_attrs, &tee_attrs_count, obj);
299 		break;
300 	case PKCS11_CKK_EC:
301 		rc = load_tee_ec_key_attrs(&tee_attrs, &tee_attrs_count, obj);
302 		break;
303 	default:
304 		break;
305 	}
306 	if (rc)
307 		return rc;
308 
309 	res = TEE_AllocateTransientObject(obj->key_type, object_size,
310 					  &obj->key_handle);
311 	if (res) {
312 		DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res);
313 
314 		return tee2pkcs_error(res);
315 	}
316 
317 	res = TEE_PopulateTransientObject(obj->key_handle,
318 					  tee_attrs, tee_attrs_count);
319 
320 	TEE_Free(tee_attrs);
321 
322 	if (res) {
323 		DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res);
324 
325 		goto error;
326 	}
327 
328 key_ready:
329 	res = TEE_SetOperationKey(session->processing->tee_op_handle,
330 				  obj->key_handle);
331 	if (res) {
332 		DMSG("TEE_SetOperationKey failed, %#"PRIx32, res);
333 
334 		goto error;
335 	}
336 
337 	return PKCS11_CKR_OK;
338 
339 error:
340 	TEE_FreeTransientObject(obj->key_handle);
341 	obj->key_handle = TEE_HANDLE_NULL;
342 	return tee2pkcs_error(res);
343 }
344 
345 static enum pkcs11_rc
init_tee_operation(struct pkcs11_session * session,struct pkcs11_attribute_head * proc_params,struct pkcs11_object * obj)346 init_tee_operation(struct pkcs11_session *session,
347 		   struct pkcs11_attribute_head *proc_params,
348 		   struct pkcs11_object *obj)
349 {
350 	enum pkcs11_rc rc = PKCS11_CKR_OK;
351 	struct active_processing *proc = session->processing;
352 
353 	switch (proc_params->id) {
354 	case PKCS11_CKM_RSA_PKCS_PSS:
355 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
356 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
357 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
358 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
359 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
360 		rc = pkcs2tee_proc_params_rsa_pss(proc, proc_params);
361 		if (rc)
362 			break;
363 
364 		rc = pkcs2tee_validate_rsa_pss(proc, obj);
365 		break;
366 	case PKCS11_CKM_RSA_PKCS_OAEP:
367 		rc = pkcs2tee_proc_params_rsa_oaep(proc, proc_params);
368 		break;
369 	default:
370 		break;
371 	}
372 
373 	return rc;
374 }
375 
init_asymm_operation(struct pkcs11_session * session,enum processing_func function,struct pkcs11_attribute_head * proc_params,struct pkcs11_object * obj)376 enum pkcs11_rc init_asymm_operation(struct pkcs11_session *session,
377 				    enum processing_func function,
378 				    struct pkcs11_attribute_head *proc_params,
379 				    struct pkcs11_object *obj)
380 {
381 	enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
382 
383 	assert(processing_is_tee_asymm(proc_params->id));
384 
385 	rc = allocate_tee_operation(session, function, proc_params, obj);
386 	if (rc)
387 		return rc;
388 
389 	rc = load_tee_key(session, obj, function);
390 	if (rc)
391 		return rc;
392 
393 	return init_tee_operation(session, proc_params, obj);
394 }
395 
396 /*
397  * step_sym_step - step (update/oneshot/final) on a symmetric crypto operation
398  *
399  * @session - current session
400  * @function - processing function (encrypt, decrypt, sign, ...)
401  * @step - step ID in the processing (oneshot, update, final)
402  * @ptypes - invocation parameter types
403  * @params - invocation parameter references
404  */
step_asymm_operation(struct pkcs11_session * session,enum processing_func function,enum processing_step step,uint32_t ptypes,TEE_Param * params)405 enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session,
406 				    enum processing_func function,
407 				    enum processing_step step,
408 				    uint32_t ptypes, TEE_Param *params)
409 {
410 	enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
411 	TEE_Result res = TEE_ERROR_GENERIC;
412 	void *in_buf = NULL;
413 	void *in2_buf = NULL;
414 	void *out_buf = NULL;
415 	void *hash_buf = NULL;
416 	uint32_t in_size = 0;
417 	uint32_t in2_size = 0;
418 	uint32_t out_size = 0;
419 	uint32_t hash_size = 0;
420 	TEE_Attribute *tee_attrs = NULL;
421 	size_t tee_attrs_count = 0;
422 	bool output_data = false;
423 	struct active_processing *proc = session->processing;
424 	struct rsa_oaep_processing_ctx *rsa_oaep_ctx = NULL;
425 	struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL;
426 	size_t sz = 0;
427 
428 	if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) {
429 		in_buf = params[1].memref.buffer;
430 		in_size = params[1].memref.size;
431 		if (in_size && !in_buf)
432 			return PKCS11_CKR_ARGUMENTS_BAD;
433 	}
434 	if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) {
435 		in2_buf = params[2].memref.buffer;
436 		in2_size = params[2].memref.size;
437 		if (in2_size && !in2_buf)
438 			return PKCS11_CKR_ARGUMENTS_BAD;
439 	}
440 	if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) {
441 		out_buf = params[2].memref.buffer;
442 		out_size = params[2].memref.size;
443 		if (out_size && !out_buf)
444 			return PKCS11_CKR_ARGUMENTS_BAD;
445 	}
446 	if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE)
447 		return PKCS11_CKR_ARGUMENTS_BAD;
448 
449 	switch (step) {
450 	case PKCS11_FUNC_STEP_ONESHOT:
451 	case PKCS11_FUNC_STEP_UPDATE:
452 	case PKCS11_FUNC_STEP_FINAL:
453 		break;
454 	default:
455 		return PKCS11_CKR_GENERAL_ERROR;
456 	}
457 
458 	/* TEE attribute(s) required by the operation */
459 	switch (proc->mecha_type) {
460 	case PKCS11_CKM_RSA_PKCS_PSS:
461 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
462 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
463 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
464 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
465 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
466 		tee_attrs = TEE_Malloc(sizeof(TEE_Attribute),
467 				       TEE_USER_MEM_HINT_NO_FILL_ZERO);
468 		if (!tee_attrs) {
469 			rc = PKCS11_CKR_DEVICE_MEMORY;
470 			goto out;
471 		}
472 
473 		rsa_pss_ctx = proc->extra_ctx;
474 
475 		TEE_InitValueAttribute(&tee_attrs[tee_attrs_count],
476 				       TEE_ATTR_RSA_PSS_SALT_LENGTH,
477 				       rsa_pss_ctx->salt_len, 0);
478 		tee_attrs_count++;
479 		break;
480 	case PKCS11_CKM_RSA_PKCS_OAEP:
481 		rsa_oaep_ctx = proc->extra_ctx;
482 
483 		if (!rsa_oaep_ctx->source_data_len)
484 			break;
485 
486 		tee_attrs = TEE_Malloc(sizeof(TEE_Attribute),
487 				       TEE_USER_MEM_HINT_NO_FILL_ZERO);
488 		if (!tee_attrs) {
489 			rc = PKCS11_CKR_DEVICE_MEMORY;
490 			goto out;
491 		}
492 
493 		TEE_InitRefAttribute(&tee_attrs[tee_attrs_count],
494 				     TEE_ATTR_RSA_OAEP_LABEL,
495 				     rsa_oaep_ctx->source_data,
496 				     rsa_oaep_ctx->source_data_len);
497 		tee_attrs_count++;
498 		break;
499 	default:
500 		break;
501 	}
502 
503 	/*
504 	 * Handle multi stage update step for mechas needing hash
505 	 * calculation
506 	 */
507 	if (step == PKCS11_FUNC_STEP_UPDATE) {
508 		switch (proc->mecha_type) {
509 		case PKCS11_CKM_ECDSA_SHA1:
510 		case PKCS11_CKM_ECDSA_SHA224:
511 		case PKCS11_CKM_ECDSA_SHA256:
512 		case PKCS11_CKM_ECDSA_SHA384:
513 		case PKCS11_CKM_ECDSA_SHA512:
514 		case PKCS11_CKM_MD5_RSA_PKCS:
515 		case PKCS11_CKM_SHA1_RSA_PKCS:
516 		case PKCS11_CKM_SHA224_RSA_PKCS:
517 		case PKCS11_CKM_SHA256_RSA_PKCS:
518 		case PKCS11_CKM_SHA384_RSA_PKCS:
519 		case PKCS11_CKM_SHA512_RSA_PKCS:
520 		case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
521 		case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
522 		case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
523 		case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
524 		case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
525 			assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL);
526 
527 			TEE_DigestUpdate(proc->tee_hash_op_handle, in_buf,
528 					 in_size);
529 			rc = PKCS11_CKR_OK;
530 			break;
531 		default:
532 			/*
533 			 * Other mechanism do not expect multi stage
534 			 * operation
535 			 */
536 			rc = PKCS11_CKR_GENERAL_ERROR;
537 			break;
538 		}
539 
540 		goto out;
541 	}
542 
543 	/*
544 	 * Handle multi stage one shot and final steps for mechas needing hash
545 	 * calculation
546 	 */
547 	switch (proc->mecha_type) {
548 	case PKCS11_CKM_ECDSA_SHA1:
549 	case PKCS11_CKM_ECDSA_SHA224:
550 	case PKCS11_CKM_ECDSA_SHA256:
551 	case PKCS11_CKM_ECDSA_SHA384:
552 	case PKCS11_CKM_ECDSA_SHA512:
553 	case PKCS11_CKM_MD5_RSA_PKCS:
554 	case PKCS11_CKM_SHA1_RSA_PKCS:
555 	case PKCS11_CKM_SHA224_RSA_PKCS:
556 	case PKCS11_CKM_SHA256_RSA_PKCS:
557 	case PKCS11_CKM_SHA384_RSA_PKCS:
558 	case PKCS11_CKM_SHA512_RSA_PKCS:
559 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
560 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
561 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
562 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
563 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
564 		assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL);
565 
566 		hash_size = TEE_ALG_GET_DIGEST_SIZE(proc->tee_hash_algo);
567 		hash_buf = TEE_Malloc(hash_size, 0);
568 		if (!hash_buf)
569 			return PKCS11_CKR_DEVICE_MEMORY;
570 
571 		res = TEE_DigestDoFinal(proc->tee_hash_op_handle,
572 					in_buf, in_size, hash_buf,
573 					&hash_size);
574 
575 		rc = tee2pkcs_error(res);
576 		if (rc != PKCS11_CKR_OK)
577 			goto out;
578 
579 		break;
580 	default:
581 		break;
582 	}
583 
584 	/*
585 	 * Finalize either provided hash or calculated hash with signing
586 	 * operation
587 	 */
588 
589 	/* First determine amount of bytes for signing operation */
590 	switch (proc->mecha_type) {
591 	case PKCS11_CKM_ECDSA:
592 		sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle);
593 		if (!in_size || !sz) {
594 			rc = PKCS11_CKR_FUNCTION_FAILED;
595 			goto out;
596 		}
597 
598 		/*
599 		 * Note 3) Input the entire raw digest. Internally, this will
600 		 * be truncated to the appropriate number of bits.
601 		 */
602 		if (in_size > sz)
603 			in_size = sz;
604 
605 		if (function == PKCS11_FUNCTION_VERIFY && in2_size != 2 * sz) {
606 			rc = PKCS11_CKR_SIGNATURE_LEN_RANGE;
607 			goto out;
608 		}
609 		break;
610 	case PKCS11_CKM_ECDSA_SHA1:
611 	case PKCS11_CKM_ECDSA_SHA224:
612 	case PKCS11_CKM_ECDSA_SHA256:
613 	case PKCS11_CKM_ECDSA_SHA384:
614 	case PKCS11_CKM_ECDSA_SHA512:
615 		/* Get key size in bytes */
616 		sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle);
617 		if (!sz) {
618 			rc = PKCS11_CKR_FUNCTION_FAILED;
619 			goto out;
620 		}
621 
622 		if (function == PKCS11_FUNCTION_VERIFY &&
623 		    in2_size != 2 * sz) {
624 			rc = PKCS11_CKR_SIGNATURE_LEN_RANGE;
625 			goto out;
626 		}
627 		break;
628 	case PKCS11_CKM_RSA_PKCS:
629 	case PKCS11_CKM_MD5_RSA_PKCS:
630 	case PKCS11_CKM_SHA1_RSA_PKCS:
631 	case PKCS11_CKM_SHA224_RSA_PKCS:
632 	case PKCS11_CKM_SHA256_RSA_PKCS:
633 	case PKCS11_CKM_SHA384_RSA_PKCS:
634 	case PKCS11_CKM_SHA512_RSA_PKCS:
635 	case PKCS11_CKM_RSA_PKCS_PSS:
636 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
637 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
638 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
639 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
640 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
641 		/* Get key size in bytes */
642 		sz = rsa_get_input_max_byte_size(proc->tee_op_handle);
643 		if (!sz) {
644 			rc = PKCS11_CKR_FUNCTION_FAILED;
645 			goto out;
646 		}
647 
648 		if (function == PKCS11_FUNCTION_VERIFY && in2_size != sz) {
649 			rc = PKCS11_CKR_SIGNATURE_LEN_RANGE;
650 			goto out;
651 		}
652 		break;
653 	default:
654 		break;
655 	}
656 
657 	/* Next perform actual signing operation */
658 	switch (proc->mecha_type) {
659 	case PKCS11_CKM_ECDSA:
660 	case PKCS11_CKM_RSA_PKCS:
661 	case PKCS11_CKM_RSA_PKCS_OAEP:
662 	case PKCS11_CKM_RSA_PKCS_PSS:
663 		/* For operations using provided input data */
664 		switch (function) {
665 		case PKCS11_FUNCTION_ENCRYPT:
666 			res = TEE_AsymmetricEncrypt(proc->tee_op_handle,
667 						    tee_attrs, tee_attrs_count,
668 						    in_buf, in_size,
669 						    out_buf, &out_size);
670 			output_data = true;
671 			rc = tee2pkcs_error(res);
672 			if (rc == PKCS11_CKR_ARGUMENTS_BAD)
673 				rc = PKCS11_CKR_DATA_LEN_RANGE;
674 			break;
675 
676 		case PKCS11_FUNCTION_DECRYPT:
677 			res = TEE_AsymmetricDecrypt(proc->tee_op_handle,
678 						    tee_attrs, tee_attrs_count,
679 						    in_buf, in_size,
680 						    out_buf, &out_size);
681 			output_data = true;
682 			rc = tee2pkcs_error(res);
683 			if (rc == PKCS11_CKR_ARGUMENTS_BAD)
684 				rc = PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE;
685 			break;
686 
687 		case PKCS11_FUNCTION_SIGN:
688 			res = TEE_AsymmetricSignDigest(proc->tee_op_handle,
689 						       tee_attrs,
690 						       tee_attrs_count,
691 						       in_buf, in_size,
692 						       out_buf, &out_size);
693 			output_data = true;
694 			rc = tee2pkcs_error(res);
695 			break;
696 
697 		case PKCS11_FUNCTION_VERIFY:
698 			res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle,
699 							 tee_attrs,
700 							 tee_attrs_count,
701 							 in_buf, in_size,
702 							 in2_buf, in2_size);
703 			rc = tee2pkcs_error(res);
704 			break;
705 
706 		default:
707 			TEE_Panic(function);
708 			break;
709 		}
710 		break;
711 	case PKCS11_CKM_ECDSA_SHA1:
712 	case PKCS11_CKM_ECDSA_SHA224:
713 	case PKCS11_CKM_ECDSA_SHA256:
714 	case PKCS11_CKM_ECDSA_SHA384:
715 	case PKCS11_CKM_ECDSA_SHA512:
716 	case PKCS11_CKM_MD5_RSA_PKCS:
717 	case PKCS11_CKM_SHA1_RSA_PKCS:
718 	case PKCS11_CKM_SHA224_RSA_PKCS:
719 	case PKCS11_CKM_SHA256_RSA_PKCS:
720 	case PKCS11_CKM_SHA384_RSA_PKCS:
721 	case PKCS11_CKM_SHA512_RSA_PKCS:
722 	case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
723 	case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
724 	case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
725 	case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
726 	case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
727 		/* For operations having hash operation use calculated hash */
728 		switch (function) {
729 		case PKCS11_FUNCTION_SIGN:
730 			res = TEE_AsymmetricSignDigest(proc->tee_op_handle,
731 						       tee_attrs,
732 						       tee_attrs_count,
733 						       hash_buf, hash_size,
734 						       out_buf, &out_size);
735 			output_data = true;
736 			rc = tee2pkcs_error(res);
737 			break;
738 
739 		case PKCS11_FUNCTION_VERIFY:
740 			res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle,
741 							 tee_attrs,
742 							 tee_attrs_count,
743 							 hash_buf, hash_size,
744 							 in2_buf, in2_size);
745 			rc = tee2pkcs_error(res);
746 			break;
747 
748 		default:
749 			TEE_Panic(function);
750 			break;
751 		}
752 		break;
753 	default:
754 		TEE_Panic(proc->mecha_type);
755 		break;
756 	}
757 
758 out:
759 	if (output_data &&
760 	    (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) {
761 		switch (TEE_PARAM_TYPE_GET(ptypes, 2)) {
762 		case TEE_PARAM_TYPE_MEMREF_OUTPUT:
763 		case TEE_PARAM_TYPE_MEMREF_INOUT:
764 			params[2].memref.size = out_size;
765 			break;
766 		default:
767 			rc = PKCS11_CKR_GENERAL_ERROR;
768 			break;
769 		}
770 	}
771 
772 	TEE_Free(hash_buf);
773 	TEE_Free(tee_attrs);
774 
775 	return rc;
776 }
777