| Jens Wiklander | e9babd9 | 2018-04-20 11:20:59 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: BSD-2-Clause |
| 2 | /* Copyright (c) 2018, Linaro Limited */ |
| 3 | |
| 4 | #include <mbedtls_taf.h> |
| 5 | #include <mbedtls/aes.h> |
| 6 | #include <mbedtls/base64.h> |
| 7 | #include <mbedtls/bignum.h> |
| 8 | #include <mbedtls/des.h> |
| 9 | #include <mbedtls/md5.h> |
| 10 | #include <mbedtls/rsa.h> |
| 11 | #include <mbedtls/sha1.h> |
| 12 | #include <mbedtls/sha256.h> |
| 13 | #include <mbedtls/x509.h> |
| Jens Wiklander | f7ffa64 | 2018-04-20 16:25:21 +0200 | [diff] [blame] | 14 | #include <mbedtls/x509_crt.h> |
| 15 | |
| Jens Wiklander | e9babd9 | 2018-04-20 11:20:59 +0200 | [diff] [blame] | 16 | |
| 17 | TEE_Result |
| 18 | ta_entry_mbedtls_self_tests(uint32_t param_type, |
| 19 | TEE_Param params[TEE_NUM_PARAMS] __unused) |
| 20 | { |
| 21 | const uint32_t exp_pt = TEE_PARAM_TYPES(TEE_PARAM_TYPE_NONE, |
| 22 | TEE_PARAM_TYPE_NONE, |
| 23 | TEE_PARAM_TYPE_NONE, |
| 24 | TEE_PARAM_TYPE_NONE); |
| 25 | if (param_type != exp_pt) |
| 26 | return TEE_ERROR_BAD_PARAMETERS; |
| 27 | |
| 28 | #ifdef CFG_TA_MBEDTLS_SELF_TEST |
| 29 | #define DO_MBEDTLS_SELF_TEST(x) do { \ |
| 30 | if (mbedtls_##x##_self_test(1)) { \ |
| 31 | EMSG("mbedtls_%s_self_test: failed", #x); \ |
| 32 | return TEE_ERROR_GENERIC; \ |
| 33 | } \ |
| 34 | } while (0) |
| 35 | |
| 36 | DO_MBEDTLS_SELF_TEST(aes); |
| 37 | DO_MBEDTLS_SELF_TEST(des); |
| 38 | DO_MBEDTLS_SELF_TEST(md5); |
| 39 | DO_MBEDTLS_SELF_TEST(sha1); |
| 40 | DO_MBEDTLS_SELF_TEST(sha256); |
| 41 | DO_MBEDTLS_SELF_TEST(base64); |
| 42 | DO_MBEDTLS_SELF_TEST(mpi); |
| 43 | DO_MBEDTLS_SELF_TEST(rsa); |
| 44 | DO_MBEDTLS_SELF_TEST(x509); |
| 45 | |
| 46 | return TEE_SUCCESS; |
| 47 | #else |
| 48 | return TEE_ERROR_NOT_IMPLEMENTED; |
| 49 | #endif |
| 50 | } |
| Jens Wiklander | f7ffa64 | 2018-04-20 16:25:21 +0200 | [diff] [blame] | 51 | |
| 52 | TEE_Result ta_entry_mbedtls_check_cert(uint32_t param_type, |
| 53 | TEE_Param params[TEE_NUM_PARAMS]) |
| 54 | { |
| 55 | TEE_Result res = TEE_SUCCESS; |
| 56 | const uint32_t exp_pt = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, |
| 57 | TEE_PARAM_TYPE_MEMREF_INPUT, |
| 58 | TEE_PARAM_TYPE_NONE, |
| 59 | TEE_PARAM_TYPE_NONE); |
| 60 | int ret; |
| 61 | uint32_t flags; |
| 62 | mbedtls_x509_crt crt; |
| 63 | mbedtls_x509_crt trust_crt; |
| 64 | |
| 65 | if (param_type != exp_pt) |
| 66 | return TEE_ERROR_BAD_PARAMETERS; |
| 67 | |
| 68 | mbedtls_x509_crt_init(&crt); |
| 69 | mbedtls_x509_crt_init(&trust_crt); |
| 70 | |
| 71 | ret = mbedtls_x509_crt_parse(&crt, params[0].memref.buffer, |
| 72 | params[0].memref.size); |
| 73 | if (ret) { |
| 74 | EMSG("mbedtls_x509_crt_parse: failed: %#x", ret); |
| 75 | return TEE_ERROR_BAD_FORMAT; |
| 76 | } |
| 77 | |
| 78 | ret = mbedtls_x509_crt_parse(&trust_crt, params[1].memref.buffer, |
| 79 | params[1].memref.size); |
| 80 | if (ret) { |
| 81 | EMSG("mbedtls_x509_crt_parse: failed: %#x", ret); |
| 82 | res = TEE_ERROR_BAD_FORMAT; |
| 83 | goto out; |
| 84 | } |
| 85 | |
| 86 | ret = mbedtls_x509_crt_verify(&crt, &trust_crt, NULL, NULL, &flags, |
| 87 | NULL, NULL); |
| 88 | if (ret) { |
| 89 | EMSG("mbedtls_x509_crt_verify: failed: %#x", ret); |
| 90 | res = TEE_ERROR_BAD_FORMAT; |
| 91 | |
| 92 | } |
| 93 | |
| 94 | out: |
| 95 | mbedtls_x509_crt_free(&trust_crt); |
| 96 | mbedtls_x509_crt_free(&crt); |
| 97 | |
| 98 | return res; |
| 99 | |
| 100 | } |