libutee: TEE_ALG_[ECDSA|ECDH]_P* relate to API v1.1

Remove definition of TEE_ALG_ECDSA_P192/224/256/384/521 and TEE_ALG_ECDH_P192/224/256/384/521 when libutee is built without GP TEE Internal Core API v1.1 compatibility support. These macros are now related to OP-TEE internal __OPTEE_ALG_ECDSA_P* and __OPTEE_ALG_ECDH_P* algorithm IDs that are more accurate. This change will allow to later remove the relation between the ECDSA/ECDH algorithm and the EC key with when using API v1.3.1 while still supporting that relation when building for API v1.1. Update pkcs11 TA and remoteproc TA accordingly. Signed-off-by: Etienne Carriere <[email protected]>
etienne-lms · Jan 30, 2025 · 1f15624 · 1f15624
1 parent 8261ca4
commit 1f15624
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 27 deletions.
diff --git a/lib/libutee/include/tee_api_defines.h b/lib/libutee/include/tee_api_defines.h
@@ -331,17 +331,23 @@
 #define __OPTEE_ALG_ECDH_P384			0x80004042
 #define __OPTEE_ALG_ECDH_P521			0x80005042
 
-/* TEE_ALG_ECDSA_P* and TEE_ALG_ECDH_P* are deprecated */
-#define TEE_ALG_ECDSA_P192			TEE_ALG_ECDSA_SHA1
-#define TEE_ALG_ECDSA_P224			TEE_ALG_ECDSA_SHA224
-#define TEE_ALG_ECDSA_P256			TEE_ALG_ECDSA_SHA256
-#define TEE_ALG_ECDSA_P384			TEE_ALG_ECDSA_SHA384
-#define TEE_ALG_ECDSA_P521			TEE_ALG_ECDSA_SHA512
-#define TEE_ALG_ECDH_P192		TEE_ALG_ECDH_DERIVE_SHARED_SECRET
-#define TEE_ALG_ECDH_P224		TEE_ALG_ECDH_DERIVE_SHARED_SECRET
-#define TEE_ALG_ECDH_P256		TEE_ALG_ECDH_DERIVE_SHARED_SECRET
-#define TEE_ALG_ECDH_P384		TEE_ALG_ECDH_DERIVE_SHARED_SECRET
-#define TEE_ALG_ECDH_P521		TEE_ALG_ECDH_DERIVE_SHARED_SECRET
+/*
+ * TEE_ALG_ECDSA_P* and TEE_ALG_ECDH_P* are deprecated on API v1.2 or later
+ * hence are supported (and defined) only __OPTEE_CORE_API_COMPAT_1_1 is
+ * enabled.
+ */
+#if __OPTEE_CORE_API_COMPAT_1_1
+#define TEE_ALG_ECDSA_P192			__OPTEE_ALG_ECDSA_P192
+#define TEE_ALG_ECDSA_P224			__OPTEE_ALG_ECDSA_P224
+#define TEE_ALG_ECDSA_P256			__OPTEE_ALG_ECDSA_P256
+#define TEE_ALG_ECDSA_P384			__OPTEE_ALG_ECDSA_P384
+#define TEE_ALG_ECDSA_P521			__OPTEE_ALG_ECDSA_P521
+#define TEE_ALG_ECDH_P192			__OPTEE_ALG_ECDH_P192
+#define TEE_ALG_ECDH_P224			__OPTEE_ALG_ECDH_P224
+#define TEE_ALG_ECDH_P256			__OPTEE_ALG_ECDH_P256
+#define TEE_ALG_ECDH_P384			__OPTEE_ALG_ECDH_P384
+#define TEE_ALG_ECDH_P521			__OPTEE_ALG_ECDH_P521
+#endif
 
 #define TEE_ALG_ECDH_DERIVE_SHARED_SECRET	0x80000042
 #define TEE_ALG_ECDSA_SHA1			0x70001042

diff --git a/ta/pkcs11/src/processing_ec.c b/ta/pkcs11/src/processing_ec.c
@@ -455,19 +455,19 @@ enum pkcs11_rc pkcs2tee_algo_ecdsa(uint32_t *tee_id,
 	 */
 	switch (get_object_key_bit_size(obj)) {
 	case 192:
-		*tee_id = TEE_ALG_ECDSA_P192;
+		*tee_id = __OPTEE_ALG_ECDSA_P192;
 		break;
 	case 224:
-		*tee_id = TEE_ALG_ECDSA_P224;
+		*tee_id = __OPTEE_ALG_ECDSA_P224;
 		break;
 	case 256:
-		*tee_id = TEE_ALG_ECDSA_P256;
+		*tee_id = __OPTEE_ALG_ECDSA_P256;
 		break;
 	case 384:
-		*tee_id = TEE_ALG_ECDSA_P384;
+		*tee_id = __OPTEE_ALG_ECDSA_P384;
 		break;
 	case 521:
-		*tee_id = TEE_ALG_ECDSA_P521;
+		*tee_id = __OPTEE_ALG_ECDSA_P521;
 		break;
 	default:
 		TEE_Panic(0);
@@ -848,15 +848,15 @@ size_t ecdsa_get_input_max_byte_size(TEE_OperationHandle op)
 	TEE_GetOperationInfo(op, &info);
 
 	switch (info.algorithm) {
-	case TEE_ALG_ECDSA_P192:
+	case __OPTEE_ALG_ECDSA_P192:
 		return 24;
-	case TEE_ALG_ECDSA_P224:
+	case __OPTEE_ALG_ECDSA_P224:
 		return 28;
-	case TEE_ALG_ECDSA_P256:
+	case __OPTEE_ALG_ECDSA_P256:
 		return 32;
-	case TEE_ALG_ECDSA_P384:
+	case __OPTEE_ALG_ECDSA_P384:
 		return 48;
-	case TEE_ALG_ECDSA_P521:
+	case __OPTEE_ALG_ECDSA_P521:
 		return 66;
 	default:
 		DMSG("Unexpected ECDSA algorithm %#"PRIx32, info.algorithm);
@@ -942,19 +942,19 @@ enum pkcs11_rc pkcs2tee_algo_ecdh(uint32_t *tee_id,
 
 	switch (get_object_key_bit_size(obj)) {
 	case 192:
-		*tee_id = TEE_ALG_ECDH_P192;
+		*tee_id = __OPTEE_ALG_ECDH_P192;
 		break;
 	case 224:
-		*tee_id = TEE_ALG_ECDH_P224;
+		*tee_id = __OPTEE_ALG_ECDH_P224;
 		break;
 	case 256:
-		*tee_id = TEE_ALG_ECDH_P256;
+		*tee_id = __OPTEE_ALG_ECDH_P256;
 		break;
 	case 384:
-		*tee_id = TEE_ALG_ECDH_P384;
+		*tee_id = __OPTEE_ALG_ECDH_P384;
 		break;
 	case 521:
-		*tee_id = TEE_ALG_ECDH_P521;
+		*tee_id = __OPTEE_ALG_ECDH_P521;
 		break;
 	default:
 		TEE_Panic(0);

diff --git a/ta/remoteproc/src/remoteproc_core.c b/ta/remoteproc/src/remoteproc_core.c
@@ -206,7 +206,7 @@ static const struct remoteproc_sig_algo rproc_ta_sign_algo[] = {
 	},
 	{
 		.sign_type = RPROC_ECDSA_SHA256,
-		.id = TEE_ALG_ECDSA_P256,
+		.id = TEE_ALG_ECDSA_SHA256,
 		.hash_len = TEE_SHA256_HASH_SIZE,
 	},
 };