1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014-2017, Linaro Limited 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright notice, 13 * this list of conditions and the following disclaimer in the documentation 14 * and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This is the Cryptographic Provider API (CP API). 31 * 32 * This defines how most crypto syscalls that implement the Cryptographic 33 * Operations API can invoke the actual providers of cryptographic algorithms 34 * (such as LibTomCrypt). 35 * 36 * To add a new provider, you need to provide an implementation of this 37 * interface. 38 * 39 * The following parameters are commonly used. 40 * 41 * @ctx: context allocated by the syscall, for later use by the algorithm 42 * @algo: algorithm identifier (TEE_ALG_*) 43 */ 44 45 #ifndef __CRYPTO_CRYPTO_H 46 #define __CRYPTO_CRYPTO_H 47 48 #include <tee_api_types.h> 49 50 TEE_Result crypto_init(void); 51 52 /* Message digest functions */ 53 TEE_Result crypto_hash_get_ctx_size(uint32_t algo, size_t *size); 54 TEE_Result crypto_hash_init(void *ctx, uint32_t algo); 55 TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, 56 size_t len); 57 TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, 58 size_t len); 59 60 /* Symmetric ciphers */ 61 TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size); 62 TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 63 const uint8_t *key1, size_t key1_len, 64 const uint8_t *key2, size_t key2_len, 65 const uint8_t *iv, size_t iv_len); 66 TEE_Result crypto_cipher_update(void *ctx, uint32_t algo, 67 TEE_OperationMode mode, bool last_block, 68 const uint8_t *data, size_t len, uint8_t *dst); 69 void crypto_cipher_final(void *ctx, uint32_t algo); 70 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size); 71 72 /* Message Authentication Code functions */ 73 TEE_Result crypto_mac_get_ctx_size(uint32_t algo, size_t *size); 74 TEE_Result crypto_mac_init(void *ctx, uint32_t algo, const uint8_t *key, 75 size_t len); 76 TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data, 77 size_t len); 78 TEE_Result crypto_mac_final(void *ctx, uint32_t algo, uint8_t *digest, 79 size_t digest_len); 80 81 /* Authenticated encryption */ 82 TEE_Result crypto_authenc_get_ctx_size(uint32_t algo, size_t *size); 83 TEE_Result crypto_authenc_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 84 const uint8_t *key, size_t key_len, 85 const uint8_t *nonce, size_t nonce_len, 86 size_t tag_len, size_t aad_len, 87 size_t payload_len); 88 TEE_Result crypto_authenc_update_aad(void *ctx, uint32_t algo, 89 TEE_OperationMode mode, 90 const uint8_t *data, size_t len); 91 TEE_Result crypto_authenc_update_payload(void *ctx, uint32_t algo, 92 TEE_OperationMode mode, 93 const uint8_t *src_data, 94 size_t src_len, uint8_t *dst_data, 95 size_t *dst_len); 96 TEE_Result crypto_authenc_enc_final(void *ctx, uint32_t algo, 97 const uint8_t *src_data, size_t src_len, 98 uint8_t *dst_data, size_t *dst_len, 99 uint8_t *dst_tag, size_t *dst_tag_len); 100 TEE_Result crypto_authenc_dec_final(void *ctx, uint32_t algo, 101 const uint8_t *src_data, size_t src_len, 102 uint8_t *dst_data, size_t *dst_len, 103 const uint8_t *tag, size_t tag_len); 104 void crypto_authenc_final(void *ctx, uint32_t algo); 105 106 /* Implementation-defined big numbers */ 107 108 /* 109 * Allocate a bignum capable of holding an unsigned integer value of 110 * up to bitsize bits 111 */ 112 struct bignum *crypto_bignum_allocate(size_t size_bits); 113 TEE_Result crypto_bignum_bin2bn(const uint8_t *from, size_t fromsize, 114 struct bignum *to); 115 size_t crypto_bignum_num_bytes(struct bignum *a); 116 size_t crypto_bignum_num_bits(struct bignum *a); 117 void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to); 118 void crypto_bignum_copy(struct bignum *to, const struct bignum *from); 119 void crypto_bignum_free(struct bignum *a); 120 void crypto_bignum_clear(struct bignum *a); 121 122 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 123 int32_t crypto_bignum_compare(struct bignum *a, struct bignum *b); 124 125 /* Asymmetric algorithms */ 126 127 struct rsa_keypair { 128 struct bignum *e; /* Public exponent */ 129 struct bignum *d; /* Private exponent */ 130 struct bignum *n; /* Modulus */ 131 132 /* Optional CRT parameters (all NULL if unused) */ 133 struct bignum *p; /* N = pq */ 134 struct bignum *q; 135 struct bignum *qp; /* 1/q mod p */ 136 struct bignum *dp; /* d mod (p-1) */ 137 struct bignum *dq; /* d mod (q-1) */ 138 }; 139 140 struct rsa_public_key { 141 struct bignum *e; /* Public exponent */ 142 struct bignum *n; /* Modulus */ 143 }; 144 145 struct dsa_keypair { 146 struct bignum *g; /* Generator of subgroup (public) */ 147 struct bignum *p; /* Prime number (public) */ 148 struct bignum *q; /* Order of subgroup (public) */ 149 struct bignum *y; /* Public key */ 150 struct bignum *x; /* Private key */ 151 }; 152 153 struct dsa_public_key { 154 struct bignum *g; /* Generator of subgroup (public) */ 155 struct bignum *p; /* Prime number (public) */ 156 struct bignum *q; /* Order of subgroup (public) */ 157 struct bignum *y; /* Public key */ 158 }; 159 160 struct dh_keypair { 161 struct bignum *g; /* Generator of Z_p (shared) */ 162 struct bignum *p; /* Prime modulus (shared) */ 163 struct bignum *x; /* Private key */ 164 struct bignum *y; /* Public key y = g^x */ 165 166 /* 167 * Optional parameters used by key generation. 168 * When not used, q == NULL and xbits == 0 169 */ 170 struct bignum *q; /* x must be in the range [2, q-2] */ 171 uint32_t xbits; /* Number of bits in the private key */ 172 }; 173 174 struct ecc_public_key { 175 struct bignum *x; /* Public value x */ 176 struct bignum *y; /* Public value y */ 177 uint32_t curve; /* Curve type */ 178 }; 179 180 struct ecc_keypair { 181 struct bignum *d; /* Private value */ 182 struct bignum *x; /* Public value x */ 183 struct bignum *y; /* Public value y */ 184 uint32_t curve; /* Curve type */ 185 }; 186 187 /* 188 * Key allocation functions 189 * Allocate the bignum's inside a key structure. 190 * TEE core will later use crypto_bignum_free(). 191 */ 192 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s, 193 size_t key_size_bits); 194 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s, 195 size_t key_size_bits); 196 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s); 197 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s, 198 size_t key_size_bits); 199 TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s, 200 size_t key_size_bits); 201 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s, 202 size_t key_size_bits); 203 TEE_Result crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s, 204 size_t key_size_bits); 205 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s, 206 size_t key_size_bits); 207 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s); 208 209 /* 210 * Key generation functions 211 */ 212 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t key_size); 213 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key, size_t key_size); 214 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key, struct bignum *q, 215 size_t xbits); 216 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key); 217 218 TEE_Result crypto_acipher_dh_shared_secret(struct dh_keypair *private_key, 219 struct bignum *public_key, 220 struct bignum *secret); 221 222 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key, 223 const uint8_t *src, size_t src_len, 224 uint8_t *dst, size_t *dst_len); 225 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, 226 const uint8_t *src, size_t src_len, 227 uint8_t *dst, size_t *dst_len); 228 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key, 229 const uint8_t *label, size_t label_len, 230 const uint8_t *src, size_t src_len, 231 uint8_t *dst, size_t *dst_len); 232 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo, 233 struct rsa_public_key *key, 234 const uint8_t *label, size_t label_len, 235 const uint8_t *src, size_t src_len, 236 uint8_t *dst, size_t *dst_len); 237 /* RSA SSA sign/verify: if salt_len == -1, use default value */ 238 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, 239 int salt_len, const uint8_t *msg, 240 size_t msg_len, uint8_t *sig, 241 size_t *sig_len); 242 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo, 243 struct rsa_public_key *key, 244 int salt_len, const uint8_t *msg, 245 size_t msg_len, const uint8_t *sig, 246 size_t sig_len); 247 TEE_Result crypto_acipher_dsa_sign(uint32_t algo, struct dsa_keypair *key, 248 const uint8_t *msg, size_t msg_len, 249 uint8_t *sig, size_t *sig_len); 250 TEE_Result crypto_acipher_dsa_verify(uint32_t algo, struct dsa_public_key *key, 251 const uint8_t *msg, size_t msg_len, 252 const uint8_t *sig, size_t sig_len); 253 TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key, 254 const uint8_t *msg, size_t msg_len, 255 uint8_t *sig, size_t *sig_len); 256 TEE_Result crypto_acipher_ecc_verify(uint32_t algo, struct ecc_public_key *key, 257 const uint8_t *msg, size_t msg_len, 258 const uint8_t *sig, size_t sig_len); 259 TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, 260 struct ecc_public_key *public_key, 261 void *secret, 262 unsigned long *secret_len); 263 264 /* 265 * Verifies a SHA-256 hash, doesn't require crypto_init() to be called in 266 * advance and has as few dependencies as possible. 267 * 268 * This function is primarily used by pager and early initialization code 269 * where the complete crypto library isn't available. 270 */ 271 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, 272 size_t data_size); 273 274 /* Add entropy to PRNG entropy pool. */ 275 TEE_Result crypto_rng_add_entropy(const uint8_t *inbuf, size_t len); 276 277 /* To read random data from PRNG implementation. */ 278 TEE_Result crypto_rng_read(void *buf, size_t blen); 279 280 TEE_Result rng_generate(void *buffer, size_t len); 281 282 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, 283 void *enc_key, unsigned int *rounds); 284 void crypto_aes_enc_block(const void *enc_key, unsigned int rounds, 285 const void *src, void *dst); 286 287 #endif /* __CRYPTO_CRYPTO_H */ 288