1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014-2017, Linaro Limited 4 */ 5 6 /* 7 * This is the Cryptographic Provider API (CP API). 8 * 9 * This defines how most crypto syscalls that implement the Cryptographic 10 * Operations API can invoke the actual providers of cryptographic algorithms 11 * (such as LibTomCrypt). 12 * 13 * To add a new provider, you need to provide an implementation of this 14 * interface. 15 * 16 * The following parameters are commonly used. 17 * 18 * @ctx: context allocated by the syscall, for later use by the algorithm 19 * @algo: algorithm identifier (TEE_ALG_*) 20 */ 21 22 #ifndef __CRYPTO_CRYPTO_H 23 #define __CRYPTO_CRYPTO_H 24 25 #include <tee_api_types.h> 26 27 TEE_Result crypto_init(void); 28 29 /* Message digest functions */ 30 TEE_Result crypto_hash_alloc_ctx(void **ctx, uint32_t algo); 31 TEE_Result crypto_hash_init(void *ctx, uint32_t algo); 32 TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, 33 size_t len); 34 TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, 35 size_t len); 36 void crypto_hash_free_ctx(void *ctx, uint32_t algo); 37 void crypto_hash_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo); 38 39 /* Symmetric ciphers */ 40 TEE_Result crypto_cipher_alloc_ctx(void **ctx, uint32_t algo); 41 TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 42 const uint8_t *key1, size_t key1_len, 43 const uint8_t *key2, size_t key2_len, 44 const uint8_t *iv, size_t iv_len); 45 TEE_Result crypto_cipher_update(void *ctx, uint32_t algo, 46 TEE_OperationMode mode, bool last_block, 47 const uint8_t *data, size_t len, uint8_t *dst); 48 void crypto_cipher_final(void *ctx, uint32_t algo); 49 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size); 50 void crypto_cipher_free_ctx(void *ctx, uint32_t algo); 51 void crypto_cipher_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo); 52 53 /* Message Authentication Code functions */ 54 TEE_Result crypto_mac_alloc_ctx(void **ctx, uint32_t algo); 55 TEE_Result crypto_mac_init(void *ctx, uint32_t algo, const uint8_t *key, 56 size_t len); 57 TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data, 58 size_t len); 59 TEE_Result crypto_mac_final(void *ctx, uint32_t algo, uint8_t *digest, 60 size_t digest_len); 61 void crypto_mac_free_ctx(void *ctx, uint32_t algo); 62 void crypto_mac_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo); 63 64 /* Authenticated encryption */ 65 TEE_Result crypto_authenc_alloc_ctx(void **ctx, uint32_t algo); 66 TEE_Result crypto_authenc_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 67 const uint8_t *key, size_t key_len, 68 const uint8_t *nonce, size_t nonce_len, 69 size_t tag_len, size_t aad_len, 70 size_t payload_len); 71 TEE_Result crypto_authenc_update_aad(void *ctx, uint32_t algo, 72 TEE_OperationMode mode, 73 const uint8_t *data, size_t len); 74 TEE_Result crypto_authenc_update_payload(void *ctx, uint32_t algo, 75 TEE_OperationMode mode, 76 const uint8_t *src_data, 77 size_t src_len, uint8_t *dst_data, 78 size_t *dst_len); 79 TEE_Result crypto_authenc_enc_final(void *ctx, uint32_t algo, 80 const uint8_t *src_data, size_t src_len, 81 uint8_t *dst_data, size_t *dst_len, 82 uint8_t *dst_tag, size_t *dst_tag_len); 83 TEE_Result crypto_authenc_dec_final(void *ctx, uint32_t algo, 84 const uint8_t *src_data, size_t src_len, 85 uint8_t *dst_data, size_t *dst_len, 86 const uint8_t *tag, size_t tag_len); 87 void crypto_authenc_final(void *ctx, uint32_t algo); 88 void crypto_authenc_free_ctx(void *ctx, uint32_t algo); 89 void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx, uint32_t algo); 90 91 /* Implementation-defined big numbers */ 92 93 /* 94 * Allocate a bignum capable of holding an unsigned integer value of 95 * up to bitsize bits 96 */ 97 struct bignum *crypto_bignum_allocate(size_t size_bits); 98 TEE_Result crypto_bignum_bin2bn(const uint8_t *from, size_t fromsize, 99 struct bignum *to); 100 size_t crypto_bignum_num_bytes(struct bignum *a); 101 size_t crypto_bignum_num_bits(struct bignum *a); 102 void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to); 103 void crypto_bignum_copy(struct bignum *to, const struct bignum *from); 104 void crypto_bignum_free(struct bignum *a); 105 void crypto_bignum_clear(struct bignum *a); 106 107 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 108 int32_t crypto_bignum_compare(struct bignum *a, struct bignum *b); 109 110 /* Asymmetric algorithms */ 111 112 struct rsa_keypair { 113 struct bignum *e; /* Public exponent */ 114 struct bignum *d; /* Private exponent */ 115 struct bignum *n; /* Modulus */ 116 117 /* Optional CRT parameters (all NULL if unused) */ 118 struct bignum *p; /* N = pq */ 119 struct bignum *q; 120 struct bignum *qp; /* 1/q mod p */ 121 struct bignum *dp; /* d mod (p-1) */ 122 struct bignum *dq; /* d mod (q-1) */ 123 }; 124 125 struct rsa_public_key { 126 struct bignum *e; /* Public exponent */ 127 struct bignum *n; /* Modulus */ 128 }; 129 130 struct dsa_keypair { 131 struct bignum *g; /* Generator of subgroup (public) */ 132 struct bignum *p; /* Prime number (public) */ 133 struct bignum *q; /* Order of subgroup (public) */ 134 struct bignum *y; /* Public key */ 135 struct bignum *x; /* Private key */ 136 }; 137 138 struct dsa_public_key { 139 struct bignum *g; /* Generator of subgroup (public) */ 140 struct bignum *p; /* Prime number (public) */ 141 struct bignum *q; /* Order of subgroup (public) */ 142 struct bignum *y; /* Public key */ 143 }; 144 145 struct dh_keypair { 146 struct bignum *g; /* Generator of Z_p (shared) */ 147 struct bignum *p; /* Prime modulus (shared) */ 148 struct bignum *x; /* Private key */ 149 struct bignum *y; /* Public key y = g^x */ 150 151 /* 152 * Optional parameters used by key generation. 153 * When not used, q == NULL and xbits == 0 154 */ 155 struct bignum *q; /* x must be in the range [2, q-2] */ 156 uint32_t xbits; /* Number of bits in the private key */ 157 }; 158 159 struct ecc_public_key { 160 struct bignum *x; /* Public value x */ 161 struct bignum *y; /* Public value y */ 162 uint32_t curve; /* Curve type */ 163 }; 164 165 struct ecc_keypair { 166 struct bignum *d; /* Private value */ 167 struct bignum *x; /* Public value x */ 168 struct bignum *y; /* Public value y */ 169 uint32_t curve; /* Curve type */ 170 }; 171 172 /* 173 * Key allocation functions 174 * Allocate the bignum's inside a key structure. 175 * TEE core will later use crypto_bignum_free(). 176 */ 177 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s, 178 size_t key_size_bits); 179 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s, 180 size_t key_size_bits); 181 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s); 182 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s, 183 size_t key_size_bits); 184 TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s, 185 size_t key_size_bits); 186 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s, 187 size_t key_size_bits); 188 TEE_Result crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s, 189 size_t key_size_bits); 190 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s, 191 size_t key_size_bits); 192 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s); 193 194 /* 195 * Key generation functions 196 */ 197 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t key_size); 198 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key, size_t key_size); 199 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key, struct bignum *q, 200 size_t xbits); 201 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key); 202 203 TEE_Result crypto_acipher_dh_shared_secret(struct dh_keypair *private_key, 204 struct bignum *public_key, 205 struct bignum *secret); 206 207 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key, 208 const uint8_t *src, size_t src_len, 209 uint8_t *dst, size_t *dst_len); 210 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, 211 const uint8_t *src, size_t src_len, 212 uint8_t *dst, size_t *dst_len); 213 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key, 214 const uint8_t *label, size_t label_len, 215 const uint8_t *src, size_t src_len, 216 uint8_t *dst, size_t *dst_len); 217 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo, 218 struct rsa_public_key *key, 219 const uint8_t *label, size_t label_len, 220 const uint8_t *src, size_t src_len, 221 uint8_t *dst, size_t *dst_len); 222 /* RSA SSA sign/verify: if salt_len == -1, use default value */ 223 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, 224 int salt_len, const uint8_t *msg, 225 size_t msg_len, uint8_t *sig, 226 size_t *sig_len); 227 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo, 228 struct rsa_public_key *key, 229 int salt_len, const uint8_t *msg, 230 size_t msg_len, const uint8_t *sig, 231 size_t sig_len); 232 TEE_Result crypto_acipher_dsa_sign(uint32_t algo, struct dsa_keypair *key, 233 const uint8_t *msg, size_t msg_len, 234 uint8_t *sig, size_t *sig_len); 235 TEE_Result crypto_acipher_dsa_verify(uint32_t algo, struct dsa_public_key *key, 236 const uint8_t *msg, size_t msg_len, 237 const uint8_t *sig, size_t sig_len); 238 TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key, 239 const uint8_t *msg, size_t msg_len, 240 uint8_t *sig, size_t *sig_len); 241 TEE_Result crypto_acipher_ecc_verify(uint32_t algo, struct ecc_public_key *key, 242 const uint8_t *msg, size_t msg_len, 243 const uint8_t *sig, size_t sig_len); 244 TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, 245 struct ecc_public_key *public_key, 246 void *secret, 247 unsigned long *secret_len); 248 249 /* 250 * Verifies a SHA-256 hash, doesn't require crypto_init() to be called in 251 * advance and has as few dependencies as possible. 252 * 253 * This function is primarily used by pager and early initialization code 254 * where the complete crypto library isn't available. 255 */ 256 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, 257 size_t data_size); 258 259 /* 260 * Computes a SHA-512/256 hash, vetted conditioner as per NIST.SP.800-90B. 261 * It doesn't require crypto_init() to be called in advance and has as few 262 * dependencies as possible. 263 * 264 * This function could be used inside interrupt context where the crypto 265 * library can't be used due to mutex handling. 266 */ 267 TEE_Result hash_sha512_256_compute(uint8_t *digest, const uint8_t *data, 268 size_t data_size); 269 270 #define CRYPTO_RNG_SRC_IS_QUICK(sid) (!!((sid) & 1)) 271 272 /* 273 * enum crypto_rng_src - RNG entropy source 274 * 275 * Identifiers for different RNG entropy sources. The lowest bit indicates 276 * if the source is to be merely queued (bit is 1) or if it's delivered 277 * directly to the pool. The difference is that in the latter case RPC to 278 * normal world can be performed and in the former it must not. 279 */ 280 enum crypto_rng_src { 281 CRYPTO_RNG_SRC_JITTER_SESSION = (0 << 1 | 0), 282 CRYPTO_RNG_SRC_JITTER_RPC = (1 << 1 | 1), 283 CRYPTO_RNG_SRC_NONSECURE = (1 << 1 | 0), 284 }; 285 286 /* 287 * crypto_rng_init() - initialize the RNG 288 * @data: buffer with initial seed 289 * @dlen: length of @data 290 */ 291 TEE_Result crypto_rng_init(const void *data, size_t dlen); 292 293 /* 294 * crypto_rng_add_event() - supply entropy to RNG from a source 295 * @sid: Source identifier, should be unique for a specific source 296 * @pnum: Pool number, acquired using crypto_rng_get_next_pool_num() 297 * @data: Data associated with the event 298 * @dlen: Length of @data 299 * 300 * @sid controls whether the event is merly queued in a ring buffer or if 301 * it's added to one of the pools directly. If CRYPTO_RNG_SRC_IS_QUICK() is 302 * true (lowest bit set) events are queue otherwise added to corresponding 303 * pool. If CRYPTO_RNG_SRC_IS_QUICK() is false, eventual queued events are 304 * added to their queues too. 305 */ 306 void crypto_rng_add_event(enum crypto_rng_src sid, unsigned int *pnum, 307 const void *data, size_t dlen); 308 309 /* 310 * crypto_rng_read() - read cryptograhically secure RNG 311 * @buf: Buffer to hold the data 312 * @len: Length of buffer. 313 * 314 * Eventual queued events are also added to their pools during this 315 * function call. 316 */ 317 TEE_Result crypto_rng_read(void *buf, size_t len); 318 319 /* 320 * crypto_aes_expand_enc_key() - Expand an AES key 321 * @key: AES key buffer 322 * @key_len: Size of the the @key buffer in bytes 323 * @enc_key: Expanded AES encryption key buffer 324 * @enc_keylen: Size of the @enc_key buffer in bytes 325 * @rounds: Number of rounds to be used during encryption 326 */ 327 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, 328 void *enc_key, size_t enc_keylen, 329 unsigned int *rounds); 330 331 /* 332 * crypto_aes_enc_block() - Encrypt an AES block 333 * @enc_key: Expanded AES encryption key 334 * @enc_keylen: Size of @enc_key in bytes 335 * @rounds: Number of rounds 336 * @src: Source buffer of one AES block (16 bytes) 337 * @dst: Destination buffer of one AES block (16 bytes) 338 */ 339 void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen, 340 unsigned int rounds, const void *src, void *dst); 341 342 #endif /* __CRYPTO_CRYPTO_H */ 343