1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014-2017, Linaro Limited 4 */ 5 6 /* 7 * This is the Cryptographic Provider API (CP API). 8 * 9 * This defines how most crypto syscalls that implement the Cryptographic 10 * Operations API can invoke the actual providers of cryptographic algorithms 11 * (such as LibTomCrypt). 12 * 13 * To add a new provider, you need to provide an implementation of this 14 * interface. 15 * 16 * The following parameters are commonly used. 17 * 18 * @ctx: context allocated by the syscall, for later use by the algorithm 19 * @algo: algorithm identifier (TEE_ALG_*) 20 */ 21 22 #ifndef __CRYPTO_CRYPTO_H 23 #define __CRYPTO_CRYPTO_H 24 25 #include <tee_api_types.h> 26 27 TEE_Result crypto_init(void); 28 29 /* Message digest functions */ 30 TEE_Result crypto_hash_get_ctx_size(uint32_t algo, size_t *size); 31 TEE_Result crypto_hash_init(void *ctx, uint32_t algo); 32 TEE_Result crypto_hash_update(void *ctx, uint32_t algo, const uint8_t *data, 33 size_t len); 34 TEE_Result crypto_hash_final(void *ctx, uint32_t algo, uint8_t *digest, 35 size_t len); 36 37 /* Symmetric ciphers */ 38 TEE_Result crypto_cipher_get_ctx_size(uint32_t algo, size_t *size); 39 TEE_Result crypto_cipher_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 40 const uint8_t *key1, size_t key1_len, 41 const uint8_t *key2, size_t key2_len, 42 const uint8_t *iv, size_t iv_len); 43 TEE_Result crypto_cipher_update(void *ctx, uint32_t algo, 44 TEE_OperationMode mode, bool last_block, 45 const uint8_t *data, size_t len, uint8_t *dst); 46 void crypto_cipher_final(void *ctx, uint32_t algo); 47 TEE_Result crypto_cipher_get_block_size(uint32_t algo, size_t *size); 48 49 /* Message Authentication Code functions */ 50 TEE_Result crypto_mac_get_ctx_size(uint32_t algo, size_t *size); 51 TEE_Result crypto_mac_init(void *ctx, uint32_t algo, const uint8_t *key, 52 size_t len); 53 TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data, 54 size_t len); 55 TEE_Result crypto_mac_final(void *ctx, uint32_t algo, uint8_t *digest, 56 size_t digest_len); 57 58 /* Authenticated encryption */ 59 TEE_Result crypto_authenc_get_ctx_size(uint32_t algo, size_t *size); 60 TEE_Result crypto_authenc_init(void *ctx, uint32_t algo, TEE_OperationMode mode, 61 const uint8_t *key, size_t key_len, 62 const uint8_t *nonce, size_t nonce_len, 63 size_t tag_len, size_t aad_len, 64 size_t payload_len); 65 TEE_Result crypto_authenc_update_aad(void *ctx, uint32_t algo, 66 TEE_OperationMode mode, 67 const uint8_t *data, size_t len); 68 TEE_Result crypto_authenc_update_payload(void *ctx, uint32_t algo, 69 TEE_OperationMode mode, 70 const uint8_t *src_data, 71 size_t src_len, uint8_t *dst_data, 72 size_t *dst_len); 73 TEE_Result crypto_authenc_enc_final(void *ctx, uint32_t algo, 74 const uint8_t *src_data, size_t src_len, 75 uint8_t *dst_data, size_t *dst_len, 76 uint8_t *dst_tag, size_t *dst_tag_len); 77 TEE_Result crypto_authenc_dec_final(void *ctx, uint32_t algo, 78 const uint8_t *src_data, size_t src_len, 79 uint8_t *dst_data, size_t *dst_len, 80 const uint8_t *tag, size_t tag_len); 81 void crypto_authenc_final(void *ctx, uint32_t algo); 82 83 /* Implementation-defined big numbers */ 84 85 /* 86 * Allocate a bignum capable of holding an unsigned integer value of 87 * up to bitsize bits 88 */ 89 struct bignum *crypto_bignum_allocate(size_t size_bits); 90 TEE_Result crypto_bignum_bin2bn(const uint8_t *from, size_t fromsize, 91 struct bignum *to); 92 size_t crypto_bignum_num_bytes(struct bignum *a); 93 size_t crypto_bignum_num_bits(struct bignum *a); 94 void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to); 95 void crypto_bignum_copy(struct bignum *to, const struct bignum *from); 96 void crypto_bignum_free(struct bignum *a); 97 void crypto_bignum_clear(struct bignum *a); 98 99 /* return -1 if a<b, 0 if a==b, +1 if a>b */ 100 int32_t crypto_bignum_compare(struct bignum *a, struct bignum *b); 101 102 /* Asymmetric algorithms */ 103 104 struct rsa_keypair { 105 struct bignum *e; /* Public exponent */ 106 struct bignum *d; /* Private exponent */ 107 struct bignum *n; /* Modulus */ 108 109 /* Optional CRT parameters (all NULL if unused) */ 110 struct bignum *p; /* N = pq */ 111 struct bignum *q; 112 struct bignum *qp; /* 1/q mod p */ 113 struct bignum *dp; /* d mod (p-1) */ 114 struct bignum *dq; /* d mod (q-1) */ 115 }; 116 117 struct rsa_public_key { 118 struct bignum *e; /* Public exponent */ 119 struct bignum *n; /* Modulus */ 120 }; 121 122 struct dsa_keypair { 123 struct bignum *g; /* Generator of subgroup (public) */ 124 struct bignum *p; /* Prime number (public) */ 125 struct bignum *q; /* Order of subgroup (public) */ 126 struct bignum *y; /* Public key */ 127 struct bignum *x; /* Private key */ 128 }; 129 130 struct dsa_public_key { 131 struct bignum *g; /* Generator of subgroup (public) */ 132 struct bignum *p; /* Prime number (public) */ 133 struct bignum *q; /* Order of subgroup (public) */ 134 struct bignum *y; /* Public key */ 135 }; 136 137 struct dh_keypair { 138 struct bignum *g; /* Generator of Z_p (shared) */ 139 struct bignum *p; /* Prime modulus (shared) */ 140 struct bignum *x; /* Private key */ 141 struct bignum *y; /* Public key y = g^x */ 142 143 /* 144 * Optional parameters used by key generation. 145 * When not used, q == NULL and xbits == 0 146 */ 147 struct bignum *q; /* x must be in the range [2, q-2] */ 148 uint32_t xbits; /* Number of bits in the private key */ 149 }; 150 151 struct ecc_public_key { 152 struct bignum *x; /* Public value x */ 153 struct bignum *y; /* Public value y */ 154 uint32_t curve; /* Curve type */ 155 }; 156 157 struct ecc_keypair { 158 struct bignum *d; /* Private value */ 159 struct bignum *x; /* Public value x */ 160 struct bignum *y; /* Public value y */ 161 uint32_t curve; /* Curve type */ 162 }; 163 164 /* 165 * Key allocation functions 166 * Allocate the bignum's inside a key structure. 167 * TEE core will later use crypto_bignum_free(). 168 */ 169 TEE_Result crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s, 170 size_t key_size_bits); 171 TEE_Result crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s, 172 size_t key_size_bits); 173 void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s); 174 TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s, 175 size_t key_size_bits); 176 TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s, 177 size_t key_size_bits); 178 TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s, 179 size_t key_size_bits); 180 TEE_Result crypto_acipher_alloc_ecc_public_key(struct ecc_public_key *s, 181 size_t key_size_bits); 182 TEE_Result crypto_acipher_alloc_ecc_keypair(struct ecc_keypair *s, 183 size_t key_size_bits); 184 void crypto_acipher_free_ecc_public_key(struct ecc_public_key *s); 185 186 /* 187 * Key generation functions 188 */ 189 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key, size_t key_size); 190 TEE_Result crypto_acipher_gen_dsa_key(struct dsa_keypair *key, size_t key_size); 191 TEE_Result crypto_acipher_gen_dh_key(struct dh_keypair *key, struct bignum *q, 192 size_t xbits); 193 TEE_Result crypto_acipher_gen_ecc_key(struct ecc_keypair *key); 194 195 TEE_Result crypto_acipher_dh_shared_secret(struct dh_keypair *private_key, 196 struct bignum *public_key, 197 struct bignum *secret); 198 199 TEE_Result crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key, 200 const uint8_t *src, size_t src_len, 201 uint8_t *dst, size_t *dst_len); 202 TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, 203 const uint8_t *src, size_t src_len, 204 uint8_t *dst, size_t *dst_len); 205 TEE_Result crypto_acipher_rsaes_decrypt(uint32_t algo, struct rsa_keypair *key, 206 const uint8_t *label, size_t label_len, 207 const uint8_t *src, size_t src_len, 208 uint8_t *dst, size_t *dst_len); 209 TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo, 210 struct rsa_public_key *key, 211 const uint8_t *label, size_t label_len, 212 const uint8_t *src, size_t src_len, 213 uint8_t *dst, size_t *dst_len); 214 /* RSA SSA sign/verify: if salt_len == -1, use default value */ 215 TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, 216 int salt_len, const uint8_t *msg, 217 size_t msg_len, uint8_t *sig, 218 size_t *sig_len); 219 TEE_Result crypto_acipher_rsassa_verify(uint32_t algo, 220 struct rsa_public_key *key, 221 int salt_len, const uint8_t *msg, 222 size_t msg_len, const uint8_t *sig, 223 size_t sig_len); 224 TEE_Result crypto_acipher_dsa_sign(uint32_t algo, struct dsa_keypair *key, 225 const uint8_t *msg, size_t msg_len, 226 uint8_t *sig, size_t *sig_len); 227 TEE_Result crypto_acipher_dsa_verify(uint32_t algo, struct dsa_public_key *key, 228 const uint8_t *msg, size_t msg_len, 229 const uint8_t *sig, size_t sig_len); 230 TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key, 231 const uint8_t *msg, size_t msg_len, 232 uint8_t *sig, size_t *sig_len); 233 TEE_Result crypto_acipher_ecc_verify(uint32_t algo, struct ecc_public_key *key, 234 const uint8_t *msg, size_t msg_len, 235 const uint8_t *sig, size_t sig_len); 236 TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key, 237 struct ecc_public_key *public_key, 238 void *secret, 239 unsigned long *secret_len); 240 241 /* 242 * Verifies a SHA-256 hash, doesn't require crypto_init() to be called in 243 * advance and has as few dependencies as possible. 244 * 245 * This function is primarily used by pager and early initialization code 246 * where the complete crypto library isn't available. 247 */ 248 TEE_Result hash_sha256_check(const uint8_t *hash, const uint8_t *data, 249 size_t data_size); 250 251 /* Add entropy to PRNG entropy pool. */ 252 TEE_Result crypto_rng_add_entropy(const uint8_t *inbuf, size_t len); 253 254 /* To read random data from PRNG implementation. */ 255 TEE_Result crypto_rng_read(void *buf, size_t blen); 256 257 TEE_Result rng_generate(void *buffer, size_t len); 258 259 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len, 260 void *enc_key, unsigned int *rounds); 261 void crypto_aes_enc_block(const void *enc_key, unsigned int rounds, 262 const void *src, void *dst); 263 264 #endif /* __CRYPTO_CRYPTO_H */ 265