1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2019, Linaro Limited 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 7 #ifndef __CRYPTO_CRYPTO_IMPL_H 8 #define __CRYPTO_CRYPTO_IMPL_H 9 10 #include <crypto/crypto.h> 11 #include <tee_api_types.h> 12 13 /* 14 * The crypto context used by the crypto_hash_*() functions is defined by 15 * struct crypto_hash_ctx. 16 */ 17 struct crypto_hash_ctx { 18 const struct crypto_hash_ops *ops; 19 }; 20 21 struct crypto_hash_ops { 22 TEE_Result (*init)(struct crypto_hash_ctx *ctx); 23 TEE_Result (*update)(struct crypto_hash_ctx *ctx, const uint8_t *data, 24 size_t len); 25 TEE_Result (*final)(struct crypto_hash_ctx *ctx, uint8_t *digest, 26 size_t len); 27 void (*free_ctx)(struct crypto_hash_ctx *ctx); 28 void (*copy_state)(struct crypto_hash_ctx *dst_ctx, 29 struct crypto_hash_ctx *src_ctx); 30 }; 31 32 #define CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(name, type) \ 33 static inline TEE_Result \ 34 crypto_##name##_alloc_ctx(struct crypto_##type##_ctx **ctx __unused) \ 35 { return TEE_ERROR_NOT_IMPLEMENTED; } 36 37 #if defined(CFG_CRYPTO_MD5) 38 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx); 39 #else 40 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(md5, hash) 41 #endif 42 43 #if defined(CFG_CRYPTO_SHA1) 44 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx); 45 #else 46 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha1, hash) 47 #endif 48 49 #if defined(CFG_CRYPTO_SHA224) 50 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx); 51 #else 52 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha224, hash) 53 #endif 54 55 #if defined(CFG_CRYPTO_SHA256) 56 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx); 57 #else 58 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha256, hash) 59 #endif 60 61 #if defined(CFG_CRYPTO_SHA384) 62 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx); 63 #else 64 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha384, hash) 65 #endif 66 67 #if defined(CFG_CRYPTO_SHA512) 68 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx); 69 #else 70 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha512, hash) 71 #endif 72 73 #if defined(CFG_CRYPTO_SM3) 74 TEE_Result crypto_sm3_alloc_ctx(struct crypto_hash_ctx **ctx); 75 #else 76 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm3, hash) 77 #endif 78 79 /* 80 * The crypto context used by the crypto_mac_*() functions is defined by 81 * struct crypto_mac_ctx. 82 */ 83 struct crypto_mac_ctx { 84 const struct crypto_mac_ops *ops; 85 }; 86 87 struct crypto_mac_ops { 88 TEE_Result (*init)(struct crypto_mac_ctx *ctx, const uint8_t *key, 89 size_t len); 90 TEE_Result (*update)(struct crypto_mac_ctx *ctx, const uint8_t *data, 91 size_t len); 92 TEE_Result (*final)(struct crypto_mac_ctx *ctx, uint8_t *digest, 93 size_t len); 94 void (*free_ctx)(struct crypto_mac_ctx *ctx); 95 void (*copy_state)(struct crypto_mac_ctx *dst_ctx, 96 struct crypto_mac_ctx *src_ctx); 97 }; 98 99 #if defined(CFG_CRYPTO_HMAC) 100 TEE_Result crypto_hmac_md5_alloc_ctx(struct crypto_mac_ctx **ctx); 101 TEE_Result crypto_hmac_sha1_alloc_ctx(struct crypto_mac_ctx **ctx); 102 TEE_Result crypto_hmac_sha224_alloc_ctx(struct crypto_mac_ctx **ctx); 103 TEE_Result crypto_hmac_sha256_alloc_ctx(struct crypto_mac_ctx **ctx); 104 TEE_Result crypto_hmac_sha384_alloc_ctx(struct crypto_mac_ctx **ctx); 105 TEE_Result crypto_hmac_sha512_alloc_ctx(struct crypto_mac_ctx **ctx); 106 #else 107 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_md5, mac) 108 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha1, mac) 109 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha224, mac) 110 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha256, mac) 111 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha384, mac) 112 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha512, mac) 113 #endif 114 115 #if defined(CFG_CRYPTO_SM3) && defined(CFG_CRYPTO_HMAC) 116 TEE_Result crypto_hmac_sm3_alloc_ctx(struct crypto_mac_ctx **ctx); 117 #else 118 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sm3, mac) 119 #endif 120 121 #if defined(CFG_CRYPTO_CBC_MAC) 122 TEE_Result crypto_aes_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 123 TEE_Result crypto_aes_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 124 TEE_Result crypto_des_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 125 TEE_Result crypto_des_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 126 TEE_Result crypto_des3_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 127 TEE_Result crypto_des3_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 128 #else 129 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_nopad, mac) 130 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_pkcs5, mac) 131 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_nopad, mac) 132 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_pkcs5, mac) 133 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_nopad, mac) 134 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_pkcs5, mac) 135 #endif 136 137 #if defined(CFG_CRYPTO_CMAC) 138 TEE_Result crypto_aes_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 139 TEE_Result crypto_des3_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 140 #else 141 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cmac, mac) 142 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cmac, mac) 143 #endif 144 145 /* 146 * The crypto context used by the crypto_cipher_*() functions is defined by 147 * struct crypto_cipher_ctx. 148 */ 149 struct crypto_cipher_ctx { 150 const struct crypto_cipher_ops *ops; 151 }; 152 153 struct crypto_cipher_ops { 154 TEE_Result (*init)(struct crypto_cipher_ctx *ctx, 155 TEE_OperationMode mode, 156 const uint8_t *key1, size_t key1_len, 157 const uint8_t *key2, size_t key2_len, 158 const uint8_t *iv, size_t iv_len); 159 TEE_Result (*update)(struct crypto_cipher_ctx *ctx, bool last_block, 160 const uint8_t *data, size_t len, uint8_t *dst); 161 void (*final)(struct crypto_cipher_ctx *ctx); 162 163 void (*free_ctx)(struct crypto_cipher_ctx *ctx); 164 void (*copy_state)(struct crypto_cipher_ctx *dst_ctx, 165 struct crypto_cipher_ctx *src_ctx); 166 }; 167 168 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_ECB) 169 TEE_Result crypto_aes_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 170 #else 171 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ecb, cipher) 172 #endif 173 174 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CBC) 175 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 176 #else 177 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc, cipher) 178 #endif 179 180 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTR) 181 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 182 #else 183 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ctr, cipher) 184 #endif 185 186 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTS) 187 TEE_Result crypto_aes_cts_alloc_ctx(struct crypto_cipher_ctx **ctx); 188 #else 189 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cts, cipher) 190 #endif 191 192 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_XTS) 193 TEE_Result crypto_aes_xts_alloc_ctx(struct crypto_cipher_ctx **ctx); 194 #else 195 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_xts, cipher) 196 #endif 197 198 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_ECB) 199 TEE_Result crypto_des_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 200 TEE_Result crypto_des3_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 201 #else 202 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_ecb, cipher) 203 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_ecb, cipher) 204 #endif 205 206 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_CBC) 207 TEE_Result crypto_des_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 208 TEE_Result crypto_des3_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 209 #else 210 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc, cipher) 211 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc, cipher) 212 #endif 213 214 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_ECB) 215 TEE_Result crypto_sm4_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 216 #else 217 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ecb, cipher) 218 #endif 219 220 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CBC) 221 TEE_Result crypto_sm4_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 222 #else 223 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_cbc, cipher) 224 #endif 225 226 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CTR) 227 TEE_Result crypto_sm4_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 228 #else 229 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ctr, cipher) 230 #endif 231 232 /* 233 * The crypto context used by the crypto_authen_*() functions below is 234 * defined by struct crypto_authenc_ctx. 235 */ 236 struct crypto_authenc_ctx { 237 const struct crypto_authenc_ops *ops; 238 }; 239 240 struct crypto_authenc_ops { 241 TEE_Result (*init)(struct crypto_authenc_ctx *ctx, 242 TEE_OperationMode mode, 243 const uint8_t *key, size_t key_len, 244 const uint8_t *nonce, size_t nonce_len, 245 size_t tag_len, size_t aad_len, 246 size_t payload_len); 247 TEE_Result (*update_aad)(struct crypto_authenc_ctx *ctx, 248 const uint8_t *data, size_t len); 249 TEE_Result (*update_payload)(struct crypto_authenc_ctx *ctx, 250 TEE_OperationMode mode, 251 const uint8_t *src_data, size_t len, 252 uint8_t *dst_data); 253 TEE_Result (*enc_final)(struct crypto_authenc_ctx *ctx, 254 const uint8_t *src_data, size_t len, 255 uint8_t *dst_data, uint8_t *dst_tag, 256 size_t *dst_tag_len); 257 TEE_Result (*dec_final)(struct crypto_authenc_ctx *ctx, 258 const uint8_t *src_data, size_t len, 259 uint8_t *dst_data, const uint8_t *tag, 260 size_t tag_len); 261 void (*final)(struct crypto_authenc_ctx *ctx); 262 void (*free_ctx)(struct crypto_authenc_ctx *ctx); 263 void (*copy_state)(struct crypto_authenc_ctx *dst_ctx, 264 struct crypto_authenc_ctx *src_ctx); 265 }; 266 267 TEE_Result crypto_aes_ccm_alloc_ctx(struct crypto_authenc_ctx **ctx); 268 TEE_Result crypto_aes_gcm_alloc_ctx(struct crypto_authenc_ctx **ctx); 269 270 #ifdef CFG_CRYPTO_DRV_HASH 271 TEE_Result drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx, uint32_t algo); 272 #else 273 static inline TEE_Result 274 drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx __unused, 275 uint32_t algo __unused) 276 { 277 return TEE_ERROR_NOT_IMPLEMENTED; 278 } 279 #endif /* CFG_CRYPTO_DRV_HASH */ 280 281 #ifdef CFG_CRYPTO_DRV_CIPHER 282 TEE_Result drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx, 283 uint32_t algo); 284 #else 285 static inline TEE_Result 286 drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx __unused, 287 uint32_t algo __unused) 288 { 289 return TEE_ERROR_NOT_IMPLEMENTED; 290 } 291 #endif /* CFG_CRYPTO_DRV_CIPHER */ 292 293 #ifdef CFG_CRYPTO_DRV_MAC 294 /* Cryptographic MAC driver context allocation */ 295 TEE_Result drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx, uint32_t algo); 296 #else 297 static inline TEE_Result 298 drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx __unused, 299 uint32_t algo __unused) 300 { 301 return TEE_ERROR_NOT_IMPLEMENTED; 302 } 303 #endif /* CFG_CRYPTO_DRV_MAC */ 304 305 #ifdef CFG_CRYPTO_DRV_AUTHENC 306 /* Cryptographic Authenticated Encryption driver context allocation */ 307 TEE_Result drvcrypt_authenc_alloc_ctx(struct crypto_authenc_ctx **ctx, 308 uint32_t algo); 309 #else 310 static inline TEE_Result 311 drvcrypt_authenc_alloc_ctx(struct crypto_authenc_ctx **ctx __unused, 312 uint32_t algo __unused) 313 { 314 return TEE_ERROR_NOT_IMPLEMENTED; 315 } 316 #endif /* CFG_CRYPTO_DRV_AUTHENC */ 317 /* 318 * The ECC public key operations used by the crypto_acipher_ecc_*() and 319 * crypto_acipher_free_ecc_*() functions. 320 * Reference set in ecc_public_key when key allocated. 321 * 322 * @free is mandatory 323 * @verify is optional 324 * @encrypt is optional 325 */ 326 struct crypto_ecc_public_ops { 327 void (*free)(struct ecc_public_key *key); 328 TEE_Result (*verify)(uint32_t algo, struct ecc_public_key *key, 329 const uint8_t *msg, size_t msg_len, 330 const uint8_t *sig, size_t sig_len); 331 TEE_Result (*encrypt)(struct ecc_public_key *key, const uint8_t *src, 332 size_t src_len, uint8_t *dst, size_t *dst_len); 333 }; 334 335 /* 336 * The ECC keypair operations used by the crypto_acipher_ecc_*() and 337 * crypto_acipher_gen_ecc_*() functions. 338 * Reference set in ecc_keypair when key allocated. 339 * 340 * @generate is mandatory 341 * @sign is optional 342 * @shared_secret is optional 343 * @decrypt is optional 344 */ 345 struct crypto_ecc_keypair_ops { 346 TEE_Result (*generate)(struct ecc_keypair *key, size_t key_size_bits); 347 TEE_Result (*sign)(uint32_t algo, struct ecc_keypair *key, 348 const uint8_t *msg, size_t msg_len, uint8_t *sig, 349 size_t *sig_len); 350 TEE_Result (*shared_secret)(struct ecc_keypair *private_key, 351 struct ecc_public_key *public_key, 352 void *secret, unsigned long *secret_len); 353 TEE_Result (*decrypt)(struct ecc_keypair *key, const uint8_t *src, 354 size_t src_len, uint8_t *dst, size_t *dst_len); 355 }; 356 357 #ifdef CFG_CRYPTO_ECC 358 TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key, 359 uint32_t key_type, 360 size_t key_size_bits); 361 TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key, 362 uint32_t key_type, 363 size_t key_size_bits); 364 #else 365 static inline TEE_Result 366 crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 367 uint32_t key_type __unused, 368 size_t key_size_bits __unused) 369 { 370 return TEE_ERROR_NOT_IMPLEMENTED; 371 } 372 373 static inline TEE_Result 374 crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 375 uint32_t key_type __unused, 376 size_t key_size_bits __unused) 377 { 378 return TEE_ERROR_NOT_IMPLEMENTED; 379 } 380 #endif /* CFG_CRYPTO_ECC */ 381 382 #ifdef CFG_CRYPTO_DRV_ECC 383 TEE_Result drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key, 384 uint32_t key_type, 385 size_t key_size_bits); 386 TEE_Result drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key, 387 uint32_t key_type, 388 size_t key_size_bits); 389 #else 390 static inline TEE_Result 391 drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 392 uint32_t key_type __unused, 393 size_t key_size_bits __unused) 394 { 395 return TEE_ERROR_NOT_IMPLEMENTED; 396 } 397 398 static inline TEE_Result 399 drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 400 uint32_t key_type __unused, 401 size_t key_size_bits __unused) 402 { 403 return TEE_ERROR_NOT_IMPLEMENTED; 404 } 405 #endif /* CFG_CRYPTO_DRV_ECC */ 406 #endif /*__CRYPTO_CRYPTO_IMPL_H*/ 407