1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2019, Linaro Limited 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 7 #ifndef __CRYPTO_CRYPTO_IMPL_H 8 #define __CRYPTO_CRYPTO_IMPL_H 9 10 #include <crypto/crypto.h> 11 #include <tee_api_types.h> 12 13 /* 14 * The crypto context used by the crypto_hash_*() functions is defined by 15 * struct crypto_hash_ctx. 16 */ 17 struct crypto_hash_ctx { 18 const struct crypto_hash_ops *ops; 19 }; 20 21 struct crypto_hash_ops { 22 TEE_Result (*init)(struct crypto_hash_ctx *ctx); 23 TEE_Result (*update)(struct crypto_hash_ctx *ctx, const uint8_t *data, 24 size_t len); 25 TEE_Result (*final)(struct crypto_hash_ctx *ctx, uint8_t *digest, 26 size_t len); 27 void (*free_ctx)(struct crypto_hash_ctx *ctx); 28 void (*copy_state)(struct crypto_hash_ctx *dst_ctx, 29 struct crypto_hash_ctx *src_ctx); 30 }; 31 32 #define CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(name, type) \ 33 static inline TEE_Result \ 34 crypto_##name##_alloc_ctx(struct crypto_##type##_ctx **ctx __unused) \ 35 { return TEE_ERROR_NOT_IMPLEMENTED; } 36 37 #if defined(CFG_CRYPTO_MD5) 38 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx); 39 #else 40 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(md5, hash) 41 #endif 42 43 #if defined(CFG_CRYPTO_SHA1) 44 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx); 45 #else 46 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha1, hash) 47 #endif 48 49 #if defined(CFG_CRYPTO_SHA224) 50 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx); 51 #else 52 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha224, hash) 53 #endif 54 55 #if defined(CFG_CRYPTO_SHA256) 56 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx); 57 #else 58 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha256, hash) 59 #endif 60 61 #if defined(CFG_CRYPTO_SHA384) 62 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx); 63 #else 64 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha384, hash) 65 #endif 66 67 #if defined(CFG_CRYPTO_SHA512) 68 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx); 69 #else 70 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha512, hash) 71 #endif 72 73 #if defined(CFG_CRYPTO_SM3) 74 TEE_Result crypto_sm3_alloc_ctx(struct crypto_hash_ctx **ctx); 75 #else 76 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm3, hash) 77 #endif 78 79 /* 80 * The crypto context used by the crypto_mac_*() functions is defined by 81 * struct crypto_mac_ctx. 82 */ 83 struct crypto_mac_ctx { 84 const struct crypto_mac_ops *ops; 85 }; 86 87 struct crypto_mac_ops { 88 TEE_Result (*init)(struct crypto_mac_ctx *ctx, const uint8_t *key, 89 size_t len); 90 TEE_Result (*update)(struct crypto_mac_ctx *ctx, const uint8_t *data, 91 size_t len); 92 TEE_Result (*final)(struct crypto_mac_ctx *ctx, uint8_t *digest, 93 size_t len); 94 void (*free_ctx)(struct crypto_mac_ctx *ctx); 95 void (*copy_state)(struct crypto_mac_ctx *dst_ctx, 96 struct crypto_mac_ctx *src_ctx); 97 }; 98 99 #if defined(CFG_CRYPTO_HMAC) 100 TEE_Result crypto_hmac_md5_alloc_ctx(struct crypto_mac_ctx **ctx); 101 TEE_Result crypto_hmac_sha1_alloc_ctx(struct crypto_mac_ctx **ctx); 102 TEE_Result crypto_hmac_sha224_alloc_ctx(struct crypto_mac_ctx **ctx); 103 TEE_Result crypto_hmac_sha256_alloc_ctx(struct crypto_mac_ctx **ctx); 104 TEE_Result crypto_hmac_sha384_alloc_ctx(struct crypto_mac_ctx **ctx); 105 TEE_Result crypto_hmac_sha512_alloc_ctx(struct crypto_mac_ctx **ctx); 106 #else 107 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_md5, mac) 108 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha1, mac) 109 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha224, mac) 110 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha256, mac) 111 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha384, mac) 112 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha512, mac) 113 #endif 114 115 #if defined(CFG_CRYPTO_SM3) && defined(CFG_CRYPTO_HMAC) 116 TEE_Result crypto_hmac_sm3_alloc_ctx(struct crypto_mac_ctx **ctx); 117 #else 118 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sm3, mac) 119 #endif 120 121 #if defined(CFG_CRYPTO_CBC_MAC) 122 TEE_Result crypto_aes_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 123 TEE_Result crypto_aes_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 124 TEE_Result crypto_des_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 125 TEE_Result crypto_des_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 126 TEE_Result crypto_des3_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 127 TEE_Result crypto_des3_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 128 #else 129 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_nopad, mac) 130 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_pkcs5, mac) 131 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_nopad, mac) 132 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_pkcs5, mac) 133 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_nopad, mac) 134 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_pkcs5, mac) 135 #endif 136 137 #if defined(CFG_CRYPTO_CMAC) 138 TEE_Result crypto_aes_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 139 TEE_Result crypto_des3_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 140 #else 141 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cmac, mac) 142 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cmac, mac) 143 #endif 144 145 /* 146 * The crypto context used by the crypto_cipher_*() functions is defined by 147 * struct crypto_cipher_ctx. 148 */ 149 struct crypto_cipher_ctx { 150 const struct crypto_cipher_ops *ops; 151 }; 152 153 struct crypto_cipher_ops { 154 TEE_Result (*init)(struct crypto_cipher_ctx *ctx, 155 TEE_OperationMode mode, 156 const uint8_t *key1, size_t key1_len, 157 const uint8_t *key2, size_t key2_len, 158 const uint8_t *iv, size_t iv_len); 159 TEE_Result (*update)(struct crypto_cipher_ctx *ctx, bool last_block, 160 const uint8_t *data, size_t len, uint8_t *dst); 161 void (*final)(struct crypto_cipher_ctx *ctx); 162 163 void (*free_ctx)(struct crypto_cipher_ctx *ctx); 164 void (*copy_state)(struct crypto_cipher_ctx *dst_ctx, 165 struct crypto_cipher_ctx *src_ctx); 166 }; 167 168 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_ECB) 169 TEE_Result crypto_aes_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 170 #else 171 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ecb, cipher) 172 #endif 173 174 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CBC) 175 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 176 #else 177 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc, cipher) 178 #endif 179 180 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTR) 181 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 182 #else 183 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ctr, cipher) 184 #endif 185 186 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTS) 187 TEE_Result crypto_aes_cts_alloc_ctx(struct crypto_cipher_ctx **ctx); 188 #else 189 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cts, cipher) 190 #endif 191 192 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_XTS) 193 TEE_Result crypto_aes_xts_alloc_ctx(struct crypto_cipher_ctx **ctx); 194 #else 195 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_xts, cipher) 196 #endif 197 198 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_ECB) 199 TEE_Result crypto_des_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 200 TEE_Result crypto_des3_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 201 #else 202 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_ecb, cipher) 203 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_ecb, cipher) 204 #endif 205 206 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_CBC) 207 TEE_Result crypto_des_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 208 TEE_Result crypto_des3_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 209 #else 210 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc, cipher) 211 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc, cipher) 212 #endif 213 214 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_ECB) 215 TEE_Result crypto_sm4_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 216 #else 217 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ecb, cipher) 218 #endif 219 220 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CBC) 221 TEE_Result crypto_sm4_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 222 #else 223 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_cbc, cipher) 224 #endif 225 226 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CTR) 227 TEE_Result crypto_sm4_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 228 #else 229 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ctr, cipher) 230 #endif 231 232 /* 233 * The crypto context used by the crypto_authen_*() functions below is 234 * defined by struct crypto_authenc_ctx. 235 */ 236 struct crypto_authenc_ctx { 237 const struct crypto_authenc_ops *ops; 238 }; 239 240 struct crypto_authenc_ops { 241 TEE_Result (*init)(struct crypto_authenc_ctx *ctx, 242 TEE_OperationMode mode, 243 const uint8_t *key, size_t key_len, 244 const uint8_t *nonce, size_t nonce_len, 245 size_t tag_len, size_t aad_len, 246 size_t payload_len); 247 TEE_Result (*update_aad)(struct crypto_authenc_ctx *ctx, 248 const uint8_t *data, size_t len); 249 TEE_Result (*update_payload)(struct crypto_authenc_ctx *ctx, 250 TEE_OperationMode mode, 251 const uint8_t *src_data, size_t len, 252 uint8_t *dst_data); 253 TEE_Result (*enc_final)(struct crypto_authenc_ctx *ctx, 254 const uint8_t *src_data, size_t len, 255 uint8_t *dst_data, uint8_t *dst_tag, 256 size_t *dst_tag_len); 257 TEE_Result (*dec_final)(struct crypto_authenc_ctx *ctx, 258 const uint8_t *src_data, size_t len, 259 uint8_t *dst_data, const uint8_t *tag, 260 size_t tag_len); 261 void (*final)(struct crypto_authenc_ctx *ctx); 262 void (*free_ctx)(struct crypto_authenc_ctx *ctx); 263 void (*copy_state)(struct crypto_authenc_ctx *dst_ctx, 264 struct crypto_authenc_ctx *src_ctx); 265 }; 266 267 TEE_Result crypto_aes_ccm_alloc_ctx(struct crypto_authenc_ctx **ctx); 268 TEE_Result crypto_aes_gcm_alloc_ctx(struct crypto_authenc_ctx **ctx); 269 270 #ifdef CFG_CRYPTO_DRV_HASH 271 TEE_Result drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx, uint32_t algo); 272 #else 273 static inline TEE_Result 274 drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx __unused, 275 uint32_t algo __unused) 276 { 277 return TEE_ERROR_NOT_IMPLEMENTED; 278 } 279 #endif /* CFG_CRYPTO_DRV_HASH */ 280 281 #ifdef CFG_CRYPTO_DRV_CIPHER 282 TEE_Result drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx, 283 uint32_t algo); 284 #else 285 static inline TEE_Result 286 drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx __unused, 287 uint32_t algo __unused) 288 { 289 return TEE_ERROR_NOT_IMPLEMENTED; 290 } 291 #endif /* CFG_CRYPTO_DRV_CIPHER */ 292 293 #ifdef CFG_CRYPTO_DRV_MAC 294 /* Cryptographic MAC driver context allocation */ 295 TEE_Result drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx, uint32_t algo); 296 #else 297 static inline TEE_Result 298 drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx __unused, 299 uint32_t algo __unused) 300 { 301 return TEE_ERROR_NOT_IMPLEMENTED; 302 } 303 #endif /* CFG_CRYPTO_DRV_MAC */ 304 305 #ifdef CFG_CRYPTO_DRV_AUTHENC 306 /* Cryptographic Authenticated Encryption driver context allocation */ 307 TEE_Result drvcrypt_authenc_alloc_ctx(struct crypto_authenc_ctx **ctx, 308 uint32_t algo); 309 #else 310 static inline TEE_Result 311 drvcrypt_authenc_alloc_ctx(struct crypto_authenc_ctx **ctx __unused, 312 uint32_t algo __unused) 313 { 314 return TEE_ERROR_NOT_IMPLEMENTED; 315 } 316 #endif /* CFG_CRYPTO_DRV_AUTHENC */ 317 /* 318 * The ECC public key operations used by the crypto_acipher_ecc_*() and 319 * crypto_acipher_free_ecc_*() functions. 320 * Reference set in ecc_public_key when key allocated. 321 * 322 * @free is mandatory 323 * @verify is optional 324 * @encrypt is optional 325 */ 326 struct crypto_ecc_public_ops { 327 void (*free)(struct ecc_public_key *key); 328 TEE_Result (*verify)(uint32_t algo, struct ecc_public_key *key, 329 const uint8_t *msg, size_t msg_len, 330 const uint8_t *sig, size_t sig_len); 331 TEE_Result (*encrypt)(struct ecc_public_key *key, const uint8_t *src, 332 size_t src_len, uint8_t *dst, size_t *dst_len); 333 }; 334 335 /* 336 * The ECC keypair operations used by the crypto_acipher_ecc_*() and 337 * crypto_acipher_gen_ecc_*() functions. 338 * Reference set in ecc_keypair when key allocated. 339 * 340 * @generate is mandatory 341 * @sign is optional 342 * @shared_secret is optional 343 * @decrypt is optional 344 */ 345 struct crypto_ecc_keypair_ops { 346 TEE_Result (*generate)(struct ecc_keypair *key, size_t key_size_bits); 347 TEE_Result (*sign)(uint32_t algo, struct ecc_keypair *key, 348 const uint8_t *msg, size_t msg_len, uint8_t *sig, 349 size_t *sig_len); 350 TEE_Result (*shared_secret)(struct ecc_keypair *private_key, 351 struct ecc_public_key *public_key, 352 void *secret, unsigned long *secret_len); 353 TEE_Result (*decrypt)(struct ecc_keypair *key, const uint8_t *src, 354 size_t src_len, uint8_t *dst, size_t *dst_len); 355 }; 356 357 #ifdef CFG_CRYPTO_ECC 358 const struct crypto_ecc_keypair_ops * 359 crypto_asym_get_ecc_keypair_ops(uint32_t key_type); 360 361 const struct crypto_ecc_public_ops * 362 crypto_asym_get_ecc_public_ops(uint32_t key_type); 363 364 TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key, 365 uint32_t key_type, 366 size_t key_size_bits); 367 TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key, 368 uint32_t key_type, 369 size_t key_size_bits); 370 #else 371 static inline TEE_Result 372 crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 373 uint32_t key_type __unused, 374 size_t key_size_bits __unused) 375 { 376 return TEE_ERROR_NOT_IMPLEMENTED; 377 } 378 379 static inline const struct crypto_ecc_keypair_ops * 380 crypto_asym_get_keypair_ops(uint32_t key_type __unused) 381 { 382 return NULL; 383 } 384 385 static inline const struct crypto_ecc_public_ops * 386 crypto_asym_get_ecc_public_ops(uint32_t key_type __unused) 387 { 388 return NULL; 389 } 390 391 static inline TEE_Result 392 crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 393 uint32_t key_type __unused, 394 size_t key_size_bits __unused) 395 { 396 return TEE_ERROR_NOT_IMPLEMENTED; 397 } 398 #endif /* CFG_CRYPTO_ECC */ 399 400 #ifdef CFG_CRYPTO_DRV_ECC 401 TEE_Result drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key, 402 uint32_t key_type, 403 size_t key_size_bits); 404 TEE_Result drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key, 405 uint32_t key_type, 406 size_t key_size_bits); 407 #else 408 static inline TEE_Result 409 drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 410 uint32_t key_type __unused, 411 size_t key_size_bits __unused) 412 { 413 return TEE_ERROR_NOT_IMPLEMENTED; 414 } 415 416 static inline TEE_Result 417 drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 418 uint32_t key_type __unused, 419 size_t key_size_bits __unused) 420 { 421 return TEE_ERROR_NOT_IMPLEMENTED; 422 } 423 #endif /* CFG_CRYPTO_DRV_ECC */ 424 425 TEE_Result sw_crypto_acipher_alloc_rsa_keypair(struct rsa_keypair *s, 426 size_t key_size_bits); 427 428 TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s, 429 size_t key_size_bits); 430 431 void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s); 432 433 void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s); 434 435 TEE_Result sw_crypto_acipher_gen_rsa_key(struct rsa_keypair *key, 436 size_t key_size); 437 438 TEE_Result sw_crypto_acipher_rsanopad_decrypt(struct rsa_keypair *key, 439 const uint8_t *src, 440 size_t src_len, uint8_t *dst, 441 size_t *dst_len); 442 TEE_Result sw_crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, 443 const uint8_t *src, 444 size_t src_len, uint8_t *dst, 445 size_t *dst_len); 446 TEE_Result sw_crypto_acipher_rsaes_decrypt(uint32_t algo, 447 struct rsa_keypair *key, 448 const uint8_t *label, 449 size_t label_len, const uint8_t *src, 450 size_t src_len, uint8_t *dst, 451 size_t *dst_len); 452 453 TEE_Result sw_crypto_acipher_rsaes_encrypt(uint32_t algo, 454 struct rsa_public_key *key, 455 const uint8_t *label, 456 size_t label_len, const uint8_t *src, 457 size_t src_len, uint8_t *dst, 458 size_t *dst_len); 459 460 TEE_Result sw_crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, 461 int salt_len, const uint8_t *msg, 462 size_t msg_len, uint8_t *sig, 463 size_t *sig_len); 464 465 TEE_Result sw_crypto_acipher_rsassa_verify(uint32_t algo, 466 struct rsa_public_key *key, 467 int salt_len, const uint8_t *msg, 468 size_t msg_len, const uint8_t *sig, 469 size_t sig_len); 470 #endif /*__CRYPTO_CRYPTO_IMPL_H*/ 471