1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2019, Linaro Limited 4 * Copyright (c) 2021, SumUp Services GmbH 5 */ 6 7 #ifndef __CRYPTO_CRYPTO_IMPL_H 8 #define __CRYPTO_CRYPTO_IMPL_H 9 10 #include <crypto/crypto.h> 11 #include <tee_api_types.h> 12 13 /* 14 * The crypto context used by the crypto_hash_*() functions is defined by 15 * struct crypto_hash_ctx. 16 */ 17 struct crypto_hash_ctx { 18 const struct crypto_hash_ops *ops; 19 }; 20 21 struct crypto_hash_ops { 22 TEE_Result (*init)(struct crypto_hash_ctx *ctx); 23 TEE_Result (*update)(struct crypto_hash_ctx *ctx, const uint8_t *data, 24 size_t len); 25 TEE_Result (*final)(struct crypto_hash_ctx *ctx, uint8_t *digest, 26 size_t len); 27 void (*free_ctx)(struct crypto_hash_ctx *ctx); 28 void (*copy_state)(struct crypto_hash_ctx *dst_ctx, 29 struct crypto_hash_ctx *src_ctx); 30 }; 31 32 #define CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(name, type) \ 33 static inline TEE_Result \ 34 crypto_##name##_alloc_ctx(struct crypto_##type##_ctx **ctx __unused) \ 35 { return TEE_ERROR_NOT_IMPLEMENTED; } 36 37 #if defined(CFG_CRYPTO_MD5) 38 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx); 39 #else 40 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(md5, hash) 41 #endif 42 43 #if defined(CFG_CRYPTO_SHA1) 44 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx); 45 #else 46 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha1, hash) 47 #endif 48 49 #if defined(CFG_CRYPTO_SHA224) 50 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx); 51 #else 52 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha224, hash) 53 #endif 54 55 #if defined(CFG_CRYPTO_SHA256) 56 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx); 57 #else 58 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha256, hash) 59 #endif 60 61 #if defined(CFG_CRYPTO_SHA384) 62 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx); 63 #else 64 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha384, hash) 65 #endif 66 67 #if defined(CFG_CRYPTO_SHA512) 68 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx); 69 #else 70 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha512, hash) 71 #endif 72 73 #if defined(CFG_CRYPTO_SM3) 74 TEE_Result crypto_sm3_alloc_ctx(struct crypto_hash_ctx **ctx); 75 #else 76 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm3, hash) 77 #endif 78 79 /* 80 * The crypto context used by the crypto_mac_*() functions is defined by 81 * struct crypto_mac_ctx. 82 */ 83 struct crypto_mac_ctx { 84 const struct crypto_mac_ops *ops; 85 }; 86 87 struct crypto_mac_ops { 88 TEE_Result (*init)(struct crypto_mac_ctx *ctx, const uint8_t *key, 89 size_t len); 90 TEE_Result (*update)(struct crypto_mac_ctx *ctx, const uint8_t *data, 91 size_t len); 92 TEE_Result (*final)(struct crypto_mac_ctx *ctx, uint8_t *digest, 93 size_t len); 94 void (*free_ctx)(struct crypto_mac_ctx *ctx); 95 void (*copy_state)(struct crypto_mac_ctx *dst_ctx, 96 struct crypto_mac_ctx *src_ctx); 97 }; 98 99 #if defined(CFG_CRYPTO_HMAC) 100 TEE_Result crypto_hmac_md5_alloc_ctx(struct crypto_mac_ctx **ctx); 101 TEE_Result crypto_hmac_sha1_alloc_ctx(struct crypto_mac_ctx **ctx); 102 TEE_Result crypto_hmac_sha224_alloc_ctx(struct crypto_mac_ctx **ctx); 103 TEE_Result crypto_hmac_sha256_alloc_ctx(struct crypto_mac_ctx **ctx); 104 TEE_Result crypto_hmac_sha384_alloc_ctx(struct crypto_mac_ctx **ctx); 105 TEE_Result crypto_hmac_sha512_alloc_ctx(struct crypto_mac_ctx **ctx); 106 #else 107 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_md5, mac) 108 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha1, mac) 109 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha224, mac) 110 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha256, mac) 111 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha384, mac) 112 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha512, mac) 113 #endif 114 115 #if defined(CFG_CRYPTO_SM3) && defined(CFG_CRYPTO_HMAC) 116 TEE_Result crypto_hmac_sm3_alloc_ctx(struct crypto_mac_ctx **ctx); 117 #else 118 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sm3, mac) 119 #endif 120 121 #if defined(CFG_CRYPTO_CBC_MAC) 122 TEE_Result crypto_aes_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 123 TEE_Result crypto_aes_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 124 TEE_Result crypto_des_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 125 TEE_Result crypto_des_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 126 TEE_Result crypto_des3_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 127 TEE_Result crypto_des3_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 128 #else 129 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_nopad, mac) 130 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_pkcs5, mac) 131 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_nopad, mac) 132 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_pkcs5, mac) 133 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_nopad, mac) 134 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_pkcs5, mac) 135 #endif 136 137 #if defined(CFG_CRYPTO_CMAC) 138 TEE_Result crypto_aes_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 139 TEE_Result crypto_des3_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 140 #else 141 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cmac, mac) 142 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cmac, mac) 143 #endif 144 145 /* 146 * The crypto context used by the crypto_cipher_*() functions is defined by 147 * struct crypto_cipher_ctx. 148 */ 149 struct crypto_cipher_ctx { 150 const struct crypto_cipher_ops *ops; 151 }; 152 153 struct crypto_cipher_ops { 154 TEE_Result (*init)(struct crypto_cipher_ctx *ctx, 155 TEE_OperationMode mode, 156 const uint8_t *key1, size_t key1_len, 157 const uint8_t *key2, size_t key2_len, 158 const uint8_t *iv, size_t iv_len); 159 TEE_Result (*update)(struct crypto_cipher_ctx *ctx, bool last_block, 160 const uint8_t *data, size_t len, uint8_t *dst); 161 void (*final)(struct crypto_cipher_ctx *ctx); 162 163 void (*free_ctx)(struct crypto_cipher_ctx *ctx); 164 void (*copy_state)(struct crypto_cipher_ctx *dst_ctx, 165 struct crypto_cipher_ctx *src_ctx); 166 }; 167 168 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_ECB) 169 TEE_Result crypto_aes_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 170 #else 171 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ecb, cipher) 172 #endif 173 174 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CBC) 175 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 176 #else 177 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc, cipher) 178 #endif 179 180 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTR) 181 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 182 #else 183 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ctr, cipher) 184 #endif 185 186 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTS) 187 TEE_Result crypto_aes_cts_alloc_ctx(struct crypto_cipher_ctx **ctx); 188 #else 189 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cts, cipher) 190 #endif 191 192 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_XTS) 193 TEE_Result crypto_aes_xts_alloc_ctx(struct crypto_cipher_ctx **ctx); 194 #else 195 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_xts, cipher) 196 #endif 197 198 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_ECB) 199 TEE_Result crypto_des_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 200 TEE_Result crypto_des3_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 201 #else 202 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_ecb, cipher) 203 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_ecb, cipher) 204 #endif 205 206 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_CBC) 207 TEE_Result crypto_des_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 208 TEE_Result crypto_des3_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 209 #else 210 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc, cipher) 211 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc, cipher) 212 #endif 213 214 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_ECB) 215 TEE_Result crypto_sm4_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 216 #else 217 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ecb, cipher) 218 #endif 219 220 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CBC) 221 TEE_Result crypto_sm4_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 222 #else 223 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_cbc, cipher) 224 #endif 225 226 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CTR) 227 TEE_Result crypto_sm4_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 228 #else 229 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ctr, cipher) 230 #endif 231 232 /* 233 * The crypto context used by the crypto_authen_*() functions below is 234 * defined by struct crypto_authenc_ctx. 235 */ 236 struct crypto_authenc_ctx { 237 const struct crypto_authenc_ops *ops; 238 }; 239 240 struct crypto_authenc_ops { 241 TEE_Result (*init)(struct crypto_authenc_ctx *ctx, 242 TEE_OperationMode mode, 243 const uint8_t *key, size_t key_len, 244 const uint8_t *nonce, size_t nonce_len, 245 size_t tag_len, size_t aad_len, 246 size_t payload_len); 247 TEE_Result (*update_aad)(struct crypto_authenc_ctx *ctx, 248 const uint8_t *data, size_t len); 249 TEE_Result (*update_payload)(struct crypto_authenc_ctx *ctx, 250 TEE_OperationMode mode, 251 const uint8_t *src_data, size_t len, 252 uint8_t *dst_data); 253 TEE_Result (*enc_final)(struct crypto_authenc_ctx *ctx, 254 const uint8_t *src_data, size_t len, 255 uint8_t *dst_data, uint8_t *dst_tag, 256 size_t *dst_tag_len); 257 TEE_Result (*dec_final)(struct crypto_authenc_ctx *ctx, 258 const uint8_t *src_data, size_t len, 259 uint8_t *dst_data, const uint8_t *tag, 260 size_t tag_len); 261 void (*final)(struct crypto_authenc_ctx *ctx); 262 void (*free_ctx)(struct crypto_authenc_ctx *ctx); 263 void (*copy_state)(struct crypto_authenc_ctx *dst_ctx, 264 struct crypto_authenc_ctx *src_ctx); 265 }; 266 267 TEE_Result crypto_aes_ccm_alloc_ctx(struct crypto_authenc_ctx **ctx); 268 TEE_Result crypto_aes_gcm_alloc_ctx(struct crypto_authenc_ctx **ctx); 269 270 #ifdef CFG_CRYPTO_DRV_HASH 271 TEE_Result drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx, uint32_t algo); 272 #else 273 static inline TEE_Result 274 drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx __unused, 275 uint32_t algo __unused) 276 { 277 return TEE_ERROR_NOT_IMPLEMENTED; 278 } 279 #endif /* CFG_CRYPTO_DRV_HASH */ 280 281 #ifdef CFG_CRYPTO_DRV_CIPHER 282 TEE_Result drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx, 283 uint32_t algo); 284 #else 285 static inline TEE_Result 286 drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx __unused, 287 uint32_t algo __unused) 288 { 289 return TEE_ERROR_NOT_IMPLEMENTED; 290 } 291 #endif /* CFG_CRYPTO_DRV_CIPHER */ 292 293 #ifdef CFG_CRYPTO_DRV_MAC 294 /* Cryptographic MAC driver context allocation */ 295 TEE_Result drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx, uint32_t algo); 296 #else 297 static inline TEE_Result 298 drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx __unused, 299 uint32_t algo __unused) 300 { 301 return TEE_ERROR_NOT_IMPLEMENTED; 302 } 303 #endif /* CFG_CRYPTO_DRV_MAC */ 304 305 /* 306 * The ECC public key operations used by the crypto_acipher_ecc_*() and 307 * crypto_acipher_free_ecc_*() functions. 308 * Reference set in ecc_public_key when key allocated. 309 * 310 * @free is mandatory 311 * @verify is optional 312 * @encrypt is optional 313 */ 314 struct crypto_ecc_public_ops { 315 void (*free)(struct ecc_public_key *key); 316 TEE_Result (*verify)(uint32_t algo, struct ecc_public_key *key, 317 const uint8_t *msg, size_t msg_len, 318 const uint8_t *sig, size_t sig_len); 319 TEE_Result (*encrypt)(struct ecc_public_key *key, const uint8_t *src, 320 size_t src_len, uint8_t *dst, size_t *dst_len); 321 }; 322 323 /* 324 * The ECC keypair operations used by the crypto_acipher_ecc_*() and 325 * crypto_acipher_gen_ecc_*() functions. 326 * Reference set in ecc_keypair when key allocated. 327 * 328 * @generate is mandatory 329 * @sign is optional 330 * @shared_secret is optional 331 * @decrypt is optional 332 */ 333 struct crypto_ecc_keypair_ops { 334 TEE_Result (*generate)(struct ecc_keypair *key, size_t key_size_bits); 335 TEE_Result (*sign)(uint32_t algo, struct ecc_keypair *key, 336 const uint8_t *msg, size_t msg_len, uint8_t *sig, 337 size_t *sig_len); 338 TEE_Result (*shared_secret)(struct ecc_keypair *private_key, 339 struct ecc_public_key *public_key, 340 void *secret, unsigned long *secret_len); 341 TEE_Result (*decrypt)(struct ecc_keypair *key, const uint8_t *src, 342 size_t src_len, uint8_t *dst, size_t *dst_len); 343 }; 344 345 #ifdef CFG_CRYPTO_ECC 346 TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key, 347 uint32_t key_type, 348 size_t key_size_bits); 349 TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key, 350 uint32_t key_type, 351 size_t key_size_bits); 352 #else 353 static inline TEE_Result 354 crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 355 uint32_t key_type __unused, 356 size_t key_size_bits __unused) 357 { 358 return TEE_ERROR_NOT_IMPLEMENTED; 359 } 360 361 static inline TEE_Result 362 crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 363 uint32_t key_type __unused, 364 size_t key_size_bits __unused) 365 { 366 return TEE_ERROR_NOT_IMPLEMENTED; 367 } 368 #endif /* CFG_CRYPTO_ECC */ 369 370 #ifdef CFG_CRYPTO_DRV_ECC 371 TEE_Result drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key, 372 uint32_t key_type, 373 size_t key_size_bits); 374 TEE_Result drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key, 375 uint32_t key_type, 376 size_t key_size_bits); 377 #else 378 static inline TEE_Result 379 drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 380 uint32_t key_type __unused, 381 size_t key_size_bits __unused) 382 { 383 return TEE_ERROR_NOT_IMPLEMENTED; 384 } 385 386 static inline TEE_Result 387 drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 388 uint32_t key_type __unused, 389 size_t key_size_bits __unused) 390 { 391 return TEE_ERROR_NOT_IMPLEMENTED; 392 } 393 #endif /* CFG_CRYPTO_DRV_ECC */ 394 #endif /*__CRYPTO_CRYPTO_IMPL_H*/ 395