1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2019, Linaro Limited 4 */ 5 6 #ifndef __CRYPTO_CRYPTO_IMPL_H 7 #define __CRYPTO_CRYPTO_IMPL_H 8 9 #include <crypto/crypto.h> 10 #include <tee_api_types.h> 11 12 /* 13 * The crypto context used by the crypto_hash_*() functions is defined by 14 * struct crypto_hash_ctx. 15 */ 16 struct crypto_hash_ctx { 17 const struct crypto_hash_ops *ops; 18 }; 19 20 struct crypto_hash_ops { 21 TEE_Result (*init)(struct crypto_hash_ctx *ctx); 22 TEE_Result (*update)(struct crypto_hash_ctx *ctx, const uint8_t *data, 23 size_t len); 24 TEE_Result (*final)(struct crypto_hash_ctx *ctx, uint8_t *digest, 25 size_t len); 26 void (*free_ctx)(struct crypto_hash_ctx *ctx); 27 void (*copy_state)(struct crypto_hash_ctx *dst_ctx, 28 struct crypto_hash_ctx *src_ctx); 29 }; 30 31 #define CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(name, type) \ 32 static inline TEE_Result \ 33 crypto_##name##_alloc_ctx(struct crypto_##type##_ctx **ctx __unused) \ 34 { return TEE_ERROR_NOT_IMPLEMENTED; } 35 36 #if defined(CFG_CRYPTO_MD5) 37 TEE_Result crypto_md5_alloc_ctx(struct crypto_hash_ctx **ctx); 38 #else 39 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(md5, hash) 40 #endif 41 42 #if defined(CFG_CRYPTO_SHA1) 43 TEE_Result crypto_sha1_alloc_ctx(struct crypto_hash_ctx **ctx); 44 #else 45 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha1, hash) 46 #endif 47 48 #if defined(CFG_CRYPTO_SHA224) 49 TEE_Result crypto_sha224_alloc_ctx(struct crypto_hash_ctx **ctx); 50 #else 51 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha224, hash) 52 #endif 53 54 #if defined(CFG_CRYPTO_SHA256) 55 TEE_Result crypto_sha256_alloc_ctx(struct crypto_hash_ctx **ctx); 56 #else 57 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha256, hash) 58 #endif 59 60 #if defined(CFG_CRYPTO_SHA384) 61 TEE_Result crypto_sha384_alloc_ctx(struct crypto_hash_ctx **ctx); 62 #else 63 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha384, hash) 64 #endif 65 66 #if defined(CFG_CRYPTO_SHA512) 67 TEE_Result crypto_sha512_alloc_ctx(struct crypto_hash_ctx **ctx); 68 #else 69 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sha512, hash) 70 #endif 71 72 #if defined(CFG_CRYPTO_SM3) 73 TEE_Result crypto_sm3_alloc_ctx(struct crypto_hash_ctx **ctx); 74 #else 75 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm3, hash) 76 #endif 77 78 /* 79 * The crypto context used by the crypto_mac_*() functions is defined by 80 * struct crypto_mac_ctx. 81 */ 82 struct crypto_mac_ctx { 83 const struct crypto_mac_ops *ops; 84 }; 85 86 struct crypto_mac_ops { 87 TEE_Result (*init)(struct crypto_mac_ctx *ctx, const uint8_t *key, 88 size_t len); 89 TEE_Result (*update)(struct crypto_mac_ctx *ctx, const uint8_t *data, 90 size_t len); 91 TEE_Result (*final)(struct crypto_mac_ctx *ctx, uint8_t *digest, 92 size_t len); 93 void (*free_ctx)(struct crypto_mac_ctx *ctx); 94 void (*copy_state)(struct crypto_mac_ctx *dst_ctx, 95 struct crypto_mac_ctx *src_ctx); 96 }; 97 98 #if defined(CFG_CRYPTO_HMAC) 99 TEE_Result crypto_hmac_md5_alloc_ctx(struct crypto_mac_ctx **ctx); 100 TEE_Result crypto_hmac_sha1_alloc_ctx(struct crypto_mac_ctx **ctx); 101 TEE_Result crypto_hmac_sha224_alloc_ctx(struct crypto_mac_ctx **ctx); 102 TEE_Result crypto_hmac_sha256_alloc_ctx(struct crypto_mac_ctx **ctx); 103 TEE_Result crypto_hmac_sha384_alloc_ctx(struct crypto_mac_ctx **ctx); 104 TEE_Result crypto_hmac_sha512_alloc_ctx(struct crypto_mac_ctx **ctx); 105 #else 106 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_md5, mac) 107 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha1, mac) 108 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha224, mac) 109 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha256, mac) 110 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha384, mac) 111 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sha512, mac) 112 #endif 113 114 #if defined(CFG_CRYPTO_SM3) && defined(CFG_CRYPTO_HMAC) 115 TEE_Result crypto_hmac_sm3_alloc_ctx(struct crypto_mac_ctx **ctx); 116 #else 117 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(hmac_sm3, mac) 118 #endif 119 120 #if defined(CFG_CRYPTO_CBC_MAC) 121 TEE_Result crypto_aes_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 122 TEE_Result crypto_aes_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 123 TEE_Result crypto_des_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 124 TEE_Result crypto_des_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 125 TEE_Result crypto_des3_cbc_mac_nopad_alloc_ctx(struct crypto_mac_ctx **ctx); 126 TEE_Result crypto_des3_cbc_mac_pkcs5_alloc_ctx(struct crypto_mac_ctx **ctx); 127 #else 128 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_nopad, mac) 129 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc_mac_pkcs5, mac) 130 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_nopad, mac) 131 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc_mac_pkcs5, mac) 132 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_nopad, mac) 133 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc_mac_pkcs5, mac) 134 #endif 135 136 #if defined(CFG_CRYPTO_CMAC) 137 TEE_Result crypto_aes_cmac_alloc_ctx(struct crypto_mac_ctx **ctx); 138 #else 139 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cmac, mac) 140 #endif 141 142 /* 143 * The crypto context used by the crypto_cipher_*() functions is defined by 144 * struct crypto_cipher_ctx. 145 */ 146 struct crypto_cipher_ctx { 147 const struct crypto_cipher_ops *ops; 148 }; 149 150 struct crypto_cipher_ops { 151 TEE_Result (*init)(struct crypto_cipher_ctx *ctx, 152 TEE_OperationMode mode, 153 const uint8_t *key1, size_t key1_len, 154 const uint8_t *key2, size_t key2_len, 155 const uint8_t *iv, size_t iv_len); 156 TEE_Result (*update)(struct crypto_cipher_ctx *ctx, bool last_block, 157 const uint8_t *data, size_t len, uint8_t *dst); 158 void (*final)(struct crypto_cipher_ctx *ctx); 159 160 void (*free_ctx)(struct crypto_cipher_ctx *ctx); 161 void (*copy_state)(struct crypto_cipher_ctx *dst_ctx, 162 struct crypto_cipher_ctx *src_ctx); 163 }; 164 165 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_ECB) 166 TEE_Result crypto_aes_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 167 #else 168 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ecb, cipher) 169 #endif 170 171 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CBC) 172 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 173 #else 174 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cbc, cipher) 175 #endif 176 177 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTR) 178 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 179 #else 180 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_ctr, cipher) 181 #endif 182 183 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_CTS) 184 TEE_Result crypto_aes_cts_alloc_ctx(struct crypto_cipher_ctx **ctx); 185 #else 186 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_cts, cipher) 187 #endif 188 189 #if defined(CFG_CRYPTO_AES) && defined(CFG_CRYPTO_XTS) 190 TEE_Result crypto_aes_xts_alloc_ctx(struct crypto_cipher_ctx **ctx); 191 #else 192 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(aes_xts, cipher) 193 #endif 194 195 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_ECB) 196 TEE_Result crypto_des_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 197 TEE_Result crypto_des3_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 198 #else 199 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_ecb, cipher) 200 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_ecb, cipher) 201 #endif 202 203 #if defined(CFG_CRYPTO_DES) && defined(CFG_CRYPTO_CBC) 204 TEE_Result crypto_des_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 205 TEE_Result crypto_des3_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 206 #else 207 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des_cbc, cipher) 208 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(des3_cbc, cipher) 209 #endif 210 211 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_ECB) 212 TEE_Result crypto_sm4_ecb_alloc_ctx(struct crypto_cipher_ctx **ctx); 213 #else 214 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ecb, cipher) 215 #endif 216 217 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CBC) 218 TEE_Result crypto_sm4_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx); 219 #else 220 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_cbc, cipher) 221 #endif 222 223 #if defined(CFG_CRYPTO_SM4) && defined(CFG_CRYPTO_CTR) 224 TEE_Result crypto_sm4_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx); 225 #else 226 CRYPTO_ALLOC_CTX_NOT_IMPLEMENTED(sm4_ctr, cipher) 227 #endif 228 229 /* 230 * The crypto context used by the crypto_authen_*() functions below is 231 * defined by struct crypto_authenc_ctx. 232 */ 233 struct crypto_authenc_ctx { 234 const struct crypto_authenc_ops *ops; 235 }; 236 237 struct crypto_authenc_ops { 238 TEE_Result (*init)(struct crypto_authenc_ctx *ctx, 239 TEE_OperationMode mode, 240 const uint8_t *key, size_t key_len, 241 const uint8_t *nonce, size_t nonce_len, 242 size_t tag_len, size_t aad_len, 243 size_t payload_len); 244 TEE_Result (*update_aad)(struct crypto_authenc_ctx *ctx, 245 const uint8_t *data, size_t len); 246 TEE_Result (*update_payload)(struct crypto_authenc_ctx *ctx, 247 TEE_OperationMode mode, 248 const uint8_t *src_data, size_t len, 249 uint8_t *dst_data); 250 TEE_Result (*enc_final)(struct crypto_authenc_ctx *ctx, 251 const uint8_t *src_data, size_t len, 252 uint8_t *dst_data, uint8_t *dst_tag, 253 size_t *dst_tag_len); 254 TEE_Result (*dec_final)(struct crypto_authenc_ctx *ctx, 255 const uint8_t *src_data, size_t len, 256 uint8_t *dst_data, const uint8_t *tag, 257 size_t tag_len); 258 void (*final)(struct crypto_authenc_ctx *ctx); 259 void (*free_ctx)(struct crypto_authenc_ctx *ctx); 260 void (*copy_state)(struct crypto_authenc_ctx *dst_ctx, 261 struct crypto_authenc_ctx *src_ctx); 262 }; 263 264 TEE_Result crypto_aes_ccm_alloc_ctx(struct crypto_authenc_ctx **ctx); 265 TEE_Result crypto_aes_gcm_alloc_ctx(struct crypto_authenc_ctx **ctx); 266 267 #ifdef CFG_CRYPTO_DRV_HASH 268 TEE_Result drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx, uint32_t algo); 269 #else 270 static inline TEE_Result 271 drvcrypt_hash_alloc_ctx(struct crypto_hash_ctx **ctx __unused, 272 uint32_t algo __unused) 273 { 274 return TEE_ERROR_NOT_IMPLEMENTED; 275 } 276 #endif /* CFG_CRYPTO_DRV_HASH */ 277 278 #ifdef CFG_CRYPTO_DRV_CIPHER 279 TEE_Result drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx, 280 uint32_t algo); 281 #else 282 static inline TEE_Result 283 drvcrypt_cipher_alloc_ctx(struct crypto_cipher_ctx **ctx __unused, 284 uint32_t algo __unused) 285 { 286 return TEE_ERROR_NOT_IMPLEMENTED; 287 } 288 #endif /* CFG_CRYPTO_DRV_CIPHER */ 289 290 #ifdef CFG_CRYPTO_DRV_MAC 291 /* Cryptographic MAC driver context allocation */ 292 TEE_Result drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx, uint32_t algo); 293 #else 294 static inline TEE_Result 295 drvcrypt_mac_alloc_ctx(struct crypto_mac_ctx **ctx __unused, 296 uint32_t algo __unused) 297 { 298 return TEE_ERROR_NOT_IMPLEMENTED; 299 } 300 #endif /* CFG_CRYPTO_DRV_MAC */ 301 302 /* 303 * The ECC public key operations used by the crypto_acipher_ecc_*() and 304 * crypto_acipher_free_ecc_*() functions. 305 * Reference set in ecc_public_key when key allocated. 306 * 307 * @free is mandatory 308 * @verify is optional 309 * @encrypt is optional 310 */ 311 struct crypto_ecc_public_ops { 312 void (*free)(struct ecc_public_key *key); 313 TEE_Result (*verify)(uint32_t algo, struct ecc_public_key *key, 314 const uint8_t *msg, size_t msg_len, 315 const uint8_t *sig, size_t sig_len); 316 TEE_Result (*encrypt)(struct ecc_public_key *key, const uint8_t *src, 317 size_t src_len, uint8_t *dst, size_t *dst_len); 318 }; 319 320 /* 321 * The ECC keypair operations used by the crypto_acipher_ecc_*() and 322 * crypto_acipher_gen_ecc_*() functions. 323 * Reference set in ecc_keypair when key allocated. 324 * 325 * @generate is mandatory 326 * @sign is optional 327 * @shared_secret is optional 328 * @decrypt is optional 329 */ 330 struct crypto_ecc_keypair_ops { 331 TEE_Result (*generate)(struct ecc_keypair *key, size_t key_size_bits); 332 TEE_Result (*sign)(uint32_t algo, struct ecc_keypair *key, 333 const uint8_t *msg, size_t msg_len, uint8_t *sig, 334 size_t *sig_len); 335 TEE_Result (*shared_secret)(struct ecc_keypair *private_key, 336 struct ecc_public_key *public_key, 337 void *secret, unsigned long *secret_len); 338 TEE_Result (*decrypt)(struct ecc_keypair *key, const uint8_t *src, 339 size_t src_len, uint8_t *dst, size_t *dst_len); 340 }; 341 342 #ifdef CFG_CRYPTO_ECC 343 TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key, 344 uint32_t key_type, 345 size_t key_size_bits); 346 TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key, 347 uint32_t key_type, 348 size_t key_size_bits); 349 #else 350 static inline TEE_Result 351 crypto_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 352 uint32_t key_type __unused, 353 size_t key_size_bits __unused) 354 { 355 return TEE_ERROR_NOT_IMPLEMENTED; 356 } 357 358 static inline TEE_Result 359 crypto_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 360 uint32_t key_type __unused, 361 size_t key_size_bits __unused) 362 { 363 return TEE_ERROR_NOT_IMPLEMENTED; 364 } 365 #endif /* CFG_CRYPTO_ECC */ 366 367 #ifdef CFG_CRYPTO_DRV_ECC 368 TEE_Result drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key, 369 uint32_t key_type, 370 size_t key_size_bits); 371 TEE_Result drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key, 372 uint32_t key_type, 373 size_t key_size_bits); 374 #else 375 static inline TEE_Result 376 drvcrypt_asym_alloc_ecc_public_key(struct ecc_public_key *key __unused, 377 uint32_t key_type __unused, 378 size_t key_size_bits __unused) 379 { 380 return TEE_ERROR_NOT_IMPLEMENTED; 381 } 382 383 static inline TEE_Result 384 drvcrypt_asym_alloc_ecc_keypair(struct ecc_keypair *key __unused, 385 uint32_t key_type __unused, 386 size_t key_size_bits __unused) 387 { 388 return TEE_ERROR_NOT_IMPLEMENTED; 389 } 390 #endif /* CFG_CRYPTO_DRV_ECC */ 391 #endif /*__CRYPTO_CRYPTO_IMPL_H*/ 392