xref: /optee_os/ta/pkcs11/src/processing.h (revision e02f17f374b6ce856b8569543e2066bfbaa64c59) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  */
5 
6 #ifndef PKCS11_TA_PROCESSING_H
7 #define PKCS11_TA_PROCESSING_H
8 
9 #include <pkcs11_attributes.h>
10 #include <pkcs11_ta.h>
11 #include <tee_internal_api.h>
12 
13 struct pkcs11_client;
14 struct pkcs11_session;
15 struct pkcs11_object;
16 struct active_processing;
17 
18 /**
19  * RSA PSS processing context
20  *
21  * @hash_alg: Hash algorithm mechanism
22  * @mgf_type: Mask generator function
23  * @salt_len: Length of the salt in bytes
24  */
25 struct rsa_pss_processing_ctx {
26 	enum pkcs11_mechanism_id hash_alg;
27 	enum pkcs11_mgf_id mgf_type;
28 	uint32_t salt_len;
29 };
30 
31 /**
32  * RSA OAEP processing context
33  *
34  * @hash_alg: Hash algorithm mechanism
35  * @mgf_type: Mask generator function
36  * @source_type: Type of source.
37  * @source_data_len: Length of the source data.
38  * @source_data: Source data.
39  */
40 struct rsa_oaep_processing_ctx {
41 	enum pkcs11_mechanism_id hash_alg;
42 	enum pkcs11_mgf_id mgf_type;
43 	uint32_t source_type;
44 	uint32_t source_data_len;
45 	uint8_t source_data[];
46 };
47 
48 /**
49  * RSA AES key wrap processing context
50  *
51  * @hash_alg: Hash algorithm mechanism
52  * @mgf_type: Mask generator function
53  * @aes_key_bits: Length of AES key in bits
54  * @source_type: Type of source.
55  * @source_data_len: Length of the source data.
56  * @source_data: Source data.
57  */
58 struct rsa_aes_key_wrap_processing_ctx {
59 	enum pkcs11_mechanism_id hash_alg;
60 	enum pkcs11_mgf_id mgf_type;
61 	uint32_t aes_key_bits;
62 	uint32_t source_type;
63 	uint32_t source_data_len;
64 	uint8_t source_data[];
65 };
66 
67 /**
68  * EDDSA processing context
69  *
70  * @flag: Prehash flag
71  * @ctx_len: Length of the context data
72  * @ctx: Context data
73  */
74 struct eddsa_processing_ctx {
75 	uint32_t flag;
76 	uint32_t ctx_len;
77 	uint8_t ctx[];
78 };
79 
80 /*
81  * Entry points from PKCS11 TA invocation commands
82  */
83 
84 enum pkcs11_rc entry_generate_secret(struct pkcs11_client *client,
85 				     uint32_t ptypes, TEE_Param *params);
86 
87 enum pkcs11_rc entry_generate_key_pair(struct pkcs11_client *client,
88 				       uint32_t ptypes, TEE_Param *params);
89 
90 enum pkcs11_rc entry_processing_init(struct pkcs11_client *client,
91 				     uint32_t ptypes, TEE_Param *params,
92 				     enum processing_func function);
93 
94 enum pkcs11_rc entry_processing_step(struct pkcs11_client *client,
95 				     uint32_t ptypes, TEE_Param *params,
96 				     enum processing_func function,
97 				     enum processing_step step);
98 
99 enum pkcs11_rc entry_processing_key(struct pkcs11_client *client,
100 				    uint32_t ptypes, TEE_Param *params,
101 				    enum processing_func function);
102 
103 enum pkcs11_rc entry_release_active_processing(struct pkcs11_client *client,
104 					       uint32_t ptypes,
105 					       TEE_Param *params);
106 
107 enum pkcs11_rc entry_wrap_key(struct pkcs11_client *client,
108 			      uint32_t ptypes, TEE_Param *params);
109 
110 /*
111  * Util
112  */
113 size_t get_object_key_bit_size(struct pkcs11_object *obj);
114 
115 void release_active_processing(struct pkcs11_session *session);
116 
117 enum pkcs11_rc alloc_get_tee_attribute_data(TEE_ObjectHandle tee_obj,
118 					    uint32_t attribute,
119 					    void **data, size_t *size);
120 
121 enum pkcs11_rc tee2pkcs_add_attribute(struct obj_attrs **head,
122 				      uint32_t pkcs11_id,
123 				      TEE_ObjectHandle tee_obj,
124 				      uint32_t tee_id);
125 
126 /* Asymmetric key operations util */
127 bool processing_is_tee_asymm(uint32_t proc_id);
128 
129 enum pkcs11_rc init_asymm_operation(struct pkcs11_session *session,
130 				    enum processing_func function,
131 				    struct pkcs11_attribute_head *proc_params,
132 				    struct pkcs11_object *obj);
133 
134 enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session,
135 				    enum processing_func function,
136 				    enum processing_step step,
137 				    uint32_t ptypes, TEE_Param *params);
138 
139 enum pkcs11_rc wrap_data_by_asymm_enc(struct pkcs11_session *session,
140 				      void *data, uint32_t data_sz,
141 				      void *out_buf, uint32_t *out_sz);
142 
143 enum pkcs11_rc unwrap_key_by_asymm(struct pkcs11_session *session, void *data,
144 				   uint32_t data_sz, void **out_buf,
145 				   uint32_t *out_sz);
146 
147 /*
148  * Symmetric crypto algorithm specific functions
149  */
150 bool processing_is_tee_symm(enum pkcs11_mechanism_id proc_id);
151 
152 enum pkcs11_rc init_symm_operation(struct pkcs11_session *session,
153 				   enum processing_func function,
154 				   struct pkcs11_attribute_head *proc_params,
155 				   struct pkcs11_object *key);
156 
157 enum pkcs11_rc step_symm_operation(struct pkcs11_session *session,
158 				   enum processing_func function,
159 				   enum processing_step step,
160 				   uint32_t ptypes, TEE_Param *params);
161 
162 enum pkcs11_rc tee_init_ctr_operation(struct active_processing *processing,
163 				      void *proc_params, size_t params_size);
164 
165 enum pkcs11_rc derive_key_by_symm_enc(struct pkcs11_session *session,
166 				      void **out_buf, uint32_t *out_sz);
167 
168 enum pkcs11_rc wrap_data_by_symm_enc(struct pkcs11_session *session,
169 				     void *data, uint32_t data_sz,
170 				     void *out_buf, uint32_t *out_sz);
171 
172 enum pkcs11_rc unwrap_key_by_symm(struct pkcs11_session *session, void *data,
173 				  uint32_t data_sz, void **out_buf,
174 				  uint32_t *out_sz);
175 
176 enum pkcs11_rc tee_ae_decrypt_update(struct pkcs11_session *session,
177 				     void *in, size_t in_size);
178 
179 enum pkcs11_rc tee_ae_decrypt_final(struct pkcs11_session *session,
180 				    void *out, size_t *out_size);
181 
182 enum pkcs11_rc tee_ae_encrypt_final(struct pkcs11_session *session,
183 				    void *out, size_t *out_size);
184 
185 void tee_release_gcm_operation(struct pkcs11_session *session);
186 
187 enum pkcs11_rc tee_init_gcm_operation(struct pkcs11_session *session,
188 				      void *proc_params, size_t params_size);
189 
190 enum pkcs11_rc tee_ae_reinit_gcm_operation(struct pkcs11_session *session);
191 
192 /* Digest specific functions */
193 bool processing_is_tee_digest(enum pkcs11_mechanism_id mecha_id);
194 
195 enum pkcs11_rc
196 init_digest_operation(struct pkcs11_session *session,
197 		      struct pkcs11_attribute_head *proc_params);
198 
199 enum pkcs11_rc step_digest_operation(struct pkcs11_session *session,
200 				     enum processing_step step,
201 				     struct pkcs11_object *obj,
202 				     uint32_t ptypes, TEE_Param *params);
203 
204 /*
205  * Elliptic curve crypto algorithm specific functions
206  */
207 enum pkcs11_rc load_tee_ec_key_attrs(TEE_Attribute **tee_attrs,
208 				     size_t *tee_count,
209 				     struct pkcs11_object *obj);
210 
211 enum pkcs11_rc load_tee_eddsa_key_attrs(TEE_Attribute **tee_attrs,
212 					size_t *tee_count,
213 					struct pkcs11_object *obj);
214 
215 size_t ec_params2tee_keysize(void *attr, size_t size);
216 
217 uint32_t ec_params2tee_curve(void *attr, size_t size);
218 
219 enum pkcs11_rc pkcs2tee_algo_ecdsa(uint32_t *tee_id,
220 				   struct pkcs11_attribute_head *proc_params,
221 				   struct pkcs11_object *obj);
222 
223 enum pkcs11_rc generate_ec_keys(struct pkcs11_attribute_head *proc_params,
224 				struct obj_attrs **pub_head,
225 				struct obj_attrs **priv_head);
226 
227 enum pkcs11_rc generate_eddsa_keys(struct pkcs11_attribute_head *proc_params,
228 				   struct obj_attrs **pub_head,
229 				   struct obj_attrs **priv_head);
230 
231 size_t ecdsa_get_input_max_byte_size(TEE_OperationHandle op);
232 
233 /*
234  * RSA crypto algorithm specific functions
235  */
236 enum pkcs11_rc load_tee_rsa_key_attrs(TEE_Attribute **tee_attrs,
237 				      size_t *tee_count,
238 				      struct pkcs11_object *obj);
239 
240 enum pkcs11_rc
241 pkcs2tee_proc_params_rsa_pss(struct active_processing *proc,
242 			     struct pkcs11_attribute_head *proc_params);
243 
244 enum pkcs11_rc pkcs2tee_validate_rsa_pss(struct active_processing *proc,
245 					 struct pkcs11_object *obj);
246 
247 enum pkcs11_rc pkcs2tee_algo_rsa_pss(uint32_t *tee_id,
248 				     struct pkcs11_attribute_head *params);
249 
250 enum pkcs11_rc
251 pkcs2tee_proc_params_rsa_oaep(struct active_processing *proc,
252 			      struct pkcs11_attribute_head *proc_params);
253 
254 enum pkcs11_rc
255 pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing *proc,
256 				  struct pkcs11_attribute_head *proc_params);
257 
258 enum pkcs11_rc
259 pkcs2tee_proc_params_eddsa(struct active_processing *proc,
260 			   struct pkcs11_attribute_head *proc_params);
261 
262 enum pkcs11_rc pkcs2tee_algo_rsa_oaep(uint32_t *tee_id, uint32_t *tee_hash_id,
263 				      struct pkcs11_attribute_head *params);
264 
265 enum pkcs11_rc
266 pkcs2tee_algo_rsa_aes_wrap(uint32_t *tee_id, uint32_t *tee_hash_id,
267 			   struct pkcs11_attribute_head *params);
268 
269 enum pkcs11_rc generate_rsa_keys(struct pkcs11_attribute_head *proc_params,
270 				 struct obj_attrs **pub_head,
271 				 struct obj_attrs **priv_head);
272 
273 size_t rsa_get_input_max_byte_size(TEE_OperationHandle op);
274 
275 enum pkcs11_rc do_asymm_derivation(struct pkcs11_session *session,
276 				   struct pkcs11_attribute_head *proc_params,
277 				   struct obj_attrs **head);
278 
279 enum pkcs11_rc pkcs2tee_param_ecdh(struct pkcs11_attribute_head *proc_params,
280 				   void **pub_data, size_t *pub_size);
281 
282 enum pkcs11_rc pkcs2tee_algo_ecdh(uint32_t *tee_id,
283 				  struct pkcs11_attribute_head *proc_params,
284 				  struct pkcs11_object *obj);
285 
286 enum pkcs11_rc pkcs2tee_rsa_nopad_context(struct active_processing *proc);
287 
288 #endif /*PKCS11_TA_PROCESSING_H*/
289