1 /** 2 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 * Description: mbedtls harden adapt internal header file. 15 * 16 * Create: 2023-05-10 17 */ 18 19 #ifndef CIPHER_ADAPT_H 20 #define CIPHER_ADAPT_H 21 22 #include "crypto_cipher_common_struct.h" 23 24 typedef enum { 25 KM_KEYSLOT_ENGINE_AES = 0, 26 KM_KEYSLOT_ENGINE_SM4, 27 KM_KEYSLOT_ENGINE_HMAC_SHA1, 28 KM_KEYSLOT_ENGINE_HMAC_SHA224, 29 KM_KEYSLOT_ENGINE_HMAC_SHA256, 30 KM_KEYSLOT_ENGINE_HMAC_SHA384, 31 KM_KEYSLOT_ENGINE_HMAC_SHA512, 32 KM_KEYSLOT_ENGINE_HMAC_SM3, 33 } km_keyslot_engine; 34 35 /* HASH */ 36 typedef td_s32 ( *func_hash_init )( td_void ); 37 typedef td_s32 ( *func_hash_deinit )( td_void ); 38 typedef td_s32 ( *func_hash_start )( td_handle *uapi_hash_handle, const crypto_hash_attr *hash_attr ); 39 typedef td_s32 ( *func_hash_update )( td_handle uapi_hash_handle, const crypto_buf_attr *src_buf, const td_u32 len ); 40 typedef td_s32 ( *func_hash_get )( td_handle uapi_hash_handle, crypto_hash_clone_ctx *hash_clone_ctx ); 41 typedef td_s32 ( *func_hash_set )( td_handle uapi_hash_handle, const crypto_hash_clone_ctx *hash_clone_ctx ); 42 typedef td_s32 ( *func_hash_destroy )( td_handle uapi_hash_handle ); 43 typedef td_s32 ( *func_hash_finish )( td_handle uapi_hash_handle, td_u8 *out, td_u32 *out_len ); 44 45 /* HKDF */ 46 typedef td_s32 ( *func_hkdf )( crypto_hkdf_t *hkdf_param, td_u8 *okm, td_u32 okm_length ); 47 typedef td_s32 ( *func_hkdf_extract )( crypto_hkdf_extract_t *extract_param, td_u8 *prk, td_u32 *prk_length ); 48 typedef td_s32 ( *func_hkdf_expand )( const crypto_hkdf_expand_t *expand_param, td_u8 *okm, td_u32 okm_length ); 49 50 /* TRNG */ 51 typedef td_s32 ( *func_trng_get_random )( td_u32 *randnum ); 52 typedef td_s32 ( *func_trng_get_multi_random )( td_u32 size, td_u8 *randnum ); 53 54 /* PBKDF2 */ 55 typedef td_s32 ( *func_pbkdf2 )( const crypto_kdf_pbkdf2_param *param, td_u8 *out, const td_u32 out_len ); 56 57 /* SYMC */ 58 typedef td_s32 ( *func_symc_init )( td_void ); 59 typedef td_s32 ( *func_symc_deinit )( td_void ); 60 typedef td_s32 ( *func_symc_create )( td_handle *symc_handle, const crypto_symc_attr *symc_attr ); 61 typedef td_s32 ( *func_symc_destroy )( td_handle symc_handle ); 62 typedef td_s32 ( *func_symc_set_config )( td_handle symc_handle, const crypto_symc_ctrl_t *symc_ctrl ); 63 typedef td_s32 ( *func_symc_get_config )( td_handle symc_handle, crypto_symc_ctrl_t *symc_ctrl ); 64 typedef td_s32 ( *func_symc_attach )( td_handle symc_handle, td_handle keyslot_handle ); 65 typedef td_s32 ( *func_symc_encrypt )( td_handle symc_handle, const crypto_buf_attr *src_buf, 66 const crypto_buf_attr *dst_buf, td_u32 length ); 67 typedef td_s32 ( *func_symc_decrypt )( td_handle symc_handle, const crypto_buf_attr *src_buf, 68 const crypto_buf_attr *dst_buf, td_u32 length ); 69 typedef td_s32 ( *func_symc_get_tag )( td_handle symc_handle, td_u8 *tag, td_u32 tag_length ); 70 typedef td_s32 ( *func_symc_mac_start )( td_handle *symc_handle, const crypto_symc_mac_attr *mac_attr ); 71 typedef td_s32 ( *func_symc_mac_update )( td_handle symc_handle, const crypto_buf_attr *src_buf, td_u32 length ); 72 typedef td_s32 ( *func_symc_mac_finish )( td_handle symc_handle, td_u8 *mac, td_u32 *mac_length ); 73 74 /* PKE */ 75 typedef td_s32 ( *func_pke_init )( td_void ); 76 typedef td_s32 ( *func_pke_deinit )( td_void ); 77 typedef td_s32 ( *func_pke_mod )( const drv_pke_data *a, const drv_pke_data *p, const drv_pke_data *c ); 78 typedef td_s32 ( *func_pke_exp_mod )( const drv_pke_data *n, const drv_pke_data *k, 79 const drv_pke_data *in, const drv_pke_data *out ); 80 typedef td_s32 ( *func_pke_ecc_gen_key )( drv_pke_ecc_curve_type curve_type, const drv_pke_data *input_priv_key, 81 const drv_pke_data *output_priv_key, const drv_pke_ecc_point *output_pub_key ); 82 typedef td_s32 ( *func_pke_ecdsa_sign )( drv_pke_ecc_curve_type curve_type, const drv_pke_data *priv_key, 83 const drv_pke_data *hash, const drv_pke_ecc_sig *sig ); 84 typedef td_s32 ( *func_pke_ecdsa_verify )( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 85 const drv_pke_data *hash, const drv_pke_ecc_sig *sig ); 86 typedef td_s32 ( *func_pke_eddsa_sign )( drv_pke_ecc_curve_type curve_type, const drv_pke_data *priv_key, 87 const drv_pke_msg *msg, const drv_pke_ecc_sig *sig ); 88 typedef td_s32 ( *func_pke_eddsa_verify )( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 89 const drv_pke_msg *msg, const drv_pke_ecc_sig *sig ); 90 typedef td_s32 ( *func_pke_gen_ecdh_key )( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *input_pub_key, 91 const drv_pke_data *input_priv_key, const drv_pke_data *output_shared_key ); 92 typedef td_s32 ( *func_pke_check_dot_on_curve )( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 93 td_bool *is_on_curve ); 94 typedef td_s32 ( *func_pke_rsa_sign )( const drv_pke_rsa_priv_key *priv_key, drv_pke_rsa_scheme scheme, 95 drv_pke_hash_type hash_type, const drv_pke_data *input_hash, 96 drv_pke_data *sign ); 97 typedef td_s32 ( *func_pke_rsa_verify )( const drv_pke_rsa_pub_key *pub_key, drv_pke_rsa_scheme scheme, 98 drv_pke_hash_type hash_type, drv_pke_data *input_hash, const drv_pke_data *sig ); 99 typedef td_s32 ( *func_pke_rsa_public_encrypt )( drv_pke_rsa_scheme scheme, drv_pke_hash_type hash_type, 100 const drv_pke_rsa_pub_key *pub_key, const drv_pke_data *input, const drv_pke_data *label, 101 drv_pke_data *output ); 102 typedef td_s32 ( *func_pke_rsa_private_decrypt )( drv_pke_rsa_scheme scheme, drv_pke_hash_type hash_type, 103 const drv_pke_rsa_priv_key *priv_key, const drv_pke_data *input, const drv_pke_data *label, 104 drv_pke_data *output ); 105 106 /* KM */ 107 typedef td_s32 ( *func_km_init )( td_void ); 108 typedef td_s32 ( *func_km_deinit )( td_void ); 109 typedef td_s32 ( *func_km_create_keyslot )( td_handle *keyslot_handle, km_keyslot_engine key_engine ); 110 typedef td_void ( *func_km_destroy_keyslot )( td_handle keyslot_handle ); 111 typedef td_s32 ( *func_km_set_clear_key )( td_handle keyslot_handle, td_u8 *key, td_u32 keylen, 112 km_keyslot_engine key_engine ); 113 114 /* MEM */ 115 typedef td_s32 ( *func_alloc_phys_buf )( crypto_buf_attr *buf_attr, void **virt_addr, unsigned int size ); 116 typedef td_void ( *func_free_phys_buf )( crypto_buf_attr *buf_attr, void *virt_addr, unsigned int size ); 117 typedef td_s32 ( *func_get_phys_addr )( void *virt_addr, unsigned long *phys_addr ); 118 119 typedef struct { 120 func_hash_init harden_hash_init; 121 func_hash_deinit harden_hash_deinit; 122 func_hash_start harden_hash_start; 123 func_hash_update harden_hash_update; 124 func_hash_get harden_hash_get; 125 func_hash_set harden_hash_set; 126 func_hash_destroy harden_hash_destroy; 127 func_hash_finish harden_hash_finish; 128 func_hkdf harden_hkdf; 129 func_hkdf_extract harden_hkdf_extract; 130 func_hkdf_expand harden_hkdf_expand; 131 func_trng_get_random harden_trng_get_random; 132 func_trng_get_multi_random harden_trng_get_multi_random; 133 func_pbkdf2 harden_pbkdf2; 134 func_symc_init harden_symc_init; 135 func_symc_deinit harden_symc_deinit; 136 func_symc_create harden_symc_create; 137 func_symc_destroy harden_symc_destroy; 138 func_symc_set_config harden_symc_set_config; 139 func_symc_get_config harden_symc_get_config; 140 func_symc_attach harden_symc_attach; 141 func_symc_encrypt harden_symc_encrypt; 142 func_symc_decrypt harden_symc_decrypt; 143 func_symc_get_tag harden_symc_get_tag; 144 func_symc_mac_start harden_symc_mac_start; 145 func_symc_mac_update harden_symc_mac_update; 146 func_symc_mac_finish harden_symc_mac_finish; 147 func_pke_init harden_pke_init; 148 func_pke_deinit harden_pke_deinit; 149 func_pke_mod harden_pke_mod; 150 func_pke_exp_mod harden_pke_exp_mod; 151 func_pke_ecc_gen_key harden_pke_ecc_gen_key; 152 func_pke_ecdsa_sign harden_pke_ecdsa_sign; 153 func_pke_ecdsa_verify harden_pke_ecdsa_verify; 154 func_pke_eddsa_sign harden_pke_eddsa_sign; 155 func_pke_eddsa_verify harden_pke_eddsa_verify; 156 func_pke_gen_ecdh_key harden_pke_gen_ecdh_key; 157 func_pke_check_dot_on_curve harden_pke_check_dot_on_curve; 158 func_pke_rsa_sign harden_pke_rsa_sign; 159 func_pke_rsa_verify harden_pke_rsa_verify; 160 func_pke_rsa_public_encrypt harden_pke_rsa_public_encrypt; 161 func_pke_rsa_private_decrypt harden_pke_rsa_private_decrypt; 162 } mbedtls_harden_cipher_func; 163 164 typedef struct { 165 func_km_init harden_km_init; 166 func_km_deinit harden_km_deinit; 167 func_km_create_keyslot harden_km_create_keyslot; 168 func_km_destroy_keyslot harden_km_destroy_keyslot; 169 func_km_set_clear_key harden_km_set_clear_key; 170 } mbedtls_harden_km_func; 171 172 typedef struct { 173 func_alloc_phys_buf harden_alloc_phys_buf; 174 func_free_phys_buf harden_free_phys_buf; 175 func_get_phys_addr harden_get_phys_addr; 176 } mbedtls_harden_mem_func; 177 178 #ifdef __cplusplus 179 #if __cplusplus 180 extern "C" { 181 #endif /* __cplusplus */ 182 #endif /* __cplusplus */ 183 184 td_void mbedtls_cipher_adapt_register_func( mbedtls_harden_cipher_func *harden_cipher_func ); 185 td_void mbedtls_km_adapt_register_func( mbedtls_harden_km_func *harden_km_func ); 186 td_void mbedtls_mem_adapt_register_func( mbedtls_harden_mem_func *harden_mem_func ); 187 188 /* HASH */ 189 td_s32 CIPHER_HASH_INIT( td_void ); 190 td_s32 CIPHER_HASH_DEINIT( td_void ); 191 td_s32 CIPHER_HASH_START( td_handle *uapi_hash_handle, const crypto_hash_attr *hash_attr ); 192 td_s32 CIPHER_HASH_UPDATE( td_handle uapi_hash_handle, const crypto_buf_attr *src_buf, const td_u32 len ); 193 td_s32 CIPHER_HASH_GET( td_handle uapi_hash_handle, crypto_hash_clone_ctx *hash_clone_ctx ); 194 td_s32 CIPHER_HASH_SET( td_handle uapi_hash_handle, const crypto_hash_clone_ctx *hash_clone_ctx ); 195 td_s32 CIPHER_HASH_DESTROY( td_handle uapi_hash_handle ); 196 td_s32 CIPHER_HASH_FINISH( td_handle uapi_hash_handle, td_u8 *out, td_u32 *out_len ); 197 198 /* HKDF */ 199 td_s32 CIPHER_HKDF( crypto_hkdf_t *hkdf_param, td_u8 *okm, td_u32 okm_length ); 200 td_s32 CIPHER_HKDF_EXTRACT( crypto_hkdf_extract_t *extract_param, td_u8 *prk, td_u32 *prk_length ); 201 td_s32 CIPHER_HKDF_EXPAND( const crypto_hkdf_expand_t *expand_param, td_u8 *okm, td_u32 okm_length ); 202 203 /* TRNG */ 204 td_s32 CIPHER_TRNG_GET_RANDOM( td_u32 *randnum ); 205 td_s32 CIPHER_TRNG_GET_MULTI_RANDOM( td_u32 size, td_u8 *randnum ); 206 207 /* PBKDF2 */ 208 td_s32 CIPHER_PBKDF2( const crypto_kdf_pbkdf2_param *param, td_u8 *out, const td_u32 out_len ); 209 210 /* SYMC */ 211 td_s32 CIPHER_SYMC_INIT( td_void ); 212 td_s32 CIPHER_SYMC_DEINIT( td_void ); 213 td_s32 CIPHER_SYMC_CREATE( td_handle *symc_handle, const crypto_symc_attr *symc_attr ); 214 td_s32 CIPHER_SYMC_DESTROY( td_handle symc_handle ); 215 td_s32 CIPHER_SYMC_SET_CONFIG( td_handle symc_handle, const crypto_symc_ctrl_t *symc_ctrl ); 216 td_s32 CIPHER_SYMC_GET_CONFIG( td_handle symc_handle, crypto_symc_ctrl_t *symc_ctrl ); 217 td_s32 CIPHER_SYMC_ATTACH( td_handle symc_handle, td_handle keyslot_handle ); 218 td_s32 CIPHER_SYMC_ENCRYPT( td_handle symc_handle, const crypto_buf_attr *src_buf, 219 const crypto_buf_attr *dst_buf, td_u32 length ); 220 td_s32 CIPHER_SYMC_DECRYPT( td_handle symc_handle, const crypto_buf_attr *src_buf, 221 const crypto_buf_attr *dst_buf, td_u32 length ); 222 td_s32 CIPHER_SYMC_GET_TAG( td_handle symc_handle, td_u8 *tag, td_u32 tag_length ); 223 td_s32 CIPHER_SYMC_MAC_START( td_handle *symc_handle, const crypto_symc_mac_attr *mac_attr ); 224 td_s32 CIPHER_SYMC_MAC_UPDATE( td_handle symc_handle, const crypto_buf_attr *src_buf, td_u32 length ); 225 td_s32 CIPHER_SYMC_MAC_FINISH( td_handle symc_handle, td_u8 *mac, td_u32 *mac_length ); 226 227 /* PKE */ 228 td_s32 CIPHER_PKE_INIT( td_void ); 229 td_s32 CIPHER_PKE_DEINIT( td_void ); 230 td_s32 CIPHER_PKE_MOD( const drv_pke_data *a, const drv_pke_data *p, drv_pke_data *c ); 231 td_s32 CIPHER_PKE_EXP_MOD( const drv_pke_data *n, const drv_pke_data *k, 232 const drv_pke_data *in, const drv_pke_data *out ); 233 td_s32 CIPHER_PKE_ECC_GEN_KEY( drv_pke_ecc_curve_type curve_type, const drv_pke_data *input_priv_key, 234 const drv_pke_data *output_priv_key, const drv_pke_ecc_point *output_pub_key ); 235 td_s32 CIPHER_PKE_ECDSA_SIGN( drv_pke_ecc_curve_type curve_type, const drv_pke_data *priv_key, 236 const drv_pke_data *hash, const drv_pke_ecc_sig *sig ); 237 td_s32 CIPHER_PKE_ECDSA_VERIFY( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 238 const drv_pke_data *hash, const drv_pke_ecc_sig *sig ); 239 td_s32 CIPHER_PKE_EDDSA_SIGN( drv_pke_ecc_curve_type curve_type, const drv_pke_data *priv_key, 240 const drv_pke_msg *msg, const drv_pke_ecc_sig *sig ); 241 td_s32 CIPHER_PKE_EDDSA_VERIFY( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 242 const drv_pke_msg *msg, const drv_pke_ecc_sig *sig ); 243 td_s32 CIPHER_PKE_ECC_GEN_ECDH_KEY( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *input_pub_key, 244 const drv_pke_data *input_priv_key, const drv_pke_data *output_shared_key ); 245 td_s32 CIPHER_PKE_CHECK_DOT_ON_CURVE( drv_pke_ecc_curve_type curve_type, const drv_pke_ecc_point *pub_key, 246 td_bool *is_on_curve ); 247 td_s32 CIPHER_PKE_RSA_SIGN( const drv_pke_rsa_priv_key *priv_key, drv_pke_rsa_scheme scheme, 248 drv_pke_hash_type hash_type, const drv_pke_data *input_hash, 249 drv_pke_data *sign ); 250 td_s32 CIPHER_PKE_RSA_VERIFY( const drv_pke_rsa_pub_key *pub_key, drv_pke_rsa_scheme scheme, 251 drv_pke_hash_type hash_type, drv_pke_data *input_hash, const drv_pke_data *sig ); 252 td_s32 CIPHER_PKE_RSA_PUBLIC_ENCRYPT( drv_pke_rsa_scheme scheme, drv_pke_hash_type hash_type, 253 const drv_pke_rsa_pub_key *pub_key, const drv_pke_data *input, const drv_pke_data *label, 254 drv_pke_data *output ); 255 td_s32 CIPHER_PKE_RSA_PRIVATE_DECRYPT( drv_pke_rsa_scheme scheme, drv_pke_hash_type hash_type, 256 const drv_pke_rsa_priv_key *priv_key, const drv_pke_data *input, const drv_pke_data *label, 257 drv_pke_data *output ); 258 259 /* KM */ 260 td_s32 KM_INIT( td_void ); 261 td_s32 KM_DEINIT( td_void ); 262 td_s32 CIPHER_CREATE_KEYSLOT( td_handle *keyslot_handle, km_keyslot_engine key_engine ); 263 td_void CIPHER_DESTROY_KEYSLOT( td_handle keyslot_handle ); 264 td_s32 CIPHER_SET_CLEAR_KEY( td_handle keyslot_handle, td_u8 *key, td_u32 keylen, 265 km_keyslot_engine key_engine ); 266 267 /* MEM */ 268 td_s32 CIPHER_ALLOC_BUF_ATTR( crypto_buf_attr *buf_attr, void **virt_addr, unsigned int size ); 269 td_void CIPHER_FREE_BUF_ATTR( crypto_buf_attr *buf_attr, void *virt_addr, unsigned int size ); 270 td_s32 CIPHER_GET_PHYS_MEM( void *virt_addr, unsigned long *phys_addr ); 271 272 td_bool IS_KM_FUNC_REGISTERED(td_void); 273 td_bool IS_MEM_FUNC_REGISTERED(td_void); 274 td_bool IS_SYMC_FUNC_REGISTERED(td_void); 275 td_bool IS_HASH_FUNC_REGISTERED(td_void); 276 td_bool IS_HKDF_FUNC_REGISTERED(td_void); 277 td_bool IS_PBKDF2_FUNC_REGISTERED(td_void); 278 td_bool IS_TRNG_FUNC_REGISTERED(td_void); 279 td_bool IS_PKE_MOD_FUNC_REGISTERED(td_void); 280 td_bool IS_PKE_EXP_MOD_FUNC_REGISTERED(td_void); 281 td_bool IS_PKE_ECC_FUNC_REGISTERED(td_void); 282 td_bool IS_PKE_EDDSA_SIGN_FUNC_REGISTERED(td_void); 283 td_bool IS_PKE_EDDSA_VERIFY_FUNC_REGISTERED(td_void); 284 td_bool IS_PKE_CHECK_DOT_ON_CURVE_FUNC_REGISTERED(td_void); 285 td_bool IS_PKE_RSA_SIGN_FUNC_REGISTERED(td_void); 286 td_bool IS_PKE_RSA_VERIFY_FUNC_REGISTERED(td_void); 287 td_bool IS_PKE_RSA_PUBLIC_ENCRYPT_FUNC_REGISTERED(td_void); 288 td_bool IS_PKE_RSA_PRIVATE_DECRYPT_FUNC_REGISTERED(td_void); 289 290 #ifdef __cplusplus 291 #if __cplusplus 292 } 293 #endif /* __cplusplus */ 294 #endif /* __cplusplus */ 295 296 #endif /* CIPHER_ADAPT_H */