1 /** 2 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 * Description: mbedtls harden adapt internal header file. 15 * 16 * Create: 2023-05-10 17 */ 18 19 #ifndef CRYPTO_CIPHER_COMMON_STRUCT_H 20 #define CRYPTO_CIPHER_COMMON_STRUCT_H 21 22 #include "mbedtls_crypto_type.h" 23 #include "mbedtls_platform_hardware_config.h" 24 25 #define CRYPTO_IV_LEN_IN_BYTES 16 26 #define CRYPTO_HASH_RESULT_SIZE_MAX_IN_WORD 16 // for SHA-512 27 #define CRYPTO_HASH_BLOCK_SIZE_MAX 128 // for SHA-512 28 29 typedef enum { 30 CRYPTO_BUF_SECURE, 31 CRYPTO_BUF_NONSECURE, 32 } crypto_buffer_secure; 33 34 typedef enum { 35 CRYPTO_HASH_TYPE_SHA1 = 0xf690a0, 36 CRYPTO_HASH_TYPE_SHA224 = 0x10690e0, 37 CRYPTO_HASH_TYPE_SHA256 = 0x1169100, 38 CRYPTO_HASH_TYPE_SHA384 = 0x127a180, 39 CRYPTO_HASH_TYPE_SHA512 = 0x137a200, 40 CRYPTO_HASH_TYPE_SM3 = 0x2169100, 41 42 CRYPTO_HASH_TYPE_HMAC_SHA1 = 0x10f690a0, 43 CRYPTO_HASH_TYPE_HMAC_SHA224 = 0x110690e0, 44 CRYPTO_HASH_TYPE_HMAC_SHA256 = 0x11169100, 45 CRYPTO_HASH_TYPE_HMAC_SHA384 = 0x1127a180, 46 CRYPTO_HASH_TYPE_HMAC_SHA512 = 0x1137a200, 47 CRYPTO_HASH_TYPE_HMAC_SM3 = 0x12169100, 48 49 CRYPTO_HASH_TYPE_INVALID = 0xffffffff, 50 } crypto_hash_type; 51 52 typedef enum { 53 CRYPTO_SYMC_ALG_TDES = 0x0, 54 CRYPTO_SYMC_ALG_AES = 0x1, 55 CRYPTO_SYMC_ALG_SM4 = 0x2, 56 CRYPTO_SYMC_ALG_LEA = 0x3, 57 CRYPTO_SYMC_ALG_DMA = 0x4, 58 CRYPTO_SYMC_ALG_MAX, 59 CRYPTO_SYMC_ALG_INVALID = 0xffffffff, 60 } crypto_symc_alg; 61 62 typedef enum { 63 CRYPTO_SYMC_TYPE_NORMAL = 0x0, 64 CRYPTO_SYMC_TYPE_REG, 65 CRYPTO_SYMC_TYPE_MAX, 66 CRYPTO_SYMC_TYPE_INVALID = 0xffffffff, 67 } crypto_symc_type; 68 69 typedef enum { 70 CRYPTO_SYMC_WORK_MODE_ECB = 0x0, 71 CRYPTO_SYMC_WORK_MODE_CBC, 72 CRYPTO_SYMC_WORK_MODE_CTR, 73 CRYPTO_SYMC_WORK_MODE_OFB, 74 CRYPTO_SYMC_WORK_MODE_CFB, 75 CRYPTO_SYMC_WORK_MODE_CCM, 76 CRYPTO_SYMC_WORK_MODE_GCM, 77 CRYPTO_SYMC_WORK_MODE_CBC_MAC, 78 CRYPTO_SYMC_WORK_MODE_CMAC, 79 CRYPTO_SYMC_WORK_MODE_MAX, 80 CRYPTO_SYMC_WORK_MODE_INVALID = 0xffffffff, 81 } crypto_symc_work_mode; 82 83 typedef enum { 84 CRYPTO_SYMC_KEY_64BIT = 0x0, 85 CRYPTO_SYMC_KEY_128BIT = 0x1, 86 CRYPTO_SYMC_KEY_192BIT = 0x2, 87 CRYPTO_SYMC_KEY_256BIT = 0x3, 88 CRYPTO_SYMC_KEY_LENGTH_MAX, 89 CRYPTO_SYMC_KEY_LENGTH_INVALID = 0xffffffff, 90 } crypto_symc_key_length; 91 92 typedef enum { 93 CRYPTO_SYMC_KEY_EVEN = 0x0, 94 CRYPTO_SYMC_KEY_ODD = 0x1, 95 CRYPTO_SYMC_KEY_PARITY_MAX, 96 CRYPTO_SYMC_KEY_PARITY_INVALID = 0xffffffff, 97 } crypto_symc_key_parity; 98 99 typedef enum { 100 CRYPTO_SYMC_BIT_WIDTH_1BIT = 0x0, 101 CRYPTO_SYMC_BIT_WIDTH_8BIT = 0x1, 102 CRYPTO_SYMC_BIT_WIDTH_64BIT = 0x2, 103 CRYPTO_SYMC_BIT_WIDTH_128BIT = 0x3, 104 CRYPTO_SYMC_BIT_WIDTH_MAX, 105 CRYPTO_SYMC_BIT_WIDTH_INVALID = 0xffffffff, 106 } crypto_symc_bit_width; 107 108 typedef enum { 109 CRYPTO_SYMC_IV_DO_NOT_CHANGE = 0, 110 CRYPTO_SYMC_IV_CHANGE_ONE_PKG, 111 CRYPTO_SYMC_IV_CHANGE_ALL_PKG, 112 /* GCM. */ 113 CRYPTO_SYMC_GCM_IV_DO_NOT_CHANGE, 114 CRYPTO_SYMC_GCM_IV_CHANGE_START, 115 CRYPTO_SYMC_GCM_IV_CHANGE_UPDATE, 116 CRYPTO_SYMC_GCM_IV_CHANGE_FINISH, 117 /* CCM. */ 118 CRYPTO_SYMC_CCM_IV_DO_NOT_CHANGE, 119 CRYPTO_SYMC_CCM_IV_CHANGE_START, 120 CRYPTO_SYMC_CCM_IV_CHANGE_UPDATE, 121 CRYPTO_SYMC_CCM_IV_CHANGE_FINISH, 122 CRYPTO_SYMC_IV_CHANGE_MAX, 123 CRYPTO_SYMC_IV_CHANGE_INVALID = 0xffffffff, 124 } crypto_symc_iv_change_type; 125 126 typedef enum { 127 DRV_PKE_RSA_SCHEME_PKCS1_V15 = 0x00, /* PKCS#1 V15 */ 128 DRV_PKE_RSA_SCHEME_PKCS1_V21, /* PKCS#1 V21, PSS for signning, OAEP for encryption */ 129 DRV_PKE_RSA_SCHEME_MAX, 130 DRV_PKE_RSA_SCHEME_INVALID = 0xffffffff, 131 } drv_pke_rsa_scheme; 132 133 typedef enum { 134 DRV_PKE_HASH_TYPE_SHA1 = 0x00, /* Suggest Not to use */ 135 DRV_PKE_HASH_TYPE_SHA224, 136 DRV_PKE_HASH_TYPE_SHA256, 137 DRV_PKE_HASH_TYPE_SHA384, 138 DRV_PKE_HASH_TYPE_SHA512, 139 DRV_PKE_HASH_TYPE_SM3, 140 DRV_PKE_HASH_TYPE_MAX, 141 DRV_PKE_HASH_TYPE_INVALID = 0xffffffff, 142 } drv_pke_hash_type; 143 144 typedef enum { 145 DRV_PKE_BUF_NONSECURE = 0x00, 146 DRV_PKE_BUF_SECURE, 147 DRV_PKE_BUF_INVALID = 0xffffffff, 148 } drv_pke_buffer_secure; 149 150 typedef enum { 151 DRV_PKE_LEN_192 = 24, 152 DRV_PKE_LEN_224 = 32, 153 DRV_PKE_LEN_256 = 32, 154 DRV_PKE_LEN_384 = 48, 155 DRV_PKE_LEN_448 = 56, 156 DRV_PKE_LEN_512 = 64, 157 DRV_PKE_LEN_521 = 68, 158 DRV_PKE_LEN_576 = 72, 159 DRV_PKE_LEN_1024 = 128, 160 DRV_PKE_LEN_2048 = 256, 161 DRV_PKE_LEN_3072 = 384, 162 DRV_PKE_LEN_4096 = 512, 163 DRV_PKE_LEN_MAX, 164 DRV_PKE_LEN_INVALID = 0xffffffff, 165 } drv_pke_len; 166 167 typedef enum { 168 DRV_PKE_ECC_TYPE_RFC5639_P256 = 0, /* RFC 5639 - Brainpool P256/384/512 */ 169 DRV_PKE_ECC_TYPE_RFC5639_P384, /* RFC 5639 - Brainpool P256/384/512 */ 170 DRV_PKE_ECC_TYPE_RFC5639_P512, /* RFC 5639 - Brainpool P256/384/512 */ 171 DRV_PKE_ECC_TYPE_FIPS_P256K, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 172 #if defined(MBEDTLS_SECP192R1_USE_HARDWARE) 173 DRV_PKE_ECC_TYPE_FIPS_P192R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 174 #endif 175 #if defined(MBEDTLS_SECP224R1_USE_HARDWARE) 176 DRV_PKE_ECC_TYPE_FIPS_P224R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 177 #endif 178 DRV_PKE_ECC_TYPE_FIPS_P256R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 179 DRV_PKE_ECC_TYPE_FIPS_P384R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 180 DRV_PKE_ECC_TYPE_FIPS_P521R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 181 DRV_PKE_ECC_TYPE_RFC7748, /* RFC 7748 - Curve25519 */ 182 #if defined(MBEDTLS_CURVE448_USE_HARDWARE) 183 DRV_PKE_ECC_TYPE_RFC7748_448, /* RFC 7748 - Curve448 */ 184 #endif 185 DRV_PKE_ECC_TYPE_RFC8032, /* RFC 8032 - ED25519 */ 186 DRV_PKE_ECC_TYPE_SM2, /* GMT 0003.2-2012 */ 187 DRV_PKE_ECC_TYPE_MAX, 188 DRV_PKE_ECC_TYPE_INVALID = 0xffffffff, 189 } drv_pke_ecc_curve_type; 190 191 typedef struct { 192 unsigned long long uapi_mem_handle; /* Handle to buffer header address */ 193 unsigned long long addr_offset; /* buffer offset, unused. */ 194 td_void *kapi_mem_handle; 195 196 unsigned long phys_addr; 197 void *virt_addr; 198 crypto_buffer_secure buf_sec; /* NONSECURE or SECURE */ 199 } crypto_buf_attr; 200 201 typedef struct { 202 td_u8 *key; 203 td_u32 key_len; 204 td_handle drv_keyslot_handle; 205 crypto_hash_type hash_type; 206 td_bool is_keyslot; 207 td_bool is_long_term; 208 } crypto_hash_attr; 209 210 typedef struct { 211 td_u32 length[2]; 212 td_u32 state[CRYPTO_HASH_RESULT_SIZE_MAX_IN_WORD]; 213 td_u32 tail_len; 214 crypto_hash_type hash_type; 215 #if defined(CRYPTO_SOFT_HMAC_SUPPORT) 216 td_u8 o_key_pad[CRYPTO_HASH_BLOCK_SIZE_MAX]; 217 td_u8 i_key_pad[CRYPTO_HASH_BLOCK_SIZE_MAX]; 218 #endif 219 td_u8 tail[CRYPTO_HASH_BLOCK_SIZE_MAX]; 220 } crypto_hash_clone_ctx; 221 222 typedef struct { 223 crypto_hash_type hmac_type; 224 td_u8 *salt; 225 td_u32 salt_length; 226 td_u8 *ikm; 227 td_u32 ikm_length; 228 } crypto_hkdf_extract_t; 229 230 typedef struct { 231 crypto_hash_type hmac_type; 232 td_u8 *prk; 233 td_u32 prk_length; 234 td_u8 *info; 235 td_u32 info_length; 236 } crypto_hkdf_expand_t; 237 238 typedef struct { 239 crypto_hash_type hmac_type; 240 td_u8 *salt; 241 td_u32 salt_length; 242 td_u8 *ikm; 243 td_u32 ikm_length; 244 td_u8 *info; 245 td_u32 info_length; 246 } crypto_hkdf_t; 247 248 typedef struct { 249 crypto_hash_type hash_type; 250 td_u8 *password; 251 td_u32 plen; 252 td_u8 *salt; 253 td_u32 slen; 254 td_u16 count; 255 } crypto_kdf_pbkdf2_param; 256 257 typedef struct { 258 crypto_symc_alg symc_alg; 259 crypto_symc_work_mode work_mode; 260 crypto_symc_type symc_type; 261 td_bool is_long_term; 262 } crypto_symc_attr; 263 264 typedef struct { 265 crypto_symc_alg symc_alg; 266 crypto_symc_work_mode work_mode; 267 crypto_symc_key_length symc_key_length; 268 crypto_symc_key_parity key_parity; 269 crypto_symc_bit_width symc_bit_width; 270 crypto_symc_iv_change_type iv_change_flag; 271 td_u8 iv[CRYPTO_IV_LEN_IN_BYTES]; 272 td_u32 iv_length; 273 td_void *param; 274 } crypto_symc_ctrl_t; 275 276 typedef struct { 277 crypto_buf_attr aad_buf; 278 td_u32 aad_len; /* Addition Data Length In Bytes. */ 279 td_u32 data_len; /* Crypto Data Length In Bytes. */ 280 td_u32 tag_len; /* Tag Length In Bytes. */ 281 } crypto_symc_config_aes_ccm_gcm; 282 283 typedef struct { 284 td_bool is_long_term; 285 crypto_symc_alg symc_alg; 286 crypto_symc_work_mode work_mode; 287 crypto_symc_key_length symc_key_length; 288 td_u32 keyslot_chn; 289 } crypto_symc_mac_attr; 290 291 typedef struct { 292 td_u32 length; 293 td_u8 *data; 294 } drv_pke_data; 295 296 typedef struct { 297 td_u8 *x; /* X coordinates of the generated public key, the caller ensures it is padded with leading 298 zeros if the effective size of this key is smaller than ecc key size. */ 299 td_u8 *y; /* Y coordinates of the generated public key, the caller ensures it is padded with leading 300 zeros if the effective size of this key is smaller than ecc key size. */ 301 td_u32 length; 302 } drv_pke_ecc_point; 303 304 typedef struct { 305 td_u8 *r; /* r component of the signature. */ 306 td_u8 *s; /* s component of the signature. */ 307 td_u32 length; 308 } drv_pke_ecc_sig; 309 310 typedef struct { 311 td_u8 *n; /* *< public modulus */ 312 td_u8 *e; /* *< public exponent */ 313 td_u8 *d; /* *< private exponent */ 314 td_u8 *p; /* *< 1st prime factor */ 315 td_u8 *q; /* *< 2nd prime factor */ 316 td_u8 *dp; /* *< D % (P - 1) */ 317 td_u8 *dq; /* *< D % (Q - 1) */ 318 td_u8 *qp; /* *< 1 / (Q % P) */ 319 td_u16 n_len; /* *< length of public modulus */ 320 td_u16 e_len; /* *< length of public exponent */ 321 td_u16 d_len; /* *< length of private exponent */ 322 td_u16 p_len; /* *< length of 1st prime factor,should be half of u16NLen */ 323 td_u16 q_len; /* *< length of 2nd prime factor,should be half of u16NLen */ 324 td_u16 dp_len; /* *< length of D % (P - 1),should be half of u16NLen */ 325 td_u16 dq_len; /* *< length of D % (Q - 1),should be half of u16NLen */ 326 td_u16 qp_len; /* *< length of 1 / (Q % P),should be half of u16NLen */ 327 } drv_pke_rsa_priv_key; 328 329 /* * struct of RSA public key */ 330 typedef struct { 331 td_u8 *n; /* point to public modulus */ 332 td_u8 *e; /* point to public exponent */ 333 td_u16 len; /* length of public modulus, max value is 512Byte */ 334 } drv_pke_rsa_pub_key; 335 336 typedef struct { 337 td_u32 length; 338 td_u8 *data; 339 drv_pke_buffer_secure buf_sec; 340 } drv_pke_msg; 341 342 #endif /* CRYPTO_CIPHER_COMMON_STRUCT_H */